Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.0.53 Changelog
  • Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740. [Max Bowsher ]
  • mod_proxy: Fix ProxyRemoteMatch directive. PR 33170. [Rici Lake ]
  • mod_proxy: Respect errors reported by pre_connection hooks. [Jeff Trawick]
  • --with-module can now take more than one module to be statically linked: --with-module=:,:,... If the -subdirectory doesn't exist it will be created and populated with a standard Makefile.in. [Erik Abele]
  • Fix the RPM spec file so that an RPM build now works. An RPM build now requires system installations of APR and APR-util. Remove some arbitrary moving around of binaries - the RPM now maps to the ASF build of httpd. [Graham Leggett]
  • mod_dumpio, an I/O logging/dumping module, added to the modules/expermimental subdirectory. [Jim Jagielski]
  • mod_auth_ldap: Handle the inconsistent way in which the MS LDAP library handles special characters. PR 24437. [Jess Holle]
  • Win32 MPM: Correct typo in debugging output. [William Rowe]
  • conf: Remove AddDefaultCharset from the default configuration because setting a site-wide default does more harm than good. PR 23421. [Roy Fielding]
  • Add charset to example CGI scripts. [Roy Fielding]
  • mod_ssl: fail quickly if SSL connection is aborted rather than making many doomed ap_pass_brigade calls. PR 32699. [Joe Orton]
  • Remove compiled-in upper limit on LimitRequestFieldSize. [Bill Stoddard]
  • Start keeping track of time-taken-to-process-request again for mod_status if ExtendedStatus is enabled. [Jim Jagielski]
  • mod_proxy: Handle client-aborted connections correctly. PR 32443. [Janne Hietamäki, Joe Orton]
  • Fix handling of files >2Gb on all platforms (or builds) where apr_off_t is larger than apr_size_t. PR 28898. [Joe Orton]
  • mod_include: Fix bug which could truncate variable expansions of N*64 characters by one byte. PR 32985. [Joe Orton]
  • Correct handling of certain bucket types in ap_save_brigade, fixing possible segfaults in mod_cgi with #include virtual. PR 31247. [Joe Orton]
  • Allow for the use of --with-module=foo:bar where the ./modules/foo directory is local only. Assumes, of course, that the required files are in ./modules/foo, but makes it easier to statically build/log "external" modules. [Jim Jagielski]
  • Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that ldap authorization only modules have access to the util_ldap user cache without having to require ldap authentication as well. PR 31898. [Jari Ahonen jah progress.com, Brad Nicholes]
  • mod_auth_ldap: Added the directive "Requires ldap-attribute" that allows the module to only authorize a user if the attribute value specified matches the value of the user object. PR 31913 [Ryan Morgan ]
  • SECURITY: CVE-2004-0942 (cve.mitre.org) Fix for memory consumption DoS in handling of MIME folded request headers. [Joe Orton]
  • SECURITY: CVE-2004-0885 (cve.mitre.org) mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be bypassed during an SSL renegotiation. PR 31505. [Hartmut Keil , Joe Orton]
  • mod_ssl: Fail at startup rather than segfault at runtime if a client cert is configured with an encrypted private key. PR 24030. [Joe Orton]
  • apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448 [Joe Orton]
  • mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d. [Jeff Trawick]
  • mod_cache: CacheDisable will only disable the URLs it was meant to disable, not all caching. PR 31128. [Edward Rudd , Paul Querna]
  • mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale cache responses. [Justin Erenkrantz]
  • mod_rewrite: Handle per-location rules when r->filename is unset. Previously this would segfault or simply not match as expected, depending on the platform. [Jeff Trawick]
  • mod_rewrite: Fix 0 bytes write into random memory position. PR 31036. [André Malo]
  • mod_disk_cache: Do not store aborted content. PR 21492. [Rüdiger Plüm ]
  • mod_disk_cache: Correctly store cached content type. PR 30278. [Rüdiger Plüm ]
  • mod_ldap: prevent the possiblity of an infinite loop in the LDAP statistics display. PR 29216. [Graham Leggett]
  • mod_ldap: fix a bogus error message to tell the user which file is causing a potential problem with the LDAP shared memory cache. PR 31431 [Graham Leggett]
  • SECURITY: CVE-2004-1834 (cve.mitre.org) mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz]
  • Fix the re-linking issue when purging elements from the LDAP cache PR 24801. [Jess Holle ]
  • mod_disk_cache: Fix races in saving responses. [Justin Erenkrantz]
  • Fix Expires handling in mod_cache. [Justin Erenkrantz]
  • Alter mod_expires to run at a different filter priority to allow proper Expires storage by mod_cache. [Justin Erenkrantz]