Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.0.56 Changelog
  • SECURITY: CVE-2005-3357 (cve.mitre.org) mod_ssl: Fix a possible crash during access control checks if a non-SSL request is processed for an SSL vhost (such as the "HTTP request received on SSL port" error message when an 400 ErrorDocument is configured, or if using "SSLEngine optional"). PR 37791. [Rüdiger Plüm, Joe Orton]
  • SECURITY: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT. [Mark Cox]
  • Add APR/APR-Util Compiled and Runtime Version numbers to the output of 'httpd -V'. [William Rowe]
  • Ensure that the proper status line is written to the client, fixing incorrect status lines caused by filters which modify r->status without resetting r->status_line, such as the built-in byterange filter. [Jeff Trawick]
  • Default handler: Don't return output filter apr_status_t values. PR 31759. [Jeff Trawick, Ruediger Pluem, Joe Orton]
  • mod_speling: Stop crashing with certain non-file requests. [Jeff Trawick]
  • keep the Content-Length header for a HEAD with no response body. PR 18757 [Greg Ames]
  • Modify apr[util] .h detection to avoid breakage on VPATH builds using Solaris make (amoung others) and avoid breakage in ./buildconf when srclib/apr[-util] are symlinks rather than directories proper. [William Rowe]
  • Avoid server-driven negotiation when a CGI script has emitted an explicit "Status:" header. PR 38070. [Nick Kew]
  • mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o format is used. PR 27787. [André Malo]
  • mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264. [Justin Erenkrantz]
  • mod_cache: Correctly handle responses with a 301 status. PR 37347. [Paul Querna]
  • mod_proxy_http: Prevent data corruption of POST request bodies when client accesses proxied resources with SSL. PR 37145. [Ruediger Pluem, William Rowe]
  • Eliminated the NET_TIME filter, restructuring the timeout logic. This provides a working mod_echo on all platforms, and ensures any custom protocol module is at least given an initial timeout value based on the context's Timeout directive. [William Rowe]
  • mod_ssl: Correct issue where mod_ssl does not pick up the ssl-unclean-shutdown setting when configured. PR 34452. [Joe Orton]
  • Document the ReceiveBufferSize change done in r157583. [Murray Nesbitt ]
  • mod_deflate: Merge the Vary header, instead of Setting it. Fixes applications that send the Vary Header themselves. PR 37559. [Paul Querna]
  • mod_dav: Fix a null pointer dereference in an error code path during the handling of MKCOL. [Ghassan Misherghi ]
  • mod_mime_magic: Handle CRLF-format magic files so that it works with the default installation on Windows. [Jeff Trawick]
  • Write message to error log if AuthGroupFile cannot be opened. PR 37566. [Rüdiger Plüm]
  • Add ReceiveBufferSize directive to control the TCP receive buffer. [Eric Covener ]
  • mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125. [Paul Querna]
  • Remove the base href tag from proxy_ftp, as it breaks relative links for clients not using an Authorization header. [Graham Leggett, Jon Snow ]
  • http_request.c: Add missing va_end call. [André Malo]
  • Add httxt2dbm to support/ for creating RewriteMap DBM Files. [Paul Querna]
  • support/check_forensic: Fix temp file usage [Javier Fernandez-Sanguino Pen~a ]
  • Chunk filter: Fix chunk filter to create correct chunks in the case that a flush bucket is surrounded by data buckets. [Ruediger Pluem]
  • mod_cgi(d): Remove block on OPTIONS method so that scripts can respond to OPTIONS directly rather than via server default. [Roy Fielding] PR 15242
  • Added new module mod_version, which provides version dependent configuration containers. [André Malo]
  • Add core version query function (ap_get_server_revision) and accompanying ap_version_t structure (minor MMN bump). [André Malo]