Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.2.10 Changelog
  • SECURITY: CVE-2008-2939 (cve.mitre.org) mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
  • mod_authz_host: Add support for env=!envvar [Jim Jagielski]
  • Allow for smax to be 0 for balancer members so that all idle connections are able to be dropped should they exceed ttl. PR 43371 [Phil Endecott , Jim Jagielski]
  • mod_proxy_http: Don't trigger a retry by the client if a failure to read the response line was the result of a timeout. [Adam Woodworth ]
  • Support chroot on Unix-family platforms PR 43596 [Dimitar Pashev ]
  • mod_ssl: implement dynamic mutex callbacks for the benefit of OpenSSL. [Sander Temme]
  • mod_proxy_balancer: Add 'bybusyness' load balance method. [Joel Gluth , Jim Jagielski]
  • mod_authn_alias: Detect during startup when AuthDigestProvider is configured to use an incompatible provider via AuthnProviderAlias. PR 45196 [Eric Covener]
  • mod_proxy: Add 'scolonpathdelim' parameter to allow for ';' to also be used as a session path separator/delim PR 45158. [Jim Jagielski]
  • mod_charset_lite: Avoid dropping error responses by handling meta buckets correctly. PR 45687 [Dan Poirier ]
  • mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to avoid reusing pooled connections if the client connection is an initial connection. PR 37770. [Ruediger Pluem]
  • mod_rewrite: Allow Cookie option to set secure and HttpOnly flags. PR 44799 [Christian Wenz ]
  • mod_ssl: Rewrite shmcb to avoid memory alignment issues. PR 42101. [Geoff Thorpe]
  • mod_proxy: Add connectiontimeout parameter for proxy workers in order to be able to set the timeout for connecting to the backend separately. PR 45445. [Ruediger Pluem, rahul ]
  • mod_dav_fs: Retrieve minimal system information about directory entries when walking a DAV fs, resolving a performance degradation on Windows. PR 45464. [Joe Orton, Jeff Trawick]
  • mod_cgid: Pass along empty command line arguments from an ISINDEX query that has consecutive '+' characters in the QUERY_STRING, matching the behavior of mod_cgi. [Eric Covener]
  • mod_headers: Prevent Header edit from processing only the first header of possibly multiple headers with the same name and deleting the remaining ones. PR 45333. [Ruediger Pluem]
  • mod_proxy_balancer: Move nonce field in the balancer manager page inside the html form where it belongs. PR 45578. [Ruediger Pluem]
  • mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to known HTTP/1.0 servers. Return 'Expectation failed' (417) instead. [Ruediger Pluem]
  • mod_rewrite: Preserve the query string when [proxy,noescape]. PR 45247. [Tom Donovan]