Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.2.25 Changelog
  • SECURITY: CVE-2013-1896 (cve.mitre.org) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. [Ben Reser ]
  • SECURITY: CVE-2013-1862 (cve.mitre.org) mod_rewrite: Ensure that client data written to the RewriteLog is escaped to prevent terminal escape sequences from entering the log file. [Eric Covener, Jeff Trawick, Joe Orton]
  • core: Limit ap_pregsub() to 64MB and add ap_pregsub_ex() for longer strings. The default limit for ap_pregsub() can be adjusted at compile time by defining AP_PREGSUB_MAXLEN. [Stefan Fritsch, Jeff Trawick]
  • core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization on Linux kernel versions 3.x and above. PR 55121. [Bradley Heilbrun ]
  • mod_setenvif: Log error on substitution overflow. [Stefan Fritsch]
  • mod_ssl/proxy: enable the SNI extension for backend TLS connections [Kaspar Brand]
  • mod_proxy: Use the the same hostname for SNI as for the HTTP request when forwarding to SSL backends. PR 53134. [Michael Weiser , Ruediger Pluem]
  • mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits in the error log to debug level. [William Rowe]
  • mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698. [Keith Burdis , Joe Orton, Kaspar Brand]
  • mod_proxy_balancer: Added balancer parameter failontimeout to allow server admin to configure an IO timeout as an error in the balancer. [Daniel Ruggeri]
  • mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind password. [Daniel Ruggeri]
  • htdigest: Fix buffer overflow when reading digest password file with very long lines. PR 54893. [Rainer Jung]
  • mod_dav: Ensure URI is correctly uriencoded on return. PR 54611 [Timothy Wood ]
  • mod_dav: Make sure that when we prepare an If URL for Etag comparison, we compare unencoded paths. PR 53910 [Timothy Wood ]
  • mod_dav: Sending an If or If-Match header with an invalid ETag doesn't result in a 412 Precondition Failed for a COPY operation. PR54610 [Timothy Wood ]
  • mod_dav: When a PROPPATCH attempts to remove a non-existent dead property on a resource for which there is no dead property in the same namespace httpd segfaults. PR 52559 [Diego Santa Cruz ]
  • mod_dav: Do not fail PROPPATCH when prop namespace is not known. PR 52559 [Diego Santa Cruz ]
  • mod_dav: Do not segfault on PROPFIND with a zero length DBM. PR 52559 [Diego Santa Cruz ]