Rilasciata una nuova versione di Apache, precisamente la versione
2.0.43. Apache è uno dei più famosi Web server open source.
Ecco le novità di questa versione:
Security vulnerabilities closed since
Apache 2.0.42
* Fixed the security vulnerability
noted in CAN-2002-0840 (cve.mitre.org) regarding a cross-site scripting vulnerability
in the default error page when using wildcard DNS.
* Prevent POST requests for CGI scripts from serving
the source code when DAV is enabled on the location.
Bugs fixed since Apache 2.0.42
* Fixed a core dump in mod_cache
when it attemtped to store uncopyable buckets, such as a file containing SSI
tags to execute a CGI script.
* Ensured that output already available is flushed
to the network to help some streaming CGIs and other dynamically-generated content.
* Fixed a mutex problem in mod_ssl dbm session
cache support.
* Allow the UserDir directive to accept a list
of directories, as in 1.3.
* Changed SuExec to use the same default directory
as the rest of the server, e.g. /usr/local/apache2.
* Retry connections with mod_auth_ldap on LDAP_SERVER_DOWN
errors.
* Pass the WWW-Authenticate header on a 4xx responses
from the proxy.
* Fixed mod_cache's CacheMaxStreamingBuffer directive
within virtual hosts.
* Add -p option to apxs to allow programs to be
compiled with apxs.
|