Apache HTTP Server 2.4.12 (released 2015-01-29)

Apache HTTP Server, это бесплатный и самый популярный и надежный веб-сервер (HTTPD) в Интернете с апреля 1996 года. Распространяется с открытым исходным кодом

Apache HTTP Server 2.4.12 (released 2015-01-29)

Apache HTTP Server, это бесплатный и самый популярный и надежный веб-сервер (HTTPD) в Интернете с апреля 1996 года. Распространяется с открытым исходным кодом, поддерживает большинство известных операционных систем, таких как Unix/Linux, Windows и т.д. Цель разработчиков – создание безопасного, эффективного, гибкого и расширяемого сервера, отвечающего современным стандартам.
Apache HTTP Server представляет собой надёжный веб-сервер, работающий на протоколе HTTPD. Данный сервер является одним из самых известных и популярных во всём мире. Apache HTTP Server начал использоваться с 1996 года.

Данный веб-сервер поддерживает большую часть используемых операционных систем во всём мире. Одной из сильных сторон данного программного обеспечения является высокая надёжность и безопасность сервера. Кроме того Apache HTTP Server обладает открытым исходным кодом и распространяется бесплатно. Приложение легко поддаётся расширению и имеет множество различных настроек. Регулярно выходят всевозможные обновления и улучшения данного проекта, которые обеспечивают еще большую стабильность и надёжность вашего сервера.

Основные возможности программы и преимущества приложения:
* Высокая стабильность и безопасность сервера;
* Открытый исходный код;
* Абсолютная бесплатность приложения;
* Поддержка большинства распространённых операционных систем: Unix/Linux, Windows и многие другие;
* Высокая эффективность и расширяемость;
* Полное соответствие всем нынешним стандартам.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

The Apache HTTP Server Project is pleased to announce the release of version 2.4.3 of the Apache HTTP Server (“Apache” and “httpd”). This version of Apache is our 3rd GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of innovation by the project, and is recommended over all previous releases!

This version of httpd is a major release of the stable branch, and represents the best available version of Apache HTTP Server. New features include Smart Filtering, Improved Caching, AJP Proxy, Proxy Load Balancing, Graceful Shutdown support, Large File Support, the Event MPM, and refactored Authentication/Authorization.

spoiler plusChanges with Apache 2.4.4
Changes with Apache 2.4.4

*) SECURITY: CVE-2012-3499 (cve.mitre.org)
Various XSS flaws due to unescaped hostnames and URIs HTML output in
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
[Jim Jagielski, Stefan Fritsch, Niels Heinen ]

*) SECURITY: CVE-2012-4558 (cve.mitre.org)
XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
Niels Heinen ]

*) mod_dir: Add support for the value ‘disabled’ in FallbackResource.
[Vincent Deffontaines]

*) mod_proxy_connect: Don’t keepalive the connection to the client if the
backend closes the connection. PR 54474. [Pavel Mateja ]

*) mod_lua: Add bindings for mod_dbd/apr_dbd database access.
[Daniel Gruno]

*) mod_proxy: Allow for persistence of local changes made via the
balancer-manager between graceful/normal restarts and power
cycles. [Jim Jagielski]

*) mod_status: Print out list of times since a Vhost was last used.
[Jim Jagielski]

*) mod_proxy: Fix startup crash with mis-defined balancers.
PR 52402. [Jim Jagielski]

*) –with-module: Fix failure to integrate them into some existing
module directories. PR 40097. [Jeff Trawick]

*) htcacheclean: Fix potential segfault if “-p” is omitted. [Joe Orton]

*) mod_proxy_http: Honour special value 0 (unlimited) of LimitRequestBody
PR 54435. [Pavel Mateja ]

*) mod_proxy_ajp: Support unknown HTTP methods. PR 54416.
[Rainer Jung]

*) htcacheclean: Fix list options “-a” and “-A”.
[Rainer Jung]

*) mod_slotmem_shm: Fix mistaken reset of num_free for restored shm.
[Jim Jagielski]

*) mod_proxy: non-existance of byrequests is not an immediate error.
[Jim Jagielski]

*) mod_proxy_balancer: Improve output of balancer-manager (re: Drn,
Dis, Ign, Stby). PR 52478 [Danijel ]

*) configure: Fix processing of –disable-FEATURE for various features.
[Jeff Trawick]

*) mod_dialup/mod_http: Prevent a crash in mod_dialup in case of internal
redirect. PR 52230.

*) various modules, rotatelogs: Replace use of apr_file_write() with
apr_file_write_full() to prevent incomplete writes. PR 53131.
[Nicolas Viennot , Stefan Fritsch]

*) ab: Support socket timeout (-s timeout).
[Guido Serra ]

*) httxt2dbm: Correct length computation for the ‘value’ stored in the
DBM file. PR 47650 [jon buckybox com]

*) core: Be more correct about rejecting directives that cannot work in
sections. [Stefan Fritsch]

*) core: Fix directives like LogLevel that need to know if they are invoked
at virtual host context or in Directory/Files/Location/If sections to
work properly in If sections that are not in a Directory/Files/Location.
[Stefan Fritsch]

*) mod_xml2enc: Fix problems with charset conversion altering the
Content-Length. [Micha Lenk ]

*) ap_expr: Add req_novary function that allows HTTP header lookups
without adding the name to the Vary header. [Stefan Fritsch]

*) mod_slotmem_*: Add in new fgrab() function which forces a grab and
slot allocation on a specified slot. Allow for clearing of inuse
array. [Jim Jagielski]

*) mod_proxy_ftp: Fix segfaults on IPv4 requests to hosts with DNS
AAAA records. PR 40841. [Andrew Rucker Jones , , Jim Jagielski]

*) mod_auth_form: Make sure that get_notes_auth() sets the user as does
get_form_auth() and get_session_auth(). Makes sure that REMOTE_USER
does not vanish during mod_include driven subrequests. [Graham

*) mod_cache_disk: Resolve errors while revalidating disk-cached files on
Windows (“…rename tempfile to datafile failed…”). PR 38827
[Eric Covener]

*) mod_proxy_balancer: Bring XML output up to date. [Jim Jagielski]

*) htpasswd, htdbm: Optionally read passwords from stdin, as more
secure alternative to -b. PR 40243. [Adomas Paltanavicius, Stefan Fritsch]

*) htpasswd, htdbm: Add support for bcrypt algorithm (requires
apr-util 1.5 or higher). PR 49288. [Stefan Fritsch]

*) htpasswd, htdbm: Put full 48bit of entropy into salt, improve
error handling. Add some of htpasswd’s improvements to htdbm,
e.g. warn if password is truncated by crypt(). [Stefan Fritsch]

*) mod_auth_form: Support the expr parser in the
AuthFormLoginRequiredLocation, AuthFormLoginSuccessLocation and
AuthFormLogoutLocation directives. [Graham Leggett]

*) mod_ssl: Add support for TLS-SRP (Secure Remote Password key exchange
for TLS, RFC 5054). PR 51075. [Quinn Slack ,
Christophe Renou, Peter Sylvester]

*) mod_rewrite: Stop mergeing RewriteBase down to subdirectories
unless new option ‘RewriteOptions MergeBase’ is configured.
PR 53963. [Eric Covener]

*) mod_header: Allow for exposure of loadavg and server load using new
format specifiers %l, %i, %b [Jim Jagielski]

*) core: Make ap_regcomp() return AP_REG_ESPACE if out of memory. Make
ap_pregcomp() abort if out of memory. This raises the minimum PCRE
requirement to version 6.0. [Stefan Fritsch]

*) mod_proxy: Add ability to configure the sticky session separator.
PR 53893. [, Jim Jagielski]

*) mod_dumpio: Correctly log large messages
PR 54179 [Marek Wianecki ]

*) core: Don’t fail at startup with AH00554 when Include points to
a directory without any wildcard character. [Eric Covener]

*) core: Fail startup if the argument to ServerTokens is unrecognized.
[Jackie Zhang ]

*) mod_log_forensic: Don’t log a spurious “-” if a request has been rejected
before mod_log_forensic could attach its id to it. [Stefan Fritsch]

*) rotatelogs: Omit the second argument for the first invocation of
a post-rotate program when -p is used, per the documentation.
[Joe Orton]

*) mod_session_dbd: fix a segmentation fault in the function dbd_remove.
PR 53452. [, Reimo Rebane]

*) core: Functions to provide server load values: ap_get_sload() and
ap_get_loadavg(). [Jim Jagielski, Jan Kaluza ,
Jeff Trawick]

*) mod_ldap: Fix regression in handling “server unavailable” errors on
Windows. PR 54140. [Eric Covener]

*) syslog logging: Remove stray “, referer” at the end of some messages.
[Jeff Trawick]

*) “Iterate” directives: Report an error if no arguments are provided.
[Jeff Trawick]

*) mod_ssl: Change default for SSLCompression to off, as compression
causes security issues in most setups. (The so called “CRIME” attack).
[Stefan Fritsch]

*) ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output
to more accurately report the negotiated protocol. PR 53916.
[NicolУЁs Pernas Maradei , Kaspar Brand]

*) core: ErrorDocument now works for requests without a Host header.
PR 48357. [Jeff Trawick]

*) prefork: Avoid logging harmless errors during graceful stop.
[Joe Orton, Jeff Trawick]

*) mod_proxy: When concatting for PPR, avoid cases where we
concat “…/” and “/…” to create “…//…” [Jim Jagielski]

*) mod_cache: Wrong content type and character set when
mod_cache serves stale content because of a proxy error.
PR 53539. [Rainer Jung, Ruediger Pluem]

*) mod_proxy_ajp: Fix crash in packet dump code when logging
with LogLevel trace7 or trace8. PR 53730. [Rainer Jung]

*) httpd.conf: Removed the configuration directives setting a bad_DNT
environment introduced in 2.4.3. The actual directives are commented
out in the default conf file.

*) core: Apply length limit when logging Status header values.
[Jeff Trawick, Chris Darroch]

*) mod_proxy_balancer: The nonce is only derived from the UUID iff
not set via the ‘nonce’ balancer param. [Jim Jagielski]

*) mod_ssl: Match wildcard SSL certificate names in proxy mode.
PR 53006. [Joe Orton]

*) Windows: Fix output of -M, -L, and similar command-line options
which display information about the server configuration.
[Jeff Trawick]

Автор: Apache HTTP Server Project
Статус программы: Бесплатная
Операционка: Windows Vista, XP
Интерфейс: Английский

Оцените пользу
( Пока оценок нет )
Поделитесь с друзьями
Добавить комментарий