2010年9月 9日

[installer 2497] apache-2.3.8

apache-2.3.8 出ています。

セキュリティホールの修正が含まれています。
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1452
参照のこと。

☆ apache-2.3.8
http://httpd.apache.org/

http://www.apache.org/dist/httpd/httpd-2.3.8.tar.gz

Changes with Apache 2.3.8

*) suexec: Support large log files. PR 45856. [Stefan Fritsch]

*) core: Abort with sensible error message if no or more than one MPM is
loaded. [Stefan Fritsch]

*) mod_proxy: Rename erroronstatus to failonstatus.
[Daniel Ruggeri <DRuggeri primary.net>]

*) mod_dav_fs: Fix broken "creationdate" property.
Regression in version 2.3.7. [Rainer Jung]

Changes with Apache 2.3.7

*) SECURITY: CVE-2010-1452 (cve.mitre.org)
mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
segment. PR: 49246 [Mark Drayton, Jeff Trawick]

*) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
[Stefan Fritsch]

*) mod_rewrite: Log errors if rewrite map files cannot be opened. PR 49639.
[Stefan Fritsch]

*) mod_proxy_http: Support the 'ping' property for backend HTTP/1.1 servers
via leveraging 100-Continue as the initial "request".
[Jim Jagielski]

*) core/mod_authz_core: Introduce new access_checker_ex hook that enables
mod_authz_core to bypass authentication if access should be allowed by
IP address/env var/... [Stefan Fritsch]

*) core: Introduce note_auth_failure hook to allow modules to add support
for additional auth types. This makes ap_note_auth_failure() work with
mod_auth_digest again. PR 48807. [Stefan Fritsch]

*) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]

*) mod_authn_cache: new module [Nick Kew]

*) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]

*) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]

*) mod_rewrite: Allow to set environment variables without explicitly
giving a value. [Rainer Jung]

*) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]

*) mod_include: recognise "text/html; parameters" as text/html
PR 49616 [Andrey Chernov <ache nagual.pp.ru>]

*) CGI vars: allow PATH to be set by SetEnv, consistent with LD_LIBRARY_PATH
PR 43906 [Nick Kew]

*) Core: Extra robustness: don't try authz and segfault if authn
fails to set r->user. Log bug and return 500 instead.
PR 42995 [Nick Kew]

*) HTTP protocol filter: fix handling of longer chunk extensions
PR 49474 [<tee.bee gmx.de>]

*) Update SSL cipher suite and add example for SSLHonorCipherOrder.
[Lars Eilebrecht, Rainer Jung]

*) move AddOutputFilterByType from core to mod_filter. This should
fix nasty side-effects that happen when content_type is set
more than once in processing a request, and make it fully
compatible with dynamic and proxied contents. [Nick Kew]

*) mod_log_config: Implement logging for sub second timestamps and
request end time. [Rainer Jung]

----
こがよういちろう


投稿者 xml-rpc : 2010年9月 9日 09:07
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/98202
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。