Apache HTTP Server 1.3.29 Released 36
Dan writes "The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 1.3.29 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 1.3.29 as compared to 1.3.28. Release 1.3.29 addresses and fixes a potential security issue CAN-2003-0542 (cve.mitre.org): Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. You can download this release from one of your preferred mirror sites."
Big Changes ? (Score:4, Insightful)
The Apache Section's Motto: (Score:5, Funny)
Slashdot's Apache Section: For The Apache Admin Who Just Refuses To Get On The Mailing List.
Why Not 2.0? (Score:2)
OK, I'll admit not being on the apache mailing list.
But I'm thinking of installing Apache (and gentoo ) on an unused Athlon box.
Is there any reason not to install the latest Apache 2.0 instead of the 1.3 series?
[I ask because, IIRC, early releases of 2.0 didn't support the latest PHP.]
Re:Why Not 2.0? (Score:2)
I'm not a PHP guy, so I can't be definitive about that, but the two big areas where Apache 2.0 seems to have been un-finished are PHP and mod_perl support. Random poking around on Google suggests anecdotally that this was true at least as recently as July, according to a random blog hit [afongen.com].
You're certainly welcome to try it -- bug testers are always welcome for any open source project -- but last I heard the conventional wisdom was still to avoid Apache2 for any site that needs stable mod_perl or PHP support
Re:Why Not 2.0? (Score:1)
Re:Why Not 2.0? (Score:2)
No stability problems here, yet
Re:Why Not 2.0? (Score:1)
FWIW, I've used the mod_perl 1.99 dev code without any issue on a server that handles a significant load of authentication. While doin
Re:Why Not 2.0? (Score:1)
mod_throttle and other non-core modules are normally only available to the 1.3.x series (for now).
Another reason is laziness: If the average admin can't find a package/port/... for an apache 2.x module in their favorite Linux distro or BSD ports collection, they'll normally go for 1.3.x, instead of porting the module to 2.x.
On the note of that... (Score:2, Funny)
"Cor, at least it's not IIS... we'd be having thousands of bugfixes. Damn M$."
Thanks (Score:3, Interesting)
Why list a commercial web site? (Score:4, Insightful)
The Slashdot story said, "... are pleased to announce the release of version 1.3.29 of the Apache HTTP Server ("Apache") [bsdforums.org]."
However, that link references only a copy of the release info on a commercial bulletin board, BSDForums.org, that has plenty of advertisements.
The Slashdot story could have said, "... are pleased to announce the release of version 1.3.29 of the Apache HTTP Server ("Apache") [apache.org]", which is the official announcement on the apache.org site.
Re:Why list a commercial web site? (Score:1)
Notice that the article was submitted by dan@bsdforums.org and you will achieve enlightenment.
At least he was honest about his affiliation.money-making scheme (Score:2)
So it was a money-making scheme for Dan?
Why don't Slashdot editors catch this kind of thing?
Re:money-making scheme (Score:2)
Re:Why list a commercial web site? (Score:2)
All I see are 3 text links near the top
NetBSD 1.6 CDs,T-Mobile's Online Store and The Design & Implementation of 4.3 BSD Unix OS.
Not exactly what I would call plenty of advertisements.
It is a breach of trust. (Score:2)
9 ads on the page.
It is a breach of trust. The original page was available; why not link to that? If that is okay, what is next; will mirrors insert ads?
The money apparently does NOT go to help BSD, but goes to a private company; is that true?
Ads are good, in the right circumstances. Sneakiness is never good.
Apache HTTP Server 2.0.48 is also out (Score:3, Informative)
what about 2.0.48? (Score:3, Informative)
In related news, the 2.48 [apache.org] version of apache was also released. Was this a slashdot moment, as well? Did I miss a memo? I'm assuming I have. I recently read the O'Reilly book [oreilly.com]on this topic and two things seemed clear. 1) That the authors of the book really preferred the 1.3.x series of httpd to the 2.x series and that 2) BSD is the way to be for Apache (though Linux is an "okay" substitute.) Which really surprised me because threading in Linux is better than BSD.
So my questions are: If they are updating the 2.x series why are they *also* updating the 1.3.x series? Isn't the idea that 2.x will supplant/replace the earlier series? What do you get out of using the older version that you don't with the newer? Other than the ability to work with a tool that's more familiar to you becasue you've been using it for so long...Wouldn't the technological advantages of using the newer version outwiegh the inconvenience of yet another learning curve?
Re:what about 2.0.48? (Score:2, Informative)
The main problem is that some things written for apache 1.x do not work under 2.x, or have significant problems. PHP was one of them; other modules have been problematic, too. Once PHP ran acceptably, we switched...
Re:what about 2.0.48? (Score:2, Informative)
Re:what about 2.0.48? (Score:5, Insightful)
Here, my friend is the beauty of open source. If you want to keep using apache 1.3 (as many are), you can. There's no such thing as a forced upgrade. What version of the software you use is entirely up to you. 2.0 is supposed to be an improvement over 1.3 (and it is), but it's not supposed to 'supplant' 1.3. Just like the Linux kernel 2.4 didn't 'supplant' 2.2, though it WAS an improvement.
As long as there are interested people in the 1.3 series, bugfixes will come in, and holes will be patched. And that's why it's still being updated. Heck, even the 2.0 kernel is actively maintained. The canges are very slow, but if there's an obvious fix, it will be put in.
So basically, it's up to you to decide which version to run. And that's exactly the idea, that you have choice and freedom with your software.
Re:what about 2.0.48? (Score:1)
As another person said, it's not supported (yet).
Understatement... try compiling it in
Re:what about 2.0.48? (Score:2, Informative)
There are still a number of very popular modules that still require the use of the 1.3x code. So instead of "orphaning" those poor souls dependent (?) on the 1.3x modules, (as mentioned by another poster) the open source world allows for and supports multiple versions to exist.
Just my two cents...
webserver written in Postscript! (Score:4, Funny)
PS-HTTPD is a HTTP-server written in Postscript. It can handle the main task of a webserver, serving data.
Re:webserver written in Postscript! (Score:2)
Re:webserver written in Postscript! (Score:1)
This is important because it is security relaited (Score:1)
That is what slashdot is doing. It is highly important.
Granted, they could just put it on the side... but hey! slash code is configurable!
You can choose what types of news you want to read!
Just log in and visit your preferences page... and make it so you don't see the apache news!
Re:Apache Problems (Score:1)