Apache 1.3.34正式版推出

Posted by

Apache 1.3.34正式版推出

全球最多網站主機使用的免費伺服器軟體Apache(10月4日的統計,佔有率達到全球網站主機的69.89%),日前繼推出2.0.55版本後,針對一代的Apache(目前也是最多人用的),釋出Apache 1.3.34,取代原先的1.3.33。

Apache 1.3.34主要是更新兩個重要的1.3.33的安全性問題,Apache官方建議所有Apache 1系列的網站更新,他們也推薦網站可以升級使用效率更好、功能更多的Apache 2.0.55。


Apache 1.3.34比起1.3.33,更新列表如下(大多是安全性更新):

*) hsregex: fix potential core dumping on 64 bit machines, such as
AMD64. PR 31858. [Glenn Strauss < gs-apache-dev gluelogic.com>]

*) SECURITY: core: If a request contains both Transfer-Encoding and
Content-Length headers, remove the Content-Length, mitigating some
HTTP Request Splitting/Spoofing attacks. This has no impact on
mod_proxy_http, yet affects any module which supports chunked
encoding yet fails to prefer T-E: chunked over the Content-Length
purported value. [Paul Querna, Joe Orton]

*) Added TraceEnable [on|off|extended] per-server directive to alter
the behavior of the TRACE method. This addresses a flaw in proxy
conformance to RFC 2616 – previously the proxy server would accept
a TRACE request body although the RFC prohibited it. The default
remains 'TraceEnable on'.
[William Rowe]

*) mod_digest: Fix another nonce string calculation issue.
[Eric Covener]

一直很喜歡的緞帶教堂 Ribbon Chapel
2005 年 10 月