[Announce] Apache HTTP Server (httpd) 2.2.15 Released

[Announce] Apache HTTP Server (httpd) 2.2.15 Released

am 06.03.2010 21:47:20 von wrowe

The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the release and immediate availability of version
2.2.15 of the Apache HTTP Server ("httpd"). This version of httpd is
principally a security and bug fix release.

Notably, this release was updated to reflect the OpenSSL Project's
release 0.9.8m of the openssl library, and addresses CVE-2009-3555
(cve.mitre.org), the TLS renegotiation prefix injection attack.
This release further addresses the issues CVE-2010-0408, CVE-2010-0425
and CVE-2010-0434 within mod_proxy_ajp, mod_isapi and mod_headers
respectively.

We consider this release to be the best version of httpd available, and
encourage users of all prior versions to upgrade.

Apache HTTP Server 2.2.15 is available for download from:

http://httpd.apache.org/download.cgi

Please see the CHANGES_2.2 file, linked from the download page, for a
full list of changes. A condensed list, CHANGES_2.2.15 provides the
complete list of changes since 2.2.14. A summary of security
vulnerabilities which were addressed in the previous 2.2.14 and earlier
releases is available:

http://httpd.apache.org/security/vulnerabilities_22.html

Apache HTTP Server 2.2.15 is compatible with Apache Portable Runtime
(APR) versions 1.3 and 1.4, APR-util library version 1.3, and
APR-iconv library version 1.2. The most current releases should
be used to address known security and platform bugs. At the time of
this httpd release, the recommended APR releases are:

* Apache Portable Runtime (APR) library version 1.4.2 (bundled),
or at minimum, version 1.3.12
* ARR-util library version 1.3.9 (bundled)
* APR-iconv library version 1.2.1 (only bundled in win32-src.zip)

Older releases of these libraries have known vulnerabilities or other
defects affecting httpd. For further information and downloads, visit:

http://apr.apache.org/

Apache HTTP Server 2.2 offers numerous enhancements, bug fixes, and
performance enhancements over the 2.0 codebase. For an overview of
new features introduced since 2.0 please see:

http://httpd.apache.org/docs/2.2/new_features_2_2.html

This release builds upon and extends the httpd 2.0 API. Modules written
for httpd 2.0 will need to be recompiled in order to run with httpd 2.2,
and may require minimal or no source code changes.

When upgrading or installing this version of httpd, please bear in mind
that if you intend to use httpd with one of the threaded MPMs (other
than the Prefork MPM), you must ensure that any modules you will be
using (and the libraries they depend on) are thread-safe.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [Announce] Apache HTTP Server (httpd) 2.2.15Released

am 08.03.2010 18:05:31 von Ruiyuan Jiang

Hi, William

Does v2.2.15 fix the problem that I reported "BUG 48819" that happens on v2=
..2.14? Thanks.

Ryan

-----Original Message-----
From: William A. Rowe Jr. [mailto:wrowe@rowe-clan.net]=20
Sent: Saturday, March 06, 2010 3:47 PM
To: users@httpd.apache.org
Subject: [users@httpd] [Announce] Apache HTTP Server (httpd) 2.2.15 Released

The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the release and immediate availability of version
2.2.15 of the Apache HTTP Server ("httpd"). This version of httpd is
principally a security and bug fix release.

Notably, this release was updated to reflect the OpenSSL Project's
release 0.9.8m of the openssl library, and addresses CVE-2009-3555
(cve.mitre.org), the TLS renegotiation prefix injection attack.
This release further addresses the issues CVE-2010-0408, CVE-2010-0425
and CVE-2010-0434 within mod_proxy_ajp, mod_isapi and mod_headers
respectively.

We consider this release to be the best version of httpd available, and
encourage users of all prior versions to upgrade.

Apache HTTP Server 2.2.15 is available for download from:

http://httpd.apache.org/download.cgi

Please see the CHANGES_2.2 file, linked from the download page, for a
full list of changes. A condensed list, CHANGES_2.2.15 provides the
complete list of changes since 2.2.14. A summary of security
vulnerabilities which were addressed in the previous 2.2.14 and earlier
releases is available:

http://httpd.apache.org/security/vulnerabilities_22.html

Apache HTTP Server 2.2.15 is compatible with Apache Portable Runtime
(APR) versions 1.3 and 1.4, APR-util library version 1.3, and
APR-iconv library version 1.2. The most current releases should
be used to address known security and platform bugs. At the time of
this httpd release, the recommended APR releases are:

* Apache Portable Runtime (APR) library version 1.4.2 (bundled),
or at minimum, version 1.3.12
* ARR-util library version 1.3.9 (bundled)
* APR-iconv library version 1.2.1 (only bundled in win32-src.zip)

Older releases of these libraries have known vulnerabilities or other
defects affecting httpd. For further information and downloads, visit:

http://apr.apache.org/

Apache HTTP Server 2.2 offers numerous enhancements, bug fixes, and
performance enhancements over the 2.0 codebase. For an overview of
new features introduced since 2.0 please see:

http://httpd.apache.org/docs/2.2/new_features_2_2.html

This release builds upon and extends the httpd 2.0 API. Modules written
for httpd 2.0 will need to be recompiled in order to run with httpd 2.2,
and may require minimal or no source code changes.

When upgrading or installing this version of httpd, please bear in mind
that if you intend to use httpd with one of the threaded MPMs (other
than the Prefork MPM), you must ensure that any modules you will be
using (and the libraries they depend on) are thread-safe.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended=20
recipient, please notify the sender immediately by=20
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [Announce] Apache HTTP Server (httpd) 2.2.15

am 08.03.2010 18:16:21 von Eric Covener

On Mon, Mar 8, 2010 at 12:05 PM, Ruiyuan Jiang wrote:
> Does v2.2.15 fix the problem that I reported "BUG 48819" that happens on v2.2.14? Thanks.

Wouldn't think so. The bug is still open and there are no followups.

It's not going to get very far if you can't simplify your
description/environment/changes and dentify what HTTP-level exchange
differs in your new environment.
--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [Announce] Apache HTTP Server (httpd) 2.2.15Released

am 10.03.2010 17:57:27 von Ruiyuan Jiang

Hi,=20

Has anyone downloaded the .tar.gz format file for v2.2.15? I tried to gunzi=
p the file on Solaris, HPUX and Windows and all having problem? I downloade=
d multiple times on multiple days but got the same thing. Thanks.

Ryan

-----Original Message-----
From: William A. Rowe Jr. [mailto:wrowe@rowe-clan.net]=20
Sent: Saturday, March 06, 2010 3:47 PM
To: users@httpd.apache.org
Subject: [users@httpd] [Announce] Apache HTTP Server (httpd) 2.2.15 Released

The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the release and immediate availability of version
2.2.15 of the Apache HTTP Server ("httpd"). This version of httpd is
principally a security and bug fix release.

Notably, this release was updated to reflect the OpenSSL Project's
release 0.9.8m of the openssl library, and addresses CVE-2009-3555
(cve.mitre.org), the TLS renegotiation prefix injection attack.
This release further addresses the issues CVE-2010-0408, CVE-2010-0425
and CVE-2010-0434 within mod_proxy_ajp, mod_isapi and mod_headers
respectively.

We consider this release to be the best version of httpd available, and
encourage users of all prior versions to upgrade.

Apache HTTP Server 2.2.15 is available for download from:

http://httpd.apache.org/download.cgi

Please see the CHANGES_2.2 file, linked from the download page, for a
full list of changes. A condensed list, CHANGES_2.2.15 provides the
complete list of changes since 2.2.14. A summary of security
vulnerabilities which were addressed in the previous 2.2.14 and earlier
releases is available:

http://httpd.apache.org/security/vulnerabilities_22.html

Apache HTTP Server 2.2.15 is compatible with Apache Portable Runtime
(APR) versions 1.3 and 1.4, APR-util library version 1.3, and
APR-iconv library version 1.2. The most current releases should
be used to address known security and platform bugs. At the time of
this httpd release, the recommended APR releases are:

* Apache Portable Runtime (APR) library version 1.4.2 (bundled),
or at minimum, version 1.3.12
* ARR-util library version 1.3.9 (bundled)
* APR-iconv library version 1.2.1 (only bundled in win32-src.zip)

Older releases of these libraries have known vulnerabilities or other
defects affecting httpd. For further information and downloads, visit:

http://apr.apache.org/

Apache HTTP Server 2.2 offers numerous enhancements, bug fixes, and
performance enhancements over the 2.0 codebase. For an overview of
new features introduced since 2.0 please see:

http://httpd.apache.org/docs/2.2/new_features_2_2.html

This release builds upon and extends the httpd 2.0 API. Modules written
for httpd 2.0 will need to be recompiled in order to run with httpd 2.2,
and may require minimal or no source code changes.

When upgrading or installing this version of httpd, please bear in mind
that if you intend to use httpd with one of the threaded MPMs (other
than the Prefork MPM), you must ensure that any modules you will be
using (and the libraries they depend on) are thread-safe.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended=20
recipient, please notify the sender immediately by=20
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [Announce] Apache HTTP Server (httpd) 2.2.15

am 10.03.2010 18:04:50 von Tom Evans

On Wed, Mar 10, 2010 at 4:57 PM, Ruiyuan Jiang wrote:
> Hi,
>
> Has anyone downloaded the .tar.gz format file for v2.2.15? I tried to gunzip the file on Solaris, HPUX and Windows and all having problem? I downloaded multiple times on multiple days but got the same thing. Thanks.
>
> Ryan
>

Works For Me on FreeBSD with bsdtar and with BSD gunzip. I was getting
it from http://apache.mirror.anlx.net/httpd/httpd-2.2.15.tar.gz (first
mirror it offered me).

Cheers

Tom

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [Announce] Apache HTTP Server (httpd) 2.2.15

am 10.03.2010 18:04:57 von Eric Covener

On Wed, Mar 10, 2010 at 11:57 AM, Ruiyuan Jiang wrote:
> Hi,
>
> Has anyone downloaded the .tar.gz format file for v2.2.15? I tried to gunzip the file on Solaris, HPUX and Windows and all having problem? I downloaded multiple times on multiple days but got the same thing. Thanks.

Worked fine for me on Linux and Solaris. Did you validate the
checksum? Which mirror did you use?

--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [Announce] Apache HTTP Server (httpd) 2.2.15 Released

am 10.03.2010 20:22:27 von Ruiyuan Jiang

No, I did not. I just tried again and it failed again. But I found that one=
download at my hard disk was good but rest downloads are not good. Thanks =
anyway.

-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]=20
Sent: Wednesday, March 10, 2010 12:05 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] [Announce] Apache HTTP Server (httpd) 2.2.15 Rel=
eased

On Wed, Mar 10, 2010 at 11:57 AM, Ruiyuan Jiang wro=
te:
> Hi,
>
> Has anyone downloaded the .tar.gz format file for v2.2.15? I tried to gun=
zip the file on Solaris, HPUX and Windows and all having problem? I downloa=
ded multiple times on multiple days but got the same thing. Thanks.

Worked fine for me on Linux and Solaris. Did you validate the
checksum? Which mirror did you use?

--=20
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended=20
recipient, please notify the sender immediately by=20
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org