Apache 2.0.15 Released as alpha ------------------------------- The Apache Group is proud to announce the release the fifteenth release of Apache 2.0. This release is the first release to use our new release process. This process allows the Apache developers to more easily determine the quality of any release. Instead of tagging any release as an alpha or beta from now on, all releases will be available as numbered releases, and the release status will only be available in the tarball name. More information is available on this process in the Apache development archives. Apache 2.0 offers numerous enhancements, improvements and performance boosts over the 1.3 codebase. The most visible and noteworthy addition is the ability to run Apache in a hybrid thread/process mode on any platform that supports both threads and processes. This has shown to improve the scalability of the Apache HTTPD server significantly in our early testing, on some versions of Unix. With this version of Apache, we have also added support for filtered I/O. This allows modules to modify the output of other modules before it is sent to the client. This release also greatly improves the performance and robustness of Apache on the Microsoft Windows Operating Systems. This alpha includes support for IPv6 on all platforms that support IPv6. This version of Apache is known to work on many versions of Unix, BeOS, OS/2, and Windows. Because of many of the advancements in Apache 2.0, the initial release of Apache is expected to perform equally well on all supported platforms. There are new snapshots of the Apache httpd source available every 6 hours from http://dev.apache.org/from-cvs/apache-2.0/ - please download and test if you feel brave. We don't guarantee anything except that it will take up disk space, but if you have the time and skills, please give it a spin on your platforms. Apache has been the most popular web server on the Internet since
This release is the first release to use the new release process. This process allows the Apache developers to more easily determine the quality of any release. Instead of tagging any release as an alpha or beta from now on, all releases will be available as numbered releases, and the release status will only be available in the tarball name.
April of 1996. The May 2000 WWW server site survey by Netcraft (see: http://www.netcraft.co.uk/Survey/) found that more web servers were using Apache than any other software running on more than 60% of the Internet web servers. For more information, please check out http://www.apache.org/httpd.html Changes with Apache 2.0.15 *) Untangled the buildconf script and eliminated the need for build's aclocal.m4, generated_lists, build.mk, build2.mk, and a host of other libtool muck that is now under srclib/apr/build. [Roy Fielding] *) Win32: Don't accept more connections than we have worker threads to handle. [Bill Stoddard] *) Fix bug in the Unix threaded.c MPM that allowed child processes to fork() new child processes. [Bill Stoddard] *) Fix a major security problem with double-reverse lookup checking. Previously, a client connecting over IPv4 would not be matched properly when the server had an IPv6 listening socket. PR #7407 [Taketo Kabe
] *) Change the way the beos MPM handles polling to allow it to stop and restart. Problem was the sockets being polled were being reset by the select call, so once it had accepted a connection it was no longer listening on the UDP socket we use for shutdown instructions. APR needs to be altered, patch on it's way. [David Reid] *) Empty out the brigade shared by ap_getline()/ap_get_client_block() on error exit from ap_getline(). Some other code got upset because the wrong data was in the brigade. [Greg Ames, Jeff Trawick] *) Handle ap_discard_request_body() being called more than once. [Greg Ames, Jeff Trawick] *) Get rid of an inadvertent close of file descriptor 2 in mod_mime_magic. [Greg Ames, Jeff Trawick] *) Add a hook, create_request. This hook allows modules to modify a request while it is being created. This hook is called for all
request_rec's, main request, sub request, and internal redirect. When this hook is called, the the r->main, r->prev, r->next pointers have been set, so modules can determine what kind of request this is. [Ryan Bloom] *) Cleanup the build process a bit more. The Apache configure script no longer creates its own helper scripts, it just uses APR's. [jean-frederic clere
] *) Stop the forced downgrade of the connection to HTTP/1.0 for proxy requests. [Graham Leggett] *) Avoid using sscanf to determine the HTTP protocol number in the common case because sscanf is a performance hog. From Mike Abbot's Accelerating Apache patch number 6. [Mike Abbot , Bill Stoddard] *) Fix a security exposure in mod_access. Previously when IPv6 listening sockets were used, allow/deny-from-IPv4-address rules were not evaluated properly (PR #7407). Also, add the ability to specify IPv6 address strings with optional prefix length on Allow and Deny. [Jeff Trawick] *) Enhance rotatelogs so that a UTC offset can be specified, and the logfile name can be formatted using strftime(3). (Brought forward from 1.3.) [Ken Coar] *) Reimplement the Windows MPM (mpm_winnt.c) to eliminate calling DuplicateHandle on an IOCompletionPort (a practice which MS "discourages"). The new model does not rely on associating the completion port with the listening sockets, thus the completion port can be completely managed within the child process. A dedicated thread accepts connections off the network, then calls PostQueuedCompletionStatus() to wake up worker threads blocked on the completion port. [Bill Stoddard] *) Bring forward the --suexec-umask option which allows the builder to preset the umask for suexec processes. [Ken Coar] *) Add a -V flag to suexec, which causes it to display the
compile-time settings with which it was built. (Only usable by root or the AP_HTTPD_USER username.) [Ken Coar] *) Mod_include should always unset the content-length if the file is going to be passed through send_parsed_content. There is no to determine if the content will change before actually scanning the entire content. It is far safer to just remove the C-L as long as we are scanning it. [Ryan Bloom] *) Make sure Apache sends WWW-Authenticate during a reverse proxy request and not Proxy-Authenticate. [Graham Leggett