Apache HTTP Server 2.0.50 Released The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.50 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 2.0.50 as compared to 2.0.49. The Announcement is also available in German from: http://www.apache.org/dist/httpd/Announcement2.txt.de This version of Apache is principally a bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.50 addresses two security vulnerabilities: A remotely triggered memory leak in http header parsing can allow a denial of service attack due to excessive memory consumption. [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493] Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488] This release is compatible with modules compiled for 2.0.42 and later versions. We consider this release to be the best version of Apache available and encourage users of all prior versions to upgrade. Apache HTTP Server 2.0.50 is available for download from http://httpd.apache.org/download.cgi Please see the CHANGES_2.0 file, linked from the above page, for a full list of changes. Apache 2.0 offers numerous enhancements, improvements, and performance boosts over the 1.3 codebase. For an overview of new features introduced after 1.3 please see http://httpd.apache.org/docs-2.0/new_features_2_0.html When upgrading or installing this version of Apache, please keep in mind the following: If you intend to use Apache with one of the threaded MPMs, you must ensure that the modules (and the libraries they depend on) that you will be using are thread-safe. Please contact the vendors of these modules to obtain this information. --------------------------------------------------------------------- To unsubscribe, e-mail: announce-unsubscribe@httpd.apache.org For additional commands, e-mail: announce-help@httpd.apache.org