CGISecurity Logo

R.I.P. Apache 1.x: Apache 1.3.42 marks of end life

The latest version of Apache 1.3.42 is the last 1.3 version of Apache that will be released. I admit I've been running 1.3 for ages now due to it being rock solid and having a decent security track record. The announcement states that security patches 'may be available' at http://www.apache.org/dist/httpd/patches/ but consider this the time to finally upgrade to 2.x.

"This version of Apache is is principally a bug and security fix release.
The following moderate security flaw has been addressed:

  • CVE-2010-0010:
    mod_proxy: Prevent chunk-size integer overflow on platforms
    where sizeof(int) < sizeof(long). Reported by Adam Zabrocki." – Apache

Announcement: http://www.apache.org/dist/httpd/Announcement1.3.html