当前位置: 首页 > 图文教程 > 网络编程 > PHP > Apache 2.2.15版发布

PHP
用PHP脚本在Linux系统上读取输入和对文
PHP中register_globals引发的问题
PHP基础:安全基础IIS 6的PHP最佳配置
Web开发基础知识分享:Php基础知识了解
实例解析:PHP程序开发中的中文编码问题
PHP5程序中新增加日期(date)函数的常量
新手学堂:PHP服务器变量设置的方法介绍
如何正确理解PHP程序错误信息的表示含义
PHP程序百行代码快速构建简易聊天室方法
如何使用PHP程序开发高效的WEB网络系统
加速PHP动态网站 关于MySQL索引分析优化
教你如何在SQL Server数据库中加密数据
用PHP程序直接调用文本文件内容实例
使用php的zlib压缩和解压缩swf文件
升级PHP5的理由:PHP4和PHP5性能对比
解决php存取mysql 4.1乱码问题
FC 5 php 不可以连接远程mysql数据库
一个特别好的学习PHP引用返回的例子
热门看点:PHP 6新版发布前新特性大展望
开源新版NetBeans让PHP开发变得更加轻松

PHP 中的 Apache 2.2.15版发布


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2010-03-17   浏览: 155 ::
收藏到网摘: n/a

Apache HTTP Server(简称Apache)是Apache软件基金会的一个开放源码的网页服务器,可以在大多数计算机操作系统中运行,由于其跨平台和安全性被广泛 使用,是最流行的Web服务器端软件之一。它快速、可靠并且可通过简单的API扩充,将Perl/Python等解释器编译到服务器中。

http://www.apache.org/dist/httpd/httpd-2.2.15.tar.bz2
http://www.apache.org/dist/httpd/binaries/win32/httpd-2.2.15-win32-x86-openssl-0.9.8m.msi  (Windows)

Changes with Apache 2.2.15

*) SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
attack when compiled against OpenSSL version 0.9.8m or later. Introduces
the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
and offer unsafe legacy renegotiation with clients which do not yet
support the new secure renegotiation protocol, RFC 5746.
[Joe Orton, and with thanks to the OpenSSL Team]

*) SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
by rejecting any client-initiated renegotiations. Forcibly disable
keepalive for the connection if there is any buffered data readable. Any
configuration which requires renegotiation for per-directory/location
access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
[Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]

*) SECURITY: CVE-2010-0408 (cve.mitre.org)
mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
when request headers indicate a request body is incoming; not a case of
HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]

*) SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.
[Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]

*) SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted. Elimiates a problematic
optimization in the case of no request body. PR 48359
[Jake Scott, William Rowe, Ruediger Pluem]

*) mod_reqtimeout: New module to set timeouts and minimum data rates for
receiving requests from the client. [Stefan Fritsch]

*) mod_proxy_ajp: Really regard the operation a success, when the client
aborted the connection. In addition adjust the log message if the client
aborted the connection. [Ruediger Pluem]

*) mod_negotiation: Preserve query string over multiviews negotiation.
This buglet was fixed for type maps in 2.2.6, but the same issue
affected multiviews and was overlooked.
PR 33112 [Joergen Thomsen <apache jth.net>]

*) mod_cache: Introduce the thundering herd lock, a mechanism to keep
the flood of requests at bay that strike a backend webserver as
a cached entity goes stale. [Graham Leggett]

*) mod_proxy_http: Make sure that when an ErrorDocument is served
from a reverse proxied URL, that the subrequest respects the status
of the original request. This brings the behaviour of proxy_handler
in line with default_handler. PR 47106. [Graham Leggett]

*) mod_log_config: Add the R option to log the handler used within the
request. [Christian Folini <christian.folini netnea com>]

*) mod_include: Allow fine control over the removal of Last-Modified and
ETag headers within the INCLUDES filter, making it possible to cache
responses if desired. Fix the default value of the SSIAccessEnable
directive. [Graham Leggett]

*) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
is configured for client cert auth. PR 46952. [Joe Orton]

*) core: Fix potential memory leaks by making sure to not destroy
bucket brigades that have been created by earlier filters.
[Stefan Fritsch]

*) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
try other providers in the case of an LDAP bind failure.
PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]

*) mod_proxy, mod_proxy_http: Support remote https proxies
by using HTTP CONNECT.
PR 19188. [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]

*) worker: Don't report server has reached MaxClients until it has.
Add message when server gets within MinSpareThreads of MaxClients.
PR 46996. [Dan Poirier]

*) mod_ssl: When extracting certificate subject/issuer names to the
SSL_*_DN_* variables, handle RDNs with duplicate tags by
exporting multiple varialables with an "_n" integer suffix.
PR 45875. [Joe Orton, Peter Sylvester <peter.sylvester edelweb.fr>]

*) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
password now result in an informational level log entry instead of
warning level. [Eric Covener]

*) core: Preserve Port information over internal redirects
PR 35999 [Jonas Ringh <jonas.ringh cixit.se>]

*) mod_filter: fix FilterProvider matching where "dispatch" string
doesn't exist.
PR 48054 [<tietw gmail.com>]

*) Build: fix --with-module to work as documented
PR 43881 [Gez Saunders <gez.saunders virgin.net>]

*) mod_mime: Make RemoveType override the info from TypesConfig.
PR 38330. [Stefan Fritsch]

*) mod_proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
rather than BAD_GATEWAY or (especially) NOT_FOUND.
PR 46971 [evanc nortel.com]

*) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
[Eric Covener]

*) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
some cache entries and log a warning. Also increase the default
LDAPSharedCacheSize to 500000. This is a more realistic size suitable
for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
PR 46749. [Stefan Fritsch]

*) mod_disk_cache, mod_mem_cache: don't cache incomplete responses,
per RFC 2616, 13.8. PR15866. [Dan Poirier]

*) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
the request is a CONNECT request. PR 47928
[Bill Zajac <billz consultla.com>]

*) mod_cache: correctly consider s-maxage in cacheability
decisions. [Dan Poirier]

*) core: Return APR_EOF if request body is shorter than the length announced
by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]

*) mod_rewrite: Add scgi scheme detection. [André Malo]

*) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
LocationMatch sections. PR 47754. [Dan Poirier]

*) ab, mod_ssl: Restore compatibility with OpenSSL < 0.9.7g.
[Guenter Knauf]