-*- coding: utf-8 -*-
Changes with Apache 2.2.20

*) SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]

*) mod_authnz_ldap: If the LDAP server returns constraint violation,
don't treat this as an error but as "auth denied". [Stefan Fritsch]

*) mod_filter: Fix FilterProvider conditions of type "resp=" (response
headers) for CGI. [Joe Orton, Rainer Jung]

*) mod_reqtimeout: Fix a timed out connection going into the keep-alive
state after a timeout when discarding a request body. PR 51103.
[Stefan Fritsch]

*) core: Do the hook sorting earlier so that the hooks are properly sorted
for the pre_config hook and during parsing the config. [Stefan Fritsch]

[Apache 2.1.0-dev includes those bug fixes and changes with the
Apache 2.0.xx tree as documented, and except as noted, below.]

Changes with Apache 2.0.x and later:

*) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup

 

download link http://httpd.apache.org/download.cgi

标签: Apache, Server, HTTP

已有 2 条评论

  1. Xiaoxia Xiaoxia

    这个版本号码增加的好慢啊,应该学习一下现在的chrome和firefox了

    回复
    1. 小兔 小兔

      对版本号不感冒 嘿嘿 chrome和FF赛跑

      回复

添加新评论