Apache HTTP Server 1.3.42 릴리즈 (1.3.x버전의 마지막 릴리즈)

아파치 소프트웨어 재단과 아파치 HTTP Server 프로젝트에서 Apache HTTP Server 1.3.42를 릴리즈 하였습니다.
이 릴리즈는 Apache HTTP Server 1.3버전대의 마지막 릴리즈입니다.

앞으로 더이상 Apache HTTP Server 1.3의 릴리즈는 없을 것입니다. 하지만, 중요한 보안 문제등에 대해서는 지속적으로 아래 웹사이트 에서 업데이트 될 것입니다.

       http://www.apache.org/dist/httpd/patches/

Apache 1.3.42는 아래 웹사이트에서 다운로드 받으실 수 있습니다.

       http://httpd.apache.org/download.cgi

Apache HTTP Server 1.3는 여러분들이 도와주시고 힘써주신 덕분에 성공적으로 프로젝트를 진행해왔고, 그리고 이 땅의 대표 웹서버로서 발돋움하게 되었습니다.

감사합니다.

  This Announcement notes the significant changes in 1.3.42 as compared to 1.3.41.

  This version of Apache is is principally a bug and security fix release.
  The following moderate security flaw has been addressed:

    * CVE-2010-0010 (cve.mitre.org)
      mod_proxy: Prevent chunk-size integer overflow on platforms
      where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.

  Please see the CHANGES_1.3.42 file in this directory for a full list
  of changes for this version.

  Apache 1.3.42 is the final stable release of the Apache 1.3 family. We
  strongly recommend that users of all earlier versions, including 1.3
  family releases, upgrade to to the current 2.2 version as soon as possible.
  For information about how to upgrade, please see the documentation:

         http://httpd.apache.org/docs/2.2/upgrading.html

  Apache 1.3.42 is available for download from

          http://httpd.apache.org/download.cgi

  This service utilizes the network of mirrors listed at:

          http://www.apache.org/mirrors/

  Binary distributions may be available for your specific platform from

          http://www.apache.org/dist/httpd/binaries/

  Binaries distributed by the Apache HTTP Server Project are provided as a
  courtesy by individual project contributors. The project makes no
  commitment to release the Apache HTTP Server in binary form for any
  particular platform, nor on any particular schedule.

  IMPORTANT NOTE FOR APACHE USERS: Apache 1.3 was designed for Unix OS
  variants. While the ports to non-Unix platforms (such as Win32, Netware or
  OS2) will function for some applications, Apache 1.3 is not designed for
  these platforms. Apache 2 was designed from the ground up for security,
  stability, or performance issues across all modern operating systems.
  Users of any non-Unix ports are strongly cautioned to move to Apache 2.

  The Apache project no longer distributes non-Unix platform binaries from
  the main download pages for Apache 1.3. If absolutely necessary, a binary
  may be available at http://archive.apache.org/dist/httpd/.

Apache 1.3.42 Major changes

 Security vulnerabilities

  The main security vulnerabilities addressed in 1.3.42 are:

 *) SECURITY: CVE-2010-0010 (cve.mitre.org)
    mod_proxy: Prevent chunk-size integer overflow on platforms
    where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.

 Bugfixes addressed in 1.3.42 are:

 *) Protect logresolve from mismanaged DNS records that return
    blank/null hostnames.