아파치 소프트웨어 재단은 아파치 오픈 소스 소프트웨어 프로젝트 커뮤니티 지원을 제공합니다.
아파치 프로젝트는 협업과 개발 프로세스를 기반으로 하는 상호간의 공감대와 개방되어 있는 실용적인 소프트웨어 라이센스, 그 분야에서 선두를 달릴 수 있는 고품질 소프트웨어 개발을 추구하고 있습니다.
우리는 심플한 서버 공유 프로젝트의 모임이라고도 하지만 오히려 개발자와 사용자간의 커뮤니티라고 생각합니다.
Apache HTTP Server 1.3는 여러분들이 도와주시고 힘써주신 덕분에 성공적으로 프로젝트를 진행해왔고, 그리고 이 땅의 대표 웹서버로서 발돋움하게 되었습니다.
감사합니다.
This Announcement notes the significant changes in 1.3.42 as compared to 1.3.41.
This version of Apache is is principally a bug and security fix release.
The following moderate security flaw has been addressed:
* CVE-2010-0010 (cve.mitre.org)
mod_proxy: Prevent chunk-size integer overflow on platforms
where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.
Please see the CHANGES_1.3.42 file in this directory for a full list
of changes for this version.
Apache 1.3.42 is the final stable release of the Apache 1.3 family. We
strongly recommend that users of all earlier versions, including 1.3
family releases, upgrade to to the current 2.2 version as soon as possible.
For information about how to upgrade, please see the documentation:
Binaries distributed by the Apache HTTP Server Project are provided as a
courtesy by individual project contributors. The project makes no
commitment to release the Apache HTTP Server in binary form for any
particular platform, nor on any particular schedule.
IMPORTANT NOTE FOR APACHE USERS: Apache 1.3 was designed for Unix OS
variants. While the ports to non-Unix platforms (such as Win32, Netware or
OS2) will function for some applications, Apache 1.3 is not designed for
these platforms. Apache 2 was designed from the ground up for security,
stability, or performance issues across all modern operating systems.
Users of any non-Unix ports are strongly cautioned to move to Apache 2.
The Apache project no longer distributes non-Unix platform binaries from
the main download pages for Apache 1.3. If absolutely necessary, a binary
may be available at http://archive.apache.org/dist/httpd/.
Apache 1.3.42 Major changes
Security vulnerabilities
The main security vulnerabilities addressed in 1.3.42 are:
*) SECURITY: CVE-2010-0010 (cve.mitre.org)
mod_proxy: Prevent chunk-size integer overflow on platforms
where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.
Bugfixes addressed in 1.3.42 are:
*) Protect logresolve from mismanaged DNS records that return
blank/null hostnames.