Disponibile Apache HTTP server 2.0.45

Security vulnerabilities closed since Apache 2.0.44

• SECURITY [CAN-2003-0132]: Close a Denial of Service vulnerability identified by David Endler on all platforms. Details embargoed until their announcement on 7 April 2003.
• SECURITY: Eliminated leaks of several file descriptors to child processes, such as CGI scripts. This fix depends on the latest APR library release 0.9.2, which is distributed with the httpd source tarball for Apache 2.0.45. PR 17206 [Christian Kratzer , Bjoern A. Zeeb ]

Bugs fixed and features added since Apache 2.0.44

• Prevent endless loops of internal redirects in mod_rewrite by aborting after exceeding a limit of internal redirects. The limit defaults to 10 and can be changed using the RewriteOptions directive. PR 17462.
• Configurable compression level for mod_deflate.
• Allow SSLMutex to select/use the full range of APR locking mechanisms available to it (e.g. same choices as AcceptMutex.)
• mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot be started on Unix because of such problems as bad permissions, bad shebang line, etc.
• Try to log an error if a piped log program fails and try to restart a piped log program in more failure situations.
• Added support for mod_auth_LDAP, with a new AuthLDAPCharsetConfig directive, to convert extended characters in the user ID to UTF-8, before authenticating against the LDAP directory.
• No longer removes the Content-Length from responses via mod_proxy.
• Enhance mod_isapi's WriteClient() callback to provide better emulation for isapi extensions that use the first WriteClient() to send status and headers, such as the foxisapi module.
• Win32: Avoid busy wait (consuming all the CPU idle cycles) when all worker threads are busy.
• Introduced .pdb debugging symbols for Win32 release builds.
• Fixed piped access logs on Win32.
• Fix path handling of mod_rewrite, especially on non-unix systems. There was some confusion between local paths and URL paths.
• Added an rpm build script.