logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Apache httpd 2.4.16 available

 
Post new topic   Reply to topic    Apache Forum Index -> News & Hangout



View previous topic :: View next topic  
Author Message
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2581
Location: Hilversum, NL, EU

PostPosted: Tue 14 Jul '15 14:32    Post subject: Apache httpd 2.4.16 available Reply with quote

Apache 2.4.16 GA is now available here at the download pages, see ASF announcement below.

22 July 2015:
Build VC14 with Visual Studio 2015 RTM, see www.apachelounge.com/viewtopic.php?t=6664

Build with:
apr 1.5.2 with IPv6 enabled
apr-util 1.5.4 with Crypto OpenSSL enabled
apr-iconv 1.2.1
openssl VC14 1.0.2d +asm , VC10/11 1.0.1p +asm
zlib 1.2.8 +asm
pcre 8.37 with JIT, SUPPORT_UTF8 and REBUILD_CHARTABLES enabled
httpd.exe with OPENSSL_Applink and VC14 has SupportedOS Manifest
libxml2 2.9.2
lua 5.1.5
expat 2.1.0

For the ASF and Apachelounge changes over 2.4.12 :

www.apachelounge.com/Changelog-2.4.html


Notable Changes:

The OpenSSL default recommendation in httpd-ssl.conf :
*) In alignment with RFC 7525, the default recommended SSLCipherSuite and SSLProxyCipherSuite now exclude RC4 as well as MD5. Also, the default recommended SSLProtocol and SSLProxyProtocol directives now exclude SSLv3. Existing configurations must be adjusted by the administrator.

*) core: Add CGIPassAuth directive to control whether HTTP authorization headers are passed to scripts as CGI variables.

VC11 and VC14 versions do not run with XP and 2003, use the VC10 version.

Documentation: http://httpd.apache.org/docs/2.4/ attention there when you want to Upgrade to 2.4 from 2.2

When you have hangs, slow traffic and/or when having in your log entries like Asynchronous AcceptEx failed. You can try the following settings:

AcceptFilter http none
AcceptFilter https none
EnableSendfile off
EnableMMAP off

Enjoy,

Steffen

------------------------ ASF Announcement ---------------------

Apache HTTP Server 2.4.16 Released

The Apache Software Foundation and the Apache HTTP Server Project
are pleased to announce the release of version 2.4.16 of the Apache
HTTP Server ("Apache"). This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
principally a security, feature and bug fix release. NOTE: versions
2.4.13, 2.4.14 and 2.4.15 were not released.

CVE-2015-3183 (cve.mitre.org)
core: Fix chunk header parsing defect.
Remove apr_brigade_flatten(), buffering and duplicated code from
the HTTP_IN filter, parse chunks in a single pass with zero copy.
Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
authorized characters.

CVE-2015-3185 (cve.mitre.org)
Replacement of ap_some_auth_required (unusable in Apache httpd 2.4)
with new ap_some_authn_required and ap_force_authn hook.

CVE-2015-0253 (cve.mitre.org)
core: Fix a crash with ErrorDocument 400 pointing to a local URL-path
with the INCLUDES filter active, introduced in 2.4.11. PR 57531.

CVE-2015-0228 (cve.mitre.org)
mod_lua: A maliciously crafted websockets PING after a script
calls r:wsupgrade() can cause a child process crash.

Also in this release are some exciting new features including:

*) Better default recommended SSLCipherSuite and SSLProxyCipherSuite
*) mod_proxy_scgi: ProxySCGIInternalRedirect now allows an alternate
response header to be used by the application
*) Event MPM improvements
*) Various mod_proxy_* improvements
*) mod_log_config: Add "%{UNIT}T" format to output request duration in
seconds, milliseconds or microseconds depending on UNIT ("s", "ms",
"us")

We consider this release to be the best version of Apache available, and
encourage users of all prior versions to upgrade.
Back to top
puertoblack2003



Joined: 31 Jul 2009
Posts: 66

PostPosted: Wed 15 Jul '15 6:06    Post subject: Reply with quote

should i stay with rc version?
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2581
Location: Hilversum, NL, EU

PostPosted: Wed 15 Jul '15 9:51    Post subject: Reply with quote

The 2.4.16 RC is the same as the 2.4.16 GA, so you can stay with it.
Back to top
Firewave



Joined: 15 Jul 2015
Posts: 1

PostPosted: Wed 15 Jul '15 12:27    Post subject: Reply with quote

Is it still possible to get previous versions? Because of an internal approval process I am not able to use 2.4.16 yet and I was about to download the 2.4.12 VC14 version yesterday when the website was changed to the latest version.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2581
Location: Hilversum, NL, EU

PostPosted: Wed 15 Jul '15 12:31    Post subject: Reply with quote

We are not offering previous versions.
Back to top


Post new topic   Reply to topic    Apache Forum Index -> News & Hangout
Page 1 of 1