-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache HTTP Server 2.1.6-alpha Released
The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 2.1.6-alpha of the Apache HTTP Server ("Apache"). This alpha release should not be presumed to be compatible with binaries built against any prior or future version. The 2.1.6-alpha release addresses a security vulnerability present in all previous 2.x versions. This fault did not affect Apache 1.3.x (which did not proxy keepalives or chunked transfer encoding); Proxy HTTP: If a response contains both Transfer-Encoding and a Content-Length, remove the Content-Length to eliminate an HTTP Request Smuggling vulnerability and don't reuse the connection, stopping some HTTP Request Spoofing attacks. The Apache HTTP Server Project thanks the Watchfire team of Linhart, Klein, Heled and Orrin for the responsible notification and disclosure of this information. Apache HTTP Server 2.1.6-alpha is available for download from: http://httpd.apache.org/download.cgi Please see the CHANGES_2.1 file, linked from the above page, for a full list of changes. Apache 2.1 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase. For an overview of new features introduced after 2.0 please see: http://httpd.apache.org/docs-2.1/new_features_2_2.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCwKmC94h19kJyHwARAvBgAJ9yv/vSYThPd3+BA5axX5B6eKuC2QCfUqXm zCsd3SPiLcSnSTDE0r1844I= =G1cX -----END PGP SIGNATURE-----