I think the announcement was a little premature, as I've yet to find a mirror that has the new release.
Also the header on http://www.apache.org/dist/apr/ says: Important Notices * Download from your nearest mirror site! * APR 1.3.3 is the latest available version * APR-util 1.3.4 is the latest available version * APR-iconv 1.2.1 is the latest available version * APR 0.9.17 is also available * APR-util 0.9.15 is also available * APR-iconv 0.9.7 is also available * PGP/GPG Signatures Some of the above versions have not been updated for the current release. Similarly, the footer has out of date versions. There are rather a lot of files in the directory, some of which seem to be old versions; it would help if the older versions were deleted. S/// On 05/06/2009, William A. Rowe, Jr. <[email protected]> wrote: > The Apache Software Foundation and the Apache Portable Runtime > Project are proud to announce the General Availability of > version 1.3.5 of the APR Apache Portable Runtime library, and > version 1.3.7 of the companion APR-util Apache Portable Utility > library. > > The corresponding version 1.2.1 of the companion APR-iconv library, > an alternative portable implementation of the 'iconv' library, > remains current. > > APR is available for download from: > > http://apr.apache.org/download.cgi > > This version of APR is a security and bug fix release, including > fixes for specific platforms' configuration, feature detection, > and run time behavior. Most developers and users are encouraged > to adopt the latest APR 1.x version to ensure the most comprehensive > support and access to the latest features and enhancements. > > The security fixes in the APR-util library release 1.3.7 must be > evaluated in the context of how APR-consuming applications use them > to determine if the application provides untrusted input to these > specific functions, to determine if they represent vulnerabilities > to the specific application. Refer questions to such APR-consuming > projects for further guidance. These fixes (which are similarly > corrected in the concurrent APR-util 0.9.17 release) include; > > * Fixed a denial of service attack against the apr_xml_* interface > using the "billion laughs" entity expansion technique. > [Joe Orton] > > * CVE-2009-0023 (cve.mitre.org); > Fixed an underflow from the match pattern to apr_strmatch_precompile. > [Matthew Palmer <mpalmer debian.org>] > > * Fixed an off by one overflow in apr_brigade_vprintf. > [C. Michael Pilato <cmpilato collab.net>] > > The mission of the Apache Portable Runtime Project is to create > and maintain software libraries that provide a predictable and > consistent interface to underlying platform-specific > implementations. The primary goal is to provide an API to > which software developers may code and be assured of predictable > if not identical behavior regardless of the platform on which > their software is built, relieving them of the need to code > special-case conditions to work around or take advantage of > platform-specific deficiencies or features. > > APR and its companion libraries are implemented entirely in C > and provide a common programming interface across a wide variety > of operating system platforms without sacrificing performance. > Currently supported platforms include: > > UNIX variants > Windows > Netware > Mac OS X > OS/2 > > To give a brief overview, the primary core > subsystems of APR 1.3 include the following: > > Atomic operations > Dynamic Shared Object loading > File I/O > Locks (mutexes, condition variables, etc) > Memory management (high performance allocators) > Memory-mapped files > Multicast Sockets > Network I/O > Shared memory > Thread and Process management > Various data structures (tables, hashes, priority queues, etc) > > For a more complete list, please refer to the following URLs: > > http://apr.apache.org/docs/apr/modules.html > http://apr.apache.org/docs/apr-util/modules.html > > Users of APR 0.9 should be aware that migrating to the APR 1.x > programming interfaces may require some adjustments; APR 1.x is > neither source nor binary compatible with earlier APR 0.9 releases. > Users of APR 1.x can expect consistent interfaces and binary backwards > compatibility throughout the entire APR 1.x release cycle, as defined > in our versioning rules: > > http://apr.apache.org/versioning.html > > APR is already used extensively by the Apache HTTP Server > version 2 and the Subversion revision control system, to > name but a few. We list all known projects using APR at > http://apr.apache.org/projects.html -- so please let us know > if you find our libraries useful in your own projects! > >
