William A. Rowe, Jr. wrote:
Chinese firedrill time folks.
There is a vulnerability affecting mod_rewrite which this release
addresses.
See the recent commit activity for detail. Need your votes on the
following
in the usual http://httpd.apache.org/dev/dist/
+/-1 Package
[+1] apache_1.3.37
[+1] httpd-2.0.59
[+1] httpd-2.2.3(*)
All win32 installers packaged, upon counting votes - these three are
released. Website updated, files trickling through the mirrors. Thanks
to all who tested so quickly on their Thursday afternoon/evening!
We will transmit the announcement about 12 hours from now, 1200 GMT to
permit the mirrors to catch up first.
(*) In order to create the win32 -src.zip package, it was necessary to back
out the change for the resource compiler that had changed
/d LONG_NAME="Apache Component X" to /d "LONG_NAME=Apache Component X"
since VC6 won't accept this, and the generated command line make is
broken by this change. I did not modify the .tar files, only -src.zip.
The solution that will work in VisualStudio 2005 GUI Mode and the older
compilers is more complex than I would introduce in a urgent release.