Over the past three months, Roy Fielding stepped down as the chair of the project to concentrate on board-level issues. The committee thanks him for his service as Project Chairman, again, for these past four years. William Rowe was appointed to serve in this capacity at the July Board meeting.
Stas Bekman and David Welton both requested to withdraw to an emeritus status from the PMC; no new PMC members were added in this period. The committee added Dan Poirier (poirier) as a committer to httpd. Following seven months without release activity, httpd 2.2.12 was released on 7/28 for security fixes, bug fixes and new features including the first to support SNI (server name identification) for mod_ssl, permitting named virtual https: hosts. An httpd release 2.2.13 followed on 8/8 due to an apr flaw that would conceivably elevate the risks for any third party module vulnerability (which might or might not exist) due to allocating memory based on untrusted user input. There was no release activity on older branches, the current development trunk, or the module subprojects this quarter. Updating snapshots to the current branches was discussed, but no action was taken. The Apache HTTP Project is represented at ApacheCon 2009 in November with two days of content organized by Rich Bowen and Noirin Plunket and sponsored by Thawte, and a two day tutorial by Rich Bowen and Jim Jagielski. The project's modules make an additional appearance on the Tomcat track. The potential for hackathon or meetup activities will be discussed on the dev or user lists as appropriate. The project noted a revival of interest in resource exhaustion attacks based on the "slowloris" tool, reported to httpd security list and posted on bugtraq, etc. Discussion of this class of issues was moved to the dev@ list for discussion, due to their well-known nature (since the 90's). HTTP Server Project is in-sync with the new subversion structure for LDAP migration, with the httpd-pmc list in-sync with committee-info.txt. There are no board level issues at this time.
