[ANNOUNCEMENT] Apache HTTP Server 2.4.37 Released

[Daniel Ruggeri]

Apache HTTP Server 2.4.37 Released

   October 23, 2018

   The Apache Software Foundation and the Apache HTTP Server Project
   are pleased to announce the release of version 2.4.37 of the Apache
   HTTP Server ("Apache").  This version of Apache is our latest GA
   release of the new generation 2.4.x branch of Apache HTTPD and
   represents fifteen years of innovation by the project, and is
   recommended over all previous releases. This release of Apache is
   a feature and bug fix release.

   We consider this release to be the best version of Apache available, and
   encourage users of all prior versions to upgrade.

   Apache HTTP Server 2.4.37 is available for download from:

 http://httpd.apache.org/download.cgi

   Apache 2.4 offers numerous enhancements, improvements, and performance
   boosts over the 2.2 codebase.  For an overview of new features
   introduced since 2.4 please see:

 http://httpd.apache.org/docs/trunk/new_features_2_4.html

   Please see the CHANGES_2.4 file, linked from the download page, for a
   full list of changes. A condensed list, CHANGES_2.4.37 includes only
   those changes introduced since the prior 2.4 release.  A summary of all 
   of the security vulnerabilities addressed in this and earlier releases 
   is available:

 http://httpd.apache.org/security/vulnerabilities_24.html

   This release requires the Apache Portable Runtime (APR), minimum
   version 1.5.x, and APR-Util, minimum version 1.5.x. Some features may
   require the 1.6.x version of both APR and APR-Util. The APR libraries
   must be upgraded for all features of httpd to operate correctly.

   This release builds on and extends the Apache 2.2 API.  Modules written
   for Apache 2.2 will need to be recompiled in order to run with Apache
   2.4, and require minimal or no source code changes.

 http://svn.apache.org/repos/asf/httpd/httpd/trunk/VERSIONING

   When upgrading or installing this version of Apache, please bear in mind
   that if you intend to use Apache with one of the threaded MPMs (other
   than the Prefork MPM), you must ensure that any modules you will be
   using (and the libraries they depend on) are thread-safe.

   Please note the 2.2.x branch has now passed the end of life at the Apache
   HTTP Server project and no further activity will occur including security
   patches.  Users must promptly complete their transitions to this 2.4.x
   release of httpd to benefit from further bug fixes or new features.

The Apache Software Foundation Announces Apache® HTTP Server v2.4.37

[Sally Khudairi]

[this announcement is available online at https://s.apache.org/1o7h ]

Milestone release of world's most popular Web server now faster, more secure, 
and more efficient with TLS and OpenSSL support

Wakefield, MA —23 October 2018— The Apache Software Foundation (ASF), the 
all-volunteer developers, stewards, and incubators of more than 350 Open Source 
projects and initiatives, announced today Apache® HTTP Server 2.4.37, the 
latest version of the world's most popular Web server.

Apache HTTP Server is an Open Source HTTP server for modern operating systems 
that include UNIX, Microsoft Windows, Mac OS X, and Netware. For more than 23 
years, the award-winning server software has been lauded as a secure, 
efficient, and extensible server that provides HTTP services observing the 
current HTTP standards.

"The Apache HTTP Server 2.4.37 represents a continuing marvel of a journey 
through Open Source history," said Daniel Gruno, Vice President of Apache HTTP 
Server. "More than four thousand people have contributed directly to the 
project during its lifetime, and one dare say many more will contribute, as we 
continue a steady pace at the very forefront of Web server software 
engineering."

Apache HTTP Server v2.4.37 features Transport Layer Security (TLS) 1.3 support 
when linked with a supporting OpenSSL (software library/toolkit for the TLS and 
Secure Sockets Layer protocols). Highlights include:

 - Improved Speed —shorter handshake time for quicker connections;
 - Enhanced Security —removed/deprecated less secure features for protection 
now and into the future; and
 - Upgraded Efficiency —integrated state-of-the-art protocols such as TLS 1.3 
with HTTP/2 for reduced overhead and added performance.

The full list of new features and changes is available in the project release 
notes at https://www.apache.org/dist/httpd/CHANGES_2.4

"Keeping pace with the major browsers and servers, this release is another step 
in our collective journey to a more secure Internet," said Daniel Ruggeri, 
Apache HTTP Server committer and v2.4.37 Release Manager. "We are in an 
exciting time in the Web technology space, and are proud to keep a great server 
on top of its game. We look forward to feedback and shipping more releases with 
killer features!"

The Apache HTTP Server has long been the server of choice for Websites of all 
sizes, and played an integral role in the growth of the commercial development 
of the World Wide Web. It remains the most popular Web server on the planet 
since April 1996.

"If I had to pinpoint the number one feature of the Apache HTTP Server Project 
and its long successful run, it is the community and self-driving mechanisms," 
added Gruno. "For nearly two decades, our community-first focus has given 
people the ability to come to us with a problem they need to solve, or piece of 
new technology that makes sense to them, and work with the community towards 
that goal —independent from who they are or who they work for or represent— and 
have it implemented and released with the The Apache Software Foundation 
guarding their backs. We encourage those in the HTTP sphere with an itch to 
scratch to step forward and leverage this advantage as we continue to serve the 
users of the Apache HTTP Server."

Availability and Oversight
Apache HTTP Server software is released under the Apache License v2.0 and is 
overseen by a self-selected team of active contributors to the project. A 
Project Management Committee (PMC) guides the Project's day-to-day operations, 
including community development and product releases. For downloads, 
documentation, and ways to become involved with Apache HTTP Server, visit 
https://httpd.apache.org/ and https://twitter.com/apache_httpd

About The Apache Software Foundation (ASF)
Established in 1999, the all-volunteer Foundation oversees more than 350 
leading Open Source projects, including Apache HTTP Server --the world's most 
popular Web server software. Through the ASF's meritocratic process known as 
"The Apache Way," more than 730 individual Members and 6,800 Committers across 
six continents successfully collaborate to develop freely available 
enterprise-grade software, benefiting millions of users worldwide: thousands of 
software solutions are distributed under the Apache License; and the community 
actively participates in ASF mailing lists, mentoring initiatives, and 
ApacheCon, the Foundation's official user conference, trainings, and expo. The 
ASF is a US 501(c)(3) charitable organization, funded by individual donations 
and corporate sponsors including Aetna, Anonymous, ARM, Bloomberg, Budget 
Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, 
Hortonworks, Huawei, IBM, Indeed, Inspur, LeaseWeb, Microsoft, Oath, ODPi, 
Pineapple Fund, Pivotal, Private Internet Access, Red Hat, Target, and Union 
Investment. For more information, visit https://apache.org/ and 
https://twitter.com/TheASF

© The Apache Software Foundation. 

[ANNOUNCEMENT] HttpComponents Core 5.0 beta5 released

[Oleg Kalnichevski]

The Apache HttpComponents project is pleased to announce 5.0-beta5
release of HttpComponents Core. 

This BETA release adds support for Reactive Streams API [
http://www.reactive-streams.org/] and fixes compatibility issues with
Java 11 new TLS engine as well as a number of defects found since the
previous release.

This release also includes a redesigned HTTP stress test tool loosely
based on Apache Benchmark (AB) command interface with support for
HTTP/2.

Notable changes and features included in the 5.0 series:

* Support for HTTP/2 protocol and conformance to requirements and
recommendations of the latest HTTP/2 protocol specification (RFC 7540,
RFC 7541)

  Supported features:

** HPACK header compression
** stream multiplexing (client and server)
** flow control
** response push (client and server)
** message trailers
** expect-continue handshake
** connection validation (ping)
** application-layer protocol negotiation (ALPN) on Java 9+
** TLS 1.2 security features

   Features out of scope for 5.0 release:

** padding of outgoing frames
** stream priority
** plain connection HTTP/1.1 upgrade
** CONNECT method

* Improved conformance to requirements and recommendations of the
latest HTTP/1.1 protocol specification (RFC 7230, RFC 7231)

* New asynchronous HTTP transport APIs consistent for both HTTP/1.1 and
HTTP/2 transport.

* Redesigned I/O reactor APIs and improved NIO based reactor
implementation for a greater performance and scalability.

* Support for server side request filters for classic and asynchronous
server implementations. Request filters could be used to implement
cross-cutting protocol aspects such as the 'expect-continue'
handshaking and user authentication / authorization.

* Redesigned connection pool implementation with strict connection
limit guarantees. The connection pool is expected to have a better
performance under higher concurrency due to reduced global pool lock
contention.

* New connection pool implementation with lax connection limit
guarantees and better performance under higher concurrency due to
absence of a global pool lock.

* Package name space changed to 'org.apache.hc.core5'

* Maven group id changed to 'org.apache.httpcomponents.core5'

HttpCore 5.0 releases can be co-located with earlier versions.

The 5.0 APIs are considered feature complete and are not expected to
undergo any major changes anymore. The focus of development is now
shifting to API polish, code stabilization and documentation
improvements.

IMPORTANT: As of next release HttpCore OSGi module will be discontinued
and removed from the project source code. 

Download - 
Release notes - 
HttpComponents site - 

About HttpComponents Core

HttpCore is a set of HTTP/1.1 and HTTP/2 transport components that can
be used to build custom client and server side HTTP services with a
minimal footprint