Re: [users@httpd] Apache (2.4.26) changing permissions on passwd file?

[Jacob Champion]

On 07/11/2017 09:12 AM, Alexandru Duzsardi wrote:
how does the httpd process change the permissions of that file? does 
that before droping root privileges? if not what would it stop it to 
change any file permissions?


OP said htpasswd was touching the file, not httpd.

--Jacob

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache (2.4.26) changing permissions on passwd file?

[Alexandru Duzsardi]

how does the httpd process change the permissions of that file?
does that before droping root privileges?
if not what would it stop it to change any file permissions?


On Tue, 11 Jul 2017 at 19:08, Eric Covener  wrote:

> On Tue, Jul 11, 2017 at 11:53 AM, Kevin Miles 
> wrote:
> > On the face of it, Apache 2.4.26 appears to be changing the permissions
> on
> > my passwd file to a value that prevents it from using it. I can't see
> > anything in the Release Notes that indicates this is a feature... Can
> anyone
> > tell me why this is happening, and suggest the best solution for getting
> > this VirtualHost working again?
>
> See bug 61240, It's fixed in todays 2.4.27 release.
>
>
> --
> Eric Covener
> cove...@gmail.com
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] Apache (2.4.26) changing permissions on passwd file?

[Yehuda Katz]

Did you compile Apache yourself or use a package from somewhere?

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.


On Jul 11, 2017 11:53 AM, "Kevin Miles"  wrote:

I wonder if someone can shed some light on this.

I've been running Apache 2.4.7 on Ubuntu 14.04LTS using a VirtualHost with
a passwd file and all was working fine. I upgraded Apache to 2.4.26 and the
site stopped working. The error being logged is:

[Tue Jul 11 20:58:27.722904 2017] [authn_file:error] [pid 3403]
(13)Permission denied: [client ::1:37626] AH01620: Could not open password
file: /etc/stm/passwd

Sure enough, when I check /etc/stm/passwd its permissions have been changed
from 644 to 600. When I change them back, everything starts working. But
when I reload the system, something sets them back to 600 and it stops
working!

AFAICT it's Apache that is changing the permissions. Audit shows the only
process touching this file is Apache (htpasswd). And if I disable Apache on
start-up and perform a system reload, the permissions are unchanged. Until
I start Apache, when they get flipped back to 600.

On the face of it, Apache 2.4.26 appears to be changing the permissions on
my passwd file to a value that prevents it from using it. I can't see
anything in the Release Notes that indicates this is a feature... Can
anyone tell me why this is happening, and suggest the best solution for
getting this VirtualHost working again?

Thanks.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[William A Rowe Jr]

On Tue, Jul 11, 2017 at 9:13 AM, Hajo Locke  wrote:
>
> Am 11.07.2017 um 15:58 schrieb Eric Covener:
>>
>> On Tue, Jul 11, 2017 at 9:41 AM, David Copeland
>>  wrote:

 o HTTP/2 will not be negotiated when using the Prefork MPM
>>>
>>> I'm wondering what the reason for this is?
>>
>> In the previous release, HTTP2 made prefork run multi-threaded. People
>> often chose prefork due to non-threadsafe code running in the server.
>>
>>
> so we cant use http/2 in 2.4.27 when using mod_prefork? it is not
> configurable?

> We use mod_prefork because of mod_php.

Please also note, mod_php has been strongly discouraged for years.

The conventional advise is to configure the php fcgi sapi, using either
mod_proxy_fcgi with php fpm, or mod_fcgid, and a modest number of
single process php fcgi workers to serve requests, and either event or
worker MPM. This is still not spelled out well in the formal PHP docs
(but who reads docs?)

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] [Announcement] Apache HTTP Server 2.2.34 Released

[William A Rowe Jr]

  July 11, 2017

   The Apache Software Foundation and the Apache HTTP Server Project
   announce the release of version 2.2.34 of the Apache HTTP Server
   ("Apache"), the final maintenance release of the 2.2 series. No
   further 2.2 releases are anticipated. This version of Apache is
   principally a security and bug fix maintenance release.

   We consider the current Apache HTTP Server 2.4 release to be the best
   version of Apache available, and encourage every user of 2.2 and all
   prior versions to upgrade. This final 2.2 release is offered for those
   unable to upgrade at this moment.

   Take note that Apache Web Server Project will provide no future release
   of the 2.2.x series, although some security patches may be published
   through December of 2017. These will be collected at the URL;

 http://www.apache.org/dist/httpd/patches/apply_to_2.2.34/

   No further maintenance patches of 2.2.x will be published. Users are
   strongly encouraged to promptly complete their transitions to the
   2.4.x flavor of httpd to receive any future benefit from the user
   community or the Apache HTTP Server project developers.

   For further details about the currently supported release, see:

 http://www.apache.org/dist/httpd/Announcement2.4.txt

   Apache HTTP Server 2.4 and 2.2.34 are available for download from:

 http://httpd.apache.org/download.cgi

   Please see the CHANGES_2.2 file, linked from the download page, for a
   full list of changes. A condensed list, CHANGES_2.2.34 includes only
   those changes introduced since the prior 2.2 release. A summary of all
   of the security vulnerabilities addressed in this and earlier releases
   is available:

 http://httpd.apache.org/security/vulnerabilities_22.html

   Note that the Apache HTTP Server project will discontinue evaluations
   and corresponding advisories to this resource effective January, 2018.

   This release includes the Apache Portable Runtime (APR) version 1.5.2
   and APR Utility Library (APR-util) version 1.5.4, bundled with the tar
   and zip distributions. The APR libraries libapr and libaprutil (and
   on Win32, libapriconv version 1.2.1) must all be updated to ensure
   binary compatibility and address many known security and platform bugs.
   APR version 1.5 and APR-util version 1.5 represent minor version upgrades
   from earlier httpd 2.2 source distributions.

   Note this package also includes very stale and known-vulnerable versions
   of the Expat [http://expat.sourceforge.net/] and PCRE [http://www.pcre.org/]
   packages. Users are strongly encouraged to first install the most recent
   versions of these components (of PCRE 8.x, not PCRE2 10.x at this time.)

   This release builds on and extends the Apache 2.0 API and is superceeded
   by the Apache 2.4 API. Modules written for Apache 2.2 will need to be
   recompiled in order to run with Apache 2.4, and most will require minimal
   or no source code changes.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[Hajo Locke]

Hello,

Am 11.07.2017 um 16:08 schrieb David Copeland:

On 11/07/17 09:58 AM, Eric Covener wrote:

On Tue, Jul 11, 2017 at 9:41 AM, David Copeland
 wrote:

o HTTP/2 will not be negotiated when using the Prefork MPM

I'm wondering what the reason for this is?

In the previous release, HTTP2 made prefork run multi-threaded. People
often chose prefork due to non-threadsafe code running in the server.



Right, understood.

Just looking at the HTTP/2 HowTo
(https://httpd.apache.org/docs/trunk/howto/http2.html). It suggests
setting H2MiniWorkers will make it possible anyway if one wishes to take
the risk and try it. Is this not correct?

Thanks.

this was answer to my question? I think i will try it, if H2MiniWorkers 
will restore old behaviour. We use mod_php+http/2 on a lot of 
productionservers. May be there is better performance with other mpm, 
but we never noticed serious problems.
We also use php-fpm, which basically runs with worker etc. but mod_php 
has bigger range of functions and we cant replace it the easy way.


Thanks,
Hajo


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache (2.4.26) changing permissions on passwd file?

[Eric Covener]

On Tue, Jul 11, 2017 at 11:53 AM, Kevin Miles  wrote:
> On the face of it, Apache 2.4.26 appears to be changing the permissions on
> my passwd file to a value that prevents it from using it. I can't see
> anything in the Release Notes that indicates this is a feature... Can anyone
> tell me why this is happening, and suggest the best solution for getting
> this VirtualHost working again?

See bug 61240, It's fixed in todays 2.4.27 release.


-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] Apache (2.4.26) changing permissions on passwd file?

[Jacob Champion]

On 07/11/2017 08:53 AM, Kevin Miles wrote:
Sure enough, when I check /etc/stm/passwd its permissions have been 
changed from 644 to 600. When I change them back, everything starts 
working. But when I reload the system, something sets them back to 600 
and it stops working!


This looks like PR61240 [1], which should be fixed in the just-announced 
2.4.27.


--Jacob

[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61240

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] Apache (2.4.26) changing permissions on passwd file?

[Alexandru Duzsardi]

I doubt it that apache is changing anything in a folder like /etc/stm/
Check your system crontabs or check where the changes might come from.
Alternatively change the location of your file.

-Original Message-
From: Kevin Miles [mailto:ke...@delgaldo.co.uk] 
Sent: Tuesday, July 11, 2017 6:54 PM
To: users@httpd.apache.org
Subject: [users@httpd] Apache (2.4.26) changing permissions on passwd file?

I wonder if someone can shed some light on this.

I've been running Apache 2.4.7 on Ubuntu 14.04LTS using a VirtualHost with a 
passwd file and all was working fine. I upgraded Apache to 2.4.26 and the site 
stopped working. The error being logged is:

[Tue Jul 11 20:58:27.722904 2017] [authn_file:error] [pid 3403] (13)Permission 
denied: [client ::1:37626] AH01620: Could not open password file: 
/etc/stm/passwd

Sure enough, when I check /etc/stm/passwd its permissions have been changed 
from 644 to 600. When I change them back, everything starts working. But when I 
reload the system, something sets them back to 600 and it stops working!

AFAICT it's Apache that is changing the permissions. Audit shows the only 
process touching this file is Apache (htpasswd). And if I disable Apache on 
start-up and perform a system reload, the permissions are unchanged. Until I 
start Apache, when they get flipped back to 600.

On the face of it, Apache 2.4.26 appears to be changing the permissions on my 
passwd file to a value that prevents it from using it. I can't see anything in 
the Release Notes that indicates this is a feature... Can anyone tell me why 
this is happening, and suggest the best solution for getting this VirtualHost 
working again?

Thanks.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

RE: [users@httpd] Apache (2.4.26) changing permissions on passed file?

[Darryl Philip Baker]

Is the file owned by the user running Apache?

Darryl Baker
NIT - CI - PIPS - DAPS
X76674


-Original Message-
From: Kevin Miles [mailto:ke...@delgaldo.co.uk] 
Sent: July 11, 2017 10:54 AM
To: users@httpd.apache.org
Subject: [users@httpd] Apache (2.4.26) changing permissions on passwd file?

I wonder if someone can shed some light on this.

I've been running Apache 2.4.7 on Ubuntu 14.04LTS using a VirtualHost with a 
passwd file and all was working fine. I upgraded Apache to 2.4.26 and the site 
stopped working. The error being logged is:

[Tue Jul 11 20:58:27.722904 2017] [authn_file:error] [pid 3403] (13)Permission 
denied: [client ::1:37626] AH01620: Could not open password file: 
/etc/stm/passwd

Sure enough, when I check /etc/stm/passwd its permissions have been changed 
from 644 to 600. When I change them back, everything starts working. But when I 
reload the system, something sets them back to 600 and it stops working!

AFAICT it's Apache that is changing the permissions. Audit shows the only 
process touching this file is Apache (htpasswd). And if I disable Apache on 
start-up and perform a system reload, the permissions are unchanged. Until I 
start Apache, when they get flipped back to 600.

On the face of it, Apache 2.4.26 appears to be changing the permissions on my 
passwd file to a value that prevents it from using it. I can't see anything in 
the Release Notes that indicates this is a feature... Can anyone tell me why 
this is happening, and suggest the best solution for getting this VirtualHost 
working again?

Thanks.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Apache (2.4.26) changing permissions on passwd file?

[Kevin Miles]

I wonder if someone can shed some light on this.

I've been running Apache 2.4.7 on Ubuntu 14.04LTS using a VirtualHost 
with a passwd file and all was working fine. I upgraded Apache to 2.4.26 
and the site stopped working. The error being logged is:


[Tue Jul 11 20:58:27.722904 2017] [authn_file:error] [pid 3403] 
(13)Permission denied: [client ::1:37626] AH01620: Could not open 
password file: /etc/stm/passwd


Sure enough, when I check /etc/stm/passwd its permissions have been 
changed from 644 to 600. When I change them back, everything starts 
working. But when I reload the system, something sets them back to 600 
and it stops working!


AFAICT it's Apache that is changing the permissions. Audit shows the 
only process touching this file is Apache (htpasswd). And if I disable 
Apache on start-up and perform a system reload, the permissions are 
unchanged. Until I start Apache, when they get flipped back to 600.


On the face of it, Apache 2.4.26 appears to be changing the permissions 
on my passwd file to a value that prevents it from using it. I can't see 
anything in the Release Notes that indicates this is a feature... Can 
anyone tell me why this is happening, and suggest the best solution for 
getting this VirtualHost working again?


Thanks.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] mod_proxy performance with IIS

[Bruno Dorchain]

I had an httpd 2.2 (under Centos 6) with mod_proxy forwarding requests to
an IIS 7.5 in HTTPS. I replaced it with an httpd 2.4 (Centos 7) and I
expected a huge increase in performance due to the connection pooling on
the back but it only increased by 10%.

Doing the same test with an httpd back-end leads to 50% increase.

Any idea why IIS behaves this way? Can we change anything on IIS (or httpd)?

Remark: proxy-nokeepalive is not defined

Thanks a lot

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[David Copeland]

On 11/07/17 10:25 AM, Stefan Eissing wrote:
>> Am 11.07.2017 um 16:13 schrieb David Copeland :
>>
>> I had it set up on an essentially a private site to try it so the volume was 
>> very low, and so I never had a problem.
> It can work in certain configurations. Especially if you *only* serve static 
> files. As soon as mod_php, proxy connections or gzip/brotli content 
> compression gets in the mix, it may get slow or stop working altogether.
>
> This is not a bug, but a principle collision between HTTP/2 parallel requests 
> and mpm_prefork single-threaded model. In pre-2.4.26, we kept it single 
> threaded and people experienced bad performance and locks. In 2.4.26 will had 
> several threads and people experienced the crashes of mod_php.
>
> People that require prefork are better served with the 6 parallel connections 
> of HTTP/1.1 clients. People who do not have to run their server 
> single-threaded are better off with mpm_event. There is no good comfort place 
> for h2+prefork. We think we can invest our time better in other places.
>
> Cheers,
>
> Stefan
>
>
And I agree. Thanks to all who replied with explanations and/or links to
discussion threads.

-- 
David Copeland
JSI Data Systems Limited
613-727-9353
www.jsidata.ca


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[Stefan Eissing]

> Am 11.07.2017 um 16:13 schrieb David Copeland :
> 
> I had it set up on an essentially a private site to try it so the volume was 
> very low, and so I never had a problem.

It can work in certain configurations. Especially if you *only* serve static 
files. As soon as mod_php, proxy connections or gzip/brotli content compression 
gets in the mix, it may get slow or stop working altogether.

This is not a bug, but a principle collision between HTTP/2 parallel requests 
and mpm_prefork single-threaded model. In pre-2.4.26, we kept it single 
threaded and people experienced bad performance and locks. In 2.4.26 will had 
several threads and people experienced the crashes of mod_php.

People that require prefork are better served with the 6 parallel connections 
of HTTP/1.1 clients. People who do not have to run their server single-threaded 
are better off with mpm_event. There is no good comfort place for h2+prefork. 
We think we can invest our time better in other places.

Cheers,

Stefan

> Thanks,
> Dave Copeland.
> 
> On 11/07/17 10:03 AM, Yehuda Katz wrote:
>> H2 is threaded and prefork is not, so the performance is poor or it doesn't 
>> work at all.
>> 
>> There was a discussion about this on the dev list: 
>> https://lists.apache.org/thread.html/bae472cadaeeb761b88bb4569cc0b7d87bc2dcb2fbcbf472d895f32e@%3Cdev.httpd.apache.org%3E
>> 
>> Sent from a device with a very small keyboard and hyperactive autocorrect.
>> 
>> On Jul 11, 2017 9:48 AM, "David Copeland"  wrote:
>> I'm wondering what the reason for this is?
>> 
>> Thanks.
>> 
>> On 11/07/17 09:04 AM, Jim Jagielski wrote:
>> >Apache HTTP Server 2.4.27 Released
>> >
>> >
>> > o HTTP/2 will not be negotiated when using the Prefork MPM
>> >
>> 
>> --
>> David Copeland
>> JSI Data Systems Limited
>> 613-727-9353
>> www.jsidata.ca
>> 
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>> 
> 
> 
> -- 
> David Copeland
> JSI Data Systems Limited
> 613-727-9353
> 
> www.jsidata.ca


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[David Copeland]

On 11/07/17 09:58 AM, Eric Covener wrote:
> On Tue, Jul 11, 2017 at 9:41 AM, David Copeland
>  wrote:
>>> o HTTP/2 will not be negotiated when using the Prefork MPM
>> I'm wondering what the reason for this is?
> In the previous release, HTTP2 made prefork run multi-threaded. People
> often chose prefork due to non-threadsafe code running in the server.
>
>
Right, understood.

Just looking at the HTTP/2 HowTo
(https://httpd.apache.org/docs/trunk/howto/http2.html). It suggests
setting H2MiniWorkers will make it possible anyway if one wishes to take
the risk and try it. Is this not correct?

Thanks.

-- 
David Copeland
JSI Data Systems Limited
613-727-9353
www.jsidata.ca


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[David Copeland]

I had it set up on an essentially a private site to try it so the volume
was very low, and so I never had a problem.

Thanks,
Dave Copeland.

On 11/07/17 10:03 AM, Yehuda Katz wrote:
> H2 is threaded and prefork is not, so the performance is poor or it
> doesn't work at all.
>
> There was a discussion about this on the dev
> list: 
> https://lists.apache.org/thread.html/bae472cadaeeb761b88bb4569cc0b7d87bc2dcb2fbcbf472d895f32e@%3Cdev.httpd.apache.org%3E
>
> Sent from a device with a very small keyboard and hyperactive autocorrect.
>
> On Jul 11, 2017 9:48 AM, "David Copeland"  > wrote:
>
> I'm wondering what the reason for this is?
>
> Thanks.
>
> On 11/07/17 09:04 AM, Jim Jagielski wrote:
> >Apache HTTP Server 2.4.27 Released
> >
> >
> > o HTTP/2 will not be negotiated when using the Prefork MPM
> >
>
> --
> David Copeland
> JSI Data Systems Limited
> 613-727-9353 
> www.jsidata.ca 
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> 
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
>


-- 
David Copeland
JSI Data Systems Limited
613-727-9353
www.jsidata.ca

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[Hajo Locke]

Hello,

Am 11.07.2017 um 15:58 schrieb Eric Covener:

On Tue, Jul 11, 2017 at 9:41 AM, David Copeland
 wrote:

o HTTP/2 will not be negotiated when using the Prefork MPM

I'm wondering what the reason for this is?

In the previous release, HTTP2 made prefork run multi-threaded. People
often chose prefork due to non-threadsafe code running in the server.


so we cant use http/2 in 2.4.27 when using mod_prefork? it is not 
configurable?

We use mod_prefork because of mod_php.

Thanks,
Hajo

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[Luca Toscano]

Also a more in depth explanation from the dev@ mailing list:

https://lists.apache.org/thread.html/bae472cadaeeb761b88bb4569cc0b7d87bc2dcb2fbcbf472d895f32e@%3Cdev.httpd.apache.org%3E

Luca

2017-07-11 15:56 GMT+02:00 Luca Toscano :

> Hi David,
>
> https://bz.apache.org/bugzilla/show_bug.cgi?id=61237 contains the
> background that brought to this decision :)
>
> Luca
>
>
> 2017-07-11 15:41 GMT+02:00 David Copeland :
>
>> I'm wondering what the reason for this is?
>>
>> Thanks.
>>
>> On 11/07/17 09:04 AM, Jim Jagielski wrote:
>> >Apache HTTP Server 2.4.27 Released
>> >
>> >
>> > o HTTP/2 will not be negotiated when using the Prefork MPM
>> >
>>
>> --
>> David Copeland
>> JSI Data Systems Limited
>> 613-727-9353
>> www.jsidata.ca
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[Yehuda Katz]

H2 is threaded and prefork is not, so the performance is poor or it doesn't
work at all.

There was a discussion about this on the dev list:
https://lists.apache.org/thread.html/bae472cadaeeb761b88bb4569cc0b7d87bc2dcb2fbcbf472d895f32e@%3Cdev.httpd.apache.org%3E

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Jul 11, 2017 9:48 AM, "David Copeland"  wrote:

> I'm wondering what the reason for this is?
>
> Thanks.
>
> On 11/07/17 09:04 AM, Jim Jagielski wrote:
> >Apache HTTP Server 2.4.27 Released
> >
> >
> > o HTTP/2 will not be negotiated when using the Prefork MPM
> >
>
> --
> David Copeland
> JSI Data Systems Limited
> 613-727-9353
> www.jsidata.ca
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[Luca Toscano]

Hi David,

https://bz.apache.org/bugzilla/show_bug.cgi?id=61237 contains the
background that brought to this decision :)

Luca

2017-07-11 15:41 GMT+02:00 David Copeland :

> I'm wondering what the reason for this is?
>
> Thanks.
>
> On 11/07/17 09:04 AM, Jim Jagielski wrote:
> >Apache HTTP Server 2.4.27 Released
> >
> >
> > o HTTP/2 will not be negotiated when using the Prefork MPM
> >
>
> --
> David Copeland
> JSI Data Systems Limited
> 613-727-9353
> www.jsidata.ca
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[Eric Covener]

On Tue, Jul 11, 2017 at 9:41 AM, David Copeland
 wrote:
>> o HTTP/2 will not be negotiated when using the Prefork MPM
> I'm wondering what the reason for this is?

In the previous release, HTTP2 made prefork run multi-threaded. People
often chose prefork due to non-threadsafe code running in the server.


-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[David Copeland]

I'm wondering what the reason for this is?

Thanks.

On 11/07/17 09:04 AM, Jim Jagielski wrote:
>Apache HTTP Server 2.4.27 Released
>
>
> o HTTP/2 will not be negotiated when using the Prefork MPM
>

-- 
David Copeland
JSI Data Systems Limited
613-727-9353
www.jsidata.ca


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] [ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released

[Jim Jagielski]

   Apache HTTP Server 2.4.27 Released

July 11, 2017

The Apache Software Foundation and the Apache HTTP Server Project
are pleased to announce the release of version 2.4.27 of the Apache
HTTP Server ("Apache").  This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
a security, feature, and bug fix release. Users are encouraged
to upgrade as soon as possible.

We consider this release to be the best version of Apache available, and
encourage users of all prior versions to upgrade.

Apache HTTP Server 2.4.27 is available for download from:

http://httpd.apache.org/download.cgi

Apache 2.4 offers numerous enhancements, improvements, and performance
boosts over the 2.2 codebase.  For an overview of new features
introduced since 2.4 please see:

http://httpd.apache.org/docs/trunk/new_features_2_4.html

Please see the CHANGES_2.4 file, linked from the download page, for a
full list of changes. A condensed list, CHANGES_2.4.27 includes only
those changes introduced since the prior 2.4 release.  A summary of all 
of the security vulnerabilities addressed in this and earlier releases 
is available:

http://httpd.apache.org/security/vulnerabilities_24.html

Of particular note in this release are 3 COMPATIBILITY items:

o HTTP/2 will not be negotiated when using the Prefork MPM
o FastCGI compatibility with PHP-FPM is fixed
o mod_lua no longer exports the undocumented and unsupported
  'apr_table' variable.

This release requires the Apache Portable Runtime (APR), minimum
version 1.5.x, and APR-Util, minimum version 1.5.x. Some features may
require the 1.6.x version of both APR and APR-Util. The APR libraries
must be upgraded for all features of httpd to operate correctly.

This release builds on and extends the Apache 2.2 API.  Modules written
for Apache 2.2 will need to be recompiled in order to run with Apache
2.4, and require minimal or no source code changes.

http://svn.apache.org/repos/asf/httpd/httpd/trunk/VERSIONING

When upgrading or installing this version of Apache, please bear in mind
that if you intend to use Apache with one of the threaded MPMs (other
than the Prefork MPM), you must ensure that any modules you will be
using (and the libraries they depend on) are thread-safe.

Please note that Apache Web Server Project will only provide maintenance
releases of the 2.2.x flavor through June of 2017, and will provide some
security patches beyond this date through at least December of 2017.
Minimal maintenance patches of 2.2.x are expected throughout this period,
and users are strongly encouraged to promptly complete their transitions
to the the 2.4.x flavor of httpd to benefit from a much larger assortment
of minor security and bug fixes as well as new features.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org