Apache Updates HTTP Web Server for Security and the Future
The Apache HTTP Server powers the majority of web servers around the world. As such, when there is a security flaw, it's critical to fix it as quickly as possible.
The Apache Software Foundation this week released Apache HTTP Server 2.2.19, fixing a security flaws in the open source web server. The 2.2.19 release was triggered by a flaw in the 2.2.18 release earlier this month which created new regressions after fixing other flaws.
A fix in the Apache Portable runtime for the 2.2.18 release, which is bundled with HTTP Server triggered a possible denial of service (DoS) issue.
"Httpd workers enter a hung state (100% cpu utilization) after updating to APR 1.4.4," Apache warned in its 2.2.19 release notes. "Upgrading to APR 1.4.5 bundled with the httpd 2.2.19 package, or using APR 1.4.3 or prior with the 'IgnoreClient' option of the 'IndexOptions' directive will circumvent both issues."
The 2.2.19 release also provides a fix for a regression introduced in 2.2.18 for the ap_unescape_url_keep2f() function signature. That change in 2.2.18, led to binary compatibility issues, which have now been fixed in the new 2.2.19 release.