You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2002/06/18 09:38:29 UTC

[TEST] Apache 2.0.39 Release Candidate for Testing

The new Apache release is available for immediate testing.  Please reply-to
dev@httpd.apache.org with any observed variance between this version and
your previous experience with Apache 2.0.36 and 2.0.35 releases.

The packages, until General Availability release tomorrow early a.m. will 
be at;

   http://httpd.apache.org/dev/dist/

.tar.gz and .tar.Z files are for Unix builds, -win32-src.zip file is for 
the Windows
builders [with cr/lf line endings.]  Win32 .exe and .msi installer packages are
online for testing as well.

Excerpting tomorrow's announcement;

This version of Apache is principally a security and bug fix
release.  A summary of the bug fixes is given at the end of this document.
Of particular note is that 2.0.39 addresses and fixes the issues noted
in CAN-2002-0392 (mitre.org) [CERT VU#944335] regarding a vulnerability
in the handling of chunked transfer encoding.  We would like to thank
Mark Litchfield of ngssoftware.com for discovering and reporting the
vulnerability.

Expect a followup announcement early tommorow of the Apache 1.3.25
release candidate.