You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@locus.apache.org on 2000/02/25 17:58:32 UTC
cvs commit: apache-site/dist .htaccess Announcement.html Announcement.txt HEADER.html README.html
jim 00/02/25 08:58:32
Modified: . httpd.html
dist .htaccess Announcement.html Announcement.txt
HEADER.html README.html
Log:
Ready to announce
Revision Changes Path
1.86 +3 -3 apache-site/httpd.html
Index: httpd.html
===================================================================
RCS file: /home/cvs/apache-site/httpd.html,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -r1.85 -r1.86
--- httpd.html 2000/02/02 18:04:11 1.85
+++ httpd.html 2000/02/25 16:58:28 1.86
@@ -71,13 +71,13 @@
<P><HR>
-<H2 ALIGN="CENTER">Apache 1.3.11 Now Available</H2>
+<H2 ALIGN="CENTER">Apache 1.3.12 Now Available</H2>
<P><BLOCKQUOTE>
The Apache Group is pleased to announce the release of the
- 1.3.11 version of the Apache HTTP server, including a Win32 build.
- Apache 1.3.11 is the best version of Apache currently available;
+ 1.3.12 version of the Apache HTTP server.
+ Apache 1.3.12 is the best version of Apache currently available;
everyone running 1.2.X servers or earlier should upgrade to 1.3, as there
will not be any further 1.2.X releases.
At present, the Win32 port of Apache is not
1.26 +3 -3 apache-site/dist/.htaccess
Index: .htaccess
===================================================================
RCS file: /home/cvs/apache-site/dist/.htaccess,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- .htaccess 2000/02/25 02:46:49 1.25
+++ .htaccess 2000/02/25 16:58:29 1.26
@@ -3,9 +3,9 @@
AddIcon /icons/text.gif .README CHANGES CHANGES_1.2 CHANGES_1.3
AddDescription "MD5 hash" *.md5
AddDescription "PGP signature" .asc
-AddDescription "1.3.9 compressed source" apache_1.3.9.tar.Z
-AddDescription "1.3.9 gzipped source" apache_1.3.9.tar.gz
-AddDescription "1.3.9 Win32 binary" apache_1_3_9_win32.exe
+AddDescription "1.3.12 compressed source" apache_1.3.12.tar.Z
+AddDescription "1.3.12 gzipped source" apache_1.3.12.tar.gz
+AddDescription "1.3.12 Win32 binary" apache_1_3_12_win32.exe
AddDescription "1.3.11 compressed source" apache_1.3.11.tar.Z
AddDescription "1.3.11 gzipped source" apache_1.3.11.tar.gz
AddDescription "1.3.11 Win32 binary" apache_1_3_11_win32.exe
1.19 +30 -35 apache-site/dist/Announcement.html
Index: Announcement.html
===================================================================
RCS file: /home/cvs/apache-site/dist/Announcement.html,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- Announcement.html 2000/01/22 21:18:03 1.18
+++ Announcement.html 2000/02/25 16:58:29 1.19
@@ -1,47 +1,42 @@
<HTML>
<HEAD>
- <TITLE>Apache 1.3.11 Released</TITLE>
+ <TITLE>Apache 1.3.12 Released</TITLE>
</HEAD>
<BODY>
-<h1>Apache 1.3.11 Released</h1>
+<h1>Apache 1.3.12 Released</h1>
<p>
The <a href="http://www.apache.org/">Apache Software Foundation</a>
and The Apache Server Project are
-pleased to announce the release of version 1.3.11 of the Apache HTTP server.
-Apache 1.3.10 was not released due to a last-minute bug found and
-fixed after the source was tagged and tested.
-<p>
-This new Apache version incorporates numerous significant improvements
-to the server. Apart from portability and security fixes, documentation
-enhancements, performance improvements, and assorted other minor
-features or fixes notable changes are:
-<ul>
- <li> Binary and shared builds on several platforms have been improved.
- <li> The time that a parent waits for its children to die
- after <code>SIGKILL</code> has been sent has been reduced.
- <li> Various <i>suexec</i> improvements.
- <li> More rigorous checking of <code>Host:</code> headers to fix security problems
- with mass name-based virtual hosting.
- <li> Addition of the <code>%q</code> logging format directive (logs "?" and the query
- string part of a query, or the empty string if no query).
- <li> Improvement of the <i>OS390</i> port.
- <li> Several <i>EBCDIC</i> fixes.
- <li> Better error reporting during the "compiler sanity" check.
- <li> Fixed the `quad integer' (aka `long long') handling in ap_snprintf.c
- <li> mod_rewrite's general substitution function was overhauled.
- <li> Several WIN32 bugs have been fixed, including:
+pleased to announce the release of version 1.3.12 of the Apache HTTP server.
+<p>
+The primary changes in this version of Apache are those related to
+the ``cross site scripting'' security alerts described at
<ul>
- <li> CGIs broken if script calls other programs which deliver on stdout
- (Search this file for "DETACHED")
- <li> 16 bit CGIs should work now
- <li> Server will not start if passed the -d option with spaces in the
- argument.
-</ul>
+ <li><a href="http://www.cert.org/advisories/CA-2000-02.html">http://www.cert.org/advisories/CA-2000-02.html</a>
+ <li><a href="http://www.apache.org/info/css-security/index.html">http://www.apache.org/info/css-security/index.html</a>
</ul>
-
-<P>
-Apache 1.3.11 is available for download from
+Specifically, charset handling has been improved and reinforced
+(including a new directive: <code>
+<a href="http://www.apache.org/docs/mod/core.html#adddefaultcharset">AddDefaultCharset</a></code>)
+and server generated pages properly escape ``userland'' input.
+<p>
+A complete listing with detailed descriptions is provided in the
+<a href="http://www.apache.org/dist/CHANGES">CHANGES</a> file.
+<p>
+<i>NOTE: This official release incorporates a slightly different version
+of the original patch for the 'css' issue. In particular, the
+AddDefaultCharsetName directive was removed and this function
+is now completely handled by the AddDefaultCharset directive. If
+you were using this patch, you will need to adjust your configuration
+file to reflect this change.</i>
+<p>
+We consider Apache 1.3.12 to be the best version of Apache available and
+we strongly recommend that users of older versions, especially of the
+1.1.x and 1.2.x family, upgrade as soon as possible. No further releases
+will be made in the 1.2.x family.
+<p>
+Apache 1.3.12 is available for download from
<UL>
<A HREF="http://www.apache.org/dist/">http://www.apache.org/dist/</A>
@@ -58,7 +53,7 @@
</UL>
<P>
-As of Apache 1.3.11 binary distributions contain all standard Apache
+As of Apache 1.3.12 binary distributions contain all standard Apache
modules as shared objects (if supported by the platform) and include
full source code. Installation is easily done by executing the
included install script. See the README.bindist and INSTALL.bindist
1.12 +21 -41 apache-site/dist/Announcement.txt
Index: Announcement.txt
===================================================================
RCS file: /home/cvs/apache-site/dist/Announcement.txt,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- Announcement.txt 2000/01/22 21:09:32 1.11
+++ Announcement.txt 2000/02/25 16:58:29 1.12
@@ -1,57 +1,37 @@
-Apache 1.3.11 Released
+Apache 1.3.12 Released
======================
The Apache Software Foundation and The Apache Server Project are
-pleased to announce the release of version 1.3.11 of the Apache HTTP server.
-Apache 1.3.10 was not released due to a last-minute bug found and
-fixed after the source was tagged and tested.
+pleased to announce the release of version 1.3.12 of the Apache HTTP server.
-This new Apache version incorporates numerous significant improvements
-to the server. Apart from portability and security fixes, documentation
-enhancements, performance improvements, and assorted other minor
-features or fixes notable changes are:
+The primary changes in this version of Apache are those related to
+the ``cross site scripting'' security alerts described at
- - Binary and shared builds on several platforms have been
- improved.
+ http://www.cert.org/advisories/CA-2000-02.html
+ - and -
+ http://www.apache.org/info/css-security/index.html
+
+Specifically, charset handling has been improved and reinforced
+(including a new directive: AddDefaultCharset) and server generated
+pages properly escape ``userland'' input.
- - The time that a parent waits for its children to die
- after SIGKILL has been sent has been reduced.
-
- - Various suexec improvements.
-
- - More rigorous checking of Host: headers to fix security problems
- with mass name-based virtual hosting.
-
- - Addition of the %q logging format directive (logs "?" and the query
- string part of a query, or the empty string if no query).
-
- - Improvement of the OS390 port.
-
- - Several EBCDIC fixes.
-
- - Better error reporting during the "compiler sanity" check.
-
- - Fixed the `quad integer' (aka `long long') handling in ap_snprintf.c
-
- - mod_rewrite's general substitution function was overhauled.
-
- - Several WIN32 bugs have been fixed, including:
- - CGIs broken if script calls other programs which deliver on stdout
- (Search this file for "DETACHED")
- - 16 bit CGIs should work now
- - Server will not start if passed the -d option with spaces in the
- argument.
-
A complete listing with detailed descriptions is provided in the
src/CHANGES file.
+
+NOTE: This official release incorporates a slightly different version
+of the original patch for the 'css' issue. In particular, the
+AddDefaultCharsetName directive was removed and this function
+is now completely handled by the AddDefaultCharset directive. If
+you were using this patch, you will need to adjust your configuration
+file to reflect this change.
-We consider Apache 1.3.11 to be the best version of Apache available and
+We consider Apache 1.3.12 to be the best version of Apache available and
we strongly recommend that users of older versions, especially of the
1.1.x and 1.2.x family, upgrade as soon as possible. No further releases
will be made in the 1.2.x family.
-Apache 1.3.11 is available for download from
+Apache 1.3.12 is available for download from
http://www.apache.org/dist/
@@ -62,7 +42,7 @@
http://www.apache.org/dist/binaries/
-As of Apache 1.3.11 binary distributions contain all standard Apache
+As of Apache 1.3.12 binary distributions contain all standard Apache
modules as shared objects (if supported by the platform) and include
full source code. Installation is easily done by executing the
included install script. See the README.bindist and INSTALL.bindist
1.10 +1 -1 apache-site/dist/HEADER.html
Index: HEADER.html
===================================================================
RCS file: /home/cvs/apache-site/dist/HEADER.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- HEADER.html 2000/01/22 21:16:40 1.9
+++ HEADER.html 2000/02/25 16:58:30 1.10
@@ -5,4 +5,4 @@
closer mirror to you.<BR>
<A HREF="http://www.apache.org/dyn/closer.cgi">Go here to find it.</A>
</p>
-<H2><A HREF="Announcement.html">Apache 1.3.11</A> is now available.</H2>
+<H2><A HREF="Announcement.html">Apache 1.3.12</A> is now available.</H2>
1.24 +4 -4 apache-site/dist/README.html
Index: README.html
===================================================================
RCS file: /home/cvs/apache-site/dist/README.html,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- README.html 2000/01/22 21:09:32 1.23
+++ README.html 2000/02/25 16:58:30 1.24
@@ -1,6 +1,6 @@
-<H2>Apache 1.3.11 Released</H2>
+<H2>Apache 1.3.12 Released</H2>
-<P>Apache 1.3.11 is a maintenance release with numerous bug fixes.
+<P>Apache 1.3.12 is a maintenance release with numerous bug fixes.
For details, see the <A HREF="CHANGES_1.3">v1.3 CHANGES</A> file.
<P>For information about new features in 1.3, see the
@@ -13,7 +13,7 @@
<H2>Binary Releases</H2>
<P>Are available in the <A HREF="binaries/">binaries/</A> directory.
-<BR>As of Apache 1.3.11 every binary distribution contains an
+<BR>As of Apache 1.3.12 every binary distribution contains an
install script. See README for details.
<H2>PGP Signatures</H2>
@@ -28,7 +28,7 @@
distribution.</P>
<PRE><i>e.g.</i>,
% pgpk -a KEYS
-% pgpv apache_1.3.11.tar.gz.asc
+% pgpv apache_1.3.12.tar.gz.asc
</PRE>
<H2>Contributory Patches/Modules/Code</H2>