You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rs...@hyperreal.org on 1998/09/23 12:17:52 UTC
cvs commit: apache-site/dist Announcement.html Announcement.txt HEADER.html README.html
rse 98/09/23 03:17:52
Modified: dist Announcement.html Announcement.txt HEADER.html
README.html
Log:
Update dist/ area for Apache 1.3.2
Revision Changes Path
1.9 +21 -51 apache-site/dist/Announcement.html
Index: Announcement.html
===================================================================
RCS file: /export/home/cvs/apache-site/dist/Announcement.html,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- Announcement.html 1998/07/22 20:10:07 1.8
+++ Announcement.html 1998/09/23 10:17:50 1.9
@@ -1,40 +1,33 @@
<HTML>
<HEAD>
-<TITLE>Apache 1.3.1 Released</TITLE>
+<TITLE>Apache 1.3.2 Released</TITLE>
</HEAD>
<BODY>
-<H1>Apache 1.3.1 Released</H1>
+<H1>Apache 1.3.2 Released</H1>
<P>
-The Apache Group is pleased to announce the release of version 1.3.1
-of the Apache HTTP server.
+The Apache Group is pleased to announce the release of version
+1.3.2 of the Apache HTTP server.
<P>
-The changes in this release consist of UNIX portability fixes, Win32
-security issues, and assorted other minor features or fixes.
+The changes in this release consist of Unix portability fixes,
+DoS issues, Proxy and DSO enhancements, and assorted other minor
+features or fixes. Users should review the CHANGES file and
+decide on their upgrade plans; We consider Apache 1.3.2 to be the
+most stable version of Apache available.
<P>
-<B>WE URGE ALL USERS RUNNING ANY PREVIOUS VERSION OF APACHE ON WIN32
-TO UPGRADE IMMEDIATELY.</B>
+Apache 1.3.2 is available for download from
-<P>
-Users on other platforms should review the CHANGES file and decide
-on their upgrade plans; the security issues apply only to Apache
-on Win32. We consider Apache 1.3.1 to be the most stable version
-of Apache available.
-
-<P>
-Apache 1.3.1 is available for download from
-
<UL>
<A HREF="http://www.apache.org/dist/">http://www.apache.org/dist/</A>
</UL>
<P>
-Please see the CHANGES file in the same directory for a full list of
-changes. The distribution is also available via any of the mirrors
-listed at
+Please see the CHANGES_1.3 file in the same directory for a full
+list of changes. The distribution is also available via any of
+the mirrors listed at
<UL>
<A HREF="http://www.apache.org/mirrors/">http://www.apache.org/mirrors/</A>
@@ -49,17 +42,17 @@
<P>
In general, Apache 1.3 offers several substantial improvements
-over version 1.2, including better performance, reliability
-and a wider-range of supported platforms, including Windows 95 and
-NT (which both fall under the "Win32" label).
+over version 1.2, including better performance, reliability and a
+wider-range of supported platforms, including Windows 95 and NT
+(which both fall under the "Win32" label).
<P>
Apache is the most popular web-server in the known universe; over
-half of the servers on the Internet are running Apache or one of its
-variants.
+half of the servers on the Internet are running Apache or one of
+its variants.
<P>
-<B>IMPORTANT NOTE FOR WIN32 USERS:</B> Over the years, many users have
+IMPORTANT NOTE FOR WIN32 USERS: Over the years, many users have
come to trust Apache as a secure and stable server. It must
be realized that the current Win32 code has not yet reached these
levels and should still be considered to be of beta quality. Any
@@ -68,29 +61,6 @@
and resources by individuals and companies, we hope that the Win32
version of Apache will grow stronger through the 1.3.x release
cycle.
-
-<P>Versions of Apache on Win32 prior to version 1.3.1 are vulnerable
-to a number of security holes common to several Win32 servers.
-The problems that impact Apache include:
-<UL>
- <LI> trailing "."s are ignored by the file system. This allowed
- certain types of access restrictions to be bypassed.
- <LI>directory names of three or more dots (eg. "...") are
- considered to be valid similar to "..". This allowed people
- to gain access to files outside of the configured document
- trees.
-</UL>
-
-<P>
-There have been at least four other similar instances of the same
-basic problem: on Win32, there is more than one name for a file.
-Some of these names are poorly documented or undocumented, and even
-Microsoft's own IIS has been vulnerable to many of these problems.
-This behavior of the Win32 file system and API makes it very difficult
-to insure future security; problems of this type have been known
-about for years, however each specific instance has been discovered
-individually. It is unknown if there are other, yet unpublicized,
-filename variants. As a result, we recommend that you use extreme
-caution when dealing with access restrictions on all Win32 web
-servers.
+</BODY>
+</HTML>
1.5 +20 -47 apache-site/dist/Announcement.txt
Index: Announcement.txt
===================================================================
RCS file: /export/home/cvs/apache-site/dist/Announcement.txt,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- Announcement.txt 1998/07/22 20:10:07 1.4
+++ Announcement.txt 1998/09/23 10:17:51 1.5
@@ -1,42 +1,37 @@
-Apache 1.3.1 Released
+Apache 1.3.2 Released
=====================
-The Apache Group is pleased to announce the release of version 1.3.1
-of the Apache HTTP server.
+The Apache Group is pleased to announce the release of version
+1.3.2 of the Apache HTTP server.
-The changes in this release consist of UNIX portability fixes, Win32
-security issues, and assorted other minor features or fixes.
+The changes in this release consist of Unix portability fixes,
+DoS issues, Proxy and DSO enhancements, and assorted other minor
+features or fixes. Users should review the CHANGES file and
+decide on their upgrade plans; We consider Apache 1.3.2 to be the
+most stable version of Apache available.
-WE URGE ALL USERS RUNNING ANY PREVIOUS VERSION OF APACHE ON WIN32
-TO UPGRADE IMMEDIATELY.
+Apache 1.3.2 is available for download from
-Users on other platforms should review the CHANGES file and decide
-on their upgrade plans; the security issues apply only to Apache
-on Win32. We consider Apache 1.3.1 to be the most stable version
-of Apache available.
+ http://www.apache.org/dist/
-Apache 1.3.1 is available for download from
+Please see the CHANGES_1.3 file in the same directory for a full
+list of changes. The distribution is also available via any of
+the mirrors listed at
- http://www.apache.org/dist/
+ http://www.apache.org/mirrors/
-Please see the CHANGES file in the same directory for a full list of
-changes. The distribution is also available via any of the mirrors
-listed at
-
- http://www.apache.org/mirrors/
-
For an overview of new features in 1.3 please see
- http://www.apache.org/docs/new_features_1_3.html
+ http://www.apache.org/docs/new_features_1_3.html
In general, Apache 1.3 offers several substantial improvements
-over version 1.2, including better performance, reliability
-and a wider-range of supported platforms, including Windows 95 and
-NT (which both fall under the "Win32" label).
+over version 1.2, including better performance, reliability and a
+wider-range of supported platforms, including Windows 95 and NT
+(which both fall under the "Win32" label).
Apache is the most popular web-server in the known universe; over
-half of the servers on the Internet are running Apache or one of its
-variants.
+half of the servers on the Internet are running Apache or one of
+its variants.
IMPORTANT NOTE FOR WIN32 USERS: Over the years, many users have
come to trust Apache as a secure and stable server. It must
@@ -48,25 +43,3 @@
version of Apache will grow stronger through the 1.3.x release
cycle.
-Versions of Apache on Win32 prior to version 1.3.1 are vulnerable
-to a number of security holes common to several Win32 servers.
-The problems that impact Apache include:
-
- - trailing "."s are ignored by the file system. This allowed
- certain types of access restrictions to be bypassed.
- - directory names of three or more dots (eg. "...") are
- considered to be valid similar to "..". This allowed people
- to gain access to files outside of the configured document
- trees.
-
-There have been at least four other similar instances of the same
-basic problem: on Win32, there is more than one name for a file.
-Some of these names are poorly documented or undocumented, and even
-Microsoft's own IIS has been vulnerable to many of these problems.
-This behavior of the Win32 file system and API makes it very difficult
-to insure future security; problems of this type have been known
-about for years, however each specific instance has been discovered
-individually. It is unknown if there are other, yet unpublicized,
-filename variants. As a result, we recommend that you use extreme
-caution when dealing with access restrictions on all Win32 web
-servers.
1.4 +1 -1 apache-site/dist/HEADER.html
Index: HEADER.html
===================================================================
RCS file: /export/home/cvs/apache-site/dist/HEADER.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- HEADER.html 1998/07/22 20:14:45 1.3
+++ HEADER.html 1998/09/23 10:17:51 1.4
@@ -5,5 +5,5 @@
closer mirror to you.<BR>
<A HREF="http://www.apache.org/dyn/closer.cgi">Go here to find it.</A>
<H2>
- Apache 1.3.1 for Win32 is now available.
+ Apache 1.3.2 for Unix and Win32 is now available.
</H2>
1.17 +4 -4 apache-site/dist/README.html
Index: README.html
===================================================================
RCS file: /export/home/cvs/apache-site/dist/README.html,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- README.html 1998/07/22 20:14:45 1.16
+++ README.html 1998/09/23 10:17:51 1.17
@@ -1,7 +1,7 @@
-<H2>Apache 1.3.1 Released</H2>
+<H2>Apache 1.3.2 Released</H2>
-<P>Apache 1.3.1 is a maintenance release with numerous protocol bug
-fixes. For details, see the <A HREF="CHANGES_1.3">v1.3 CHANGES</A>
+<P>Apache 1.3.2 is a maintenance release with numerous bug
+fixes. For details, see the <A HREF="CHANGES_1.3">v1.3 CHANGES</A>
file.
<P>For information about new features in 1.3, see the
@@ -31,7 +31,7 @@
distribution.</P>
<PRE>e.g.
% pgpk -a KEYS
-% pgpv apache_1.3.1.tar.gz.asc
+% pgpv apache_1.3.2.tar.gz.asc
</PRE>
<H2>Contributory Patches/Modules/Code</H2>