Since the Apache HTTP Server is used on most of the web server all around the world, they have to be up to date to prevent security issues. If they get any issues they have to react as fast as they can to fix the flaws.
Last week, The Apache Software Foundation released Apache HTTP Server 2.2.19, fixing the security issues of the previous version. This fix was triggered by a critical flaw in the version 2.2.18.
It is a fix in the Apache Portable runtime for the previous (2.2.18) release, which is bundled with HTTP Server triggered a possible DoS ( Denial Of Service) issue.
“Httpd workers enter a hung state (100% cpu utilization) after updating to APR 1.4.4,”
“Upgrading to APR 1.4.5 bundled with the httpd 2.2.19 package, or using APR 1.4.3 or prior with the ‘IgnoreClient’ option of the ‘IndexOptions’ directive will circumvent both issues.”
The 2.2.19 release provides a fix for a regression, introduced in the 2.2.18 version, for the ap_unescape_url_keep2f() function signature. That change in 2.2.18 led to binary compabilitiy issues, which has been fixed in the new release.
While apache is patching their current production version of HTTP Server, they are paralelly working on their new next-generation web server as well. Last week the beta version of the Apache HTTP Server 2.3.12 was released, providing users with a glimpse into the future of Apache web servers.
“Apache 2.3 offers numerous enhancements, improvements, and performance boosts over the 2.2 codebase,” Apache noted in its release announcement. “This version of Apache is our second beta release to test new technology and features that are incompatible or too large for the stable 2.2.x branch.” Apache said.
The version will offer a shitload of features, inculding the ability to specify KeepAliveTimeout in milliseconds. Log levels can now be on directories,module basis and asynchgronous read/write support has been improved.
The version will be implemented with new modules as will, like mod_ratelimit, which enables server admin to specify a maximum of the connection speed for the client.