All releases of Apache
Release Notes: This release was updated to reflect the OpenSSL project's release 0.9.8m of the openssl library, and addresses the TLS renegotiation prefix injection attack. This release further addresses security issues within mod_proxy_ajp, mod_isapi, and mod_headers respectively.
Release Notes: This release is intended as the final release of version 1.3 of the Apache HTTP Server, which has reached end-of-life status. It fixes a security issue in mod_proxy in order to prevent chunk-size integer overflows on platforms where sizeof(int) < sizeof(long).
Release Notes: This version of Apache is principally an alpha release to test new technology and features that are incompatible or too large for the stable 2.2.x branch.
Release Notes: This version of Apache is principally a security and bugfix release. Notably, it bundles the APR Library version 1.3.8 and APR Utility Library version 1.3.9, which address a security concern that may be triggered by some third party modules.
Release Notes: When the ap_http_header_filter processes an error bucket, The passed brigade is cleaned up before returning AP_FILTER_ERROR down the filter chain. Error responses set by filters were being coerced into 500 errors, sometimes appended to the original error response. A configuration option to insert strings in HTML HEAD has beena dded. A new LogFormat parameter, %k, logs the number of keepalive requests on this connection for this request.
Release Notes: mod_proxy_ftp now prevents XSS attacks when using wildcards in the path of the FTP URL.
Release Notes: mod_proxy_http has been changed to better handle excessive interim responses from the origin server to prevent potential denial of service and high memory usage. mod_proxy_balancer has been changed to prevent CSRF attacks against the balancer-manager interface.
Release Notes: A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack was possible. A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack was possible.
Release Notes: A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack was possible. A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack was possible.
Release Notes: A flaw was found in the mod_proxy_balancer module that permitted a cross-site scripting attack against an authorized user. A flaw was found in the mod_proxy_balancer module that allowed an authorized user to send a carefully crafted request that would cause the Apache child process handling that request to crash. A flaw was found in the mod_status module that allowed a cross-site scripting attack. A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publically available, a cross-site scripting attack was possible.
