Release Notes: This version of Apache is principally a bugfix release.
Release Notes: This release fixes a potential buffer overflow with escaped characters in the SSI tag string. Responses from a remote server are rejected if sent an invalid (negative) Content-Length. Additionally, this release fixes query string handling for proxied URLs, a 0 bytes write into random memory position, nonce string calculation since 1.3.31 (which would force re-authentication for every connection if AuthDigestRealmSeed was not configured), and a trivial bug in mod_log_forensic that caused the child to segfault with certain invalid requests.
Release Notes: This release fixes merging of the Satisfy directive, which was applied to the surrounding context and could allow access despite configured authentication.
Release Notes: General bug fixes were made, and fixes were made for security issues (cve.mitre.org: CAN-2003-0789, CAN-2003-0542).
Release Notes: Fixes were made for security issues (cve.mitre.org: CAN-2003-0192, CAN-2003-0253, CAN-2003-0254 and VU#379828). Other bugs were fixed. Feature enhancements were added.
Release Notes: A bug has been fixed that could be triggered remotely through mod_dav and possibly other mechanisms, causing an Apache child process to crash. A denial-of-service vulnerability affecting basic authentication on Unix platforms related to thread-safety in apr_password_validate() has been fixed.
Release Notes: Fixes for security issues regarding the Windows platform (cve.mitre.org: CAN-2003-0016, CAN-2003-0017), bugfixes, and feature enhancements.
Release Notes: Fixes for a security vulnerability noted in CAN-2002-0840 regarding a cross-site scripting vulnerability in the default error page when using wildcard DNS and prevented POST requests for CGI scripts from serving the source code when DAV is enabled on the location.
Release Notes: Fixes for the security vulnerability noted in CAN-2002-0839 regarding ownership permissions of System V shared memory-based scoreboards, the security vulnerability noted in CAN-2002-0840 regarding a cross-site scripting vulnerability in the default error page when using wildcard DNS, and the security vulnerability noted in CAN-2002-0843 regarding some possible overflows in ab.c which could be exploited by a malicious server.