All releases tagged Stable (2.0.x)
Release Notes: A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack was possible. A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack was possible.
Release Notes: This version of Apache is principally a bug and security fix release. mod_proxy now prevents reading past the end of a buffer when parsing date-related headers. mod_cache now prevents a segmentation fault if attributes are listed in a Cache-Control header without any value. The prefork and worker MPMs now ensure that the parent process cannot be forced to kill processes outside its process group. A possible XSS attack against a site with a public server-status page and ExtendedStatus enabled was fixed.
No changes have been submitted for this release.
Release Notes: This version of Apache is principally a bugfix release.
No changes have been submitted for this release.
Release Notes: This release fixes merging of the Satisfy directive, which was applied to the surrounding context and could allow access despite configured authentication.
Release Notes: General bug fixes were made, and fixes were made for security issues (cve.mitre.org: CAN-2003-0789, CAN-2003-0542).
Release Notes: Fixes were made for security issues (cve.mitre.org: CAN-2003-0192, CAN-2003-0253, CAN-2003-0254 and VU#379828). Other bugs were fixed. Feature enhancements were added.
Release Notes: A bug has been fixed that could be triggered remotely through mod_dav and possibly other mechanisms, causing an Apache child process to crash. A denial-of-service vulnerability affecting basic authentication on Unix platforms related to thread-safety in apr_password_validate() has been fixed.
Release Notes: Fixes for security issues regarding the Windows platform (cve.mitre.org: CAN-2003-0016, CAN-2003-0017), bugfixes, and feature enhancements.
