Release Notes: A security issue (CAN-2005-2700) has been fixed where "SSLVerifyClient require" was not enforced in per-location context if "SSLVerifyClient optional" was configured in the global virtual host configuration.
Release Notes: Fixed a security bug caused by a format string vulnerability.
Release Notes: An off-by-one buffer overflow bug in the compatibility functionality (mapping of old directives to new ones) was fixed. A memory leak in processing of CA certificates was fixed. In case there is actually a certificate chain in the session cache, the value of SSL_get_peer_certificate(ssl) is now used to verify, as it will have been removed from the chain before it was put in the cache. The PRNG is now seeded with a maximum of 1K from the internal scoreboard.
Release Notes: Support for the latest OpenSSL 0.9.7 snapshots, a fix for a potential buffer overflow in DBM and SHMHT session cache if very large certificate chains are used, compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete "head -1" and "tail -1" constructs with sed variants in scripts, and a fix for file descriptor leakage under Win32.