From: Jim Jagielski Date: Thu, 21 Mar 2002 16:59:13 +0000 (+0000) Subject: ready to tag 1.3.24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a10a7c24ab1a56a54d193940205d15aef7bc7694;p=thirdparty%2Fapache%2Fhttpd.git ready to tag 1.3.24 PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94099 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/Announcement b/Announcement index 2c4232c0733..f1aefe211f8 100644 --- a/Announcement +++ b/Announcement @@ -3,15 +3,19 @@ The Apache Software Foundation and The Apache Server Project are pleased to announce the release of version 1.3.24 of the Apache HTTP - server. This Announcement notes the significant changes in 1.3.24. + server. This Announcement notes the significant changes in 1.3.24. - This version of Apache is principally a bug fix release. A summary of - the bug fixes and major new features is given at the end of this - document. + This version of Apache is principally a security and bug fix release. + A summary of the bug fixes and major new features is given at the end + of this document. Of particular note is that 1.3.24 addresses and + fixes the issues noted in CAN-2002-0061 (mitre.org) regarding escaping + of command line args on Win32. We would like to thank Ory Segal + for discovering and reporting the + vulnerability. We consider Apache 1.3.24 to be the best version of Apache available and we strongly recommend that users of older versions, especially of - the 1.1.x and 1.2.x family, upgrade as soon as possible. No further + the 1.1.x and 1.2.x family, upgrade as soon as possible. No further releases will be made in the 1.2.x family. Apache 1.3.24 is available for download from @@ -31,7 +35,7 @@ http://www.apache.org/mirrors/ As of Apache 1.3.17, Win32 binary distributions are now based on the - Microsoft Installer (.MSI) technology. This change occurred in order to + Microsoft Installer (.MSI) technology. This change occurred in order to resolve the many problems WinME and Win2K users experienced with the older InstallShield-based installer.exe file. While development continues to make this new installation method more robust, questions @@ -61,15 +65,17 @@ variants. IMPORTANT NOTE FOR WIN32 USERS: Over the years, many users have come - to trust Apache as a secure and stable server. It must be realized + to trust Apache as a secure and stable server. It must be realized that the current Win32 code has not yet reached the levels of the Unix - version, but is of acceptable quality. Win32 stability or security + version, but is of acceptable quality. Win32 stability or security problems do not reflect on the Unix version. Apache 1.3.24 Major changes Security vulnerabilities + * Fix the security vulnerability noted in CAN-2002-0061 (mitre.org) + regarding the escaping of command line args on Win32. * Prevent invalid client hostnames from appearing in the log file. New features diff --git a/src/include/httpd.h b/src/include/httpd.h index ff22d09e855..27b0b71694a 100644 --- a/src/include/httpd.h +++ b/src/include/httpd.h @@ -436,7 +436,7 @@ extern "C" { #define SERVER_BASEVENDOR "Apache Group" #define SERVER_BASEPRODUCT "Apache" -#define SERVER_BASEREVISION "1.3.24-dev" +#define SERVER_BASEREVISION "1.3.24" #define SERVER_BASEVERSION SERVER_BASEPRODUCT "/" SERVER_BASEREVISION #define SERVER_PRODUCT SERVER_BASEPRODUCT