The eighth release of the Apache 2.0 HTTP Server has been announced by the Apache Software Foundation.
According to the Foundation, version 2.0.45 is principally a security and bug fix release.
The Web page announcing the release of the Apache HTTP server notes that prior Apache 2.0 versions through 2.0.44 had a significant denial of service vulnerability affecting all platforms. However, the specific details of this DoS issue have been embargoed until an announcement on April 7. In the meantime all Apache 2.0 users are encouraged to upgrade now to the latest release.
A new feature of this release, according to a statement on the Apache site, is that it has eliminated leaks of several file descriptors to child processes, such as CGI scripts, which could constitute a security threat on servers that run untrusted CGI scripts. A full list of the bugs fixed and features added since Apache 2.0.44 is on the Apache Web site
The Foundations says Apache 2.0.42 and later releases mark a change in the Apache release process. "With the release of Apache 2.0.42, we will make every effort to retain forward compatibility so that upgrading along the 2.0 series should be much easier. This compatibility extends from Apache release 2.0.42, so users of that version or later should be able to upgrade without changing configurations or updating DSO modules." Users of earlier releases will need to recompile all modules in order to upgrade to 2.0.42 or later versions, the Foundation says.
Apache 2.0.45 source code is available for download from http://www.apache.org/dist/httpd/