apaczi 1.3.24

[Krzysiek Taraszka]

On Sat, 30 Mar 2002, Daniel 'bonkey' Bauke wrote:

> zdąży..cie? :)
> 
> Changes with Apache 1.3.24
> 
>   *) Fixed a segfault in mod_include when #if, #elif, #else, or #endif
>      directives were improperly terminated.  [Cliff Woolley]
> [...]
>   *) Added the 'CGICommandArgs off' directive, to allow admins
>      to disable the query argument passing mechanism in Apache,
>      if future CGI argument vulnerabilities should be discovered.
>      This defaults to 'on', meaning isindex-style query arguments
>      are enabled.  [Aaron Bannert]
> [...]
>   *) When a proxied site was being served, Apache was replacing
>      the original site Server header with it's own, which is not
>      allowed by RFC2616. Fixed. [Graham Leggett]
> [...]
>   *) mod_rewrite: restored rnd behavior that was broken in 1.3.23.
>      PR 10090, 10185  [Jeroen Boomgaardt <jeroen w swissclue.com>]
> [...]
>   *) apxs didn't get rebuilt when options were changed. This must have
>      caused much puzzlement in the past. Fixed.
>      [Ben Laurie]
> [...]
>   *) No idea why an HTTP/1.1 proxy would send an HTTP/1.0 request
>      to a remote server by default. Fixed.
>      [Graham Leggett, Gabriel Russell <g.russell w ieee.org>]
> [...]
>   *) [Security] Prevent invalid client hostnames from appearing in
>      the log file. If a double-reverse lookup was performed (e.g.,
>      for an "Allow from .my.domain" directive) but failed, then
>      a spoofed dns-reverse-address could appear in the logs. Now
>      the numeric address is logged instead. Note that
>      reverse-address-spoofing did NOT actually allow access
>      to any protected resource!  [Martin Kraemer]
> 
Tak, też to widziałem.
Czy zdążymy ? Wątpię.
Napewno jeśli pakiet będzie zrobiony trafi do Ra/test. A potem po tygodniu 
(?) do Ra/updates (jeśli nie będzie przeciwskazań).

Krzysiek "dzimi" Taraszka			(dzimi w pld.org.pl)