apaczi 1.3.24

[Daniel 'bonkey' Bauke]

zdąży..cie? :)

Changes with Apache 1.3.24

  *) Fixed a segfault in mod_include when #if, #elif, #else, or #endif
     directives were improperly terminated.  [Cliff Woolley]
[...]
  *) Added the 'CGICommandArgs off' directive, to allow admins
     to disable the query argument passing mechanism in Apache,
     if future CGI argument vulnerabilities should be discovered.
     This defaults to 'on', meaning isindex-style query arguments
     are enabled.  [Aaron Bannert]
[...]
  *) When a proxied site was being served, Apache was replacing
     the original site Server header with it's own, which is not
     allowed by RFC2616. Fixed. [Graham Leggett]
[...]
  *) mod_rewrite: restored rnd behavior that was broken in 1.3.23.
     PR 10090, 10185  [Jeroen Boomgaardt <jeroen w swissclue.com>]
[...]
  *) apxs didn't get rebuilt when options were changed. This must have
     caused much puzzlement in the past. Fixed.
     [Ben Laurie]
[...]
  *) No idea why an HTTP/1.1 proxy would send an HTTP/1.0 request
     to a remote server by default. Fixed.
     [Graham Leggett, Gabriel Russell <g.russell w ieee.org>]
[...]
  *) [Security] Prevent invalid client hostnames from appearing in
     the log file. If a double-reverse lookup was performed (e.g.,
     for an "Allow from .my.domain" directive) but failed, then
     a spoofed dns-reverse-address could appear in the logs. Now
     the numeric address is logged instead. Note that
     reverse-address-spoofing did NOT actually allow access
     to any protected resource!  [Martin Kraemer]


-- 
Daniel `bonkey' Bauke; http://www.bonkey.pl.eu.org; {happiness==bike&&unix;}