Apache 1.3.35 Released

**alex2k** · 05-05-2006, 08:45 AM

Apache 1.3.35 Major changes

Security vulnerabilities

The main security vulnerabilities addressed in 1.3.35 are:

CVE-2005-3352 (cve.mitre.org)
mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT

New features

New features that relate to all platforms:

core: Allow usage of the "Include" configuration directive within previously "Include"d files.

New features that relate to specific platforms:

None

Bugs fixed

The following bugs were found in Apache 1.3.34 (or earlier) and have been fixed in Apache 1.3.35:

HTML-escape the Expect error message.
mod_cgi: Remove block on OPTIONS method so that scripts can respond to OPTIONS directly rather than via server default

So, when it's available in cPanel?

**tweakservers** · 05-05-2006, 11:09 PM

Vote your request at Cpanel bugzilla :

http://bugzilla.cpanel.net/show_bug.cgi?id=4121

**fleksi** · 05-07-2006, 09:48 AM

Yes, latest Buildapache.sea has been updated on Thu May 4 18:02:45 2006, but still version 1.3.34.
When apache 1.3.35 will be available in cPanel?

-FL-

Forums

Thread: Apache 1.3.35 Released

LinkBack

Thread Tools

Apache 1.3.35 Released

Similar Threads

Apache 2.2.14 Released

Apache 2.2.10 Released

apache 1.3.39 released

Apache 1.3.26 Released

cPanel & WHM

Enkompass

Help

Community

Company

Connect with Us