DevHeads.net

Apache HTTP Server 2.4.1 Released

Apache HTTP Server 2.4.1 Released

The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the GA release of version 2.4.1 of the Apache HTTP
Server. This version of Apache HTTP Server is the first GA release of
the new 2.4.x branch.

Apache HTTP Server 2.4 provides a number of improvements and
enhancements over the 2.2 version. A listing and description of these
features is available via:

<a href="http://httpd.apache.org/docs/2.4/new_features_2_4.html" title="http://httpd.apache.org/docs/2.4/new_features_2_4.html">http://httpd.apache.org/docs/2.4/new_features_2_4.html</a>

Please see the CHANGES_2.4 file, linked from the download page, for a
full list of changes.

We consider this release to be the best version of Apache HTTP Server
available, and encourage users of all prior versions to upgrade.
Apache HTTP Server 2.4.1 is available for download from:

<a href="http://httpd.apache.org/download.cgi" title="http://httpd.apache.org/download.cgi">http://httpd.apache.org/download.cgi</a>

This release requires the Apache Portable Runtime (APR) version 1.4.x
and APR-Util version 1.4.x. The APR libraries must be upgraded for all
features of httpd to operate correctly.

This release builds on and extends the Apache 2.2 API. Modules written
for Apache 2.2 will need to be recompiled in order to run with Apache
2.4, and may require minimal source code changes.

<a href="http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html" title="http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html">http://httpd.apache.org/docs/2.4/developer/new_api_2_4.html</a>

A summary of all of the security vulnerabilities addressed in this and
earlier releases is available:

<a href="http://httpd.apache.org/security/vulnerabilities_24.html" title="http://httpd.apache.org/security/vulnerabilities_24.html">http://httpd.apache.org/security/vulnerabilities_24.html</a>

Important:
Windows users: AcceptFilter None has replaced Win32DisableAcceptEx
and the feature appears to have interoperability issues with mod_ssl.
Apache 2.4.1 may not yet be suitable for all Windows servers. There
is not yet a Windows binary distribution of httpd 2.4, but this is
expected to be remedied soon as various dependencies graduate from
beta to GA.

Comments

Re: [ANNOUNCEMENT] Apache HTTP Server 2.4.1 Releas

By DW at 02/21/2012 - 22:16

Thanks for the info. Windows binaries are still not available so
wondered if these would be ready tomorrow. Also, do I need to make any
changes to my configuration file or can I use the same one as the one
currently on 2.2.22.

Thanks again.

Jim Jagielski wrote:

Re: Re: [ANNOUNCEMENT] Apache HTTP Server 2.4.1 Re

By William A. Rowe Jr. at 02/22/2012 - 01:35

On 2/21/2012 8:16 PM, DW wrote:
Nope. Although httpd-2.4 is 'baked', the dependent libraries expat 2.0.2,
zlib 1.2.7, openssl 1.0.1 aren't yet released. Once that's done I expect
to move some binaries up to the usual site. Others have binaries available
for download that are externally maintained, and you might want to have a
look at those if you are impatient to pick up 2.4.1.

Crossposting to ofbiz seemed awfully odd(?) Maybe you had meant to
crosspost to dev@httpd?

RE: Re: [ANNOUNCEMENT] Apache HTTP Server 2.4.1 Re

By Moshe Ben-Shoham at 04/08/2012 - 09:05

Hi,

I am also waiting for the Windows binaries for httpd-2.4.1. I saw that Expat 2.1.0 was released, zlib 1.2.7 was not yet released and OpenSSL 1.0.1 was released.

I was wondering if there is an ETA for the Windows binaries? Specifically (assuming we are OK with Expat 2.1.0), is there any idea if zlib 1.2.7 is coming soon?

Thanks,
Moshe.

Cc: DW

On 2/21/2012 8:16 PM, DW wrote:
Nope. Although httpd-2.4 is 'baked', the dependent libraries expat 2.0.2, zlib 1.2.7, openssl 1.0.1 aren't yet released. Once that's done I expect to move some binaries up to the usual site. Others have binaries available for download that are externally maintained, and you might want to have a look at those if you are impatient to pick up 2.4.1.

Crossposting to ofbiz seemed awfully odd(?) Maybe you had meant to crosspost to dev@httpd?

The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.

Re: Re: [ANNOUNCEMENT] Apache HTTP Server 2.4.1 Re

By Lester Caine at 04/08/2012 - 11:34

Moshe Ben-Shoham wrote:
Starter for ten
<a href="http://www.anindya.com/apache-http-server-2-4-1-x86-and-x64-windows-installers/" title="http://www.anindya.com/apache-http-server-2-4-1-x86-and-x64-windows-installers/">http://www.anindya.com/apache-http-server-2-4-1-x86-and-x64-windows-inst...</a>

Re: [ANNOUNCEMENT] Apache HTTP Server 2.4.1 Releas

By DW at 04/08/2012 - 16:24

Lester Caine wrote:
The link is not official download site so one should be wary of
downloading anything from such sites. It is better to compile the
source code yourself so that you know nothing else is embedded/bundled
in the binaries.

Re: Re: [ANNOUNCEMENT] Apache HTTP Server 2.4.1 Re

By Lester Caine at 04/08/2012 - 17:04

Good Guy wrote:
Anindya has been providing 64 bit builds of PHP for some time and added the
Apache builds that were compatible. Given the amount of work needed to set up a
build system and keep it up to date, we are grateful that HE donates the time to
do it! Since these are not provided by 'official' channels nowadays at all :(

My own build system is broken again so I've not been able to run my own builds
and I certainly don't have hours to waste trying to fix the problems myself.

By Ruiyuan Jiang at 02/22/2012 - 17:43

Hi, all

I have an apache2.2.22 reverse proxy server running. On the reverse proxy server, it has multiple virtual hosts. Some of them are https connections besides http connection. The backend servers behind the reverse proxy server have either https or http connection with the Apache reverse proxy server. Currently Apache does not authenticate external users. The authentication prompt comes from backend servers if authentication is required. There is one application which is the same from users point view when they access the site either they are in the office or home to login to the server through https authentication which is Microsoft Active Directory based.
Now there is a request for the application that for some users when they are in the office, they access the site as usual. When those users are at home, they are not allowed to access the internal site through Apache reverse proxy server. I am thinking adding mod_ldap support on the Apache reverse proxy server to authenticate those users. We can create a group, i.e. deny_access on the Microsoft Active Directory so when the users authenticate through Apache reverse proxy server and if users belong to that group then the access is denied. Is this possible? Thanks.

Ryan Jiang

This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.