Jess Holle wrote: > William A. Rowe, Jr. wrote: >> morgan gangwere wrote: >> >>> i will agree that the win32 version of apache is *godly* stable - im >>> running somwthing like 2.2.3 win32 - a nice stable version. >>> >> Note that 2.2.4 fixed a *number* of bugs (and introduced one into Win2000, >> the flaw of resolving all clients as 0.0.0.0 - disable win32 acceptex to >> work around that one). 2.2.5 will be substantially improved over 2.2.4, >> as well. >> > That's nice to hear. > > When will 2.2.5 see the light of day, though? Given interesting news that hit the light of day, early next week, most likely. Depends on how long it takes someone to hack the pid table for the parent processes out of the scoreboard and into the parent process's local hash. I have a laundry list of other issues in front of me, and my clients aren't silly enough to run untrusted code - so I'm not likely to be 'that author'. apr rolled in a day or two at most, httpd this weekend as apr and that fix are authored, so that puts us out to a release early-mid next week. At least that's what I'm hoping happens. This 'vulnerability' on bugtraq only affects machines which run untrusted php/modperl scripts or modules, etc, and I'm pretty certain php has more restrictive mode for sanity that is immune to this vector. Bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|