mod_fcgid 2.3.9 Released

 The Apache Software Foundation and the Apache HTTP Server Project are
 pleased to announce the release of version 2.3.9 of mod_fcgid, a
 FastCGI implementation for Apache HTTP Server versions 2.0, 2.2, and
 2.4.  This version of mod_fcgid is a security release, resolving a
 defect that could result in a denial of service with some applications.
 Other fixes and improvements are also included in this release.

 mod_fcgid is available for download from:

   http://httpd.apache.org/download.cgi#mod_fcgid

 A full list of changes in this release follows:

 *) SECURITY: CVE-2013-4365 (cve.mitre.org)
    Fix possible heap buffer overwrite.  Reported and solved by:
    [Robert Matthews <rob tigertech.com>]

 *) Add experimental cmake-based build system for Windows.  [Jeff Trawick]

 *) Correctly parse quotation and escaped spaces in FcgidWrapper and the
    AAA Authenticator/Authorizor/Access directives' command line argument,
    as currently documented.  PR 51194  [William Rowe]

 *) Honor quoted FcgidCmdOptions arguments (notably for InitialEnv
    assignments).  PR 51657  [William Rowe]

 *) Conform script response parsing with mod_cgid and ensure no response
    body is sent when ap_meets_conditions() determines that request
    conditions are met.  [Chris Darroch]

 *) Improve logging in access control hook functions.  [Chris Darroch]

 *) Avoid making internal sub-requests and processing Location headers
    when in FCGI_AUTHORIZER mode, as the auth hook functions already
    treat Location headers returned by scripts as an error since
    redirections are not meaningful in this mode.  [Chris Darroch]

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.