Apache HTTP Server 1.3.34 - 2005-10-18 19:59:00

Apache HTTP Server 1.3.34 Released

The Apache Software Foundation and The Apache HTTP Server Project are
pleased to announce the release of version 1.3.34 of the Apache HTTP
Server ("Apache"). This Announcement notes the significant changes
in 1.3.34 as compared to 1.3.33. This Announcement1.3 document may
also be available in multiple languages at:

http://www.apache.org/dist/httpd/

This version of Apache is principally a bug and security fix release.
A partial summary of the bug fixes is given at the end of this document.
A full listing of changes can be found in the CHANGES file. Of
particular note is that 1.3.34 addresses and fixes 2 potential
security issues:

o If a request contains both Transfer-Encoding and
Content-Length headers, remove the Content-Length, mitigating some
HTTP Request Splitting/Spoofing attacks.

o Added TraceEnable [on|off|extended] per-server directive to alter
the behavior of the TRACE method.

We consider Apache 1.3.34 to be the best version of Apache 1.3 available
and we strongly recommend that users of older versions, especially of
the 1.1.x and 1.2.x family, upgrade as soon as possible. No further
releases will be made in the 1.2.x family.

Apache 1.3.34 is available for download from:

http://httpd.apache.org/download.cgi

This service utilizes the network of mirrors listed at:

http://www.apache.org/mirrors/

Please consult the CHANGES_1.3 file for a full list of changes.

As of Apache 1.3.12 binary distributions contain all standard Apache
modules as shared objects (if supported by the platform) and include
full source code. Installation is easily done by executing the
included install script. See the README.bindist and INSTALL.bindist
files for a complete explanation. Please note that the binary
distributions are only provided for your convenience and current
distributions for specific platforms are not always available. Win32
binary distributions are based on the Microsoft Installer (.MSI)
technology. While development continues to make this installation method
more robust, questions should be directed to the
news:comp.infosystems.www.servers.ms-windows newsgroup.

For an overview of new features introduced after 1.2 please see

http://httpd.apache.org/docs/new_features_1_3.html

In general, Apache 1.3 offers several substantial improvements over
version 1.2, including better performance, reliability and a wider
range of supported platforms, including Windows NT and 2000 (which
fall under the "Win32" label), OS2, Netware, and TPF threaded
platforms.

Apache is the most popular web server in the known universe; over half
of the servers on the Internet are running Apache or one of its
variants.

IMPORTANT NOTE FOR APACHE USERS: Apache 1.3 was designed for Unix OS
variants. While the ports to non-Unix platforms (such as Win32, Netware
or OS2) are of an acceptable quality, Apache 1.3 is not optimized for
these platforms. Security, stability, or performance issues on these
non-Unix ports do not generally apply to the Unix version, due to
software's Unix origin.

Apache 2.0 has been structured for multiple operating systems from its
inception, by introducing the Apache Portability Library and MPM modules.
Users on Unix and non-Unix platforms are strongly encouraged to move up to
Apache 2.0 for better performance, stability and security on their
platforms. We consider Apache 2.0.55 to be the best available version at
the time of this release. We offer Apache 1.3.34 as the best legacy
version of Apache 1.3 available, and strongly recommend that users who
require compatibility with existing Apache 1.3 installations should
upgrade as soon as possible. Users should first consider upgrading to
the current release of Apache 2 instead.

Apache 1.3.34 Major changes

Security vulnerabilities

* SECURITY: core: If a request contains both Transfer-Encoding and
Content-Length headers, remove the Content-Length, mitigating some
HTTP Request Splitting/Spoofing attacks. This has no impact on
mod_proxy_http, yet affects any module which supports chunked
encoding yet fails to prefer T-E: chunked over the Content- Length
purported value.

* Added TraceEnable [on|off|extended] per-server directive to alter
the behavior of the TRACE method. This addresses a flaw in proxy
conformance to RFC 2616 - previously the proxy server would accept
a TRACE request body although the RFC prohibited it. The default
remains 'TraceEnable on'.

New features

New features that relate to specific platforms:

* None

New features that relate to all platforms:

* None

Bugs fixed

The following noteworthy bugs were found in Apache 1.3.33 (or earlier)
and have been fixed in Apache 1.3.34:

* hsregex: fix potential core dumping on 64 bit machines, such as
AMD64. PR 31858.
* mod_digest: Fix another nonce string calculation issue.

Nyheten inskickad av hagman    

EditPlus 2.20 Build 279 - 2005-10-18 18:31:33

DATE: 2005-10-07
BUILD: 279

This is a patch file to fix the bugs of EditPlus v2.20

Copyright © 2005 ES-Computing
Contact: support@editplus.com
Homepage: http://www.editplus.com/

INSTALLATION
============
Extract the files in the ZIP file to EditPlus directory.

FIXED BUGS
==========

* FTP file list was not correct with some AIX servers.
* Printer font could not be changed.
* 'More' button on Replace dialog box did not work correctly.
* Program would crash if text-to-speech software such as Narrator was running.
* Removing file type from Settings & syntax dialog could cause program crash.
* Associate in Explorer option did not work correctly.
* FTP did not work on VMS servers.
* Sort button added on the FTP Settings dialog box.
* Reformat did not work correctly with multi-byte characters.
* $(DirWin) 'Directory Window directory' argument macro added.
* Document Template in UTF-8 encoding could cause program crash.
* Some argument macro did not work if there was no open file.
* 'File Open dialog restores previous directory' option (Preferences->General).
* Displays warning if existing copy is newer than saving file.
* Lock File option is now persistent.
* Trying to Save read-only Unicode file could cause program crash.
* Locked files were not detected as read-only.
* Keystroke recording did not work correctly with multi-byte characters.
* Change Case commands did not work correctly with non-ASCII characters.
* Cusomize Data/Time command could cause program crash.
* If Recent Files list had invalid remote file name, program could crash.
* Split Lines command could cause program crash.
* Fill Column command did not work correctly with horizontally scrolled text.
* Long FTP directory name could cause program crash.

Click here to Download the latest patch file

Nyheten inskickad av hagman    

Apache HTTP Server 2.0.55 - 2005-10-14 15:27:00

Apache 2.0.55 släppt.

Laddas enklast ned ifrån:
http://apache.dataphone.se/httpd/binaries/win32/apache_2.0.55-win32-x86-no_ssl.msi

Nyheten inskickad av kire89    

Microsoft says: de-hack your CSS - 2005-10-13 11:02:02

SitePoint article by Kevin Yank skrev:

The IEBlog has appealed to Web designers to ask them to do away with a number of hacks that are commonly used to apply CSS formatting in Internet Explorer only. These are the most common hacks in question: html > body details * html details head:first-child + body—details head + body details body > element—details Many of the CSS parsing quirks that these hacks are based on have been fixed in IE7, meaning that the IE-specific formatting they apply will not be applied in IE7.

Läs vidare

Nyheten inskickad av Teddy!    

Mozilla Firefox 1.5 Beta 2 - 2005-10-07 15:43:57

Mozilla Firefox 1.5 Beta 2 is now available for download. Also known as the 1.8 Beta 5 milestone, this is the last beta release of the next major Firefox update and is aimed at testers, extension/theme authors and Web developers. The final release of Firefox 1.5, which will be widely promoted to end-users, is scheduled for later this year.

This release does not contain any major new features since Beta 1. Improvements to automated update system, Web site rendering and performance, along with several security fixes are included in this release

Beta 1 users that want to help test software update, should wait for the automatic update to be triggered sometime in the next few days. The incremental update from Beta 1 to Beta 2 is 700K bytes.

Firefox 1.5 Beta 2 can be downloaded from the Firefox project page or the Firefox 1.5b2 directory on ftp.mozilla.org[/url]. The Mozilla Firefox 1.5 Beta 2 Release Notes have more information and The Burning Edge has a list of what's new in Firefox 1.5 Beta 2.

Nyheten inskickad av hagman