April 9, 2003 — (WEB HOST INDUSTRY REVIEW) — According to reports released this week, the eighth public release of the Apache 2.0 HTTP Server, announced last week by the Apache Software Foundation and the Apache HTTP Server Project, focuses on patches and bug-fixes, but leaves a denial of service vulnerability for OS/2 versions requiring a patch.
One of the security patches in the new release is said to repair a vulnerability that was not disclosed until April 7, giving users time to update installations before information on the potential denial of service attack was released. The common Vulnerability Exposure database was scheduled to include details once the vulnerability was fully announced. The OS/2 release also contains a denial of service vulnerability that the project plans to patch in version 2.0.46.
