FreeSoftNews

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.9 of the Apache HTTP Server (”Apache”). This version of Apache is principally a bug and security fix release. The following potential security flaws are addressed:

* CVE-2008-2364 (cve.mitre.org) — mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya.
* CVE-2007-6420 (cve.mitre.org) — mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager interface.

We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.

Apache HTTP Server 2.2.9 is available for download from:

Read more at Apache News

There’s been discussion in the open source world about a decline in the popularity of the dominant Apache web server. These concerned are fueled largely by the Netcraft survey of the internet, which shows a 20% decline in Apache’s market share over the last three years, from a high near 70% to the 50% or so it enjoys today. But bearing in mind the old saw about lies and statistics, it’s worth digging a bit more to see what these numbers mean.

Looking at Netcraft’s figures more closely, it becomes apparent that this is more than an “Apache vs. IIS” battle. One significant change for the Apache numbers happened in mid-2007, when the 8 million or so Google-served sites started reporting themselves as “GFE” rather than Apache - even though GFE may well be a private fork of the Apache codebase. That’s a significan chunk of the 158 million sites that Netcraft surveyed right there.

Read more at ostatic.com

The Apache Software Foundation will host a conference in Amsterdam, from April 7-11. The open source conference will start with two days of “intense” training classes, says the Foundation, followed by three days of over 50 sessions on open source software.

Conference topics range from Apache development trends to open source licensing issues. The keynote is by Cliff Schmidt, founder of $5 iPod project, Literacy Bridge, aimed at “reducing global illiteracy, poverty, and disease.”

Read more at LinuxDevices

AMD and Microsoft should take note that open source strategies bring painful problems. Sun Microsystems knows this all too well.

Just as Microsoft said it’s opening its APIs and AMD made its latest contribution to open source, controversy again bubbled up for Sun’s much-vaunted OpenSolaris project.

Apache Server co-founder Ray Fielding has resigned from Sun’s OpenSolaris Community saying he’s unhappy about the way Sun’s behaving. The issue centers over who controls the OpenSolaris trademark - Sun or the governing community - with Fielding saying Sun wanted to have it’s cake and eat it too.

Read more at RegDeveloper

The Apache Tomcat team is proud to announce the immediate availability of Tomcat 4.1.37 stable. This build contains numerous library updates, a small number of bug fixes and two important, one moderate and six low severity security fixes.

Apache Tomcat is an implementation of the Java Server Pages 1.2 and Java Servlet 2.3 specifications.

Please refer to the release notes for a complete list of changes.

Downloads: http://tomcat.apache.org/download-41.cgi

Security information: http://tomcat.apache.org/security-4.html

Read more at Apache News Online

According to a press release issued earlier this month by Finjan, a security research firm, compromised Web servers are infecting thousands of visitors daily with malware that turns their Windows machines into unwitting bots to do the bidding of an as yet unidentified criminal organization. Security firms ScanSafe and SecureWorks have since added their own takes on the situation, though with varying estimates on the number of sites affected. All reports thus far say the compromised servers are running Linux and Apache.

According to an article on ServerTune.com, the exploit involves a rootkit installed on the compromised server that replaces several system binaries with infected versions.

Read more at Linux.com

A mass attack ongoing for the past month against Linux Apache Web servers has become increasingly successful because its break-in method makes use of an automated password and installation process, according to a security researcher monitoring its progress.

Don Jackson, senior security sesearcher at SecureWorks, says the attack, which was first thought to have compromised several hundred Web sites, has hit at least 10,000. He says the attack relies on making use of stolen passwords to Linux Apache servers by automating the installation process to force it to serve up attacks against vulnerabilities on Windows clients.

Read more at PC World

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.8, 2.0.63 and 1.3.41 of the Apache HTTP Server (”Apache”). These versions of Apache are principally a bug and security fix releases. From official Announcements:

• Read more: Apache HTTP Server 2.2.8, 2.0.63, 1.3.41 Released

In the October 2007 survey we received responses from 142,805,398 sites, an increase of 7.6 million sites since last month. This continues the strong gains seen last month, a rate of over 5% monthly growth, with MySpace, Microsoft Live.com, and Google’s Blogger each gained over 1 million sites this month. Benefitting from the gains at MySpace and Microsoft Live, Microsoft-IIS now hosts over 50 million sites.

Read more at Netcraft

The Apache Tuscany team are delighted to announce the 1.0 release of the Java SCA project. Apache Tuscany provides a runtime environment based on the Service Component Architecture (SCA). SCA is a set of specifications aimed at simplifying SOA application development. These specifications are being standardized by OASIS as part of the Open Composite Services Architecture (Open CSA). This Apache Tuscany release represents a major milestone as the first 1.0 implementation of the core SCA specifications. For full details about the release and to download the distributions please go to: http://incubator.apache.org/tuscany/sca-java-releases.html To find out more about OASIS Open CSA go to: http://www.oasis-opencsa.org. Apache Tuscany welcomes your help.

Read more at Apache News

The Apache Tomcat team announces the immediate availability of Apache Tomcat 6.0.14 stable. This release includes bugfixes over Apache Tomcat 6.0.13.

Apache Tomcat 6.0 includes new features over Apache Tomcat 5.5, including support for the new Servlet 2.5 and JSP 2.1 specifications, a refactored clustering implementation, advanced IO features, and improvements in memory usage.

Read more at Apache News

The Apache Tomcat team is pleased to announce the immediate availability of version 1.2.24 of the Apache Tomcat Connectors.

It contains connectors, which allow a web server such as Apache HTTPD, Microsoft IIS and Sun Web Server to act as a front end to the Tomcat web application server.

This version contains several enhancements and fixes a number of minor bugs of the previous version 1.2.23.

See http://tomcat.apache.org/connectors-doc/miscellaneous/changelog.html for a complete list of changes.

Source distribtions can be downloaded from an Apache Software Foundation mirror at:

Read more at Apache News

Most people in the free software world know two things about Apache. The first is that its name derives from the fact that it was a “a patchy server”, built out of patches to the earlier NCSA HTTPd Web server. The other is that in terms of market share, Apache knocks Microsoft’s IIS into a cocked hat. Unfortunately, neither of these statements is true.

Here’s what Brian Behlendorf, one of the founders of the Apache project, and the person who came up with the name, told me a few years ago:

• Read more: What’s the Story Behind Apache?

“One of the unsung features of GPLv3 is its grant of compatibility to the Apache and Eclipse open source licenses. Apache or Eclipse licensed code can now be combined with GPL code without creating a violation of the GPL. That wasn’t possible in the past, or at least, not sanctioned by the Free Software Foundation.

“Both the Apache and Eclipse Foundations sponsored business friendly licenses that allowed open source code created under their terms to be combined with clearly labeled, proprietary code. Their open source code, such as the Apache Web Server or the Eclipse programmers workbench, could and did serve as the foundation for many new commercial products…”
Complete Story

Apache Maven 1.1 was released yesterday as the final release with new features to the 1.x branch of Maven. Maven is an open source project management tool for Java developers.

Additional bugfix and security updates are possible, but this is the last release that will include new features. The upgrade is recommended for all users of version 1.x, including those using pre-1.1 betas or release candidates. If you’re new to this software, you need to know that the latest stable release is Maven 2.0.7, which is recommended for all new projects. However, it is not backwards compatible with Maven 1.x. The 1.1 release is, with a few exceptions, backwards compatible with Maven 1.0.

Read more at Linux.com

The Apache Jakarta Commons team is pleased to announce the release of Commons Modeler 2.0.1. This is a minor bug fix release that corrects a number of build issues found in the Modeler 2.0 release. Commons Modeler is design to make the process of setting up JMX (Java Management Extensions) MBeans easier by configuring the required meta data using an XML descriptor. In addition, Modeler provides a factory mechanism to create the actual Model MBean instances themselves. See the Modeler website for more details:

Read more at Apache News

“Apache Geronimo is the new kid on the Java Platform, Enterprise Edition (Java EE) server block (version 1.0 was released in January 2006). It’s a powerful combination of several other projects, including OpenEJB, Axis, Jetty, Tomcat, ActiveMQ, and ServiceMix. Geronimo is making headlines these days, because it’s a different kind of Java 2 Platform, Enterprise Edition (J2EE)-certified server. It’s built from the ground up using a dependency injection container. Geronimo also provides fine-grained control over class loaders, allowing you to specify parent-child relationships instead of just dropping all your classes inside a shared lib directory and hoping for the best.

“Apache Pluto is the reference implementation for the Portlet specification. It isn’t a full-fledged portal server itself…”
Complete Story

Subversion is a free/open-source version control system. That is, Subversion manages files and directories over time. A tree of files is placed into a central repository. The repository is much like an ordinary file server, except that it remembers every change ever made to your files and directories. This allows you to recover older versions of your data, or examine the history of how your data changed. In this regard, many people think of a version control system as a sort of “time machine”.

Read more at HowtoForge

Vlogger is a little tool with which you can write Apache logs broken down by virtual hosts and days. With vlogger, we need to put just one CustomLog directive into our global Apache configuration, and it will write access logs for each virtual host and day. Therefore, you do not have to split Apache’s overall access log into access logs for each virtual host each day, and you do not have to configure Apache to write one access log per virtual host (which could make you run out of file descriptors very fast).

Read more at HowtoForge

“Linux, Apache, MySQL, and PHP (or Perl) form the basis of the LAMP architecture for Web applications. Many open source packages based on LAMP components are available to solve a variety of problems. As the load on an application increases, the bottlenecks in the underlying infrastructure become more apparent in the form of slow response to user requests. The previous article showed you how to tune the Linux system and covered the basics of LAMP and performance measurement. This article focuses on the Web server components, Apache and PHP…”
Complete Story (Part 2)

Complete Story (Part 3)