Kyle Hamilton writes "The first Apache Newsletter was released today. The Newsletter is a result of the outgrowth of the 'Jakarta Newsletter' and the newsletter can cover all the projects including infrastructure, incubator et cetera."

Dan writes "Apache Ant 1.5.4 has been released, it addresses problems relating to java, and visual age for java tasks."

gstein writes "The ASF has announced the launch of the "Geronimo" project. Geronimo will be an Apache-licensed implementation of the Java J2EE specification; further, the ASF is committed to getting it certified as J2EE-compliant. The project is looking for developers interested in helping to carry this ambitious effort forward. See the original invitation that was sent out to many J2EE communities."

securitas writes "Microsoft has deployed Linux and other open-source software in test labs used by business customers to experiment with Microsoft's products. The products include Linux, Apache, MySQL and Open LDAP directory-access software on Intel-based computers, according to Martin Taylor, who is in charge of Microsoft's Linux competitive strategy. He said the goal was to learn 'what can you do and how can you do it' using open-source software in a competitive analysis. This step comes after Microsoft's recent admission that Linux is Microsoft's biggest threat after economic conditions. Mirrors at CMPnetAsia and InternetWeek." It'd be cool to see some patches come from Redmond, but that's probably wishful thinking.

Vito asks: "I'd like to use WebDAV over SSL (with [preferably digest] authentication against Unix accounts) to provide a few hundred Windows users with secure, easy, and free access to their Linux home directories. WebDAV is supported as Web Folders in Windows, meaning there is no need to download and install SFTP, SCP, FTPS, and other clients. It's also supported natively in Mac OS X, and Linux users can install davfs. But this setup doesn't seem to be possible (safely) using Apache. Do I have alternatives?"

Kyle Hamilton writes "Apache HTTP Server 1.3.28 Released - The Apache Software Foundation and The Apache Server Project are pleased to announce the release of version 1.3.28 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 1.3.28 as compared to 1.3.27. This version of Apache is principally a bug and security fix release."

Nathan Bubna writes "Jakarta Velocity Tools is a newly released project from the Apache Software Foundation. It provides servlets and tools for rapid, clean, MVC web development with Velocity, tools for using Velocity with the Jakarta Struts framework, and a set of generic tools to help with any Velocity project."

Quicksilver31337 writes "The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the tenth public release of the Apache 2.0 HTTP Server. This Announcement notes the significant changes in 2.0.47 as compared to 2.0.46. This version of Apache is principally a security and bug fix release."

fruey writes "Following Reasoning's February analysis of the Linux TCP/IP stack (putting it ahead of many commercial implementations for it's low error density), they recently pitted Apache 2.1 source code against commercial web server offerings, although they don't say which. Apparently, Apache is close, but no cigar..."

Evil Grinn writes "The long-awaited release of Struts 1.1 has finally happened. See the release notes for all of the changes since the last Release Candidate and also since Struts 1.0.2. Many new features are available in a stable production release for the first time today. Congratulations to the entire Struts team."

jorr writes "'Presented by The International Academy of Digital Arts and Sciences, The Webby Awards is the leading international honor for the worlds best web sites. The Academy is proud to present The 7th Annual Webby Awards Winners.' Winners listed on this page. Apache won Technical Achievement award."

seldo writes "Everyone's favourite scripting language ;-) has released an update. From their site: 'The PHP developers are proud to announce the immediate availability of PHP 4.3.2. This release contains a huge number of bug fixes and is a strongly recommended update for all users of PHP. Full list of fixes can be found in the NEWS file.' This incremental release also has useful additions, such as updating to support GD 2.0.12."

The Apache HTTP Server Project writes "Apache 2.0.46 has been released. It's an important security-fix release, fixing both a crash bug [CAN-2003-0245] and a DoS [CAN-2003-0189], so everybody using prior versions of Apache 2.0 should grab a copy from the nearest mirror and upgrade!"

Above asks: "In this article we see apache 2.0.45 has been released. Well, I plan on rebuilding my webserver soon, which means installing the "latest" version. However, I'm still on the 1.x train, which is still going strong. As someone who hasn't used 2.x, and hasn't followed the development is it ready for the masses or should I stick with 1.x and be happy? Are mod_perl and ssl (my two requirements) stable? What about all the other things (php et all)? I don't do anything fancy with my web sites, but having them "just work" and not having to upgrade every other day are both strong concerns. What are your experiences?"

Alan Eibner submitted this review of Addison-Wesley's Open Source Web Development With LAMP. He writes "The number of books about Web development technologies is astounding. Some claim you can learn everything you need to know in 24 hours. Others require several complementary volumes in order to learn the subject. Why another web development book? And what sets this one apart from the rest?" Read on for the rest of Alan's chapter-by-chapter review. Update: 04/11 18:22 GMT by T : I'd called this an O'Reilly book rather than Addison-Wesley; sorry, now fixed.

BSD Forums writes "OpenBSD recently changed the mode of operation for the Apache webserver from the normal non-chrooted operation to chrooted operation. This enhances the security of the server on which Apache is run but it imposes a few challenges to the system administrator. In this article Marc Balmer discusses selected aspects of running a chrooted HTTP daemon and present strategies on how to set up a chrooted environment for more complex applications like database access or using CGI-scripts."

thx2001r writes "Well, it's no longer April 1st across the contiguous United States, so the coast is clear to say Apache 2.0.45 is released. This version contains two important security fixes and a number of bug fixes. The security fixes affect all platforms and versions of Apache 2.0.x up until this update with some special caveats for the 2.0.45 OS/2 release. It looks like the first security vulnerability addressed in this eighth public release of the Apache 2.0.x series is having its details witheld until April 8th. This is being called "a significant Denial of Service vulnerability" for Apache 2.0.x by the ASF."

steve writes "The German tech news site heise.de is reporting here (in German, of course) about a PCI card developed by the Universiy of Wuppertal and Vigos AG being shown at CeBIT, which does Gzip compression in hardware, thus freeing the CPU to do other tasks. The PCI card can compress 32MB/sec, which is more than enough to compress a 100Mbit LAN in realtime. A future version will do 64MB/sec. The article mentions that this will be of particular interest for web servers. The card should be on sale by the end of the year."

Jeremy Allison, Samba Team. writes "I just wanted to give you a heads-up on a security release, Samba 2.2.8. The release notes may be found here: http://samba.org/samba/whatsnew/samba-2.2.8.html It is important that Samba users upgrade or take the security steps outlined in the release notes. We have a report an exploit has been developed by the black-hat community. Regards, Jeremy"

Gianluca writes "Web sites get defaced every day -- that's routine practice for aspiring crackers who want to gain popularity by proving their bravery. Too often their attacks are aimed at unprepared, defenceless servers which were improperly secured by clumsy administrators. Just reading a book won't save you from the next cracker attack. However, having a solid knowledge of the basics of web security and a list of effective checkpoints for configuring your server, will definitely help you to prevent at least the most trivial mistakes." Gianluca reviews here Wrox Press' Professional Apache Security to see how well it can provide that kind of knowledge -- read on below.