hardcorejon writes "Am I the only person who didn't notice that on November 18th 2002, the Apache Ant Project had migrated out from under the Jakarta Project umbrella to become a top-level Apache project, joining the ranks of the Apache HTTP Server Project? Well, for those of us who use Ant on a regular basis, this is great news. Ant is an incredibly powerful tool, increasingly a standard build system for many new projects."

rbowen writes "The Apache Software Foundation is pleased to announce the release of Apache 2.0.44, which addresses a number of security issues. Download it from your favorite mirror." Rich notes that it fixes some important security problems (under Windows) for the Windows version. Also interesting is that now there truly is a split between a development and regular releases, adopting the Linux kernel model, with 2.1 being the dev Apache tree and 2.0 being the release tree.

semanticgap writes "The beauty of Python at Apache speeds! A couple of months after donation to ASF, a new mod_python is out under the Apache license. Main feature of this release is Apache 2.0 compatibility, including support for filters and connection handlers and many more enhancements. More info at www.modpython.org. Note that this release is not compatible with Apache 1.3."

pdw writes "Apache Week this week has a feature detailing the happenings at last week's ApacheCon in Vegas. Read up to find out what's new in the world of Apache."

Gentu writes "There is a pretty new and little known, lite web server in town, named Boa. The server can run very fast on older machines, even on embedded devices, but it is only CGI-based. OSNews introduces Boa (running under Linux) and it includes some preliminary benchmarks against Apache and thttpd."

Liam writes "Tomcat is a subproject of the Apache Software Foundation's Jakarta project, its purpose being to serve Java Servlets and JavaServer Pages. It's a complex piece of software and though the documentation is very comprehensive, it helps to have a good reference work to hand. There aren't many books on the subject to choose from, so a publisher could make a fast buck putting out an incomplete work lacking in depth. Fortunately Wrox Press has done a great job with its new publication Professional Apache Tomcat." Read on for the rest of Liam's review.

ruiner5000 writes "Well it is official. AMD has just sent out a press release announcing that Covalent and Redhat are developing a 64 bit version of Apache. "Covalent is developing 64-bit compatibility because we believe the upcoming AMD Opteron processor-based server systems will deliver superior performance and reliability for our easy-to-install Apache project server software," said Mark Douglas, senior vice president of engineering, Covalent Technologies. "Compatibility is essential, and we are cooperatively working to ensure optimal performance with the upcoming AMD Opteron processors." "

Network Dweebs Corporation writes "A new Apache DoS mod, called mod_dosevasive (short for dos evasive maneuvers) is now available for Apache 1.3. This new module gives Apache the ability to deny (403) web page retrieval from clients requesting more than one or two pages per second, and helps protect bandwidth and system resources in the event of a single-system or distributed request-based DoS attack. This freely distributable, open-source mod can be found at http://www.networkdweebs.com/stuff/security.html"

Triumph The Insult C writes "Apache 1.3.27 is out, addressing 3 security problems and includes some other updates. Check out cve.mitre.org for CAN-2002-0839, CAN-2002-0840 and CAN-2002-0843. You can grab .27 from the mirrors. Details on the security problems and the other updates to .27 can be found here."

jimmy writes ""A vulnerability exists in the SSI error pages of Apache 2.0 that involves incorrect filtering of server signature data. The vulnerability could enable an attacker to hijack web sessions, allowing a range of potential compromises on the targeted host." This Cross site scripting (or XSS) hole has been found in all versions of apache prior to 2.0.43. The advisory can be found here and users are urged to upgrade to address this problem."

i-got-a-long-name writes "The Apache HTTP Server Project is proud to announce the fifth public release of Apache 2.0. This is primarily a bug-fix release, including updates to the experimental caching module, the removal of several memory leaks, and fixes for several segfaults, one of which could have been used as a denial-of-service against mod_dav. A complete list of the changes since 2.0.40 are available.". Just keep in mind that if you upgrade be prepared to recompile all of your modules since binary-compatibility is no longer the case. Which I am sure will help with the adoption rate.

KingARP writes "This article details how to secure dynamic content on an Apache Web server. Topics covered include general security issues pertaining to dynamic content, securing Server Side Includes, configuring Apache's Common Gateway Interface, and wrapping dynamic content. The article is targeted primarily at Webmasters and system administrators responsible for maintaining and securing a Web server; however, anyone with a need or desire to server dynamic content will benefit from the topics covered."

rbowen writes "Early-bird registration for ApacheCon closes on October 1. Sign up now to save $200 on the premier Apache event in the world. Don't miss out on a chance to mingle with the folks that wrote Apache, and get your Apache dilemmas solved by the leading experts in the field."

randomErr writes "The worms, Slapper.B and Slapper.C, which exploits a known buffer overrun vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process has infected thousands of Web servers worldwide, according to Helsinki-based F-Secure Corp., a computer and network security company. "

joe writes "Apache has released a security warning in its popular server Tomcat. This security hole allows non authenticated users to retrieve source code of web applications on the server."

corz writes "Has PHP got you down? Are you tired of writing those Perl CGI scripts? Why not check out The Moto Programming Language. Released under the GPL, Moto allows for two modes of execution: interpreted and compiled. Moto is different from the rest of the field in that you can develop a site using interpreted mode for quick testing, then when the site is ready for production you can compile the it into an Apache DSO and serve it straight from memory. If you are looking to learn a new language, or would like to help with development, consider giving Moto a chance. Go download it now."

sverrehu writes "A GNU/Linux worm exploiting a bug in OpenSSL spreads through vulnerable Apache web servers, according to Symantec. The worm, which was first reported in Europe, targets several popular Linux distributions. See also the SecurityFocus vulnerability listing for the OpenSSL bug." sionide also writes: "Netcraft recently published a report which explains that a large portion of Apache systems are still unpatched (halfway down). To protect yourself please upgrade to OpenSSL 0.9.6g."

spike666 writes "Apache Axis, the SAX based SOAP server which IBM is building into WebSphere, has hit 1.0RC1! Go download it now and get all SOAPy!"

An anonymous reader writes "Vnunet reports on the low adoption of Apache 2 has caused its producers to advocate freezing development of the open-source Web server until makers of add-in software catch up. Almost six months after the launch of Apache 2, less than one percent of sites use it, due to a lack of suitable third-party modules." I'm not sure where they are getting the freezing Apache development part, more talk about forking for 2.1 right now on the httpd mailing list. The article does have it right though that until there is a reason to upgrade and the modules are in place that adoption is not going to happen. While the cores of both Perl and PHP are thread-safe, the third-party modules are not. This renders one the larger reasons to use Apache 2.0, the threaded http support, useless for applications using either of these application layers. It comes down to the question of whether the third-party module writers are better off supporting what is used or what is new.

Roullian writes "The first stable version of Tomcat 4.1 is out. This is a long-awaited version, as it includes major improvements: enhanced administration tools, a new JSP compiler, and many many performance and scalability improvements. For all of us using Tomcat in production, it's time to download!"