'뉴스/소식' 카테고리의 글 목록 (6 Page)

« 2024/5 »
일	월	화	수	목	금	토
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

'뉴스/소식'에 해당되는 글 312건

2012.02.22 Apache HTTP Server 2.4 릴리즈
2012.02.20 Apache log4php 2.2.1 릴리즈
2012.02.20 Apache Commons Daemon 1.0.9 릴리즈
2012.02.20 Apache Subversion 1.7.3 릴리즈
2011.08.30 [SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure

아파치 소프트웨어 재단은 아파치 오픈 소스 소프트웨어 프로젝트 커뮤니티 지원을 제공합니다.
아파치 프로젝트는 협업과 개발 프로세스를 기반으로 하는 상호간의 공감대와 개방되어 있는 실용적인 소프트웨어 라이센스, 그 분야에서 선두를 달릴 수 있는 고품질 소프트웨어 개발을 추구하고 있습니다.

우리는 심플한 서버 공유 프로젝트의 모임이라고도 하지만 오히려 개발자와 사용자간의 커뮤니티라고 생각합니다.

Apache HTTP Server 2.4 릴리즈

뉴스/소식 | 2012. 2. 22. 09:00 | Posted by 노안돼지

많은 개발자와 서버 운영자들이 기다리시던 Apache HTTP Server 2.4가 릴리즈 되었습니다.

Apache HTTP Server 2.4에서는 클라우드 환경을 구성하는데 적합하게 하는 기능들이 많이 추가 되었습니다.
•    Improved performance (lower resource utilization and better concurrency)
•    Reduced memory usage
•    Asyncronous I/O support
•    Dynamic reverse proxy configuration
•    Performance on par, or better, than pure event-driven Web servers
•    More granular timeout and rate/resource limiting capability
•    More finely-tuned caching support, tailored for high traffic servers and proxies.

기능 개선에 대한 상세한 내용은 아래 주소를 참고하세요.
http://httpd.apache.org/docs/2.4/new_features_2_4.html

다운로드는 아래 주소에서 받을 수 있습니다.
http://httpd.apache.org/download.cgi#apache24

저작자표시 비영리 동일조건

Apache log4php 2.2.1 릴리즈

뉴스/소식 | 2012. 2. 20. 15:19 | Posted by 노안돼지

The Apache log4php team is pleased to announce the release of Apache log4php 2.2.1.

This is a maintenance release which fixes several important bugs and features yet another update to the web site design.

The full changelog can be found at:

http://logging.apache.org/log4php/changelog.html

This release is available for download from:

http://logging.apache.org/log4php/download.html

Thanks to everyone who participated in the making of this release.

Best regards,

The Apache log4php team

저작자표시 비영리 동일조건

Apache Commons Daemon 1.0.9 릴리즈

뉴스/소식 | 2012. 2. 20. 15:18 | Posted by 노안돼지

The Apache Commons Daemon team is pleased to announce the commons-daemon-1.0.9 release!

Version 1.0.9 is bug fix release fixing few minor issues.

Source and binary distributions are available for download from the Apache Commons download site:

http://commons.apache.org/daemon/download_daemon.cgi

When downloading, please verify signatures using the KEYS file available at the above location when downloading the release.

For more information on Apache Commons Daemon, visit the Commons Daemon home page:

http://commons.apache.org/daemon/

Thank you,

저작자표시 비영리 동일조건

Apache Subversion 1.7.3 릴리즈

뉴스/소식 | 2012. 2. 20. 15:09 | Posted by 노안돼지

SVN으로 유명한 Apache Subversion이 1.73으로 릴리즈 되었습니다.

다운로드는 아래 링크에서 받을 수 있습니다.

http://subversion.apache.org/download/#recommended-release

I'm happy to announce the release of Apache Subversion 1.7.3. This release is the best available release of Subversion, and we encourage all users to upgrade as soon as practical. Subversion 1.7.3 fixes a number of crashes and improves error handling in several cases (please see CHANGES for details).

This release also includes a correctness for for mod_dav_svn responses.
Unfortunately, this same fix highlights several bugs already existant in svnrdump when it is run over ra_serf. For this reason, we continue to recommend that users use ra_neon--the default for the 1.7.x series--when running svnrdump.

To download the latest release of Subversion, please choose the mirror closest to you by visiting:

http://subversion.apache.org/download/#recommended-release

저작자표시 비영리 동일조건

[SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure

뉴스/소식 | 2011. 8. 30. 23:23 | Posted by 노안돼지

CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.20
- Tomcat 6.0.0 to 6.0.33
- Tomcat 5.5.0 to 5.5.33
- Earlier, unsupported versions may also be affected

Description:
Apache Tomcat supports the AJP protocol which is used with reverse proxies to pass requests and associated data about the request from the reverse proxy to Tomcat. The AJP protocol is designed so that when a request includes a request body, an unsolicited AJP message is sent to Tomcat that includes the first part (or possibly all) of the request body. In certain circumstances, Tomcat did not process this message as a request body but as a new request. This permitted an attacker to have
full control over the AJP message which allowed an attacker to (amongst other things):
- insert the name of an authenticated user
- insert any client IP address (potentially bypassing any client IP address filtering)
- trigger the mixing of responses between users

The following AJP connector implementations are not affected:
org.apache.jk.server.JkCoyoteHandler (5.5.x - default, 6.0.x - default)

The following AJP connector implementations are affected:

org.apache.coyote.ajp.AjpProtocol (6.0.x, 7.0.x - default)
org.apache.coyote.ajp.AjpNioProtocol (7.0.x)
org.apache.coyote.ajp.AjpAprProtocol (5.5.x, 6.0.x, 7.0.x)

Further, this issue only applies if all of the following are are true
for at least one resource:
- POST requests are accepted
- The request body is not processed

Example: See https://issues.apache.org/bugzilla/show_bug.cgi?id=51698

Mitigation:
Users of affected versions should apply one of the following mitigations:
- Upgrade to a version of Apache Tomcat that includes a fix for this
issue when available
- Apply the appropriate patch
- 7.0.x http://svn.apache.org/viewvc?rev=1162958&view=rev
- 6.0.x http://svn.apache.org/viewvc?rev=1162959&view=rev
- 5.5.x http://svn.apache.org/viewvc?rev=1162960&view=rev
- Configure the reverse proxy and Tomcat's AJP connector(s) to use the
requiredSecret attribute
- Use the org.apache.jk.server.JkCoyoteHandler AJP connector (not
available for Tomcat 7.0.x)

Credit:
The issue was reported via Apache Tomcat's public issue tracker.
The Apache Tomcat security team strongly discourages reporting of
undisclosed vulnerabilities via public channels. All Apache Tomcat
security vulnerabilities should be reported to the private security team
mailing list: security@tomcat.apache.org

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698

저작자표시 비영리 동일조건

«이전 1 ··· 3 4 5 6 7 8 9 ··· 63 다음»

The Apache Software Foundation

Tags»

Category»

Notice»

Recent Post»

Recent Comment»

Recent Trackback»

Archive»

My Link»

'뉴스/소식'에 해당되는 글 312건

Apache HTTP Server 2.4 릴리즈

Apache log4php 2.2.1 릴리즈

Apache Commons Daemon 1.0.9 릴리즈

Apache Subversion 1.7.3 릴리즈

[SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure

티스토리툴바