The Apache Software Foundation

  This Announcement notes the significant changes in 1.3.42 as compared to 1.3.41.

  This version of Apache is is principally a bug and security fix release.
  The following moderate security flaw has been addressed:

    * CVE-2010-0010 (cve.mitre.org)
      mod_proxy: Prevent chunk-size integer overflow on platforms
      where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.

  Please see the CHANGES_1.3.42 file in this directory for a full list
  of changes for this version.

  Apache 1.3.42 is the final stable release of the Apache 1.3 family. We
  strongly recommend that users of all earlier versions, including 1.3
  family releases, upgrade to to the current 2.2 version as soon as possible.
  For information about how to upgrade, please see the documentation:

         http://httpd.apache.org/docs/2.2/upgrading.html

  Apache 1.3.42 is available for download from

          http://httpd.apache.org/download.cgi

  This service utilizes the network of mirrors listed at:

          http://www.apache.org/mirrors/

  Binary distributions may be available for your specific platform from

          http://www.apache.org/dist/httpd/binaries/

  Binaries distributed by the Apache HTTP Server Project are provided as a
  courtesy by individual project contributors. The project makes no
  commitment to release the Apache HTTP Server in binary form for any
  particular platform, nor on any particular schedule.

  IMPORTANT NOTE FOR APACHE USERS: Apache 1.3 was designed for Unix OS
  variants. While the ports to non-Unix platforms (such as Win32, Netware or
  OS2) will function for some applications, Apache 1.3 is not designed for
  these platforms. Apache 2 was designed from the ground up for security,
  stability, or performance issues across all modern operating systems.
  Users of any non-Unix ports are strongly cautioned to move to Apache 2.

  The Apache project no longer distributes non-Unix platform binaries from
  the main download pages for Apache 1.3. If absolutely necessary, a binary
  may be available at http://archive.apache.org/dist/httpd/.

Apache 1.3.42 Major changes

 Security vulnerabilities

  The main security vulnerabilities addressed in 1.3.42 are:

 *) SECURITY: CVE-2010-0010 (cve.mitre.org)
    mod_proxy: Prevent chunk-size integer overflow on platforms
    where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.

 Bugfixes addressed in 1.3.42 are:

 *) Protect logresolve from mismanaged DNS records that return
    blank/null hostnames.

Bug

  * [MYFACES-2356] - HtmlRadioRendererBase calls converter method getAsString() not with the object, but with the string version when an validation error occured
  * [MYFACES-2396] - @PreDestroy method of Bean in CustomScope not invoked
  * [MYFACES-2410] - f:validateBean does not work as container for EditableValueHolders
  * [MYFACES-2429] - Missing localePrefix for resources is not ignored
  * [MYFACES-2430] - Button image url rendered wrong for resources
  * [MYFACES-2431] - NotSerializableException on state serialization
  * [MYFACES-2432] - InsertChildrenHandler.RelocateAllChildrenListener throws IndexOutOfBoundsException
  * [MYFACES-2434] - dummy request/response classes for system event listeners will break with Servlet 3.0
  * [MYFACES-2436] - BeanValidator stops on null value (@NotNull not checked)
  * [MYFACES-2437] - columnClasses must not be rendered if colums > columnClasses
  * [MYFACES-2445] - NPE on rendering outcome target links
  * [MYFACES-2447] - PhaseListeners not invoked correctly
  * [MYFACES-2450] - ViewHandler.deriveViewId must check is viewId really exists
  * [MYFACES-2453] - f:view is ignored by facelets
  * [MYFACES-2457] - f:selectItem "escape" property not bound in facelets
  * [MYFACES-2462] - <ui:debug /> is not working
  * [MYFACES-2468] - MyFaces needs to support adding a <view-handler> in faces-config.xml
  * [MYFACES-2469] - Invalid outcome gives NPE
  * [MYFACES-2472] - Missing return in UIComponent.EventListenerWrapper
  * [MYFACES-2474] - Fix navigation handler algorithm for redirects
  * [MYFACES-2475] - Visit facets in UIComponent.visitTree()
  * [MYFACES-2476] - @this in render not resolved on ajax request
  * [MYFACES-2477] - Ajax related fixes for command components
  * [MYFACES-2481] - Wrong property name in payload for ajax callback functions
  * [MYFACES-2482] - Use Error instead of Exception in Ajax Js Impl
  * [MYFACES-2484] - public final void pushComponentToEL(FacesContext context, UIComponent component) crashes if component is null
  * [MYFACES-2488] - PreRenderViewEvent-listeners could change UIViewRoot or set responseComplete
  * [MYFACES-2498] - Myfaces should be able to gracefully handle a runtime with the bean validation API on the classpath but no impl
  * [MYFACES-2499] - f:validateBean disabled="true" not processed correctly
  * [MYFACES-2501] - f:validateBean should only use the validationGroups from the stack, if its validationGroups property is null or an empty string
  * [MYFACES-2506] - @ManagedBean doesn't work with missing scope annotation

Improvement

  * [MYFACES-2435] - f:facet can have more than one child
  * [MYFACES-2444] - Implement new JSF 2 c:set features
  * [MYFACES-2464] - Find a way to do not use ELExpressions on jsf.js for getProjectStage

Task

  * [MYFACES-2363] - ExceptionHandler implementation requires deal with ajax responses
  * [MYFACES-2368] - Update Render Response Phase to new spec
  * [MYFACES-2417] - h:commandButton and h:commandLink now can be rendered outside a form
  * [MYFACES-2418] - Implement h:selectManyXXX collectionType and hideNoSelectionOption
  * [MYFACES-2423] - h:dataTable renderer does not support colgroups facet
  * [MYFACES-2425] - JSTL Functions returns null instead ""
  * [MYFACES-2426] - UISelectItem itemEscaped should return true as default
  * [MYFACES-2427] - Composite Component not bound when calling ValueExpression from broadcast
  * [MYFACES-2428] - Id generation for facelets cause problems with htmlunit 2.4 or lower
  * [MYFACES-2438] - h:selectOneRadio can't render HTML.NBSP_ENTITY before start label text
  * [MYFACES-2446] - ExceptionHandlerImpl is not correct
  * [MYFACES-2448] - Wrappers created in 1.2 version should wrap new methods added in 2.0
  * [MYFACES-2449] - ManagedBeanResolver and ScopedAttributeResolver could be called before UIViewRoot is available
  * [MYFACES-2451] - Add @JSFWebConfigParam annotation to new parameters in JSF 2.0
  * [MYFACES-2454] - Adapt default error page generation to new spec
  * [MYFACES-2455] - ClientBehaviorHolder interface should be tracked by myfaces-builder-plugin metadata
  * [MYFACES-2456] - Interfaces should be tracked on myfaces builder plugin
  * [MYFACES-2459] - PreJsf2ExceptionHandlerImpl not correct
  * [MYFACES-2460] - Add Resource Headers and allow EL Expressions only on css files
  * [MYFACES-2465] - PreJsf2ExceptionHandlerFactory should create new instances of PreJsf2ExceptionHandlerImpl for each call to getExceptionHandler()
  * [MYFACES-2487] - DeltaList does not deal correctly with transient objects
  * [MYFACES-2493] - ViewMetadata facelets compiler should not output DTD, <?xml or any UIInstruction outside f:metadata
  * [MYFACES-2494] - Component branches saved with PSS needs to be wrapped
  * [MYFACES-2496] - Provide a method to find out if a facelets TagHandler has children or not
  * [MYFACES-2505] - ComponentHandler.isNew requires deal with composite components