The Apache Software Foundation and apache HTTP Server Project announced the new version of Apache HTTP Server, 2.4.57. The latest version brings some bug fixes, which are crucial to ensure the highest possible availability.
This version of Apache is the last GA version of the next generation Apache HTTPD 2.4.x branch and is recommended on all previous versions. The Apache Foundation encourages users of all previous versions of Apache HTTP Server to upgrade to version 2.4.57.
Apache HTTP Server 2.4.57 provides bugfixes and improvements for mod_proxy, mod_http2, mod_rewriteAnd mod_mime mods. Here are all the changes:
- mod_proxy: Check before forwarding that a nocanon path has not been rewritten with spaces during processing.
- mod_proxy: In case AllowEncodedSlashes is set to NoDecode, do not double encode the slashes in the URL sent by the reverse proxy to the backend.
- mod_http2: fixed a crash when ending the connection.
- mod_rewrite: Fixed 2.4.56 regression for substitutions ending with a question mark.
- mod_rewrite: Add the “BCTLS” and “BNE” rewrite rule flags. Reallow characters encoded on redirects without the “NE” flag.
- mod_proxy: Fixed double encoding of the uri-path of the request passed to the origin server, when using mapping=encoded|servlet.
- mod_mime: Don’t match the extension to any query string parameters in case ProxyPass was used with the nocanon option.
You can follow the link below to download Apache HTTP Server 2.4.57:
Apache HTTP Server 2.4.57 requires Apache Portable Runtime (APR), minimum version 1.5.x, and APR-Util, minimum version 1.5.x. Some features may require version 1.6.x of APR and APR-Util. APR libraries need to be upgraded for all httpd features to work properly.
When updating or installing this version of Apache, keep in mind that if you intend to use Apache with any of the threaded MPMs (other than the Prefork MPM), you You need to make sure that any modules you’ll be using (and the libraries they depend on) are thread-safe.
Please note that the 2.2.x branch has now passed the end of life of the Apache HTTP Server project and no further activity will occur, including security patches. Users should quickly complete their transitions to this 2.4.x version of httpd to benefit from further bug fixes or new features.