Hacker News Clone

Apache HTTP Server 2.4.58 (CVE fixes)

by neustradamus on 10/19/2023, 12:07 PM with 42 comments

by teddyh on 10/19/2023, 12:35 PM
Previous discussions:
<https://news.ycombinator.com/item?id=37830987>
<https://news.ycombinator.com/item?id=37830998>
<https://news.ycombinator.com/item?id=37831004>
by nologic01 on 10/19/2023, 5:08 PM
"The early Apache server was a big hit, but we all knew that the codebase needed a general overhaul and redesign."
From the README of the apache_1.3.0 distribution (April 1998) https://archive.apache.org/dist/httpd/
Love this project. It changed the world and it still goes strong. The closest to "forever software"?
by skilled on 10/19/2023, 12:21 PM
Relevant,
HTTP/2 Rapid Reset and Apache
https://github.com/icing/blog/blob/main/h2-rapid-reset.md
Apache httpd 2.4.58
https://github.com/icing/blog/blob/main/httpd-2.4.58.md
by m00dy on 10/19/2023, 1:42 PM
for PoC in Rust, https://github.com/m00dy/r4p1d-r3s3t
by Yhippa on 10/19/2023, 7:04 PM
A Patchy Server has come such a long way.
by zeroimpl on 10/19/2023, 11:04 PM
Surprising to see stuff like this included in a patch release:
```
    core: Updated conf/mime.types:
     - .js moved from 'application/javascript' to 'text/javascript'
```
That’s probably going to break something for somebody.
by secondcoming on 10/19/2023, 3:19 PM
Is HTTP/2 just too complex for a mere mortal to implement?
by eightnoneone on 10/19/2023, 12:42 PM
[flagged]
by blind_oracle on 10/19/2023, 1:42 PM
I'm surprised people still actively use it and it seems on par with nginx, at least according to https://www.netcraft.com/blog/january-2023-web-server-survey...