Download Apache 2.0.52

The developers of the Apache HTTP server have released version 2.0.52. In this version only digital pests have been squashed, including a security bug that allowed unauthorized access. The full changelog for this release can be found below:

• Use HTML 2.0
  

  ---

  for error pages. PR 30732 [André Malo]

• Fix the global mutex crash when the global mutex is never allocated due to disabled/empty caches. [Jess Holle <jessh ptc.com>]
• Fix a segfault in the LDAP cache when it is configured switched off. [Jess Holle <jessh ptc.com>]
• SECURITY: CAN-2004-0811 (cve.mitre.org) Fix merging of the Satisfy directive, which was applied to the surrounding context and could allow access despite configured authentication. PR 31315. [Rici Lake <rici ricilake.net>]
• Fix the handling of URIs containing %2F when AllowEncodedSlashes is enabled. Previously, such urls would still be rejected. [Jeff Trawick, Bill Stoddard]
• mod_mem_cache: Fixed race condition causing segfault because of memory being freed twice, or reused after being freed. [J. Clar, W. Stoddard, G. Ames]
• Add -l option to rotatelogs to let it use local time rather than UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
• mod_log_config: Fix a bug which prevented request completion time from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE processing. PR 29696. [Alois Treindl <alois astro.ch>]