Download Apache httpd 2.4.37

Spread the love

The Apache HTTP Server Project development team has released a new version of the Apache web server with the version number 2.4.37. This server is using modules provide all kinds of additional functionality. For more information, please refer to this page† The announcement and list of changes for version 2.4.37 are as follows:

Apache httpd 2.4.37 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.4.37 of the Apache HTTP Server (“httpd”). This latest release from the 2.4.x stable branch represents the best available version of Apache HTTP Server.

Changes with Apache 2.4.37

  • mod_ssl: Fix HTTP/2 failures when using OpenSSL 1.1.1.
  • mod_ssl: Fix crash during SSL renegotiation with OptRenegotiate set, when client certificates are available from the original handshake but were originally not verified and should get verified now. This is a regression in 2.4.36 (unreleased).
  • mod_ssl: Correctly merge configurations that have client certificates set by SSLProxyMachineCertificate{File|Path}.

Changes with Apache 2.4.36

  • mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified responses. Regression introduced in 2.4.35.
  • mod_proxy_scgi, mod_proxy_uwsgi: improve error handling when sending the body of the response.
  • mod_http2: adding defensive code for stream EOS handling, in case the request handler missed to signal it the normal way (eos buckets).
  • ab: Add client certificate support.
  • ab: Disable printing temp key for OpenSSL before version 1.0.2. SSL_get_server_tmp_key is not available there.
  • mod_ssl: Fix a regression that the configuration settings for verify mode and verify depth were taken from the frontend connection in case of connections by the proxy to the backend. PR 62769.
  • MPMs: Initialize all runtime/asynchronous objects on a dedicated pool and before signals handling to avoid lifetime issues on restart or shutdown. PR 62658.
  • mod_ssl: Add support for OpenSSL 1.1.1 and TLSv1.3. TLSv1.3 has behavioral changes compared to v1.2 and earlier; client and configuration changes should be expected. SSLCipherSuite is enhanced for TLSv1.3 ciphers, but applies at vhost level only.
  • mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces should be accepted after the authorization scheme. \t are also tolerated.
  • mod_proxy_hcheck: Fix issues with interval determination. PR 62318
  • mod_proxy_hcheck: Fix issues with TCP health checks. PR 61499
  • mod_proxy_hcheck: take balancer’s SSLProxy* directives into account.
  • mod_status, mod_echo: Fix the display of client addresses. They were truncated to 31 characters which is not enough for IPv6 addresses. This is done by deprecating the use of the ‘client’ field and using the new ‘client64’ field in worker_score. PR 54848

Version number 2.4.37
Release status Final
Operating systems Windows 7, Linux, BSD, macOS, Solaris, UNIX, Windows Server 2008, Windows Server 2012, Windows 8, Windows 10, Windows Server 2016
Website Apache Software Foundation
Download
License type Conditions (GNU/BSD/etc.)
You might also like