Recently, there have been several updates around the Apache Web Server project, httpd. In July, this open source project saw three significant updates including:
- httpd 2.0.65. This release represented the final release and End Of Life of that 2.0 series of Apache project releases, patching a number of non-critical but important security flaws and bugs.
- httpd 2.2.25. The legacy httpd release 2.2.25 patched several security defects and notably improved several aspects of DAV request handling for users who leverage mod_dav or mod_dav_svn modules.
- httpd 2.4.6. This is the latest in stable feature development, also included broad improvements to the mod_lua API, improved mod_cache protocol compliance, and bug fixes and enhancements to many new 2.4-specific features. Users of mod_dav_svn from Apache Subversion should simultaneously update that module to the latest release for several interdependent security fixes.
The Pivotal Web Server team, who also contributed to these open source Apache releases, has also been busy at work creating new releases and plans for Pivotal’s commercial offerings around httpd. These advances include:
Pivotal vFabric Web Server 5.3.1 Ships
The most recent Pivotal vFabric Web Server version 5.3.1 shipped on Aug 6th, 2013 and is based on the httpd version 2.2.25. Customers are urged to update promptly to obtain the benefits of these bug fixes, particularly those users of mod_dav who expose their SVN services on an anonymous basis.
|Click here to download the latest version of Pivotal Web Server.|
Pivotal vFabric ERS Transition
The vFabric ERS (Enterprise Ready Server) product previously included support for httpd 2.0, a project that has already passed the End Of Life window back in 2012. Since ERS does not use the 2.0.x product line, the httpd 2.0.65 release has no impact on Pivotal ERS customers. vFabric ERS itself is in the process of reaching End Of Life on July 1 of 2014 (the subsequent year of technical guidance support excludes any patch updates). The last product release 4.0.3 shipped with httpd 2.2.17, and while further security updates are possible, they are considered unlikely. Only critical vulnerabilities will be addressed prior to the End Of Life for ERS httpd-2.2 based products, and customers should promptly transition from ERS httpd-based products to the vFabric Web Server. This will ensure their systems continue to benefit from enhancements, bug fixes, and security updates of any severity.
|>> Interested in upgrading your ERS licenses? Perpetual customers get a no-cost exchange of ERS licenses for vFabric Web Server (vFWS) licenses, which includes an (1:1) exchange of their remaining support contract. Current subscription customers can renew with vFWS at the same cost as their ERS renewal. To upgrade your ERS licenses to Pivotal’s Web Server or request professional services, contact VMware sales at 1-877-486-9273.|
Planning for Apache httpd 2.4
While Apache httpd 2.4 is still not widely deployed, there is much optimism towards the project for its ability to overtake the widely used httpd 2.2. There are a few key reasons:
- mod_perl, a staple for many httpd users, has received a great deal of httpd 2.4 compatibility attention this year; many OS vendors and distributors had deferred bundling Apache httpd 2.4 as they waited on mod_perl compatibility.
- With several Linux distributions now picking up the httpd 2.4 flavor, and several popular third party module releases introducing httpd 2.4 compatibility, the prospects look bright for enterprise adoption of Apache httpd 2.4 over the coming year.
Pivotal remains committed to the success of the Apache httpd project and continues to offer enhancements and bug fixes identified by our customers upstream to the respective projects. Look for more information and updates about Apache httpd 2.4 in upcoming blog posts.
About Pivotal vFabric Web Server
Pivotal vFabric Web Server is a commercially supported run-time package supporting Linux, Solaris and Windows operating systems on several CPU architectures. It is based on Apache Web Server project’s httpd source, and shares that open source code with few exceptions. Among other differences, it differs from the default Apache httpd package in several respects, including support for multiple ‘instances’ running on different IP addresses or ports supporting different configurations, exposed services and alternate user and group credentials. The packages are built on the corresponding native compilers of each operating system with aggressive optimizations for the typical CPU models found in the modern datacenter. They ship with all of the library dependencies (such as openssl, openldap, etc) necessary for consistent behavior between architectures and to ease migration between platforms or multiple platform deployments.
Learn more about Pivotal Web Server:
- Read about the scale and economics of a lightweight runtime from a CTO, CIO, and architect’s perspective
- Q&A with one of Pivotal’s Tomcat Experts, Mark Thomas
- Check out the announcement and FAQ around the ERS End of Life on July 1, 2014
- Read over 30 posts about Pivotal Web Server and Pivotal ERS on the vFabric Blog
- Read about the product overview, features, downloads, and documentation
About the Author