83 posts categorized "apache"

07/11/2013

Apache HTTP Server 2.2.25 Released

The Apache HTTP Server team released version 2.2.25 a short while ago. This version addresses two security vulnerabilities: CVE-2013-1896 and CVE-2013-1892 as well as 16 other fixes mostly covering issues with mod_ssl and mod_dav. Please see the Apache HTTP Server 2.2.25 changelog for more details.

You can download source and binaries from any of the Apache mirrors. Updates should be propogating out to all the mirror sites now.

02/25/2013

Apache HTTP Server 2.4.4 Released

The Apache HTTP Server project released version 2.4.4. Although there are quite a few bug fixes in this release, there are two cross-site scripting security vulnerabilities that are also fixed in this new version:

  • SECURITY: CVE-2012-3499 (cve.mitre.org)
    Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.

  • SECURITY: CVE-2012-4558 (cve.mitre.org)
    XSS in mod_proxy_balancer manager interface.

See the changelog for more information and download Apache HTTP Server v2.4.4 source and binaries from a mirror near you.

12/03/2012

vim Syntax Highlighter for Apache Logs

Version 4 of this useful plugin for vim was posted on vim scripts recently: A syntax highlilghter for apache and nginx access logs called httplog.vim

Installation is pretty easy--just drop it into your .vim/syntax folder and add the following line to your .vimrc. The docs say that you edit your filetype.vim file but that file will get replaced when you upgrade vim versions:

au BufRead *access.log* setf httplog

Open an access log up and enjoy some syntax-highlighted apache access log goodness. It looks like things are still in the early stages but this plugin is pretty handy. 

Incidentally, if you use default naming of your apache access logs and don't rotate them (which, you should not be doing), you can also add the following line to your .vimrc to grab log file names using "access_log" in their name:

au BufRead *access_log* setf httplog