File Release Notes and Changelog
Release Name: 2.5.9
Notes: This release fixes a potential DoS vulnerability discovered by "Internet Security Auditors" when parsing multipart requests. Additionally, the release cleans up the build process and adds a few features, including atomic updates of persistent counters and macro expansion of the append/prepend actions. It is highly recommended to upgrade to this release. NOTE: A pre-released copy of 2.5.9 was inadvertently uploaded. If you downloaded prior to 11 March 2009 at 23:25 PDT, then you may have the wrong version and should verify. These versions only differed in documentation, however.
Changes: * Fixed parsing multipart content with a missing part header name which would crash Apache. Discovered by "Internet Security Auditors" (isecauditors.com). * Added ability to specify the config script directly using --with-apr and --with-apu. * Updated copyright year to 2009. * Added macro expansion for append/prepend action. * Fixed race condition in concurrent updates of persistent counters. Updates are now atomic. * Cleaned up build, adding an option for verbose configure output and making the mlogc build more portable.