AOLserver 4.0.7 released
On behalf of the AOLserver Team, I have the honor of announcing the latest point release of AOLserver: 4.0.7.
This version is primarily a bug fix release following version 4.0.6. A summary of changes is provided at the end of this document.
NOTE: This release corrects a serious flaw in 4.0.6 where a non-compliant HTTP/1.1 request can crash the server, resulting in a Denial of Service. Everyone is urged to skip the 4.0.6 release and either remain on 4.0.5 or upgrade to 4.0.7 immediately.
WHAT IS AOLSERVER?
AOLserver is America Online’s Open-Source web server. AOLserver is the backbone of the largest and busiest production environments in the world. AOLserver is a multithreaded, Tcl-enabled web server used for large scale, dynamic web sites.
Visit the project’s website:
HOW CAN I GET AOLSERVER?
Download the source code from SourceForge:
I FOUND A BUG! WHAT DO I DO?
File it in the Bug Tracker at SourceForge:
IS THERE A MAILING LIST? WHERE’S THE USER COMMUNITY?
Yes! There’s an announcements-only and a general discussion mailing list. Instructions on how to subscribe are here:
There is also a wiki-web set up for AOLserver:
CHANGES SINCE LAST RELEASE?
Fix bug where internal redirect for 401 omitted including the HTTP auth. “WWW-Authenticate:” header. Fixes bug #674033.
Ns_GetAddrByHost() reports errors via Ns_Log(), so calls to it should be done after Ns_Log has been initialized, otherwise very unhelpful error messages are produced. In particular, this happens when the server is started and the hostname as returned by gethostname() cannot be resolved, because the network interface is down AND no entry exists in /etc/hosts. Closes SF Bug #868362.
Setting request->method to static storage, which later gets ns_free()’d in Ns_FreeRequest(), causes the server to crash.