Apache has released version 2.4.66 Release Candidate (RC1), featuring several significant updates and fixes. Key changes include improvements to mod_http2, addressing issues with cached content and push diary management, as well as enhancements to mod_md, which now allows administrators to control certificate renewal checks after server restarts. The release also includes security hardening for mod_md and a fix for minor memory leaks in OpenSSL's BIGNUM handling. Additionally, various other modules have been updated to offer improved features, such as the ability to set error thresholds in mod_http2 and enhanced proxy configuration error support in mod_proxy_http2.

Apache 2.4.66 RC1 released

Apache has released its latest test version, Apache 2.4.66 Release Candidate (RC1).

One big change involves mod_http2; it's been updated and fixes several major issues. There was a bug related to the mod_cache module where it handled HTTP responses incorrectly, which could mess up cached content. That issue is now addressed, along with another fix for calculation errors affecting push diary management or proxy window size calculations.

Then there's mod_md, also seeing notable upgrades in version 2.6.5 (not to be confused with the main server release). A key new feature allows administrators to control how long their server waits after restarting before it starts checking for certificate renewals, using a directive called MDInitialDelay.

Security is another focus area. The hardening of mod_md has been improved so that if you're dealing with locally stored OCSP responses lacking certain 'valid' keys, the system won't act up or get stuck on unnecessary refreshes.

The developers also even have a small fix for version 2.6.5 itself regarding OpenSSL's BIGNUMs handling to prevent minor memory leaks when resources are allocated, and importantly, it adds support for resetting curl easy handles properly; this prevents headaches down the road from mishandling these handles during operation.

These changes represent just part of what RC1 brings; there are significant enhancements spread across different parts. For example, mod_http2 introduces a new directive called H2MaxStreamErrors that lets you set exactly how many errors between client and server can occur before they decide to break the connection.

Similarly, support for overriding proxy configuration errors has been added to mod_proxy_http2. The mpm_common module now offers better control with a ListenTCPDeferAccept setting, allowing you to specify details related to TCP_DEFER_ACCEPT socket options on listen ports.

Finally, Apache's core SSL handling via mod_ssl gets an upgrade thanks to the new SSLVHostSNIPolicy directive that manages virtual host compatibility settings more effectively.

Check out the official release notes and changelog for all the gritty technical details specific to this release candidate. And if you're itching to dive in and test things yourself, head over to the Apache HTTPD GitHub page link provided below for your convenience:

Release Apache/HTTPd 2.4.66-rc1-candidate

2.4.66-rc1-candidate

Release 2.4.66-rc1-candidate · apache/httpd