Apache HTTP Server 2.0.65 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the final 2.0 release version 2.0.65 of the Apache HTTP Server ("Apache"). This version of Apache will be the last 2.0 bug and security fix release, covering many but not all issues addressed in the stable 2.4 and legacy 2.2 released versions:

The Apache HTTP Project thanks Ramiro Molina, Norman Hippert, halfdog, and Context Information Security Ltd for bringing these issues to the attention of the project security team.

Apache HTTP Server 2.0.65, as well as the current stable release 2.4 and legacy release 2.2 are available for download from;

Please see the CHANGES_2.0 file, linked from the above page, for a full list of changes. A condensed list, CHANGES_2.0.65 provides the complete list of changes since 2.0.64. A summary of the security vulnerabilities addressed in this and earlier releases is available:

This release includes the Apache Portable Runtime (APR) release 0.9.20, and APR Utility Library (APR-util) release 0.9.19, bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libiconv version 0.9.7) must all be updated to ensure binary compatibility and address many known platform bugs.

This release is compatible with modules compiled for 2.0.42 and later versions. The Apache HTTP Project developers strongly encourages all users to migrate to Apache stable release 2.4 or at minimum version the legacy release 2.2 as quickly as possible, as no further maintenance will be performed on this historical version 2.0.