Apache HTTP Server 2.4.1 Released

Apache Software Foundation announced the release of 2.4.1 version of the Apache HTTP server. This release brings in several new enhancements, features and bug fixes. Apache is known to be the most popular web server, powering about 58% of the web’s active sites. Some of the new features in 2.4 release include:

  • Loadable Multi-Processing Modules(MPM) allows for modules to be configured as loadable modules at compile time
  • Event MPM is no longer an experimental module
  • Better async support
  • Per-module and per-directory LogLevel configuration allows for more in-depth log capture and analysis
  • KeepAlive timeouts can now be configured in milliseconds
  • Reduced memory footprint

The 2.4 release also comes with some new modules, including

  • mod_proxy_fcgi which is a FastCGI Protocol backend for mod_proxy
  • mod_proxy_scgi which is a SCGI Protocol backend for mod_proxy
  • mod_proxy_html which supports fixing of HTML links in a reverse proxy situation
  • mod_auth_form allows for form-based authentication
  • mod_lua allows for embedding Lua into httpd

Some of the existing modules have been enhanced, including mod_ssl, mod_proxy, mod_rewrite amongst others. For developers, a full listing of API changes in 2.4 is available over here. A summary of vulnerabilities that have been fixed is available over here. While Apache Software Foundation encourages users of prior versions to upgrade, they do mention that modules written for Apache 2.2 may require recompilation and/or minimal source code changes. The announcement has an advisory mentioning that Apache 2.4.1 might not be suitable for all Windows servers, due to interoperability issues with mod_ssl and the server’s AcceptFilter feature. As of now, there is no binary package of Apache available and it should be made available as soon as the dependent components graduate out of their current beta state. For the rest, the release can be downloaded from here.