If you're new here, you may want to subscribe to my RSS feed. So that you can read the latest updates about Web2.0 tools, Making Money Online, Tips in SEO, Ajax and many more. Thanks for visiting ProgramimiCOM!

The Apache Lucene Project has released the version 2.3.0 of Lucene Java.

Many new features, optimizations, and bug fixes have been added since 2.2, including:

• significantly improved indexing performance
• segment merging in background threads
• refreshable IndexReaders
• faster StandardAnalyzer and improved Token API
• TermVectorMapper to customize how term vectors are loaded
• live backups (without pausing indexing) with SnapshotDeletionPolicy
• CheckIndex tool to test & recover a corrupt index
• pluggable MergePolicy & MergeScheduler
• “partial” optimize(int maxNumSegments) method
• New contrib module for working with Wikipedia content

The detailed change log is at: http://svn.apache.org/repos/asf/lucene/java/tags/lucene_2_3_0/CHANGES.txt

Lucene 2.3 includes index format changes that are not readable by older versions of Lucene. Lucene 2.3 can both read and update older Lucene indexes. Adding to an index with an older format will cause it to be converted to the newer format.

Binary and source distributions are available at http://www.apache.org/dyn/closer.cgi/lucene/java/

Lucene artifacts are also available in the Maven2 repository at http://repo1.maven.org/maven2/org/apache/lucene/

—-

– The Apache Lucene Project

[ Category : Apache Lucene ]

• 0 Comments

The Apache HttpComponents project is pleased to announce the release of HttpComponents HttpCore 4.0-beta1. This release can be considered a major milestone, as it marks the end of API instability in HttpCore. As of this release the API compatibility between minor releases in 4.x codeline will be maintained.

This release includes several major improvements such as enhanced HTTP message parsing API and optimized parser implementations, Java 5.0 compatibility for HttpCore NIO extensions.

The focus of the development efforts will be gradually shifting towards providing better test coverage, documentation and performance optimizations.

Download - http://hc.apache.org/downloads.cgi

Release notes - http://www.apache.org/dist/httpcomponents/httpcore/RELEASE_NOTES.txt

HttpComponents site - http://hc.apache.org/

About HttpComponents Core - The HttpCore components implement the most fundamental aspects of the HTTP protocol. They are nonetheless sufficient to develop basic client side and server side HTTP services with a minimal footprint and no external dependencies. HttpCore NIO extensions can be used to build asynchronous HTTP services based on non-blocking I/O model capable of handling a great number of simultaneous connections with just a few I/O threads.

HttpCore will form the foundation of the future releases of Apache HttpClient.

—-

– The Apache HttpComponents Project

[ Category : Apache HttpComponents ]

• 0 Comments

Apache Hadoop is now Top Level Project (TLP) in the Apache Software Foundation with its new website : http://hadoop.apache.org/ Apache Hadoop is a software platform that lets one easily write and run applications that process vast amounts of data - it had been developed under the Apache Lucene Project.

[ Category : Apache Hadoop ]

• 0 Comments

Apache HTTP Server 2.2.8 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.8 of the Apache HTTP Server (”Apache”). This version of Apache is principally a bug and security fix release. The following potential security flaws are addressed:

• CVE-2007-6421 (cve.mitre.org)
  
  mod_proxy_balancer: Correctly escape the worker route and the worker redirect string in the HTML output of the balancer manager. Reported by SecurityReason.

  A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer is enabled, a cross-site scripting attack against an authorized user is possible.

• CVE-2007-6422 (cve.mitre.org)
  
  Prevent crash in balancer manager if invalid balancer name is passed as parameter. Reported by SecurityReason.

  A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer is enabled, an authorized user could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module.

• CVE-2007-6388 (cve.mitre.org)
  
  mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason.

  A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.

• CVE-2007-5000 (cve.mitre.org)
  
  mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.

  A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible.

We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.

Apache HTTP Server 2.2.8 is available for download from:

http://httpd.apache.org/download.cgi

Apache 2.2 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase. For an overview of new features introduced since 2.0 please see:

http://httpd.apache.org/docs/2.2/new_features_2_2.html

Please see the CHANGES_2.2 file, linked from the download page, for a full list of changes. A condensed list, CHANGES_2.2.8 provides the complete list of changes since 2.2.6 (2.2.7 was not released). A summary of security vulnerabilities which were addressed in the previous 2.2.6 and earlier releases is available:

http://httpd.apache.org/security/vulnerabilities_22.html

Apache HTTP Server 1.3.41 and 2.0.63 legacy releases are also currently available. See the appropriate CHANGES from the url above. See the corresponding CHANGES files linked from the download page. The Apache HTTP Project developers strongly encourage all users to migrate to Apache 2.2, as only limited maintenance is performed on these legacy versions.

This release includes the Apache Portable Runtime (APR) version 1.2.12 bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libapriconv) must all be updated to ensure binary compatibility and address many known platform bugs.

This release builds on and extends the Apache 2.0 API. Modules written for Apache 2.0 will need to be recompiled in order to run with Apache 2.2, and require minimal or no source code changes.

http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING

When upgrading or installing this version of Apache, please bear in mind that if you intend to use Apache with one of the threaded MPMs (other than the Prefork MPM), you must ensure that any modules you will be using (and the libraries they depend on) are thread-safe.

—-

– The Apache Software Foundation and the Apache HTTP Server Project

[ Category : Apache HTTP ]

• 0 Comments

Apache HTTP Server 2.0.63 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the legacy release of version 2.0.63 of the Apache HTTP Server (”Apache”). This Announcement notes the significant changes in 2.0.63 as compared to 2.0.61 (2.0.62 was not released). This Announcement 2.0 document may also be available in multiple languages at:

http://www.apache.org/dist/httpd/

This version of Apache is principally a bug and security fix release. The following potential security flaws are addressed:

• CVE-2007-6388 (cve.mitre.org)
  
  mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason.

  A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.

• CVE-2007-5000 (cve.mitre.org)
  
  mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.

  A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible.

Please see the CHANGES_2.0.63 file in this directory for a full list of changes for this version.

This release is compatible with modules compiled for 2.0.42 and later versions. We consider this release to be the best version of Apache 2.0 available and encourage users of all prior versions to upgrade.

This release includes the Apache Portable Runtime library suite release version 0.9.17, bundled with the tar and zip distributions. These libraries; libapr, libaprutil, and on Win32, libapriconv must all be updated to ensure binary compatibility and address many known platform bugs.

Apache HTTP Server 2.0.63 is available for download from

http://httpd.apache.org/download.cgi

Please see the CHANGES_2.0 file, linked from the above page, for a full list of changes. A condensed list, CHANGES_2.0.63 provides the complete list of changes since 2.0.61.

Apache 2.0 offers numerous enhancements, improvements, and performance boosts over the 1.3 codebase. For an overview of new features introduced after 1.3 please see

http://httpd.apache.org/docs/2.0/new_features_2_0.html

When upgrading or installing this version of Apache, please keep in mind the following: If you intend to use Apache with one of the threaded MPMs, you must ensure that the modules (and the libraries they depend on) that you will be using are thread-safe. Please refer to the documentation of these modules and libraries to obtain this information.

Apache 2.2 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase. For an overview of new features introduced after 2.0 please see

http://httpd.apache.org/docs/2.2/new_features_2_2.html

We consider Apache 2.2 to be the best available version at the time of this release. We offer Apache 2.0.63 as the best legacy version of Apache 2.0 available. Users should first consider upgrading to the current release of Apache 2.2 instead.

—-

– The Apache Software Foundation and The Apache HTTP Server Project

[ Category : Apache HTTP ]

• 0 Comments

Apache HTTP Server 1.3.41 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 1.3.41 of the Apache HTTP Server (”Apache”). This Announcement notes the significant changes in 1.3.41 as compared to 1.3.39 (1.3.40 was not released).

This version of Apache is is principally a bug and security fix release. The following potential security flaws are addressed:

• CVE-2007-6388 (cve.mitre.org)
  
  mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason.

  A flaw was found in the mod_status module. On sites where
  mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.

• CVE-2007-5000 (cve.mitre.org)
  
  mod_imap: Fix cross-site scripting issue. Reported by JPCERT.

  A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible.

• CVE-2007-3847 (cve.mitre.org)
  
  mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. With Apache 1.3, the denial of service vulnerability applies only to the Windows and NetWare platforms.

Please see the CHANGES_1.3.41 file in this directory for a full list of changes for this version.

Apache 1.3.41 is the current stable release of the Apache 1.3 family. We strongly recommend that users of all earlier versions, including 1.3 family release, upgrade to to the current 2.2 version as soon as possible.

We recommend Apache 1.3.41 version for users who require a third party module that is not yet available as an Apache 2.x module. Modules compiled for Apache 2.x are not compatible with Apache 1.3, and modules compiled for Apache 1.3 are not compatible with Apache 2.x.

Apache 1.3.41 is available for download from

http://httpd.apache.org/download.cgi

This service utilizes the network of mirrors listed at:

http://www.apache.org/mirrors/

Binary distributions may be available for your specific platform from

http://www.apache.org/dist/httpd/binaries/

Binaries distributed by the Apache HTTP Server Project are provided as a courtesy by individual project contributors. The project makes no commitment to release the Apache HTTP Server in binary form for any particular platform, nor on any particular schedule.

IMPORTANT NOTE FOR APACHE USERS: Apache 1.3 was designed for Unix OS variants. While the ports to non-Unix platforms (such as Win32, Netware or OS2) will function for some applications, Apache 1.3 is not designed for these platforms. Apache 2 was designed from the ground up for security, stability, or performance issues across all modern operating systems.
Users of any non-Unix ports are strongly cautioned to move to Apache 2.

The Apache project no longer distributes non-Unix platform binaries from the main download pages for Apache 1.3. If absolutely necessary, a binary may be available at http://archive.apache.org/dist/httpd/.

Apache is the most popular web server in the known universe; about 2/3 of the servers on the Internet run Apache HTTP Server, or one of its variants.

—-

Bugfixes addressed in 1.3.41 are:

More efficient implementation of the CVE-2007-3304 PID table patch. This fixes issues with excessive memory usage by the parent process if long-running and with a high number of child process forks during that timeframe. Also fixes bogus “Bad pid” errors.

—-

– The Apache Software Foundation and The Apache HTTP Server Project

[ Category : Apache HTTP ]

• 0 Comments

The Apache Commons team is pleased to announce the release of version 1.4 of Commons Pool. Commons Pool provides a general purpose object pooling API, an implementation toolkit and some pool implementations.

Version 1.4 is a maintenance release including numerous bug fixes. This release is source and binary compatible with version 1.3 of commons pool, but there are some behavior changes introduced to resolve bugs, remove ambiguity or improve robustness. The release notes included with the distributions provide details on bug fixes, changes and enhancements.

Source and binary distributions are available for download from the Apache Commons download site: http://commons.apache.org/downloads/download_pool.cgi

Please verify signatures using the KEYS file available at the above location when downloading the release.

For more information on Apache Commons Pool, visit the Pool home page: http://commons.apache.org/pool/

Feedback, suggestions for improvment or bug reports are welcome via the “Mailing Lists” and “Issue Tracking” links here: http://commons.apache.org/pool/project-info.html

—-

– The Apache Commons community

[ Category : Apache Commons ]

• 0 Comments

The Apache MyFaces Trinidad team is pleased to announce the release of Apache MyFaces Trinidad Core 1.2.5.

Apache MyFaces Trinidad (1.2.x) is a JavaServer(tm) Faces 1.2 component library.

Trinidad Core 1.2.5 is available in both binary and source distributions:

* http://myfaces.apache.org/trinidad/download.html

Apache MyFaces Trinidad is available in the central Maven repository under Group ID “org.apache.myfaces.trinidad”.

Release Notes:
https://svn.apache.org/repos/asf/myfaces/trinidad/tags/trinidad-1.2.5/RELEASE_NOTES

—-

– Apache MyFaces Trinidad Team

[ Category : Apache MyFaces ]

• 0 Comments

The Apache MyFaces Trinidad team is pleased to announce the release of Apache MyFaces Trinidad Core 1.0.5.

Apache MyFaces Trinidad is a JavaServer(tm) Faces 1.1 component library.

Trinidad Core 1.0.5 is available in both binary and source distributions:

* http://myfaces.apache.org/trinidad/download.html

Apache MyFaces Trinidad is available in the central Maven repository under Group ID “org.apache.myfaces.trinidad”.

Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310661&styleName=Html&version=12312858

—-

– Apache MyFaces Trinidad Team

[ Category : Apache MyFaces ]

• 0 Comments

The Apache POI developers are pleased to announce the release of Apache POI 3.0.2 BETA2 which is one of the final steps before the 3.0.2 FINAL.

Apache POI is well-known in the Java field as a library for reading and writing OLE2 office file formats, such as Excel, PowerPoint, Visio and Word.

The release contains a mixture of new features and bug fixes, compared to 3.0.1. A full list of changes is available in the change log: http://poi.apache.org/changes.html

The source and binaries can be downloaded from your local mirror: http://www.apache.org/dyn/closer.cgi/poi/dev/

The release is also available from the central Maven repository under Group ID “org.apache.poi”.

—-

– The Apache POI Team

[ Category : Apache POI ]

• 0 Comments