Announce: Apache RAT 0.7
Aug/100
Hi, on behalf of the Apache RAT team, I'd like to announce the availability of Apache RAT 0.7. This is a feature release with several bug fixes and minor improvements over its predecessor, Apache RAT 0.6. An upgrade is recommended. For details on Apache RAT, see http://incubator.apache.org/rat The binary and source distribution are available from http://www.apache.org/dyn/closer.cgi/incubator/rat/ The Maven repository has been updated, and a new version of the Maven plugin is available as well. A new version of the Ant tasks is contained in the distribution. The following changes have been made in Apache RAT 0.7: - Add support for Python scripts, C source files, Unix shell scripts (.sh) and Windows batch files (.bat) (RAT-68) - Allow Ant task to output report as XML. (RAT-73) - Allow users to specify a custom XSLT stylesheet for reports (RAT-74, and RAT-75) - Optionally auto-add headers to source files. (RAT-76) Jochen
PHP 5.2.14 Released!
Jul/100
The PHP development team would like to announce the immediate
availability of PHP 5.2.14. This release focuses on improving the
stability of the PHP 5.2.x branch with over 60 bug fixes, some of which
are security related.
This release marks the end of the active support for PHP
5.2. Following this release the PHP 5.2 series will receive no further
active bug maintenance. Security fixes for PHP 5.2 might be published on a
case by cases basis. All users of PHP 5.2 are encouraged to upgrade to
PHP 5.3.
Security Enhancements and Fixes in PHP 5.2.14:
- Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
- Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
- Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
- Fixed a possible memory corruption in substr_replace().
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
- Fixed a possible stack exaustion inside fnmatch().
- Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
- Fixed handling of session variable serialization on certain prefix characters.
- Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.
Key enhancements in PHP 5.2.14 include:
- Upgraded bundled PCRE to version 8.02.
- Updated timezone database to version 2010.5.
- Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
- Fixed bug #52237 (Crash when passing the reference of the property of a non-object).
- Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
- Fixed bug #51822 (Segfault with strange __destruct() for static class variables).
- Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).
- Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").
To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a
migration guide available on http://php.net/migration53, details the changes between
PHP 5.2 and PHP 5.3.
For a full list of changes in PHP 5.2.14 see the ChangeLog at
http://www.php.net/ChangeLog-5.php#5.2.14.
[advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068
Jun/100
Vulnerability; httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068
Classification; important
Description;
A timeout detection flaw in the httpd mod_proxy_http module causes
proxied response to be sent as the response to a different request,
and potentially served to a different client, from the HTTP proxy
pool worker pipeline.
This may represent a confidential data revealing flaw.
This affects only Netware, Windows or OS2 builds of httpd version
2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha, when the proxy
worker pools have been enabled. Earlier 2.2, 2.0 and 1.3 releases
were not affected.
Acknowledgements;
We would like to thank Loren Anderson for the thorough research
and reporting of this flaw.
Mitigation;
Apply any one of the following mitigations to avert the possibility
of confidential information disclosure.
* Do not load mod_proxy_http.
* Do not configure/enable any http proxy worker pools with ProxySet
or ProxyPass optional arguments.
* The straightforward workaround to disable mod_proxy_http's reuse
of backend connection pipelines is to set the following global
directive;
SetEnv proxy-nokeepalive 1
* Replace mod_proxy_http.so with a patched version, for source code
see http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/ or
http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/ and for
binaries see the http://www.apache.org/dist/httpd/binaries/ tree
for win32 or netware, as appropriate.
* Upgrade to Apache httpd 2.2.16 or higher, once released. There
is no tentative release date scheduled.
Update Released; 11th June 2010
Coming up on Beta 2: Sprint!
Apr/100
Early next week, we’re hoping to release the 2nd beta release of WordPress 3.0 on our journey toward the final version. There are still over 200 bugs in the 3.0 milestone, and we can use all the help we can get on fixing these problems. If you’re a developer, take a look at the list of bugs that still need fixing in 3.0. Write a patch, or test and give feedback on someone else’s. The tickets around custom post types and taxonomies are especially in need of help. Every little bit helps, so if you’re a developer who’s never contributed to core before, maybe now is the right time! Check out our information on contributing to WordPress core, and head over to Trac to see if there’s a problem you might know how to fix. If you get stuck, need collaborators, or have a question about the best way to approach a fix, hop into the dev channel on IRC at irc.freenode.net, channel #wordpress-dev. Core developers will be around over the weekend working on bugs themselves, so if you’re trying to help, don’t be afraid to ask questions. With your help, maybe by Monday we can knock the bug count down to half of what it is right now. How great would that be? (Answer: pretty great)
The sprint will go full force until Monday afternoon, when the lead developers and core committers will all stop to take a breath and look at the remaining bug reports to see how we did over the weekend, so don’t wait! And thanks!
Volvo Cars of North America Launches Re-designed Web Site: New Community Section Features Official Blog, volvoblog.us
Apr/100
Volvo Cars of North America (VCNA), recently launched a re-designed version of its Web site, volvocars.com/us. (PRWeb Apr 13, 2010)
Read the full story at http://www.prweb.com/releases/Volvo_Cars/Volvo_blog/prweb3857714.htm
Vodafone to bring the benefits of the internet to many more people in developing markets
Apr/100
Vodafone is seeking to bring the benefits of the internet to more people in developing markets through the launch of a customized version of the Opera Mini browser designed to run on low-cost handsets on 2G networks.
[ANNOUNCE] Apache Commons JEXL 2.0.1 released
Apr/100
The Apache Commons team is pleased to announce the release of version 2.0.1 of Commons JEXL. JEXL is an Expression Language supporting most of the constructs in the JSTL Expression Language, along with some additional extensions. As a library, it is intended to facilitate the implementation of dynamic and scripting features in applications and frameworks. Version 2.0.1 is a hotfix release correcting issues discovered in version 2.0. Source and binary distributions are available for download from the Apache Commons JEXL download site: http://commons.apache.org/jexl/download_jexl.cgi Please verify signatures using the KEYS file available at the above location when downloading the release. For more information on Apache Commons JEXL, visit the JEXL home page: http://commons.apache.org/jexl/ Feedback, suggestions for improvement or bug reports are welcome via the "Mailing Lists" and "Issue Tracking" links here: http://commons.apache.org/jexl/project-info.html Henri Biestro - On behalf of the Apache Commons community
TIM is the first carrier in Brazil to offer the newest version of the Opera Mini 5 browser to its clients
Mar/100
Starting today, TIM, through a partnership with Opera Software, will offer the new version of the Opera Mini browser to its client base. The application, available as a free download, delivers a PC-like experience, with Web pages being displayed as they would on a desktop computer.