apache2 (2.2.3-4+etch4) stable; urgency=low
To avoid possible cross site scripting attacks with browsers that do not
correctly derive the character set and content type according to RFC 2616,
apache2 now explicitly sets these attributes for the directory indexes
created by mod_autoindex and mod_proxy_ftp. The default charset used is
iso-8559-1.
If you use mod_autoindex and use UTF-8 as charset for your filenames, you
should add Charset=UTF-8 to the IndexOptions directive in
/etc/apache2/apache2.conf .
If you use mod_proxy_ftp, you can adjust the default charset used for its
directory indexes with the ProxyFtpDirCharset directive in
/etc/apache2/mods-available/proxy.conf . You can also use ProxyFtpDirCharset
inside blocks to set the charset for specific servers.
-- Stefan Fritsch Sun, 27 Jan 2008 18:59:40 +0100
apache2 (2.2.3-4+etch1) unstable; urgency=low
Note to
- users of mod_disk_cache, and
- users of mod_proxy who have upgraded from apache2 2.0.x (as in Debian
"sarge" 3.1) to 2.2.3-4 (as in Debian "etch" 4.0r0). If you are directly
upgrading from 2.0.x to 2.2.3-4+etch1 (Debian "etch" 4.0r1), or doing a
new installation, you are not affected.
If mod_proxy was enabled at the time of the upgrade from 2.0.x to 2.2.3-4,
mod_disk_cache was enabled and disk caching switched on. This could lead to
the /var partition being filled up by the indefinitely growing disk cache.
From version 2.2.3-4+etch1, disk caching is again switched off in the
default configuration of mod_disk_cache, as it was in 2.0.x. If you had
mod_proxy enabled during the upgrade from 2.0, you should check whether
/var/cache/apache2/mod_disk_cache contains files that you don't want to be
there.
Users of mod_disk_cache should read the comments in
/etc/apache2/mods-available/disk_cache.conf and check that their
configuration is correct.
-- Stefan Fritsch Wed, 13 Jun 2007 19:53:03 +0200
apache2 (2.2.3-4) stable; urgency=low
Note to users upgrading from Debian 3.1 "sarge":
Apache2 in Debian 4.0 "etch" is Apache 2.2.x, which has many changes from
version 2.0.x in sarge. You will need to adjust your configuration to the
new features and configuration syntax. For example:
* There have been many changes related to authentication and authorization.
* The startssl option has been removed and SSL is no longer defined. You
might need to change some to .
* The MSIE SSL workaround has been removed from
/etc/apache2/mods-available/ssl.conf and needs to be added inside your SSL
VirtualHost configuration section (see README.Debian).
You also need to recompile any self-compiled modules.
See the upgrading information at
http://httpd.apache.org/docs/2.2/upgrading.html
or, if you have apache2-doc installed and your apache is running, at
http://localhost/manual/upgrading.html
-- Stefan Fritsch Sun, 08 Jul 2007 22:07:05 +0200