Is Apache http server 2.5/2.6 available now? - apache

I want to keep the my Apache HTTP server to its latest version. So I check https://httpd.apache.org/ and it says 2.4.48 is the latest version. I also check https://en.wikipedia.org/wiki/Apache_HTTP_Server#Versions and it says the latest version is 2.4.48 (June 1, 2021; 2 months ago[2])
However, I also see this https://httpd.apache.org/docs/trunk/ and it seems there is 2.5/2.6 version available. I click "New features with Apache 2.5/2.6" link in the page, but get "page not found" error. So, what is the problem?

Apache httpd uses the classic three numbers versioning scheme
Major.Minor.Patchlevel
and uses the Minor version number to distinguish between development versions (odd Minor number) and stable, released versions (even Minor number).
So 2.4.52 is the most recent released version as of the time of this writing.
The 2.5.x versions also exist, being in-progress unstable and unreleased development versions targetted at developers only. Once the 2.5 series matures and is considered to be ready for a release, it will become the 2.6 stable series, successor of the 2.4 stable series. (Just as the 2.4 series is the successor of the 2.2 series, with all 2.3.x versions being unstable development versions leading up to 2.4.0.)
There is not version 2.6.x yet, as development hasn't finished so far.
Unfortunately, I could not find any official informatin on the Apache httpd website detailing this.

Related

Typo3 6.2 Upgrade Version Matrix Issue

I am trying to upgrade from Typo3 6.2 to a later version (to be determined). When I run the Core Update in the install tool the 'Fetched list of released versions' works, however, it is then followed by a 'General error'. In the log, this is the error:
Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1380898792: No version matrix found in registry, call updateVersionMatrix() first. | TYPO3\CMS\Install\Service\Exception\CoreVersionServiceException thrown in file /home/usr/public_html/typo3/sysext/install/Classes/Service/CoreVersionService.php in line 271. Requested URL: https://domain.dev/typo3/sysext/install/Start/Install.php?install[action]=importantActions&install[context]=backend&install[controller]=tool&install%5Bcontroller%5D=ajax&install%5Baction%5D=coreUpdateIsUpdateAvailable&_=1608549770287
I have looked around for ages and can't find a fix that works. I will be very grateful for any help, please.
I don't think that you can update such an old Version by the install-tool update mechanism any more. since that version a lot has changed.
newer versions of 6.2 are only available as paid service (ELTS) from the TYPO3 GmbH.
And I think the server structure also changed meanwhile so that old ULRs might fail.
your way of update should be a manual update to (any outdated version of) 7 LTS, then the same for 8 LTS until you come to 9 LTS and 10 LTS
on each version do the upgrade wizards and fresh up the extensions if possible (including the upgrade wizards of the extensions).
individual extensions need their own updates.
use the deprecation log on each version to identify possible failures for the next TYPO3 version.
somewhere between you might change the installation to composer installation, which will result in a cleaner update way (if you are familiar with composer). for the future it will be very helpful to understand composer.

How to determine the latest OpenSSL version

What is the most reliable source to find the latest version number?
Is it github?
And if yes, which version should I take?
Right now, here is what I see:
Should I take the 1.0.2k?
But then 1.1.0d seems like it is more recent (if it follows semantic versioning). What do the letters actually mean?
Note: in my case this is to compile an openssl version with nginx.
Last time I picked (quite randomly) the version 1.0.2h which seemed the latest at the time.
So what is the process to follow to find the latest openssl version?
https://www.openssl.org/ shows which version are current and supported.
Currently there are two major versions in development: 1.1.0 and 1.0.2. 1.1.0 is newer and has more features. But due to the cleanups between 1.0.2 and 1.1.0 lots of undocumented API (i.e. things which never were an official API but got used anyway since no official API existed) got broken and not all software works or works stable with 1.1.0 yet. Also, 1.1.0 tends to introduce not only features but also bugs faster than 1.0.2 when looking at the release history. And with 1.1.0 the chance is higher that documented behavior changes even between patch releases.
Thus if you need the new features with 1.1.0 then go with it. If you prefer a more stable version with a smaller chance of bugs use 1.0.2. In all cases you should always use the latest patch release and keep using it if new patches get released or backport security patches.

Why do Linux distributions ship outdated CMake versions?

Ubuntu shipped CMake 2.8 when version 3.3 was the current version. Other Linux distributions do it similar. Is there a reason like backwards-compatibility issues with CMake 3.0?
I found plenty of people willing to explain how to upgrade CMake to the latest version, but couldn't figure out why it wasn't done by default. I'd like to understand the mentality of keeping it back before I decide to override the decision and upgrade it myself.
Depends on the Linux distribution you're using. A distribution's maintainers cannot ship future versions and often they don't upgrade version with updates as it might break existing applications.
CMake 3.0 has some minor incompatibilities. More important, it got new features and some bugs were fixed. If software relys on these, you'll need a new version.
Btw: With CMake 2.8 the third part of the version number is relevant. They stayed a long time with 2.8.x and added features with increasing x. Then they could not update to 2.9 or 2.10, thus they decided to change the version scheme and increase y in 3.y.
Your question applies to a wider range of software. It is a general question, whether a distribution should stick to defined versions of software they provide or whether they should update it and potentially break the costumers' setup. Enterprise distributions like RHEL or SLE are very conservative and fix bugs for at least a decade. Ubuntu updates it distribution every six month but you can stick to the LTS for three years. Fedora even updates some key components like the kernel after the release. Arch Linux and openSuse Tumbleweed are rolling releases, the update their software almost on a daily bases, when the upstream updates publish new versions.

Using httpd 2.4 instead of 2.2 on centos 6

I use Centos 6.5, I've installed apache 2.2 on my server by yum, I want to upgrade my apache to 2.4, but yum not support that, so I download apache 2.4.7 and install it to opt/apache/httpd-2.4.7 follow the tutorial here: Apache 2.4.x Manual install on RHEL 6.4 - No apache modules will load on start . I want to change environment variables to new apache version to write apache 2.4 modules (change include folder for header file, change "modules" folder when build with apxs,...). I think I must install another httpd-devel for apache 2.4.7, because I still not install httpd-devel-2.4.7, but I don't know how to install and use it instead of httpd-devel-2.2 by yum. I can not describe my problems clearly in English, so I hope you can understand it. I'm a newbie and I really need your help. Thank you!
CentOS is image of RHEL, which stands for Red Hat Enterprise Linux. RHEL is designed to be an "Enterprise class" operating system, in which you rely on software packages that are delivered from controlled repositories where they are made available only after being thoroughly tested for Enterprise level use.
From that point of view, its generally not a good idea to install packages from source code, or using third party RPMs, because once you do, your OS is no longer "Enterprise" class.
If you're trying to upgrade for security reasons, you shouldn't. Critical security updates are always backported in previous RPM releases, so you only have to update your current package from the same yum repo from where you got it first. The binary will still say it is Apache 2.2, but it will have the latest security updates.
If you need an actual feature of 2.4, the smart move is to upgrade your CentOS. It may seem like the harder option initially, but it never is in the long run.
In my experience these reports can be fairly basic/binary:
Are you running the latest version of the software? If no flag as security risk.
However this fails to take into account package managers which back port fixes to older versions and so often have addressed potential security issues.
By moving away from the packaged version you are making security updates more difficult (as can't do a simple "yum update" to address them anymore).
Apache 2.2 is still maintained for security and bug fixes - though how long for remains to be seen and it is falling further and further behind in features.
So often you just need to explain (and prove!) you have a regular patching process and so the "version of Apache" you are reporting is not really accurate in terms of security patching.
See here for more details: https://serverfault.com/questions/731657/pci-compliance-apache-versions/
Saying all that we moved to Apache 2.4 on centos a while back for some extra features we wanted and just upgrade it to the latest version as part of regular patching cycle and are not finding it too inconvenient. Yes it's not quite as simple as "yum update" but it's a decision we've made because of some features we required. Not a decision to be taken lightly as Garreth states but it had the added side effect of this not getting highlighted anymore in these sorts of security scans :-)
We made this decision despite upgrading to a newer version of Red Hat as that was still on an older version of Apache (2.4.7 if memory serves me correctly) which still missed a few features we required. Sometimes it's frustrating how far behind some of these "enterprise" versions are, but that's the downside when there are plenty of upsides to using them too (stability, security... etc.).

Apache version 2.1 - What is the deal?

I've been given an assignment to confiure apache v2.1 (on any platform) as a reverse proxy.
Installing Apache2 on Ubuntu gave me version 2.2, but I can't find reference to a version 2.1 for download anywhere. I've seen references to v2.1 in the documentation but under 2.2.
Is it possible to get v2.1?
Apache 2.1 was the development version for Apache 2.2. So Apache 2.1 and 2.2 are essentially the same.
AFAIK, odd number releases are development version, and even numbered are production versions (So 2.3 is the current "development", and will become 2.4 is due time).
Why anyone would ask you to specifically install this version, I do not know, but unless you have a very good reason to do otherwise, just install the latest version.