Apache has been the most popular web server on the Internet since 1996.

The Apache project is an effort to develop and maintain an open-source HTTP server for various modern desktop and server operating systems, such as UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server which provides HTTP services in sync with the current HTTP standards.

What´s New in version 2.2.22:

• SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Joe Orton]
• SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. [Stefan Fritsch, Greg Ames]
• SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. [Joe Orton]
• SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. PR 52256. [Rainer Canavan ]
• SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. [Joe Orton]
• SECURITY: CVE-2012-0053 (cve.mitre.org) Fix an issue in error responses that could expose 'httpOnly' cookies when no custom ErrorDocument is specified for status code 400. [Eric Covener]
• mod_proxy_ajp: Try to prevent a single long request from marking a worker in error. [Jean-Frederic Clere]
• config: Update the default mod_ssl configuration: Disable SSLv2, only allow >= 128bit ciphers, add commented example for speed optimized cipher list, limit MSIE workaround to MSIE <= 5. [Kaspar Brand]
• core: Fix segfault in ap_send_interim_response(). PR 52315. [Stefan Fritsch]
• mod_log_config: Prevent segfault. PR 50861. [Torsten F?rtsch ]
• mod_win32: Invert logic for env var UTF-8 fixing. Now we exclude a list of vars which we know for sure they dont hold UTF-8 chars; all other vars will be fixed. This has the benefit that now also all vars from 3rd-party modules will be fixed. PR 13029 / 34985. [Guenter Knauf]
• core: Fix hook sorting for Perl modules, a regression introduced in 2.2.21. PR: 45076. [Torsten Foertsch ]
• Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20: A range of '0-' will now return 206 instead of 200. PR 51878. [Jim Jagielski]
• Example configuration: Fix entry for MaxRanges (use 'unlimited' instead of '0'). [Rainer Jung]
• mod_substitute: Fix buffer overrun. [Ruediger Pluem, Rainer Jung]