For those that may have missed it, vFabric Web Server 5.2.1 is now available.
Here is the list of new features and changes:
- Updated Apache Portable Runtime. The Apache Portable Runtime (APR) is upgraded from 1.4.5 to 1.4.6.
- Disabled SSL/TLS Compression. OpenSSL compression is now disabled by default for protection against the CRIME exploit vector. The mod_ssl "SSLCompression on" configuration option is added to allow the administrator to re-enable compression. See Vulnerability Summary for CVE-2012-4929.
- Proxy Balancer Enhancement. mod_proxy_balancer is enhanced with the drain worker status flag to set a proxy worker to accept only sticky session routes. See ASF Bug 51247.
- FcgidWrapper Directive Fix. A bug in the FcgidWrapper directive's command line argument that caused incorrect parsing of quotation marks and escaped spaces is fixed. See ASF Bug 51194.
- httpdctl Fix. Running the httpdctl script without specifying a command line option no longer causes an error.
- Security Enhancement. The fix in APR 1.4.6 to randomize hash algorithms is incorporated in vFabric Web Server 5.2.1. This fix is responsive to oCert Advisory 2011-003. Although VMware is unaware of any exploitation of the potential risk described in the advisory, the fix is provided for the benefit of users who run version-sensitive compliance tools.