AOLserver 4.0.7 Released
On behalf of the AOLserver Team, I have the honor of announcing the
latest point release of AOLserver: 4.0.7.
This version is primarily a bug fix release following version 4.0.6.
A summary of changes is provided at the end of this document.
NOTE: This release corrects a serious flaw in 4.0.6 where a
non-compliant HTTP/1.1 request can crash the server, resulting in
a Denial of Service. Everyone is urged to skip the 4.0.6 release
and either remain on 4.0.5 or upgrade to 4.0.7 immediately.
WHAT IS AOLSERVER?
AOLserver is America Online’s Open-Source web server. AOLserver is
the backbone of the largest and busiest production environments in
the world. AOLserver is a multithreaded, Tcl-enabled web server
used for large scale, dynamic web sites.
Visit the project’s website:
HOW CAN I GET AOLSERVER?
Download the source code from SourceForge:
I FOUND A BUG! WHAT DO I DO?
File it in the Bug Tracker at SourceForge:
IS THERE A MAILING LIST? WHERE’S THE USER COMMUNITY?
Yes! There’s an announcements-only and a general discussion mailing
list. Instructions on how to subscribe are here:
There is also a wiki-web set up for AOLserver:
CHANGES SINCE LAST RELEASE?
Fix bug where internal redirect for 401 omitted including the HTTP
auth. “WWW-Authenticate:” header. Fixes bug #674033.
Ns_GetAddrByHost() reports errors via Ns_Log(), so calls to it
should be done after Ns_Log has been initialized, otherwise very
unhelpful error messages are produced. In particular, this happens
when the server is started and the hostname as returned by
gethostname() cannot be resolved, because the network interface is
down AND no entry exists in /etc/hosts. Closes SF Bug #868362.
Setting request->method to static storage, which later gets
ns_free()’d in Ns_FreeRequest(), causes the server to crash.