The Apache team have released a security update to the popular webserver. This version of Apache is a security and bug fix release. I strongly suggest you should upgrade to this latest version as it solves the following securtiy issues:

• SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations.
• SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file.
• SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations.
• SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the ‘%{cookiename}C’ log format string is in use and a client sends a nameless, valueless cookie, causing
  a denial of service. The issue existed since version 2.2.17.
• SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly.
• SECURITY: CVE-2012-0053 (cve.mitre.org) Fixed an issue in error responses that could expose “httpOnly” cookies when no custom ErrorDocument is specified for status code 400.

If you’ve forgotten how to upgrade your Apache installation in the least painfull way with a possibility to go back if something goes wrong: Upgrading Apache

The Apache team have released a security update to the popular webserver. This version of Apache is a security and bug fix release:

• SECURITY: CVE-2011-3348 (cve.mitre.org) mod_proxy_ajp when combined with mod_proxy_balancer: Prevents unrecognized HTTP methods from marking ajp: balancer members in an error state, avoiding denial of service.
• SECURITY: CVE-2011-3192 (cve.mitre.org) core: Further fixes to the handling of byte-range requests to use less memory, to avoid denial of service. This patch includes fixes to the patch introduced in release 2.2.20 for protocol compliance, as well as the MaxRanges directive.

I would strongly advise you to upgrade your server accordingly as this will solve the problem of the apache killer security issue by which someone could take over your server.

If you’ve forgotten how to upgrade your Apache installation in the least painfull way with a possibility to go back if something goes wrong: Upgrading Apache

Alright here is the first result of adapting the instructions to Mac OS X 10.7 aka Lion. First some remarks, to get the quickest results I decided to first do everything in a virtual machine as I wanted to take the time to upgrade my desktop. It was remarkably easy to install Lion as a virtual OS using VMWare. First I tried with Virtualbox which works with Snow Leopard but that didn’t work for Lion. So I tried with the current beta of VMWare Fusion which I am currently testing and that one went without any problem. Just do a “Show Package Contents” of “Install Mac OS X Lion” and copy the file “InstallESD.dmg”. Create a new virtual machine and point it to this DMG file for installing and it will install like a regular Mac. If anyone has a regular version of VMWare Fusion 3.1.x can you verify that this works?

Next step was getting XCode on the machine for which I had to use the “App Store” but luckily XCode is again free! Everything installed I was ready to go. One of the things I noticed is that I can install everything in 64 bits without needing to explicitly specifying it which we had to do on Snow Leopard. Also note that there is no more 32 bits on Lion! This is why it won’t run on some of the older Intel Macs.

So if you’ve already upgraded your Mac to Lion or just have bought a new one and need to install MAMP, that part is no finished. Next step is me taking the time to upgrade my desktop and then attack the mail-server documentation.

http://diymacserver.com/lion/

Update: Just got this in my RSS reader, VMWare 3.1.3 does not support Lion as a guest. The current Beta does so I guess you have to wait till 3.1.4 or join the beta program!

Also found that PostgresSQL 9.0.4 is installed with OS X Lion! There is documentation in /Library/Webserver/Documents and the psql command is available. Let’s see what we can find out more…

Found this in the official Apple documentation What is new in Mac OS X 10.7

Beginning in Mac OS X v10.7, Mac OS X Server ships with PostgreSQL instead of MySQL as its database server. If you are using other software that requires MySQL, you must install it yourself.

The Apache team have released a security update to the popular webserver. This version of Apache is principally a bug fix release, correcting regressions in the httpd 2.2.18 package; the use of that previous 2.2.18 package is discouraged due to these flaws:

• SECURITY: CVE-2011-1928 (cve.mitre.org) A fix in bundled APR 1.4.4 apr_fnmatch() to address CVE-2011-0419 introduced a new vulnerability. httpd workers enter a hung state (100% cpu utilization) after updating to APR 1.4.4. Upgrading to APR 1.4.5 bundled with the httpd 2.2.19 package, or using APR 1.4.3
  or prior with the ‘IgnoreClient’ option of the ‘IndexOptions’ directive will circumvent both issues.
• httpd 2.2.18: The ap_unescape_url_keep2f() function signature was inadvertantly changed. This breaks binary compatibility of a number of third-party modules. This httpd-2.2.19 package restores the function signature provided by 2.2.17 and prior.

I would strongly advise you to upgrade your server accordingly and not to use the httpd 2.2.18 package. i’ve installed it on several machines without an error.

If you’ve forgotten how to upgrade your Apache installation in the least painfull way with a possibility to go back if something goes wrong: Upgrading Apache

The Apache team have released a security update to the popular webserver. This version of Apache is principally a bug fix release, and a security fix release of the APR 1.4.4 dependency; I would advise you to upgrade your server accordingly. I’ve tested and updated all my servers without any problem. Read all about the changes and bugs fixed in the 2.2.18 changelog.

• SECURITY: CVE-2011-0419 (cve.mitre.org) apr_fnmatch flaw leads to mod_autoindex remote DoS. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a carefully crafted request may cause excessive CPU usage. Upgrading to APR 1.4.4, or setting the ‘IgnoreClient’ option of the ‘IndexOptions’ directive circumvents this risk.

If you’ve forgotten how to upgrade your Apache installation in the least painfull way with a possibility to go back if something goes wrong: Upgrading Apache