IBM Support

Fix list for IBM HTTP Server Version 9.0

Product Documentation


Abstract

IBM HTTP Server provides periodic fixes for release 9.0. The following is a complete listing of fixes for Version 9.0 with the most recent fix at the top.

Content

Back to all versions

Fix Pack 9 (9.0.5.9)
Fix Pack 8 (9.0.5.8)
Fix Pack 7 (9.0.5.7)
Fix Pack 6 (9.0.5.6)
Fix Pack 5 (9.0.5.5)
Fix Pack 4 (9.0.5.4)
Fix Pack 3 (9.0.5.3)
Fix Pack 2 (9.0.5.2)
Fix Pack 1 (9.0.5.1)
Refresh Pack (9.0.5)
Fix Pack 11 (9.0.0.11)
Fix Pack 10 (9.0.0.10)
Fix Pack 9 (9.0.0.9)
Fix Pack 8 (9.0.0.8)
Fix Pack 7 (9.0.0.7)
Fix Pack 6 (9.0.0.6)
Fix Pack 5 (9.0.0.5)
Fix Pack 4 (9.0.0.4)
Fix Pack 3 (9.0.0.3)
Fix Pack 2 (9.0.0.2)
Fix Pack 1 (9.0.0.1)
9.0.0.0
9.0.0.0-PI54808 (z/OS V2R2 only)


Fix release date: 10 September 2021
Last modified: 10 September 2021
Status: Recommended

Download Fix Pack 9.0.5.9

This fix pack is delivered for z/OS using
APAR/PTF: PH40044 / UI76968

Security APAR
APAR
Description
PH38515 ErrorDocuments that specify literal strings are not translated correctly (z/OS only).
PH38112 Conditionally reduce severity of SSL0405E message for sockets that are already in lingering close.
PH37899 If mod_backtrace is not loaded, dump a backtrace during whatkilledus report (Linux only).
PH36870 Disable the TLS protocols TLSv10 and TLSv11 by default. Remove TLSv1.3 CCM ciphers from defaults.


Note:

  • IBM HTTP Server 9.0.5.9 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.48.
  • IBM HTTP Server 9.0.5.9 with interim fix PH40343 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.51.

Fix release date: 18 June 2021
Last modified: 18 June 2021
Status: Superseded

Download Fix Pack 9.0.5.8

This fix pack is delivered for z/OS using
APAR/PTF: PH37767 / UI75845

Security APAR
APAR
Description
PH35771
Multiple vulnerabilities in IBM HTTP Server (CVE-2020-13938, CVE-2021-30641)
https://www.ibm.com/support/pages/node/6463587
PH35915 Upgrade bundled GSKit security library to 8.0.55.21
PH35107 Possible crash with StrictHostCheck
PH36939 z/OS module updates
PH34420 Server fails to start when SSLCipherSpec 30 is set in httpd.conf
PH34246 ErrorLogFormat may not be used by some startup messages
PH33679 SSLCLientAuth doesn't work with 'noverify' and 'crl' together.


Note: IBM HTTP Server 9.0.5.8 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.48.

Fix release date: 26 March 2021
Last modified: 26 March 2021
Status: Superseded

Download Fix Pack 9.0.5.7

This fix pack is delivered for z/OS using
APAR/PTF: PH35153 / UI74465

Security APAR
APAR
Description
PH29569 Support 'CertificateUsername' without authentication
PH30270 Allow SSL IOVEC merging to be disabled
PH30598 Support '-RSA' pseudo-cipher in SSLCipherSpec to remove ciphers with RSA key exchange
PH30795 Delays with large PKCS11 keystores (GSKit upgrade to 8.0.55.19)
PH30841 Provide a flag to disable TLS close_notify alert on Apache socket close
PH30854 Rewrite backreference escaping needs flexibility
PH31169 Adjust SSL0200E with GSK_ERROR_PROTOCOL_MISMATCH
PH31409 Can't set SSLV3TIMEOUT with TLS13
PH32229 Provide automatic graceful termination of processes reporting SSL0209E/SSL0212E/SSL0203E


Note: IBM HTTP Server 9.0.5.7 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.46.

Fix release date: 27 November 2020
Last modified: 27 November 2020
Status: Superseded

Download Fix Pack 9.0.5.6

This fix pack is delivered for z/OS using
APAR/PTF: PH31572 / UI72612

Security APAR
APAR
Description
PH27406 Software license swidtag files are not included in the IHS archive installs
PH27739 SSL0401E during 'apachectl stop'
PH28073 IBM HTTP Server on Windows crashes at startup with rare LoadModule value
PH28389 install_ihs fails when ls alias is used
PH29026 setupadmn fails if existing target user is not specified in /etc/passwd
PH30541 9.0 install_ihs/install_plugin error with WAS 855
PH30660 Install Visual C++ Redistributable 2013 needed by IHS on Windows


Note: IBM HTTP Server 9.0.5.6 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.46.

Fix release date: 04 September 2020
Last modified: 04 September 2020
Status: Superseded

Download Fix Pack 9.0.5.5

This fix pack is delivered for z/OS using
APAR/PTF: PH28542 / UI71235

Security APAR
APAR
Description
PH24262 postinst reports wrong port number
PH24265 Allow mpmstats to write to zOS system log
PH24402 Post Installer for IHS archive should fail if postinst fails
PH24557 Default cipher specs used with SSLCipherSpec ALL -CIPHER_SPEC
PH26048 Add additional information to AH01220 for CGI script timeout


Note: IBM HTTP Server 9.0.5.5 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.46.

Fix release date: 12 June 2020
Last modified: 12 June 2020
Status: Superseded

Download Fix Pack 9.0.5.4

9.0.5.4 is delivered for z/OS using
APAR/PTF: PH25610 / UI69828

Security APAR
APAR
Description
PH21992 Multiple vulnerabilities in IBM HTTP Server (CVE-2020-1927, CVE-2020-1934)
https://www.ibm.com/support/pages/node/6191631
PH20989 Expose SAN fields in client certificates
PH21717 Relax hostname validation in IBM HTTP Server
PH21804 SSL0212E with TLS1.3 when SSLV3Timeout expires
PH22727 Keepalive connections may be closed up to 100ms early
PH23344 Error during script to apply a IHS PTF doesn't cause the PTF apply to fail
PH23397 SSLClientAuthVerify OFF improvement for expired certificates
PH23551 CGI error handling improvement
PH23596 bin/rotatelogs not shipped with program control
PH23893 Add 64-bit IHS for Windows to IIM
PH24493 SSL0209E with IHS 9.0.5.2 and later  (GSKit upgrade to 8.0.55.15)


Note: IBM HTTP Server 9.0.5.4 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.43.

Fix release date: 20 March 2020
Last modified: 20 March 2020
Status: Superseded

Download Fix Pack 9.0.5.3

9.0.5.3 is delivered for z/OS using
APAR/PTF: PH23038 / UI68326

Security APAR
APAR
Description
PH19074 Provide extended diagnostics for SSL0279E errors
PH20613 SSL0232W with SSLFIPSEnable
PH20970 Improve Request header modification flexibility


Note: IBM HTTP Server 9.0.5.3 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.41.

Fix release date: 13 December 2019
Last modified: 13 December 2019
Status: Superseded

Download Fix Pack 9.0.5.2

9.0.5.2 is delivered for z/OS using
APAR/PTF: PH19272 / UI66658

Security APAR
APAR
Description
PH13105 Upgrade bundled GSKit security library
PH17056 Request for dataset with encoded characters returns 404 when using SAFRunAsEarly 
(z/OS only)
PH17128 Add TLS 1.3 support for IBM HTTP Server and the WebSphere Application Server WebServer plug-in
PH17652 Truncated responses that fail with GSK_INVALID_BUFFER_SIZE in IBM HTTP Server 
PH18102 Improve multi-certificate support in IBM HTTP Server 9.0


Note: IBM HTTP Server 9.0.5.2 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.41.

Fix release date: 20 September 2019
Last modified: 20 September 2019
Status: Superseded

Download Fix Pack 9.0.5.1

9.0.5.1 is delivered for z/OS using
APAR/PTF: PH16280 / UI65333

Security APAR
APAR
Description
PH14974
Multiple vulnerabilities in IBM HTTP Server (CVE-2018-20843, CVE-2019-10092, CVE-2019-10098)
https://www.ibm.com/support/pages/node/964768
PH10089 install-ihs -group should make more directories group writeable  (z/OS only)
PH10103 Enable RLimitCPU on z/OS.  (z/OS only)
PH10382 Enable TLSV1.2 under SSLFIPSEnable
PH12421 AuthLDAPURL not allowing specification of RACFID unless user has RACF search permission  (z/OS only)
PH13615 IBM HTTP Server 9.0 should allow relative URL in redirects.


Note: IBM HTTP Server 9.0.5.1 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.41.

Fix release date: 28 June 2019
Last modified: 28 June 2019
Status: Superseded

Download Refresh Pack 9.0.5.0

9.0.5.0 is delivered for z/OS using
APAR/PTF: PH13435 / UI63830

Security APAR
APAR
Description
PH09869
Multiple vulnerabilities in IBM HTTP Server (CVE-2019-0211, CVE-2019-0220)
https://www-01.ibm.com/support/docview.wss?uid=ibm10880413
PH07089 Suppress parsing of $-prefixed variables in SSI (embeds).  (z/OS only)
PH07275 Unable to change service description of an 'IBM HTTP Server' service on Windows
PH08035 Improve IHS logs on z/OS to show installation details.  (z/OS only)
PH09519 Allow MVSDS to only use the last qualifier of a dataset name for mime extension checking.  (z/OS only)
PH12690 Add the mod_request module for z/OS.  (z/OS only)


Note: IBM HTTP Server 9.0.5.0 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.39.

Fix release date: 05 April 2019
Last modified: 05 April 2019
Status: Superseded

Download Fix Pack 11

This fix pack is delivered for z/OS using
APAR/PTF: PH10037 / UI62112

Security APAR
APAR
Description
PH06010 Security vulnerability in the IBM HTTP Server (CVE-2018-17199)   (Distributed only)
http://www-01.ibm.com/support/docview.wss?uid=ibm10869064
PH02406 Need simpler way to reject unknown hostnames
PH02448 Improve mod_status output for event MPM
PH03059 ABENDEC6 RC FF0F seen at server startup using rotatelogs (z/OS only)
PH03953 'Server reached MaxRequestWorkers' message is issued while idle threads are available
PH05560 Using multiple environment variables in a directive doesn't work
PH05575 Postinst logs unexpected message when failed to find an FQDN
PH05852 Allow headers to be unset using regex


Note: IBM HTTP Server 9.0.0.11 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.38.

Fix release date: 14 December 2018
Last modified: 14 December 2018
Status: Superseded

Download Fix Pack 10

This fix pack is delivered for z/OS using
APAR/PTF: PH06005 / UI60127

Security APAR
APAR
Description
PH01222 Timeout setting for OCSP on IBM HTTP Server
PH01302 Accept SHA2 cert chains in LDAP connections


Note: IBM HTTP Server 9.0.0.10 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.37.

Fix release date: 21 September 2018
Last modified: 21 September 2018
Status: Superseded

Download Fix Pack 9

This fix pack is delivered for z/OS using
APAR/PTF: PH02525 / UI58477

Security APAR
APAR
Description
PI95964 Add mod_cgi directive to allow users to configure timeouts for CGI applications
PI96156 SSL fails with multiple addresses in single VirtualHost
PI96321 Update embedded LDAP SDK to 6.4.x
PI96949 The file time stamp format of IHS 9.0 is different from IHS 8.5
PI96955 Allow mod_substitute for proxied responses
PI97314 Add mod_backtrace for Windows
PI98116 PDB files are not shipped for plugin and odrlib in the Windows archive installer.
PI98146 Only create rewrite map lock if RewriteMaps are used.
PI98147 Print unparsed URI in the 'URI incorrectly encoded' error message
PI98705 HTML-encoded SSI variable double-encoded when moving to IHS 9.0
PI99032 SSL alerts not showing in log messages
PI99262 Reduce memory used by persistent connections
PI99271 AuthzProviderAlias ignoring all Require-Parameters except first one.
PI99394 IBM HTTP Server startup messages not switching to Errorlog (z/OS only)
PI99567 HTTPProtocolOptions improvements
PI99680 rotatelogs description should include option -n
PI99685 HTTPProtocolOptions=unsafe should allow a space in a header
PH00889 LeaveWorkUnit errors with mod_wlm (z/OS only)


Note: IBM HTTP Server 9.0.0.9 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.34.

Fix release date: 29 June 2018
Last modified: 29 June 2018
Status: Superseded

Download Fix Pack 8

This fix pack is delivered for z/OS using
APAR/PTF: PI99702 / UI56929

Security APAR
APAR
Description
PI94222 Multiple vulnerabilities in GSKit bundled with IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg22015347
PI95670 Multiple vulnerabilities in IBM HTTP Server (CVE-2017-15710, CVE-2017-15715,CVE-2018-1301)
http://www-01.ibm.com/support/docview.wss?uid=swg22015344
PI91850 MVSDS does not list member contents when using relative generation number to create a member list with PDS/PDSE GDG (z/OS only)
PI91975 The 'Header unset Content-Type' directive does not unset the Content-Type response header.
PI92017 Include CGI program name when writing stderr to the error log when using mod_cgi
PI92053 Let child processes avoid graceful shutdown if ECONNREFUSED, ECONNABORTED, ECONNRESET occur during client accept().
PI92092 FSUM6245 seen when upgrading IHS to a new fix pack and using an intermediate symbolic link (z/OS only)
PI92407 Log startup message for low 64-bit MEMLIMIT
PI93212 Throttle SSL0600E error messages
PI94050 High CPU/Hang with IHS mod_auth_basic LDAP
PI94539 mod_proxy_http does not allow headers larger than 8K bytes.
PI95610 Namespace collision when mod_ibm_ssl.so is loaded alongside libodr.so.


Note: IBM HTTP Server 9.0.0.8 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.33.

Fix release date: 16 March 2018
Last modified: 16 March 2018
Status: Superseded

Download Fix Pack 7

This fix pack is delivered for z/OS using
APAR/PTF: PI94851 / UI54336

Security APAR
APAR
Description
PI90598 CVE-2017-12613 for IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg22013598
PI90688 gskcapicmd on Linux not working in IHS V9
PI90811 rotatelogs fails with relative paths in IBM HTTP Server V9
PI91038 When client and IHS don't support the same SSL/TLS version, IHS logged incorrect message in error log
PI91075 Add environment variable to record "SSLVersion" failure
PI91351 Add toleration for TLS certificate extension InhibitAnyPolicy marked as non-critical
PI91720 HTTPS download of IHS archive install from Fix Central results in uncompressed file with misleading name


Note: IBM HTTP Server 9.0.0.7 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.29.

Fix release date: 21 December 2017
Last modified: 21 December 2017
Status: Superseded

Download Fix Pack 6

This fix pack is delivered for z/OS using
APAR/PTF: PI91366 / UI52734

Security APAR
APAR
Description
PI87445 CVE-2017-9798 for IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg22009782
PI87663 CVE-2017-12618 for IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg22009782
PI84868 Disable the 3DES cipher by default in IBM HTTP Server.
PI85561 SSL Fallback Protection related errors with SSLProxyEngine ON
PI85702 SAFRunAs %%CERTIF%% asks for basic auth credentials
PI85804 Improve password failure error messages in authnz_saf
PI87046 Microsoft Windows large address support was not ported in IBM HTTP Server 9.0.0.4
PI88232 Allow the server to handle requests with obsolete folds containing only spaces and/or tabs after PI73984.
PI88356 Default ciphers with SSLFIPSEnable are System SSL defaults instead of IHS defaults.
PI88553 Print an error message that includes the errno and errno2 values if fail to find a specified saf-group.
PI90141 IBM HTTP Server may hang at startup on z/Linux running on z14 hardware - upgrade GSKit to 8.0.50.84
PI90834 abendoc4 in apr_pstrcat using saf-change-pw handler


Note: IBM HTTP Server 9.0.0.6 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.29.

Fix release date: 17 October 2017
Last modified: 13 October 2017
Status: Superseded

Download Fix Pack 5

This fix pack is delivered for z/OS using
APAR/PTF: PI87801 / UI50746.

Security APAR
APAR
Description
PI82260 CVE-2017-3167 for IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg22005280
PI82263 CVE-2017-7668 for IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg22005280
PI82481 CVE-2017-7679 for IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg22005280
PI80356 Upgrade bundled GSKit security library (Distributed only)
PI81360 Allow SSL_/TLS_ prefixes to be used interchangeably for cipher long names
PI81602 Issues with updating SAF password when using Firefox or Chrome (z/OS only)
PI82760 Unable to launch ikeyman on the IBM HTTP Server side.
PI82834 Add a simple PCT alternative for IBM HTTP Server with Liberty.
PI83167 Support for binary-only install via IHS_SKIP_POSTINST environment variable.
PI83257 Reduce memory usage from long mod_rewrite configurations.
PI83350 Add jobname and job id to SMF 103 records for IBM HTTP Server (z/OS only)


Note: IBM HTTP Server 9.0.0.5 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.27.

Fix release date: 13 June 2017
Last modified: 13 June 2017
Status: Superseded

Download Fix Pack 4

This fix pack is delivered for z/OS using
APAR/PTF: PI82358 / UI47689.

Security APAR
APAR
Description
PI73043 Upgrade bundled GSKit security library (Distributed only)
PI74780 Allow IBM HTTP Server 9.0 on AIX 6.1
PI75835 ABEND0C4 in IBM HTTP Server 9.0 using -v option with rotatelogs (z/OS only)
PI76757 Allow SSL handshake transcripts to be enabled or disabled
PI76874 Further enhancements to PI50937 high cpu avoidance
PI76918 'Permission denied' errors after maintenance upgrade of IBM HTTP Server on z/OS (z/OS only)
PI77337 IHS LDAP connection with SSL not working
PI77697 IBM HTTP Server 9.0 install not creating service correctly on Microsoft Windows
PI78442 Some sequences of server-side includes mixing '#include virtual=' and '#include file=' result in a HTTP 400 error.
PI78696 SSL handshake failure between IHS/Proxy to backend IHS/Plugin
PI78716 File is not translated using MVSDS if content-encoding is used with IBM HTTP Server 9.0 (z/OS only)
PI78967 Allow CEEDUMPS to be requested with kill -USR2 (z/OS only)
PI80106 500 Internal error with 'AH01328: Line too long' (z/OS only)
PI80187 Redirect functionality not working as expected for MVSDS requests (z/OS only)
PI80447 Disable MMAP for static files by default on z/OS (z/OS only)


Note: IBM HTTP Server 9.0.0.4 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.25.

Fix release date: 14 March 2017
Last modified: 14 March 2017
Status: Superseded

Download Fix Pack 3

This fix pack is delivered for z/OS using
APAR/PTF: PI77285 / UI45080.

Security APAR
APAR
Description
PI73984 CVE-2016-8743 for IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg21996847
PI70372 mod_mvsds serves a plain text file as an html page if it contains any string starting with a '<' and ending with a '>'.
PI70496 Startup failures when 'SSLEnable' is specified globally instead of within a VirtualHost.
PI70825 Simplify mod_ibm_ssl trace enabling in IBM HTTP Server 9.0
PI70829 Provide additional message information for IBM HTTP Server TLS handshakes
PI71340 Update ikeyman/gskcmd wrappers for IBM HTTP Server 8.5.5 and 9.0 with embedded Java 8.
PI72989 Hangs related to mod_backtrace and mod_whatkilledus during a crash.
PI73027 Crash with combination of mod_net_trace loaded and 'EnableSendfile ON' in httpd.conf.
PI73165 High cpu encountered when directive EnableSendfile is set to On
PI73661 Session ID Daemon (sidd) memory leak
PI73819 Allow an extended syntax for the SSLCipherSpec directive on z/OS
PI73951 mod_zos_cmds incorrectly reports the number of lingering close connections as zero.
PI74200 Connection resets under heavy load when connecting to IHS on z/OS.


Note: IBM HTTP Server 9.0.0.3 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.25.

Fix release date: 13 December 2016
Last modified: 13 December 2016
Status: Superseded

Download Fix Pack 2

This fix pack is delivered for z/OS using
APAR/PTF: PI72454 / UI42701.

Security APAR
APAR
Description
PI66849 CVE-2012-0876, CVE-2012-1148, CVE-2016-4472
expat vulnerability fixes for IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg21988026
PI66468 bin\ikeyman.bat and bin\gskcmd.bat don't work when IHS install path contains spaces
PI66787 Session cache daemon (sidd) memory leak
PI66931 Upgrade bundled GSKit security library to resolve TLS > 1.2 negotiation intolerance.
PI67595 AuthSAFExpiration and AuthSAFReenter do not work when using a 401 errordocument (z/OS only)
PI68001 Add ability for the MVS stop command to do a graceful shutdown of the server (z/OS only)
PI68803 IHS on z/OS CPU usage increases in release 8.5.5.5 or beyond (z/OS only)
PI69081 gskver, ikeyman, gskcapicmd, and gskcmd scripts do not work in IBM HTTP Server 9.0.0.1
PI69182 IBM HTTP Server 9.0 SSL cipher defaults may be displayed incorrectly on z/OS (z/OS only)
PI69979 Accept non strictly-conforming X509 certificates in IBM HTTP Server 9.0
PI70022 Allow IBM HTTP Server on Linux to automatically raise ulimit -n to accomodate larger ThreadsPerChild


Note: IBM HTTP Server 9.0.0.2 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.23.

Fix release date: 16 September 2016
Last modified: 16 September 2016
Status: Superseded

Download Fix Pack 1

This fix pack is delivered for z/OS using
APAR/PTF: PI68703 / UI40714.

Security APAR
APAR
Description
PI63098 CVE-2016-0718 for IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg21988026
PI65855 CVE-2016-5387 for IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg21988019
PI60251 mod_mvsds writes content as binary instead of text/plain (z/OS only)
PI60784 IBM HTTP Server directives SSLCipherBan and SSLCipherRequire may crash when GSKit tracing is enabled
PI62663 Some Server Side Includes (SSI) may not be translated as expected (z/OS only)
PI63482 Add a private header with password change information for 401 response.
PI63682 IHS mod_status displays many 'NULL' strings in request column
PI64346 SetEnvIf may be skipped with SAF auth enabled (z/OS only)
PI64628 IBM HTTP Server on Z/OS is deleting the wrong message queue (z/OS only)
PI66153 XML datasets with no XML extension cause error under mod_mvsds (z/OS only)
PI66183 When MFA is configured, SAFRunAs fails with a permission error (z/OS only)


Note: IBM HTTP Server 9.0.0.1 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.23.

Fix release date: 24 June 2016
Last modified: 24 June 2016
Status: Superseded

Download 9.0.0.0

This release was delivered for z/OS as an IM (Installation Manager) installed version only. For SMPE install, these contents were not available until 9.0.0.1.

Security APAR
APAR
Description
PI53754 Using MVSDS to retrieve a GDG(0) always returns the same file, even after a new generation is created (z/OS only)
PI56034 No equivalent functionality for DGW AlwaysWelcome directive in IHS on z/OS (z/OS only)
PI56576 Incorrect image path in .css file causes image to not display
PI57543 Allow one address space per rotatelogs process to be conserved. (z/OS only)
PI57596 CRIHS0001I may contain garbage information or not pick up HTTPS port (z/OS only)
PI58218 IBM HTTP Server mod_cache fixes
PI59561 Add pre/post password hooks to mod_authnz_saf
PI60207 Upgrade bundled GSKit security library to 8.0.50.61


Note: IBM HTTP Server 9.0.0.0 contains all applicable security fixes in Apache HTTP Server versions up through 2.4.20.

Fix release date: 02 March 2016
Last modified: 02 March 2016
Status: Superseded

This release was not delivered for distributed platforms or with WebSphere Application Server. It was delivered for z/OS only via:
APAR/PTF: PI56777 / UI35362.

Security APAR
APAR
Description
PI48857 Some headers are removed when caching is enabled
PI50376 DGW compatibility for DOCUMENT_* CGI variables. (z/OS only)
PI50397 No error log entries for 'SAFRunAs %%CERTIF_REQ%%' failures. (z/OS only)
PI50514 SSL session ID cache daemon (SIDD) creates unnecessary entries
PI51185 Enhancements allowing use of SAFRunAsEarly for certificate switching (z/OS only)
PI52301 Reduce reads to /dev/random causing CSFSERV CSFRNG access (z/OS only)
PI54808 RewriteRule sees un-decoded characters in URL when mod_authnz_saf loaded (z/OS only)

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"ARM Category":[{"code":"a8m50000000Cd10AAC","label":"IHS"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0.0;9.0.5","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
19 October 2021

UID

swg27048481