I recently installed OpenBSD and went to check the version of Apache HTTPD and when I run httpd -v it tells me the version is Apache/1.3.29 (Unix). Surely this can't be right? I am using the latest version of OpenBSD (5.3), why is Apache SO out of date for an OS that is supposed to be security based?
Asked
Active
Viewed 794 times
3
Sam
- 33
- 2
-
The answer of Krist is the correct one. Just a side comment. `# pkg_info -Q apache-httpd` -> apache-httpd-2.2.23. Apache2 is available from packages. The OpenBSD developers are focused now in nginx. nginx is installed by default. – Rufo El Magufo May 14 '13 at 15:27
-
The Apache in OpenBSD has been patched and security backported, and does not contain the vulnerabilities normally associated with httpd 1.3.29. Various Linux Distros do this constantly too, including old version of Apache that have been security patched instead of the new version. – Chris S May 14 '13 at 15:49
1 Answers
3
Officially it's a licencing issue
To quote:
Source code published under version 2 of the Apache license cannot be included into OpenBSD. As a consequence, OpenBSD now maintains its own version of Apache based on version 1.3.29. The OpenBSD version includes many enhancements and bugfixes.
But there appears to be more going on below the surface. Basically the OpenBSD decided to no longer update apache:
Krist van Besien
- 1,862
- 13
- 16