Announcing the release of Apache 2.4.16. You can grab your copy of the new Apache HTTP Server from our download page (http://www.apachehaus.com/cgi-bin/download.plx).
This is security and bug fix release and you can view the changelog (http://www.apache.org/dist/httpd/CHANGES_2.4.16) for a complete list of changes. This includes the changes for 2.4.13, 2.4.14 and 2.4.15 which was not released. The list is long and I would not know where to begin.
One new feature of note: CGIPassAuth
CGIPassAuth will pass on username and password of from the "Basic" auth method in Apache onto scripts via HTTP_AUTHORIZATION environment variable. The username:password string is base64 encoded.
Note:
OpenSSL 1.0.2d upgrade packages for both VC9 & VC11 builds are available.
OpenSSL 0.9.8zg downgrade packages for the VC9 builds are also available.
Bigger Note:
OpenSSL 0.9.8 support ends in 2015. If you use them, start planning for a switch now! There will be no more OpenSSL 0.9.8 downgrades available after 2015/12/31