This download page includes only the sources to compile and build mod_perl yourself with the proper tools. To download a precompiled distribution for your platform please see here.
A flaw was discovered in the Apache::PerlRun module shipped with mod_perl 1.29 and earlier and in the ModPerl::RegistryCooker module shipped with mod_perl 2.03 and earlier. A remote attacker could craft a URL with a path that would be interpreted as a regular expression, potentially allowing a denial of service by creating an expression that will take a very long time to run. This vulnerability only affects Apache::PerlRun and custom subclasses of ModPerl::RegistryCooker that explicitly use the namespace_from_uri() method. The Apache::Registry, ModPerl::PerlRun, and ModPerl::Registry modules are NOT affected.
Users of mod_perl 1.29 and earlier are encouraged to upgrade to 1.30 if they use Apache::PerlRun for their applications. Users of mod_perl 2.03 are encouraged to check their custom code for calls to the namespace_from_uri() method and replace it with the namespace_from_filename() method.
Name Last modified Size Description
Parent Directory - README.html 27-Oct-2016 16:47 2.5K contrib/ 04-May-2018 11:57 - mod_perl-1.31.tar.gz 22-Nov-2013 02:37 381K mod_perl-2.0.10.tar.gz 27-Oct-2016 16:47 3.7M win32-bin/ 04-May-2018 11:57 -
Do not download from www.apache.org. Please use a mirror site to help us save apache.org bandwidth. Go here to find your nearest mirror.
Some unofficial binary releases for Windows are available from here.
For details on current releases, please see the mod_perl Download Page.
Only current, recommended releases are available on www.apache.org and the mirror sites. Older releases can be obtained from the archive site.
All of the release distribution packages have been digitally signed (using PGP or GPG) by the Apache Group members that constructed them. There will be an accompanying distribution.asc file in the same directory as the distribution. The PGP keys can be found at the MIT key repository and within this project's KEYS file.
Always use the signature files to verify the authenticity of the distribution, e.g.,
% pgpk -a KEYS % pgpv mod_perl-2.0.10.tar.gz.asc or, % pgp -ka KEYS % pgp mod_perl-2.0.10.tar.gz.asc or, % gpg --import KEYS % gpg --verify mod_perl-2.0.10.tar.gz.asc
We offer MD5 hashes as an alternative to validate the integrity
of the downloaded files. A unix program called
md5sum is included in many unix distributions. It is
also available as part of GNU
Textutils. Windows users can get binary md5 programs from here, here, or