The Apache Software Foundation and The Apache HTTP Server Project are
pleased to announce the release of version 2.1.6-alpha of the Apache
HTTP Server ("Apache"). This alpha release should not be presumed to
be compatible with binaries built against any prior or future version.

The 2.1.6-alpha release addresses a security vulnerability present
in all previous 2.x versions. This fault did not affect Apache 1.3.x
(which did not proxy keepalives or chunked transfer encoding);

Proxy HTTP: If a response contains both Transfer-Encoding
and a Content-Length, remove the Content-Length to eliminate
an HTTP Request Smuggling vulnerability and don't reuse the
connection, stopping some HTTP Request Spoofing attacks.