| -*- coding: utf-8 -*- |
| Changes with Apache 2.5.0 |
| |
| *) mod_reqtimeout: Fix body timeout disabling for CONNECT requests to avoid |
| triggering mod_proxy_connect's AH01018 once the tunnel is established. |
| [Yann Ylavic] |
| |
| *) mod_proxy_balancer: Prevent redirect loops between workers within a |
| balancer by limiting the number of redirects to the number balancer |
| members. PR 59864 [Ruediger Pluem] |
| |
| *) mod_proxy: Correctly consider error response codes by the backend when |
| processing failonstatus. PR 59869 [Ruediger Pluem] |
| |
| *) mod_proxy_fcgi: avoid loops when ProxyErrorOverride is enabled |
| and the error documents are proxied. PR 55415. [Luca Toscano] |
| |
| *) mod_proxy_fcgi: read the whole FCGI response even when the content has |
| not been modified (HTTP 304) to avoid subsequent bogus reads and |
| confusing error messages logged. [Luca Toscano] |
| |
| *) mod_crypto: Add the all purpose crypto filters with support for HLS. |
| [Graham Leggett] |
| |
| *) ab: Add option -I to use the Server Name Indication (SNI) extension on |
| outgoing TLS connections, according to the Host header (if any) or the |
| requested URL's hostname otherwise. [Yann Ylavic] |
| |
| *) mod_ssl: reset client-verify state of ssl when aborting renegotiations. |
| [Erki Aring <erki@example.ee>, Stefan Eissing] |
| |
| *) mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data |
| available before the request is sent. PR 57832. [Yann Ylavic] |
| |
| *) mod_sed: Fix 'x' command processing. [Christophe Jaillet] |
| |
| *) core: Drop an invalid Last-Modified header value coming |
| from a FCGI/CGI script instead of replacing it with Unix epoch. |
| Warn the users about Last-Modified header value replacements and |
| improved handling of non-GMT datestr. |
| [Yann Ylavic, Luca Toscano] |
| |
| *) mod_dav: Allow other modules to become providers and add ACLs |
| to the DAV response. |
| [Jari Urpalainen <jari.urpalainen nokia.com>, Graham Leggett] |
| |
| *) mod_dav: Add dav_begin_multistatus, dav_send_one_response, |
| dav_finish_multistatus, dav_send_multistatus, dav_handle_err, |
| dav_failed_proppatch, dav_success_proppatch to mod_dav.h. |
| [Jari Urpalainen <jari.urpalainen nokia.com>, Graham Leggett] |
| |
| *) core: Add -DDUMP_INCLUDES configtest option to show the tree |
| of Included configuration files. [Jacob Champion <champion.pxi gmail.com>] |
| |
| *) mod_dav: Add support for childtags to dav_error. |
| [Jari Urpalainen <jari.urpalainen nokia.com>] |
| |
| *) mod_proxy, mod_ssl: Handle SSLProxy* directives in <Proxy> sections, |
| allowing per backend TLS configuration. [Yann Ylavic] |
| |
| *) core: explicitly exclude 'h2' from protocols announced via an Upgrade: |
| header as commanded by http-wg. [Stefan Eissing] |
| |
| *) http: Respond with "408 Request Timeout" when a timeout occurs while |
| reading the request body. [Yann Ylavic] |
| |
| *) scoreboard/status: Keep workers' previous Client, VHost and Request values |
| when idle, like in 2.4.18 and earlier. [Yann Ylavic] |
| |
| *) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy |
| AJP13 authentication. PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>] |
| |
| *) mpm_event: Don't take over scoreboard slots from gracefully finishing |
| threads. [Stefan Fritsch] |
| |
| *) mod_status: Display the process slot number in the async connection |
| overview. [Stefan Fritsch] |
| |
| *) mpm_event, mpm_worker: Fix computation of MinSpareThreads' lower bound |
| according the number of listeners buckets. [Yann Ylavic] |
| |
| *) mpm: Generalise the ap_mpm_register_socket functions to accept pipes |
| or sockets. [Graham Leggett] |
| |
| *) core: Extend support for setting aside data from the network input filter |
| to any connection or request input filter. [Graham Leggett] |
| |
| *) mod_ssl: Add "no_crl_for_cert_ok" flag to SSLCARevocationCheck directive |
| to opt-in previous behaviour (2.2) with CRLs verification when checking |
| certificate(s) with no corresponding CRL. [Yann Ylavic] |
| |
| *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett] |
| |
| *) ab: Use caseless matching for HTTP tokens (e.g. content-length). PR 59111. |
| [Yann Ylavic] |
| |
| *) mod_auth_digest: Fix compatibility with expression-based Authname. PR59039. |
| [Eric Covener] |
| |
| *) mpm: Add a complete_connection hook that confirms whether an MPM is allowed |
| to leave the WRITE_COMPLETION phase. Move filter code out of the MPMs. |
| [Graham Leggett] |
| |
| *) core: Added support for HTTP code 451. PR58985. |
| [Yehuda Katz <yehuda ymkatz.net>, Jim Jagielski] |
| |
| *) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung] |
| |
| *) mod_filter: Fix AddOutputFilterByType with non-content-level filters. |
| PR58856 [Micha Lenk <micha lenk.info>] |
| |
| *) mod_cache: Consider Cache-Control: s-maxage in expiration |
| calculations. [Eric Covener] |
| |
| *) mod_cache: Allow caching of responses with an Expires header |
| in the past that also has Cache-Control: max-age or s-maxage. |
| PR55156. [Eric Covener] |
| |
| *) Added many log numbers to log statements that had none. |
| |
| *) mod_session: Introduce SessionExpiryUpdateInterval which allows to |
| configure the session/cookie expiry's update interval. PR 57300. |
| [Paul Spangler <paul.spangler ni.com>] |
| |
| *) core: Extend support for asynchronous write completion from the |
| network filter to any connection or request filter. [Graham Leggett] |
| |
| *) mpm_event: Free memory earlier when shutting down processes. |
| [Stefan Fritsch] |
| |
| *) mod_auth_digest: remove AuthDigestEnableQueryStringHack which is no |
| more documented since dec 2012 (r1415960). [Christophe Jaillet] |
| |
| *) mod_charset_lite: On EBCDIC platforms, make sure mod_charset_lite runs |
| after other resource-level filters. [Eric Covener] |
| |
| *) mod_dir: Responses that go through "FallbackResource" might appear to |
| hang due to unterminated chunked encoding. PR58292. [Eric Covener] |
| |
| *) http: Don't remove the Content-Length of zero from a HEAD response if |
| it comes from an origin server, module or script. [Yann Ylavic] |
| |
| *) http: Add support for RFC2324/RFC7168. [Graham Leggett] |
| |
| *) mod_rewrite: Add support for starting External Rewriting Programs |
| as non-root user on UNIX systems by specifying username and group name |
| as third argument of RewriteMap directive. [Jan Kaluza] |
| |
| *) mod_authn_core: Add expression support to AuthName and AuthType. |
| [Graham Leggett] |
| |
| *) suexec: Filter out the HTTP_PROXY environment variable because it is |
| treated as alias for http_proxy by some programs. [Stefan Fritsch] |
| |
| *) mod_proxy_http: Don't establish or reuse a backend connection before pre- |
| fetching the request body, so to minimize the delay between it is supposed |
| to be alive and the first bytes sent: this is a best effort to prevent the |
| backend from closing because of idle or keepalive timeout in the meantime. |
| Also, handle a new "proxy-flushall" environment variable which allows to |
| flush any forwarded body data immediately. PR 56541+37920. [Yann Ylavic] |
| |
| *) core: Define and UnDefine are no longer permitted in |
| directory context. Previously they would always be evaulated |
| as the configuration was read without regard for the directory |
| context. [Eric Covener] |
| |
| *) config: For directives that do not expect any arguments, enforce |
| that none are specified in the configuration file. |
| [Joachim Zobel <jzobel heute-morgen.de>, Eric Covener] |
| |
| *) mod_rewrite: Improve 'bad flag delimeters' startup error by showing |
| how the input was tokenized. PR 56528. [Edward Lu <Chaosed0 gmail.com>] |
| |
| *) mod_proxy: Don't put non balancer-member workers in error state by |
| default for connection or 500/503 errors, and honor status=+I for |
| any error. PR 48388. [Yann Ylavic] |
| |
| *) mod_socache_memcache: Pass expiration time through to memcached. PR 55445. |
| [Faidon Liambotis <paravoid debian.org>, Joe Orton] |
| |
| *) ap_expr: Add filemod function for checking file modification dates |
| [Daniel Gruno] |
| |
| *) mod_authnz_ldap: Resolve crashes with LDAP authz and non-LDAP authn since |
| r1608202. [Eric Covener] |
| |
| *) apreq: Content-Length header should be always interpreted as a decimal. |
| Leading 0 could be erroneously considered as an octal value. PR 56598. |
| [Chris Card <ctcard hotmail com>] |
| |
| *) mod_proxy: Now allow for 191 character worker names, with non-fatal |
| errors if name is truncated. PR53218. [Jim Jagielski] |
| |
| *) mod_ssl: Add optional function "ssl_get_tls_cb" to allow support |
| for channel bindings. [Simo Sorce <simo redhat.com>] |
| |
| *) mod_proxy_wstunnel: Concurrent websockets messages could be |
| lost or delayed with ProxyWebsocketAsync enabled. |
| [Edward Lu <Chaosed0 gmail.com>] |
| |
| *) core, mod_info: Add compiled and loaded PCRE versions to version |
| number display. [Rainer Jung] |
| |
| *) mod_authnz_ldap: Return LDAP connections to the pool before the handler |
| is run, instead of waiting until the end of the request. [Eric Covener] |
| |
| *) mod_proxy_html: support automatic detection of doctype and processing |
| of FPIs. PR56285 [Micha Lenk <micha lenk info>, Nick Kew] |
| |
| *) mod_proxy_html: skip documents shorter than 4 bytes |
| PR 56286 [Micha Lenk <micha lenk info>] |
| |
| *) mod_proxy_fdpass: Fix computation of the size of 'struct sockaddr_un' |
| when passed to 'connect()'. |
| [Graham Dumpleton <grahamd apache org>] |
| |
| *) core: Add ap_mpm_resume_suspended() API to allow a suspended connection |
| to resume. PR56333 |
| [Artem <artemciy gmail.com>, Edward Lu <Chaosed0 gmail.com>] |
| |
| *) core: Add ap_mpm_register_socket_callback_timeout() API. [Eric Covener] |
| |
| *) mod_proxy_wstunnel: Honor ProxyWebsocketIdleTimeout in asynchronous |
| processing mode. [Eric Covener] |
| |
| *) mod_authnz_ldap: Fail explicitly when the filter is too long. Remove |
| unnecessary apr_pstrdup() and strlen(). [Graham Leggett] |
| |
| *) Add the ldap-search option to mod_authnz_ldap, allowing authorization |
| to be based on arbitrary expressions that do not include the username. |
| [Graham Leggett] |
| |
| *) Add the ldap function to the expression API, allowing LDAP filters and |
| distinguished names based on expressions to be escaped correctly to |
| guard against LDAP injection. [Graham Leggett] |
| |
| *) Add module mod_ssl_ct, which provides an implementation of Certificate |
| Transparency (RFC 6962) for httpd. [Jeff Trawick] |
| |
| *) mod_proxy_wstunnel: Avoid sending error responses down an upgraded |
| websockets connection as it is being close down. [Eric Covener] |
| |
| *) mod_proxy_wstunnel: Allow the administrator to cap the amount |
| of time a synchronous websockets connection stays idle with |
| ProxyWebsocketIdleTimeout. [Eric Covener] |
| |
| *) mod_proxy_wstunnel: Change to opt-in for asynchronous support, adding |
| directives ProxyWebsocketAsync and ProxyWebsocketAsyncDelay. |
| [Eric Covener] |
| |
| *) mod_proxy_wstunnel: Stop leaking websockets backend connections under |
| event MPM (trunk-only). [Eric Covener] |
| |
| *) mod_proxy_http: Add detach_backend hook (potentially usable |
| in other proxy scheme handlers). [Jeff Trawick] |
| |
| *) mod_deflate: Add DeflateAlterETag to control how the ETag |
| is modified. The 'NoChange' parameter mimics 2.2.x behavior. |
| PR 45023, PR 39727. [Eric Covener] |
| |
| *) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to |
| allow spaces in backreferences to be encoded as %20 instead of '+'. |
| [Eric Covener] |
| |
| *) mod_rewrite: Support an optional list of characters to escape in the |
| argument for the 'B' (escape backreferences) flag. [Eric Covener] |
| |
| *) mod_dir: Default to 2.2-like behavior and skip execution when method is |
| neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch] |
| |
| *) mod_rewrite: Rename the handler that does per-directory internal |
| redirects to "rewrite-redirect-handler" from "redirect-handler" so |
| it is less ambiguous and less likely to be reused. [Eric Covener] |
| |
| *) mod_rewrite: Protect against looping with the [N] flag by enforcing a |
| default limit of 10000 iterations, and allowing each rule to change its |
| limit. [Eric Covener] |
| |
| *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder. |
| [Jeff Trawick] |
| |
| *) Add HttpContentLengthHeadZero and HttpExpectStrict directives. |
| [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz] |
| |
| *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all |
| configured SSL CA certificates to stdout the same way as DUMP_CERTS does. |
| [Jan Kaluza] |
| |
| *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl |
| to support write completion. [Graham Leggett] |
| |
| *) core: Add parse_errorlog_arg callback to ap_errorlog_provider |
| to allow providers to check the ErrorLog argument. [Jan Kaluza] |
| |
| *) mod_cgid: Use the servers Timeout for each read from a CGI script, |
| allow override with new CGIDRequestTimeout directive. PR43494 |
| [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>] |
| |
| *) core: ensure any abnormal exit is reported to stderr if it's a tty. |
| PR 55670 [Nick Kew] |
| |
| *) mod_lua: Let the Inter-VM get/set functions work with a global |
| shared memory pool instead of a per-process pool. [Daniel Gruno] |
| |
| *) ldap: Support ldaps when using the Microsoft LDAP SDK. |
| PR 54626. [Jean-Frederic Clere] |
| |
| *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0 |
| to avoid performance problems when subgroups aren't in use. [Eric Covener] |
| |
| *) mod_syslog: New module implementing syslog ap_error_log provider. |
| Previously, this code was part of core, now it's in separate module. |
| [Jan Kaluza] |
| |
| *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move |
| syslog support from core to new mod_syslog. [Jan Kaluza] |
| |
| *) mod_status, mod_echo: Fix the display of client addresses. |
| They were truncated to 31 characters which is not enough for IPv6 addresses. |
| PR 54848 [Bernhard Schmidt <berni birkenwald de>] |
| |
| *) mod_unique_id: Use output of the PRNG rather than IP address and |
| pid, avoiding sleep() call and possible DNS issues at startup, |
| plus improving randomness for IPv6-only hosts. |
| [Jan Kaluza <jkaluza redhat.com>] |
| |
| *) mod_file_cache: mod_file_cache should be able to serve files that |
| haven't had a Content-Type set via e.g. mod_mime. [Eric Covener] |
| |
| *) core: merge AllowEncodedSlashes from the base configuration into |
| virtual hosts. [Eric Covener] |
| |
| *) AIX: Install DSO's with "cp" instead of "install" in instdso.sh |
| [Eric Covener] |
| |
| *) mod_ldap: Don't keep retrying if a new LDAP connection times out. |
| [Eric Covener] |
| |
| *) mod_deflate: permit compilation of mod_deflate against a zlib that has |
| been configured with -D Z_PREFIX, which redefines the token "deflate". |
| [Eric Covener] |
| |
| *) mod_auth_digest: Use the secret when generating nonces in all cases and |
| not only when AuthName is used in .htaccess files (this change may cause |
| problems if used with round robin load balancers). Don't regenerate the |
| secret on graceful restarts. PR 54637 [Stefan Fritsch] |
| |
| *) core: Remove apr_brigade_flatten(), buffering and duplicated code |
| from the HTTP_IN filter, parse chunks in a single pass with zero copy. |
| Reduce memory usage by 48 bytes per request. [Graham Leggett] |
| |
| *) core: Stop the HTTP_IN filter from attempting to write error buckets |
| to the output filters, which is bogus in the proxy case. Create a |
| clean mapping from APR codes to HTTP status codes, and use it where |
| needed. [Graham Leggett] |
| |
| *) mod_proxy: Ensure network errors detected by the proxy are returned as |
| 504 Gateway Timout as opposed to 502 Bad Gateway, in order to be |
| compliant with RFC2616 14.9.4 Cache Revalidation and Reload Controls. |
| |
| *) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981 |
| [Basant Kumar Kukreja <basant.kukreja sun.com>, Alejandro Alvarez |
| <alejandro.alvarez.ayllon cern.ch>] |
| |
| *) mod_ldap: LDAP connections used for authentication were not respecting |
| LDAPConnectionPoolTimeout. PR 54587 |
| |
| *) core: ap_rgetline_core now pulls from r->proto_input_filters. |
| |
| *) mod_proxy_html: process parsed comments immediately. |
| Fixes bug where parsed comments may be lost. [Nick Kew] |
| |
| *) mod_proxy_html: introduce doctype for HTML 5 [Nick Kew] |
| |
| *) mod_proxy_html: fix typo-bug processing "strict" vs "transitional" |
| HTML/XHTML [Nick Kew] |
| |
| *) core: Add option to add valgrind support. Use it to reduce false positive |
| warnings in mod_ssl. [Stefan Fritsch] |
| |
| *) mod_authn_file, mod_authn_dbd, mod_authn_dbm, mod_authn_socache: |
| Cache the result of the most recent password hash verification for every |
| keep-alive connection. This saves some expensive calculations. |
| [Stefan Fritsch] |
| |
| *) http: Remove support for Request-Range header sent by Navigator 2-3 and |
| MSIE 3. [Stefan Fritsch] |
| |
| *) core, http: Extend HttpProtocol with an option to enforce stricter HTTP |
| conformance or to only log the found problems. [Stefan Fritsch] |
| |
| *) core: Correctly parse an IPv6 literal host specification in an absolute |
| URL in the request line. [Stefan Fritsch] |
| |
| *) EventOpt MPM |
| |
| *) core: Add LogLevelOverride directive that allows to override the |
| loglevel for clients from certain IPs. This also works for things |
| like the SSL handshake where <If> LogLevel ... </If> is evaluated |
| too late. [Stefan Fritsch] |
| |
| *) core: Add new directive Warning to issue warnings from a configuration |
| file. Both Warning and Error now generate a timestamped log message. |
| [Fabien Coelho] |
| |
| *) ap_expr: Add SERVER_PROTOCOL_VERSION, ..._MAJOR, and ..._MINOR |
| variables. [Stefan Fritsch] |
| |
| *) core: New directive RegisterHttpMethod for registering non-standard |
| HTTP methods. [Stefan Fritsch] |
| |
| *) core: New directive HttpProtocol which allows to disable HTTP/0.9 |
| support. [Stefan Fritsch] |
| |
| *) mod_allowhandlers: New module to forbid specific handlers for specific |
| directories. [Stefan Fritsch] |
| |
| *) mod_systemd: New module, for integration with systemd on Linux. |
| [Jan Kaluza <jkaluza redhat.com>] |
| |
| *) WinNT MPM: Store pid and generation for each thread in scoreboard |
| to allow tracking of threads from exiting children via mod_status |
| or other such mechanisms. [Jeff Trawick] |
| |
| *) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR: |
| - APIs: ap_log_pid(), ap_remove_pid, ap_read_pid() |
| - mod_cache: thundering herd lock directory |
| - mod_lbmethod_heartbeat, mod_heartmonitor: heartbeat storage file |
| - mod_ldap: shared memory cache |
| - mod_socache_shmcb, mod_socache_dbm: shared memory or dbm for cache |
| [Jeff Trawick] |
| |
| *) suexec: Add --enable-suexec-capabilites support on Linux, to use |
| setuid/setgid capability bits rather than a setuid root binary. |
| [Joe Orton] |
| |
| *) suexec: Add support for logging to syslog as an alternative to logging |
| to a file; configure --without-suexec-logfile --with-suexec-syslog. |
| [Joe Orton] |
| |
| *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210. |
| [Matthew Steele <mdsteele google.com>] |
| |
| *) cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will |
| be compiled by the build compiler instead of the host compiler. |
| Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected. |
| PR 51257. [Guenter Knauf] |
| |
| *) core: In maintainer mode, replace apr_palloc with a version that |
| initializes the allocated memory with non-zero values, except if |
| AP_DEBUG_NO_ALLOC_POISON is defined. [Stefan Fritsch] |
| |
| *) mod_policy: Add a new testing module to help server administrators |
| enforce a configurable level of protocol compliance on their |
| servers and application servers behind theirs. [Graham Leggett] |
| |
| *) mod_firehose: Add a new debugging module able to record traffic |
| passing through the server in such a way that connections and/or |
| requests be reconstructed and replayed. [Graham Leggett] |
| |
| *) mod_noloris |
| |
| *) APREQ |
| |
| *) Simple MPM |
| |
| *) mod_serf |
| |
| [Apache 2.5.0-dev includes those bug fixes and changes with the |
| Apache 2.4.xx tree as documented below, except as noted.] |
| |
| Changes with Apache 2.4.x and later: |
| |
| *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup |
| |
| Changes with Apache 2.2.x and later: |
| |
| *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup |
| |
| Changes with Apache 2.0.x and later: |
| |
| *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup |
| |