| -*- coding: utf-8 -*- |
| Changes with Apache 2.2.12 |
| |
| *) mod_substitute: Fix a memory leak. PR 44948 |
| [Dan Poirier <poirier pobox.com>] |
| |
| *) mod_proxy_ajp: Forward remote port information by default. |
| [Rainer Jung] |
| |
| *) mod_disk_cache/mod_mem_cache: Fix handling of CacheIgnoreHeaders |
| directive to correctly remove headers before storing them. |
| [Lars Eilebrecht] |
| |
| *) mod_deflate: revert changes in 2.2.8 that caused an invalid |
| etag to be emitted for on-the-fly gzip content-encoding. |
| PR 39727 will require larger fixes and this fix was far more |
| harmful than the original code. PR 45023. [Roy T. Fielding] |
| |
| *) mod_disk_cache: The module now turns off sendfile support if |
| 'EnableSendfile off' is defined globally. PR 41218. |
| [Lars Eilebrecht, Issac Goldstand] |
| |
| *) prefork: Fix child process hang during graceful restart/stop in |
| configurations with multiple listening sockets. PR 42829. [Joe Orton, |
| Jeff Trawick] |
| |
| *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the |
| size of the buffer used for the request-body where necessary |
| during a per-dir renegotiation. PR 39243. [Joe Orton] |
| |
| *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome |
| way that per-directory rewrites append the previous notion of PATH_INFO |
| to each substitution before evaluating subsequent rules. |
| PR38642 [Eric Covener] |
| |
| *) mod_authnz_ldap: Reduce number of initialization debug messages and make |
| information more clear. PR 46342 [Dan Poirier] |
| |
| *) mod_cache: Introduce 'no-cache' per-request environment variable |
| to prevent the saving of an otherwise cacheable response. |
| [Eric Covener] |
| |
| *) core: Translate the status line to ASCII on EBCDIC platforms in |
| ap_send_interim_response() and for locally generated "100 Continue" |
| responses. [Eric Covener] |
| |
| *) CGI: return 504 (Gateway timeout) rather than 500 when a script |
| times out before returning status line/headers. |
| PR 42190 [Nick Kew] |
| |
| *) prefork: Log an error instead of segfaulting when child startup fails |
| due to pollset creation failures. PR 46467. [Jeff Trawick] |
| |
| *) mod_ext_filter: fix error handling when the filter prog fails to start, |
| and introduce an onfail configuration option to abort the request |
| or to remove the broken filter and continue. |
| PR 41120 [Nick Kew] |
| |
| *) mod_include: support generating non-ASCII characters as entities in SSI |
| PR 25202 [Nick Kew] |
| |
| *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars |
| [Nick Kew] |
| |
| *) mod_rewrite: fix "B" flag breakage by reverting r589343 |
| PR 45529 [Bob Ionescu <bobsiegen googlemail.com>] |
| |
| *) mod_cgid: fix segfault problem on solaris. |
| PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>, Jeff Trawick] |
| |
| *) mod_ldap: Avoid a segfault when result->rc is checked in uldap_connection_init |
| when result is NULL. This could happen if LDAP initialization failed. |
| PR 45994. [Dan Poirier <poirier pobox.com>] |
| |
| *) Set Listen protocol to "https" if port is set to 443 and no proto is specified |
| (as documented but not implemented). PR 46066 [Dan Poirier <poirier pobox.com>] |
| |
| *) mod_cache: Correctly save Content-Encoding of cachable entity. PR 46401 |
| [Dan Poirier <poirier pobox.com>] |
| |
| *) Output -M and -S dumps (modules and vhosts) to stdout instead of stderr. |
| PR 42571 and PR 44266 (dup). [Dan Poirier <poirier pobox.com>] |
| |
| *) mod_cache: When an explicit Expires or Cache-Control header is set, cache |
| normally non-cacheable response statuses. PR 46346. |
| [Alex Polvi <alex polvi.net>] |
| |
| Changes with Apache 2.2.11 |
| |
| *) core: When the ap_http_header_filter processes an error bucket, cleanup |
| the passed brigade before returning AP_FILTER_ERROR down the filter |
| chain. This unambiguously ensures the same error bucket isn't revisited |
| [Ruediger Pluem] |
| |
| *) core: Error responses set by filters were being coerced into 500 errors, |
| sometimes appended to the original error response. Log entry of: |
| 'Handler for (null) returned invalid result code -3' |
| [Eric Covener] |
| |
| *) configure: Don't reject libtool 2.x |
| PR 44817 [Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA gmail.com>] |
| |
| *) mod_autoindex: add configuration option to insert string |
| in HTML HEAD (IndexHeadInsert). [Nick Kew] |
| |
| *) Add new LogFormat parameter, %k, which logs the number of |
| keepalive requests on this connection for this request. |
| PR 45762 [Dan Poirier <poirier pobox.com>, Jim Jagielski] |
| |
| *) Export and install the mod_rewrite.h header to ensure the optional |
| rewrite_mapfunc_t and ap_register_rewrite_mapfunc functions are |
| available to third party modules. [Graham Leggett] |
| |
| *) mod_cache: Convert age of cached object to seconds before comparing it to |
| age supplied by the request when checking whether to send a Warning |
| header for a stale response. PR 39713. [Owen Taylor <otaylor redhat.com>] |
| |
| *) Build: Correctly set SSL_LIBS during openssl detection if pkgconfig is |
| not available. PR 46018 [Ruediger Pluem] |
| |
| *) mod_proxy_ajp: Do not fail if response data is sent before all request |
| data is read. PR 45911 [Ruediger Pluem] |
| |
| *) mod_proxy_balancer: Add in forced recovery for balancer members if |
| all are in error state. [Mladen Turk] |
| |
| *) mod_proxy: Prevent segmentation faults by correctly adjusting the |
| lifetime of the buckets read from the proxy backend. PR 45792 |
| [Ruediger Pluem] |
| |
| *) mod_expires: Do not sets negative max-age / Expires header in the past. |
| PR 39774 [Jim Jagielski] |
| |
| *) mod_info: Was displaying the wrong value for the KeepAliveTimeout |
| value. [Jim Jagielski] |
| |
| *) mod_proxy_ajp: Fix wrongly formatted requests where client |
| sets Content-Length header, but doesn't provide a body. |
| Servlet container always expects that next packet is |
| body whenever C-L is present in the headers. This can lead |
| to wrong interpretation of the packets. In this case |
| send the empty body packet, so container can deal with |
| that. [Mladen Turk] |
| |
| *) core: Add ap_timeout_parameter_parse to public API. [Ruediger Pluem] |
| |
| *) mod_proxy: Add the possibility to set the worker parameters |
| connectiontimeout and ping in milliseconds. [Ruediger Pluem] |
| |
| *) Worker MPM: Crosscheck that idle workers are still available before using |
| them and thus preventing an overflow of the worker queue which causes |
| a SegFault. PR 45605 [Denis Ustimenko <denusk gmail.com>] |
| |
| *) Windows: Always build the odbc dbd driver on windows, to be consistent |
| with the apr-util default. [Tom Donovan] |
| |
| Changes with Apache 2.2.10 |
| |
| *) SECURITY: CVE-2008-2939 (cve.mitre.org) |
| mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of |
| the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem] |
| |
| *) Allow for smax to be 0 for balancer members so that all idle |
| connections are able to be dropped should they exceed ttl. |
| PR 43371 [Phil Endecott <spam_from_apache_bugzilla chezphil.org>, |
| Jim Jagielski] |
| |
| *) mod_proxy_http: Don't trigger a retry by the client if a failure to |
| read the response line was the result of a timeout. |
| [Adam Woodworth <mirkperl gmail.com>] |
| |
| *) Support chroot on Unix-family platforms |
| PR 43596 [Dimitar Pashev <mitko banksoft-bg.com>] |
| |
| *) mod_ssl: implement dynamic mutex callbacks for the benefit of |
| OpenSSL. [Sander Temme] |
| |
| *) mod_proxy_balancer: Add 'bybusyness' load balance method. |
| [Joel Gluth <joelgluth yahoo.com.au>, Jim Jagielski] |
| |
| *) mod_authn_alias: Detect during startup when AuthDigestProvider |
| is configured to use an incompatible provider via AuthnProviderAlias. |
| PR 45196 [Eric Covener] |
| |
| *) mod_proxy: Add 'scolonpathdelim' parameter to allow for ';' to also be |
| used as a session path separator/delim PR 45158. [Jim Jagielski] |
| |
| *) mod_charset_lite: Avoid dropping error responses by handling meta buckets |
| correctly. PR 45687 [Dan Poirier <poirier pobox.com>] |
| |
| *) mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to |
| avoid reusing pooled connections if the client connection is an initial |
| connection. PR 37770. [Ruediger Pluem] |
| |
| *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags. |
| PR 44799 [Christian Wenz <christian wenz.org>] |
| |
| *) mod_ssl: Rewrite shmcb to avoid memory alignment issues. PR 42101. |
| [Geoff Thorpe] |
| |
| *) mod_proxy: Add connectiontimeout parameter for proxy workers in order to |
| be able to set the timeout for connecting to the backend separately. |
| PR 45445. [Ruediger Pluem, rahul <rahul sun.com>] |
| |
| *) mod_dav_fs: Retrieve minimal system information about directory |
| entries when walking a DAV fs, resolving a performance degradation on |
| Windows. PR 45464. [Joe Orton, Jeff Trawick] |
| |
| *) mod_cgid: Pass along empty command line arguments from an ISINDEX |
| query that has consecutive '+' characters in the QUERY_STRING, |
| matching the behavior of mod_cgi. |
| [Eric Covener] |
| |
| *) mod_headers: Prevent Header edit from processing only the first header |
| of possibly multiple headers with the same name and deleting the |
| remaining ones. PR 45333. [Ruediger Pluem] |
| |
| *) mod_proxy_balancer: Move nonce field in the balancer manager page inside |
| the html form where it belongs. PR 45578. [Ruediger Pluem] |
| |
| *) mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to |
| known HTTP/1.0 servers. Return 'Expectation failed' (417) instead. |
| [Ruediger Pluem] |
| |
| *) mod_rewrite: Preserve the query string when [proxy,noescape]. PR 45247. |
| [Tom Donovan] |
| |
| Changes with Apache 2.2.9 |
| |
| *) SECURITY: CVE-2008-2364 (cve.mitre.org) |
| mod_proxy_http: Better handling of excessive interim responses |
| from origin server to prevent potential denial of service and high |
| memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem, |
| Joe Orton, Jim Jagielski] |
| |
| *) SECURITY: CVE-2007-6420 (cve.mitre.org) |
| mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager |
| interface. [Joe Orton] |
| |
| *) core: Fix address-in-use startup failure on some platforms caused |
| by creating an IPv4 listener which overlaps with an existing IPv6 |
| listener. [Jeff Trawick] |
| |
| *) mod_proxy: Make all proxy modules nocanon aware and do not add the |
| query string again in this case. PR 44803. |
| [Jim Jagielski, Ruediger Pluem] |
| |
| *) mod_unique_id: Fix timestamp value in UNIQUE_ID. |
| PR 37064 [Kobayashi <kobayashi firstserver.co.jp>] |
| |
| *) htpasswd: Fix salt generation weakness. PR 31440 |
| [Andreas Krennmair <ak synflood.at>, Peter Watkins <peterw tux.org>, |
| Paul Querna] |
| |
| *) core: Add the filename of the configuration file to the warning message |
| about the useless use of AllowOverride. PR 39992. |
| [Darryl Miles <darryl darrylmiles.org>] |
| |
| *) scoreboard: Remove unused proxy load balancer elements from scoreboard |
| image (not scoreboard memory itself). [Chris Darroch] |
| |
| *) mod_proxy: Support environment variable interpolation in reverse |
| proxying directives. [Nick Kew] |
| |
| *) suexec: When group is given as a numeric gid, validate it by looking up |
| the actual group name such that the name can be used in log entries. |
| PR 7862 [<y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>] |
| |
| *) Fix garbled TRACE response on EBCDIC platforms. |
| [David Jones <oscaremma gmail.com>] |
| |
| *) ab: Include <limits.h> earlier if available since we may need |
| INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS. |
| PR 45024 [Ruediger Pluem] |
| |
| *) ab: Improve client performance by clearing connection pool instead |
| of destroying it. PR 40054 [Brad Roberts <braddr puremagic.com>] |
| |
| *) ab: Don't stop sending a request if EAGAIN is returned, which |
| will only happen if both the write and subsequent wait are |
| returning EAGAIN, and count posted bytes correctly when the initial |
| write of a request is not complete. PR 10038, 38861, 39679 |
| [Patrick McManus <mcmanus datapower.com>, |
| Stefan Fleiter <stefan.fleiter web.de>, |
| Davanum Srinivas, Roy T. Fielding] |
| |
| *) ab: Overhaul stats collection and reporting to avoid integer |
| truncation and time divisions within the test loop, retain |
| native time resolution until output, remove unused data, |
| consistently round milliseconds, and generally avoid losing |
| accuracy of calculation due to type casts. PR 44878, 44931. |
| [Roy T. Fielding] |
| |
| *) ab: Add -r option to continue after socket receive errors. |
| [Filip Hanik <devlist hanik.com>] |
| |
| *) core: Do not allow Options ALL if not all options are allowed to be |
| overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>] |
| |
| *) mod_cache: Handle If-Range correctly if the cached resource was stale. |
| PR 44579 [Ruediger Pluem] |
| |
| *) mod_proxy: Do not try a direct connection if the connection via a |
| remote proxy failed before and the request has a request body. |
| [Ruediger Pluem] |
| |
| *) mod_proxy_ajp: Do not retry request in the case that we either failed to |
| sent a part of the request body or if the request is not idempotent. |
| PR 44334 [Ruediger Pluem] |
| |
| *) mod_rewrite: Initialize hash needed by ap_register_rewrite_mapfunc early |
| enough. PR 44641 [Daniel Lescohier <daniel.lescohier cnet.com>] |
| |
| *) mod_dav: Return "method not allowed" if the destination URI of a WebDAV |
| copy / move operation is no DAV resource. PR 44734 [Ruediger Pluem] |
| |
| *) http_filters: Don't return 100-continue on redirects. PR 43711 |
| [Ruediger Pluem] |
| |
| *) mod_ssl: Fix a memory leak with connections that have zlib compression |
| turned on. PR 44975 [Joe Orton, Amund Elstad <Amund.Elstad ist.com>, |
| Dr Stephen Henson <steve openssl.org>] |
| |
| *) mod_proxy: Trigger a retry by the client in the case we fail to read the |
| response line from the backend by closing the connection to the client. |
| PR 37770 [Ruediger Pluem] |
| |
| *) gen_test_char: add double-quote to the list of T_HTTP_TOKEN_STOP. |
| PR 9727 [Ville Skytt <ville.skytta iki.fi>] |
| |
| *) core: reinstate location walk to fix config for subrequests |
| PR 41960 [Jose Kahan <jose w3.org>] |
| |
| *) rotatelogs: Log the current file size and error code/description |
| when failing to write to the log file. [Jeff Trawick] |
| |
| *) rotatelogs: Added '-f' option to force rotatelogs to create the |
| logfile as soon as started, and not wait until it reads the |
| first entry. [Jim Jagielski] |
| |
| *) rotatelogs: Don't leak memory when reopening the logfile. |
| PR 40183 [Ruediger Pluem, Takashi Sato <serai lans-tv.com>] |
| |
| *) rotatelogs: Improve atomicity when using -l and cleaup code. |
| PR 44004 [Rainer Jung] |
| |
| *) mod_authn_dbd: Disambiguate and tidy database authentication |
| error messages. PR 43210. [Chris Darroch, Phil Endecott |
| <spam_from_apache_bugzilla chezphil.org>] |
| |
| *) mod_headers: Add 'merge' option to avoid duplicate values within |
| the same header. [Chris Darroch] |
| |
| *) mod_cgid: Explicitly set permissions of the socket (ScriptSock) shared by |
| mod_cgid and request processing threads, for OS'es such as HPUX and AIX |
| that do not use umask for AF_UNIX socket permissions. |
| [Eric Covener, Jeff Trawick] |
| |
| *) mod_cgid: Don't try to restart the daemon if it fails to initialize |
| the socket. [Jeff Trawick] |
| |
| *) mod_log_config: Add format options for %p so that the actual local |
| or remote port can be logged. PR 43415. [Adam Hasselbalch Hansen |
| <ahh@one.com>, Ruediger Pluem, Jeff Trawick] |
| |
| *) Added 'disablereuse' option for ProxyPass which, essentially, |
| disables connection pooling for the backend servers. |
| [Jim Jagielski] |
| |
| *) mod_speling: remove regression from 1.3/2.0 behavior and |
| drop dependency between mod_speling and AcceptPathInfo. |
| PR 43562 [Jose Kahan <jose w3.org>] |
| |
| *) mod_substitute: The default is now flattening the buckets after |
| each substitution. The newly added 'q' flag allows for the |
| quicker, more efficient bucket-splitting if the user so |
| desires. [Jim Jagielski] |
| |
| *) http_filters: Don't spin if get an error when reading the |
| next chunk. PR 44381 [Ruediger Pluem] |
| |
| *) ab: Do not try to read non existing response bodies of HEAD requests. |
| PR 34275 [Takashi Sato <serai lans-tv.com>] |
| |
| *) ab: Use a 64 bit unsigned int instead of a signed long to count the |
| bytes transferred to avoid integer overflows. PR 44346 [Ruediger Pluem] |
| |
| *) ProxyPassReverse is now balancer aware. [Jim Jagielski] |
| |
| *) mod_include: Correctly handle SSI directives split over multiple filter |
| passes. PR 44447 [Harald Niesche <harald brokenerror.de>] |
| |
| *) mod_cache: Revalidate cache entities which have Cache-Control: no-cache |
| set in their response headers. PR 44511 [Ruediger Pluem] |
| |
| *) mod_rewrite: Check all files used by DBM maps for freshness, mod_rewrite |
| didn't pick up on updated sdbm maps due to this. |
| PR41190 [Niklas Edmundsson] |
| |
| *) mod_proxy: Lower memory consumption for short lived connections. |
| PR 44026. [Ruediger Pluem] |
| |
| *) mod_proxy: Keep connections to the backend persistent in the HTTPS case. |
| [Ruediger Pluem] |
| |
| *) Don't add bogus duplicate Content-Language entries |
| PR 11035 [Davi Arnaut] |
| |
| *) Worker / Event MPM: Fix race condition in pool recycling that leads to |
| segmentation faults under load. PR 44402 |
| [Basant Kumar Kukreja <basant.kukreja sun.com>] |
| |
| *) mod_proxy_ftp: Fix base for directory listings. |
| PR 27834 [Nick Kew] |
| |
| *) mod_logio: Provide optional function to allow modules to adjust the |
| bytes_in count [Eric Covener] |
| |
| *) http_filters: Don't return 100-continue on client error |
| PR 43711 [Chetan Reddy <chetanreddy gmail.com>] |
| |
| *) mod_charset_lite: Add TranslateAllMimeTypes sub-option to |
| CharsetOptions, allowing the administrator to skip the |
| mimetype checking that precedes translation. |
| PR 44458 [Eric Covener] |
| |
| *) mod_proxy_http: Fix processing of chunked responses if |
| Connection: Transfer-Encoding is set in the response of the proxied |
| system. PR 44311 [Ruediger Pluem] |
| |
| *) mod_proxy_http: Return HTTP status codes instead of apr_status_t |
| values for errors encountered while forwarding the request body |
| PR 44165 [Eric Covener] |
| |
| *) mod_rewrite: Don't canonicalise URLs with [P,NE] |
| PR 43319 [<rahul sun.com>] |
| |
| Changes with Apache 2.2.8 |
| |
| *) core: Fix regression in 2.2.7 in chunk filtering with massively |
| chunked requests. [Ruediger Pluem, Nick Kew] |
| |
| *) winnt_mpm: Resolve modperl issues by redirecting console mode stdout |
| to /Device/Nul as the server is starting up, mirroring unix MPM's. |
| PR: 43534 [Tom Donovan <Tom.Donovan acm.org>, William Rowe] |
| |
| *) winnt_mpm: Restore Win32DisableAcceptEx On directive and Win9x platform |
| by recreating the bucket allocator each time the trans pool is cleared. |
| PR: 11427 #16 (follow-on) [Tom Donovan <Tom.Donovan acm.org>] |
| |
| *) mod_dav: Fix evaluation of If-Match * and If-None-Match * conditionals. |
| PR 38034 [Paritosh Shah <shah.paritosh gmail.com>] |
| |
| Changes with Apache 2.2.7 (not released) |
| |
| *) SECURITY: CVE-2007-6421 (cve.mitre.org) |
| mod_proxy_balancer: Correctly escape the worker route and the worker |
| redirect string in the HTML output of the balancer manager. |
| Reported by SecurityReason. [Ruediger Pluem] |
| |
| *) SECURITY: CVE-2007-6422 (cve.mitre.org) |
| Prevent crash in balancer manager if invalid balancer name is passed |
| as parameter. Reported by SecurityReason. [Ruediger Pluem] |
| |
| *) SECURITY: CVE-2007-6388 (cve.mitre.org) |
| mod_status: Ensure refresh parameter is numeric to prevent |
| a possible XSS attack caused by redirecting to other URLs. |
| Reported by SecurityReason. [Mark Cox, Joe Orton] |
| |
| *) SECURITY: CVE-2007-5000 (cve.mitre.org) |
| mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT. |
| [Joe Orton] |
| |
| *) SECURITY: CVE-2008-0005 (cve.mitre.org) |
| Introduce the ProxyFtpDirCharset directive, allowing the administrator |
| to identify a default, or specific servers or paths which list their |
| contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem] |
| |
| *) mod_dav: Adjust etag generation to produce identical results on 32-bit |
| and 64-bit platforms and avoid a regression with conditional PUT's on lock |
| and etag. PR 44152. |
| [Michael Clark <michael metaparadigm.com>, Ruediger Pluem] |
| |
| *) mod_ssl: Fix handling of the buffered request body during a per-location |
| renegotiation, when an internal redirect occurs. PR 43738. |
| [Joe Orton] |
| |
| *) mod_ldap: Try to establish a new backend LDAP connection when the |
| Microsoft LDAP client library returns LDAP_UNAVAILABLE, e.g. after the |
| LDAP server has closed the connection due to a timeout. |
| PR 39095 [Eric Covener] |
| |
| *) log.c: Ensure Win32 resurrects its lost robust logger processes. |
| [William Rowe] |
| |
| *) mod_disk_cache: Delete temporary files if they cannot be renamed to their |
| final name. [Davi Arnaut <davi haxent.com.br>] |
| |
| *) Add explicit charset to the output of various modules to work around |
| possible cross-site scripting flaws affecting web browsers that do not |
| derive the response character set as required by RFC2616. One of these |
| reported by SecurityReason [Joe Orton] |
| |
| *) http_protocol: Escape request method in 405 error reporting. |
| This has no security impact since the browser cannot be tricked |
| into sending arbitrary method strings. [Jeff Trawick] |
| |
| *) mod_ssl: Fix SSL client certificate extensions parsing bug. PR 44073. |
| [yl <yl bee-ware.net>] |
| |
| *) mod_proxy_ajp: Use 64K as maximum AJP packet size. This is the maximum |
| length we can squeeze inside the AJP message packet. |
| [Mladen Turk] |
| |
| *) core: Lower memory consumption of ap_r* functions by reusing the brigade |
| instead of recreating it during each filter pass. |
| [Stefan Fritsch <sf sfritsch.de>] |
| |
| *) core: Lower memory consumption in case that flush buckets are passed thru |
| the chunk filter as last bucket of a brigade. PR 23567. |
| [Stefan Fritsch <sf sfritsch.de>] |
| |
| *) core: Fix broken chunk filtering that causes all non blocking reads to be |
| converted into blocking reads. PR 19954, 41056. |
| [Jean-Frederic Clere, Jim Jagielski] |
| |
| *) mod_rewrite: Add the novary flag to RewriteCond. |
| [Ruediger Pluem] |
| |
| *) core: Change etag generation to produce identical results on |
| 32-bit and 64-bit platforms. PR 40064. [Joe Orton] |
| |
| *) http_protocol: Escape request method in 413 error reporting. |
| Determined to be not generally exploitable, but a flaw in any case. |
| PR 44014 [Victor Stinner <victor.stinner inl.fr>] |
| |
| *) mod_filter: Don't segfault on (unsupported) chained FilterProvider usage. |
| PR 43956 [Nick Kew, Ruediger Pluem] |
| |
| *) core: Handle unrecognised transfer-encodings. |
| PR 43882 [Nick Kew, Jeff Trawick] |
| |
| *) mod_include: Add an "if" directive syntax to test whether an URL |
| is accessible, and if so, conditionally display content. This |
| allows a webmaster to hide a link to a private page when the user |
| has no access to that page. [Graham Leggett] |
| |
| *) Various code cleanups. PR 38699, 39518, 42005, 42006, 42007, 42008, 42009 |
| [Christophe Jaillet <christophe.jaillet wanadoo.fr>] |
| |
| *) mod_proxy_http: Correctly forward unexpected interim (HTTP 1xx) |
| responses from the backend according to RFC2616. But make it |
| configurable in case something breaks on it. |
| PR 16518 [Nick Kew] |
| |
| *) mod_substitute: Added a new output filter, which performs |
| inline response content pattern matching (including regex) |
| and substitution. [Jim Jagielski, Ruediger Pluem] |
| |
| *) rotatelogs: Change command-line parsing to report more types |
| of errors. Allow local timestamps to be used when rotating based |
| on file size. [Jeff Trawick] |
| |
| *) mod_proxy: Canonicalisation improvements. Add "nocanon" keyword to |
| ProxyPass, to suppress URI-canonicalisation in a reverse proxy. Also, |
| don't escape/unescape forward-proxied URLs. |
| PR 41798, 42592 [Nick Kew, Ruediger Pluem, Roy Fielding, Jim Jagielski] |
| |
| *) mod_status: Add SeeRequestTail directive, which determines if |
| ExtendedStatus displays the 1st 63 characters of the request |
| or the last 63. Useful for those requests with large string |
| lengths and which only vary with the last several characters. |
| [Jim Jagielski] |
| |
| *) mod_ssl: Prevent memory corruption of version string. |
| PR 43865, 43334 [William Rowe, Joe Orton] |
| |
| *) core: Avoid some unexpected connection closes by telling the client |
| that the connection is not persistent if the MPM process handling |
| the request is already exiting when the response header is built. |
| [Jeff Trawick] |
| |
| *) mod_autoindex: Generate valid XHTML output by adding the xhtml |
| namespace. PR 43649 [Jose Kahan <jose w3.org>] |
| |
| *) mod_ldap: Give callers a reference to data copied into the request |
| pool instead of references directly into the cache |
| PR 43786 [Eric Covener] |
| |
| *) mod_ldap: Stop passing a reference to pconf around for |
| (limited) use during request processing, avoiding possible |
| memory corruption and crashes. [Eric Covener] |
| |
| *) Event MPM: Add support for running under mod_ssl, by reverting to the |
| Worker MPM behaviors, when run under an input filter that buffers |
| its own data. [Paul Querna] |
| |
| *) mod_charset_lite: Don't crash when the request has no associated |
| filename. [Jeff Trawick] |
| |
| *) Core: fix possible crash at startup in case of nonexistent DocumentRoot. |
| PR 39722 [Adrian Buckley <adrian.buckley ntlworld.com>] |
| |
| *) HTTP protocol: Add "DefaultType none" option. |
| PR 13986 and PR 16139 [Nick Kew] |
| |
| *) mod_rewrite: Add option to suppress URL unescaping |
| PR 34602 [Guenther Gsenger <guenther.gsenger gmail.com>] |
| |
| *) mpm_winnt: Eliminate wait_for_many_objects. Allows the clean |
| shutdown of the server when the MaxClients is higher then 257, |
| in a more responsive manner [Mladen Turk, William Rowe] |
| |
| *) mod_proxy_http: Remove Warning headers with wrong date |
| PR 16138 [Nick Kew] |
| |
| *) mod_proxy_http: Correctly parse all Connection headers in proxy. |
| PR 43509 [Nick Kew] |
| |
| *) mod_proxy_http: add Via header correctly (if enabled) to |
| response, even where other Via headers exist. |
| PR 19439 [Nick Kew] |
| |
| *) http_core: OPTIONS * no longer maps to local storage or URI |
| space. Note that unlike previous versions, OPTIONS * no |
| longer returns an Allow: header. PR 43519 [Jim Jagielski] |
| |
| *) mod_proxy_http: strip hop-by-hop response headers |
| PR 43455 [Nick Kew] |
| |
| *) mod_proxy: Don't by default violate RFC2616 by setting |
| Max-Forwards when the client didn't send it to us. |
| Leave that as a configuration option. |
| PR 16137 [Nick Kew] |
| |
| *) scoreboard: improve error message on apr_shm_create failure |
| PR 40037 [Nick Kew] |
| |
| *) proxy: Fix persistent backend connections. |
| PR 43472 [Ruediger Pluem] |
| |
| *) mod_deflate: initialise inflate-out filter correctly when the |
| first brigade contains no data buckets. |
| PR 43512 [Nick Kew] |
| |
| *) mod_proxy_ajp: Ignore any ajp13 flush packets received before |
| we send the response headers. See Tomcat PR 43478. |
| [Jim Jagielski] |
| |
| *) mod_proxy_balancer: Do not reset lbstatus, lbfactor and lbset when |
| starting a new child. |
| PR 39907 [Vinicius Petrucci <vpetrucci gmail.com>, Ruediger Pluem] |
| |
| *) mod_proxy_http: Propagate Proxy-Authorization header correctly. |
| PR 25947 [Nick Kew] |
| |
| *) mod_proxy_ajp: Differentiate within AJP between GET and HEAD |
| requests. PR 43060 [Jim Jagielski] |
| |
| *) Don't send spurious "100 Continue" response lines. |
| PR 38014 [Basant Kumar Kukreja <basant.kukreja sun.com>] |
| |
| *) mod_proxy_ftp: Don't segfault on bad line in FTP listing |
| PR 40733 [Ulf Harnhammar <metaur telia.com>] |
| |
| *) mod_proxy: escape error-notes correctly |
| PR 40952 [Thijs Kinkhorst <thijs debian.org>] |
| |
| *) mod_proxy: check ProxyBlock for all blocked addresses |
| PR 36987 [Timo Viipuri <timo.viipuri f-secure.com>] |
| |
| *) mod_proxy: Don't lose bytes when a response line arrives in small chunks. |
| PR 40894 [Andrew Rucker Jones <arjones simultan.dyndns.org>] |
| |
| Changes with Apache 2.2.6 |
| |
| *) SECURITY: CVE-2007-3847 (cve.mitre.org) |
| mod_proxy: Prevent reading past the end of a buffer when parsing |
| date-related headers. PR 41144. |
| [Davi Arnaut, Nick Kew] |
| |
| *) SECURITY: CVE-2007-1863 (cve.mitre.org) |
| mod_cache: Prevent a segmentation fault if attributes are listed in a |
| Cache-Control header without any value. |
| [Niklas Edmundsson <nikke acc.umu.se>] |
| |
| *) SECURITY: CVE-2007-3304 (cve.mitre.org) |
| prefork, worker, event MPMs: Ensure that the parent process cannot |
| be forced to kill processes outside its process group. |
| [Joe Orton, Jim Jagielski] |
| |
| *) SECURITY: CVE-2006-5752 (cve.mitre.org) |
| mod_status: Fix a possible XSS attack against a site with a public |
| server-status page and ExtendedStatus enabled, for browsers which |
| perform charset "detection". Reported by Stefan Esser. [Joe Orton] |
| |
| *) SECURITY: CVE-2007-1862 (cve.mitre.org) |
| mod_mem_cache: Copy headers into longer lived storage; header names and |
| values could previously point to cleaned up storage. PR 41551. |
| [Davi Arnaut <davi haxent.com.br>] |
| |
| *) mod_info: mod_info outputs invalid XHTML 1.0 transitional. |
| PR 42847 [Rici Lake <rici ricilake.net>] |
| |
| *) mod_ssl: Fix spurious hostname mismatch warning for valid |
| wildcard certificates. PR 37911. [Nick Burch <nick torchbox.com>] |
| |
| *) mod_mem_cache: Increase the minimum and default value for |
| MCacheMinObjectSize from 0 to 1, as a MCacheMinObjectSize of 0 does not |
| make sense and leads to a division by zero. PR 40576. |
| [Xuekun Hu <xuekun.hu gmail.com>] |
| |
| *) mod_cache: Remove expired content from cache that cannot be revalidated. |
| PR 30370. [Ruediger Pluem] |
| |
| *) mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as synonymous. |
| PR 43183 [Brian Rectanus <Brian.Rectanus breach.com>, Vincent Bray] |
| |
| *) mod_proxy: Ensure that at least scheme://hostname[:port] matches between |
| worker and URL when searching for the best fitting worker for a given URL. |
| PR 40910 [Ruediger Pluem] |
| |
| *) mod_proxy: Improve network performance by setting APR_TCP_NODELAY |
| (disable Nagle algorithm) on sockets if implemented. |
| PR 42871 [Christian BOITEL <christian_boitel yahoo.fr>, Jim Jagielski] |
| |
| *) core: Do not replace a Date header set by a proxied backend server. |
| PR 40232 [Ruediger Pluem] |
| |
| *) mod_proxy: Add a missing assignment in an error checking code path. |
| PR 40865 [Andrew Rucker Jones <arjones simultan.dyndns.org>] |
| |
| *) mod_proxy_connect: avoid segfault on DNS lookup failure. |
| PR 40756 [Trevin Beattie <tbeattie boingo.com>] |
| |
| *) mod_proxy: enable Ignore Errors option on ProxyPass Status. |
| PR 43167 [Francisco Gimeno <kikov kikov.org> |
| |
| *) mod_proxy_http: Don't try to read body of a HEAD request before |
| responding. PR 41644 [Stuart Children <stuart terminus.co.uk>] |
| |
| *) mod_authnz_ldap: Don't return HTTP_UNAUTHORIZED during authorization when |
| LDAP authentication is configured but we haven't seen any |
| 'Require ldap-*' directives, allowing authorization to be passed to lower |
| level modules (e.g. Require valid-user) |
| PR 43281 [Eric Covener] |
| |
| *) mod_proxy: don't URLencode tilde in path component |
| PR 38448 [Stijn Hoop <stijn sandcat.nl>] |
| |
| *) proxy/ajp_header.c: Fixed header token string comparisons |
| Matching of header tokens failed to include the trailing NIL byte |
| and could misinterpret a longer header token for a shorter. |
| Additionally, a "Content-Type" comparison was made case insensitive. |
| [Martin Kraemer] |
| |
| *) proxy/ajp_header.c: Backport of an AJP protocol fix for EBCDIC |
| On EBCDIC machines, the status_line string was incorrectly converted |
| twice. [Jean-Frederic Clere, Martin Kraemer] |
| |
| *) mod_dumpio: Fix for correct dumping of traffic on EBCDIC hosts |
| Data had been incorrectly converted twice, resulting in |
| garbled log output. [Martin Kraemer] |
| |
| *) mod_autoindex: Add in Type and Charset options to IndexOptions |
| directive. This allows the admin to explicitly set the |
| content-type and charset of the generated page and is therefore |
| a viable workaround for buggy browsers affected by CVE-2007-4465 |
| (cve.mitre.org). [Jim Jagielski] |
| |
| *) log core: ensure we use a special pool for stderr logging, so that |
| the stderr channel remains valid from the time plog is destroyed, |
| until the time the open_logs hook is called again. [William Rowe] |
| |
| *) mod_negotiation: preserve Query String in resolving a type map |
| PR 33112 [Jørgen Thomsen <apache jth.net>, Nick Kew] |
| |
| *) mod_ssl: Version reporting update; displays 'compiled against' |
| Apache and build-time SSL Library versions at loglevel [info], |
| while reporting the run-time SSL Library version in the server |
| info tags. Helps to identify a mod_ssl built against one flavor |
| of OpenSSL but running against another (also adds SSL-C version |
| number reporting.) [William Rowe] |
| |
| *) mime.types: Many updates to sync with IANA registry and common |
| unregistered types that the owners refuse to register. Admins |
| are encouraged to update their installed mime.types file. |
| PR: 35550, 37798, 39317, 31483 [Roy T. Fielding] |
| |
| *) mod_expires: don't crash on bad configuration data |
| PR 43213 [Julien Perez <julien.perez epsylonia.net>] |
| |
| *) mod_dbd: Introduce configuration groups to allow inheritance by virtual |
| hosts of database configurations from the main server. Determine the |
| minimal set of distinct configurations and share connection pools |
| whenever possible. Allow virtual hosts to override inherited SQL |
| statements. PR 41302. [Chris Darroch] |
| |
| *) mod_dbd: Create memory sub-pools for each DB connection and close |
| DB connections in a pool cleanup function. Ensure prepared statements |
| are destroyed before DB connection is closed. When using reslists, |
| prevent segfaults when child processes exit, and stop memory leakage |
| of ap_dbd_t structures. Avoid use of global s->process->pool, which |
| isn't destroyed by exiting child processes in most multi-process MPMs. |
| PR 39985. [Chris Darroch, Nick Kew] |
| |
| *) mod_dbd: Handle error conditions in dbd_construct() properly. |
| Simplify ap_dbd_open() and use correct arguments to apr_dbd_error() |
| when non-threaded. Register correct cleanup data in non-threaded |
| ap_dbd_acquire() and ap_dbd_cacquire(). Clean up configuration data |
| and merge function. Use ap_log_error() wherever possible. |
| [Chris Darroch, Nick Kew] |
| |
| *) mod_dbd: Stash DBD connections in request_config of initial request |
| only, or else sub-requests and internal redirections may cause |
| entire DBD pool to be stashed in a single HTTP request. [Chris Darroch] |
| |
| *) main core: Emit errors during the initial apr_app_initialize() |
| or apr_pool_create() (when apr-based error reporting is not ready). |
| [William Rowe, Jeff Trawick] |
| |
| *) log core: fix the new piped logger case where we couldn't connect |
| the replacement stderr logger's stderr to the NULL stdout stream. |
| Continue in this case, since the previous alternative of no error |
| logging at all (/dev/null) is far worse. [William Rowe] |
| |
| *) mpm_winnt: Prevent the parent-child pipe from leaking into other |
| spawned processes, and ensure we have a /Device/null handle for |
| stdout when running as-a-service. [William Rowe] |
| |
| *) mod_ldap: Avoid possible crashes, hangs, and busy loops due to |
| improper merging of the cache lock in vhost config |
| PR 43164 [Eric Covener] |
| |
| *) ApacheMonitor: Fix Windows Vista detection. [Mladen Turk] |
| |
| *) mod_deflate: fix protocol handling in deflate input filter |
| PR 23287 [Nick Kew] |
| |
| *) mime.types: add Registered Javascript/ECMAScript MIME types (RFC4329) |
| PR 40299 [Dave Hodder <dmh dmh.org.uk>] |
| |
| *) mod_filter: fix integer comparisons in dispatch rules |
| PR 41835 [Nick Kew] |
| |
| *) mod_filter: fix merging of ! and = in FilterChain |
| PR 42186 [Issac Goldstand <margol beamartyr.net>] |
| |
| *) mod_deflate: don't try to process metadata buckets as data. what should |
| have been a 413 error was logged as a 500 and a blank screen appeared |
| at the browser. |
| [Greg Ames, Ruediger Pluem] |
| |
| *) mod_cgi, mod_cgid: Fix use of CGI scripts as ErrorDocuments. |
| PR 39710. [Paul Querna, Ruediger Pluem] |
| |
| *) mod_proxy: Allow to use different values for sessionid |
| in url encoded id and cookies. PR 41897. [Jean-Frederic Clere] |
| |
| *) mod_proxy: Fix the 503 returned when session route does |
| not match any of the balancer members. [Mladen Turk] |
| |
| *) mod_proxy: Added ProxyPassMatch directive, which is similar |
| to ProxyPass but takes a regex local path prefix. [Jim Jagielski] |
| |
| *) mod_cache: Do not set Date or Expires when they are missing from |
| the original response or are invalid. [Justin Erenkrantz] |
| |
| *) mod_cache: Correctly handle HEAD requests on expired cache content. |
| PR 41230. [Niklas Edmundsson <nikke acc.umu.se>] |
| |
| *) mod_cache: Let Cache-Control max-age set the expiration of the cached |
| representation if Expires is not set. [Justin Erenkrantz] |
| |
| *) mod_cache: Allow caching of requests with query arguments when |
| Cache-Control max-age is explicitly specified. [Justin Erenkrantz] |
| |
| *) mod_disk_cache: Allow Vary'd responses to be refreshed properly. |
| [Justin Erenkrantz] |
| |
| *) mod_proxy: Print the correct error message for erroneous configured |
| ProxyPass directives. PR 40439. [Takashi Sato <serai lans-tv.com>] |
| |
| *) mod_so: Provide more helpful LoadModule feedback when an error occurs. |
| [William Rowe] |
| |
| *) mod_alias: Accept path components (URL part) in Redirects. PR 35314. |
| [Nick Kew] |
| |
| *) mod_headers: Allow % at the end of a Header value. PR 36609. |
| [Nick Kew, Ruediger Pluem] |
| |
| *) mod_cache: Use the same cache key throughout the whole request processing |
| to handle escaped URLs correctly. PR 41475. [Ruediger Pluem] |
| |
| *) mod_cache: Add CacheIgnoreQueryString directive. PR 41484. |
| [Fredrik Widlund <fredrik.widlund qbrick.com>] |
| |
| *) mod_cache: While serving a cached entity ensure that filters that have |
| been applied to this cached entity before saving it to the cache are not |
| applied again. PR 40090. [Ruediger Pluem] |
| |
| *) mod_cache: Correctly cache objects whose URL query string has been |
| modified by mod_rewrite. PR 40805. [Ruediger Pluem] |
| |
| *) HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses alone. Only |
| processing of error responses (4xx, 5xx) will be altered. PR 39245. |
| [Jeff Trawick, Bart van der Schans <schans hippo.nl>] |
| |
| *) htdbm: Enable crypt support on platforms with crypt() but not |
| <crypt.h>, such as z/OS. [David Jones <oscaremma gmail.com>] |
| |
| *) mod_ssl: initialize thread locks before initializing the hardware |
| acceleration library, so the latter can make use of the former. |
| PR 20951. [<adunn at ncipher.com>] |
| |
| *) ab.c: Correct behavior of HTTP request headers sent by ab |
| in presence of -H command-line overrides. PR 31268, 26554. |
| [Arvind Srinivasan <arvind.srinivasan sun.com>] |
| |
| *) ab.c: The apr_port_t type is unsigned, but ab was using a |
| signed format code in its reports. PR 42070. |
| [Takashi Sato <serai lans-tv.com>] |
| |
| *) mod_ldap: Remove the hardcoded size limit parameter for |
| ldap_search_ext_s and replace it with an APR_ defined |
| value that is set according to the LDAP SDK being used. |
| [David Jones <oscaremma gmail com>] |
| |
| *) core: Correct a regression since 2.0.x in the handling of AllowOverride |
| Options. PR 41829. [Torsten Förtsch <torsten.foertsch gmx.net>] |
| |
| *) mod_proxy_http: Handle request bodies larger than 2 GB by converting |
| the Content-Length header of the request correctly. PR 40883. |
| [Ruediger Pluem, toadie <toadie643 gmail.com>] |
| |
| *) mod_proxy: Fix some proxy setting inheritance problems (eg: |
| ProxyTimeout). PR 11540. [Stuart Children <stuart terminus.co.uk>] |
| |
| *) Unix MPMs: Catch SIGFPE so that exception hooks and CoreDumpDirectory |
| can work after that terminating signal. |
| [Eric Covener] |
| |
| *) Win32: Makefile.win will now build with MS VC 8 (Visual Studio 2005) |
| including embedding the .manifest information into each binary. |
| [William Rowe] |
| |
| There was no Apache 2.2.5 |
| |
| Changes with Apache 2.2.4 |
| |
| *) mod_isapi: Correctly present SERVER_PORT_SECURE. |
| PR: 40573. [Matt Eaton <asf divinehawk.com>] |
| |
| *) Allow htcacheclean, httxt2dbm, and fcgistarter to link apr/apr-util |
| statically like the older support programs. |
| [Eric Covener <covener gmail.com>] |
| |
| *) core: Fix NONBLOCK status of listening sockets on restart/graceful |
| PR 37680. [Darius Davis <darius-abz free-range.com.au>] |
| |
| *) mod_deflate: Rework inflate output and deflate output filter to fix several |
| issues: Incorrect handling of flush buckets, potential memory leaks, |
| excessive memory usage in inflate output filter for large compressed |
| content. PR 39854. [Ruediger Pluem, Nick Kew, Justin Erenkrantz] |
| |
| *) mod_mem_cache: Memory leak fix: Unconditionally free the buffer. |
| [Davi Arnaut <davi haxent.com.br>] |
| |
| *) Allow mod_dumpio to log at other than DEBUG levels via |
| the new DumpIOLogLevel directive. [Jim Jagielski] |
| |
| *) rotatelogs: Improve error message for open failures. PR 39487. |
| [Joe Orton] |
| |
| *) mod_dbd: share per-request database handles across subrequests |
| and internal redirects [Chris Darroch] |
| |
| *) mod_dbd: key connection pools to virtual hosts correctly even when |
| ServerName is unset/unavailable [Graham Leggett] |
| |
| *) Better detection and clean up of ldap connection that has been |
| terminated by the ldap server. PR 40878. |
| [Rob Baily <rbaily servicebench com>] |
| |
| *) mod_mem_cache: Convert mod_mem_cache to use APR memory pool functions |
| by creating a root pool for object persistence across requests. This |
| also eliminates the need for custom serialization code. |
| [Davi Arnaut <davi haxent.com.br>] |
| |
| *) mod_authnz_ldap: Add an AuthLDAPRemoteUserAttribute directive. If |
| set, REMOTE_USER will be set to this attribute, rather than the |
| username supplied by the user. Useful for example when you want users |
| to log in using an email address, but need to supply a userid instead |
| to the backend. [Graham Leggett] |
| |
| *) mod_cgi and mod_cgid: Don't use apr_status_t error return |
| from input filters as HTTP return value from the handler. |
| PR 31759. [Nick Kew] |
| |
| *) mod_cache: Eliminate a bogus error in the log when a filter returns |
| AP_FILTER_ERROR. [Niklas Edmundsson <nikke acc.umu.se>] |
| |
| *) core: Fix issue which could cause piped loggers to be orphaned and never |
| terminate after a graceful restart. PR 40651. [Joe Orton, Ruediger Pluem] |
| |
| *) core: Fix address-in-use startup failure caused by corruption of the list |
| of listen sockets in some configurations with multiple generic Listen |
| directives. [Jeff Trawick] |
| |
| *) mod_headers: Support regexp-based editing of HTTP headers. [Nick Kew] |
| |
| *) mod_proxy: Add explicit flushing feature. When Servlet container sends AJP |
| body message with size 0, this means that Servlet container has asked for |
| an explicit flush. Create flush bucket in that case. This feature has been |
| added to the recent Tomcat versions without breaking the AJP protocol. |
| [Mladen Turk] |
| |
| *) mod_proxy_balancer: Set the new environment variable BALANCER_ROUTE_CHANGED |
| if a worker with a route different from the one supplied by the client |
| had been chosen or if the client supplied no routing information for |
| a balancer with sticky sessions. [Ruediger Pluem] |
| |
| *) mod_proxy_balancer: Add information about the route, the sticky session |
| and the worker used during a request as environment variables. PR 39806. |
| [Brian <brectanu gmail.com>] |
| |
| *) mod_proxy: Don't try to use dead backend connection. PR 37770. |
| [Olivier BOEL <ob dorrboel.com>] |
| |
| *) mod_proxy_balancer: Extract stickysession routing information contained as |
| parameter in the URL correctly. PR 40400. |
| [Ruediger Pluem, Tomokazu Harada <harada sysrdc.ns-sol.co.jp>] |
| |
| *) mod_proxy_ajp: Added cping/cpong support for the AJP protocol. |
| A new worker directive ping=timeout will cause CPING packet |
| to be send expecting CPONG packet within defined timeout. |
| In case the backend is too busy this will fail instead |
| sending the full header. [Mladen Turk] |
| |
| *) mod_disk_cache: Make sure that only positive integers are accepted |
| for the CacheMaxFileSize and CacheMinFileSize parameters in the |
| config file. PR39380. [Niklas Edmundsson <nikke acc.umu.se>] |
| |
| *) mod_cache: From RFC3986 (section 6.2.3.) if a URI contains an |
| authority component and an empty path, the empty path is to be equivalent |
| to "/". It explicitly cites the following four URIs as equivalents: |
| http://example.com |
| http://example.com/ |
| http://example.com:/ |
| http://example.com:80/ |
| [Davi Arnaut <davi haxent.com.br>] |
| |
| *) mod_cache: Don't cache requests with a expires date in the past; |
| otherwise mod_cache will always try to cache the URL. This bug |
| might lead to numerous rename() errors on win32 if the URL was |
| previously cached. [Davi Arnaut <davi haxent.com.br>] |
| |
| *) core: Deal with the widespread use of apr_status_t return values |
| as HTTP status codes, as documented in PR#31759 (a bug shared by |
| the default handler, mod_cgi, mod_cgid, mod_proxy, and probably |
| others). PR31759. [Jeff Trawick, Ruediger Pluem, Joe Orton] |
| |
| *) mod_ext_filter: Handle filter names which include capital letters. |
| PR 40323. [Jeff Trawick] |
| |
| *) mod_isapi: Avoid double trailing slashes in HSE_REQ_MAP_URL_TO_PATH |
| support. Also corrects the slashes for Windows. |
| PR 15993. [William Rowe] |
| |
| *) mod_isapi: Handle "HTTP/1.1 200 OK" style status lines correctly, the |
| token parser worked while the resulting length was misinterpreted. |
| PR 29098. [Brock Bland <bbland serena.com>] |
| |
| *) mod_isapi: Return 0 (failure) for more of the various ap_pass_brigade |
| attempts to stream the response at the client. Log these as well. |
| PR 30022, 40470. [William Rowe, Matt Eaton <asf divinehawk.com>] |
| |
| *) mod_isapi: Ensure we walk through all the methods the developer may have |
| employed to report their HTTP status result code. |
| PR 16637 30033 28089. [Matt Lewandowsky <matt iamcode.net>, William Rowe] |
| |
| *) mod_echo: Fix precedence problem in if statement. PR 40658. |
| [Larry Cipriani <lvc lucent.com>] |
| |
| *) mod_mime_magic: Fix precedence problem in if statement. PR 40656. |
| [Larry Cipriani <lvc lucent.com>] |
| |
| *) The full server version information is now included in the error log at |
| startup as well as server status reports, irrespective of the setting |
| of the ServerTokens directive. ap_get_server_version() is now deprecated, |
| and is replaced by ap_get_server_banner() and ap_get_server_description(). |
| [Jeff Trawick] |
| |
| *) mod_proxy_balancer: Workers can now be defined as part of |
| a balancer cluster "set" in which members of a lower-numbered set |
| are preferred over higher numbered ones. [Jim Jagielski] |
| |
| *) mod_proxy_balancer: Workers can now be defined as "hot standby" which |
| will only be used if all other workers are unusable (eg: in |
| error or disabled). Also, the balancer-manager displays the election |
| count and I/O counts of all workers. [Jim Jagielski] |
| |
| *) mod_proxy_ajp: Close connection to backend if reading of request body |
| fails. PR 40310. [Ian Abel <ianabel mxtelecom.com>] |
| |
| *) mod_proxy_balancer: Retry worker chosen by route / redirect worker if |
| it is in error state before sending "Service Temporarily Unavailable". |
| PR 38962. [Christian Boitel <cboitel lfdj.com>] |
| |
| Changes with Apache 2.2.3 |
| |
| *) SECURITY: CVE-2006-3747 (cve.mitre.org) |
| mod_rewrite: Fix an off-by-one security problem in the ldap scheme |
| handling. For some RewriteRules this could lead to a pointer being |
| written out of bounds. Reported by Mark Dowd of McAfee. |
| [Mark Cox] |
| |
| *) Win32: Minor fixes to build more cleanly under Visual Studio 2005 |
| with command line builds. [William Rowe] |
| |
| *) mod_authn_alias: Add a check to make sure that the base provider and the |
| alias names are different and also that the alias has not been registered |
| before. PR 40051. [Brad Nicholes] |
| |
| *) mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP |
| client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529. |
| [Ray Price <dohrayme yahoo.com>, Josh Fenlason <jfenlason ptc.com>] |
| |
| *) mod_cache: Do not overwrite the Content-Type in the cache, for |
| successfully revalidated cached objects. PR 39647. [Ruediger Pluem] |
| |
| *) mod_speling: Add directive to deal with case corrections only |
| and ignore other misspellings [Olivier Thereaux <ot w3.org>] |
| |
| *) mod_dbd: Fix dependence on virtualhost configuration in |
| defining prepared statements (possible segfault at startup |
| in user modules such as mod_authn_dbd). [Nick Kew] |
| |
| *) Add optional 'scheme://' prefix to ServerName directive, |
| allowing correct determination of the canonical server URL |
| for use behind a proxy or offload device handling SSL; fixing |
| redirect generation in those cases. PR 33398. [Sander Temme] |
| |
| *) Added server_scheme field to server_rec for above. Minor MMN bump. |
| [Sander Temme] |
| |
| *) mod_cache: Make caching of reverse SSL proxies possible again. PR 39593. |
| [Ruediger Pluem, Joe Orton] |
| |
| *) Worker MPM: On graceless shutdown or restart, send signals to |
| each worker thread to wake them up if they're polling on a |
| Keep-Alive connection. PR 38737. [Chris Darroch] |
| |
| *) worker and event MPMs: fix excessive forking if fork() or child_init |
| take a long time. PR 39275. |
| [Greg Ames, Jeff Trawick, Chris Darroch <chrisd pearsoncmg.com> ] |
| |
| *) configure: Add "--with-included-apr" flag to force use of the |
| bundled version of APR at build time. [Joe Orton] |
| |
| *) Respect GracefulShutdownTimeout in the worker and event MPMs. |
| [Chris Darroch, Garrett Rooney] |
| |
| *) mod_mem_cache: Set content type correctly when delivering data from |
| cache. PR 39266. [Ruediger Pluem] |
| |
| *) mod_autoindex: Fix filename escaping with FancyIndexing disabled. |
| PR 38910. [Robby Griffin <rmg terc.edu>] |
| |
| *) mod_charset_lite: Bypass translation when the source and dest charsets |
| are the same. [Jeff Trawick] |
| |
| Changes with Apache 2.2.2 |
| |
| *) mod_deflate: work correctly in an internal redirect |
| [Brian J. France <list firehawksystems com>] |
| |
| *) mod_proxy_balancer: Initialize members of a balancer correctly. |
| PR 38227. [James A. Robinson <jim.robinson stanford.edu>] |
| |
| *) mod_proxy: Do not release connections from connection pool twice. |
| PR 38793. [Ruediger Pluem, matthias <mk-asf gigacodes.de>] |
| |
| *) core: Prevent reading uninitialized memory while reading a line of |
| protocol input. PR 39282. [Davi Arnaut <davi haxent com br>] |
| |
| *) mod_dbd: Update defaults, improve error reporting. |
| [Chris Darroch <chrisd pearsoncmg com>, Nick Kew] |
| |
| *) mod_dbd: Create own pool and mutex to avoid problem use of |
| process pool in request processing. |
| [Chris Darroch <chrisd pearsoncmg com>] |
| |
| *) HTML-escape the Expect error message. Not classed as security as |
| an attacker has no way to influence the Expect header a victim will |
| send to a target site. Reported by Thiago Zaninotti |
| <thiango nstalker.com>. [Mark Cox] |
| |
| *) htdbm: Fix crash processing -d option in 64-bit mode on HP-UX. |
| [Jeff Trawick] |
| |
| *) htdbm: Warn the user when adding a plaintext password on a platform |
| where it wouldn't work with the server (i.e., anywhere that has |
| crypt()). [Jeff Trawick] |
| |
| *) mod_proxy: don't reuse a connection that may be to the wrong backend |
| PR 39253 [Ruediger Pluem] |
| |
| *) Default handler: Don't return output filter apr_status_t values. |
| PR 31759. [Jeff Trawick, Ruediger Pluem, Joe Orton] |
| |
| Changes with Apache 2.2.1 |
| |
| *) SECURITY: CVE-2005-3357 (cve.mitre.org) |
| mod_ssl: Fix a possible crash during access control checks if a |
| non-SSL request is processed for an SSL vhost (such as the |
| "HTTP request received on SSL port" error message when an 400 |
| ErrorDocument is configured, or if using "SSLEngine optional"). |
| PR 37791. [Rüdiger Plüm, Joe Orton] |
| |
| *) SECURITY: CVE-2005-3352 (cve.mitre.org) |
| mod_imagemap: Escape untrusted referer header before outputting |
| in HTML to avoid potential cross-site scripting. Change also |
| made to ap_escape_html so we escape quotes. Reported by JPCERT. |
| [Mark Cox] |
| |
| *) mod_proxy_ajp: Flushing of the output after each AJP chunk is now |
| configurable at runtime via the 'flushpackets' and 'flushwait' worker |
| params. Minor MMN bump. [Jim Jagielski] |
| |
| *) mod_proxy: Fix incorrect usage of local and shared worker init. |
| PR 38403. [Jim Jagielski] |
| |
| *) mod_isapi: Fix compiler errors on Unix platforms. |
| [William Rowe] |
| |
| *) mod_proxy_http: Do send keep-alive header if the client sent |
| connection: keep-alive and do not close backend connection if the client |
| sent connection: close. PR 38524. [Ruediger Pluem, Joe Orton] |
| |
| *) mod_disk_cache: Return the correct error codes from bucket read |
| failures, instead of APR_EGENERAL. |
| [Brian Akins <brian.akins turner.com>] |
| |
| *) Add APR/APR-Util Compiled and Runtime Version numbers to the |
| output of 'httpd -V'. [William Rowe] |
| |
| *) http: If a connection is aborted while waiting for a chunked line, |
| flag the connection as errored out. [Justin Erenkrantz] |
| |
| *) core: Reject invalid Expect header immediately. PR 38123. |
| [Ruediger Pluem] |
| |
| *) Fix mis-shifted 32 bit scope, masked to 64 bits as a method. |
| [Will Rowe, Joe Orton] |
| |
| *) mod_proxy: Fix KeepAlives not being allowed and set to |
| backend servers. PR 38602. [Ruediger Pluem, Jim Jagielski] |
| |
| *) Fix instdso.sh "sed syntax error" installation issue on some |
| platforms. PR 38108. [Masaoki Kobayashi <masaoki techfirm.co.jp>] |
| |
| *) mod_ssl: Fix possible crashes in shmcb with gcc 4 on platforms |
| requiring word-aligned pointers. PR 38838. [Joe Orton] |
| |
| *) mod_proxy: If we get an error reading the upstream response, |
| close the connection. [Justin Erenkrantz, Roy T. Fielding, |
| Jim Jagielski, Ruediger Pluem] |
| |
| *) mod_proxy_ajp: Support common headers of the AJP protocol in responses. |
| PR 38340. [Aleksey Pesternikov <apesternikov yahoo.com>] |
| |
| *) mod_proxy_balancer: Do not overwrite the status of initialized workers and |
| respect the configured status of uninitilized workers when creating a new |
| child process. [Ruediger Pluem] |
| |
| *) mod_proxy_ajp: Crosscheck the length of the body chunk with the length of |
| the ajp message to prevent mod_proxy_ajp from reading beyond the buffer |
| boundaries and thus revealing possibly sensitive memory contents to the |
| client. [Ruediger Pluem] |
| |
| *) Ensure that the proper status line is written to the client, fixing |
| incorrect status lines caused by filters which modify r->status without |
| resetting r->status_line, such as the built-in byterange filter. |
| [Jeff Trawick] |
| |
| *) mod_speling: Stop crashing with certain non-file requests. [Jeff Trawick] |
| |
| *) mod_cache: Make caching of reverse proxies possible again. PR 38017. |
| [Ruediger Pluem] |
| |
| *) Modify apr[util] .h detection to avoid breakage on VPATH builds |
| using Solaris make (amoung others) and avoid breakage in ./buildconf |
| when srclib/apr[-util] are symlinks rather than directories proper. |
| [William Rowe] |
| |
| *) Avoid Server-driven negotiation when a script has emitted an |
| explicit Status: header. PR 38070. [Nick Kew] |
| |
| *) Fix to avoid feeding C99 to C++ compilers. [Joe Orton] |
| |
| *) Chunk filter: Fix chunk filter to create correct chunks in the case that |
| a flush bucket is surrounded by data buckets. [Ruediger Pluem] |
| |
| *) Fix syntax error in httpd.h with strict compilers. PR 37840. |
| [Per Olausson <pao darkheim.freeserve.co.uk>] |
| |
| *) Fix recursive ErrorDocument handling. PR 36090. |
| [Chris Darroch <chrisd pearsoncmg.com>] |
| |
| *) Don't hang on error return from post_read_request. PR 37790. |
| [Nick Kew] |
| |
| *) Fix off-by-one error in proxy_balancer. PR 37753. |
| [Kazuhiro Osawa <ko yappo ne jp>] |
| |
| Changes with Apache 2.2.0 |
| |
| *) mod_negotiation: Minor performance tweak by reusing already calculated |
| strlen. |
| [Ruediger Pluem, Christophe Jaillet <christophe.jaillet wanadoo.fr>] |
| |
| *) Remove support for 'On' and 'Off' for AuthBasicProvider and |
| AuthDigestProvider. [Joshua Slive, Justin Erenkrantz] |
| |
| *) Add in new UseCanonicalPhysicalPort directive, which controls |
| whether or not Apache will ever use the actual physical port |
| when constructing the canonical port number. [Jim Jagielski] |
| |
| *) mod_dav: Fix a null pointer dereference in an error code path during the |
| handling of MKCOL. |
| [Ruediger Pluem, Ghassan Misherghi <ghassanm ucdavis.edu>] |
| |
| *) mod_proxy_balancer: When finding best worker, use case insensitive |
| match for scheme and host, but case sensitive for the rest of |
| the path. [Jim Jagielski, Ruediger Pluem] |
| |
| *) Require use of APR >= 1.2.0 and APR-util >= 1.2.0 when configured |
| to use external copies of the libraries. [Joe Orton] |
| |
| *) Fix DESTDIR=... installation when using bundled copy of APR. |
| [Torsten Foertsch <torsten.foertsch gmx.net>] |
| |
| *) mod_dav: Fix handling of unknown state tokens in If: headers. |
| PR: 37288. [Joe Orton] |
| |
| *) Strip out Experimental MPMs that have gone nowhere since 2.0 |
| (perchild, threadpool, leader). [Nick Kew] |
| |
| Changes with Apache 2.1.9 |
| |
| *) Add mod_authn_dbd (SQL-based authentication) [Nick Kew] |
| |
| *) mod_proxy_ajp: Do not spool the entire response from AJP backend before |
| sending it up the filter chain. PR 37100. [Ruediger Pluem] |
| |
| *) mod_cache: Create new filters CACHE_OUT_SUBREQ / CACHE_SAVE_SUBREQ which |
| only differ by the type from CACHE_OUT / CACHE_SAVE to ensure that |
| subrequests to non-local resources work again. [Ruediger Pluem] |
| |
| *) mod_proxy: Do not lowercase the entire worker name of a BalancerMember |
| since this breaks case sensitive URI's. PR 36906. [Ruediger Pluem] |
| |
| *) core: AddOutputFilterByType is ignored for proxied requests. PR 31226. |
| [Joe Orton, Ruediger Pluem] |
| |
| *) mod_proxy_http: Prevent data corruption of POST request bodies when |
| client accesses proxied resources with SSL. PR 37145. |
| [Ruediger Pluem, William Rowe] |
| |
| *) mod_ssl: Fix issue which could cause spurious warnings about use |
| of name-based vhosts. PR 37051. [Joe Orton] |
| |
| *) ab: Fix to ensure that only the expected number of requests are run. |
| PR 36966. [Joe Orton] |
| |
| *) mod_proxy_balancer: BalancerManager and proxies correctly handle |
| member workers with paths. PR 36816. [Ruediger Pluem, Jim Jagielski] |
| |
| *) mod_log_config: %{hextid}P will log the thread id in hex with APR |
| versions 1.2.0 or higher. [Jeff Trawick] |
| |
| *) httpd.exe/apachectl -V: display the DYNAMIC_MODULE_LIMIT setting, as |
| in 1.3. [Jeff Trawick] |
| |
| *) Support dbd connection tied to conn_rec in mod_dbd. [Nick Kew] |
| |
| *) Fix use of pools in mod_dbd. [Brian J France, Nick Kew] |
| |
| *) Promote modules from "experimental": mod_dbd, mod_filter, |
| mod_charset_lite. [Nick Kew] |
| |
| *) mod_proxy_ajp: mod_proxy_ajp sends empty SSL attributes for non SSL |
| connections. PR 36883. |
| [William Barker <william.barker wilshire.com>, Ruediger Pluem] |
| |
| *) Eliminated the NET_TIME filter, restructuring the timeout logic. |
| This provides a working mod_echo on all platforms, and ensures any |
| custom protocol module is at least given an initial timeout value |
| based on the <VirtualHost > context's Timeout directive. |
| [William Rowe] |
| |
| *) mod_proxy: Run the request_status hook also if there are no free workers |
| or all workers are in error state. |
| [Ruediger Pluem, Brian Akins <brian.akins turner.com>] |
| |
| *) mod_proxy_connect: Fix high CPU loop on systems like UnixWare which |
| trigger POLL_ERR or POLL_HUP on a terminated connection. PR 36951. |
| [Jeff Trawick, Ruediger Pluem] |
| |
| *) mod_proxy_balancer: Fix handling of sticky sessions with Tomcat. |
| PR 36507. [Ruediger Pluem] |
| |
| *) SECURITY: CVE-2005-2970 (cve.mitre.org) |
| worker MPM: Fix a memory leak which can occur after an aborted |
| connection in some limited circumstances. [Greg Ames] |
| |
| *) Doxygen fixups. [Neale Ranns <neale ranns.org>, Ian Holsman] |
| |
| *) mod_cache/mod_dir: Correct a subrequest lookup bug which was preventing |
| mod_dir from serving indexes correctly with mod_cache enabled. |
| [Colm MacCarthaigh] |
| |
| Changes with Apache 2.1.8 |
| |
| *) Fix lingering close implementation to match 1.3.x behaviour. |
| PR 35292. [Joe Orton] |
| |
| *) mod_ssl: Support limited buffering of request bodies to allow |
| per-location renegotiation to proceed. PR 12355. [Joe Orton] |
| |
| *) Fix regression since 2.0.x in AllowOverride Options handling. |
| PR 35330. [kabe <kabe sra-tohoku.co.jp>] |
| |
| *) mod_ssl: Fix memory leak in ssl_util_algotypeof(). |
| PR 25659. [David Blake <dblake hp com>, Martin Kraemer] |
| |
| *) prefork, worker and event MPMs: Support a graceful-stop procedure: |
| Server will wait until existing requests are finished or until |
| "GracefulShutdownTimeout" number of seconds before exiting. |
| [Colm MacCarthaigh, Ken Coar, Bill Stoddard] |
| |
| *) prefork, worker and event MPMs: Prevent children from holding open |
| listening ports upon graceful restart or stop. PR 28167. |
| [Colm MacCarthaigh, Brian Pinkerton <bp thinkpink.com>] |
| |
| *) SECURITY: CVE-2005-2700 (cve.mitre.org) |
| mod_ssl: Fix a security issue where "SSLVerifyClient" was not |
| enforced in per-location context if "SSLVerifyClient optional" |
| was configured in the vhost configuration. [Joe Orton] |
| |
| *) mod_ssl: Catch parse errors from misconfigured or malformed |
| CRLs. PR 36438. [Joe Orton] |
| |
| *) mod_proxy/mod_proxy_balancer: lbmethods now implemented as |
| providers. Prevent problems when no Vhost containers were |
| configured with proxy balancers. [Jim Jagielski] |
| |
| *) New provider function to list all available provider names in a |
| specific group and version (ap_list_provider_names). [Jim Jagielski] |
| |
| *) mod_cache: Enhance CacheEnable/CacheDisable to control caching on a |
| per-protocol, per-host and per-path basis. Intended for proxy |
| configurations. [Colm MacCarthaigh] |
| |
| *) mod_disk_cache: Canonicalise the storage key, for improved hit/miss |
| ratio. [Colm MacCarthaigh] |
| |
| *) mod_cgid: Append .PID to the script socket filename and remove the |
| script socket on exit. [Colm MacCarthaigh, Jim Jagielski] |
| |
| *) mod_cgid: run the get_suexec_identity hook within the request-handler |
| instead of within cgid. PR 36410. [Colm MacCarthaigh] |
| |
| *) Linux 2.0: remove support for threaded MPM's due to linuxthreads use |
| of SIGUSR1 clashing with graceful restart signal. [Colm MacCarthaigh] |
| |
| Changes with Apache 2.1.7 |
| |
| *) SECURITY: CVE-2005-2491 (cve.mitre.org): |
| Fix integer overflows in PCRE in quantifier parsing which could |
| be triggered by a local user through use of a carefully-crafted |
| regex in an .htaccess file. [Philip Hazel] |
| |
| *) mod_proxy/mod_proxy_balancer: Provide a simple, functional |
| interface to add additional balancer lb selection methods |
| without requiring code changes to mod_proxy/mod_proxy_balancer; |
| these can be implemented via sub-modules now. [Jim Jagielski] |
| |
| *) mod_cache: Fix incorrectly served 304 responses when expired cache |
| entity is valid, but cache is unwritable and headers cannot be |
| updated. [Colm MacCarthaigh <colm stdlib.net>] |
| |
| *) mod_cache: Remove entities from the cache when re-validation |
| receives a 404 or other content-no-longer-present error. |
| [Rüdiger Plüm ruediger.pluem vodafone.com] |
| |
| *) mod_disk_cache: Properly remove files from cache when needed. |
| [Rüdiger Plüm ruediger.pluem vodafone.com] |
| |
| *) mod_disk_cache: Support htcacheclean removing directories. |
| [Andreas Steinmetz] |
| |
| *) htcacheclean: Add -t option to remove empty directories. |
| [Colm MacCarthaigh <colm stdlib.net>] |
| |
| *) Remove the base href tag from mod_proxy_ftp, as it breaks relative |
| links for clients not using an Authorization header. [Graham Leggett, |
| Jon Snow <jsnow27 gatesec.net>] |
| |
| *) mod_cache: Restore the HTTP status of cached responses. |
| [Hansjoerg Pehofer <hansjoerg.pehofer uibk.ac.at>] |
| |
| *) mod_cache: Store varied contents all in the same prefix for a varied URI. |
| [Paul Querna] |
| |
| *) mod_cache: Run the CACHE_SAVE and CACHE_OUT Filters after other content |
| filters. [Paul Querna] |
| |
| *) mod_negotiation: Correctly report 404 instead of 403 for missing files. |
| [Paul Querna] |
| |
| *) new hook (request_status) that gets ran in proxy_handler just before |
| the final return. This gives modules an opportunity to do something |
| based on the proxy status. (minor MMN bump) |
| [Brian Akins <bakins turner.com>, Ian Holsman] |
| |
| *) Add additional SSLSessionCache option, 'nonenotnull', which is |
| similar to 'none' (disabling any external shared cache) but forces |
| OpenSSL to provide a non-null session ID. [Jim Jagielski] |
| |
| *) Add httxt2dbm to support/ for creating RewriteMap DBM Files. |
| [Paul Querna] |
| |
| *) Add SSL_COMPRESS_METHOD variable (included in +StdEnvVars) to note |
| the negotiated compression. [Georg v. Zezschwitz <gvz 2scale.de>] |
| |
| *) Fixed complaints about unpackaged files within the RPM build |
| after changes to the config files. [Graham Leggett] |
| |
| *) Fix shutdown for the Worker MPM when an Accept Filter is used. Instead of |
| just closing the socket, a HTTP request is made, to make sure the child is |
| always awakened. [Paul Querna] |
| |
| Changes with Apache 2.1.6 |
| |
| *) Fix htdbm password validation for records which included comments. |
| [Eric Covener <covener gmail.com>] |
| |
| *) mod_cgid: Fix buffer overflow processing ScriptSock directive. |
| [Steve Kemp <steve steve.org.uk>] |
| |
| Changes with Apache 2.1.5 |
| |
| *) mod_ssl: Setting the Protocol to 'https' can replace the use of the |
| 'SSLEngine on' command. [Paul Querna] |
| |
| *) core: Refactor the mapping of Accept Filters to Sockets. Add the |
| AcceptFilter and Protocol directives to aid in mapping filter types. |
| Extend the Listen directive to optionally take a protocol name. |
| [Paul Querna] |
| |
| *) mod_disk_cache: Support storing multiple variations of one URL. PR 35211. |
| [Paul Querna] |
| |
| *) mod_disk_cache: Atomically create the header data file. [Paul Querna] |
| |
| *) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125. |
| [Paul Querna] |
| |
| *) mod_cache: Rename 'generate_name' to 'ap_cache_generate_name'. |
| [Paul Querna] |
| |
| *) mod_mime_magic: Handle CRLF-format magic files so that it works with |
| the default installation on Windows. [Jeff Trawick] |
| |
| *) core: Allow multiple modules to register interest in a single |
| configuration command. [Paul Querna] |
| |
| *) authn_provider_alias: Adds the configuration block tag |
| <AuthnProviderAlias baseProvider Alias> |
| Authentication directives contained within this block can be |
| referenced as a new authProvider using the AuthBasicProvider or |
| AuthDigestProvider directive. These directives will be merged in to |
| the per_dir configuration just before the base provider is called. |
| [Brad Nicholes] |
| |
| *) ap_getword_conf: Fix backslashes at the end of configuration directives. |
| PR 34834. [Timo Viipuri <viipuri dlc.fi>] |
| |
| *) mod_dbd: New additions: mod_dbd.c, mod_dbd.h, mod_dbd.xml |
| Provide module hooks for apr_dbd; optimise for httpd |
| threaded and non-threaded arch [Nick Kew] |
| |
| *) ab: SSL support rewritten, improved, and enabled if SSL is enabled |
| during the build; -f and -Z arguments added to specify SSL protocol |
| options. [Masaoki Kobayashi <masaoki techfirm.co.jp>] |
| |
| *) mod_info: Show the Quick Handler [Paul Querna] |
| |
| *) mod_ldap: Add the directive LDAPVerifyServerCert to specify |
| whether to force verification of the server certificate when |
| establishing an SSL connection to the LDAP server. |
| [Brad Nicholes] |
| |
| *) mod_proxy: Run mod_rewrite before mod_proxy in the translate_name |
| hook. [Paul Querna] |
| |
| *) Add AP_INIT_TAKE_ARGV for configuration commands. (minor MMN bump) |
| [Paul Querna] |
| |
| *) ap_get_local_host() rewritten for APR. [Jim Jagielski] |
| |
| *) Add the ap_vhost_iterate_given_conn function to expose the information |
| used in Name Based Virtual Hosting. (minor MMN bump) |
| [Paul Querna] |
| |
| *) Remove the never working ap_method_list_do and ap_method_list_vdo. |
| [Paul Querna] |
| |
| *) Added makefile and doc for building mod_ssl on the NetWare |
| platform. [Guenter Knauf, Brad Nicholes] |
| |
| *) mod_deflate: Merge the Vary header, isntead of Setting it. Fixes |
| applications that send the Vary Header themselves, and also apply |
| mod_deflate as an output filter. [Paul Querna] |
| |
| *) Change the default (when not present in the config file) setting |
| for UseCanonicalName to Off. |
| [Joshua Slive] |
| |
| *) mod_userdir: The module no longer does any remapping unless the |
| UserDir directive is present in the config file. |
| [Joshua Slive] |
| |
| *) Massively simplify the distributed httpd.conf by removing |
| many features and many directives that are at their default |
| setting. Add a selection of example config excerpts for adding |
| extra features in the conf/extra/ directory. Install the |
| distributed config and the extra config examples in the |
| conf/original/ directory during make install. |
| [Joshua Slive, Justin Erenkrantz] |
| |
| *) NetWare: Reposition mod_asis, mod_actions, mod_cgi, mod_imagemap, |
| mod_userdir and mod_autoindex as shared modules rather than |
| built-in modules within the NetWare build. |
| [Brad Nicholes] |
| |
| *) Rename mod_imap to mod_imagemap. |
| [Paul Querna] |
| |
| *) util_ldap: Eliminate the load ordering of mod_ldap and mod_authnz_ldap |
| by changing the mod_ldap exported functions to optional functions. |
| [Brad Nicholes] |
| |
| Changes with Apache 2.1.4 |
| |
| *) Don't let a subrequest inherit headers describing the original request's |
| body. [Greg Ames] |
| |
| *) Fix Windows CompContext buff size miscalculation |
| [Allan Edwards] |
| |
| *) Add ReceiveBufferSize directive to control the TCP receive buffer. |
| [Eric Covener <covener gmail.com>] |
| |
| *) mod_proxy: Add proxy-sendextracrlf option to send an extra CRLF at the |
| end of the request body to work with really old HTTP servers. |
| [Justin Erenkrantz] |
| |
| *) util_ldap: Keep track of the number of attributes retrieved from |
| LDAP so that all the values can be properly cached even if the |
| value is NULL. PR 33901 [Brad Nicholes] |
| |
| *) mod_cache: Fix error where incoming Cache-Control would be ignored. |
| [Justin Erenkrantz] |
| |
| *) mod_cache: Correctly handle originally conditional requests. |
| [Sander Striker] |
| |
| *) mod_disk_cache: Correctly update cached headers on revalidated responses. |
| [Sander Striker, Justin Erenkrantz] |
| |
| *) worker MPM/mod_status: Support per-worker tracking of pid and |
| generation in the scoreboard so that mod_status can accurately |
| represent workers in processes which are gracefully terminating. |
| (major MMN bump) |
| [Jeff Trawick] |
| |
| *) Correctly export all mod_dav public functions. |
| [Branko Čibej <brane xbc.nu>] |
| |
| Changes with Apache 2.1.3 |
| |
| *) mod_ssl: Add ssl_ext_lookup optional function for accessing |
| certificate extensions. [David Reid, Joe Orton] |
| |
| *) Add support for use of an external PCRE library; pass the |
| --with-pcre flag to configure. PR 27550. [Joe Orton, |
| Andres Salomon <dilinger voxel.net>] |
| |
| *) Renamed regex interfaces to be namespace-safe, and moved from |
| pcreposix.h header to ap_regex.h: regex_t->ap_regex_t, |
| regmatch_t->ap_regmatch_t; REG_*->AP_REG_*; functions |
| reg*->ap_reg*. PR 27550. [Andres Salomon <dilinger voxel.net>, |
| Joe Orton] |
| |
| *) Only recompile buildmark.c when we have to relink httpd. |
| [Justin Erenkrantz] |
| |
| *) mod_cache: Fix up handling of revalidated responses. |
| [Justin Erenkrantz] |
| |
| *) mod_disk_cache: Properly load cached ETag from on-disk structures. |
| [Justin Erenkrantz] |
| |
| *) mod_authnz_ldap: Added an optional second parameter to AuthLDAPURL |
| to allow it to override the connection type set in mod_ldap. This |
| parameter can be set to NONE, SSL or TLS | STARTTLS. |
| [Brad Nicholes] |
| |
| *) Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740. |
| [Max Bowsher <maxb ukf.net>] |
| |
| *) mod_proxy: Fix ProxyRemoteMatch directive. PR 33170. |
| [Rici Lake <rici ricilake.net>] |
| |
| *) mod_proxy: Fix ap_proxy_canonenc API. |
| PR 32459. [Jim Jagielski] |
| |
| *) mod_cache: Add CacheStorePrivate and CacheStoreNoStore directive. |
| [Justin Erenkrantz] |
| |
| *) Add --enable-pie flag to configure, to build httpd as a Position |
| Independent Executable where supported (GCC/binutils). |
| [Joe Orton] |
| |
| *) proxy_balancer: Add in load-balancing via weighted traffic |
| byte count. [Jim Jagielski] |
| |
| *) mod_disk_cache: Cache r->err_headers_out headers. This allows CGI |
| scripts to be properly cached. [Justin Erenkrantz, Sander Striker] |
| |
| *) mod_ldap: Updated to use the new apr-util v1.1 apr_ldap_*_option() |
| API for the setting of server and client SSL certificates. Replaced |
| LDAPTrustedCA directive with LDAPTrustedGlobalCert and |
| LDAPTrustedClientCert directives to correctly support global certs |
| (CA certs / Netware client certs) and per connection client certs |
| as supported by Netware, OpenLDAP and Netscape/Mozilla. |
| [Graham Leggett] |
| |
| *) mod_cache: Remove unimplemented CacheForceCompletion directive. |
| [Justin Erenkrantz] |
| |
| *) support/check_forensic: Fix temp file usage |
| [Javier Fernandez-Sanguino Pen~a <jfs computer.org>] |
| |
| *) mod_ssl: Add SSLCADNRequestFile and SSLCADNRequestPath directives |
| which can be used to configure a specific list of CA names to send |
| in a client certificate request. PR 32848. |
| [Tim Taylor <tim.taylor dfas.mil>] |
| |
| *) --with-module can now take more than one module to be statically |
| linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,... |
| If the <modtype>-subdirectory doesn't exist it will be created and |
| populated with a standard Makefile.in. [Erik Abele] |
| |
| *) Remove some compiler warnings within the LDAP modules [Graham Leggett] |
| |
| *) Add a build script to create a solaris package. [Graham Leggett] |
| |
| *) ap_http_scheme() replaced with ap_http_method() - this function |
| returns the scheme (http v.s. https). |
| [William Rowe] |
| |
| *) mod_proxy: Fix a request corruption problem and a buffering problem |
| which sometimes prevented proxy-sendchunks from working. |
| [Jeff Trawick] |
| |
| *) Fix the RPM spec file so that an RPM build now works. An RPM |
| build now requires system installations of APR and APR-util. |
| [Graham Leggett] |
| |
| *) Significantly simplify the load balancer scheduling algorithm |
| for the proxy BalancerMember weighting. loadfactors (lbfactors) |
| are now normalized with respect to each other. [Jim Jagielski] |
| |
| *) mod_dumpio: Added to the available module suite; it is an |
| I/O logging/dumping module. Placed in the (new) debug module |
| subdirectory. mod_bucketeer moved to that directory as well. |
| [Jim Jagielski] |
| |
| *) core: Add support for APR_TCP_DEFER_ACCEPT to defer accepting |
| of a connection until data is available. |
| [Paul Querna] |
| |
| Changes with Apache 2.1.2 |
| |
| *) mod_proxy: Respect errors reported by pre_connection hooks. |
| [Jeff Trawick] |
| |
| *) core: Error out on sections that are missing an argument instead of |
| silently consuming the section. PR 25460. |
| [Geoffrey Young, Paul Querna] |
| |
| *) mod_cache/mod_mem_cache/mod_disk_cache: Move out of experimental. |
| |
| *) Upgraded PCRE to version 5.0. [Brian Pane] |
| |
| *) mod_cgid: Catch configuration problem where two web server instances |
| share same ServerRoot but admin forgot to use ScriptSock. |
| [Jeff Trawick] |
| |
| *) mod_cgi: Ensure that all stderr is logged for a script which returns |
| a Location header to generate a non-local redirect. PR 20111. |
| [Joe Orton] |
| |
| *) Added the Event MPM to more efficiently handle clients during a |
| Keep Alive request. |
| [Paul Querna, Greg Ames] |
| |
| Changes with Apache 2.1.1 |
| |
| *) mod_proxy_http: Stream content better - always flush buffered data to |
| the client before blocking waiting for new data. PR 19954. |
| [Joe Orton] |
| |
| *) mod_ssl: Add support for command-line option "-t -DDUMP_CERTS" which |
| will dump the filenames of all configured SSL certificates to stdout. |
| [Joe Orton] |
| |
| *) mod_disk_cache: Remove a bunch of non-implemented garbage collection |
| and cache size directives that are now available through htcacheclean. |
| [Justin Erenkrantz] |
| |
| *) Add htcacheclean to support/ for assistance with mod_disk_cache. |
| [Andreas Steinmetz] |
| |
| *) mod_authnz_ldap: Added the directive "Requires ldap-filter" that |
| allows the module to authorize a user based on a complex LDAP |
| search filter. [Brad Nicholes] |
| |
| *) mod_usertrack: Run the fixups hook before other modules. |
| PR 29755. [Paul Querna] |
| |
| *) Allow mod_authnz_ldap authorization functionality to be used |
| without requiring the user to also be authenticated through |
| mod_authnz_ldap. This allows other authentication modules to |
| take advantage of LDAP authorization only [PR 28253] |
| [Jari Ahonen jah progress.com, Brad Nicholes] |
| |
| *) Log the client IP address when an error occurs disabling nagle on a |
| connection, but log at a severity of debug since this error |
| generally means that the connection was dropped before data was |
| sent. Log the client IP address when reporting errors in the core |
| output filter. [Jeff Trawick] |
| |
| *) core: Add a warning message if the request line read fails. |
| [Paul Querna] |
| |
| *) mod_rewrite: Removed the MaxRedirects option in favor of the |
| core LimitInternalRecursion directive. [André Malo] |
| |
| *) mod_info: Added listing of the Request Hooks and added more build |
| information like 'httpd -V' contains. Changed output to XHTML. |
| [Paul Querna] |
| |
| *) mod_info: Rewrote config tree walk using a recursive function. |
| Added ?config option. Added printout of config filename and line numbers. |
| [Rici Lake <rici ricilake.net>, Paul Querna] |
| |
| *) mod_proxy: Fix type error that prevents proxy-sendchunks from working. |
| [Justin Erenkrantz] |
| |
| *) mod_proxy: Fix data corruption by properly setting aside buckets. |
| [Justin Erenkrantz] |
| |
| *) mod_proxy: If a request has a blank body and has a 0 Content-Length |
| headers, pass that to the proxy. [Justin Erenkrantz] |
| |
| *) Recognize QSA flag in mod_rewrite again. |
| [Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>] |
| |
| *) Restructured mod_auth_ldap to fit the new authentication model. |
| The module is now called authnz_ldap and has been moved out of |
| the modules/experimental area and into modules/aaa with the other |
| auth modules. Both the authn_ldap provider and the authz_ldap |
| handler are contained within the authnz_ldap module. The |
| authz_ldap handler introduces 3 new "requires" values for handling |
| authorization. These handlers are ldap-user, ldap-group and |
| ldap-dn. [Brad Nicholes] |
| |
| *) Fix some compiler warnings in proxy |
| [Geoffrey Young <geoff@modperlcookbook.org>] |
| |
| *) mod_ssl: Add SSL_CLIENT_V_REMAIN variable, representing the |
| number of days until the client cert expires. [Joe Orton] |
| |
| *) Add test_config hook, run only if httpd is invoked using -t. |
| [Joe Orton] |
| |
| *) Improve error handling for corrupted pid files. [Jeff Trawick] |
| |
| *) mod_proxy.c and proxy_util.c: Enable compiling on 2.0-HEAD |
| (for backwards compatibility): |
| Avoids mod_ssl.h (not included in 2.0-HEAD) and |
| use apr_socket_create_ex for 0.9.x |
| [Mladen Turk] |
| |
| *) Added proxy_ajp.c module for proxy support to ajp:// backends. |
| [Jean Frederic Clere] |
| |
| *) Fixes the build of proxy on Windows. Since the proxy_module is declared |
| as extern using AP_MODULE_DECLARE_DATA that expands to dllexport, there |
| is a LNK2001 error when building proxy_http. [Mladen Turk] |
| |
| *) Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap. |
| [Graham Leggett] |
| |
| *) Remove deprecated/removed APR_STATUS_IS_SUCCESS(). [Justin Erenkrantz] |
| |
| *) perchild MPM: Fix thread safety problem in the use of longjmp(). |
| [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>] |
| |
| *) Add load balancer support to the scoreboard in preparation for |
| load balancing support in mod_proxy. [Mladen Turk] |
| |
| *) mod_nw_ssl: Added the directive NWSSLUpgradeable to mod_nw_ssl to |
| allow a non-secure connection to be upgraded to secure connections |
| [Brad Nicholes] |
| |
| *) core: Add Options= syntax to AllowOverride to specify which options |
| may be overridden in .htaccess files. PR 29310. |
| [Tom Alsberg <alsbergt cs.huji.ac.il>, Paul Querna] |
| |
| *) ab: Handle long URLs with an error instead of an buffer overflow. |
| PR 28204. [Erik Weide <erik.weidel mplus-technologies.de>, Paul Querna] |
| |
| *) mod_so, core: Add new command line options to print all loaded |
| modules. '-t -D DUMP_MODULES' and '-M' will show all static |
| and shared modules as loaded from the configuration file. |
| [Paul Querna] |
| |
| *) mod_autoindex: Add ShowForbidden to IndexOptions to list files |
| that are not shown because the subrequest returned 401 or 403. |
| PR 10575. [Paul Querna] |
| |
| *) mod_headers: implement "Early" processing option in post_read_request |
| to enable Header and RequestHeader directives to be used to set up |
| testcases for pre-fixups request phases [Nick Kew] |
| |
| *) mod_proxy: multiple bugfixes, principally support cookies in |
| ProxyPassReverse, and don't canonicalise URL passed to backend. |
| Documentation correspondingly updated. [Nick Kew <nick webthing.com>] |
| |
| *) mod_deflate: support gzip flags in inflate_out_filter |
| [Nick Kew <nick webthing.com>] |
| |
| *) Drop the ErrorHeader directive which turned out to be a misnomer. |
| Instead there's a new optional flag for the Header directive |
| ('always'), which keeps the former ErrorHeader functionality. |
| [André Malo] |
| |
| *) mod_deflate: Don't deflate responses with zero length |
| e.g. proxied 304's [Allan Edwards] |
| |
| *) <IfModule> now recognizes the module identifier in addition to the |
| file name. PR 29003. [Edward Rudd <eddie omegaware.com>, André Malo] |
| |
| *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the |
| OpenSSL 0.9.7 flag which uses the server's cipher order rather |
| than the client's. PR 28665. |
| [Jim Schneider <jschneid netilla.com>] |
| |
| *) mod_ssl: Drop support for the CompatEnvVars argument to |
| SSLOptions, which was never actually implemented in 2.0. |
| [Joe Orton] |
| |
| *) Fix bug in mod_deflate that unconditionally sent deflate'd output |
| even when Accept-Encoding is not present. [Justin Erenkrantz] |
| |
| *) Pass environment variables through to piped loggers and start |
| them via the shell, resolving regressions since 1.3. PR 28815 |
| [Ken Coar, Jeff Trawick] |
| |
| *) External rewrite map responses are no longer limited to 2048 |
| bytes. [André Malo] |
| |
| *) Proxy server was deleting cookies that Apache had already |
| assigned if the origin server had set any cookies. PR 27023. |
| [Jim Jagielski] |
| |
| *) Removed old and unmaintained ap_add_named_module API and changed |
| the following APIs to return an error instead of hard exiting: |
| ap_add_module, ap_add_loaded_module, ap_setup_prelinked_modules, |
| and ap_process_resource_config. [André Malo] |
| |
| *) mod_headers: Allow %% in header values to represent a literal %. |
| [André Malo] |
| |
| *) mod_headers: Allow env clauses also for 'echo' and 'unset' actions. |
| [André Malo] |
| |
| *) mod_headers: Allow 'echo' also for ErrorHeaders. [André Malo] |
| |
| *) mod_deflate: New option for DEFLATE output file (force-gzip), |
| new output filter 'INFLATE' for uncompressing responses. |
| [Nick Kew <Nick at WebThing dot com>, Ian Holsman] |
| |
| *) Added new module mod_version, which provides version dependent |
| configuration containers. [André Malo] |
| |
| *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o |
| format is used. PR 27787. [André Malo] |
| |
| *) Allow Digest providers to return AUTH_DENIED to propagate a 401 |
| status and terminate the provider chain prior to checking the password. |
| [Geoffrey Young] |
| |
| *) mod_cgid: Don't allow Scriptsock to be specified inside VirtualHost; |
| Don't place script socket inside default server root instead of |
| actual server root. PR 27886. [Jeff Trawick] |
| |
| *) mod_proxy: Fix handling of non-200 success status codes when |
| "ProxyErrorOverride On" is configured. PR 20183. |
| [Marcus Janson <marcus.janson tre.se>, Joe Orton] |
| |
| *) Threaded MPMs for Unix and Win32: Add support for ThreadStackSize |
| directive (previously NetWare-only) to override default thread |
| stack size for threads which handle client connections. Required |
| for some third-party modules on platforms with small default |
| thread stack size. [Jeff Trawick] |
| |
| *) minor mod_auth_basic and mod_auth_digest sync. mod_auth_basic |
| now populates r->user with the (possibly unauthenticated) user, |
| and mod_auth_digest returns 500 when a provider returns |
| AUTH_GENERAL_ERROR. |
| [Geoffrey Young] |
| |
| *) The whole codebase was relicensed and is now available under |
| the Apache License, Version 2.0 (http://www.apache.org/licenses). |
| [Apache Software Foundation] |
| |
| *) Delete some make-generated files in the server directory during |
| "make clean" processing. PR 26552. [Jeff Trawick] |
| |
| *) Add core version query function (ap_get_server_revision) and |
| accompanying ap_version_t structure (minor MMN bump). |
| [André Malo] |
| |
| *) mod_rewrite: EOLs sent by external rewritemaps are now consumed |
| as whole. That way, on systems with more than one EOL character |
| rewritemap programs no longer need to switch stdout to binary |
| mode. PR 25635. [André Malo] |
| |
| *) mod_rewrite: Introduce the ability to force a content handler via |
| the [handler=...] flag. [André Malo] |
| |
| *) mod_rewrite: Introduce the RewriteCond -x check, which returns |
| true if the pattern is a file with execution permissions. |
| [André Malo] |
| |
| *) mod_rewrite: Allow proxying and RewriteRules in directory context |
| for subrequests. PR 14648, 15114. [André Malo] |
| |
| *) mod_rewrite: Allow setting of any valid HTTP response code. |
| PR 25917. [André Malo] |
| |
| *) mod_rewrite: Cookie creation now works locale independent. |
| [André Malo] |
| |
| *) mod_ssl: Add support for distributed session cache using 'distcache'. |
| [Geoff Thorpe <geoff geoffthorpe.net>] |
| |
| *) mod_dav: Disallow requests with an unescaped hash character in |
| the Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>] |
| |
| *) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration |
| attaches a body to the 302 response and a wrong Content-Length header. |
| PR: 22951 [Ermanno Scaglione scaglione ..at.. starnetone.de] |
| |
| *) Bring ErrorHeader concept forward from 1.3, so that response |
| header fields can be set for return even on errors or external |
| redirects. [Ken Coar] |
| |
| *) Fix <Limit> and <LimitExcept> parsing to require a closing '>' |
| in the initial container. PR 25414. |
| [Geoffrey Young <geoff apache.org>] |
| |
| *) Clean up httpd -V output: Instead of displaying the MPM source |
| directory, display the MPM name and some MPM properties. |
| [Geoffrey Young <geoff apache.org>] |
| |
| *) mod_ssl/mod_status: Re-enable support for output of SSL session |
| cache information in server-status page. [Joe Orton] |
| |
| *) mod_ssl: Remove the shmht session cache, shmcb should be used |
| instead. [Joe Orton] |
| |
| *) mod_logio: Account for some bytes handed to the network layer prior to |
| dropped connections. [Jeff Trawick] |
| |
| *) mod_autoindex: new directive IndexStyleSheet |
| [Tyler Riddle <triddle_1999 yahoo.com>, Paul Querna <chip force-elite.com>] |
| |
| *) Fix uninitialized gprof directory name in prefork MPM. PR 24450. |
| [Chris Knight <Christopher.D.Knight nasa.gov>] |
| |
| *) Log an error when requests for URIs which fail to map to a valid |
| filesystem name are rejected with 403. [Jeff Trawick] |
| |
| *) Switch to APR 1.0 API. |
| |
| *) Major overhaul of mod_include's filter parser. The new parser code |
| is expected to be more robust and should catch all of the edge cases |
| that were not handled by the previous one. This includes a binary |
| incompatible change of mod_include's external API. [André Malo] |
| |
| *) mod_rewrite: Allow forced mimetypes [T=...] to get expanded. |
| PR 14223. [André Malo] |
| |
| *) mod_rewrite: Fix LA-U and LA-F lookups in directory context. Previously |
| the current rewrite state was just used as lookup path, which lead to |
| strange and often useless results. Related to PR 8493. [André Malo] |
| |
| *) Change Listen directive to bind to all addresses when a hostname is |
| not specified. [Justin Erenkrantz] |
| |
| *) Correct failure with Listen directives on machines with IPv6 enabled. |
| [Colm MacCárthaigh <colm stdlib.net>, Justin Erenkrantz] |
| |
| *) Fix a link failure in mod_ssl when the OpenSSL libraries contain |
| the ENGINE functions but the engine header files are missing. |
| [Cliff Woolley] |
| |
| *) mod_rewrite: RewriteRules in server context using the force |
| type feature [T=...] no longer disable MultiViews. [André Malo] |
| |
| *) mod_rewrite: Allow piped rewrite logs to be relative to ServerRoot. |
| [André Malo] |
| |
| *) mod_authz_groupfile: Strip trailing spaces of group names. This |
| hopefully saves some hours of searching for typos. PR 12863. |
| [André Malo] |
| |
| *) mod_actions: Propagate the handler name to the action script via |
| the REDIRECT_HANDLER environment variable. [André Malo] |
| |
| *) mod_actions: Introduce the "virtual" modifier to the Action directive, |
| which allows the use of handlers for virtual locations. PR 8431. |
| [André Malo] |
| |
| *) mod_speling: Recognize AcceptPathInfo setting for the particular |
| location. Default is to reject path information. PR 21059. |
| [André Malo] |
| |
| *) mod_ext_filter: Add the ability to filter request bodies. |
| [Philipp Reisner <philipp.reisner linbit.com>] |
| |
| *) Fix some broken log messages in WinNT MPM. |
| [Juan Rivera <Juan.Rivera citrix.com>] |
| |
| *) prefork MPM: Use the right permissions for the directory created |
| for gprof support. [Jim Carlson <jcarlson jnous.com>] |
| |
| *) Fix a compile failure with recent OpenSSL and picky compilers |
| (e.g., OpenSSL 0.9.7a and xlc_r on AIX). [Jeff Trawick] |
| |
| *) OpenSSL headers should be included as "openssl/ssl.h", and not rely on |
| the INCLUDE path to be defined properly. |
| PR 11310. [Geoff Thorpe <geoff geoffthorpe.net>] |
| |
| *) Modify APACHE_CHECK_SSL_TOOLKIT to detect SSL-C. [Madhusudan Mathihalli] |
| |
| *) Replace the APACHE_CHECK_SSL_TOOLKIT method with a cleaner one, using |
| autoconf tools (AC_CHECK_HEADER, AC_CHECK_LIB etc). |
| [Geoff Thorpe <geoff geoffthorpe.net>] |
| |
| *) change directive name from 'compressionlevel' to 'deflatecompressionlevel' |
| [Ian Holsman, André Malo] |
| |
| *) mod_negotiation: quality values are now parsed independent from |
| the current locale. level values are now really parsed as integers. |
| PR 17564. [André Malo] |
| |
| *) Extend mod_negotiation to evaluate the environment variables |
| no-gzip and gzip-only-text/html the same way as mod_deflate does. |
| [André Malo] |
| |
| *) mod_rewrite: Fix some problems reporting errors with mapping |
| programs (RewriteMap prg:/something). [Jeff Trawick] |
| |
| *) Return 413 if chunk-ext-header is too long rather than reading from |
| the truncated line. PR 15857. [Justin Erenkrantz] |
| |
| *) Allow restart of httpd to occur even with syntax errors in the config |
| file. PR 16813. [Justin Erenkrantz] |
| |
| *) Use APR_LAYOUT instead of APACHE_LAYOUT in configure. PR 15679. |
| [Justin Erenkrantz] |
| |
| *) Remove files on 'make distclean' that should be. PR 15592. |
| [Justin Erenkrantz] |
| |
| *) Allow apachectl to perform status with links and elinks as well. |
| [Justin Erenkrantz] |
| |
| *) mod_log_config change optional hook to return previous handler |
| [Ian Holsman] |
| |
| *) Forward port of mod_actions' ability to handle arbitrary methods |
| with the Script directive. [André Malo] |
| |
| *) Let suexec send a message to stderr, if it failed or its policy |
| was violated. This message appears in the error log and allows |
| for easier debugging. PR 5381, 7638, 8255, 10773. [André Malo] |
| |
| *) Modify buildconf to copy all required files into httpd's tree. |
| [Thom May <thom planetarytramp.net>] |
| |
| *) Allow mod_dav to do weak entity comparison functions. |
| [Justin Erenkrantz] |
| |
| *) Move RFC 1413 ident requests from core to new module mod_ident. |
| [André Malo] |
| |
| *) Add mod_authz_owner - a forward port of "Require file-owner" |
| and "Require file-group", which was already present in version |
| 1.3.21. [André Malo] |
| |
| *) Add mod_dav_lock - a generic subset of the DAV locking implementation. |
| [Justin Erenkrantz] |
| |
| *) Replace some of the mutex locking in the worker MPM with |
| atomic operations for higher concurrency. [Brian Pane] |
| |
| *) Allow 'make depend' to work with non-GCC compilers. |
| [Justin Erenkrantz] |
| |
| *) If an httpd.conf has commented out AddModule directives, |
| apxs -i -a will add an un-commented AddModule directive for |
| the new module, which breaks the config. |
| PR: 11212 [Joe Orton] |
| |
| *) Fix mod_proxy handling of filtered input bodies. [Justin Erenkrantz] |
| |
| *) Move the check of the Expect request header field after the hook |
| for ap_post_read_request, since that is the only opportunity for |
| modules to handle Expect extensions. [Justin Erenkrantz] |
| |
| *) Rewrite of aaa modules to an authn/authz model. |
| [Dirk-Willem van Gulik, Justin Erenkrantz] |
| |
| [Apache 2.1.0-dev includes those bug fixes and changes with the |
| Apache 2.0.xx tree as documented, and except as noted, below.] |
| |
| Changes with Apache 2.0.x and later: |
| |
| *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup |
| |
| Changes with Apache 1.3.x and later: |
| |
| *) http://svn.apache.org/viewvc/httpd/httpd/branches/1.3.x/src/CHANGES?view=markup |