| -*- coding: utf-8 -*- |
| Changes with Apache 2.5.0 |
| |
| *) Don't set SO_REUSEPORT unless ListenCoresBucketsRatio is greater |
| than zero. [Eric Covener] |
| |
| *) mod_http2: streaming of request output now reacts timely to data |
| from other streams becoming available. Same for new incoming requests. |
| [Stefan Eissing] |
| |
| *) core: EBCDIC fixes for interim responses with additional headers. |
| [Eric Covener] |
| |
| *) mod_remoteip: Add support for PROXY protocol (code donated by Cloudzilla). |
| Add ability for PROXY protocol processing to be optional to donated code. |
| See also: http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt |
| [Cloudzilla/roadrunner2@GitHub, Jim Jagielski, Daniel Ruggeri] |
| |
| *) mod_rewrite: When a substitution is a fully qualified URL, and the |
| scheme/host/port matches the current virtual host, stop interpreting the |
| path component as a local path just because the first component of the |
| path exists in the filesystem. Adds RewriteOption "LegacyPrefixDocRoot" |
| to revert to previous behavior. PR60009. |
| [Hank Ibell <hwibell gmail.com>] |
| |
| *) core: Add %{REMOTE_PORT} to the expression parser. PR59938 |
| [Hank Ibell <hwibell gmail.com>] |
| |
| *) mod_remoteip: When overriding the useragent address from X-Forwarded-For, |
| zero out what had been initialized as the connection-level port. PR59931. |
| [Hank Ibell <hwibell gmail.com>] |
| |
| *) mod_proxy_wstunnel: Reliably run before mod_proxy_http. |
| [Eric Covener] |
| |
| *) mod_proxy_protocol: Add server-side, front-end support for PROXY PROTOCOL |
| (http://blog.haproxy.com/haproxy/proxy-protocol/). [roadrunner2] |
| |
| *) mod_proxy_fcgi: Return HTTP 504 rather than 503 in case of proxy timeout. |
| [Luca Toscano] |
| |
| *) mod_proxy_{ajp,fcgi}: Fix a possible crash when reusing an established |
| backend connection, happening with LogLevel trace2 or higher configured, |
| or at any log level with compilers not detected as C99 compliant (e.g. |
| MSVC on Windows). [Yann Ylavic] |
| |
| *) mod_ext_filter: Don't interfere with "error buckets" issued by other |
| modules. PR60375. [Eric Covener, Lubos Uhliarik] |
| |
| *) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when |
| modules add empty environment variables to the request. PR60275. |
| [<alex2grad AT gmail.com>] |
| |
| *) http: Allow unknown response status' lines returned in the form of |
| "HTTP/x.x xxx Status xxx". [Yann Ylavic] |
| |
| *) core: Add <IfFile> configuration section to allow any file on disk to be |
| used as a conditional. [Edward Lu, Eric Covener] |
| |
| *) event: Avoid listener periodic wake ups by using the pollset wake-ability |
| when available. PR 57399. [Yann Ylavic, Luca Toscano] |
| |
| *) mod_brotli: Add a new module for dynamic Brotli (RFC 7932) compression. |
| [Evgeny Kotkov] |
| |
| *) core: Permit unencoded ';' characters to appear in proxy requests and |
| Location: response headers. Corresponds to modern browser behavior. |
| [William Rowe] |
| |
| *) mod_crypto: Add the all purpose crypto filters with support for HLS. |
| [Graham Leggett] |
| |
| *) core: Drop an invalid Last-Modified header value coming |
| from a FCGI/CGI script instead of replacing it with Unix epoch. |
| Warn the users about Last-Modified header value replacements |
| and violations of the RFC. |
| [Yann Ylavic, Luca Toscano, William Rowe, Jacob Champion] |
| |
| *) mod_dav: Allow other modules to become providers and add ACLs |
| to the DAV response. |
| [Jari Urpalainen <jari.urpalainen nokia.com>, Graham Leggett] |
| |
| *) mod_dav: Add dav_begin_multistatus, dav_send_one_response, |
| dav_finish_multistatus, dav_send_multistatus, dav_handle_err, |
| dav_failed_proppatch, dav_success_proppatch to mod_dav.h. |
| [Jari Urpalainen <jari.urpalainen nokia.com>, Graham Leggett] |
| |
| *) mod_proxy, mod_ssl: Handle SSLProxy* directives in <Proxy> sections, |
| allowing per backend TLS configuration. [Yann Ylavic] |
| |
| *) core: explicitly exclude 'h2' from protocols announced via an Upgrade: |
| header as commanded by http-wg. [Stefan Eissing] |
| |
| *) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy |
| AJP13 authentication. PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>] |
| |
| *) mpm: Generalise the ap_mpm_register_socket functions to accept pipes |
| or sockets. [Graham Leggett] |
| |
| *) core: Extend support for setting aside data from the network input filter |
| to any connection or request input filter. [Graham Leggett] |
| |
| *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett] |
| |
| *) mod_auth_digest: Fix compatibility with expression-based Authname. PR59039. |
| [Eric Covener] |
| |
| *) mpm: Add a complete_connection hook that confirms whether an MPM is allowed |
| to leave the WRITE_COMPLETION phase. Move filter code out of the MPMs. |
| [Graham Leggett] |
| |
| *) core: Added support for HTTP code 451. PR58985. |
| [Yehuda Katz <yehuda ymkatz.net>, Jim Jagielski] |
| |
| *) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung] |
| |
| *) mod_filter: Fix AddOutputFilterByType with non-content-level filters. |
| PR58856 [Micha Lenk <micha lenk.info>] |
| |
| *) mod_cache: Consider Cache-Control: s-maxage in expiration |
| calculations. [Eric Covener] |
| |
| *) mod_cache: Allow caching of responses with an Expires header |
| in the past that also has Cache-Control: max-age or s-maxage. |
| PR55156. [Eric Covener] |
| |
| *) Added many log numbers to log statements that had none. |
| |
| *) mod_session: Introduce SessionExpiryUpdateInterval which allows to |
| configure the session/cookie expiry's update interval. PR 57300. |
| [Paul Spangler <paul.spangler ni.com>] |
| |
| *) core: Extend support for asynchronous write completion from the |
| network filter to any connection or request filter. [Graham Leggett] |
| |
| *) mod_auth_digest: remove AuthDigestEnableQueryStringHack which is no |
| more documented since dec 2012 (r1415960). [Christophe Jaillet] |
| |
| *) mod_charset_lite: On EBCDIC platforms, make sure mod_charset_lite runs |
| after other resource-level filters. [Eric Covener] |
| |
| *) http: Don't remove the Content-Length of zero from a HEAD response if |
| it comes from an origin server, module or script. [Yann Ylavic] |
| |
| *) http: Add support for RFC2324/RFC7168. [Graham Leggett] |
| |
| *) mod_rewrite: Add support for starting External Rewriting Programs |
| as non-root user on UNIX systems by specifying username and group name |
| as third argument of RewriteMap directive. [Jan Kaluza] |
| |
| *) mod_authn_core: Add expression support to AuthName and AuthType. |
| [Graham Leggett] |
| |
| *) suexec: Filter out the HTTP_PROXY environment variable because it is |
| treated as alias for http_proxy by some programs. [Stefan Fritsch] |
| |
| *) mod_proxy_http: Don't establish or reuse a backend connection before pre- |
| fetching the request body, so to minimize the delay between it is supposed |
| to be alive and the first bytes sent: this is a best effort to prevent the |
| backend from closing because of idle or keepalive timeout in the meantime. |
| Also, handle a new "proxy-flushall" environment variable which allows to |
| flush any forwarded body data immediately. PR 56541+37920. [Yann Ylavic] |
| |
| *) core: Define and UnDefine are no longer permitted in |
| directory context. Previously they would always be evaulated |
| as the configuration was read without regard for the directory |
| context. [Eric Covener] |
| |
| *) config: For directives that do not expect any arguments, enforce |
| that none are specified in the configuration file. |
| [Joachim Zobel <jzobel heute-morgen.de>, Eric Covener] |
| |
| *) mod_rewrite: Improve 'bad flag delimeters' startup error by showing |
| how the input was tokenized. PR 56528. [Edward Lu <Chaosed0 gmail.com>] |
| |
| *) mod_proxy: Don't put non balancer-member workers in error state by |
| default for connection or 500/503 errors, and honor status=+I for |
| any error. PR 48388. [Yann Ylavic] |
| |
| *) mod_socache_memcache: Pass expiration time through to memcached. PR 55445. |
| [Faidon Liambotis <paravoid debian.org>, Joe Orton] |
| |
| *) ap_expr: Add filemod function for checking file modification dates |
| [Daniel Gruno] |
| |
| *) mod_authnz_ldap: Resolve crashes with LDAP authz and non-LDAP authn since |
| r1608202. [Eric Covener] |
| |
| *) apreq: Content-Length header should be always interpreted as a decimal. |
| Leading 0 could be erroneously considered as an octal value. PR 56598. |
| [Chris Card <ctcard hotmail com>] |
| |
| *) mod_proxy: Now allow for 191 character worker names, with non-fatal |
| errors if name is truncated. PR53218. [Jim Jagielski] |
| |
| *) mod_ssl: Add optional function "ssl_get_tls_cb" to allow support |
| for channel bindings. [Simo Sorce <simo redhat.com>] |
| |
| *) mod_proxy_wstunnel: Concurrent websockets messages could be |
| lost or delayed with ProxyWebsocketAsync enabled. |
| [Edward Lu <Chaosed0 gmail.com>] |
| |
| *) core, mod_info: Add compiled and loaded PCRE versions to version |
| number display. [Rainer Jung] |
| |
| *) mod_authnz_ldap: Return LDAP connections to the pool before the handler |
| is run, instead of waiting until the end of the request. [Eric Covener] |
| |
| *) mod_proxy_html: support automatic detection of doctype and processing |
| of FPIs. PR56285 [Micha Lenk <micha lenk info>, Nick Kew] |
| |
| *) mod_proxy_html: skip documents shorter than 4 bytes |
| PR 56286 [Micha Lenk <micha lenk info>] |
| |
| *) mod_proxy_fdpass: Fix computation of the size of 'struct sockaddr_un' |
| when passed to 'connect()'. |
| [Graham Dumpleton <grahamd apache org>] |
| |
| *) core: Add ap_mpm_resume_suspended() API to allow a suspended connection |
| to resume. PR56333 |
| [Artem <artemciy gmail.com>, Edward Lu <Chaosed0 gmail.com>] |
| |
| *) core: Add ap_mpm_register_socket_callback_timeout() API. [Eric Covener] |
| |
| *) mod_proxy_wstunnel: Honor ProxyWebsocketIdleTimeout in asynchronous |
| processing mode. [Eric Covener] |
| |
| *) mod_authnz_ldap: Fail explicitly when the filter is too long. Remove |
| unnecessary apr_pstrdup() and strlen(). [Graham Leggett] |
| |
| *) Add the ldap-search option to mod_authnz_ldap, allowing authorization |
| to be based on arbitrary expressions that do not include the username. |
| [Graham Leggett] |
| |
| *) Add the ldap function to the expression API, allowing LDAP filters and |
| distinguished names based on expressions to be escaped correctly to |
| guard against LDAP injection. [Graham Leggett] |
| |
| *) Add module mod_ssl_ct, which provides an implementation of Certificate |
| Transparency (RFC 6962) for httpd. [Jeff Trawick] |
| |
| *) mod_proxy_wstunnel: Avoid sending error responses down an upgraded |
| websockets connection as it is being close down. [Eric Covener] |
| |
| *) mod_proxy_wstunnel: Allow the administrator to cap the amount |
| of time a synchronous websockets connection stays idle with |
| ProxyWebsocketIdleTimeout. [Eric Covener] |
| |
| *) mod_proxy_wstunnel: Change to opt-in for asynchronous support, adding |
| directives ProxyWebsocketAsync and ProxyWebsocketAsyncDelay. |
| [Eric Covener] |
| |
| *) mod_proxy_wstunnel: Stop leaking websockets backend connections under |
| event MPM (trunk-only). [Eric Covener] |
| |
| *) mod_proxy_http: Add detach_backend hook (potentially usable |
| in other proxy scheme handlers). [Jeff Trawick] |
| |
| *) mod_deflate: Add DeflateAlterETag to control how the ETag |
| is modified. The 'NoChange' parameter mimics 2.2.x behavior. |
| PR 45023, PR 39727. [Eric Covener] |
| |
| *) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to |
| allow spaces in backreferences to be encoded as %20 instead of '+'. |
| [Eric Covener] |
| |
| *) mod_rewrite: Support an optional list of characters to escape in the |
| argument for the 'B' (escape backreferences) flag. [Eric Covener] |
| |
| *) mod_dir: Default to 2.2-like behavior and skip execution when method is |
| neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch] |
| |
| *) mod_rewrite: Rename the handler that does per-directory internal |
| redirects to "rewrite-redirect-handler" from "redirect-handler" so |
| it is less ambiguous and less likely to be reused. [Eric Covener] |
| |
| *) mod_rewrite: Protect against looping with the [N] flag by enforcing a |
| default limit of 10000 iterations, and allowing each rule to change its |
| limit. [Eric Covener] |
| |
| *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder. |
| [Jeff Trawick] |
| |
| *) Add HttpContentLengthHeadZero and HttpExpectStrict directives. |
| [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz] |
| |
| *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all |
| configured SSL CA certificates to stdout the same way as DUMP_CERTS does. |
| [Jan Kaluza] |
| |
| *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl |
| to support write completion. [Graham Leggett] |
| |
| *) core: Add parse_errorlog_arg callback to ap_errorlog_provider |
| to allow providers to check the ErrorLog argument. [Jan Kaluza] |
| |
| *) mod_cgid: Use the servers Timeout for each read from a CGI script, |
| allow override with new CGIDRequestTimeout directive. PR43494 |
| [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>] |
| |
| *) core: ensure any abnormal exit is reported to stderr if it's a tty. |
| PR 55670 [Nick Kew] |
| |
| *) mod_lua: Let the Inter-VM get/set functions work with a global |
| shared memory pool instead of a per-process pool. [Daniel Gruno] |
| |
| *) ldap: Support ldaps when using the Microsoft LDAP SDK. |
| PR 54626. [Jean-Frederic Clere] |
| |
| *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0 |
| to avoid performance problems when subgroups aren't in use. [Eric Covener] |
| |
| *) mod_syslog: New module implementing syslog ap_error_log provider. |
| Previously, this code was part of core, now it's in separate module. |
| [Jan Kaluza] |
| |
| *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move |
| syslog support from core to new mod_syslog. [Jan Kaluza] |
| |
| *) mod_status, mod_echo: Fix the display of client addresses. |
| They were truncated to 31 characters which is not enough for IPv6 addresses. |
| PR 54848 [Bernhard Schmidt <berni birkenwald de>] |
| |
| *) mod_unique_id: Use output of the PRNG rather than IP address and |
| pid, avoiding sleep() call and possible DNS issues at startup, |
| plus improving randomness for IPv6-only hosts. |
| [Jan Kaluza <jkaluza redhat.com>] |
| |
| *) mod_file_cache: mod_file_cache should be able to serve files that |
| haven't had a Content-Type set via e.g. mod_mime. [Eric Covener] |
| |
| *) core: merge AllowEncodedSlashes from the base configuration into |
| virtual hosts. [Eric Covener] |
| |
| *) AIX: Install DSO's with "cp" instead of "install" in instdso.sh |
| [Eric Covener] |
| |
| *) mod_ldap: Don't keep retrying if a new LDAP connection times out. |
| [Eric Covener] |
| |
| *) mod_deflate: permit compilation of mod_deflate against a zlib that has |
| been configured with -D Z_PREFIX, which redefines the token "deflate". |
| [Eric Covener] |
| |
| *) mod_auth_digest: Use the secret when generating nonces in all cases and |
| not only when AuthName is used in .htaccess files (this change may cause |
| problems if used with round robin load balancers). Don't regenerate the |
| secret on graceful restarts. PR 54637 [Stefan Fritsch] |
| |
| *) core: Remove apr_brigade_flatten(), buffering and duplicated code |
| from the HTTP_IN filter, parse chunks in a single pass with zero copy. |
| Reduce memory usage by 48 bytes per request. [Graham Leggett] |
| |
| *) core: Stop the HTTP_IN filter from attempting to write error buckets |
| to the output filters, which is bogus in the proxy case. Create a |
| clean mapping from APR codes to HTTP status codes, and use it where |
| needed. [Graham Leggett] |
| |
| *) mod_proxy: Ensure network errors detected by the proxy are returned as |
| 504 Gateway Timout as opposed to 502 Bad Gateway, in order to be |
| compliant with RFC2616 14.9.4 Cache Revalidation and Reload Controls. |
| |
| *) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981 |
| [Basant Kumar Kukreja <basant.kukreja sun.com>, Alejandro Alvarez |
| <alejandro.alvarez.ayllon cern.ch>] |
| |
| *) mod_ldap: LDAP connections used for authentication were not respecting |
| LDAPConnectionPoolTimeout. PR 54587 |
| |
| *) core: ap_rgetline_core now pulls from r->proto_input_filters. |
| |
| *) mod_proxy_html: process parsed comments immediately. |
| Fixes bug where parsed comments may be lost. [Nick Kew] |
| |
| *) mod_proxy_html: introduce doctype for HTML 5 [Nick Kew] |
| |
| *) mod_proxy_html: fix typo-bug processing "strict" vs "transitional" |
| HTML/XHTML [Nick Kew] |
| |
| *) core: Add option to add valgrind support. Use it to reduce false positive |
| warnings in mod_ssl. [Stefan Fritsch] |
| |
| *) mod_authn_file, mod_authn_dbd, mod_authn_dbm, mod_authn_socache: |
| Cache the result of the most recent password hash verification for every |
| keep-alive connection. This saves some expensive calculations. |
| [Stefan Fritsch] |
| |
| *) http: Remove support for Request-Range header sent by Navigator 2-3 and |
| MSIE 3. [Stefan Fritsch] |
| |
| *) core, http: Extend HttpProtocol with an option to enforce stricter HTTP |
| conformance or to only log the found problems. [Stefan Fritsch] |
| |
| *) core: Correctly parse an IPv6 literal host specification in an absolute |
| URL in the request line. [Stefan Fritsch] |
| |
| *) EventOpt MPM |
| |
| *) core: Add LogLevelOverride directive that allows to override the |
| loglevel for clients from certain IPs. This also works for things |
| like the SSL handshake where <If> LogLevel ... </If> is evaluated |
| too late. [Stefan Fritsch] |
| |
| *) core: Add new directive Warning to issue warnings from a configuration |
| file. Both Warning and Error now generate a timestamped log message. |
| [Fabien Coelho] |
| |
| *) ap_expr: Add SERVER_PROTOCOL_VERSION, ..._MAJOR, and ..._MINOR |
| variables. [Stefan Fritsch] |
| |
| *) core: New directive RegisterHttpMethod for registering non-standard |
| HTTP methods. [Stefan Fritsch] |
| |
| *) core: New directive HttpProtocol which allows to disable HTTP/0.9 |
| support. [Stefan Fritsch] |
| |
| *) mod_allowhandlers: New module to forbid specific handlers for specific |
| directories. [Stefan Fritsch] |
| |
| *) mod_systemd: New module, for integration with systemd on Linux. |
| [Jan Kaluza <jkaluza redhat.com>] |
| |
| *) WinNT MPM: Store pid and generation for each thread in scoreboard |
| to allow tracking of threads from exiting children via mod_status |
| or other such mechanisms. [Jeff Trawick] |
| |
| *) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR: |
| - APIs: ap_log_pid(), ap_remove_pid, ap_read_pid() |
| - mod_cache: thundering herd lock directory |
| - mod_lbmethod_heartbeat, mod_heartmonitor: heartbeat storage file |
| - mod_ldap: shared memory cache |
| - mod_socache_shmcb, mod_socache_dbm: shared memory or dbm for cache |
| [Jeff Trawick] |
| |
| *) suexec: Add --enable-suexec-capabilites support on Linux, to use |
| setuid/setgid capability bits rather than a setuid root binary. |
| [Joe Orton] |
| |
| *) suexec: Add support for logging to syslog as an alternative to logging |
| to a file; configure --without-suexec-logfile --with-suexec-syslog. |
| [Joe Orton] |
| |
| *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210. |
| [Matthew Steele <mdsteele google.com>] |
| |
| *) cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will |
| be compiled by the build compiler instead of the host compiler. |
| Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected. |
| PR 51257. [Guenter Knauf] |
| |
| *) core: In maintainer mode, replace apr_palloc with a version that |
| initializes the allocated memory with non-zero values, except if |
| AP_DEBUG_NO_ALLOC_POISON is defined. [Stefan Fritsch] |
| |
| *) mod_policy: Add a new testing module to help server administrators |
| enforce a configurable level of protocol compliance on their |
| servers and application servers behind theirs. [Graham Leggett] |
| |
| *) mod_firehose: Add a new debugging module able to record traffic |
| passing through the server in such a way that connections and/or |
| requests be reconstructed and replayed. [Graham Leggett] |
| |
| *) mod_noloris |
| |
| *) APREQ |
| |
| *) Simple MPM |
| |
| *) mod_serf |
| |
| [Apache 2.5.0-dev includes those bug fixes and changes with the |
| Apache 2.4.xx tree as documented below, except as noted.] |
| |
| Changes with Apache 2.4.x and later: |
| |
| *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup |
| |
| Changes with Apache 2.2.x and later: |
| |
| *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup |
| |
| Changes with Apache 2.0.x and later: |
| |
| *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup |
| |