| -*- coding: utf-8 -*- |
| |
| Changes with Apache 2.3.5 |
| |
| *) Ensure each subrequest has a shallow copy of headers_in so that the |
| parent request headers are not corrupted. Elimiates a problematic |
| optimization in the case of no request body. PR 48359 |
| [Jake Scott, William Rowe, Ruediger Pluem] |
| |
| *) Turn static function get_server_name_for_url() into public |
| ap_get_server_name_for_url() and use it where appropriate. This |
| fixes mod_rewrite generating invalid URLs for redirects to IPv6 |
| literal addresses. [Stefan Fritsch] |
| |
| *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout |
| for LDAP operations like bind and search. [Stefan Fritsch] |
| |
| *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to |
| mod_proxy_ftp. [Takashi Sato] |
| |
| *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to |
| mod_proxy_connect. [Takashi Sato] |
| |
| *) mod_cache: Do an exact match of the keys defined by |
| CacheIgnoreURLSessionIdentifiers against the querystring instead of |
| a partial match. PR 48401.i |
| [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem] |
| |
| *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung] |
| |
| *) Core HTTP: disable keepalive when the Client has sent |
| Expect: 100-continue |
| but we respond directly with a non-100 response. |
| Keepalive here led to data from clients continuing being treated as |
| a new request. |
| PR 47087 [Nick Kew] |
| |
| *) Core: reject NULLs in request line or request headers. |
| PR 43039 [Nick Kew] |
| |
| *) Core: (re)-introduce -T commandline option to suppress documentroot |
| check at startup. |
| PR 41887 [Jan van den Berg <janvdberg gmail.com>] |
| |
| *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions, |
| ScanHTMLTitles, ReadmeName, HeaderName |
| PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew] |
| |
| *) Proxy: Fix ProxyPassReverse with relative URL |
| Derived (slightly erroneously) from PR 38864 [Nick Kew] |
| |
| *) mod_headers: align Header Edit with Header Set when used on Content-Type |
| PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>] |
| |
| *) mod_headers: Enable multi-match-and-replace edit option |
| PR 47066 [Nick Kew] |
| |
| *) mod_filter: enable it to act on non-200 responses. |
| PR 48377 [Nick Kew] |
| |
| Changes with Apache 2.3.4 |
| |
| *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex, |
| and WatchdogMutexPath with a single Mutex directive. Add APIs to |
| simplify setup and user customization of APR proc and global mutexes. |
| (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer |
| respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick] |
| |
| *) http_core: KeepAlive no longer accepts other than On|Off. |
| [Takashi Sato] |
| |
| *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error() |
| and dav_new_error_tag() must be adjusted to add an apr_status_t parameter. |
| [Jeff Trawick] |
| |
| *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to |
| try other providers in the case of an LDAP bind failure. |
| PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson] |
| |
| *) Build: fix --with-module to work as documented |
| PR 43881 [Gez Saunders <gez.saunders virgin.net>] |
| |
| Changes with Apache 2.3.3 |
| |
| *) SECURITY: CVE-2009-3095 (cve.mitre.org) |
| mod_proxy_ftp: sanity check authn credentials. |
| [Stefan Fritsch <sf fritsch.de>, Joe Orton] |
| |
| *) SECURITY: CVE-2009-3094 (cve.mitre.org) |
| mod_proxy_ftp: NULL pointer dereference on error paths. |
| [Stefan Fritsch <sf fritsch.de>, Joe Orton] |
| *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against |
| OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme] |
| |
| *) mod_dav: Include uri when logging a PUT error due to connection abort. |
| PR 38149. [Stefan Fritsch] |
| |
| *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent |
| resource does not exist or is not a collection. PR 43465. [Stefan Fritsch] |
| |
| *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll |
| (a COPY request where the parent of the destination resource does not |
| exist). PR 39299. [Stefan Fritsch] |
| |
| *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed. |
| PR 42896. [Stefan Fritsch] |
| |
| *) mod_dav_fs: Make PUT create files atomically and no longer destroy the |
| old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch] |
| |
| *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically |
| creating files. On systems with inode numbers, this is a format change of |
| the DavLockDB. The old DavLockDB must be deleted on upgrade. |
| [Stefan Fritsch] |
| |
| *) mod_log_config: Make ${cookie}C correctly match whole cookie names |
| instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>, |
| Stefan Fritsch] |
| |
| *) vhost: A purely-numeric Host: header should not be treated as a port. |
| PR 44979 [Nick Kew] |
| |
| *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5" |
| when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless |
| LDAPReferralHopLimit is explicitly configured. |
| [Eric Covener] |
| |
| *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'. |
| [Eric Covener] |
| |
| *) mod_ssl: Add support for OCSP Stapling. PR 43822. |
| [Dr Stephen Henson <shenson oss-institute.org>] |
| |
| *) mod_socache_shmcb: Allow parens in file name if cache size is given. |
| Fixes SSLSessionCache directive mis-parsing parens in pathname. |
| PR 47945. [Stefan Fritsch] |
| |
| *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch] |
| |
| *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch] |
| |
| *) mod_sed: Reduce memory consumption when processing very long lines. |
| PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>] |
| |
| *) ab: Fix segfault in case the argument for -n is a very large number. |
| PR 47178. [Philipp Hagemeister <oss phihag.de>] |
| |
| *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901. |
| [Stefan Fritsch] |
| |
| *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again |
| for worker MPM. [Takashi Sato] |
| |
| *) mod_dav: Provide a mechanism to obtain the request_rec and pathname |
| from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>, |
| Brian France <brian brianfrance.com>] |
| |
| *) Build: Use install instead of cp if available on installing |
| modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com] |
| |
| *) mod_cache: correctly consider s-maxage in cacheability |
| decisions. [Dan Poirier] |
| |
| *) mod_logio/core: Report more accurate byte counts in mod_status if |
| mod_logio is loaded. PR 25656. [Stefan Fritsch] |
| |
| *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge |
| some cache entries and log a warning. Also increase the default |
| LDAPSharedCacheSize to 500000. This is a more realistic size suitable |
| for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries. |
| PR 46749. [Stefan Fritsch] |
| |
| *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if |
| the request is a CONNECT request. [Bill Zajac <billz consultla.com>] |
| |
| *) mod_cache: Teach CacheEnable and CacheDisable to work from within a |
| Location section, in line with how ProxyPass works. [Graham Leggett] |
| |
| *) mod_reqtimeout: New module to set timeouts and minimum data rates for |
| receiving requests from the client. [Stefan Fritsch] |
| |
| *) core: Fix potential memory leaks by making sure to not destroy |
| bucket brigades that have been created by earlier filters. |
| [Stefan Fritsch] |
| |
| *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket |
| brigades in several places. [Stefan Fritsch] |
| |
| *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will |
| match by scheme, or by a wildcarded hostname. PR 40169 |
| [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett] |
| |
| *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC |
| on the log file instead of closing it. PR 10744. [Nicolas Rachinsky] |
| |
| *) mod_mime: Make RemoveType override the info from TypesConfig. |
| PR 38330. [Stefan Fritsch] |
| |
| *) mod_cache: Introduce the option to run the cache from within the |
| normal request handler, and to allow fine grained control over |
| where in the filter chain content is cached. [Graham Leggett] |
| |
| *) core: Treat timeout reading request as 408 error, not 400. |
| Log 408 errors in access log as was done in Apache 1.3.x. |
| PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>, |
| Stefan Fritsch <sf fritsch.de>, Dan Poirier] |
| |
| *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN, |
| SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl. |
| [Peter Sylvester <peter.sylvester edelweb.fr>] |
| |
| *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8. |
| PR15866. [Dan Poirier] |
| |
| *) ab: ab segfaults in verbose mode on https sites |
| PR46393. [Ryan Niebur] |
| |
| *) mod_dav: Allow other modules to become providers and add resource types |
| to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>, |
| Brian France <brian brianfrance.com>] |
| |
| *) mod_dav: Allow other modules to add things to the DAV or Allow headers |
| of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>, |
| Brian France <brian brianfrance.com>] |
| |
| *) core: Lower memory usage of core output filter. |
| [Stefan Fritsch <sf sfritsch.de>] |
| |
| *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and |
| LocationMatch sections. PR47754. [Dan Poirier] |
| |
| *) mod_request: Make sure the KeptBodySize directive rejects values |
| that aren't valid numbers. [Graham Leggett] |
| |
| *) mod_session_crypto: Sanity check should the potentially encrypted |
| session cookie be too short. [Graham Leggett] |
| |
| *) mod_session.c: Prevent a segfault when session is added but not |
| configured. [Graham Leggett] |
| |
| *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett] |
| |
| *) mod_auth_digest: Fail server start when nonce count checking |
| is configured without shared memory, or md5-sess algorithm is |
| configured. [Dan Poirier] |
| |
| *) mod_proxy_connect: The connect method doesn't work if the client is |
| connecting to the apache proxy through an ssl socket. Fixed. |
| PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand, |
| David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango, |
| Kevin Croft, Rudolf Cardinal] |
| |
| *) mod_ssl: The error message when SSLCertificateFile is missing should |
| at least give the name or position of the problematic virtual host |
| definition. [Stefan Fritsch sf sfritsch.de] |
| |
| *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier] |
| |
| *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>] |
| |
| *) mod_headers: generalise the envclause to support expression |
| evaluation with ap_expr parser [Nick Kew] |
| |
| *) mod_cache: Introduce the thundering herd lock, a mechanism to keep |
| the flood of requests at bay that strike a backend webserver as |
| a cached entity goes stale. [Graham Leggett] |
| |
| *) mod_auth_digest: Fix usage of shared memory and re-enable it. |
| PR 16057 [Dan Poirier] |
| |
| *) Preserve Port information over internal redirects |
| PR 35999 [Jonas Ringh <jonas.ringh cixit.se>] |
| |
| *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE, |
| rather than BAD_GATEWAY or (especially) NOT_FOUND. |
| PR 46971 [evanc nortel.com] |
| |
| *) Various modules: Do better checking of pollset operations in order to |
| avoid segmentation faults if they fail. PR 46467 |
| [Stefan Fritsch <sf sfritsch.de>] |
| |
| *) mod_autoindex: Correctly create an empty cell if the description |
| for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>] |
| |
| *) ab: Fix broken error messages after resolver or connect() failures. |
| [Jeff Trawick] |
| |
| *) SECURITY: CVE-2009-1890 (cve.mitre.org) |
| Fix a potential Denial-of-Service attack against mod_proxy in a |
| reverse proxy configuration, where a remote attacker can force a |
| proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton] |
| |
| *) SECURITY: CVE-2009-1191 (cve.mitre.org) |
| mod_proxy_ajp: Avoid delivering content from a previous request which |
| failed to send a request body. PR 46949 [Ruediger Pluem] |
| |
| *) htdbm: Fix possible buffer overflow if dbm database has very |
| long values. PR 30586 [Dan Poirier] |
| |
| *) core: Return APR_EOF if request body is shorter than the length announced |
| by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>] |
| |
| *) mod_suexec: correctly set suexec_enabled when httpd is run by a |
| non-root user and may have insufficient permissions. |
| PR 42175 [Jim Radford <radford blackbean.org>] |
| |
| *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute |
| type. PR 45107. [Michael Ströder <michael stroeder.com>, |
| Peter Sylvester <peter.sylvester edelweb.fr>] |
| |
| *) mod_proxy_http: fix case sensitivity checking transfer encoding |
| PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>] |
| |
| *) mod_alias: ensure Redirect issues a valid URL. |
| PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>] |
| |
| *) mod_dir: add FallbackResource directive, to enable admin to specify |
| an action to happen when a URL maps to no file, without resorting |
| to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew] |
| |
| *) mod_cgid: Do not leak the listening Unix socket file descriptor to the |
| CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>] |
| |
| *) mod_rewrite: Remove locking for writing to the rewritelog. |
| PR 46942 [Dan Poirier <poirier pobox.com>] |
| |
| *) mod_alias: check sanity in Redirect arguments. |
| PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski] |
| |
| *) mod_proxy_http: fix Host: header for literal IPv6 addresses. |
| PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>] |
| |
| *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore |
| defined session identifiers encoded in the URL when caching. |
| [Ruediger Pluem] |
| |
| *) mod_rewrite: Fix the error string returned by RewriteRule. |
| RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd |
| argument of RewriteRule was not started with "[" or not ended with "]". |
| PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>] |
| |
| *) Windows: Fix usage message. |
| [Rainer Jung] |
| |
| *) apachectl: When passing through arguments to httpd in |
| non-SysV mode, use the "$@" syntax to preserve arguments. |
| [Eric Covener] |
| |
| *) mod_dbd: add DBDInitSQL directive to enable SQL statements to |
| be run when a connection is opened. PR 46827 |
| [Marko Kevac <mkevac gmail.com>] |
| |
| *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock). |
| PR 47037. [Jeff Trawick] |
| |
| *) mod_proxy_ajp: Check more strictly that the backend follows the AJP |
| protocol. [Mladen Turk] |
| |
| *) mod_proxy_ajp: Forward remote port information by default. |
| [Rainer Jung] |
| |
| *) Allow MPMs to be loaded dynamically, as with most other modules. Use |
| --enable-mpms-shared={list|"all"} to enable. This required changes to |
| the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed |
| header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child, |
| ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be |
| called until after the register-hooks phase. [Jeff Trawick] |
| |
| *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives |
| to enable stricter checking of remote server certificates. |
| [Ruediger Pluem] |
| |
| *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect |
| returns EINPROGRESS and a subsequent poll() returns only POLLERR. |
| Observed on HP-UX. [Eric Covener] |
| |
| *) Remove broken support for BeOS, OS/2, TPF, and even older platforms such |
| as A/UX, Next, and Tandem. [Jeff Trawick] |
| |
| *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with |
| globbing characters to be retrieved instead of converted into a |
| directory listing. PR 46789 [Dan Poirier <poirier pobox.com>] |
| |
| *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation |
| of module state across unload/load. [Jeff Trawick] |
| |
| *) mod_substitute: Fix a memory leak. PR 44948 |
| [Dan Poirier <poirier pobox.com>] |
| |
| Changes with Apache 2.3.2 |
| |
| *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung] |
| |
| *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid |
| HTML injections and HTTP response splitting. PR 46837. |
| [Geoff Keating <geoffk apple.com>] |
| |
| *) mod_ssl: add support for type-safe STACK constructs in OpenSSL |
| development HEAD. PR 45521. [Kaspar Brand, Sander Temme] |
| |
| *) ab: Fix maintenance of the pollset to resolve EALREADY errors |
| with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris). |
| PR 44584. Use APR_POLLSET_NOCOPY for better performance with some |
| pollset implementations. [Jeff Trawick] |
| |
| *) mod_disk_cache: The module now turns off sendfile support if |
| 'EnableSendfile off' is defined globally. [Lars Eilebrecht] |
| |
| *) mod_deflate: Adjust content metadata before bailing out on 304 |
| responses so that the metadata does not differ from 200 response. |
| [Roy T. Fielding] |
| |
| *) mod_deflate: Fix creation of invalid Etag headers. We now make sure |
| that the Etag value is properly quoted when adding the gzip marker. |
| PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding] |
| |
| *) Added 20x22 icons for ODF, SVG, and XML documents. PR 37185. |
| [Peter Harlow] |
| |
| *) Disabled DefaultType directive and removed ap_default_type() |
| from core. We now exclude Content-Type from responses for which |
| a media type has not been configured via mime.types, AddType, |
| ForceType, or some other mechanism. PR 13986. [Roy T. Fielding] |
| |
| *) mod_rewrite: Add IPV6 variable to RewriteCond |
| [Ryan Phillips <ryan-apache trolocsis.com>] |
| |
| *) core: Enhance KeepAliveTimeout to support a value in milliseconds. |
| PR 46275. [Takashi Sato] |
| |
| *) rotatelogs: Allow size units B, K, M, G and combination of |
| time and size based rotation. [Rainer Jung] |
| |
| *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung] |
| |
| *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508 |
| [<tlhackque yahoo.com>] |
| |
| *) core: Translate the the status line to ASCII on EBCDIC platforms in |
| ap_send_interim_response() and for locally generated "100 Continue" |
| responses. [Eric Covener] |
| |
| *) prefork: Fix child process hang during graceful restart/stop in |
| configurations with multiple listening sockets. PR 42829. [Joe Orton, |
| Jeff Trawick] |
| |
| *) mod_session_crypto: Ensure that SessionCryptoDriver can only be |
| set in the global scope. [Graham Leggett] |
| |
| *) mod_ext_filter: We need to detect failure to startup the filter |
| program (a mangled response is not acceptable). Fix to detect |
| failure, and offer configuration option either to abort or |
| to remove the filter and continue. |
| PR 41120 [Nick Kew] |
| |
| *) mod_session_crypto: Rewrite the session_crypto module against the |
| apr_crypto API. [Graham Leggett] |
| |
| *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest |
| until the main request is cleaned up. [Graham Leggett] |
| |
| Changes with Apache 2.3.1 |
| |
| *) ap_slotmem: Add in new slot-based memory access API impl., including |
| 2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski, |
| Jean-Frederic Clere, Brian Akins <brian.akins turner.com>] |
| |
| *) mod_include: support generating non-ASCII characters as entities in SSI |
| PR 25202 [Nick Kew] |
| |
| *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars |
| PR 25202 [Nick Kew] |
| |
| *) mod_rewrite: fix "B" flag breakage by reverting r5589343 |
| PR 45529 [Bob Ionescu <bobsiegen googlemail.com>] |
| |
| *) CGI: return 504 (Gateway timeout) rather than 500 when a script |
| times out before returning status line/headers. |
| PR 42190 [Nick Kew] |
| |
| *) mod_cgid: fix segfault problem on solaris. |
| PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>] |
| |
| *) mod_proxy_scgi: Added. [André Malo] |
| |
| *) mod_cache: Introduce 'no-cache' per-request environment variable |
| to prevent the saving of an otherwise cacheable response. |
| [Eric Covener] |
| |
| *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome |
| way that per-directory rewrites append the previous notion of PATH_INFO |
| to each substitution before evaluating subsequent rules. |
| PR 38642 [Eric Covener] |
| |
| *) mod_cgid: Do not add an empty argument when calling the CGI script. |
| PR 46380 [Ruediger Pluem] |
| |
| *) scoreboard: Remove unused sb_type from process_score. |
| [Torsten Foertsch <torsten.foertsch gmx.net>, Chris Darroch] |
| |
| *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the |
| size of the buffer used for the request-body where necessary |
| during a per-dir renegotiation. PR 39243. [Joe Orton] |
| |
| *) mod_proxy_fdpass: New module to pass a client connection over to a separate |
| process that is reading from a unix daemon socket. |
| |
| *) mod_ssl: Improve environment variable extraction to be more |
| efficient and to correctly handle DNs with duplicate tags. |
| PR 45975. [Joe Orton] |
| |
| *) Remove the obsolete serial attribute from the RPM spec file. Compile |
| against the external pcre. Add missing binaries fcgistarter, and |
| mod_socache* and mod_session*. [Graham Leggett] |
| |
| Changes with Apache 2.3.0 |
| |
| *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna] |
| |
| *) Remove X-Pad header which was added as a work around to a bug in |
| Netscape 2.x to 4.0b2. [Takashi Sato <takashi lans-tv.com>] |
| |
| *) Add DTrace Statically Defined Tracing (SDT) probes. |
| [Theo Schlossnagle <jesus omniti.com>, Paul Querna] |
| |
| *) mod_proxy_balancer: Move all load balancing implementations |
| as individual, self-contained mod_proxy submodules under |
| modules/proxy/balancers [Jim Jagielski] |
| |
| *) Rename APIs to include ap_ prefix: |
| find_child_by_pid -> ap_find_child_by_pid |
| suck_in_APR -> ap_suck_in_APR |
| sys_privileges_handlers -> ap_sys_privileges_handlers |
| unixd_accept -> ap_unixd_accept |
| unixd_config -> ap_unixd_config |
| unixd_killpg -> ap_unixd_killpg |
| unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms |
| unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms |
| unixd_set_rlimit -> ap_unixd_set_rlimit |
| [Paul Querna] |
| |
| *) core: When the ap_http_header_filter processes an error bucket, cleanup |
| the passed brigade before returning AP_FILTER_ERROR down the filter |
| chain. This unambiguously ensures the same error bucket isn't revisited |
| [Ruediger Pluem] |
| |
| *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers |
| based on heartbeats. [Paul Querna] |
| |
| *) mod_heartmonitor: New module to collect heartbeats, and write out a file |
| so that other modules can load balance traffic as needed. [Paul Querna] |
| |
| *) mod_heartbeat: New module to generate multicast heartbeats to know if a |
| server is online. [Paul Querna] |
| |
| *) core: Error responses set by filters were being coerced into 500 errors, |
| sometimes appended to the original error response. Log entry of: |
| 'Handler for (null) returned invalid result code -3' |
| [Eric Covener] |
| |
| *) mod_buffer: Honour the flush bucket and flush the buffer in the |
| input filter. Make sure that metadata buckets are written to |
| the buffer, not to the final brigade. [Graham Leggett] |
| |
| *) mod_buffer: Optimise the buffering of heap buckets when the heap |
| buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett, |
| Ruediger Pluem] |
| |
| *) mod_buffer: Optional support for buffering of the input and output |
| filter stacks. Can collapse many small buckets into fewer larger |
| buckets, and prevents excessively small chunks being sent over |
| the wire. [Graham Leggett] |
| |
| *) mod_privileges: new module to make httpd on Solaris privileges-aware |
| and to enable different virtualhosts to run with different |
| privileges and Unix user/group IDs [Nick Kew] |
| |
| *) mod_mem_cache: this module has been removed. [William Rowe] |
| |
| *) authn/z: Remove mod_authn_default and mod_authz_default. |
| [Chris Darroch] |
| |
| *) authz: Fix handling of authz configurations, make default authz |
| logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject, |
| and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge |
| directives. [Chris Darroch] |
| |
| *) mod_authn_core: Prevent crash when provider alias created to |
| provider which is not yet registered. [Chris Darroch] |
| |
| *) mod_authn_core: Add AuthType of None to support disabling |
| authentication. [Chris Darroch] |
| |
| *) core: Allow <Limit> and <LimitExcept> directives to nest, and |
| constrain their use to conform with that of other access control |
| and authorization directives. [Chris Darroch] |
| |
| *) unixd: turn existing code into a module, and turn the set user/group |
| and chroot into a child_init function. [Nick Kew] |
| |
| *) core: Add ap_timeout_parameter_parse to public API. [Ruediger Pluem] |
| |
| *) mod_dir: Support "DirectoryIndex disabled" |
| Suggested By André Warnier <aw ice-sa.com> [Eric Covener] |
| |
| *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to |
| OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>] |
| |
| *) Export and install the mod_rewrite.h header to ensure the optional |
| rewrite_mapfunc_t and ap_register_rewrite_mapfunc functions are |
| available to third party modules. [Graham Leggett] |
| |
| *) mod_authnz_ldap: don't return NULL-valued environment variables to |
| other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>] |
| |
| *) Don't adjust case in pathname components that are not of interest |
| to mod_mime. Fixes mod_negotiation's use of such components. |
| PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>] |
| |
| *) Be tolerant in what you accept - accept slightly broken |
| status lines from a backend provide they include a valid status code. |
| PR 44995 [Rainer Jung <rainer.jung kippdata.de>] |
| |
| *) New module mod_sed: filter Request/Response bodies through sed |
| [Basant Kumar Kukreja <basant.kukreja sun.com>] |
| |
| *) mod_auth_form: Make sure that basic authentication is correctly |
| faked directly after login. [Graham Leggett] |
| |
| *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both |
| within the output headers and error output headers, so that the |
| session is maintained across redirects. [Graham Leggett] |
| |
| *) mod_auth_form: Make sure the logged in user is populated correctly |
| after a form login. Fixes a missing REMOTE_USER variable directly |
| following a login. [Graham Leggett] |
| |
| *) mod_session_cookie: Make sure that cookie attributes are correctly |
| included in the blank cookie when cookies are removed. This fixes an |
| inability to log out when using mod_auth_form. [Graham Leggett] |
| |
| *) mod_autoindex: add configuration option to insert string |
| in HTML HEAD. [Nick Kew] |
| |
| *) mod_session: Prevent a segfault when a CGI script sets a cookie with a |
| null value. [David Shane Holden <dpejesh apache.org>] |
| |
| *) mod_headers: Prevent Header edit from processing only the first header |
| of possibly multiple headers with the same name and deleting the |
| remaining ones. PR 45333. [Ruediger Pluem] |
| |
| *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247 |
| [Tom Donovan] |
| |
| *) core, authn/z: Determine registered authn/z providers directly in |
| ap_setup_auth_internal(), which allows optional functions that just |
| wrapped ap_list_provider_names() to be removed from authn/z modules. |
| [Chris Darroch] |
| |
| *) authn/z: Convert common provider version strings to macros. |
| [Chris Darroch] |
| |
| *) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem] |
| |
| *) configure: Don't reject libtool 2.x |
| PR 44817 [Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA gmail.com>] |
| |
| *) core: When testing for slash-terminated configuration paths in |
| ap_location_walk(), don't look past the start of an empty string |
| such as that created by a <Location ""> directive. |
| [Chris Darroch] |
| |
| *) core, mod_proxy: If a kept_body is present, it becomes safe for |
| subrequests to support message bodies. Make sure that safety |
| checks within the core and within the proxy are not triggered |
| when kept_body is present. This makes it possible to embed |
| proxied POST requests within mod_include. [Graham Leggett] |
| |
| *) mod_auth_form: Make sure the input filter stack is properly set |
| up before reading the login form. Make sure the kept body filter |
| is correctly inserted to ensure the body can be read a second |
| time safely should the authn be successful. [Graham Leggett, |
| Ruediger Pluem] |
| |
| *) mod_request: Insert the KEPT_BODY filter via the insert_filter |
| hook instead of during fixups. Add a safety check to ensure the |
| filters cannot be inserted more than once. [Graham Leggett, |
| Ruediger Pluem] |
| |
| *) core: Do not allow Options ALL if not all options are allowed to be |
| overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>] |
| |
| *) ap_cache_cacheable_headers_out() will (now) always |
| merge an error headers _before_ clearing them and _before_ |
| merging in the actual entity headers and doing normal |
| hop-by-hop cleansing. [Dirk-Willem van Gulik]. |
| |
| *) cache: retire ap_cache_cacheable_hdrs_out() which was used |
| for both in- and out-put headers; and replace it by a single |
| ap_cache_cacheable_headers() wrapped in a in- and out-put |
| specific ap_cache_cacheable_headers_in()/out(). The latter |
| which will also merge error and ensure content-type. To keep |
| cache modules consistent with ease. This API change bumps |
| up the minor MM by one [Dirk-Willem van Gulik]. |
| |
| *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags. |
| PR 44799 [Christian Wenz <christian wenz.org>] |
| |
| *) Move the KeptBodySize directive, kept_body filters and the |
| ap_parse_request_body function out of the http module and into a |
| new module called mod_request, reducing the size of the core. |
| [Graham Leggett] |
| |
| *) mod_dbd: Handle integer configuration directive parameters with a |
| dedicated function. |
| |
| *) Change the directives within the mod_session* modules to be valid |
| both inside and outside the location/directory sections, as |
| suggested by wrowe. [Graham Leggett] |
| |
| *) mod_auth_form: Add a module capable of allowing end users to log |
| in using an HTML form, storing the credentials within mod_session. |
| [Graham Leggett] |
| |
| *) Add a function to the http filters that is able to parse an HTML |
| form request with the type of application/x-www-form-urlencoded. |
| [Graham Leggett] |
| |
| *) mod_session_crypto: Initialise SSL in the post config hook. |
| [Ruediger Pluem, Graham Leggett] |
| |
| *) mod_session_dbd: Add a session implementation capable of storing |
| session information in a SQL database via the dbd interface. Useful |
| for sites where session privacy is important. [Graham Leggett] |
| |
| *) mod_session_crypto: Add a session encoding implementation capable |
| of encrypting and decrypting sessions wherever they may be stored. |
| Introduces a level of privacy when sessions are stored on the |
| browser. [Graham Leggett] |
| |
| *) mod_session_cookie: Add a session implementation capable of storing |
| session information within cookies on the browser. Useful for high |
| volume sites where server bound sessions are too resource intensive. |
| [Graham Leggett] |
| |
| *) mod_session: Add a generic session interface to unify the different |
| attempts at saving persistent sessions across requests. |
| [Graham Leggett] |
| |
| *) core, authn/z: Avoid calling access control hooks for internal requests |
| with configurations which match those of initial request. Revert to |
| original behaviour (call access control hooks for internal requests |
| with URIs different from initial request) if any access control hooks or |
| providers are not registered as permitting this optimization. |
| Introduce wrappers for access control hook and provider registration |
| which can accept additional mode and flag data. [Chris Darroch] |
| |
| *) Introduced ap_expr API for expression evaluation. |
| This is adapted from mod_include, which is the first module |
| to use the new API. |
| [Nick Kew] |
| |
| *) mod_authz_dbd: When redirecting after successful login/logout per |
| AuthzDBDRedirectQuery, do not report authorization failure, and use |
| first row returned by database query instead of last row. |
| [Chris Darroch] |
| |
| *) mod_ldap: Correctly return all requested attribute values |
| when some attributes have a null value. |
| PR 44560 [Anders Kaseorg <anders kaseorg.com>] |
| |
| *) core: check symlink ownership if both FollowSymlinks and |
| SymlinksIfOwnerMatch are set [Nick Kew] |
| |
| *) core: fix origin checking in SymlinksIfOwnerMatch |
| PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>] |
| |
| *) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the |
| 'most' set for '--enable-modules' and '--enable-shared-mods'. Include |
| mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik] |
| |
| *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these |
| contain public function declarations which are useful for |
| third party module authors. PR 42431 [Dirk-Willem van Gulik]. |
| |
| *) mod_dir, mod_negotiation: pass the output filter information |
| to newly created sub requests; as these are later on used |
| as true requests with an internal redirect. This allows for |
| mod_cache et.al. to trap the results of the redirect. |
| [Dirk-Willem van Gulik, Ruediger Pluem] |
| |
| *) mod_ldap: Add support (taking advantage of the new APR capability) |
| for ldap rebind callback while chasing referrals. This allows direct |
| searches on LDAP servers (in particular MS Active Directory 2003+) |
| using referrals without the use of the global catalog. |
| PRs 26538, 40268, and 42557 [Paul J. Reder] |
| |
| *) mod_ssl: Added server name indication support (SNI, RFC 4366). |
| PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration |
| can be created with test/make_sni.sh [Dirk-Willem van Gulik]. |
| |
| *) ApacheMonitor.exe: Introduce --kill argument for use by the |
| installer. This will permit the installation tool to remove |
| all running instances before attempting to remove the .exe. |
| [William Rowe] |
| |
| *) mod_ssl: Add support for OCSP validation of client certificates. |
| PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton] |
| |
| *) mod_serf: New module for Reverse Proxying. [Paul Querna] |
| |
| *) core: Add the option to keep aside a request body up to a certain |
| size that would otherwise be discarded, to be consumed by filters |
| such as mod_include. When enabled for a directory, POST requests |
| to shtml files can be passed through to embedded scripts as POST |
| requests, rather being downgraded to GET requests. [Graham Leggett] |
| |
| *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton] |
| |
| *) scoreboard: Correctly declare ap_time_process_request. |
| PR 43789 [Tom Donovan <Tom.Donovan acm.org>] |
| |
| *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member |
| from the connection rec, ap_get_scoreboard_worker(proc, thread) will now |
| provide the unusual legacy lookup. [William Rowe] |
| |
| *) mpm winnt: fix null pointer dereference |
| PR 42572 [Davi Arnaut] |
| |
| *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn |
| parameters to the environment. Improve portability to |
| EBCDIC machines by using apr_toupper(). [Martin Kraemer] |
| |
| *) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability |
| to authorize an authenticated user via a "require ldap-group X" directive |
| where the user is not in group X, but is in a subgroup contained in X. |
| PR 42891 [Paul J. Reder] |
| |
| *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna] |
| |
| *) mod_ldap: Fix the search limit parameter to ldap_search_ext_s() |
| for SDKs that define LDAP_NO_LIMIT to something other than -1. |
| [David Jones <oscaremma gmail.com>] |
| |
| *) apxs: Enhance -q flag to print all known variables and their values |
| when invoked without variable name(s). |
| [William Rowe, Sander Temme] |
| |
| *) apxs: Eliminate run-time check for mod_so. PR 40653. |
| [David M. Lee <dmlee crossroads.com>] |
| |
| *) beos MPM: Create pmain pool and run modules' child_init hooks when |
| entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run(). |
| [Chris Darroch] |
| |
| *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that |
| cleanups registered in modules' child_init hooks are performed. |
| [Chris Darroch] |
| |
| *) mod_dbd: Stash DBD connections in request_config of initial request |
| only, or else sub-requests and internal redirections may cause |
| entire DBD pool to be stashed in a single HTTP request. [Chris Darroch] |
| |
| *) Fix issue which could cause error messages to be written to access logs |
| on Win32. PR 40476. [Tom Donovan <Tom.Donovan acm.org>] |
| |
| *) The LockFile directive, which specifies the location of |
| the accept() mutex lockfile, is deprecated. Instead, the |
| AcceptMutex directive now takes an optional lockfile |
| location parameter, ala SSLMutex. [Jim Jagielski] |
| |
| *) mod_authn_dbd: Export any additional columns queried in the SQL select |
| into the environment with the name AUTHENTICATE_<COLUMN>. This brings |
| mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett] |
| |
| *) mod_dbd: Key the storage of prepared statements on the hex string |
| value of server_rec, rather than the server name, as the server name |
| may change (eg when the server name is set) at any time, causing |
| weird behaviour in modules dependent on mod_dbd. [Graham Leggett] |
| |
| *) mod_proxy_fcgi: Added win32 build. [Mladen Turk] |
| |
| *) sendfile_nonblocking() takes the _brigade_ as an argument, gets |
| the first bucket from the brigade, finds it not to be a FILE |
| bucket and barfs. The fix is to pass a bucket rather than a brigade. |
| [Niklas Edmundsson <nikke acc.umu.se>] |
| |
| *) mod_rewrite: support rewritemap by SQL query [Nick Kew] |
| |
| *) ap_get_server_version() has been removed. Third-party modules must |
| now use ap_get_server_banner() or ap_get_server_description(). |
| [Jeff Trawick] |
| |
| *) All MPMs: Introduce a check_config phase between pre_config and |
| open_logs, to allow modules to review interdependent configuration |
| directive values and adjust them while messages can still be logged |
| to the console. Handle relevant MPM directives during this phase |
| and format messages for both the console and the error log, as |
| appropriate. [Chris Darroch] |
| |
| *) mod_proxy: don't URLencode tilde in path component |
| [Stijn Hoop <stijn sandcat.nl>] |
| |
| *) mpm_winnt: Fix return values from wait_for_many_objects. |
| The return value is index to the signaled thread in the |
| creted_threads array. We can not use WAIT_TIMEOUT because |
| his value is defined as 258, thus limiting the MaxThreads |
| to that value. [Mladen Turk] |
| |
| *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir |
| to circumvent the symbolic link checks imposed by FollowSymLinks and |
| SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe] |
| |
| *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ] |
| configures the I/O Dump of SSL traffic, when LogLevel is set to Debug. |
| The default is none as this is far greater debugging resolution than |
| the typical administrator is prepared to untangle. [William Rowe] |
| |
| *) mod_disk_cache: If possible, check if the size of an object to cache is |
| within the configured boundaries before actually saving data. |
| [Niklas Edmundsson <nikke acc.umu.se>] |
| |
| *) mod_disk_cache: Delete temporary files if they cannot be renamed to their |
| final name. [Davi Arnaut <davi haxent.com.br>] |
| |
| *) Worker and event MPMs: Remove improper scoreboard updates which were |
| performed in the event of a fork() failure. [Chris Darroch] |
| |
| *) Add support for fcgi:// proxies to mod_rewrite. |
| [Markus Schiegl <ms schiegl.com>] |
| |
| *) Remove incorrect comments from scoreboard.h regarding conditional |
| loading of worker_score structure with mod_status, and remove unused |
| definitions relating to old life_status field. |
| [Chris Darroch <chrisd pearsoncmg.com>] |
| |
| *) Remove allocation of memory for unused array of lb_score pointers |
| in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>] |
| |
| *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy. |
| [Garrett Rooney, Jim Jagielski, Paul Querna] |
| |
| *) Event MPM: Fill in the scoreboard's tid field. PR 38736. |
| [Chris Darroch <chrisd pearsoncmg.com>] |
| |
| *) mod_charset_lite: Remove Content-Length when output filter can |
| invalidate it. Warn when input filter can invalidate it. |
| [Jeff Trawick] |
| |
| *) Authz: Add the new module mod_authn_core that will provide common |
| authn directives such as 'AuthType', 'AuthName'. Move the directives |
| 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias |
| into mod_authn_core. [Brad Nicholes] |
| |
| *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy' |
| into the new module mod_access_compat which can be loaded to provide |
| support for these directives. |
| [Brad Nicholes] |
| |
| *) Authz: Move the 'Require' directive from the core module as well as |
| add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>' |
| and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR' |
| logic into the authorization processing. [Brad Nicholes] |
| |
| *) Authz: Add the new module mod_authz_core which acts as the |
| authorization provider vector and contains common authz |
| directives. [Brad Nicholes] |
| |
| *) Authz: Renamed mod_authz_dbm authz providers from 'group' and |
| 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes] |
| |
| *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle |
| host-based access control provided by mod_authz_host and invoked |
| through the 'Require' directive. [Brad Nicholes] |
| |
| *) Authz: Convert all of the authz modules from hook based to |
| provider based. [Brad Nicholes] |
| |
| *) mod_cache: Add CacheMinExpire directive to set the minimum time in |
| seconds to cache a document. |
| [Brian Akins <brian.akins turner.com>, Ruediger Pluem] |
| |
| *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew] |
| |
| *) Fix typo in ProxyStatus syntax error message. |
| [Christophe Jaillet <christophe.jaillet wanadoo.fr>] |
| |
| *) Asynchronous write completion for the Event MPM. [Brian Pane] |
| |
| *) Added an End-Of-Request bucket type. The logging of a request and |
| the freeing of its pool are now done when the EOR bucket is destroyed. |
| This has the effect of delaying the logging until right after the last |
| of the response is sent; ap_core_output_filter() calls the access logger |
| indirectly when it destroys the EOR bucket. [Brian Pane] |
| |
| *) Rewrite of logresolve support utility: IPv6 addresses are now supported |
| and the format of statistical output has changed. [Colm MacCarthaigh] |
| |
| *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane] |
| |
| *) Added new connection states for handler and write completion |
| [Brian Pane] |
| |
| *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264. |
| [Justin Erenkrantz] |
| |
| *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive, |
| allowing string-valued client certificate attributes to be used for |
| access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1") |
| [Martin Kraemer, David Reid] |
| |
| [Apache 2.1.0-dev includes those bug fixes and changes with the |
| Apache 2.2.xx tree as documented, and except as noted, below.] |
| |
| Changes with Apache 2.2.x and later: |
| |
| *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup |
| |
| Changes with Apache 2.0.x and later: |
| |
| *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup |
| |
| Changes with Apache 1.3.x and later: |
| |
| *) http://svn.apache.org/viewvc/httpd/httpd/branches/1.3.x/src/CHANGES?view=markup |
| |
| |