CHANGES revision 08e054046d0c7e5532c66769ba80c69a7b4d8245
d7759bdad133e1e92fe41aab75dd8c1584eda38cjim -*- coding: utf-8 -*-
d7759bdad133e1e92fe41aab75dd8c1584eda38cjimChanges with Apache 2.5.0
4e191199a0aeab09d78df8f5579e745572e8b7bcwsanchez *) mod_ssl: Fix renegotiation failures redirected to an ErrorDocument.
f3a5934ca0fb0f0f813bd9d9d06af8937e3f401fjim PR 57334. [Yann Ylavic].
d7759bdad133e1e92fe41aab75dd8c1584eda38cjim *) core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
d7759bdad133e1e92fe41aab75dd8c1584eda38cjim PR 57328. [Armin Abfalterer <a.abfalterer gmail.com>, Yann Ylavic].
d7759bdad133e1e92fe41aab75dd8c1584eda38cjim *) mod_proxy_ajp: Fix client connection errors handling and logged status
b3155b9e3b06b20030ec6c16d98f8dabf12ead9cianh when it occurs. PR 56823. [Yann Ylavic]
b3155b9e3b06b20030ec6c16d98f8dabf12ead9cianh *) ap_expr: Add filemod function for checking file modification dates
b3155b9e3b06b20030ec6c16d98f8dabf12ead9cianh [Daniel Gruno]
b3155b9e3b06b20030ec6c16d98f8dabf12ead9cianh *) core: Add CGIPassAuth directive to control whether HTTP authorization
b3155b9e3b06b20030ec6c16d98f8dabf12ead9cianh headers are passed to scripts as CGI variables. PR 56855. [Jeff
ff1234e45aca1b8171d711ecb87f58b9d9100a99ianh *) mod_rewrite: Improve relative substitutions in per-directory/htaccess
ff1234e45aca1b8171d711ecb87f58b9d9100a99ianh context for directories found by mod_userdir and mod_alias. These no
ff1234e45aca1b8171d711ecb87f58b9d9100a99ianh loner require RewriteBase to be specified. [Eric Covener]
ff1234e45aca1b8171d711ecb87f58b9d9100a99ianh *) mod_ssl: Fix recognition of OCSP stapling responses that are encoded
ff1234e45aca1b8171d711ecb87f58b9d9100a99ianh improperly or too large. [Jeff Trawick]
b999f6ba2a266bf9a92687f31bb7e76021ac5891ianh *) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an
2ceedfca3a2fdfdb5ff60ca17f030ce91f6331cbwrowe error when parsing or forwarding the response fails. [Yann Ylavic]
2ceedfca3a2fdfdb5ff60ca17f030ce91f6331cbwrowe *) mod_authnz_ldap: Resolve crashes with LDAP authz and non-LDAP authn since
2ceedfca3a2fdfdb5ff60ca17f030ce91f6331cbwrowe r1608202. [Eric Covener]
2ceedfca3a2fdfdb5ff60ca17f030ce91f6331cbwrowe *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
2ceedfca3a2fdfdb5ff60ca17f030ce91f6331cbwrowe PR 57167 [Edward Lu <Chaosed0 gmail.com>]
b999f6ba2a266bf9a92687f31bb7e76021ac5891ianh *) mod_proxy_connect: Don't issue AH02447 on sockets hangups, let the read
2ceedfca3a2fdfdb5ff60ca17f030ce91f6331cbwrowe determine whether it is a normal close or a real error. PR 57168. [Yann
1f3a44f2fd7f9fee00b80c7ddcf1028ea145f91drbb *) mod_proxy_wstunnel: abort backend connection on polling error to avoid
b9b69856aec9ea58ea1b1e5aff669e8eaf2ebce4rbb further processing. [Yann Ylavic]
b9b69856aec9ea58ea1b1e5aff669e8eaf2ebce4rbb *) mod_buffer: Forward flushed input data immediatly and avoid (unlikely)
1f3a44f2fd7f9fee00b80c7ddcf1028ea145f91drbb access to freed memory. [Yann Ylavic, Christophe Jaillet]
1f3a44f2fd7f9fee00b80c7ddcf1028ea145f91drbb *) mod_proxy: Use the correct server name for SNI in case the backend
7d7931c1f4d46b041ad2ad6fdb9499289063611eianh SSL connection itself is established via a proxy server.
1f3a44f2fd7f9fee00b80c7ddcf1028ea145f91drbb PR 57139 [Szabolcs Gyurko <szabolcs gyurko.org>]
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck *) mod_ssl: Do not crash when looking up SSL related variables during
43ea154f46345c9722c2b25b2b9f5086ec79eaeeorlikowski expression evaluation on non SSL connections. PR 57070 [Ruediger Pluem]
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck *) core: Ensure that httpd exits with an error status when the MPM fails
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck to run. [Yann Ylavic]
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck *) apreq: Content-Length header should be always interpreted as a decimal.
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck Leading 0 could be erroneously considered as an octal value. PR 56598.
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck [Chris Card <ctcard hotmail com>]
53c2eb831bfe47860e3f5ec9190b15cb92f15181chuck *) mod_proxy: Now allow for 191 character worker names, with non-fatal
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck errors if name is truncated. PR53218. [Jim Jagielski]
c1635d9f723f28fed4b95e5d9693e554a79e8d77orlikowski *) mod_ssl: Add optional function "ssl_get_tls_cb" to allow support
c1635d9f723f28fed4b95e5d9693e554a79e8d77orlikowski for channel bindings. [Simo Sorce <simo redhat.com>]
c1635d9f723f28fed4b95e5d9693e554a79e8d77orlikowski *) mod_proxy_wstunnel: Concurrent websockets messages could be
c1635d9f723f28fed4b95e5d9693e554a79e8d77orlikowski lost or delayed with ProxyWebsocketAsync enabled.
c1635d9f723f28fed4b95e5d9693e554a79e8d77orlikowski [Edward Lu <Chaosed0 gmail.com>]
4f7dd0949d92462a8adc31eee8aff266eea55204chuck *) core, mod_info: Add compiled and loaded PCRE versions to version
4f7dd0949d92462a8adc31eee8aff266eea55204chuck number display. [Rainer Jung]
4f7dd0949d92462a8adc31eee8aff266eea55204chuck *) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
4f7dd0949d92462a8adc31eee8aff266eea55204chuck internationalization. [William Rowe]
75b3ed55173b29dbdf9e2fb6ec5462bfceee21aechuck *) mpm_winnt: Normalize the error and status messages emitted by service.c,
75b3ed55173b29dbdf9e2fb6ec5462bfceee21aechuck the service control interface for Windows. [William Rowe]
75b3ed55173b29dbdf9e2fb6ec5462bfceee21aechuck *) mod_authnz_ldap: Return LDAP connections to the pool before the handler
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck is run, instead of waiting until the end of the request. [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_ldap: Be more conservative with the last-used time for
68bcde9c52e9e749482df2800dbdff09559115e0chuck LDAPConnectionPoolTTL. PR54587 [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_deflate: Don't fail when flushing inflated data to the user-agent
68bcde9c52e9e749482df2800dbdff09559115e0chuck and that coincides with the end of stream ("Zlib error flushing inflate
68bcde9c52e9e749482df2800dbdff09559115e0chuck buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_proxy: Don't limit the size of the connectable Unix Domain Socket
68bcde9c52e9e749482df2800dbdff09559115e0chuck paths. [Christophe Jaillet, Yann Ylavic]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_ssl: dump SSL IO/state for the write side of the connection(s),
68bcde9c52e9e749482df2800dbdff09559115e0chuck like reads (level TRACE4). [Yann Ylavic]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_proxy: Shutdown (eg. close notify) the backend connection before
68bcde9c52e9e749482df2800dbdff09559115e0chuck closing. [Yann Ylavic]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeout
68bcde9c52e9e749482df2800dbdff09559115e0chuck expires. PR54998. [Yann Ylavic]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_ssl: Ensure that the SSL close notify alert is flushed to the client.
68bcde9c52e9e749482df2800dbdff09559115e0chuck PR54998. [Tim Kosse <tim.kosse filezilla-project.org>, Yann Ylavic]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_log_config: Add GlobalLog to allow a globally defined log to
68bcde9c52e9e749482df2800dbdff09559115e0chuck be inherited by virtual hosts that define a CustomLog.
68bcde9c52e9e749482df2800dbdff09559115e0chuck [Edward Lu <Chaosed0 gmail.com>]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
68bcde9c52e9e749482df2800dbdff09559115e0chuck records for scalability. [Yingqi Lu <yingqi.lu@intel.com>,
68bcde9c52e9e749482df2800dbdff09559115e0chuck Jeff Trawick, Jim Jagielski]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_proxy_html: support automatic detection of doctype and processing
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck of FPIs. PR56285 [Micha Lenk <micha lenk info>, Nick Kew]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_proxy_html: skip documents shorter than 4 bytes
68bcde9c52e9e749482df2800dbdff09559115e0chuck PR 56286 [Micha Lenk <micha lenk info>]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_proxy_fdpass: Fix computation of the size of 'struct sockaddr_un'
68bcde9c52e9e749482df2800dbdff09559115e0chuck when passed to 'connect()'.
68bcde9c52e9e749482df2800dbdff09559115e0chuck [Graham Dumpleton <grahamd apache org>]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) core: Add ap_mpm_resume_suspended() API to allow a suspended connection
68bcde9c52e9e749482df2800dbdff09559115e0chuck to resume. PR56333
68bcde9c52e9e749482df2800dbdff09559115e0chuck [Artem <artemciy gmail.com>, Edward Lu <Chaosed0 gmail.com>]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) core: Add ap_mpm_register_socket_callback_timeout() API. [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_proxy_wstunnel: Honor ProxyWebsocketIdleTimeout in asynchronous
68bcde9c52e9e749482df2800dbdff09559115e0chuck processing mode. [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_authnz_ldap: Fail explicitly when the filter is too long. Remove
68bcde9c52e9e749482df2800dbdff09559115e0chuck unnecessary apr_pstrdup() and strlen(). [Graham Leggett]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) Add the ldap-search option to mod_authnz_ldap, allowing authorization
68bcde9c52e9e749482df2800dbdff09559115e0chuck to be based on arbitrary expressions that do not include the username.
68bcde9c52e9e749482df2800dbdff09559115e0chuck [Graham Leggett]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) Add the ldap function to the expression API, allowing LDAP filters and
68bcde9c52e9e749482df2800dbdff09559115e0chuck distinguished names based on expressions to be escaped correctly to
68bcde9c52e9e749482df2800dbdff09559115e0chuck guard against LDAP injection. [Graham Leggett]
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck *) Add module mod_ssl_ct, which provides an implementation of Certificate
68bcde9c52e9e749482df2800dbdff09559115e0chuck Transparency (RFC 6962) for httpd. [Jeff Trawick]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_proxy: Preserve original request headers even if they differ
68bcde9c52e9e749482df2800dbdff09559115e0chuck from the ones to be forwarded to the backend. PR 45387.
68bcde9c52e9e749482df2800dbdff09559115e0chuck [Yann Ylavic]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_remoteip: Prevent an external proxy from presenting an internal
68bcde9c52e9e749482df2800dbdff09559115e0chuck proxy. PR 55962. [Mike Rumph]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_ssl: Add hooks to allow other modules to perform processing at
68bcde9c52e9e749482df2800dbdff09559115e0chuck several stages of initialization and connection handling. See
68bcde9c52e9e749482df2800dbdff09559115e0chuck mod_ssl_openssl.h. [Jeff Trawick]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_proxy_wstunnel: Avoid sending error responses down an upgraded
68bcde9c52e9e749482df2800dbdff09559115e0chuck websockets connection as it is being close down. [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_proxy_wstunnel: Allow the administrator to cap the amount
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck of time a synchronous websockets connection stays idle with
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck ProxyWebsocketIdleTimeout. [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_proxy_wstunnel: Change to opt-in for asynchronous support, adding
68bcde9c52e9e749482df2800dbdff09559115e0chuck directives ProxyWebsocketAsync and ProxyWebsocketAsyncDelay.
68bcde9c52e9e749482df2800dbdff09559115e0chuck [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_proxy_wstunnel: Stop leaking websockets backend connections under
68bcde9c52e9e749482df2800dbdff09559115e0chuck event MPM (trunk-only). [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_proxy_http: Add detach_backend hook (potentially usable
68bcde9c52e9e749482df2800dbdff09559115e0chuck in other proxy scheme handlers). [Jeff Trawick]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_deflate: Add DeflateAlterETag to control how the ETag
68bcde9c52e9e749482df2800dbdff09559115e0chuck is modified. The 'NoChange' parameter mimics 2.2.x behavior.
68bcde9c52e9e749482df2800dbdff09559115e0chuck PR 45023, PR 39727. [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck allow spaces in backreferences to be encoded as %20 instead of '+'.
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_rewrite: Support an optional list of characters to escape in the
68bcde9c52e9e749482df2800dbdff09559115e0chuck argument for the 'B' (escape backreferences) flag. [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_dir: Default to 2.2-like behavior and skip execution when method is
68bcde9c52e9e749482df2800dbdff09559115e0chuck neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_rewrite: Rename the handler that does per-directory internal
68bcde9c52e9e749482df2800dbdff09559115e0chuck redirects to "rewrite-redirect-handler" from "redirect-handler" so
68bcde9c52e9e749482df2800dbdff09559115e0chuck it is less ambiguous and less likely to be reused. [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_rewrite: Protect against looping with the [N] flag by enforcing a
68bcde9c52e9e749482df2800dbdff09559115e0chuck default limit of 10000 iterations, and allowing each rule to change its
68bcde9c52e9e749482df2800dbdff09559115e0chuck limit. [Eric Covener]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
68bcde9c52e9e749482df2800dbdff09559115e0chuck [Jeff Trawick]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
68bcde9c52e9e749482df2800dbdff09559115e0chuck [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
68bcde9c52e9e749482df2800dbdff09559115e0chuck configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
68bcde9c52e9e749482df2800dbdff09559115e0chuck [Jan Kaluza]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl
68bcde9c52e9e749482df2800dbdff09559115e0chuck to support write completion. [Graham Leggett]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) core: Add parse_errorlog_arg callback to ap_errorlog_provider
68bcde9c52e9e749482df2800dbdff09559115e0chuck to allow providers to check the ErrorLog argument. [Jan Kaluza]
68bcde9c52e9e749482df2800dbdff09559115e0chuck *) mod_cgid: Use the servers Timeout for each read from a CGI script,
0c233c76f21b358f4a0d81e0f956339ca727c14cchuck allow override with new CGIDRequestTimeout directive. PR43494
68bcde9c52e9e749482df2800dbdff09559115e0chuck [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>]
4f7dd0949d92462a8adc31eee8aff266eea55204chuck *) core: ensure any abnormal exit is reported to stderr if it's a tty.
4f7dd0949d92462a8adc31eee8aff266eea55204chuck PR 55670 [Nick Kew]
4f7dd0949d92462a8adc31eee8aff266eea55204chuck *) mod_lua: Let the Inter-VM get/set functions work with a global
4f7dd0949d92462a8adc31eee8aff266eea55204chuck shared memory pool instead of a per-process pool. [Daniel Gruno]
4f7dd0949d92462a8adc31eee8aff266eea55204chuck *) ldap: Support ldaps when using the Microsoft LDAP SDK.
4f7dd0949d92462a8adc31eee8aff266eea55204chuck PR 54626. [Jean-Frederic Clere]
[Jan Kaluza <jkaluza redhat.com>]
filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
haven't had a Content-Type set via e.g. mod_mime. [Eric Covener]
*) AIX: Install DSO's with "cp" instead of "install" in instdso.sh
HTML/XHTML [Nick Kew]
[Jan Kaluza <jkaluza redhat.com>]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
setuid/setgid capability bits rather than a setuid root binary.
[Matthew Steele <mdsteele google.com>]
passing through the server in such a way that connections and/or
Apache 2.4.xx tree as documented below, except as noted.]
Changes with Apache 2.4.x and later:
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later: