CHANGES revision 397df70abe0bdd78a84fb6c38c02641bcfeadcea
d5b7ba26785d7494166d48876362ba30ff30b98awrowe -*- coding: utf-8 -*-
c30ef289fe64ac7fedc44cfcc6b439f0f8458b4cgregamesChanges with Apache 2.3.11
5d2959154eb0b63ab0e9ef5fc2c34f296fa7beeegregames *) mod_status: Don't show slots which are disabled by MaxClients as open.
5d2959154eb0b63ab0e9ef5fc2c34f296fa7beeegregames PR: 47022 [Jordi Prats <jordi prats gmail com>, Stefan Fritsch]
5d2959154eb0b63ab0e9ef5fc2c34f296fa7beeegregames *) mpm_prefork: Fix ap_mpm_query results for AP_MPMQ_MAX_DAEMONS and
81b30d1b974212267ddc27c450abc1453ce56423nd AP_MPMQ_MAX_THREADS.
81b30d1b974212267ddc27c450abc1453ce56423nd *) mod_authz_core: Fix bug in merging logic if user-based and non-user-based
fc25339741311efd7d460f18b6287ef38d76bbe6madhum authorization directives were mixed. [Stefan Fritsch]
fc25339741311efd7d460f18b6287ef38d76bbe6madhum *) mod_authn_socache: change directive name from AuthnCacheProvider
fc25339741311efd7d460f18b6287ef38d76bbe6madhum to AuthnCacheProvideFor. The term "provider" is overloaded in
fcdca175a52fe517f2317ba0e2b6e6d14522b869madhum this module, and we should avoid confusion between the provider
fcdca175a52fe517f2317ba0e2b6e6d14522b869madhum of a backend (AuthnCacheSOCache) and the authn provider(s) for
92a2439559cf1161742650ed9c50c6483bd029cemadhum which this module provides cacheing (AuthnCacheProvideFor).
92a2439559cf1161742650ed9c50c6483bd029cemadhum *) mod_proxy_http: Allocate the fake backend request from a child pool
0d60370bedd05f9632f54e85c417ce472d463674madhum of the backend connection, instead of misusing the pool of the frontend
0d60370bedd05f9632f54e85c417ce472d463674madhum request. Fixes a thread safety issue where buckets set aside in the
0d60370bedd05f9632f54e85c417ce472d463674madhum backend connection leak into other threads, and then disappear when
0d60370bedd05f9632f54e85c417ce472d463674madhum the frontend request is cleaned up, in turn causing corrupted buckets
ebecc16986604cce1369d5075eff65032e3dd0deianh to make other threads spin. [Graham Leggett]
ebecc16986604cce1369d5075eff65032e3dd0deianh *) mod_ssl: Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
764315969cef40e50cdc6a5e9638454e10c1c06end to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
764315969cef40e50cdc6a5e9638454e10c1c06end escape other special characters with backslashes. The old format can
764315969cef40e50cdc6a5e9638454e10c1c06end still be used with the LegacyDNStringFormat argument to SSLOptions.
d470ccf962533e14bd6f7265f18840f1397034eend *) core, mod_rewrite: Make the REQUEST_SCHEME variable available to
d470ccf962533e14bd6f7265f18840f1397034eend scripts and mod_rewrite. [Stefan Fritsch]
d470ccf962533e14bd6f7265f18840f1397034eend *) mod_rewrite: Allow to use arbitrary boolean expressions (ap_expr) in
d470ccf962533e14bd6f7265f18840f1397034eend RewriteCond. [Stefan Fritsch]
3de8d8649277a02f53aa4f06121420985e8eee08nd *) mod_rewrite: Allow to unset environment variables using E=!VAR.
3de8d8649277a02f53aa4f06121420985e8eee08nd PR 49512. [Mark Drayton <mark markdrayton info>, Stefan Fritsch]
3de8d8649277a02f53aa4f06121420985e8eee08nd *) mod_headers: Restore the 2.3.8 and earlier default for the first
3de8d8649277a02f53aa4f06121420985e8eee08nd argument of the Header directive ("onsuccess"). [Eric Covener]
4ac3e76f96ca3a5d0f67ae5cbe637c18f7280458gregames *) core: Disallow the mixing of relative and absolute Options PR 33708.
4ac3e76f96ca3a5d0f67ae5cbe637c18f7280458gregames [Sönke Tesch <st kino-fahrplan.de>]
a2c036f0ca71e35c085b4cd9451a6d3718bc65daake *) core: When exporting request headers to HTTP_* environment variables,
a2c036f0ca71e35c085b4cd9451a6d3718bc65daake drop variables whose names contain invalid characters. Describe in the
a2c036f0ca71e35c085b4cd9451a6d3718bc65daake docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
fbfb0de5ec8b82ad240074f20184f0cf77b59fb3nd *) core: When selecting an IP-based virtual host, favor an exact match for
fbfb0de5ec8b82ad240074f20184f0cf77b59fb3nd the port over a wildcard (or omitted) port instead of favoring the one
fbfb0de5ec8b82ad240074f20184f0cf77b59fb3nd that came first in the configuration file. [Eric Covener]
146bd390ef41ad985a39b6dd8519163796a4d585nd *) core: Overlapping virtual host address/port combinations now implicitly
146bd390ef41ad985a39b6dd8519163796a4d585nd enable name-based virtual hosting for that address. The NameVirtualHost
146bd390ef41ad985a39b6dd8519163796a4d585nd directive has no effect, and _default_ is interpreted the same as "*".
146bd390ef41ad985a39b6dd8519163796a4d585nd [Eric Covener]
b92cba59a0890be43b14aaf1ce30606140be9593nd *) core: In the absence of any Options directives, the default is now
b92cba59a0890be43b14aaf1ce30606140be9593nd "FollowSymlinks" instead of "All". [Igor Galić]
402d23baca89e8c4fcb4e52ad8b2d66a6904baaetrawick *) rotatelogs: Add -e option to write logs through to stdout for optional
402d23baca89e8c4fcb4e52ad8b2d66a6904baaetrawick further processing. [Graham Leggett]
affb82a2d7fc07c1a862d800ef47af966b898768nd *) mod_ssl: Correctly read full lines in input filter when the line is
affb82a2d7fc07c1a862d800ef47af966b898768nd incomplete during first read. PR 50481. [Ruediger Pluem]
affb82a2d7fc07c1a862d800ef47af966b898768nd *) mod_authz_core: Add AuthzSendForbiddenOnFailure directive to allow
6d4bfae6836af357a3b9790c0d6a06fdd00f177fnd sending '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authorization
6d4bfae6836af357a3b9790c0d6a06fdd00f177fnd fails for an authenticated user. PR 40721. [Stefan Fritsch]
6d4bfae6836af357a3b9790c0d6a06fdd00f177fndChanges with Apache 2.3.10
f803e3d3b51b398d24bcc4647a84e537a40c77d6nd *) mod_rewrite: Don't implicitly URL-escape the original query string
f803e3d3b51b398d24bcc4647a84e537a40c77d6nd when no substitution has changed it. PR 50447. [Eric Covener]
4caa28863a3418d26cc20a998dc368c3de3b7e19jerenkrantz *) core: Honor 'AcceptPathInfo OFF' during internal redirects,
4caa28863a3418d26cc20a998dc368c3de3b7e19jerenkrantz such as per-directory mod_rewrite substitutions. PR 50349.
4caa28863a3418d26cc20a998dc368c3de3b7e19jerenkrantz [Eric Covener]
07af571d0ef9975db2e79cd01222effd58dbb81ejerenkrantz *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base
07af571d0ef9975db2e79cd01222effd58dbb81ejerenkrantz rules/conditions before the overridden rules/conditions. PR 39313.
a3f2646ef3d8a3a5234a5601de0f95f10308c2a6jerenkrantz [Jérôme Grandjanny <jerome.grandjanny cea.fr>]
a3f2646ef3d8a3a5234a5601de0f95f10308c2a6jerenkrantz *) mod_autoindex: add IndexIgnoreReset to reset the list of IndexIgnored
9e398d701dd430f073ff5418fb720642e064046ajerenkrantz filenames in higher precedence configuration sections. PR 24243.
9e398d701dd430f073ff5418fb720642e064046ajerenkrantz [Eric Covener]
1a5b9e0071f0c662036250b482d566ad87ff0b4bjerenkrantz *) mod_cgid: RLimit* directive support for mod_cgid. PR 42135
1a5b9e0071f0c662036250b482d566ad87ff0b4bjerenkrantz [Eric Covener]
a7ac9b52c3d9f7ce937f078a0d585023db626c55jerenkrantz *) core: Fail startup when the argument to ServerName looks like a glob
a7ac9b52c3d9f7ce937f078a0d585023db626c55jerenkrantz or a regular expression instead of a hostname (*?[]). PR 39863
ba6c07204bd224fa5d4cd0e6b8bf256d6daffb74nd *) mod_userdir: Add merging of enable, disable, and filename arguments
ba6c07204bd224fa5d4cd0e6b8bf256d6daffb74nd to UserDir directive, leaving enable/disable of userlists unmerged.
db5837bbc9bef214303e755fa52122140366cb6fianh PR 44076 [Eric Covener]
db5837bbc9bef214303e755fa52122140366cb6fianh *) httpd: When no -k option is provided on the httpd command line, the server
aac2b82fe4f1ac117e2a0702438d6615542642dand was starting without checking for an existing pidfile. PR 50350
aac2b82fe4f1ac117e2a0702438d6615542642dand [Eric Covener]
a793d402c74e50326a2401cfbdc562c5781948fdnd *) mod_proxy: Put the worker in error state if the SSL handshake with the
a793d402c74e50326a2401cfbdc562c5781948fdnd backend fails. PR 50332.
0a209fcb17b8c9a42a6149a1758e61cf6527d367nd [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz *) mod_cache_disk: Fix Windows build which was broken after renaming
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz the module. [Gregg L. Smith]
3ded62d7f2c9b12616d718b8c97d3044baa9ecdbjerenkrantzChanges with Apache 2.3.9
3ded62d7f2c9b12616d718b8c97d3044baa9ecdbjerenkrantz *) SECURITY: CVE-2010-1623 (cve.mitre.org)
031acbd88cdb9051f474a38ef67ca403cb7039b3nd Fix a denial of service attack against mod_reqtimeout.
031acbd88cdb9051f474a38ef67ca403cb7039b3nd [Stefan Fritsch]
031acbd88cdb9051f474a38ef67ca403cb7039b3nd *) mod_headers: Change default first argument of Header directive
ebf6c41faad84ab037fff4f04ec987463457ef2acoar from "onsuccess" to "always". [Eric Covener]
ebf6c41faad84ab037fff4f04ec987463457ef2acoar *) mod_include: Add the onerror attribute to the include element,
ebf6c41faad84ab037fff4f04ec987463457ef2acoar allowing an URL to be specified to include on error. [Graham
ab8c0315521735c73ce16c8072f91e17c406ca5bnd *) mod_cache_disk: mod_disk_cache renamed to mod_cache_disk, to be
ab8c0315521735c73ce16c8072f91e17c406ca5bnd consistent with the naming of other modules. [Graham Leggett]
b9e99e0d3154bbebe3e1b8d11d6c15bde79510a5nd *) mod_setenvif: Add SetEnvIfExpr directive to set env var depending on
b9e99e0d3154bbebe3e1b8d11d6c15bde79510a5nd expression. [Stefan Fritsch]
ea5f8cfbb7ef1d19318f6994c26dd73c38ffd8ddjerenkrantz *) mod_proxy: Fix ProxyPassInterpolateEnv directive. PR 50292.
ea5f8cfbb7ef1d19318f6994c26dd73c38ffd8ddjerenkrantz [Stefan Fritsch]
4567cfc6a65328bd3e8dd2b758ca926b389c7058brianp *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
4567cfc6a65328bd3e8dd2b758ca926b389c7058brianp binary (Suexec Off), or force startup failure if suEXEC is required
4567cfc6a65328bd3e8dd2b758ca926b389c7058brianp but not supported (Suexec On). Change SuexecUserGroup to fail
4cdc5446050c19b9d519a273a129188586e8d445jerenkrantz startup instead of just printing a warning if suEXEC is disabled.
4cdc5446050c19b9d519a273a129188586e8d445jerenkrantz [Jeff Trawick]
c30ef289fe64ac7fedc44cfcc6b439f0f8458b4cgregames *) core: Add Error directive for aborting startup or htaccess processing
c30ef289fe64ac7fedc44cfcc6b439f0f8458b4cgregames with a specified error message. [Jeff Trawick]
c30ef289fe64ac7fedc44cfcc6b439f0f8458b4cgregames *) mod_rewrite: Fix the RewriteEngine directive to work within a
c30ef289fe64ac7fedc44cfcc6b439f0f8458b4cgregames location. Previously, once RewriteEngine was switched on globally,
2f408250e9111c4b85b2b4b9b8836e83987efdefstoddard it was impossible to switch off. [Graham Leggett]
2f408250e9111c4b85b2b4b9b8836e83987efdefstoddard *) core, mod_include, mod_ssl: Move the expression parser derived from
2f408250e9111c4b85b2b4b9b8836e83987efdefstoddard mod_include back into mod_include. Replace ap_expr with a parser
d5b7ba26785d7494166d48876362ba30ff30b98awrowe derived from mod_ssl's parser. Make mod_ssl use the new parser. Rework
47fe07199bddec6124ab7251c6be5c6c9ac00485jerenkrantz ap_expr's public interface and provide hooks for modules to add variables
47fe07199bddec6124ab7251c6be5c6c9ac00485jerenkrantz and functions. [Stefan Fritsch]
6646a289c2d4778c8cd43d62b5a1cc966a356f85jerenkrantz *) core: Do the hook sorting earlier so that the hooks are properly sorted
6646a289c2d4778c8cd43d62b5a1cc966a356f85jerenkrantz for the pre_config hook and during parsing the config. [Stefan Fritsch]
aec70520ebe1e33e0d5e83c3626649d2a41dbe68wrowe *) core: In the absence of any AllowOverride directives, the default is now
aec70520ebe1e33e0d5e83c3626649d2a41dbe68wrowe "None" instead of "All". PR49823 [Eric Covener]
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe <Directory> or <Files>. PR47765 [Eric Covener]
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe *) prefork/worker/event MPMS: default value (when no directive is present)
367cefc17f8dcfe65651c9c16cb3151589c6cecetrawick of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
5d6ffa7b5c77dd4132ed6d7f0dd63548b1c3c1c9nd to match default configuration and manual. PR47782 [Eric Covener]
7a01bcd2d59be7ec9ce55701c58054fa1c0bb5b6wrowe *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
7a01bcd2d59be7ec9ce55701c58054fa1c0bb5b6wrowe when the child process is starting to exit. PR50220. [Eric Covener]
7a01bcd2d59be7ec9ce55701c58054fa1c0bb5b6wrowe *) mod_autoindex: Fix inheritance of mod_autoindex directives into
7a01bcd2d59be7ec9ce55701c58054fa1c0bb5b6wrowe contexts that don't have any mod_autoindex directives. PR47766.
5d6ffa7b5c77dd4132ed6d7f0dd63548b1c3c1c9nd [Eric Covener]
5d6ffa7b5c77dd4132ed6d7f0dd63548b1c3c1c9nd *) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
5d6ffa7b5c77dd4132ed6d7f0dd63548b1c3c1c9nd of rewrite processing when a per-directory substitution occurs.
5d6ffa7b5c77dd4132ed6d7f0dd63548b1c3c1c9nd [Eric Covener]
144b1e2ebb48b2878017a8ac9a4cad1e771bc1b6stoddard *) mod_ssl: Make sure to always log an error if loading of CA certificates
144b1e2ebb48b2878017a8ac9a4cad1e771bc1b6stoddard fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
143a04461642dea548a4bebdb302f5e411528a14trawick *) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
143a04461642dea548a4bebdb302f5e411528a14trawick request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
ebecc16986604cce1369d5075eff65032e3dd0deianh *) mod_dav: Send 400 error if malformed Content-Range header is received for
ebecc16986604cce1369d5075eff65032e3dd0deianh a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
ebecc16986604cce1369d5075eff65032e3dd0deianh *) mod_proxy: Release the backend connection as soon as EOS is detected,
ebecc16986604cce1369d5075eff65032e3dd0deianh so the backend isn't forced to wait for the client to eventually
ebecc16986604cce1369d5075eff65032e3dd0deianh acknowledge the data. [Graham Leggett]
ebecc16986604cce1369d5075eff65032e3dd0deianh *) mod_proxy: Optimise ProxyPass within a Location so that it is stored
7a2b9ea4788ea59d81b9e84192e4b90a9a0da875wrowe per-directory, and chosen during the location walk. Make ProxyPass
7a2b9ea4788ea59d81b9e84192e4b90a9a0da875wrowe work correctly from within a LocationMatch. [Graham Leggett]
7a2b9ea4788ea59d81b9e84192e4b90a9a0da875wrowe *) core: Fix segfault if per-module LogLevel is on virtual host
7a2b9ea4788ea59d81b9e84192e4b90a9a0da875wrowe scope. PR 50117. [Stefan Fritsch]
d225a894172ec361d2c6791638bacf604a8c6fa4nd *) mod_proxy: Move the ProxyErrorOverride directive to have per
d225a894172ec361d2c6791638bacf604a8c6fa4nd directory scope. [Graham Leggett]
d225a894172ec361d2c6791638bacf604a8c6fa4nd *) mod_allowmethods: New module to deny certain HTTP methods without
d225a894172ec361d2c6791638bacf604a8c6fa4nd interfering with authentication/authorization. [Paul Querna,
d225a894172ec361d2c6791638bacf604a8c6fa4nd Igor Galić, Stefan Fritsch]
70f28b17978da5478a97843ab7cbcb4baf7a8711nd *) mod_ssl: Log certificate information and improve error message if client
70f28b17978da5478a97843ab7cbcb4baf7a8711nd cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
70f28b17978da5478a97843ab7cbcb4baf7a8711nd Stefan Fritsch]
ac539bd6714277d9ce7c39361de4cc11d1fb8eadnd *) htcacheclean: Teach htcacheclean to limit cache size by number of
ac539bd6714277d9ce7c39361de4cc11d1fb8eadnd inodes in addition to size of files. Prevents a cache disk from
f5208b93c14accca0cd5f5acb042332b20172fb1nd running out of space when many small files are cached.
f5208b93c14accca0cd5f5acb042332b20172fb1nd [Graham Leggett]
1125f364c5cb4fd9bff71e89b5d4cbf551590035bnicholes *) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
1125f364c5cb4fd9bff71e89b5d4cbf551590035bnicholes describes more accurately what the directive does. The old name
1125f364c5cb4fd9bff71e89b5d4cbf551590035bnicholes still works but logs a warning. [Stefan Fritsch]
1125f364c5cb4fd9bff71e89b5d4cbf551590035bnicholes *) mod_cache: Optionally serve stale data when a revalidation returns a
1125f364c5cb4fd9bff71e89b5d4cbf551590035bnicholes 5xx response, controlled by the CacheStaleOnError directive.
1125f364c5cb4fd9bff71e89b5d4cbf551590035bnicholes [Graham Leggett]
9d999c5deeddad9211695fc736a845afda6a2e95wrowe *) htcacheclean: Allow the listing of valid URLs within the cache, with
9d999c5deeddad9211695fc736a845afda6a2e95wrowe the option to list entry metadata such as sizes and times. [Graham
f19141958ebbfa8feb78e27007b4023d710d1c7etrawick *) mod_cache: correctly parse quoted strings in cache headers.
f19141958ebbfa8feb78e27007b4023d710d1c7etrawick PR 50199 [Nick Kew]
f19141958ebbfa8feb78e27007b4023d710d1c7etrawick *) mod_cache: Allow control over the base URL of reverse proxied requests
3ac9911bdb9c066a068041218d5b05bc851340bdtrawick using the CacheKeyBaseURL directive, so that the cache key can be
3ac9911bdb9c066a068041218d5b05bc851340bdtrawick calculated from the endpoint URL instead of the server URL. [Graham
c5c445b5614e4d5040d3c0994d2456f1ac8cb9b5jerenkrantz *) mod_cache: CacheLastModifiedFactor, CacheStoreNoStore, CacheStorePrivate,
c5c445b5614e4d5040d3c0994d2456f1ac8cb9b5jerenkrantz CacheStoreExpired, CacheIgnoreNoLastMod, CacheDefaultExpire,
c5c445b5614e4d5040d3c0994d2456f1ac8cb9b5jerenkrantz CacheMinExpire and CacheMaxExpire can be set per directory/location.
c5c445b5614e4d5040d3c0994d2456f1ac8cb9b5jerenkrantz [Graham Leggett]
5541a81e194dc99521c0ecf904a940b0b65a93f2nd *) mod_disk_cache: CacheMaxFileSize, CacheMinFileSize, CacheReadSize and
5541a81e194dc99521c0ecf904a940b0b65a93f2nd CacheReadTime can be set per directory/location. [Graham Leggett]
60736084c3e45fe7ece48483188e58b0f9e3a36bwrowe *) core: Speed up config parsing if using a very large number of config
60736084c3e45fe7ece48483188e58b0f9e3a36bwrowe files. PR 50002 [andrew cloudaccess net]
60736084c3e45fe7ece48483188e58b0f9e3a36bwrowe *) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
60736084c3e45fe7ece48483188e58b0f9e3a36bwrowe *) htcacheclean: Allow the option to round up file sizes to a given
60736084c3e45fe7ece48483188e58b0f9e3a36bwrowe block size, improving the accuracy of disk usage. [Graham Leggett]
60736084c3e45fe7ece48483188e58b0f9e3a36bwrowe *) mod_ssl: Add authz providers for use with mod_authz_core and its
60736084c3e45fe7ece48483188e58b0f9e3a36bwrowe RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
f16b2c3124a11bff93724342099e1afdb8145917bnicholes 'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
f16b2c3124a11bff93724342099e1afdb8145917bnicholes 'ssl-require' (expressions with same syntax as SSLRequire).
60736084c3e45fe7ece48483188e58b0f9e3a36bwrowe [Stefan Fritsch]
60736084c3e45fe7ece48483188e58b0f9e3a36bwrowe *) mod_ssl: Make the ssl expression parser thread-safe. It now requires
f16b2c3124a11bff93724342099e1afdb8145917bnicholes bison instead of yacc. [Stefan Fritsch]
d584e3b7a33da68233e7ac403213b436b402f5bend *) mod_disk_cache: Change on-disk header file format to support the
d584e3b7a33da68233e7ac403213b436b402f5bend link of the device/inode of the data file to the matching header
d584e3b7a33da68233e7ac403213b436b402f5bend file, and to support the option of not writing a data file when
d584e3b7a33da68233e7ac403213b436b402f5bend the data file is empty. [Graham Leggett]
d584e3b7a33da68233e7ac403213b436b402f5bend *) core/mod_unique_id: Add generate_log_id hook to allow to use
d584e3b7a33da68233e7ac403213b436b402f5bend the ID generated by mod_unique_id as error log ID for requests.
d584e3b7a33da68233e7ac403213b436b402f5bend [Stefan Fritsch]
d584e3b7a33da68233e7ac403213b436b402f5bend *) mod_cache: Make sure that we never allow a 304 Not Modified response
d584e3b7a33da68233e7ac403213b436b402f5bend that we asked for to leak to the client should the 304 response be
d584e3b7a33da68233e7ac403213b436b402f5bend uncacheable. PR45341 [Graham Leggett]
d584e3b7a33da68233e7ac403213b436b402f5bend *) mod_cache: Add the cache_status hook to register the final cache
d584e3b7a33da68233e7ac403213b436b402f5bend decision hit/miss/revalidate. Add optional support for an X-Cache
d584e3b7a33da68233e7ac403213b436b402f5bend and/or an X-Cache-Detail header to add the cache status to the
d584e3b7a33da68233e7ac403213b436b402f5bend response. PR48241 [Graham Leggett]
d584e3b7a33da68233e7ac403213b436b402f5bend *) mod_authz_host: Add 'local' provider that matches connections originating
3e49fe84a5024d831ffb14697747c5948821f958trawick on the local host. PR 19938. [Stefan Fritsch]
3e49fe84a5024d831ffb14697747c5948821f958trawick *) Event MPM: Fix crash accessing pollset on worker thread when child
5610fc134df70e725bcdef518cc93de70261eb1dnd process is exiting. [Jeff Trawick]
5610fc134df70e725bcdef518cc93de70261eb1dnd *) core: For process invocation (cgi, fcgid, piped loggers and so forth)
5610fc134df70e725bcdef518cc93de70261eb1dnd pass the system library path (LD_LIBRARY_PATH or platform-specific
965680cd7c050ec8c8c751ffdbaf19c91213d562trawick variables) along with the system PATH, by default. Both should be
965680cd7c050ec8c8c751ffdbaf19c91213d562trawick overridden together as desired using PassEnv etc; see mod_env.
965680cd7c050ec8c8c751ffdbaf19c91213d562trawick [William Rowe]
965680cd7c050ec8c8c751ffdbaf19c91213d562trawick *) mod_cache: Introduce CacheStoreExpired, to allow administrators to
965680cd7c050ec8c8c751ffdbaf19c91213d562trawick capture a stale backend response, perform If-Modified-Since requests
965680cd7c050ec8c8c751ffdbaf19c91213d562trawick against the backend, and serving from the cache all 304 responses.
965680cd7c050ec8c8c751ffdbaf19c91213d562trawick This restores pre-2.2.4 cache behavior. [William Rowe]
52d61f96a186861d991583851218e15ea16f0abetrawick *) mod_rewrite: Introduce <=, >= string comparison operators, and integer
52d61f96a186861d991583851218e15ea16f0abetrawick comparators -lt, -le, -eq, -ge, and -gt. To help bash users and drop
52d61f96a186861d991583851218e15ea16f0abetrawick the ambiguity of the symlink test "-ltest", introduce -h or -L as
52d61f96a186861d991583851218e15ea16f0abetrawick symlink test operators. [William Rowe]
4fa5f4378779a06834ec5efa44810f93741c5f27wrowe *) mod_cache: Give the cache provider the opportunity to choose to cache
4fa5f4378779a06834ec5efa44810f93741c5f27wrowe or not cache based on the buckets present in the brigade, such as the
4fa5f4378779a06834ec5efa44810f93741c5f27wrowe presence of a FILE bucket.
4fa5f4378779a06834ec5efa44810f93741c5f27wrowe [Graham Leggett]
74b84dd6e146edc93cf1b3200e411bfc581f7c36nd *) mod_authz_core: Allow authz providers to check args while reading the
74b84dd6e146edc93cf1b3200e411bfc581f7c36nd config and allow to cache parsed args. Move 'all' and 'env' authz
11e365512cbf021726cd3ec3d80743f408170ff9stoddard providers from mod_authz_host to mod_authz_core. Add 'method' authz
11e365512cbf021726cd3ec3d80743f408170ff9stoddard provider depending on the HTTP method. [Stefan Fritsch]
11e365512cbf021726cd3ec3d80743f408170ff9stoddard *) mod_include: Move the request_rec within mod_include to be
11e365512cbf021726cd3ec3d80743f408170ff9stoddard exposed within include_ctx_t. [Graham Leggett]
2774f23eee36fdb1b30a8213bbcabe5336175e54jwoolley *) mod_include: Reinstate support for UTF-8 character sets by allowing a
2774f23eee36fdb1b30a8213bbcabe5336175e54jwoolley variable being echoed or set to be decoded and then encoded as separate
2774f23eee36fdb1b30a8213bbcabe5336175e54jwoolley steps. PR47686 [Graham Leggett]
1944ddbbad413b60307d66081b022a3eee5f04cfbnicholes *) mod_cache: Add a discrete commit_entity() provider function within the
1944ddbbad413b60307d66081b022a3eee5f04cfbnicholes mod_cache provider interface which is called to indicate to the
1944ddbbad413b60307d66081b022a3eee5f04cfbnicholes provider that caching is complete, giving the provider the opportunity
1944ddbbad413b60307d66081b022a3eee5f04cfbnicholes to commit temporary files permanently to the cache in an atomic
3b1dc8f8f153d7167da9e64ab44f3e90f486a458wrowe fashion. Replace the inconsistent use of error cleanups with a formal
3b1dc8f8f153d7167da9e64ab44f3e90f486a458wrowe set of pool cleanups attached to a subpool, which is destroyed on error.
3b1dc8f8f153d7167da9e64ab44f3e90f486a458wrowe [Graham Leggett]
2404b81d39a1a539f980d4808d52d23997a9e006nd *) mod_cache: Change the signature of the store_body() provider function
2404b81d39a1a539f980d4808d52d23997a9e006nd within the mod_cache provider interface to support an "in" brigade
2404b81d39a1a539f980d4808d52d23997a9e006nd and an "out" brigade instead of just a single input brigade. This
a3754e9d2edd5758f94fd743b9cf9f814be80383nd gives a cache provider the option to consume only part of the brigade
a3754e9d2edd5758f94fd743b9cf9f814be80383nd passed to it, rather than the whole brigade as was required before.
a3754e9d2edd5758f94fd743b9cf9f814be80383nd This fixes an out of memory and a request timeout condition that would
f9a987f71572291f35b9d0adc3fe79af96b2b147trawick occur when the original document was a large file. Introduce
f9a987f71572291f35b9d0adc3fe79af96b2b147trawick CacheReadSize and CacheReadTime directives to mod_disk_cache to control
f9a987f71572291f35b9d0adc3fe79af96b2b147trawick the amount of data to attempt to cache at a time. [Graham Leggett]
f9a987f71572291f35b9d0adc3fe79af96b2b147trawick *) core: Add ErrorLogFormat to allow configuring error log format, including
f9a987f71572291f35b9d0adc3fe79af96b2b147trawick additional information that is logged once per connection or request. Add
f9a987f71572291f35b9d0adc3fe79af96b2b147trawick error log IDs for connections and request to allow correlating error log
f9a987f71572291f35b9d0adc3fe79af96b2b147trawick lines and the corresponding access log entry. [Stefan Fritsch]
f9a987f71572291f35b9d0adc3fe79af96b2b147trawick *) core: Disable sendfile by default. [Stefan Fritsch]
5c870e08d589a24283cd76a9d596120605762cbbminfrin *) mod_cache: Check the request to determine whether we are allowed
5c870e08d589a24283cd76a9d596120605762cbbminfrin to return cached content at all, and respect a "Cache-Control:
5c870e08d589a24283cd76a9d596120605762cbbminfrin no-cache" header from a client. Previously, "no-cache" would
47d4dfaca60aff6d3c7e591bf593b3961cafcdefminfrin behave like "max-age=0". [Graham Leggett]
47d4dfaca60aff6d3c7e591bf593b3961cafcdefminfrin *) mod_cache: Use a proper filter context to hold filter data instead
c206205e2475a7a4a192eaa7190a9894f01f0631minfrin of misusing the per-request configuration. Fixes a segfault on trunk
c206205e2475a7a4a192eaa7190a9894f01f0631minfrin when the normal handler is used. [Graham Leggett]
c206205e2475a7a4a192eaa7190a9894f01f0631minfrin *) mod_cgid: Log a warning if the ScriptSock path is truncated because
304aee4b1ff85cc876570493e4ed334d42b4d9eftrawick it is too long. PR 49388. [Stefan Fritsch]
304aee4b1ff85cc876570493e4ed334d42b4d9eftrawick *) vhosts: Do not allow _default_ in NameVirtualHost, or mixing *
304aee4b1ff85cc876570493e4ed334d42b4d9eftrawick and non-* ports on NameVirtualHost, or multiple NameVirtualHost
304aee4b1ff85cc876570493e4ed334d42b4d9eftrawick directives for the same address:port, or NameVirtualHost
304aee4b1ff85cc876570493e4ed334d42b4d9eftrawick directives with no matching VirtualHosts, or multiple ip-based
77582a85f880a10e8e225ecd5b303446d23d1c9atrawick VirtualHost sections for the same address:port. These were
77582a85f880a10e8e225ecd5b303446d23d1c9atrawick previously accepted with a warning, but the behavior was
77582a85f880a10e8e225ecd5b303446d23d1c9atrawick undefined. [Dan Poirier]
77582a85f880a10e8e225ecd5b303446d23d1c9atrawick *) mod_remoteip: Fix a segfault when using mod_remoteip in conjunction with
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe Allow/Deny. PR 49838. [Andrew Skalski <voltara gmail.com>]
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe *) core: DirectoryMatch can now match on the end of line character ($),
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe and sub-directories of matched directories are no longer implicitly
111b2312c9749936ebca4f273db445820a0a703ebrianp matched. PR49809 [Eric Covener]
111b2312c9749936ebca4f273db445820a0a703ebrianp *) Regexps: introduce new higher-level regexp utility including parsing
ad877cddc14be8c8171938ba61338c6c7b896bbdtrawick and executing perl-style regexp ops (e.g s/foo/bar/i) and regexp memory
ad877cddc14be8c8171938ba61338c6c7b896bbdtrawick *) Proxy: support setting source address. PR 29404
ad877cddc14be8c8171938ba61338c6c7b896bbdtrawick [Multiple contributors iterating through bugzilla,
ad877cddc14be8c8171938ba61338c6c7b896bbdtrawick Aron Ujvari <xanco nikhok.hu>, Aleksey Midenkov <asm uezku.kemsu.ru>,
367cefc17f8dcfe65651c9c16cb3151589c6cecetrawick <dan listening-station.net; trunk version Nick Kew]
367cefc17f8dcfe65651c9c16cb3151589c6cecetrawick *) HTTP protocol: return 400 not 503 if we have to abort due to malformed
367cefc17f8dcfe65651c9c16cb3151589c6cecetrawick chunked encoding. [Nick Kew]
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wroweChanges with Apache 2.3.8
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe *) suexec: Support large log files. PR 45856. [Stefan Fritsch]
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe *) core: Abort with sensible error message if no or more than one MPM is
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe loaded. [Stefan Fritsch]
9b867bfaea269f387a0cf2aa4c9f38d4d51bac94rederpj *) mod_proxy: Rename erroronstatus to failonstatus.
9b867bfaea269f387a0cf2aa4c9f38d4d51bac94rederpj [Daniel Ruggeri <DRuggeri primary.net>]
9b867bfaea269f387a0cf2aa4c9f38d4d51bac94rederpj *) mod_dav_fs: Fix broken "creationdate" property.
52435ceaabd1670b2c3a062acc191159a64fb7a1wrowe Regression in version 2.3.7. [Rainer Jung]
52435ceaabd1670b2c3a062acc191159a64fb7a1wroweChanges with Apache 2.3.7
52435ceaabd1670b2c3a062acc191159a64fb7a1wrowe *) SECURITY: CVE-2010-1452 (cve.mitre.org)
52435ceaabd1670b2c3a062acc191159a64fb7a1wrowe mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
52435ceaabd1670b2c3a062acc191159a64fb7a1wrowe segment. PR: 49246 [Mark Drayton, Jeff Trawick]
52435ceaabd1670b2c3a062acc191159a64fb7a1wrowe *) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
e199d79647c689a85951f19b08a08082263f4df8brianp [Stefan Fritsch]
e199d79647c689a85951f19b08a08082263f4df8brianp *) mod_rewrite: Log errors if rewrite map files cannot be opened. PR 49639.
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe [Stefan Fritsch]
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe *) mod_proxy_http: Support the 'ping' property for backend HTTP/1.1 servers
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe via leveraging 100-Continue as the initial "request".
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe [Jim Jagielski]
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe *) core/mod_authz_core: Introduce new access_checker_ex hook that enables
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe mod_authz_core to bypass authentication if access should be allowed by
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe IP address/env var/... [Stefan Fritsch]
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe *) core: Introduce note_auth_failure hook to allow modules to add support
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe for additional auth types. This makes ap_note_auth_failure() work with
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe mod_auth_digest again. PR 48807. [Stefan Fritsch]
1e1e5c477f92840ffbcb8acd0003305022e5468atrawick *) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
1e1e5c477f92840ffbcb8acd0003305022e5468atrawick *) mod_authn_socache: new module [Nick Kew]
1e1e5c477f92840ffbcb8acd0003305022e5468atrawick *) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
c998c5be82bf2b41f8fc27de9376ba10651c74bcrederpj *) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]
c998c5be82bf2b41f8fc27de9376ba10651c74bcrederpj *) mod_rewrite: Allow to set environment variables without explicitly
c998c5be82bf2b41f8fc27de9376ba10651c74bcrederpj giving a value. [Rainer Jung]
c998c5be82bf2b41f8fc27de9376ba10651c74bcrederpj *) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]
58eb8d7cca552570577aa8b636349a695ff193datrawick *) mod_include: recognise "text/html; parameters" as text/html
58eb8d7cca552570577aa8b636349a695ff193datrawick PR 49616 [Andrey Chernov <ache nagual.pp.ru>]
ecf435f0c6379df7ed83285d5597fc9aa39c6f6dbrianp *) CGI vars: allow PATH to be set by SetEnv, consistent with LD_LIBRARY_PATH
ecf435f0c6379df7ed83285d5597fc9aa39c6f6dbrianp PR 43906 [Nick Kew]
ecf435f0c6379df7ed83285d5597fc9aa39c6f6dbrianp *) Core: Extra robustness: don't try authz and segfault if authn
480f2a1b2fb27a8284e66e60a5bbaee6bc1ccb04trawick fails to set r->user. Log bug and return 500 instead.
480f2a1b2fb27a8284e66e60a5bbaee6bc1ccb04trawick PR 42995 [Nick Kew]
480f2a1b2fb27a8284e66e60a5bbaee6bc1ccb04trawick *) HTTP protocol filter: fix handling of longer chunk extensions
acc9093ae1f3c97acc635bd5b2c7c0969da21183trawick *) Update SSL cipher suite and add example for SSLHonorCipherOrder.
2fa5f4c38890220c6ea439317e7dcb9e8b3c76f7jwoolley [Lars Eilebrecht, Rainer Jung]
2fa5f4c38890220c6ea439317e7dcb9e8b3c76f7jwoolley *) move AddOutputFilterByType from core to mod_filter. This should
95d00ea81131488769296fa5765ed745cbf45207trawick fix nasty side-effects that happen when content_type is set
95d00ea81131488769296fa5765ed745cbf45207trawick more than once in processing a request, and make it fully
95d00ea81131488769296fa5765ed745cbf45207trawick compatible with dynamic and proxied contents. [Nick Kew]
95d00ea81131488769296fa5765ed745cbf45207trawick *) mod_log_config: Implement logging for sub second timestamps and
95d00ea81131488769296fa5765ed745cbf45207trawick request end time. [Rainer Jung]
95d00ea81131488769296fa5765ed745cbf45207trawickChanges with Apache 2.3.6
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj *) SECURITY: CVE-2009-3555 (cve.mitre.org)
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj attack when compiled against OpenSSL version 0.9.8m or later. Introduces
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj and offer unsafe legacy renegotiation with clients which do not yet
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj support the new secure renegotiation protocol, RFC 5746.
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj [Joe Orton, and with thanks to the OpenSSL Team]
84854ca5d35fb9f101da948858097c88457eece8coar *) SECURITY: CVE-2009-3555 (cve.mitre.org)
84854ca5d35fb9f101da948858097c88457eece8coar mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
84854ca5d35fb9f101da948858097c88457eece8coar by rejecting any client-initiated renegotiations. Forcibly disable
84854ca5d35fb9f101da948858097c88457eece8coar keepalive for the connection if there is any buffered data readable. Any
30990c446eca5b0d16d42171a6b30da9456ff6b4trawick configuration which requires renegotiation for per-directory/location
30990c446eca5b0d16d42171a6b30da9456ff6b4trawick access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
30990c446eca5b0d16d42171a6b30da9456ff6b4trawick [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
0fd9de72e2a1be5a6134ee70703324be80d816b7trawick *) SECURITY: CVE-2010-0408 (cve.mitre.org)
0fd9de72e2a1be5a6134ee70703324be80d816b7trawick mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
0fd9de72e2a1be5a6134ee70703324be80d816b7trawick when request headers indicate a request body is incoming; not a case of
2213cc395cb461faf7bfeb187ebb61d97cd457efjerenkrantz HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
2213cc395cb461faf7bfeb187ebb61d97cd457efjerenkrantz *) SECURITY: CVE-2010-0425 (cve.mitre.org)
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe mod_isapi: Do not unload an isapi .dll module until the request
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe processing is completed, avoiding orphaned callback pointers.
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe *) core: Filter init functions are now run strictly once per request
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe before handler invocation. The init functions are no longer run
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe for connection filters. PR 49328. [Joe Orton]
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe *) core: Adjust the output filter chain correctly in an internal
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe redirect from a subrequest, preserving filters from the main
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe request as necessary. PR 17629. [Joe Orton]
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe Response if they so choose to do so. Previously an attempt to cache a 206
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe was arbitrarily allowed if the response contained an Expires or
75f8e1cae5ca3a16a7400cdddf604815ab06b5a8rederpj Cache-Control header, and arbitrarily denied if both headers were missing.
75f8e1cae5ca3a16a7400cdddf604815ab06b5a8rederpj [Graham Leggett]
75f8e1cae5ca3a16a7400cdddf604815ab06b5a8rederpj *) core: Add microsecond timestamp fractions, process id and thread id
75f8e1cae5ca3a16a7400cdddf604815ab06b5a8rederpj to the error log. [Rainer Jung]
75f8e1cae5ca3a16a7400cdddf604815ab06b5a8rederpj *) configure: The "most" module set gets build by default. [Rainer Jung]
7f481efe04fdc4da7a447c14be62c155cbe00ddbbrianp *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
7f481efe04fdc4da7a447c14be62c155cbe00ddbbrianp *) configure: Fix broken VPATH build when using included APR.
9ed34e5219ab3506ccfd2ca58751ce4c81b263a8rederpj [Rainer Jung]
9ed34e5219ab3506ccfd2ca58751ce4c81b263a8rederpj *) mod_session_crypto: Fix configure problem when building
9ed34e5219ab3506ccfd2ca58751ce4c81b263a8rederpj with APR 2 and for VPATH builds with included APR.
23b36269d124e7a6aaa5221891f7ae2ef3eeb158jerenkrantz [Rainer Jung]
23b36269d124e7a6aaa5221891f7ae2ef3eeb158jerenkrantz *) mod_session_crypto: API compatibility with APR 2 crypto and
d401ff3af66624a7023460054519070a025d31cfwrowe APR Util 1.x crypto. [Rainer Jung]
d401ff3af66624a7023460054519070a025d31cfwrowe *) ab: Fix memory leak with -v2 and SSL. PR 49383.
d401ff3af66624a7023460054519070a025d31cfwrowe [Pavel Kankovsky <peak argo troja mff cuni cz>]
e65b56dc229f063425fac589002e34c8246ad878trawick *) core: Add per-module and per-directory loglevel configuration.
e65b56dc229f063425fac589002e34c8246ad878trawick Add some more trace logging.
e65b56dc229f063425fac589002e34c8246ad878trawick mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
306bd64cf6568149964abdf8ca748a617ed98500gregames mod_ssl: Replace LogLevelDebugDump with trace log levels.
306bd64cf6568149964abdf8ca748a617ed98500gregames mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
5bd562b1d7da51cb5715899d32bb4c79c54459b0wrowe mod_dumpio: Replace DumpIOLogLevel with trace log levels.
ae3d212043d50288748fe9fdf0aa1a3e8f2ff3a6wrowe [Stefan Fritsch]
ae3d212043d50288748fe9fdf0aa1a3e8f2ff3a6wrowe *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
ae3d212043d50288748fe9fdf0aa1a3e8f2ff3a6wrowe title page only) when any mod_ldap directives were used in VirtualHost
ae3d212043d50288748fe9fdf0aa1a3e8f2ff3a6wrowe context. [Eric Covener]
766c20b0366e1d0e359e0d9a834669e19a4db3d9trawick *) mod_disk_cache: Decline the opportunity to cache if the response is
766c20b0366e1d0e359e0d9a834669e19a4db3d9trawick a 206 Partial Content. This stops a reverse proxied partial response
766c20b0366e1d0e359e0d9a834669e19a4db3d9trawick from becoming cached, and then being served in subsequent responses.
766c20b0366e1d0e359e0d9a834669e19a4db3d9trawick [Graham Leggett]
2a6e98ba4ffa30ded5d8831664c5cb2a170a56b6coar *) mod_deflate: avoid the risk of forwarding data before headers are set.
2a6e98ba4ffa30ded5d8831664c5cb2a170a56b6coar PR 49369 [Matthew Steele <mdsteele google.com>]
2a6e98ba4ffa30ded5d8831664c5cb2a170a56b6coar *) mod_authnz_ldap: Ensure nested groups are checked when the
9a11fa4e07f50f2e5750d078ef3751ddbf441b8ftrawick top-level group doesn't have any direct non-group members
9a11fa4e07f50f2e5750d078ef3751ddbf441b8ftrawick of attributes in AuthLDAPGroupAttribute. [Eric Covener]
1f279dc92a60df9f61bf58468162aab0eef072e4brianp *) mod_authnz_ldap: Search or Comparison during authorization phase
1f279dc92a60df9f61bf58468162aab0eef072e4brianp can use the credentials from the authentication phase
1f279dc92a60df9f61bf58468162aab0eef072e4brianp (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
1f279dc92a60df9f61bf58468162aab0eef072e4brianp PR 48340 [Domenico Rotiroti, Eric Covener]
2fd0edbd8b2f47a8458322bedd3b82f825faf336trawick *) mod_authnz_ldap: Allow the initial DN search during authentication
2fd0edbd8b2f47a8458322bedd3b82f825faf336trawick to use the HTTP username/pass instead of an anonymous or hard-coded
39021cf8b495cdb94013ca73531ccb32658fb793rederpj LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
39021cf8b495cdb94013ca73531ccb32658fb793rederpj [Eric Covener]
39021cf8b495cdb94013ca73531ccb32658fb793rederpj *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
39021cf8b495cdb94013ca73531ccb32658fb793rederpj when this module is used for authorization. See AuthLDAPAuthorizePrefix.
39021cf8b495cdb94013ca73531ccb32658fb793rederpj PR 45584 [Eric Covener]
39021cf8b495cdb94013ca73531ccb32658fb793rederpj *) apxs -q: Stop filtering out ':' characters from the reported values.
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe PR 45343. [Bill Cole]
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe *) prefork MPM: Work around possible crashes on child exit in APR reslist
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe cleanup code. PR 43857. [Tom Donovan]
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe [Bryn Dole <dole blekko.com>]
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe *) Log an error for failures to read a chunk-size, and return 408 instead of
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe 413 when this is due to a read timeout. This change also fixes some cases
db8ac7cbb1fa6cdd6abcc4bb797d4deed32dd269jim of two error documents being sent in the response for the same scenario.
db8ac7cbb1fa6cdd6abcc4bb797d4deed32dd269jim [Eric Covener] PR49167
db8ac7cbb1fa6cdd6abcc4bb797d4deed32dd269jim *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
db8ac7cbb1fa6cdd6abcc4bb797d4deed32dd269jim to control/set the nonce used in the balancer-manager application.
7b979864a91b52ecebca11d0a9a22e09349e59baminfrin [Jim Jagielski]
8d755accbdc5ae15bb0d00169b815d264c7de745minfrin *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
7b979864a91b52ecebca11d0a9a22e09349e59baminfrin [Stefan Fritsch]
7b0a3bcc0e689305df49f7d4da7abc35aa891862brianp *) Proxy balancer: support setting error status according to HTTP response
7b0a3bcc0e689305df49f7d4da7abc35aa891862brianp code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
1bae4591a85d90325ecdacedf7e54d1bbfe31037aaron *) htcacheclean: Introduce the ability to clean specific URLs from the
1bae4591a85d90325ecdacedf7e54d1bbfe31037aaron cache, if provided as an optional parameter on the command line.
1bae4591a85d90325ecdacedf7e54d1bbfe31037aaron [Graham Leggett]
a6f48cc01ab8f5377e570c61826dcdfc36741936trawick *) core: Introduce the IncludeStrict directive, which explicitly fails
a6f48cc01ab8f5377e570c61826dcdfc36741936trawick server startup if no files or directories match a wildcard path.
a6f48cc01ab8f5377e570c61826dcdfc36741936trawick [Graham Leggett]
2da345202997f8f5860c801d68f7913c02fc05fctrawick *) htcacheclean: Report additional statistics about entries deleted.
2da345202997f8f5860c801d68f7913c02fc05fctrawick PR 48944. [Mark Drayton mark markdrayton.info]
5bd562b1d7da51cb5715899d32bb4c79c54459b0wrowe *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
5bd562b1d7da51cb5715899d32bb4c79c54459b0wrowe builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
1c06e98017400874d5ff6ad79f13145ec4589225striker build of openssl is required for 'SSLFIPS on'. PR 46270.
1c06e98017400874d5ff6ad79f13145ec4589225striker [Dr Stephen Henson <steve openssl.org>, William Rowe]
99a041314eb3db0b0cca325c9c40d0a6c5fdf04fwrowe *) mod_proxy_http: Log the port of the remote server in various messages.
99a041314eb3db0b0cca325c9c40d0a6c5fdf04fwrowe PR 48812. [Igor Galić <i galic brainsware org>]
99a041314eb3db0b0cca325c9c40d0a6c5fdf04fwrowe *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
99a041314eb3db0b0cca325c9c40d0a6c5fdf04fwrowe connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
99a041314eb3db0b0cca325c9c40d0a6c5fdf04fwrowe *) mod_proxy_ajp: Really regard the operation a success, when the client
99a041314eb3db0b0cca325c9c40d0a6c5fdf04fwrowe aborted the connection. In addition adjust the log message if the client
6e119e632566d69798ce6cf4e714ed374b72914frederpj aborted the connection. [Ruediger Pluem]
6e119e632566d69798ce6cf4e714ed374b72914frederpj *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
6e119e632566d69798ce6cf4e714ed374b72914frederpj allows insecure renegotiation with clients which do not yet
6e119e632566d69798ce6cf4e714ed374b72914frederpj support the secure renegotiation protocol. [Joe Orton]
bd120542ebe7e09cdbada5daf4924f4690e5ece3trawick *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
bd120542ebe7e09cdbada5daf4924f4690e5ece3trawick is configured for client cert auth. PR 46952. [Joe Orton]
bd120542ebe7e09cdbada5daf4924f4690e5ece3trawick *) core: Only log a 408 if it is no keepalive timeout. PR 39785
68d439bc0482b2e41053480f748edc2574c2ea7btrawick [Ruediger Pluem, Mark Montague <markmont umich.edu>]
68d439bc0482b2e41053480f748edc2574c2ea7btrawick *) support/rotatelogs: Add -L option to create a link to the current
68d439bc0482b2e41053480f748edc2574c2ea7btrawick log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
dddbde8480d265d06c84f2281f01e00f8ef52e94mjc *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
dddbde8480d265d06c84f2281f01e00f8ef52e94mjc setting only, matching most of the documentation and examples.
a5ca705e053a6c754c5958aafcd6f0aa60a2e67frbb PR 46541 [Paul Reder, Eric Covener]
e06675c51d084791089d79c3ac18aeae8dd465fcrbb *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
e06675c51d084791089d79c3ac18aeae8dd465fcrbb types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
481c1206b6065a8f37ab75ca1fc26c947cb37852ianh *) mod_negotiation: Preserve query string over multiviews negotiation.
481c1206b6065a8f37ab75ca1fc26c947cb37852ianh This buglet was fixed for type maps in 2.2.6, but the same issue
481c1206b6065a8f37ab75ca1fc26c947cb37852ianh affected multiviews and was overlooked.
a964f7434f5c7f512a5fa0d0178260ccb74c84berbb PR 33112 [Joergen Thomsen <apache jth.net>]
a964f7434f5c7f512a5fa0d0178260ccb74c84berbb *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
a964f7434f5c7f512a5fa0d0178260ccb74c84berbb when some are not password-protected. [Eric Covener]
6a7877447bcb8e6ff848d72f82f184c404ef4c0bminfrin *) Fix startup segfault when the Mutex directive is used but no loaded
6a7877447bcb8e6ff848d72f82f184c404ef4c0bminfrin modules use httpd mutexes. PR 48787. [Jeff Trawick]
9335cbd541cca1ca6038af329bbd1645310aabccminfrin *) Proxy: get the headers right in a HEAD request with
9335cbd541cca1ca6038af329bbd1645310aabccminfrin ProxyErrorOverride, by checking for an overridden error
9335cbd541cca1ca6038af329bbd1645310aabccminfrin before not after going into a catch-all code path.
9335cbd541cca1ca6038af329bbd1645310aabccminfrin PR 41646. [Nick Kew, Stuart Children]
9335cbd541cca1ca6038af329bbd1645310aabccminfrin *) support/rotatelogs: Support the simplest log rotation case, log
9335cbd541cca1ca6038af329bbd1645310aabccminfrin truncation. Useful when the log is being processed in real time
e156db58351d1c040bc72430f3eb072cb6ae7107brianp using a command like tail. [Graham Leggett]
e156db58351d1c040bc72430f3eb072cb6ae7107brianp *) support/htcacheclean: Teach it how to write a pid file (modelled on
e156db58351d1c040bc72430f3eb072cb6ae7107brianp httpd's writing of a pid file) so that it becomes possible to run
1c06e98017400874d5ff6ad79f13145ec4589225striker more than one instance of htcacheclean on the same machine.
1c06e98017400874d5ff6ad79f13145ec4589225striker [Graham Leggett]
eb1349e4ab58bd2935f7054a1bfc5c86ab5a5fa3striker *) Log command line on startup, so there's a record of command line
eb1349e4ab58bd2935f7054a1bfc5c86ab5a5fa3striker arguments like -f. PR 48752. [Dan Poirier]
6a94da925498a20a09fde0a66002607be8d83b1astriker *) Introduce mod_reflector, a handler capable of reflecting POSTed
75161f3b2029c25bdb3f8ab87b85cb1810c479eajerenkrantz request bodies back within the response through the output filter
7639aa8b39e0d9dbd096f9cc3379bcd3d5e4003bstriker stack. Can be used to turn an output filter into a web service.
8dc5aa056a586ffa920a6ecd5c31048702371ea6brianp [Graham Leggett]
4c9d27bfdfea41b388dc705f7cc2b49318ab5344jim *) mod_proxy_http: Make sure that when an ErrorDocument is served
4c9d27bfdfea41b388dc705f7cc2b49318ab5344jim from a reverse proxied URL, that the subrequest respects the status
e8e8ab3cbc3d90f15eb78e094c381a6e908fd6efjerenkrantz of the original request. This brings the behaviour of proxy_handler
e8e8ab3cbc3d90f15eb78e094c381a6e908fd6efjerenkrantz in line with default_handler. PR 47106. [Graham Leggett]
f4c472b8dce3c2e559232dbb5b27ed2466922ea4jerenkrantz *) Support wildcards in both the directory and file components of
f4c472b8dce3c2e559232dbb5b27ed2466922ea4jerenkrantz the path specified by the Include directive. [Graham Leggett]
8dc5aa056a586ffa920a6ecd5c31048702371ea6brianp *) mod_proxy, mod_proxy_http: Support remote https proxies
8dc5aa056a586ffa920a6ecd5c31048702371ea6brianp by using HTTP CONNECT. PR 19188.
7e31ef4870c7ef94838585004405e8854fefcc51ianh [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
7e31ef4870c7ef94838585004405e8854fefcc51ianh *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
7e31ef4870c7ef94838585004405e8854fefcc51ianh [Philip M. Gollucci]
bd496a3a7752a55c849e62ed00cacc492d4f6d3erederpj *) worker: Don't report server has reached MaxClients until it has.
bd496a3a7752a55c849e62ed00cacc492d4f6d3erederpj Add message when server gets within MinSpareThreads of MaxClients.
bd496a3a7752a55c849e62ed00cacc492d4f6d3erederpj PR 46996. [Dan Poirier]
bd496a3a7752a55c849e62ed00cacc492d4f6d3erederpj *) mod_session: Session expiry was being initialised, but not updated
a8c401eadf77822e851f19c7740e7ec6dca03daastoddard on each session save, resulting in timed out sessions when there
a8c401eadf77822e851f19c7740e7ec6dca03daastoddard should not have been. Fixed. [Graham Leggett]
a8c401eadf77822e851f19c7740e7ec6dca03daastoddard *) mod_log_config: Add the R option to log the handler used within the
93d7153aa172665f55b04463b831ad556269c3efbrianp request. [Christian Folini <christian.folini netnea com>]
791781f2ccc1f1f1bc1b1643861d3da23edfd147jerenkrantz *) mod_include: Allow fine control over the removal of Last-Modified and
2ffa5829cad36f12b0a1fc3481592e85bc210a5bjerenkrantz ETag headers within the INCLUDES filter, making it possible to cache
2ffa5829cad36f12b0a1fc3481592e85bc210a5bjerenkrantz responses if desired. Fix the default value of the SSIAccessEnable
2ffa5829cad36f12b0a1fc3481592e85bc210a5bjerenkrantz directive. [Graham Leggett]
02e8590d904653a95eca31bdf8e60866642bb592slive *) Add new UnDefine directive to undefine a variable. PR 35350.
30a5ee06ae5f7f67a83d6852871f654ae3e14aadslive [Stefan Fritsch]
a97c4ce2bea3dbf8ddc82c796cf93aa6b46765a4brianp *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
a97c4ce2bea3dbf8ddc82c796cf93aa6b46765a4brianp for regex backreferences as mod_rewrite and mod_include: Remove the use
a97c4ce2bea3dbf8ddc82c796cf93aa6b46765a4brianp of '&' as an alias for '$0' and allow to escape any character with a
b7838ae85a698af19d90ba4ebe03e10bdc149eacjerenkrantz backslash. PR 48351. [Stefan Fritsch]
435d2db95b905b0d16d35410e18ff77dc39688aabrianp *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
435d2db95b905b0d16d35410e18ff77dc39688aabrianp password to UTF-8. PR 45318.
435d2db95b905b0d16d35410e18ff77dc39688aabrianp [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
a574815e2c6db68b9d8139db89921ededf033decianh *) ab: Fix calculation of requests per second in HTML output. PR 48594.
a574815e2c6db68b9d8139db89921ededf033decianh [Stefan Fritsch]
964f539e766a3301b3e2f767baeffddcf9f6092bjerenkrantz *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
964f539e766a3301b3e2f767baeffddcf9f6092bjerenkrantz password now result in an informational level log entry instead of
5e538c6ced13aa2f7c358e1a44f651d31dd5fab8brianp warning level. [Eric Covener]
5e538c6ced13aa2f7c358e1a44f651d31dd5fab8brianpChanges with Apache 2.3.5
61202a45487668abad788c02e339f626176e645fianh *) SECURITY: CVE-2010-0434 (cve.mitre.org)
61202a45487668abad788c02e339f626176e645fianh Ensure each subrequest has a shallow copy of headers_in so that the
61202a45487668abad788c02e339f626176e645fianh parent request headers are not corrupted. Eliminates a problematic
02c49e1f35a4d1a171df2d319e76af0c5163dc4dmartin optimization in the case of no request body. PR 48359
02c49e1f35a4d1a171df2d319e76af0c5163dc4dmartin [Jake Scott, William Rowe, Ruediger Pluem]
6deb8bcfb8511ac38243a8274fc589842841b398ianh *) Turn static function get_server_name_for_url() into public
6deb8bcfb8511ac38243a8274fc589842841b398ianh ap_get_server_name_for_url() and use it where appropriate. This
6deb8bcfb8511ac38243a8274fc589842841b398ianh fixes mod_rewrite generating invalid URLs for redirects to IPv6
49bbbd1939208be54a3eb00b95e61d90d180a606ianh literal addresses. [Stefan Fritsch]
93d7153aa172665f55b04463b831ad556269c3efbrianp *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
93d7153aa172665f55b04463b831ad556269c3efbrianp for LDAP operations like bind and search. [Stefan Fritsch]
93d7153aa172665f55b04463b831ad556269c3efbrianp *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
bc6600a6207e5d15b895294e370e4e3320a803d8stoddard mod_proxy_ftp. [Takashi Sato]
bc6600a6207e5d15b895294e370e4e3320a803d8stoddard *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
bc6600a6207e5d15b895294e370e4e3320a803d8stoddard mod_proxy_connect. [Takashi Sato]
bc6600a6207e5d15b895294e370e4e3320a803d8stoddard *) mod_cache: Do an exact match of the keys defined by
bc6600a6207e5d15b895294e370e4e3320a803d8stoddard CacheIgnoreURLSessionIdentifiers against the querystring instead of
4e21f1a207aefa9796dc758bf7274b0f1fea780fstoddard a partial match. PR 48401.
7a23067e782dd5612d4d4b539906e1733b664df7jwoolley [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
5c214a63f9722864ac4983995da11353779515dbrederpj *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
5c214a63f9722864ac4983995da11353779515dbrederpj *) Core HTTP: disable keepalive when the Client has sent
9f20717d827f2113a23dfa45539813171cf626eaianh Expect: 100-continue
9f20717d827f2113a23dfa45539813171cf626eaianh but we respond directly with a non-100 response.
9f20717d827f2113a23dfa45539813171cf626eaianh Keepalive here led to data from clients continuing being treated as
9f20717d827f2113a23dfa45539813171cf626eaianh a new request.
a0db2f093595083300ad3438314f90921405ccf9wrowe PR 47087 [Nick Kew]
a0db2f093595083300ad3438314f90921405ccf9wrowe *) Core: reject NULLs in request line or request headers.
c66798efb2184ecf904cd8471acd17e65688b1caianh PR 43039 [Nick Kew]
fb59f85aab19883025f619727948b8088232cc4brederpj *) Core: (re)-introduce -T commandline option to suppress documentroot
fb59f85aab19883025f619727948b8088232cc4brederpj check at startup.
fb59f85aab19883025f619727948b8088232cc4brederpj PR 41887 [Jan van den Berg <janvdberg gmail.com>]
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh ScanHTMLTitles, ReadmeName, HeaderName
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
61afed048a4d67ed923d52e5c865c0f10a8e9e73trawick *) Proxy: Fix ProxyPassReverse with relative URL
0bbb249eafe9ef9508821f0ef58e7440625ecd62trawick Derived (slightly erroneously) from PR 38864 [Nick Kew]
61afed048a4d67ed923d52e5c865c0f10a8e9e73trawick *) mod_headers: align Header Edit with Header Set when used on Content-Type
7a23067e782dd5612d4d4b539906e1733b664df7jwoolley PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
7a23067e782dd5612d4d4b539906e1733b664df7jwoolley *) mod_headers: Enable multi-match-and-replace edit option
7a23067e782dd5612d4d4b539906e1733b664df7jwoolley PR 46594 [Nick Kew]
6032a7c97a25c52f4bdd78ce23f2010e52c9e81arederpj *) mod_filter: enable it to act on non-200 responses.
6032a7c97a25c52f4bdd78ce23f2010e52c9e81arederpj PR 48377 [Nick Kew]
ba2e14e474516f1c75a96b4f6d1a9dec332175efianhChanges with Apache 2.3.4
f0791c5bdfd36969d292a4092df076aa6d1c34ccwrowe *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
f0791c5bdfd36969d292a4092df076aa6d1c34ccwrowe and WatchdogMutexPath with a single Mutex directive. Add APIs to
f0791c5bdfd36969d292a4092df076aa6d1c34ccwrowe simplify setup and user customization of APR proc and global mutexes.
f0791c5bdfd36969d292a4092df076aa6d1c34ccwrowe (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
749011213737e8d0cd6ca78d5eb532ec6f6b9fdfianh respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
749011213737e8d0cd6ca78d5eb532ec6f6b9fdfianh *) http_core: KeepAlive no longer accepts other than On|Off.
ec69fc6e323eb1f3112966e06e9e37be608d052cianh [Takashi Sato]
e7bf4d6f15d04e86e20002e65f60d7fbf80e5974stoddard *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
e7bf4d6f15d04e86e20002e65f60d7fbf80e5974stoddard and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
8ab933f1df663f95c27e2ce5772127d4f3a10e0bstriker [Jeff Trawick]
de42d3dfd83a4cc62f0dd6b79ee5cbcfa69fd503brianp *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
de42d3dfd83a4cc62f0dd6b79ee5cbcfa69fd503brianp try other providers in the case of an LDAP bind failure.
de42d3dfd83a4cc62f0dd6b79ee5cbcfa69fd503brianp PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
44380fc1701cbb8b0a977d5a1497f0c6ee912e0bfielding *) Build: fix --with-module to work as documented
44380fc1701cbb8b0a977d5a1497f0c6ee912e0bfieldingChanges with Apache 2.3.3
44380fc1701cbb8b0a977d5a1497f0c6ee912e0bfielding *) SECURITY: CVE-2009-3095 (cve.mitre.org)
44380fc1701cbb8b0a977d5a1497f0c6ee912e0bfielding mod_proxy_ftp: sanity check authn credentials.
a8dda281113c5038945423320d8c9b42e3d1ddb1jwoolley [Stefan Fritsch <sf fritsch.de>, Joe Orton]
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) SECURITY: CVE-2009-3094 (cve.mitre.org)
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe mod_proxy_ftp: NULL pointer dereference on error paths.
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe [Stefan Fritsch <sf fritsch.de>, Joe Orton]
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) mod_dav: Include uri when logging a PUT error due to connection abort.
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe PR 38149. [Stefan Fritsch]
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe (a COPY request where the parent of the destination resource does not
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe exist). PR 39299. [Stefan Fritsch]
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe PR 42896. [Stefan Fritsch]
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe creating files. On systems with inode numbers, this is a format change of
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowe the DavLockDB. The old DavLockDB must be deleted on upgrade.
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowe [Stefan Fritsch]
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowe *) mod_log_config: Make ${cookie}C correctly match whole cookie names
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowe instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowe Stefan Fritsch]
6ba861fd6c705eaeb1f9bb97df86ddea6895e263minfrin *) vhost: A purely-numeric Host: header should not be treated as a port.
6ba861fd6c705eaeb1f9bb97df86ddea6895e263minfrin PR 44979 [Nick Kew]
b78ed256f4b99e72836d36fd68d4e7a26dbe032cianh *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
b78ed256f4b99e72836d36fd68d4e7a26dbe032cianh when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
b78ed256f4b99e72836d36fd68d4e7a26dbe032cianh LDAPReferralHopLimit is explicitly configured.
698670444b30b79e808155739f98c39bec35f72awrowe [Eric Covener]
698670444b30b79e808155739f98c39bec35f72awrowe *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowe [Eric Covener]
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowe *) mod_ssl: Add support for OCSP Stapling. PR 43822.
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowe [Dr Stephen Henson <shenson oss-institute.org>]
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowe *) mod_socache_shmcb: Allow parens in file name if cache size is given.
94e2b2d12fa269af16fa63a6270d3336d9f126f2trawick Fixes SSLSessionCache directive mis-parsing parens in pathname.
94e2b2d12fa269af16fa63a6270d3336d9f126f2trawick PR 47945. [Stefan Fritsch]
94e2b2d12fa269af16fa63a6270d3336d9f126f2trawick *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
35313c8d7368125c3e95d3118238d2be9a613000trawick *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawick *) mod_sed: Reduce memory consumption when processing very long lines.
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawick PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawick *) ab: Fix segfault in case the argument for -n is a very large number.
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawick PR 47178. [Philipp Hagemeister <oss phihag.de>]
c51f2b89da23e3371959a74808dee1792d96f5c1wsanchez *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
c51f2b89da23e3371959a74808dee1792d96f5c1wsanchez [Stefan Fritsch]
c51f2b89da23e3371959a74808dee1792d96f5c1wsanchez *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
79c9b0ac498d97336874edba0daf9f544ad14671trawick for worker MPM. [Takashi Sato]
79c9b0ac498d97336874edba0daf9f544ad14671trawick *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
79c9b0ac498d97336874edba0daf9f544ad14671trawick from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
79c9b0ac498d97336874edba0daf9f544ad14671trawick Brian France <brian brianfrance.com>]
5a7d934619b2be92e18be5dd3366f4ac6ddeab43trawick *) Build: Use install instead of cp if available on installing
5a7d934619b2be92e18be5dd3366f4ac6ddeab43trawick modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
5a70e5b66eb7758d0e64e070211f699fc83fca70wrowe *) mod_cache: correctly consider s-maxage in cacheability
5a70e5b66eb7758d0e64e070211f699fc83fca70wrowe decisions. [Dan Poirier]
5a70e5b66eb7758d0e64e070211f699fc83fca70wrowe *) mod_logio/core: Report more accurate byte counts in mod_status if
84eeb0ab12215fc22577a9a0a9589cea2a445712trawick mod_logio is loaded. PR 25656. [Stefan Fritsch]
1d3fbd2d9f03c0826977d940a2081401edf522d4jerenkrantz *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
1d3fbd2d9f03c0826977d940a2081401edf522d4jerenkrantz some cache entries and log a warning. Also increase the default
b5cc0253789825ace46944dc9cde744be08dd77fjerenkrantz LDAPSharedCacheSize to 500000. This is a more realistic size suitable
b5cc0253789825ace46944dc9cde744be08dd77fjerenkrantz for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslive PR 46749. [Stefan Fritsch]
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslive *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslive the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslive *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslive Location section, in line with how ProxyPass works. [Graham Leggett]
ba2bab42e97405dc41c0f8fe3416f7f9a79ed7a9brianp *) mod_reqtimeout: New module to set timeouts and minimum data rates for
ba2bab42e97405dc41c0f8fe3416f7f9a79ed7a9brianp receiving requests from the client. [Stefan Fritsch]
756b54396a86db555817bb52149d91b60d00e35fwrowe *) core: Fix potential memory leaks by making sure to not destroy
756b54396a86db555817bb52149d91b60d00e35fwrowe bucket brigades that have been created by earlier filters.
756b54396a86db555817bb52149d91b60d00e35fwrowe [Stefan Fritsch]
b4251d1fbef86f96e01c68f8de086e0dbb8bcb74trawick *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
b4251d1fbef86f96e01c68f8de086e0dbb8bcb74trawick brigades in several places. [Stefan Fritsch]
24efed0910118b762a4eb84830875d4714b8d315ianh *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
50e60f30bdc074fbc887f0b98f4d570457ac97c9brianp match by scheme, or by a wildcarded hostname. PR 40169
50e60f30bdc074fbc887f0b98f4d570457ac97c9brianp [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
bdbafc44d060509e86f0cc56ff4d19579438f846striker *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
bdbafc44d060509e86f0cc56ff4d19579438f846striker on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
fbd0c3dbae333ba4a7225dad2d090419ad894e4ctrawick *) mod_mime: Make RemoveType override the info from TypesConfig.
bdbafc44d060509e86f0cc56ff4d19579438f846striker PR 38330. [Stefan Fritsch]
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe *) mod_cache: Introduce the option to run the cache from within the
6d0ec39a3ef89ce485f23008efa399b7b35bf1fdjwoolley normal request handler, and to allow fine grained control over
6d0ec39a3ef89ce485f23008efa399b7b35bf1fdjwoolley where in the filter chain content is cached. [Graham Leggett]
6d0ec39a3ef89ce485f23008efa399b7b35bf1fdjwoolley *) core: Treat timeout reading request as 408 error, not 400.
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantz Log 408 errors in access log as was done in Apache 1.3.x.
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantz PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantz Stefan Fritsch <sf fritsch.de>, Dan Poirier]
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantz *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
6b87b6eee6a43f40ef6bead9ef3173979b4cd76crbb SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
6b87b6eee6a43f40ef6bead9ef3173979b4cd76crbb *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
6b87b6eee6a43f40ef6bead9ef3173979b4cd76crbb PR15866. [Dan Poirier]
bfd2cedbf2918fcb95daa9f850ecdf5e24765c22jerenkrantz *) ab: ab segfaults in verbose mode on https sites
bfd2cedbf2918fcb95daa9f850ecdf5e24765c22jerenkrantz PR46393. [Ryan Niebur]
f9a773d26994c3b267589e404cdb5b760f83e888jerenkrantz *) mod_dav: Allow other modules to become providers and add resource types
f9a773d26994c3b267589e404cdb5b760f83e888jerenkrantz to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
a250599aab6669d5877edf158032efd2538e5820trawick Brian France <brian brianfrance.com>]
a250599aab6669d5877edf158032efd2538e5820trawick *) mod_dav: Allow other modules to add things to the DAV or Allow headers
a250599aab6669d5877edf158032efd2538e5820trawick of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
41338e6ead3fa8d60ad3841d069f4b47e71d9177wrowe Brian France <brian brianfrance.com>]
41338e6ead3fa8d60ad3841d069f4b47e71d9177wrowe *) core: Lower memory usage of core output filter.
41338e6ead3fa8d60ad3841d069f4b47e71d9177wrowe [Stefan Fritsch <sf sfritsch.de>]
92b0ffb9cbc04b3d9c7ce6becadc0c3d88dea2d9wrowe *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
92b0ffb9cbc04b3d9c7ce6becadc0c3d88dea2d9wrowe LocationMatch sections. PR47754. [Dan Poirier]
961ff00a8f1fe79a8ac8b18617b40a404e28cb35brianp *) mod_request: Make sure the KeptBodySize directive rejects values
961ff00a8f1fe79a8ac8b18617b40a404e28cb35brianp that aren't valid numbers. [Graham Leggett]
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe *) mod_session_crypto: Sanity check should the potentially encrypted
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe session cookie be too short. [Graham Leggett]
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe *) mod_session.c: Prevent a segfault when session is added but not
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe configured. [Graham Leggett]
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
c43fd8f8f90a7549bffe1e581eedbd087db1163estoddard *) mod_auth_digest: Fail server start when nonce count checking
c43fd8f8f90a7549bffe1e581eedbd087db1163estoddard is configured without shared memory, or md5-sess algorithm is
c43fd8f8f90a7549bffe1e581eedbd087db1163estoddard configured. [Dan Poirier]
854cc4d3451547c2359c27870a3c354ad385a49bianh *) mod_proxy_connect: The connect method doesn't work if the client is
854cc4d3451547c2359c27870a3c354ad385a49bianh connecting to the apache proxy through an ssl socket. Fixed.
854cc4d3451547c2359c27870a3c354ad385a49bianh PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
02ec77ed8e15b4b601de98a322e4bd8d7d3e1ec2trawick David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
02ec77ed8e15b4b601de98a322e4bd8d7d3e1ec2trawick Kevin Croft, Rudolf Cardinal]
49ada1eac7c4cae429ba193273b7f40f355d9c7ejwoolley *) mod_ssl: The error message when SSLCertificateFile is missing should
49ada1eac7c4cae429ba193273b7f40f355d9c7ejwoolley at least give the name or position of the problematic virtual host
49ada1eac7c4cae429ba193273b7f40f355d9c7ejwoolley definition. [Stefan Fritsch sf sfritsch.de]
88425bd3442321915195ac9dfa9a80ffcd968fa4brianp *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
88425bd3442321915195ac9dfa9a80ffcd968fa4brianp *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
a8dda281113c5038945423320d8c9b42e3d1ddb1jwoolley *) mod_headers: generalise the envclause to support expression
a8dda281113c5038945423320d8c9b42e3d1ddb1jwoolley evaluation with ap_expr parser [Nick Kew]
37b8494ffaeb4ee9a9a2f9917d334078c16d4212jwoolley *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
37b8494ffaeb4ee9a9a2f9917d334078c16d4212jwoolley the flood of requests at bay that strike a backend webserver as
bf3d1782a29630335a1df535eb395355ab1cd154jwoolley a cached entity goes stale. [Graham Leggett]
37b8494ffaeb4ee9a9a2f9917d334078c16d4212jwoolley *) mod_auth_digest: Fix usage of shared memory and re-enable it.
da16bea08c6ff10ceb8d250ff23e8e81a372cef8jwoolley PR 16057 [Dan Poirier]
99f692732327e0c200fd639105dbf9940bd229f1rbb *) Preserve Port information over internal redirects
80f73246cc14f02d50bfac5306c079464c2dd1c6rbb *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
80f73246cc14f02d50bfac5306c079464c2dd1c6rbb rather than BAD_GATEWAY or (especially) NOT_FOUND.
80f73246cc14f02d50bfac5306c079464c2dd1c6rbb PR 46971 [evanc nortel.com]
80f73246cc14f02d50bfac5306c079464c2dd1c6rbb *) Various modules: Do better checking of pollset operations in order to
dcdc78fce34f06533df4829abbc726f7fbf207fejwoolley avoid segmentation faults if they fail. PR 46467
dcdc78fce34f06533df4829abbc726f7fbf207fejwoolley [Stefan Fritsch <sf sfritsch.de>]
d4a93d608a28bf331625544a2896fa20bef4a2b4rbb *) mod_autoindex: Correctly create an empty cell if the description
d4a93d608a28bf331625544a2896fa20bef4a2b4rbb for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
d4a93d608a28bf331625544a2896fa20bef4a2b4rbb *) ab: Fix broken error messages after resolver or connect() failures.
d4a93d608a28bf331625544a2896fa20bef4a2b4rbb [Jeff Trawick]
36fcd3d96b9bf9a2d4af424e64584b5dede3e3e6brianp *) SECURITY: CVE-2009-1890 (cve.mitre.org)
36fcd3d96b9bf9a2d4af424e64584b5dede3e3e6brianp Fix a potential Denial-of-Service attack against mod_proxy in a
4b34d6a5b70303010612df6c87da3ee91ae86078rbb reverse proxy configuration, where a remote attacker can force a
4b34d6a5b70303010612df6c87da3ee91ae86078rbb proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
4b34d6a5b70303010612df6c87da3ee91ae86078rbb *) SECURITY: CVE-2009-1191 (cve.mitre.org)
4b34d6a5b70303010612df6c87da3ee91ae86078rbb mod_proxy_ajp: Avoid delivering content from a previous request which
4b34d6a5b70303010612df6c87da3ee91ae86078rbb failed to send a request body. PR 46949 [Ruediger Pluem]
44d971eef4337ad80ba3d360c84ffa8188d50325trawick *) htdbm: Fix possible buffer overflow if dbm database has very
84bdb86d57d2a2f828b17e77ac2379fed551c2adtrawick long values. PR 30586 [Dan Poirier]
84bdb86d57d2a2f828b17e77ac2379fed551c2adtrawick *) core: Return APR_EOF if request body is shorter than the length announced
46603605c2edcc1cc84fa45634e19a395134078atrawick by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
46603605c2edcc1cc84fa45634e19a395134078atrawick *) mod_suexec: correctly set suexec_enabled when httpd is run by a
46603605c2edcc1cc84fa45634e19a395134078atrawick non-root user and may have insufficient permissions.
46603605c2edcc1cc84fa45634e19a395134078atrawick PR 42175 [Jim Radford <radford blackbean.org>]
86826d685f83170ca07d56550db9f0c2922a916btrawick *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
86826d685f83170ca07d56550db9f0c2922a916btrawick type. PR 45107. [Michael Ströder <michael stroeder.com>,
4f412c60e9c2af999619d11b236068a0e0e94944trawick *) mod_proxy_http: fix case sensitivity checking transfer encoding
4f412c60e9c2af999619d11b236068a0e0e94944trawick PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
4f6effa17a5084085c9104b0bb97c2ba1622cfa6jerenkrantz *) mod_alias: ensure Redirect issues a valid URL.
4f6effa17a5084085c9104b0bb97c2ba1622cfa6jerenkrantz PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
4f6effa17a5084085c9104b0bb97c2ba1622cfa6jerenkrantz *) mod_dir: add FallbackResource directive, to enable admin to specify
bfa5c37259833629155d486bb1571d39a57de64dbnicholes an action to happen when a URL maps to no file, without resorting
bfa5c37259833629155d486bb1571d39a57de64dbnicholes to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
a946a7e607c21cf6068e7380d7e81cc2bf027913trawick *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
a946a7e607c21cf6068e7380d7e81cc2bf027913trawick CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
c88a70518d7d0b5bccb22a68d446c2d6589790dcjwoolley *) mod_rewrite: Remove locking for writing to the rewritelog.
c88a70518d7d0b5bccb22a68d446c2d6589790dcjwoolley PR 46942 [Dan Poirier <poirier pobox.com>]
e59e4b703b7e19c4b35030e4baac8a96a8d4b504dougm *) mod_alias: check sanity in Redirect arguments.
e59e4b703b7e19c4b35030e4baac8a96a8d4b504dougm PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougm *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougm PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougm *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougm defined session identifiers encoded in the URL when caching.
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougm [Ruediger Pluem]
835836eaf9e2a23192a262307b08f626e50e2180trawick *) mod_rewrite: Fix the error string returned by RewriteRule.
835836eaf9e2a23192a262307b08f626e50e2180trawick RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
81dddb023f9dd43b350f782972c1f75a88a2d93ftrawick argument of RewriteRule was not started with "[" or not ended with "]".
81dddb023f9dd43b350f782972c1f75a88a2d93ftrawick PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowe *) Windows: Fix usage message.
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowe [Rainer Jung]
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowe *) apachectl: When passing through arguments to httpd in
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowe non-SysV mode, use the "$@" syntax to preserve arguments.
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowe [Eric Covener]
b26781e595625911fc8fc8215133ad2285ed75d8jim *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
b26781e595625911fc8fc8215133ad2285ed75d8jim be run when a connection is opened. PR 46827
5117466ef123b1efbc2feba168f37069ef6f230bianh [Marko Kevac <mkevac gmail.com>]
5117466ef123b1efbc2feba168f37069ef6f230bianh *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
9c39f8fb982df4dbce5304e49385568e6d35bfa8trawick PR 47037. [Jeff Trawick]
9c39f8fb982df4dbce5304e49385568e6d35bfa8trawick *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
9c39f8fb982df4dbce5304e49385568e6d35bfa8trawick protocol. [Mladen Turk]
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowe *) mod_proxy_ajp: Forward remote port information by default.
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowe [Rainer Jung]
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowe *) Allow MPMs to be loaded dynamically, as with most other modules. Use
1d50c90ddb7e3d144ec8a2bd848ca1e7bbf8e534bnicholes --enable-mpms-shared={list|"all"} to enable. This required changes to
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowe the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowe header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
1d50c90ddb7e3d144ec8a2bd848ca1e7bbf8e534bnicholes ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
1d50c90ddb7e3d144ec8a2bd848ca1e7bbf8e534bnicholes called until after the register-hooks phase. [Jeff Trawick]
24e361af20a3107dc934b4895911ce6bcce0603ejwoolley *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
24e361af20a3107dc934b4895911ce6bcce0603ejwoolley to enable stricter checking of remote server certificates.
4657f9b12af4b123b80e15c73fa03c190e47a8bftrawick [Ruediger Pluem]
4657f9b12af4b123b80e15c73fa03c190e47a8bftrawick *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
4657f9b12af4b123b80e15c73fa03c190e47a8bftrawick returns EINPROGRESS and a subsequent poll() returns only POLLERR.
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbb Observed on HP-UX. [Eric Covener]
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbb *) Remove broken support for BeOS, TPF, and even older platforms such
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbb as A/UX, Next, and Tandem. [Jeff Trawick]
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbb *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
ad668861e40da485f2eea24dc4c1f9940e470698rbb globbing characters to be retrieved instead of converted into a
ad668861e40da485f2eea24dc4c1f9940e470698rbb directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
ad668861e40da485f2eea24dc4c1f9940e470698rbb *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
89211a5d592cdf0170d2b541946661b1a2a279c5trawick of module state across unload/load. [Jeff Trawick]
89211a5d592cdf0170d2b541946661b1a2a279c5trawick *) mod_substitute: Fix a memory leak. PR 44948
89211a5d592cdf0170d2b541946661b1a2a279c5trawick [Dan Poirier <poirier pobox.com>]
5caa0a5c428439b566a4fcc711747e2053bcfd1ajerenkrantzChanges with Apache 2.3.2
34d672a81f3e72f30568462135ddf6d71dcfa8d8bnicholes *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
34d672a81f3e72f30568462135ddf6d71dcfa8d8bnicholes *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
b1d2d2797866636f792717f96401292481697145wrowe HTML injections and HTTP response splitting. PR 46837.
b1d2d2797866636f792717f96401292481697145wrowe [Geoff Keating <geoffk apple.com>]
b1d2d2797866636f792717f96401292481697145wrowe *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
b1d2d2797866636f792717f96401292481697145wrowe development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
b1d2d2797866636f792717f96401292481697145wrowe *) ab: Fix maintenance of the pollset to resolve EALREADY errors
b1d2d2797866636f792717f96401292481697145wrowe with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
b1d2d2797866636f792717f96401292481697145wrowe PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
4a98c07ecf4f27a9b18963bbe85260857664d03bjerenkrantz pollset implementations. [Jeff Trawick]
8abcc73436888a98721b10f0c09206f6fea68c55jerenkrantz *) mod_disk_cache: The module now turns off sendfile support if
b24d065530fdf97376f390522396be5a4469fcf4jerenkrantz 'EnableSendfile off' is defined globally. [Lars Eilebrecht]
b24d065530fdf97376f390522396be5a4469fcf4jerenkrantz *) mod_deflate: Adjust content metadata before bailing out on 304
a981bcb9c3b780184e75ff069d67fe84da6c3d3dbnicholes responses so that the metadata does not differ from 200 response.
a981bcb9c3b780184e75ff069d67fe84da6c3d3dbnicholes [Roy T. Fielding]
a981bcb9c3b780184e75ff069d67fe84da6c3d3dbnicholes *) mod_deflate: Fix creation of invalid Etag headers. We now make sure
a981bcb9c3b780184e75ff069d67fe84da6c3d3dbnicholes that the Etag value is properly quoted when adding the gzip marker.
b5fe023e1cf0aa3d15a3bf2e237891e837980feastoddard PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding]
b2cff333bc23b8e74c6aad9ee97973df02cca180aaron *) Added 20x22 icons for ODF, SVG, and XML documents. PR 37185.
b2cff333bc23b8e74c6aad9ee97973df02cca180aaron [Peter Harlow]
7eb55be5bcc75f2acf789aeca38d88a9c75d001ejwoolley *) Disabled DefaultType directive and removed ap_default_type()
7eb55be5bcc75f2acf789aeca38d88a9c75d001ejwoolley from core. We now exclude Content-Type from responses for which
d31e50dddb975275ef388ab64e380b6d4e5d9710jerenkrantz a media type has not been configured via mime.types, AddType,
d31e50dddb975275ef388ab64e380b6d4e5d9710jerenkrantz ForceType, or some other mechanism. PR 13986. [Roy T. Fielding]
d31e50dddb975275ef388ab64e380b6d4e5d9710jerenkrantz *) mod_rewrite: Add IPV6 variable to RewriteCond
d31e50dddb975275ef388ab64e380b6d4e5d9710jerenkrantz [Ryan Phillips <ryan-apache trolocsis.com>]
d5eaaee4a1e5faaf21e7111fd61732c6e7dbe8b2jwoolley *) core: Enhance KeepAliveTimeout to support a value in milliseconds.
d5eaaee4a1e5faaf21e7111fd61732c6e7dbe8b2jwoolley PR 46275. [Takashi Sato]
c88a70518d7d0b5bccb22a68d446c2d6589790dcjwoolley *) rotatelogs: Allow size units B, K, M, G and combination of
c88a70518d7d0b5bccb22a68d446c2d6589790dcjwoolley time and size based rotation. [Rainer Jung]
c64c364bf863ad985309ef10d68caaa93e8d09ccstoddard *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung]
c64c364bf863ad985309ef10d68caaa93e8d09ccstoddard *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508
d8d240df2f2b23455be6b01343daedebaa6c4f96trawick [<tlhackque yahoo.com>]
d8d240df2f2b23455be6b01343daedebaa6c4f96trawick *) core: Translate the the status line to ASCII on EBCDIC platforms in
d8d240df2f2b23455be6b01343daedebaa6c4f96trawick ap_send_interim_response() and for locally generated "100 Continue"
d8d240df2f2b23455be6b01343daedebaa6c4f96trawick responses. [Eric Covener]
b5b5e8cc4668ab29d8f08f590d829dcfaeda9d33brianp *) prefork: Fix child process hang during graceful restart/stop in
b5b5e8cc4668ab29d8f08f590d829dcfaeda9d33brianp configurations with multiple listening sockets. PR 42829. [Joe Orton,
b5b5e8cc4668ab29d8f08f590d829dcfaeda9d33brianp Jeff Trawick]
e2653756d0d14a9a620b24bd04a6ab1182178462brianp *) mod_session_crypto: Ensure that SessionCryptoDriver can only be
e2653756d0d14a9a620b24bd04a6ab1182178462brianp set in the global scope. [Graham Leggett]
d980a97cfc68de0ef35432ce03f1c1e468a19877jwoolley *) mod_ext_filter: We need to detect failure to startup the filter
d980a97cfc68de0ef35432ce03f1c1e468a19877jwoolley program (a mangled response is not acceptable). Fix to detect
d980a97cfc68de0ef35432ce03f1c1e468a19877jwoolley failure, and offer configuration option either to abort or
d980a97cfc68de0ef35432ce03f1c1e468a19877jwoolley to remove the filter and continue.
d980a97cfc68de0ef35432ce03f1c1e468a19877jwoolley PR 41120 [Nick Kew]
aa3510b82ec5d82ddbf4748829ec90f1ce71398ebrianp *) mod_session_crypto: Rewrite the session_crypto module against the
aa3510b82ec5d82ddbf4748829ec90f1ce71398ebrianp apr_crypto API. [Graham Leggett]
51b1d7f8eaa74807ab14479edde4421e77f5d1d7brianp *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest
08aff55373b2ae69182a58055a5c1b3a12d927b0slive until the main request is cleaned up. [Graham Leggett]
08aff55373b2ae69182a58055a5c1b3a12d927b0sliveChanges with Apache 2.3.1
4f50bfb0367b91396c0fe85b80536b760080d39etrawick *) ap_slotmem: Add in new slot-based memory access API impl., including
4f50bfb0367b91396c0fe85b80536b760080d39etrawick 2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski,
5a63340978acb9dd7e87724be57d2bde1cf1f629trawick Jean-Frederic Clere, Brian Akins <brian.akins turner.com>]
5a63340978acb9dd7e87724be57d2bde1cf1f629trawick *) mod_include: support generating non-ASCII characters as entities in SSI
9f7325ecad575cf77ab76b01beaaf339a63490b5trawick PR 25202 [Nick Kew]
8565f742f1ee3d514b2d48a1f2a5af5d7437c3b9trawick *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
8565f742f1ee3d514b2d48a1f2a5af5d7437c3b9trawick PR 25202 [Nick Kew]
8843b75d1c70af3da9a7306c4aede3b3e9346deajwoolley *) mod_rewrite: fix "B" flag breakage by reverting r5589343
8843b75d1c70af3da9a7306c4aede3b3e9346deajwoolley PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
8843b75d1c70af3da9a7306c4aede3b3e9346deajwoolley *) CGI: return 504 (Gateway timeout) rather than 500 when a script
dcecfbe7e63603d0fb95e4811e015039e9401990stoddard times out before returning status line/headers.
dcecfbe7e63603d0fb95e4811e015039e9401990stoddard PR 42190 [Nick Kew]
0c7592379b55b7736dd70d2d87f53af9a2347614jerenkrantz *) mod_cgid: fix segfault problem on solaris.
4844d314b0b6e55a309621b84c1786446c5fb418ianh PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
4844d314b0b6e55a309621b84c1786446c5fb418ianh *) mod_proxy_scgi: Added. [André Malo]
127c81d6b2c9ba8932273c2e1b13e3ea3d673b07trawick *) mod_cache: Introduce 'no-cache' per-request environment variable
127c81d6b2c9ba8932273c2e1b13e3ea3d673b07trawick to prevent the saving of an otherwise cacheable response.
127c81d6b2c9ba8932273c2e1b13e3ea3d673b07trawick [Eric Covener]
59d01b9ed1de043745262e49bb44bde7095c4723jwoolley *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
59d01b9ed1de043745262e49bb44bde7095c4723jwoolley way that per-directory rewrites append the previous notion of PATH_INFO
59d01b9ed1de043745262e49bb44bde7095c4723jwoolley to each substitution before evaluating subsequent rules.
59d01b9ed1de043745262e49bb44bde7095c4723jwoolley PR 38642 [Eric Covener]
e6e65585927961caf45d4e9e932bb1f4e9e89ca1jerenkrantz *) mod_cgid: Do not add an empty argument when calling the CGI script.
e6e65585927961caf45d4e9e932bb1f4e9e89ca1jerenkrantz PR 46380 [Ruediger Pluem]
b068b71651c802cc4e0b835495ad0e41c65e1174trawick *) scoreboard: Remove unused sb_type from process_score.
b068b71651c802cc4e0b835495ad0e41c65e1174trawick [Torsten Foertsch <torsten.foertsch gmx.net>, Chris Darroch]
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe size of the buffer used for the request-body where necessary
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe during a per-dir renegotiation. PR 39243. [Joe Orton]
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe *) mod_proxy_fdpass: New module to pass a client connection over to a separate
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe process that is reading from a unix daemon socket.
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe *) mod_ssl: Improve environment variable extraction to be more
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe efficient and to correctly handle DNs with duplicate tags.
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe PR 45975. [Joe Orton]
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe *) Remove the obsolete serial attribute from the RPM spec file. Compile
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe against the external pcre. Add missing binaries fcgistarter, and
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe mod_socache* and mod_session*. [Graham Leggett]
34a1e566d4af2735c87e2d3e6ac5e505855518aawroweChanges with Apache 2.3.0
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
dd39efc1f7ed97cf526aefa24359f0be2ac5c3f4trawick *) Remove X-Pad header which was added as a work around to a bug in
dd39efc1f7ed97cf526aefa24359f0be2ac5c3f4trawick Netscape 2.x to 4.0b2. [Takashi Sato <takashi lans-tv.com>]
f53367106769f90696d9c1f0ffcf9fbb4db883c2jerenkrantz *) Add DTrace Statically Defined Tracing (SDT) probes.
f53367106769f90696d9c1f0ffcf9fbb4db883c2jerenkrantz [Theo Schlossnagle <jesus omniti.com>, Paul Querna]
9a940e8e90f9b163737e23bbf72a3f2c67a39220brianp *) mod_proxy_balancer: Move all load balancing implementations
9a940e8e90f9b163737e23bbf72a3f2c67a39220brianp as individual, self-contained mod_proxy submodules under
8496c88debb9962575dac2b1ef9b81984d7bd759brianp *) Rename APIs to include ap_ prefix:
8496c88debb9962575dac2b1ef9b81984d7bd759brianp find_child_by_pid -> ap_find_child_by_pid
8496c88debb9962575dac2b1ef9b81984d7bd759brianp suck_in_APR -> ap_suck_in_APR
7c8747b339a5e47ea8301907051a9974d15b23b7brianp sys_privileges_handlers -> ap_sys_privileges_handlers
7c8747b339a5e47ea8301907051a9974d15b23b7brianp unixd_accept -> ap_unixd_accept
98f81eac9530d487f05013cda9df99755bb59689trawick unixd_config -> ap_unixd_config
98f81eac9530d487f05013cda9df99755bb59689trawick unixd_killpg -> ap_unixd_killpg
0b493ad526b8bbc2ff21ce19510fc32238abb816jwoolley unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
0b493ad526b8bbc2ff21ce19510fc32238abb816jwoolley unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
0b493ad526b8bbc2ff21ce19510fc32238abb816jwoolley unixd_set_rlimit -> ap_unixd_set_rlimit
0b493ad526b8bbc2ff21ce19510fc32238abb816jwoolley [Paul Querna]
1376737cb6afa24d3e12f3a223318fe1bd71bb1fslive *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
1376737cb6afa24d3e12f3a223318fe1bd71bb1fslive based on heartbeats. [Paul Querna]
ec1719a5748717f67dcd279bb64bd0da424ae450jerenkrantz *) mod_heartmonitor: New module to collect heartbeats, and write out a file
ec1719a5748717f67dcd279bb64bd0da424ae450jerenkrantz so that other modules can load balance traffic as needed. [Paul Querna]
dea9ded7417a8328f8fce5d57eca9d7af5500520trawick *) mod_heartbeat: New module to generate multicast heartbeats to know if a
dea9ded7417a8328f8fce5d57eca9d7af5500520trawick server is online. [Paul Querna]
3f0220bf6e864d982a10348c9cc269bfe798d65eaaron *) mod_buffer: Honour the flush bucket and flush the buffer in the
3f0220bf6e864d982a10348c9cc269bfe798d65eaaron input filter. Make sure that metadata buckets are written to
3f0220bf6e864d982a10348c9cc269bfe798d65eaaron the buffer, not to the final brigade. [Graham Leggett]
75d133afee2e3636b07366fd62102b13b67b1b1djerenkrantz *) mod_buffer: Optimise the buffering of heap buckets when the heap
75d133afee2e3636b07366fd62102b13b67b1b1djerenkrantz buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
2ae7ad6f58b7e3188ed4bd375a8930808529ba71jwoolley Ruediger Pluem]
2ae7ad6f58b7e3188ed4bd375a8930808529ba71jwoolley *) mod_buffer: Optional support for buffering of the input and output
2ae7ad6f58b7e3188ed4bd375a8930808529ba71jwoolley filter stacks. Can collapse many small buckets into fewer larger
5b30f835d627766b024500189c35bb55e686e890brianp buckets, and prevents excessively small chunks being sent over
5b30f835d627766b024500189c35bb55e686e890brianp the wire. [Graham Leggett]
d45481dadf7f1f0ffd95b38b1c5b0ea6b2d57888jerenkrantz *) mod_privileges: new module to make httpd on Solaris privileges-aware
d45481dadf7f1f0ffd95b38b1c5b0ea6b2d57888jerenkrantz and to enable different virtualhosts to run with different
d45481dadf7f1f0ffd95b38b1c5b0ea6b2d57888jerenkrantz privileges and Unix user/group IDs [Nick Kew]
0c7592379b55b7736dd70d2d87f53af9a2347614jerenkrantz *) mod_mem_cache: this module has been removed. [William Rowe]
6d62bc22f8f22a43e66e2e4d8860a5a144316b1astoddard *) authn/z: Remove mod_authn_default and mod_authz_default.
6d62bc22f8f22a43e66e2e4d8860a5a144316b1astoddard [Chris Darroch]
8efcf516f2b6514879fff8d034be55b6d64ff830striker *) authz: Fix handling of authz configurations, make default authz
71eda8b1c14e4d0adb2f294f22299587cd3d74a9striker logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
71eda8b1c14e4d0adb2f294f22299587cd3d74a9striker and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
922c0ad0014590bb10d13674012683eef44c0bbarederpj directives. [Chris Darroch]
922c0ad0014590bb10d13674012683eef44c0bbarederpj *) mod_authn_core: Prevent crash when provider alias created to
922c0ad0014590bb10d13674012683eef44c0bbarederpj provider which is not yet registered. [Chris Darroch]
aec964227053fab7e59deb26709b94726ce67224rederpj *) mod_authn_core: Add AuthType of None to support disabling
8ffd5c9693162130d35be41953f0dd3bba18edf7rederpj authentication. [Chris Darroch]
1e27f530f81c6058d1a11944ae1e2da45977fc7bjerenkrantz *) core: Allow <Limit> and <LimitExcept> directives to nest, and
1e27f530f81c6058d1a11944ae1e2da45977fc7bjerenkrantz constrain their use to conform with that of other access control
1e27f530f81c6058d1a11944ae1e2da45977fc7bjerenkrantz and authorization directives. [Chris Darroch]
469549ac22c6f7b9ecdd9df2565925563e4df84djwoolley *) unixd: turn existing code into a module, and turn the set user/group
469549ac22c6f7b9ecdd9df2565925563e4df84djwoolley and chroot into a child_init function. [Nick Kew]
469549ac22c6f7b9ecdd9df2565925563e4df84djwoolley *) mod_dir: Support "DirectoryIndex disabled"
7a9f3bef545b0bbc93c2ed758119b0d2e2647c31trawick Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
7a9f3bef545b0bbc93c2ed758119b0d2e2647c31trawick *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
0be05c658c7e6e5a05fd2d4068d8ac0f030d4752jwoolley OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
223b367115aefc20f1c32fe2d4e2bfcc4bfe108fjwoolley *) mod_authnz_ldap: don't return NULL-valued environment variables to
223b367115aefc20f1c32fe2d4e2bfcc4bfe108fjwoolley other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
223b367115aefc20f1c32fe2d4e2bfcc4bfe108fjwoolley *) Don't adjust case in pathname components that are not of interest
223b367115aefc20f1c32fe2d4e2bfcc4bfe108fjwoolley to mod_mime. Fixes mod_negotiation's use of such components.
639cf068707865a81ad2c610e72d57b043d20dd6wrowe PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
639cf068707865a81ad2c610e72d57b043d20dd6wrowe *) Be tolerant in what you accept - accept slightly broken
639cf068707865a81ad2c610e72d57b043d20dd6wrowe status lines from a backend provided they include a valid status code.
f3f0c2a5f6009d06350341219d1f38a1644708bcbrianp *) New module mod_sed: filter Request/Response bodies through sed
33b095d35c5dac22358ce63c32635ab59ce7cb25aaron *) mod_auth_form: Make sure that basic authentication is correctly
33b095d35c5dac22358ce63c32635ab59ce7cb25aaron faked directly after login. [Graham Leggett]
100e6f5dec61d108494565f8f3bfa894afadc33ajerenkrantz *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
100e6f5dec61d108494565f8f3bfa894afadc33ajerenkrantz within the output headers and error output headers, so that the
100e6f5dec61d108494565f8f3bfa894afadc33ajerenkrantz session is maintained across redirects. [Graham Leggett]
5d5d5ca04c57c7ab865924f4648e8f80de27adfebrianp *) mod_auth_form: Make sure the logged in user is populated correctly
5d5d5ca04c57c7ab865924f4648e8f80de27adfebrianp after a form login. Fixes a missing REMOTE_USER variable directly
4f3ec2ec53c7ca5ca308d85e2e0beb933a2fd0f9aaron following a login. [Graham Leggett]
4f3ec2ec53c7ca5ca308d85e2e0beb933a2fd0f9aaron *) mod_session_cookie: Make sure that cookie attributes are correctly
4f3ec2ec53c7ca5ca308d85e2e0beb933a2fd0f9aaron included in the blank cookie when cookies are removed. This fixes an
4f3ec2ec53c7ca5ca308d85e2e0beb933a2fd0f9aaron inability to log out when using mod_auth_form. [Graham Leggett]
3c0c3ae288166a8736593093c636768702abf263aaron *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
3c0c3ae288166a8736593093c636768702abf263aaron null value. [David Shane Holden <dpejesh apache.org>]
b8a843847aae3d9a1838fb8f1de84cd66212f48atrawick *) core, authn/z: Determine registered authn/z providers directly in
c8411888a54dd5dbfd8a5d337ebf0e911a789063trawick ap_setup_auth_internal(), which allows optional functions that just
c8411888a54dd5dbfd8a5d337ebf0e911a789063trawick wrapped ap_list_provider_names() to be removed from authn/z modules.
c8411888a54dd5dbfd8a5d337ebf0e911a789063trawick [Chris Darroch]
28caffb98f18c0b9562ac20870f7ab91f3d9a01fjerenkrantz *) authn/z: Convert common provider version strings to macros.
28caffb98f18c0b9562ac20870f7ab91f3d9a01fjerenkrantz [Chris Darroch]
d757628a07145aa711ba75b4e7c7c01a33133ca1jerenkrantz *) core: When testing for slash-terminated configuration paths in
d757628a07145aa711ba75b4e7c7c01a33133ca1jerenkrantz ap_location_walk(), don't look past the start of an empty string
1585c2979d749ee71edb6a1d57bc9ff6db12a426jerenkrantz such as that created by a <Location ""> directive.
1585c2979d749ee71edb6a1d57bc9ff6db12a426jerenkrantz [Chris Darroch]
6bdb2c094666367615890147775bb18761216c8dminfrin *) core, mod_proxy: If a kept_body is present, it becomes safe for
6bdb2c094666367615890147775bb18761216c8dminfrin subrequests to support message bodies. Make sure that safety
6bdb2c094666367615890147775bb18761216c8dminfrin checks within the core and within the proxy are not triggered
c069757188a3cd9ab19b05169b005a824b60b6fcaaron when kept_body is present. This makes it possible to embed
c069757188a3cd9ab19b05169b005a824b60b6fcaaron proxied POST requests within mod_include. [Graham Leggett]
c069757188a3cd9ab19b05169b005a824b60b6fcaaron *) mod_auth_form: Make sure the input filter stack is properly set
c069757188a3cd9ab19b05169b005a824b60b6fcaaron up before reading the login form. Make sure the kept body filter
11ce97701b22d795fd1a5ec3769a3367bc220921wrowe is correctly inserted to ensure the body can be read a second
11ce97701b22d795fd1a5ec3769a3367bc220921wrowe time safely should the authn be successful. [Graham Leggett,
11ce97701b22d795fd1a5ec3769a3367bc220921wrowe Ruediger Pluem]
11ce97701b22d795fd1a5ec3769a3367bc220921wrowe *) mod_request: Insert the KEPT_BODY filter via the insert_filter
6cdd5cd95d8323de5cfb912d8fc0df8c5e3d02cejerenkrantz hook instead of during fixups. Add a safety check to ensure the
e45d7d4ca98387c2898f8302bafb31e3b4f5a5d8jwoolley filters cannot be inserted more than once. [Graham Leggett,
6cdd5cd95d8323de5cfb912d8fc0df8c5e3d02cejerenkrantz Ruediger Pluem]
239ab9d14d3851c2efc1312b3b42c838073533f4jerenkrantz *) ap_cache_cacheable_headers_out() will (now) always
239ab9d14d3851c2efc1312b3b42c838073533f4jerenkrantz merge an error headers _before_ clearing them and _before_
239ab9d14d3851c2efc1312b3b42c838073533f4jerenkrantz merging in the actual entity headers and doing normal
c5fb76caa5498c60b991fcba8dfbf3c229f0f4d5rbb hop-by-hop cleansing. [Dirk-Willem van Gulik].
c5fb76caa5498c60b991fcba8dfbf3c229f0f4d5rbb *) cache: retire ap_cache_cacheable_hdrs_out() which was used
c5fb76caa5498c60b991fcba8dfbf3c229f0f4d5rbb for both in- and out-put headers; and replace it by a single
c5fb76caa5498c60b991fcba8dfbf3c229f0f4d5rbb ap_cache_cacheable_headers() wrapped in a in- and out-put
c5fb76caa5498c60b991fcba8dfbf3c229f0f4d5rbb specific ap_cache_cacheable_headers_in()/out(). The latter
b9cf7102006ac2ccfebcb78174585986ff127ba9jwoolley which will also merge error and ensure content-type. To keep
b9cf7102006ac2ccfebcb78174585986ff127ba9jwoolley cache modules consistent with ease. This API change bumps
4b0939148fffde56f0b7db2a43cab1d1dc76ab3fmjc up the minor MM by one [Dirk-Willem van Gulik].
2b13bc45632d72cdf50ac42149e4fc8bc0d05bf2stoddard *) Move the KeptBodySize directive, kept_body filters and the
2b13bc45632d72cdf50ac42149e4fc8bc0d05bf2stoddard ap_parse_request_body function out of the http module and into a
2b13bc45632d72cdf50ac42149e4fc8bc0d05bf2stoddard new module called mod_request, reducing the size of the core.
2b13bc45632d72cdf50ac42149e4fc8bc0d05bf2stoddard [Graham Leggett]
2b13bc45632d72cdf50ac42149e4fc8bc0d05bf2stoddard *) mod_dbd: Handle integer configuration directive parameters with a
52617e76a53b1d90da027a5311790e1ccef8f60ftrawick dedicated function.
b584ec31a47334b1253f4a5ad73f023336ab2f28jwoolley *) Change the directives within the mod_session* modules to be valid
b584ec31a47334b1253f4a5ad73f023336ab2f28jwoolley both inside and outside the location/directory sections, as
b584ec31a47334b1253f4a5ad73f023336ab2f28jwoolley suggested by wrowe. [Graham Leggett]
7ac88dc1ac207b9a434fd76c0406651d68018d69rederpj *) mod_auth_form: Add a module capable of allowing end users to log
7ac88dc1ac207b9a434fd76c0406651d68018d69rederpj in using an HTML form, storing the credentials within mod_session.
52617e76a53b1d90da027a5311790e1ccef8f60ftrawick [Graham Leggett]
f905b21d99b264dbf26acc30b430ebe92838cdcejerenkrantz *) Add a function to the http filters that is able to parse an HTML
d157b208942316e96c34fa8b2222ed4cc2e56783trawick form request with the type of application/x-www-form-urlencoded.
d157b208942316e96c34fa8b2222ed4cc2e56783trawick [Graham Leggett]
d157b208942316e96c34fa8b2222ed4cc2e56783trawick *) mod_session_crypto: Initialise SSL in the post config hook.
dc903d97a896d4e414efb1cb49f22ce00a49f070trawick [Ruediger Pluem, Graham Leggett]
dc903d97a896d4e414efb1cb49f22ce00a49f070trawick *) mod_session_dbd: Add a session implementation capable of storing
dc903d97a896d4e414efb1cb49f22ce00a49f070trawick session information in a SQL database via the dbd interface. Useful
dc903d97a896d4e414efb1cb49f22ce00a49f070trawick for sites where session privacy is important. [Graham Leggett]
dc903d97a896d4e414efb1cb49f22ce00a49f070trawick *) mod_session_crypto: Add a session encoding implementation capable
68f803c489cf61918fb4e61745fcd1e0cc980541jerenkrantz of encrypting and decrypting sessions wherever they may be stored.
68f803c489cf61918fb4e61745fcd1e0cc980541jerenkrantz Introduces a level of privacy when sessions are stored on the
68f803c489cf61918fb4e61745fcd1e0cc980541jerenkrantz browser. [Graham Leggett]
15405e91bb3fad5a80f7abe828a00b44a3a65bf8jerenkrantz *) mod_session_cookie: Add a session implementation capable of storing
15405e91bb3fad5a80f7abe828a00b44a3a65bf8jerenkrantz session information within cookies on the browser. Useful for high
f905b21d99b264dbf26acc30b430ebe92838cdcejerenkrantz volume sites where server bound sessions are too resource intensive.
f905b21d99b264dbf26acc30b430ebe92838cdcejerenkrantz [Graham Leggett]
0e2340134f2336b98c92d7f157fb65d0a6f477d4stoddard *) mod_session: Add a generic session interface to unify the different
0e2340134f2336b98c92d7f157fb65d0a6f477d4stoddard attempts at saving persistent sessions across requests.
431d6106eaf796cc8dfa8cb0db2b180dd93ed6dftrawick [Graham Leggett]
b3edf21d591bfd0e64bbec0dda73c0e41d7ecdb6wrowe *) core, authn/z: Avoid calling access control hooks for internal requests
b3edf21d591bfd0e64bbec0dda73c0e41d7ecdb6wrowe with configurations which match those of initial request. Revert to
b3edf21d591bfd0e64bbec0dda73c0e41d7ecdb6wrowe original behaviour (call access control hooks for internal requests
b3edf21d591bfd0e64bbec0dda73c0e41d7ecdb6wrowe with URIs different from initial request) if any access control hooks or
b3edf21d591bfd0e64bbec0dda73c0e41d7ecdb6wrowe providers are not registered as permitting this optimization.
5d238058bc748dfa13ff21890ae4a58481e3be89jerenkrantz Introduce wrappers for access control hook and provider registration
5d238058bc748dfa13ff21890ae4a58481e3be89jerenkrantz which can accept additional mode and flag data. [Chris Darroch]
9282327b0ffe8981d39835130dfb334af192b508jerenkrantz *) Introduced ap_expr API for expression evaluation.
9282327b0ffe8981d39835130dfb334af192b508jerenkrantz This is adapted from mod_include, which is the first module
9282327b0ffe8981d39835130dfb334af192b508jerenkrantz to use the new API.
8fcaadcb287f361bb304d53a69d508500840fafcjerenkrantz *) mod_authz_dbd: When redirecting after successful login/logout per
8fcaadcb287f361bb304d53a69d508500840fafcjerenkrantz AuthzDBDRedirectQuery, do not report authorization failure, and use
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz first row returned by database query instead of last row.
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz [Chris Darroch]
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz *) mod_ldap: Correctly return all requested attribute values
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz when some attributes have a null value.
25b812bcab8b61981e288996b991e0ab4d224b92jerenkrantz PR 44560 [Anders Kaseorg <anders kaseorg.com>]
87f0329e30de94828e08d53a99ea23cda86a9fccjerenkrantz *) core: check symlink ownership if both FollowSymlinks and
87f0329e30de94828e08d53a99ea23cda86a9fccjerenkrantz SymlinksIfOwnerMatch are set [Nick Kew]
0396e75f271f51be57be778655e32ba8d64d240bwrowe *) core: fix origin checking in SymlinksIfOwnerMatch
0396e75f271f51be57be778655e32ba8d64d240bwrowe PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
9438d70ce91fa99ec828a2828f0fd45542cd9c4fwrowe *) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the
0396e75f271f51be57be778655e32ba8d64d240bwrowe 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
dc10f7a2f87d4cd7cdd16dc248b165122b4ac62btrawick mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
dc10f7a2f87d4cd7cdd16dc248b165122b4ac62btrawick *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these
dc10f7a2f87d4cd7cdd16dc248b165122b4ac62btrawick contain public function declarations which are useful for
431d6106eaf796cc8dfa8cb0db2b180dd93ed6dftrawick third party module authors. PR 42431 [Dirk-Willem van Gulik].
390489eb69fe15943ddf67adcc832ca8de125cd9jerenkrantz *) mod_dir, mod_negotiation: pass the output filter information
390489eb69fe15943ddf67adcc832ca8de125cd9jerenkrantz to newly created sub requests; as these are later on used
390489eb69fe15943ddf67adcc832ca8de125cd9jerenkrantz as true requests with an internal redirect. This allows for
390489eb69fe15943ddf67adcc832ca8de125cd9jerenkrantz mod_cache et.al. to trap the results of the redirect.
a1e8b54f269a8f2388590174174509546e886e60stoddard [Dirk-Willem van Gulik, Ruediger Pluem]
a1e8b54f269a8f2388590174174509546e886e60stoddard *) mod_ldap: Add support (taking advantage of the new APR capability)
3eb95d6629bb326ae90e5eec693b7e628951751brbb for ldap rebind callback while chasing referrals. This allows direct
109d280c3fcf810e573fc1af5e141ad525c45811bjh searches on LDAP servers (in particular MS Active Directory 2003+)
109d280c3fcf810e573fc1af5e141ad525c45811bjh using referrals without the use of the global catalog.
109d280c3fcf810e573fc1af5e141ad525c45811bjh PRs 26538, 40268, and 42557 [Paul J. Reder]
61d2cd001754548e90364aa3a7e76863616544b0minfrin *) ApacheMonitor.exe: Introduce --kill argument for use by the
61d2cd001754548e90364aa3a7e76863616544b0minfrin installer. This will permit the installation tool to remove
61d2cd001754548e90364aa3a7e76863616544b0minfrin all running instances before attempting to remove the .exe.
61d2cd001754548e90364aa3a7e76863616544b0minfrin [William Rowe]
9a3bbca61e24c13d8b496116ac759117136c6bf4aaron *) mod_ssl: Add support for OCSP validation of client certificates.
9a3bbca61e24c13d8b496116ac759117136c6bf4aaron PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton]
9a3bbca61e24c13d8b496116ac759117136c6bf4aaron *) mod_serf: New module for Reverse Proxying. [Paul Querna]
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm *) core: Add the option to keep aside a request body up to a certain
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm size that would otherwise be discarded, to be consumed by filters
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm such as mod_include. When enabled for a directory, POST requests
0506359f47150991eaaae37ca07f94117a9aa63dtrawick to shtml files can be passed through to embedded scripts as POST
0506359f47150991eaaae37ca07f94117a9aa63dtrawick requests, rather being downgraded to GET requests. [Graham Leggett]
0506359f47150991eaaae37ca07f94117a9aa63dtrawick *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
67f62b7a48ff9eb8d9f31898dceaf9f89280a723dougm *) scoreboard: Correctly declare ap_time_process_request.
9d3fdc3bb8077a46851080e17ef9f16c83720c8ftrawick *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
219472ea2d5f1563509321d8b8a91b116792bf7adougm from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
219472ea2d5f1563509321d8b8a91b116792bf7adougm provide the unusual legacy lookup. [William Rowe]
c048b545f06921f53ceb830b30f99aed7b369d95dougm *) mpm winnt: fix null pointer dereference
c048b545f06921f53ceb830b30f99aed7b369d95dougm PR 42572 [Davi Arnaut]
621bd763d2e4d32f19013ac8b76b375b5a01851fdougm *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
621bd763d2e4d32f19013ac8b76b375b5a01851fdougm parameters to the environment. Improve portability to
621bd763d2e4d32f19013ac8b76b375b5a01851fdougm EBCDIC machines by using apr_toupper(). [Martin Kraemer]
0ea12b5dcb3d1d399f9bff6f56fb445d80205f9dstriker *) mod_ldap, mod_authnz_ldap: Add support for nested groups (i.e. the ability
0ea12b5dcb3d1d399f9bff6f56fb445d80205f9dstriker to authorize an authenticated user via a "require ldap-group X" directive
e93624301705e3dc68992e3b488a764389eb8b98trawick where the user is not in group X, but is in a subgroup contained in X.
e93624301705e3dc68992e3b488a764389eb8b98trawick PR 42891 [Paul J. Reder]
cba0728e3535ee87e89cdb3cb54ce91eda18f6ccaaron *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
a45de374fb215f294eb1369d4406ac79d6596ee1brianp *) apxs: Enhance -q flag to print all known variables and their values
a45de374fb215f294eb1369d4406ac79d6596ee1brianp when invoked without variable name(s).
a45de374fb215f294eb1369d4406ac79d6596ee1brianp [William Rowe, Sander Temme]
7f14bcf6b594703df385ce84ba2ee3cdf3ccbae4trawick *) apxs: Eliminate run-time check for mod_so. PR 40653.
7f14bcf6b594703df385ce84ba2ee3cdf3ccbae4trawick [David M. Lee <dmlee crossroads.com>]
7f14bcf6b594703df385ce84ba2ee3cdf3ccbae4trawick *) beos MPM: Create pmain pool and run modules' child_init hooks when
0007bb1e01dd762bde7280beb57113309c1715a3trawick entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
a1be7357e2c08b9dfe52c277063d212d65b15feejim [Chris Darroch]
a1be7357e2c08b9dfe52c277063d212d65b15feejim *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
a1be7357e2c08b9dfe52c277063d212d65b15feejim cleanups registered in modules' child_init hooks are performed.
a1be7357e2c08b9dfe52c277063d212d65b15feejim [Chris Darroch]
6682df9b639663c50f447e5690dd62cce7b1c086trawick *) Fix issue which could cause error messages to be written to access logs
6682df9b639663c50f447e5690dd62cce7b1c086trawick on Win32. PR 40476. [Tom Donovan <Tom.Donovan acm.org>]
51c0f0fe0a49a180389009442a83f74b1916f96atrawick *) The LockFile directive, which specifies the location of
51c0f0fe0a49a180389009442a83f74b1916f96atrawick the accept() mutex lockfile, is deprecated. Instead, the
51c0f0fe0a49a180389009442a83f74b1916f96atrawick AcceptMutex directive now takes an optional lockfile
51c0f0fe0a49a180389009442a83f74b1916f96atrawick location parameter, ala SSLMutex. [Jim Jagielski]
7e8bc9ca9d1e752f6ca6debec6be8addae8bd72etrawick *) mod_authn_dbd: Export any additional columns queried in the SQL select
7e8bc9ca9d1e752f6ca6debec6be8addae8bd72etrawick into the environment with the name AUTHENTICATE_<COLUMN>. This brings
ecb511c254d5affe7cc018482d53c19aaf145878jerenkrantz mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
ecb511c254d5affe7cc018482d53c19aaf145878jerenkrantz *) mod_dbd: Key the storage of prepared statements on the hex string
ecb511c254d5affe7cc018482d53c19aaf145878jerenkrantz value of server_rec, rather than the server name, as the server name
60b83cd8f9427809082340cfd7581091990962f5jwoolley may change (eg when the server name is set) at any time, causing
60b83cd8f9427809082340cfd7581091990962f5jwoolley weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
e93624301705e3dc68992e3b488a764389eb8b98trawick *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
e93624301705e3dc68992e3b488a764389eb8b98trawick *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
4da4d1ae427ee8827c2325dd121ac05a83afd579wrowe the first bucket from the brigade, finds it not to be a FILE
a2d4f1da4e19836b2d6a673f80f33381a926a8bddougm bucket and barfs. The fix is to pass a bucket rather than a brigade.
d56d6753a75f5b915120c797aedbfcf13bb14c8brbb [Niklas Edmundsson <nikke acc.umu.se>]
d56d6753a75f5b915120c797aedbfcf13bb14c8brbb *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
d56d6753a75f5b915120c797aedbfcf13bb14c8brbb *) ap_get_server_version() has been removed. Third-party modules must
4aaf7088758ca56823e585969320f2405a7cc5fcdougm now use ap_get_server_banner() or ap_get_server_description().
4aaf7088758ca56823e585969320f2405a7cc5fcdougm [Jeff Trawick]
e0596968fe84a2bdaebe0192d8d64d2e9856d4d6brianp *) All MPMs: Introduce a check_config phase between pre_config and
e0596968fe84a2bdaebe0192d8d64d2e9856d4d6brianp open_logs, to allow modules to review interdependent configuration
e0596968fe84a2bdaebe0192d8d64d2e9856d4d6brianp directive values and adjust them while messages can still be logged
f33c2c86b419be97248c5289b71738b5f0c7ab0adirkx to the console. Handle relevant MPM directives during this phase
f33c2c86b419be97248c5289b71738b5f0c7ab0adirkx and format messages for both the console and the error log, as
f33c2c86b419be97248c5289b71738b5f0c7ab0adirkx appropriate. [Chris Darroch]
c5fdaba2e790a0a351d796b5fe3dcfb585be1ba2jim *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
c5fdaba2e790a0a351d796b5fe3dcfb585be1ba2jim to circumvent the symbolic link checks imposed by FollowSymLinks and
c5fdaba2e790a0a351d796b5fe3dcfb585be1ba2jim SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
2fc50921b88defeb7127985dfe4b4130175e069ejwoolley *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
2fc50921b88defeb7127985dfe4b4130175e069ejwoolley configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
2fc50921b88defeb7127985dfe4b4130175e069ejwoolley The default is none as this is far greater debugging resolution than
2fc50921b88defeb7127985dfe4b4130175e069ejwoolley the typical administrator is prepared to untangle. [William Rowe]
47638f4a67ce38e5a83e7a303d6f2d5c9ff47b4ebrianp *) mod_disk_cache: If possible, check if the size of an object to cache is
47638f4a67ce38e5a83e7a303d6f2d5c9ff47b4ebrianp within the configured boundaries before actually saving data.
47638f4a67ce38e5a83e7a303d6f2d5c9ff47b4ebrianp [Niklas Edmundsson <nikke acc.umu.se>]
82630c4a04be47f39298d3284b2c596244fb509bbrianp *) Worker and event MPMs: Remove improper scoreboard updates which were
0d24ea1c99d2267096caaf0843c7e5a1ac6b7c0bmjc performed in the event of a fork() failure. [Chris Darroch]
35d682920b0b7073bb9ff8c8794f0f73e3ee1a47slive *) Add support for fcgi:// proxies to mod_rewrite.
a2d4f1da4e19836b2d6a673f80f33381a926a8bddougm [Markus Schiegl <ms schiegl.com>]
a2d4f1da4e19836b2d6a673f80f33381a926a8bddougm *) Remove incorrect comments from scoreboard.h regarding conditional
30b4a330a5f651eb5198fa93dbb9f3d3594564c9stoddard loading of worker_score structure with mod_status, and remove unused
30b4a330a5f651eb5198fa93dbb9f3d3594564c9stoddard definitions relating to old life_status field.
30b4a330a5f651eb5198fa93dbb9f3d3594564c9stoddard [Chris Darroch <chrisd pearsoncmg.com>]
30b4a330a5f651eb5198fa93dbb9f3d3594564c9stoddard *) Remove allocation of memory for unused array of lb_score pointers
17895aa4b66b8af02d8788b15cb92e1f6a8ecafcwrowe in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
983988ac7b8faaf037f4df0ab29729cd047a3ffdtrawick *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
7a64b871b8b5e5a427b570e90f0e38e88266c783jim [Garrett Rooney, Jim Jagielski, Paul Querna]
7a64b871b8b5e5a427b570e90f0e38e88266c783jim *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
7a64b871b8b5e5a427b570e90f0e38e88266c783jim [Chris Darroch <chrisd pearsoncmg.com>]
a736bac16e58d5e96945f35ee3c43a2cd2f5d37ejerenkrantz *) mod_charset_lite: Remove Content-Length when output filter can
a736bac16e58d5e96945f35ee3c43a2cd2f5d37ejerenkrantz invalidate it. Warn when input filter can invalidate it.
a736bac16e58d5e96945f35ee3c43a2cd2f5d37ejerenkrantz [Jeff Trawick]
797d596a95d4f9900e83ec18295b4ca4951bf763jerenkrantz *) Authz: Add the new module mod_authn_core that will provide common
797d596a95d4f9900e83ec18295b4ca4951bf763jerenkrantz authn directives such as 'AuthType', 'AuthName'. Move the directives
5842e6b336b1cc0252b6cc2944dd81c7d3a19a1bbrianp 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
5842e6b336b1cc0252b6cc2944dd81c7d3a19a1bbrianp into mod_authn_core. [Brad Nicholes]
2532433e80d73506f7bcc18bd0dab686f1c39397minfrin *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
2532433e80d73506f7bcc18bd0dab686f1c39397minfrin into the new module mod_access_compat which can be loaded to provide
2532433e80d73506f7bcc18bd0dab686f1c39397minfrin support for these directives.
c148bc6b4eea544af816783400362f741c5f5fc2trawick [Brad Nicholes]
c148bc6b4eea544af816783400362f741c5f5fc2trawick *) Authz: Move the 'Require' directive from the core module as well as
9d432e23f6025b78322cbee43e8e89262a108e5eaaron add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
9d432e23f6025b78322cbee43e8e89262a108e5eaaron and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
9d432e23f6025b78322cbee43e8e89262a108e5eaaron logic into the authorization processing. [Brad Nicholes]
9d432e23f6025b78322cbee43e8e89262a108e5eaaron *) Authz: Add the new module mod_authz_core which acts as the
9d432e23f6025b78322cbee43e8e89262a108e5eaaron authorization provider vector and contains common authz
9d432e23f6025b78322cbee43e8e89262a108e5eaaron directives. [Brad Nicholes]
6a5bdbbacf4a62adecde52b8f23ebcc4fa2a08b8trawick *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
6a5bdbbacf4a62adecde52b8f23ebcc4fa2a08b8trawick 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
10306ac2c175f420e6989568f4c8535a5dbc1349minfrin *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
10306ac2c175f420e6989568f4c8535a5dbc1349minfrin host-based access control provided by mod_authz_host and invoked
10306ac2c175f420e6989568f4c8535a5dbc1349minfrin through the 'Require' directive. [Brad Nicholes]
b4e4d76bf454e1b603b410110356dbcf12f3bc42jim *) Authz: Convert all of the authz modules from hook based to
b4e4d76bf454e1b603b410110356dbcf12f3bc42jim provider based. [Brad Nicholes]
adb1e17ae7e1cf5cf4f8f2b07d3389cb55f4becetrawick *) mod_cache: Add CacheMinExpire directive to set the minimum time in
adb1e17ae7e1cf5cf4f8f2b07d3389cb55f4becetrawick seconds to cache a document.
71f891073f6fa0209870791f64cbbf28d77ffdc1brianp [Brian Akins <brian.akins turner.com>, Ruediger Pluem]
2864362ca8266097928e84f101010bdf814ffa08stoddard *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
2864362ca8266097928e84f101010bdf814ffa08stoddard *) Fix typo in ProxyStatus syntax error message.
2864362ca8266097928e84f101010bdf814ffa08stoddard [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
f51dbb1f5b66d94b5c190bfcd444aa73bdc2b176trawick *) Asynchronous write completion for the Event MPM. [Brian Pane]
893c106ae59d8e96d921524b123ae26dea8ad37fgstein *) Added an End-Of-Request bucket type. The logging of a request and
893c106ae59d8e96d921524b123ae26dea8ad37fgstein the freeing of its pool are now done when the EOR bucket is destroyed.
893c106ae59d8e96d921524b123ae26dea8ad37fgstein This has the effect of delaying the logging until right after the last
3aa6444bcee4e9fc32ec8860d832ff83a15784efianh of the response is sent; ap_core_output_filter() calls the access logger
3aa6444bcee4e9fc32ec8860d832ff83a15784efianh indirectly when it destroys the EOR bucket. [Brian Pane]
e2bdfd25d9d0461e0a3ab18ceff2113215e3e115brianp *) Rewrite of logresolve support utility: IPv6 addresses are now supported
e2bdfd25d9d0461e0a3ab18ceff2113215e3e115brianp and the format of statistical output has changed. [Colm MacCarthaigh]
b9fe73991e7c592a634242a7e11f924689f58e1fgstein *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
b9fe73991e7c592a634242a7e11f924689f58e1fgstein *) Added new connection states for handler and write completion
d9fcdb415d8661cbd9451df8f88e003a1aa04ce9trawick [Brian Pane]
d9fcdb415d8661cbd9451df8f88e003a1aa04ce9trawick *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
d9fcdb415d8661cbd9451df8f88e003a1aa04ce9trawick [Justin Erenkrantz]
81b8d0f83e9d0bc2bf6900fc680737e0cac439a2brianp *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
81b8d0f83e9d0bc2bf6900fc680737e0cac439a2brianp allowing string-valued client certificate attributes to be used for
b5033962c73a470b6f36a3ac796c542a6ab4ddf6brianp access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
b5033962c73a470b6f36a3ac796c542a6ab4ddf6brianp [Martin Kraemer, David Reid]
d7856f850b9b51165f23ae381a891bda894e1373ianh [Apache 2.3.0-dev includes those bug fixes and changes with the
d7856f850b9b51165f23ae381a891bda894e1373ianh Apache 2.2.xx tree as documented, and except as noted, below.]
d7856f850b9b51165f23ae381a891bda894e1373ianhChanges with Apache 2.2.x and later:
d75626f0952c6152a99acd013a4f127d46f0f9edtrawick *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
d75626f0952c6152a99acd013a4f127d46f0f9edtrawickChanges with Apache 2.0.x and later:
ab2053f3cdda69cfa5e4ce0800ea7af203cc6d5ddougm *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
ab2053f3cdda69cfa5e4ce0800ea7af203cc6d5ddougmChanges with Apache 1.3.x and later: