CHANGES revision 5716f9c6daa92dde5f2f9d11ed63f7c9549c223a
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes -*- coding: utf-8 -*-
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholesChanges with Apache 2.5.0
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_ssl: Add hooks to allow other modules to perform processing at
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes several stages of initialization and connection handling. See
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_proxy_wstunnel: Avoid sending error responses down an upgraded
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes websockets connection as it is being close down. [Eric Covener]
0662ed52e814f8f08ef0e09956413a792584eddffuankg *) mod_proxy_wstunnel: Allow the administrator to cap the amount
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes of time a synchronous websockets connection stays idle with
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes ProxyWebsocketIdleTimeout. [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_proxy_wstunnel: Change to opt-in for asynchronous support, adding
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes directives ProxyWebsocketAsync and ProxyWebsocketAsyncDelay.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Eric Covener]
70953fb44a7140fe206c3a5f011e24209c8c5c6abnicholes *) mod_proxy_wstunnel: Stop leaking websockets backend connections under
70953fb44a7140fe206c3a5f011e24209c8c5c6abnicholes event MPM (trunk-only). [Eric Covener]
16b55a35cff91315d261d1baa776138af465c4e4fuankg *) mod_proxy_wstunnel: Don't issue AH02447 and log a 500 on routine
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes hangups from websockets origin servers. PR 56299
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Yann Ylavic, Edward Lu <Chaosed0 gmail com>, Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_proxy_wstunnel: Don't pool backend websockets connections,
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes because we need to handshake every time. PR 55890.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_proxy_http: Add detach_backend hook (potentially usable
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes in other proxy scheme handlers). [Jeff Trawick]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_deflate: Add DeflateAlterETag to control how the ETag
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes is modified. The 'NoChange' parameter mimics 2.2.x behavior.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes PR 45023, PR 39727. [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_ssl: fix merging of global and vhost-level settings with the
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes SSLCertificateFile, SSLCertificateKeyFile, and SSLOpenSSLConfCmd
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes directives. PR 56353. [Kaspar Brand]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_ssl: avoid processing bogus SSLCertificateKeyFile values
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes (and logging garbled file names). PR 56306. [Kaspar Brand]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_proxy_fcgi: Fix sending of response without some HTTP headers
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes that might be set by filters. [Jim Riggs <jim riggs.me>]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes allow spaces in backreferences to be encoded as %20 instead of '+'.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_ssl: bring SNI behavior into better conformance with RFC 6066:
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes no longer send warning-level unrecognized_name(112) alerts,
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes and limit startup warnings to cases where an OpenSSL version
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes without TLS extension support is used. PR 56241. [Kaspar Brand]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_proxy_html: Do not delete the wrong data from HTML code when a
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes "http-equiv" meta tag specifies a Content-Type behind any other
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg "http-equiv" meta tag. PR 56287 [Micha Lenk <micha lenk info>]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_expires: don't add Expires header to error responses (4xx/5xx),
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes be they generated or forwarded. PR 55669. [ Yann Ylavic ]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_rewrite: Support an optional list of characters to escape in the
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes argument for the 'B' (escape backreferences) flag. [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes OCSP requests should use a nonce to be checked against the responder's
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes one. PR 56233. [ Yann Ylavic ]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_reqtimeout: Resolve unexpected timeouts on keepalive requests
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes under the Event MPM. PR56216. [Frank Meier <frank meier ergon ch>]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_lua: Add r:wspeek for checking if there is any data waiting on the line
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Daniel Gruno]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_proxy: Do not try to parse the regular expressions passed by
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes ProxyPassMatch as URL as they do not follow their syntax.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes PR 56074. [Ruediger Pluem]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_dir: Default to 2.2-like behavior and skip execution when method is
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_rewrite: Rename the handler that does per-directory internal
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes redirects to "rewrite-redirect-handler" from "redirect-handler" so
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes it is less ambiguous and less likely to be reused. [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_rewrite: Protect against looping with the [N] flag by enforcing a
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes default limit of 10000 iterations, and allowing each rule to change its
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes limit. [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Jeff Trawick]
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes 5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]
0a39e7683f6611d66c55712f50bb240428d832a1bnicholes *) mod_auth_form: Add a debug message when the fields on a form are not
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes recognised. [Graham Leggett]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Jan Kaluza]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_headers: Allow the "value" parameter of Header and RequestHeader to
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes contain an ap_expr expression if prefixed with "expr=". [Eric Covener]
0662ed52e814f8f08ef0e09956413a792584eddffuankg *) Add suspend_connection and resume_connection hooks to notify modules
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes when the thread/connection relationship changes. (Currently implemented
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg only for the Event MPM; should be implemented for all async MPMs.)
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Jeff Trawick]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes to support write completion. [Graham Leggett]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) core: Add parse_errorlog_arg callback to ap_errorlog_provider
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes to allow providers to check the ErrorLog argument. [Jan Kaluza]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_cgid: Use the servers Timeout for each read from a CGI script,
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes allow override with new CGIDRequestTimeout directive. PR43494
0662ed52e814f8f08ef0e09956413a792584eddffuankg [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) core: Add missing Reason-Phrase in HTTP response headers.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes PR 54946. [Rainer Jung]
0662ed52e814f8f08ef0e09956413a792584eddffuankg *) core: ensure any abnormal exit is reported to stderr if it's a tty.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes PR 55670 [Nick Kew]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_auth_form: Make sure the optional functions are loaded even when
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes the AuthFormProvider isn't specified. [Graham Leggett]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_lua: Let the Inter-VM get/set functions work with a global
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes shared memory pool instead of a per-process pool. [Daniel Gruno]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) ldap: Support ldaps when using the Microsoft LDAP SDK.
0662ed52e814f8f08ef0e09956413a792584eddffuankg PR 54626. [Jean-Frederic Clere]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_proxy: Add ap_connection_reusable() for checking if a connection
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg is reusable as of this point in processing. [Jeff Trawick]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes to avoid performance problems when subgroups aren't in use. [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_syslog: New module implementing syslog ap_error_log provider.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes Previously, this code was part of core, now it's in separate module.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Jan Kaluza]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes syslog support from core to new mod_syslog. [Jan Kaluza]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes save the socket for reuse by the next worker as if it were an
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_status, mod_echo: Fix the display of client addresses.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes They were truncated to 31 characters which is not enough for IPv6 addresses.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes PR 54848 [Bernhard Schmidt <berni birkenwald de>]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_authnz_fcgi: New module to enable FastCGI authorizer
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes applications to authenticate and/or authorize clients.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Jeff Trawick]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Jeff Trawick]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_unique_id: Use output of the PRNG rather than IP address and
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes pid, avoiding sleep() call and possible DNS issues at startup,
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes plus improving randomness for IPv6-only hosts.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Jan Kaluza <jkaluza redhat.com>]
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg *) mod_authnz_ldap: Support primitive LDAP servers that do not accept
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes filter "none" to be specified in AuthLDAPURL. [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_file_cache: mod_file_cache should be able to serve files that
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes haven't had a Content-Type set via e.g. mod_mime. [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) core: merge AllowEncodedSlashes from the base configuration into
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes virtual hosts. [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) AIX: Install DSO's with "cp" instead of "install" in instdso.sh
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_ldap: Don't keep retrying if a new LDAP connection times out.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Eric Covener]
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg *) mod_deflate: permit compilation of mod_deflate against a zlib that has
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes been configured with -D Z_PREFIX, which redefines the token "deflate".
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Eric Covener]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes previously limited to 64MB. [Jens Låås <jelaas gmail.com>]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_auth_digest: Use the secret when generating nonces in all cases and
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes not only when AuthName is used in .htaccess files (this change may cause
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes problems if used with round robin load balancers). Don't regenerate the
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes secret on graceful restarts. PR 54637 [Stefan Fritsch]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) core: Remove apr_brigade_flatten(), buffering and duplicated code
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes from the HTTP_IN filter, parse chunks in a single pass with zero copy.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes Reduce memory usage by 48 bytes per request. [Graham Leggett]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) core: Stop the HTTP_IN filter from attempting to write error buckets
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes to the output filters, which is bogus in the proxy case. Create a
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes clean mapping from APR codes to HTTP status codes, and use it where
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg needed. [Graham Leggett]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_proxy: Ensure network errors detected by the proxy are returned as
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes 504 Gateway Timout as opposed to 502 Bad Gateway, in order to be
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes compliant with RFC2616 14.9.4 Cache Revalidation and Reload Controls.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg [Basant Kumar Kukreja <basant.kukreja sun.com>, Alejandro Alvarez
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) core, mod_ssl: Enable the ability for a module to reverse the sense of
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes a poll event from a read to a write or vice versa. This is a step on
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes the way to allow mod_ssl taking full advantage of the event MPM.
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg [Graham Leggett]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_ldap: LDAP connections used for authentication were not respecting
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes LDAPConnectionPoolTimeout. PR 54587
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) core: ap_rgetline_core now pulls from r->proto_input_filters.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_proxy_html: process parsed comments immediately.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes Fixes bug where parsed comments may be lost. [Nick Kew]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_proxy_html: introduce doctype for HTML 5 [Nick Kew]
0662ed52e814f8f08ef0e09956413a792584eddffuankg *) mod_proxy_html: fix typo-bug processing "strict" vs "transitional"
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) core: Add option to add valgrind support. Use it to reduce false positive
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes warnings in mod_ssl. [Stefan Fritsch]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) mod_authn_file, mod_authn_dbd, mod_authn_dbm, mod_authn_socache:
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes Cache the result of the most recent password hash verification for every
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes keep-alive connection. This saves some expensive calculations.
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes [Stefan Fritsch]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) http: Remove support for Request-Range header sent by Navigator 2-3 and
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes MSIE 3. [Stefan Fritsch]
3c937b528ca923d5b51e63def9f888af4a77bb40bnicholes *) core, http: Extend HttpProtocol with an option to enforce stricter HTTP
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg conformance or to only log the found problems. [Stefan Fritsch]
[Jan Kaluza <jkaluza redhat.com>]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
setuid/setgid capability bits rather than a setuid root binary.
[Matthew Steele <mdsteele google.com>]
passing through the server in such a way that connections and/or
Apache 2.4.xx tree as documented below, except as noted.]
Changes with Apache 2.4.x and later:
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later: