CHANGES revision 66a8e1cc29cc4612cd938bc8fcabc0ef569e5769
2af16be6499b471788876210714090c7904e5b18vboxsync -*- coding: utf-8 -*-
2af16be6499b471788876210714090c7904e5b18vboxsyncChanges with Apache 2.3.0
2af16be6499b471788876210714090c7904e5b18vboxsync[ When backported to 2.2.x, remove entry from this file ]
2af16be6499b471788876210714090c7904e5b18vboxsync *) core: When testing for slash-terminated configuration paths in
2af16be6499b471788876210714090c7904e5b18vboxsync ap_location_walk(), don't look past the start of an empty string
2af16be6499b471788876210714090c7904e5b18vboxsync such as that created by a <Location ""> directive.
2af16be6499b471788876210714090c7904e5b18vboxsync [Chris Darroch]
2af16be6499b471788876210714090c7904e5b18vboxsync *) core, mod_proxy: If a kept_body is present, it becomes safe for
2af16be6499b471788876210714090c7904e5b18vboxsync subrequests to support message bodies. Make sure that safety
2af16be6499b471788876210714090c7904e5b18vboxsync checks within the core and within the proxy are not triggered
2af16be6499b471788876210714090c7904e5b18vboxsync when kept_body is present. This makes it possible to embed
2af16be6499b471788876210714090c7904e5b18vboxsync proxied POST requests within mod_include. [Graham Leggett]
2af16be6499b471788876210714090c7904e5b18vboxsync *) mod_auth_form: Make sure the input filter stack is properly set
2af16be6499b471788876210714090c7904e5b18vboxsync up before reading the login form. Make sure the kept body filter
2af16be6499b471788876210714090c7904e5b18vboxsync is correctly inserted to ensure the body can be read a second
2af16be6499b471788876210714090c7904e5b18vboxsync time safely should the authn be successful. [Graham Leggett,
2af16be6499b471788876210714090c7904e5b18vboxsync Ruediger Pluem]
2af16be6499b471788876210714090c7904e5b18vboxsync *) mod_request: Insert the KEPT_BODY filter via the insert_filter
2af16be6499b471788876210714090c7904e5b18vboxsync hook instead of during fixups. Add a safety check to ensure the
2af16be6499b471788876210714090c7904e5b18vboxsync filters cannot be inserted more than once. [Graham Leggett,
2af16be6499b471788876210714090c7904e5b18vboxsync Ruediger Pluem]
2af16be6499b471788876210714090c7904e5b18vboxsync *) core: Do not allow Options ALL if not all options are allowed to be
2af16be6499b471788876210714090c7904e5b18vboxsync overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
2af16be6499b471788876210714090c7904e5b18vboxsync *) ap_cache_cacheable_headers_out() will (now) always
2af16be6499b471788876210714090c7904e5b18vboxsync merge an error heaeders _before_ clearing them and _before_
2af16be6499b471788876210714090c7904e5b18vboxsync merging in the actual entity headers and doing normal
2af16be6499b471788876210714090c7904e5b18vboxsync hop-by-hop cleansing. [Dirk-Willem van Gulik].
2af16be6499b471788876210714090c7904e5b18vboxsync *) cache: retire ap_cache_cacheable_hdrs_out() which was used
2af16be6499b471788876210714090c7904e5b18vboxsync for both in- and out-put headers; and replace it by a single
2af16be6499b471788876210714090c7904e5b18vboxsync ap_cache_cacheable_headers() wrapped in a in- and out-put
2af16be6499b471788876210714090c7904e5b18vboxsync specific ap_cache_cacheable_headers_in()/out(). The latter
2af16be6499b471788876210714090c7904e5b18vboxsync which will also merge error and ensure content-type. To keep
2af16be6499b471788876210714090c7904e5b18vboxsync cache modules consistent with ease. This API change bumps
2af16be6499b471788876210714090c7904e5b18vboxsync up the minor MM by one [Dirk-Willem van Gulik].
2af16be6499b471788876210714090c7904e5b18vboxsync *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
2af16be6499b471788876210714090c7904e5b18vboxsync PR 44799 [Christian Wenz <christian wenz.org>]
2af16be6499b471788876210714090c7904e5b18vboxsync *) Move the KeptBodySize directive, kept_body filters and the
2af16be6499b471788876210714090c7904e5b18vboxsync ap_parse_request_body function out of the http module and into a
2af16be6499b471788876210714090c7904e5b18vboxsync new module called mod_request, reducing the size of the core.
2af16be6499b471788876210714090c7904e5b18vboxsync [Graham Leggett]
2af16be6499b471788876210714090c7904e5b18vboxsync *) mod_dbd: Handle integer configuration directive parameters with a
2af16be6499b471788876210714090c7904e5b18vboxsync dedicated function.
2af16be6499b471788876210714090c7904e5b18vboxsync *) Change the directives within the mod_session* modules to be valid
2af16be6499b471788876210714090c7904e5b18vboxsync both inside and outside the location/directory sections, as
2af16be6499b471788876210714090c7904e5b18vboxsync suggested by wrowe. [Graham Leggett]
2af16be6499b471788876210714090c7904e5b18vboxsync *) mod_auth_form: Add a module capable of allowing end users to log
2af16be6499b471788876210714090c7904e5b18vboxsync in using an HTML form, storing the credentials within mod_session.
2af16be6499b471788876210714090c7904e5b18vboxsync [Graham Leggett]
2af16be6499b471788876210714090c7904e5b18vboxsync *) Add a function to the http filters that is able to parse an HTML
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync form request with the type of application/x-www-form-urlencoded.
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync [Graham Leggett]
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync *) mod_session_crypto: Initialise SSL in the post config hook.
2af16be6499b471788876210714090c7904e5b18vboxsync [Ruediger Pluem, Graham Leggett]
2af16be6499b471788876210714090c7904e5b18vboxsync *) mod_session_dbd: Add a session implementation capable of storing
2af16be6499b471788876210714090c7904e5b18vboxsync session information in a SQL database via the dbd interface. Useful
2af16be6499b471788876210714090c7904e5b18vboxsync for sites where session privacy is important. [Graham Leggett]
2af16be6499b471788876210714090c7904e5b18vboxsync *) mod_session_crypto: Add a session encoding implementation capable
2af16be6499b471788876210714090c7904e5b18vboxsync of encrypting and decrypting sessions wherever they may be stored.
2af16be6499b471788876210714090c7904e5b18vboxsync Introduces a level of privacy when sessions are stored on the
2af16be6499b471788876210714090c7904e5b18vboxsync browser. [Graham Leggett]
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync *) mod_session_cookie: Add a session implementation capable of storing
9963731c7593f11a90ada81b3d409b1ae06cfb25vboxsync session information within cookies on the browser. Useful for high
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync volume sites where server bound sessions are too resource intensive.
9963731c7593f11a90ada81b3d409b1ae06cfb25vboxsync [Graham Leggett]
9963731c7593f11a90ada81b3d409b1ae06cfb25vboxsync *) mod_session: Add a generic session interface to unify the different
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync attempts at saving persistent sessions across requests.
9963731c7593f11a90ada81b3d409b1ae06cfb25vboxsync [Graham Leggett]
9963731c7593f11a90ada81b3d409b1ae06cfb25vboxsync *) core, authn/z: Avoid calling access control hooks for internal requests
9963731c7593f11a90ada81b3d409b1ae06cfb25vboxsync with configurations which match those of initial request. Revert to
9963731c7593f11a90ada81b3d409b1ae06cfb25vboxsync original behaviour (call access control hooks for internal requests
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync with URIs different from initial request) if any access control hooks or
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync providers are not registered as permitting this optimization.
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync Introduce wrappers for access control hook and provider registration
2af16be6499b471788876210714090c7904e5b18vboxsync which can accept additional mode and flag data. [Chris Darroch]
2af16be6499b471788876210714090c7904e5b18vboxsync *) mod_dav: Return "method not allowed" if the destination URI of a WebDAV
2af16be6499b471788876210714090c7904e5b18vboxsync copy / move operation is no DAV resource. PR 44734 [Ruediger Pluem]
2af16be6499b471788876210714090c7904e5b18vboxsync *) Introduced ap_expr API for expression evaluation.
2af16be6499b471788876210714090c7904e5b18vboxsync This is adapted from mod_include, which is the first module
2af16be6499b471788876210714090c7904e5b18vboxsync to use the new API.
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync *) mod_authz_dbd: When redirecting after successful login/logout per
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync AuthzDBDRedirectQuery, do not report authorization failure, and use
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync first row returned by database query instead of last row.
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync [Chris Darroch]
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync *) mod_rewrite: Initialize hash needed by ap_register_rewrite_mapfunc early
9963731c7593f11a90ada81b3d409b1ae06cfb25vboxsync enough. PR 44641 [Daniel Lescohier <daniel.lescohier cnet.com>]
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync *) mod_cache: Handle If-Range correctly if the cached resource was stale.
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync PR 44579 [Ruediger Pluem]
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync *) mod_ldap: Correctly return all requested attribute values
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync when some attributes have a null value.
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync PR 44560 [Anders Kaseorg <anders kaseorg.com>]
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync *) core: check symlink ownership if both FollowSymlinks and
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync SymlinksIfOwnerMatch are set [Nick Kew]
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync *) core: fix origin checking in SymlinksIfOwnerMatch
9963731c7593f11a90ada81b3d409b1ae06cfb25vboxsync PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
9963731c7593f11a90ada81b3d409b1ae06cfb25vboxsync *) mod_proxy: Do not try a direct connection if the connection via a
9963731c7593f11a90ada81b3d409b1ae06cfb25vboxsync remote proxy failed before and the request has a request body.
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync [Ruediger Pluem]
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync *) Added 'disablereuse' option for ProxyPass which, essentially,
2af16be6499b471788876210714090c7904e5b18vboxsync disables connection pooling for the backend servers.
2af16be6499b471788876210714090c7904e5b18vboxsync [Jim Jagielski]
2af16be6499b471788876210714090c7904e5b18vboxsync *) Activate mod_cache, mod_file_cache and mod_disc_cache as part of the
2af16be6499b471788876210714090c7904e5b18vboxsync 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
2af16be6499b471788876210714090c7904e5b18vboxsync mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
2af16be6499b471788876210714090c7904e5b18vboxsync *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these
2af16be6499b471788876210714090c7904e5b18vboxsync contain public function declarations which are useful for
2af16be6499b471788876210714090c7904e5b18vboxsync third party module authors. PR 42431 [Dirk-Willem van Gulik].
2af16be6499b471788876210714090c7904e5b18vboxsync *) mod_dir, mod_negotiation: pass the output filter information
2af16be6499b471788876210714090c7904e5b18vboxsync to newly created sub requests; as these are later on used
2af16be6499b471788876210714090c7904e5b18vboxsync as true requests with an internal redirect. This allows for
2af16be6499b471788876210714090c7904e5b18vboxsync mod_cache et.al. to trap the results of the redirect.
2af16be6499b471788876210714090c7904e5b18vboxsync [Dirk-Willem van Gulik, Ruediger Pluem]
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync *) mod_proxy_ajp: Do not retry request in the case that we either failed to
2af16be6499b471788876210714090c7904e5b18vboxsync sent a part of the request body or if the request is not idempotent.
2af16be6499b471788876210714090c7904e5b18vboxsync PR 44334 [Ruediger Pluem]
2af16be6499b471788876210714090c7904e5b18vboxsync *) mod_ldap: Add support (taking advantage of the new APR capability)
2af16be6499b471788876210714090c7904e5b18vboxsync for ldap rebind callback while chasing referrals. This allows direct
2af16be6499b471788876210714090c7904e5b18vboxsync searches on LDAP servers (in particular MS Active Directory 2003+)
c5c4462eb63dd7da16cb008ab9bbc1ec3d1a04e9vboxsync using referrals without the use of the global catalog.
2af16be6499b471788876210714090c7904e5b18vboxsync PRs 26538, 40268, and 42557 [Paul J. Reder]
PR 43596 [Dimitar Pashev <mitko banksoft-bg.com>]
PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
can be created with test/make_sni.sh [Dirk-Willem van Gulik].
*) ApacheMonitor.exe: Introduce --kill argument for use by the
PR 37064 [Kobayashi <kobayashi firstserver.co.jp>]
PR 41960 [Jose Kahan <jose w3.org>]
*) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
[Filip Hanik <devlist hanik.com>]
[David Jones <oscaremma gmail.com>]
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Stijn Hoop <stijn sandcat.nl>]
[Darryl Miles <darryl darrylmiles.org>]
[Niklas Edmundsson <nikke acc.umu.se>]
PR 39713. [Owen Taylor <otaylor redhat.com>]
final name. [Davi Arnaut <davi haxent.com.br>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later:
Changes with Apache 1.3.x and later: