CHANGES revision 7a6c86627922e38fa227943b9f888f96109681e5
c313914d0e66b20969215e519bbf2ab4ecf39512Tinderbox User -*- coding: utf-8 -*-
c80e152862cc3e3207dc837fde7116bd4c0e4b9dTinderbox UserChanges with Apache 2.3.7
8d1b3ceb4d491ce32572f1702f37ed585eede993Evan Hunt *) SECURITY: CVE-2009-3555 (cve.mitre.org)
d77cb075aae5595e460e3299bfc1e8ea5d42b560Evan Hunt mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
d77cb075aae5595e460e3299bfc1e8ea5d42b560Evan Hunt attack when compiled against OpenSSL version 0.9.8m or later. Introduces
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews and offer unsafe legacy renegotiation with clients which do not yet
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews support the new secure renegotiation protocol, RFC 5746.
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews [Joe Orton, and with thanks to the OpenSSL Team]
701a93f5a592e4652343e049aa495d409c3ee133Mark Andrews *) SECURITY: CVE-2009-3555 (cve.mitre.org)
7ec97ae74e42ec21b354fd2d1366313b41d947d6Evan Hunt mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
701a93f5a592e4652343e049aa495d409c3ee133Mark Andrews by rejecting any client-initiated renegotiations. Forcibly disable
701a93f5a592e4652343e049aa495d409c3ee133Mark Andrews keepalive for the connection if there is any buffered data readable. Any
002f1373374a0b72fc0329baa682917929bef168Tony Finch configuration which requires renegotiation for per-directory/location
002f1373374a0b72fc0329baa682917929bef168Tony Finch access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews *) SECURITY: CVE-2010-0408 (cve.mitre.org)
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews when request headers indicate a request body is incoming; not a case of
73cf0ba4e82c6baef638ecc4e31321223f841d28Mark Andrews HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
73cf0ba4e82c6baef638ecc4e31321223f841d28Mark Andrews *) SECURITY: CVE-2010-0425 (cve.mitre.org)
d8351dfc9b725b0d727be7acab6247d7d501d9a0Mark Andrews mod_isapi: Do not unload an isapi .dll module until the request
d8351dfc9b725b0d727be7acab6247d7d501d9a0Mark Andrews processing is completed, avoiding orphaned callback pointers.
d8351dfc9b725b0d727be7acab6247d7d501d9a0Mark Andrews [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
3a29ce9c08dd31709c73e7187aebda0d360c537bEvan Hunt *) mod_authnz_ldap: Ensure nested groups are checked when the
5c78f1f50e53d8e2ed51a187efc2c9a0f43b4b1bMark Andrews top-level group doesn't have any direct non-group members
f1740da065d4555039fe8bb53beb4153e3f94de3Mark Andrews of attributes in AuthLDAPGroupAttribute. [Eric Covener]
f1740da065d4555039fe8bb53beb4153e3f94de3Mark Andrews *) mod_authnz_ldap: Search or Comparison during authorization phase
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews can use the credentials from the authentication phase
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews PR 48340 [Domenico Rotiroti, Eric Covener]
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews *) mod_authnz_ldap: Allow the initial DN search during authentication
ad309e8dfa0601d6053aaa12770a98a6940f89deEvan Hunt to use the HTTP username/pass instead of an anonymous or hard-coded
ad309e8dfa0601d6053aaa12770a98a6940f89deEvan Hunt LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
635e4351b04fd61ca6d853bdac6268c090b55129Mark Andrews [Eric Covener]
fc04365d2f83f197c8a54545dd9cd4ce6a209940Mark Andrews *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
fc04365d2f83f197c8a54545dd9cd4ce6a209940Mark Andrews when this module is used for authorization. See AuthLDAPAuthorizePrefix.
7cbac360bf98c0a52b2d6866ad887616c32d4d3aMark Andrews PR 45584 [Eric Covener]
7cbac360bf98c0a52b2d6866ad887616c32d4d3aMark Andrews *) apxs -q: Stop filtering out ':' characters from the reported values.
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt PR 45343. [Bill Cole]
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt *) prefork MPM: Run cleanups for final request when process exits gracefully.
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt PR 43857. [Tom Donovan]
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt [Bryn Dole <dole blekko.com>]
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman *) Log an error for failures to read a chunk-size, and return 408 instead of
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman 413 when this is due to a read timeout. This change also fixes some cases
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman of two error documents being sent in the response for the same scenario.
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman [Eric Covener] PR49167
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman to control/set the nonce used in the balancer-manager application.
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews [Jim Jagielski]
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews [Stefan Fritsch]
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews *) Proxy balancer: support setting error status according to HTTP response
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt *) htcacheclean: Introduce the ability to clean specific URLs from the
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt cache, if provided as an optional parameter on the command line.
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt [Graham Leggett]
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont *) core: Introduce the IncludeStrict directive, which explicitly fails
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont server startup if no files or directories match a wildcard path.
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont [Graham Leggett]
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień *) htcacheclean: Report additional statistics about entries deleted.
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień PR 48944. [Mark Drayton mark markdrayton.info]
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
929329d2d66a7e1083c70a9c918381935bf12799Mukund Sivaraman builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
929329d2d66a7e1083c70a9c918381935bf12799Mukund Sivaraman build of openssl is required for 'SSLFIPS on'. PR 46270.
929329d2d66a7e1083c70a9c918381935bf12799Mukund Sivaraman [Dr Stephen Henson <steve openssl.org>, William Rowe]
ec29d217ba3a2bf3e617a7b5b6708ae221bee999Mark Andrews *) mod_proxy_http: Log the port of the remote server in various messages.
ec29d217ba3a2bf3e617a7b5b6708ae221bee999Mark Andrews PR 48812. [Igor Galić <i galic brainsware org>]
afefd754734f896bf3e0590177fff83e7cdfdf35Mark Andrews *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
afefd754734f896bf3e0590177fff83e7cdfdf35Mark Andrews connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
f0353a586c2bfbae999193cb644b6bc94c7944d8Mark Andrews *) mod_proxy_ajp: Really regard the operation a success, when the client
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt aborted the connection. In addition adjust the log message if the client
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt aborted the connection. [Ruediger Pluem]
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt allows insecure renegotiation with clients which do not yet
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt support the secure renegotiation protocol. [Joe Orton]
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt is configured for client cert auth. PR 46952. [Joe Orton]
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews *) core: Only log a 408 if it is no keepalive timeout. PR 39785
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews [Ruediger Pluem, Mark Montague <markmont umich.edu>]
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews *) support/rotatelogs: Add -L option to create a link to the current
adfe58e8e5cd1890585e92b67f1fd01989a1fa7dMark Andrews log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
adfe58e8e5cd1890585e92b67f1fd01989a1fa7dMark Andrews *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews setting only, matching most of the documentation and examples.
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews PR 46541 [Paul Reder, Eric Covener]
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
cb616c6d5c2ece1fac37fa6e0bca2b53d4043098Mark Andrews *) mod_negotiation: Preserve query string over multiviews negotiation.
cb616c6d5c2ece1fac37fa6e0bca2b53d4043098Mark Andrews This buglet was fixed for type maps in 2.2.6, but the same issue
c0a2210466dec0cc81ebf2ffbe21693b57b9c29cMark Andrews affected multiviews and was overlooked.
c0a2210466dec0cc81ebf2ffbe21693b57b9c29cMark Andrews PR 33112 [Joergen Thomsen <apache jth.net>]
534057c9f91a3eb6e0541f3526459c716239b337Mark Andrews *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
534057c9f91a3eb6e0541f3526459c716239b337Mark Andrews when some are not password-protected. [Eric Covener]
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews *) Fix startup segfault when the Mutex directive is used but no loaded
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews modules use httpd mutexes. PR 48787. [Jeff Trawick]
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews *) Proxy: get the headers right in a HEAD request with
f7f4730e563a2749629fe7fef4cd9513cd2bfab7Mark Andrews ProxyErrorOverride, by checking for an overridden error
f7f4730e563a2749629fe7fef4cd9513cd2bfab7Mark Andrews before not after going into a catch-all code path.
1848d38f441ebf70ab21f6151bc3487a92d25b63Mark Andrews PR 41646. [Nick Kew, Stuart Children]
2d82ed9456e72dc4373bea19d63411afe1c48962Mark Andrews *) support/rotatelogs: Support the simplest log rotation case, log
2d82ed9456e72dc4373bea19d63411afe1c48962Mark Andrews truncation. Useful when the log is being processed in real time
2d82ed9456e72dc4373bea19d63411afe1c48962Mark Andrews using a command like tail. [Graham Leggett]
a5a1cbece45e6ca68aafe3b9b995eac6b0f45dd2Mark Andrews *) support/htcacheclean: Teach it how to write a pid file (modelled on
0d6328ce5f6b799f8e7c6cbbb3b965cf29bfb7baMark Andrews httpd's writing of a pid file) so that it becomes possible to run
0d6328ce5f6b799f8e7c6cbbb3b965cf29bfb7baMark Andrews more than one instance of htcacheclean on the same machine.
0d6328ce5f6b799f8e7c6cbbb3b965cf29bfb7baMark Andrews [Graham Leggett]
677f507de7c546c187c1505c48bc7b440545485cMark Andrews *) Log command line on startup, so there's a record of command line
677f507de7c546c187c1505c48bc7b440545485cMark Andrews arguments like -f. PR 48752. [Dan Poirier]
124cc0660c7eff8021c2422fb47441e9ca08b3f9Tinderbox User *) Introduce mod_reflector, a handler capable of reflecting POSTed
e01ef6f01c7e8f80122cd80a2e011425a0135489Mark Andrews request bodies back within the response through the output filter
677f507de7c546c187c1505c48bc7b440545485cMark Andrews stack. Can be used to turn an output filter into a web service.
677f507de7c546c187c1505c48bc7b440545485cMark Andrews [Graham Leggett]
677f507de7c546c187c1505c48bc7b440545485cMark Andrews *) mod_proxy_http: Make sure that when an ErrorDocument is served
677f507de7c546c187c1505c48bc7b440545485cMark Andrews from a reverse proxied URL, that the subrequest respects the status
677f507de7c546c187c1505c48bc7b440545485cMark Andrews of the original request. This brings the behaviour of proxy_handler
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews in line with default_handler. PR 47106. [Graham Leggett]
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews *) Support wildcards in both the directory and file components of
677f507de7c546c187c1505c48bc7b440545485cMark Andrews the path specified by the Include directive. [Graham Leggett]
677f507de7c546c187c1505c48bc7b440545485cMark Andrews *) mod_proxy, mod_proxy_http: Support remote https proxies
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews by using HTTP CONNECT. PR 19188.
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt [Philip M. Gollucci]
81e3e3084980afcd61416f572c6e72d38a3808abMichał KępieńChanges with Apache 2.3.6
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień *) worker: Don't report server has reached MaxClients until it has.
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień Add message when server gets within MinSpareThreads of MaxClients.
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews PR 46996. [Dan Poirier]
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews *) mod_session: Session expiry was being initialised, but not updated
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews on each session save, resulting in timed out sessions when there
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews should not have been. Fixed. [Graham Leggett]
75505befa93c993aa5d2df24a2b64eac0c34cbffMark Andrews *) mod_log_config: Add the R option to log the handler used within the
75505befa93c993aa5d2df24a2b64eac0c34cbffMark Andrews request. [Christian Folini <christian.folini netnea com>]
a38f07c73790170842e4523b4a474d01ca0dede1Michał Kępień *) mod_include: Allow fine control over the removal of Last-Modified and
a38f07c73790170842e4523b4a474d01ca0dede1Michał Kępień ETag headers within the INCLUDES filter, making it possible to cache
a38f07c73790170842e4523b4a474d01ca0dede1Michał Kępień responses if desired. Fix the default value of the SSIAccessEnable
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews directive. [Graham Leggett]
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews *) Add new UnDefine directive to undefine a variable. PR 35350.
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews [Stefan Fritsch]
1f4a3c7088594d1b64cd734eb69e1fd023fde8bfMichał Kępień *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
1f4a3c7088594d1b64cd734eb69e1fd023fde8bfMichał Kępień for regex backreferences as mod_rewrite and mod_include: Remove the use
91827e6fd3851a5fe129ef5409ff45833ca01a0eMark Andrews of '&' as an alias for '$0' and allow to escape any character with a
91827e6fd3851a5fe129ef5409ff45833ca01a0eMark Andrews backslash. PR 48351. [Stefan Fritsch]
35aae5884f410180706a89a9715bf9a85eeeb4b7Michał Kępień *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
35aae5884f410180706a89a9715bf9a85eeeb4b7Michał Kępień password to UTF-8. PR 45318.
35aae5884f410180706a89a9715bf9a85eeeb4b7Michał Kępień [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
57b1d64d9ae12d56973716e96f9743a00d47af4aMichał Kępień *) ab: Fix calculation of requests per second in HTML output. PR 48594.
57b1d64d9ae12d56973716e96f9743a00d47af4aMichał Kępień [Stefan Fritsch]
2d517e233ff3b3fcd272eb5b2e2d3db6d31a1681Michał Kępień *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
2d517e233ff3b3fcd272eb5b2e2d3db6d31a1681Michał Kępień password now result in an informational level log entry instead of
09c3efda414314d7edcfb2aed9463fb935fc95a6Mark Andrews warning level. [Eric Covener]
86d2f9abc8493321aacb0d540485de4d562fb734Mark AndrewsChanges with Apache 2.3.5
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews *) SECURITY: CVE-2010-0434 (cve.mitre.org)
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews Ensure each subrequest has a shallow copy of headers_in so that the
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews parent request headers are not corrupted. Eliminates a problematic
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews optimization in the case of no request body. PR 48359
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews [Jake Scott, William Rowe, Ruediger Pluem]
09c3efda414314d7edcfb2aed9463fb935fc95a6Mark Andrews *) Turn static function get_server_name_for_url() into public
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews ap_get_server_name_for_url() and use it where appropriate. This
c7e57ce1b0bca9bc7da14bec485f7a7e3e4c761fMichał Kępień fixes mod_rewrite generating invalid URLs for redirects to IPv6
c7e57ce1b0bca9bc7da14bec485f7a7e3e4c761fMichał Kępień literal addresses. [Stefan Fritsch]
3ed16e796dba90c96933c8a8a3f5b9404d8d3e61Mark Andrews *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
3ed16e796dba90c96933c8a8a3f5b9404d8d3e61Mark Andrews for LDAP operations like bind and search. [Stefan Fritsch]
14d8a144779b54b103d2da741a2242bf5f9052f7Mark Andrews *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
14d8a144779b54b103d2da741a2242bf5f9052f7Mark Andrews mod_proxy_ftp. [Takashi Sato]
70e041bea19b6ad9522b89c2299ad315a2deaafdMark Andrews *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
70e041bea19b6ad9522b89c2299ad315a2deaafdMark Andrews mod_proxy_connect. [Takashi Sato]
67247b4a8304bac790648a351a95b8b0f4c512a6Mark Andrews *) mod_cache: Do an exact match of the keys defined by
67247b4a8304bac790648a351a95b8b0f4c512a6Mark Andrews CacheIgnoreURLSessionIdentifiers against the querystring instead of
eeb919b6f572e033d97cf001e4cd44aaff54e5dcMichał Kępień a partial match. PR 48401.
eeb919b6f572e033d97cf001e4cd44aaff54e5dcMichał Kępień [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
a55438eda32ecebf43ead45b216662b7923a465fMark Andrews *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
a55438eda32ecebf43ead45b216662b7923a465fMark Andrews *) Core HTTP: disable keepalive when the Client has sent
8de17f83cafa91a5720dd0b8c1aee5f47f6d7f09Evan Hunt Expect: 100-continue
8de17f83cafa91a5720dd0b8c1aee5f47f6d7f09Evan Hunt but we respond directly with a non-100 response.
8de17f83cafa91a5720dd0b8c1aee5f47f6d7f09Evan Hunt Keepalive here led to data from clients continuing being treated as
9789e54e55b61b669fb31a8b70e9655e8357dda2Mark Andrews a new request.
9789e54e55b61b669fb31a8b70e9655e8357dda2Mark Andrews PR 47087 [Nick Kew]
f8362536c647625e602c8450a778a2b7ba90c9f4Mark Andrews *) Core: reject NULLs in request line or request headers.
f8362536c647625e602c8450a778a2b7ba90c9f4Mark Andrews PR 43039 [Nick Kew]
24231e53a5c3079431f84dcddfee1e761fec7329Mark Andrews *) Core: (re)-introduce -T commandline option to suppress documentroot
24231e53a5c3079431f84dcddfee1e761fec7329Mark Andrews check at startup.
24231e53a5c3079431f84dcddfee1e761fec7329Mark Andrews PR 41887 [Jan van den Berg <janvdberg gmail.com>]
4b669b69bae7dedda2faa09a7ade247499c1d49cMichał Kępień *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
4b669b69bae7dedda2faa09a7ade247499c1d49cMichał Kępień ScanHTMLTitles, ReadmeName, HeaderName
4b669b69bae7dedda2faa09a7ade247499c1d49cMichał Kępień PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
eb11b39981689e4a20fbe95e533577eacab992b4Mukund Sivaraman *) Proxy: Fix ProxyPassReverse with relative URL
eb11b39981689e4a20fbe95e533577eacab992b4Mukund Sivaraman Derived (slightly erroneously) from PR 38864 [Nick Kew]
8daeae9b01a2b7eb9fd6511b352b03bd7d96ae79Michał Kępień *) mod_headers: align Header Edit with Header Set when used on Content-Type
e7c0f978425f45731b08be1363f20626b0344f23Evan Hunt PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
01967d183990e44752fe61f193dab9c04c3afd9cEvan Hunt *) mod_headers: Enable multi-match-and-replace edit option
01967d183990e44752fe61f193dab9c04c3afd9cEvan Hunt PR 47066 [Nick Kew]
575e9d9e4b6beaae688f107814a320b91243a4b2Mark Andrews *) mod_filter: enable it to act on non-200 responses.
575e9d9e4b6beaae688f107814a320b91243a4b2Mark Andrews PR 48377 [Nick Kew]
575e9d9e4b6beaae688f107814a320b91243a4b2Mark AndrewsChanges with Apache 2.3.4
7c442d7fe06bc95432af7513764e5cc85e133648Evan Hunt *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
7c442d7fe06bc95432af7513764e5cc85e133648Evan Hunt and WatchdogMutexPath with a single Mutex directive. Add APIs to
7c442d7fe06bc95432af7513764e5cc85e133648Evan Hunt simplify setup and user customization of APR proc and global mutexes.
5e1ca7a326741a8f74e6f2b907c7e1fbf428bf80Michał Kępień (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
5e1ca7a326741a8f74e6f2b907c7e1fbf428bf80Michał Kępień respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
5e1ca7a326741a8f74e6f2b907c7e1fbf428bf80Michał Kępień *) http_core: KeepAlive no longer accepts other than On|Off.
ba93bc80a7bce5ba07b2f98e68f0f57402f2459cMark Andrews [Takashi Sato]
8ed107eab48687887d45a1ceb18b712bc7209dbaTinderbox User *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
ba93bc80a7bce5ba07b2f98e68f0f57402f2459cMark Andrews and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
5f103158280fb2e814db305f917aa42040221623Mark Andrews [Jeff Trawick]
5f103158280fb2e814db305f917aa42040221623Mark Andrews *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
5f103158280fb2e814db305f917aa42040221623Mark Andrews try other providers in the case of an LDAP bind failure.
e5715e1fe12e5ad17522bd41c31e637c869d27b7Evan Hunt PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
b7b76d6b855cd4c1152c26d34fb61af05f965c5eEvan Hunt *) Build: fix --with-module to work as documented
b7b76d6b855cd4c1152c26d34fb61af05f965c5eEvan HuntChanges with Apache 2.3.3
764e2f3413ca89d09abffb3eb228c8c820bf08b8Mark Andrews *) SECURITY: CVE-2009-3095 (cve.mitre.org)
764e2f3413ca89d09abffb3eb228c8c820bf08b8Mark Andrews mod_proxy_ftp: sanity check authn credentials.
764e2f3413ca89d09abffb3eb228c8c820bf08b8Mark Andrews [Stefan Fritsch <sf fritsch.de>, Joe Orton]
a06198688faca5c7bc1a35ec0ec18bc68c07691cEvan Hunt *) SECURITY: CVE-2009-3094 (cve.mitre.org)
a06198688faca5c7bc1a35ec0ec18bc68c07691cEvan Hunt mod_proxy_ftp: NULL pointer dereference on error paths.
50433a667cf0ed3ac7807768b745b0d870ff8c8bMark Andrews [Stefan Fritsch <sf fritsch.de>, Joe Orton]
50433a667cf0ed3ac7807768b745b0d870ff8c8bMark Andrews *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
3c12bec945ee71a38c5ba6f624abd12e2da7eea5Mark Andrews OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
f44202ab640d22e17b4c74bdad7817622918bd27Mark Andrews *) mod_dav: Include uri when logging a PUT error due to connection abort.
f44202ab640d22e17b4c74bdad7817622918bd27Mark Andrews PR 38149. [Stefan Fritsch]
ad9772c559c6aa42f8930f4acf1a2d833a08040aMichał Kępień *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
ad9772c559c6aa42f8930f4acf1a2d833a08040aMichał Kępień resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
ad9772c559c6aa42f8930f4acf1a2d833a08040aMichał Kępień *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
5d7d67f82a8913fae5f1098e111fe50edb86cd5bEvan Hunt (a COPY request where the parent of the destination resource does not
5d7d67f82a8913fae5f1098e111fe50edb86cd5bEvan Hunt exist). PR 39299. [Stefan Fritsch]
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt PR 42896. [Stefan Fritsch]
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
56e30ebae6fdb0bdf94419caff3a43fb2d16c5dfEvan Hunt creating files. On systems with inode numbers, this is a format change of
56e30ebae6fdb0bdf94419caff3a43fb2d16c5dfEvan Hunt the DavLockDB. The old DavLockDB must be deleted on upgrade.
56e30ebae6fdb0bdf94419caff3a43fb2d16c5dfEvan Hunt [Stefan Fritsch]
56e30ebae6fdb0bdf94419caff3a43fb2d16c5dfEvan Hunt *) mod_log_config: Make ${cookie}C correctly match whole cookie names
c85920c0b4b2d4dc605c0b1d355881925bf410afMark Andrews instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
c85920c0b4b2d4dc605c0b1d355881925bf410afMark Andrews Stefan Fritsch]
0612274565d80e0ad87a19920e561cce5bddb05bEvan Hunt *) vhost: A purely-numeric Host: header should not be treated as a port.
0612274565d80e0ad87a19920e561cce5bddb05bEvan Hunt PR 44979 [Nick Kew]
f592d2f76cac7115038124c510d2ba3050334b4dEvan Hunt *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
f592d2f76cac7115038124c510d2ba3050334b4dEvan Hunt when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
f592d2f76cac7115038124c510d2ba3050334b4dEvan Hunt LDAPReferralHopLimit is explicitly configured.
f592d2f76cac7115038124c510d2ba3050334b4dEvan Hunt [Eric Covener]
4ee1fbe056e812e661b856b4b448296331a40249Michał Kępień *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
4ee1fbe056e812e661b856b4b448296331a40249Michał Kępień [Eric Covener]
1c8aa38b53a0494fc7d4c3439594d1913987f264Mark Andrews *) mod_ssl: Add support for OCSP Stapling. PR 43822.
1c8aa38b53a0494fc7d4c3439594d1913987f264Mark Andrews [Dr Stephen Henson <shenson oss-institute.org>]
1c8aa38b53a0494fc7d4c3439594d1913987f264Mark Andrews *) mod_socache_shmcb: Allow parens in file name if cache size is given.
43d53a4e4b2f0f9482485a8ab764137a9898ab32Evan Hunt Fixes SSLSessionCache directive mis-parsing parens in pathname.
43d53a4e4b2f0f9482485a8ab764137a9898ab32Evan Hunt PR 47945. [Stefan Fritsch]
b1ce9b3d54cd072adb5275f08a9afac31cfb4c1cMichał Kępień *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
b1ce9b3d54cd072adb5275f08a9afac31cfb4c1cMichał Kępień *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
b1ce9b3d54cd072adb5275f08a9afac31cfb4c1cMichał Kępień *) mod_sed: Reduce memory consumption when processing very long lines.
b1ce9b3d54cd072adb5275f08a9afac31cfb4c1cMichał Kępień PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
b1ce9b3d54cd072adb5275f08a9afac31cfb4c1cMichał Kępień *) ab: Fix segfault in case the argument for -n is a very large number.
b1ce9b3d54cd072adb5275f08a9afac31cfb4c1cMichał Kępień PR 47178. [Philipp Hagemeister <oss phihag.de>]
5fa4be41a383cfbf5e1d195b18c04bdbf5603710Evan Hunt *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
5fa4be41a383cfbf5e1d195b18c04bdbf5603710Evan Hunt [Stefan Fritsch]
2732d4922c2e72a399204320791acfd2fd3d6c7cMark Andrews *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
2732d4922c2e72a399204320791acfd2fd3d6c7cMark Andrews for worker MPM. [Takashi Sato]
24ffba17f06746257d5c009ca8ebfe6043966d20Evan Hunt *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
24ffba17f06746257d5c009ca8ebfe6043966d20Evan Hunt from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
24ffba17f06746257d5c009ca8ebfe6043966d20Evan Hunt Brian France <brian brianfrance.com>]
21d58795b10a13fa7ac306f7146bdcb58b2e5165Mark Andrews *) Build: Use install instead of cp if available on installing
21d58795b10a13fa7ac306f7146bdcb58b2e5165Mark Andrews modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
d5bd8bb71a8970d4ebc4701b3e9ec3efef4954b7Evan Hunt *) mod_cache: correctly consider s-maxage in cacheability
d5bd8bb71a8970d4ebc4701b3e9ec3efef4954b7Evan Hunt decisions. [Dan Poirier]
d5bd8bb71a8970d4ebc4701b3e9ec3efef4954b7Evan Hunt *) mod_logio/core: Report more accurate byte counts in mod_status if
d5bd8bb71a8970d4ebc4701b3e9ec3efef4954b7Evan Hunt mod_logio is loaded. PR 25656. [Stefan Fritsch]
ad1317338af79edad878c9c3e4361798503310baMark Andrews *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
ad1317338af79edad878c9c3e4361798503310baMark Andrews some cache entries and log a warning. Also increase the default
9519bb92d7f3f35015aecb84954dd21607cc2c80Evan Hunt LDAPSharedCacheSize to 500000. This is a more realistic size suitable
9519bb92d7f3f35015aecb84954dd21607cc2c80Evan Hunt for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
9519bb92d7f3f35015aecb84954dd21607cc2c80Evan Hunt PR 46749. [Stefan Fritsch]
1c81aef28ddf0905344cc58dd3ea0ca539ef1414Evan Hunt *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
1c81aef28ddf0905344cc58dd3ea0ca539ef1414Evan Hunt the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
da1f585afa8c103508c759142d6aed4edae6936eMark Andrews *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
da1f585afa8c103508c759142d6aed4edae6936eMark Andrews Location section, in line with how ProxyPass works. [Graham Leggett]
a8fa3e2d44ce6a8f4069d8f4229d29f5ba6a4a27Mukund Sivaraman *) mod_reqtimeout: New module to set timeouts and minimum data rates for
a8fa3e2d44ce6a8f4069d8f4229d29f5ba6a4a27Mukund Sivaraman receiving requests from the client. [Stefan Fritsch]
d71d41341d36ddfd347daab982f0cb85d3dd7c4eMark Andrews *) core: Fix potential memory leaks by making sure to not destroy
d71d41341d36ddfd347daab982f0cb85d3dd7c4eMark Andrews bucket brigades that have been created by earlier filters.
d72952cf254b71c44e5e956a306016a5be9b9c38Mark Andrews [Stefan Fritsch]
aae171c5421ac2ba665ff122e004e753e62bac45Mark Andrews *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
aae171c5421ac2ba665ff122e004e753e62bac45Mark Andrews brigades in several places. [Stefan Fritsch]
6b183c64a3281491f8232959a5ece303b4499706Mark Andrews *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
5a8f2f0cd67a5dd93d95e6a0935d4805721c3a0bMichał Kępień match by scheme, or by a wildcarded hostname. PR 40169
5a8f2f0cd67a5dd93d95e6a0935d4805721c3a0bMichał Kępień [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
5a8f2f0cd67a5dd93d95e6a0935d4805721c3a0bMichał Kępień *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
5a8f2f0cd67a5dd93d95e6a0935d4805721c3a0bMichał Kępień on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
e2cc7418bf895d22854d84590b63905fac0d4b90Mark Andrews *) mod_mime: Make RemoveType override the info from TypesConfig.
36ec0d374836d070ba05b495e6f0a27f60e94476Evan Hunt PR 38330. [Stefan Fritsch]
36ec0d374836d070ba05b495e6f0a27f60e94476Evan Hunt *) mod_cache: Introduce the option to run the cache from within the
e446fd29b9c6c4a7b6b5bb0aee3932578c346718Mukund Sivaraman normal request handler, and to allow fine grained control over
f896f7c8be894a737998b97008a1389e72972fcfMukund Sivaraman where in the filter chain content is cached. [Graham Leggett]
027a4a5b5d806290146ce4989d34be2c8a664e8cMukund Sivaraman *) core: Treat timeout reading request as 408 error, not 400.
027a4a5b5d806290146ce4989d34be2c8a664e8cMukund Sivaraman Log 408 errors in access log as was done in Apache 1.3.x.
b5252fcde512405a68dd4becfe683d9763bd0feaMukund Sivaraman PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
b5252fcde512405a68dd4becfe683d9763bd0feaMukund Sivaraman Stefan Fritsch <sf fritsch.de>, Dan Poirier]
b5252fcde512405a68dd4becfe683d9763bd0feaMukund Sivaraman *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
b5252fcde512405a68dd4becfe683d9763bd0feaMukund Sivaraman SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
99056063905a9273ec59cf477ae747e0490182b7Mukund Sivaraman [Peter Sylvester <peter.sylvester edelweb.fr>]
99056063905a9273ec59cf477ae747e0490182b7Mukund Sivaraman *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
62f2fefaec754e6a4841ff0e72726e6c0cd89c86Michał Kępień PR15866. [Dan Poirier]
62f2fefaec754e6a4841ff0e72726e6c0cd89c86Michał Kępień *) ab: ab segfaults in verbose mode on https sites
62f2fefaec754e6a4841ff0e72726e6c0cd89c86Michał Kępień PR46393. [Ryan Niebur]
b351a5864727a390e06d787e522b141ca760590fMichał Kępień *) mod_dav: Allow other modules to become providers and add resource types
b351a5864727a390e06d787e522b141ca760590fMichał Kępień to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
b351a5864727a390e06d787e522b141ca760590fMichał Kępień Brian France <brian brianfrance.com>]
b351a5864727a390e06d787e522b141ca760590fMichał Kępień *) mod_dav: Allow other modules to add things to the DAV or Allow headers
b351a5864727a390e06d787e522b141ca760590fMichał Kępień of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
8008de0b11bacb3de3a1016c8c0a46f3c0653184Mark Andrews Brian France <brian brianfrance.com>]
8008de0b11bacb3de3a1016c8c0a46f3c0653184Mark Andrews *) core: Lower memory usage of core output filter.
8008de0b11bacb3de3a1016c8c0a46f3c0653184Mark Andrews [Stefan Fritsch <sf sfritsch.de>]
7b4bfc0201ffbcd64a336b99c945891808c44af0Mark Andrews *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
7b4bfc0201ffbcd64a336b99c945891808c44af0Mark Andrews LocationMatch sections. PR47754. [Dan Poirier]
7cd594b8427fe742d44295790ba367e1de22a47dEvan Hunt *) mod_request: Make sure the KeptBodySize directive rejects values
7cd594b8427fe742d44295790ba367e1de22a47dEvan Hunt that aren't valid numbers. [Graham Leggett]
c76e8412f4ff4f5945157410312df2a8950f942dMark Andrews *) mod_session_crypto: Sanity check should the potentially encrypted
c76e8412f4ff4f5945157410312df2a8950f942dMark Andrews session cookie be too short. [Graham Leggett]
a2a0100e0fc73c0af67a7c9e3524816954448dc6Evan Hunt *) mod_session.c: Prevent a segfault when session is added but not
a2a0100e0fc73c0af67a7c9e3524816954448dc6Evan Hunt configured. [Graham Leggett]
1feffc6fdb1ba386b22d45ea2d2f1613e717cb9eMark Andrews *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
1feffc6fdb1ba386b22d45ea2d2f1613e717cb9eMark Andrews *) mod_auth_digest: Fail server start when nonce count checking
22bed621ef87bc8b6c1fea599b02c4b38dd6bf48Mark Andrews is configured without shared memory, or md5-sess algorithm is
22bed621ef87bc8b6c1fea599b02c4b38dd6bf48Mark Andrews configured. [Dan Poirier]
68d7ff133c9a1b8cfe683c70e997d83395ffd155Evan Hunt *) mod_proxy_connect: The connect method doesn't work if the client is
68d7ff133c9a1b8cfe683c70e997d83395ffd155Evan Hunt connecting to the apache proxy through an ssl socket. Fixed.
68d7ff133c9a1b8cfe683c70e997d83395ffd155Evan Hunt PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
e5f5675b1da287ed40aeff081ad2af86090e8d17Evan Hunt David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
e5f5675b1da287ed40aeff081ad2af86090e8d17Evan Hunt Kevin Croft, Rudolf Cardinal]
29f0ced781d745591fd058e530a68a281cd7a510Evan Hunt *) mod_ssl: The error message when SSLCertificateFile is missing should
29f0ced781d745591fd058e530a68a281cd7a510Evan Hunt at least give the name or position of the problematic virtual host
29f0ced781d745591fd058e530a68a281cd7a510Evan Hunt definition. [Stefan Fritsch sf sfritsch.de]
b9fd54f8d4572fe5dcaf9d4b74f6ecb8027cc450Evan Hunt *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
fcb5e646e4d775539e348fa21ba13307f2695bf5Mark Andrews *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
fcb5e646e4d775539e348fa21ba13307f2695bf5Mark Andrews *) mod_headers: generalise the envclause to support expression
a22c3cf51567651f74aee5c263c597b8d752c2ccMichał Kępień evaluation with ap_expr parser [Nick Kew]
a22c3cf51567651f74aee5c263c597b8d752c2ccMichał Kępień *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
a22c3cf51567651f74aee5c263c597b8d752c2ccMichał Kępień the flood of requests at bay that strike a backend webserver as
b301c4293c082fcce4ec26218e6fad346976eb9eMark Andrews a cached entity goes stale. [Graham Leggett]
b301c4293c082fcce4ec26218e6fad346976eb9eMark Andrews *) mod_auth_digest: Fix usage of shared memory and re-enable it.
5c4e0c7800b5c7783e7f8b9ce80a6f8dc47f8856Mark Andrews PR 16057 [Dan Poirier]
5c4e0c7800b5c7783e7f8b9ce80a6f8dc47f8856Mark Andrews *) Preserve Port information over internal redirects
6e1f755f19ef244422e1efa4551fe23775e1a38cMark Andrews *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
435a7cd2293dfa9264678508762ab9acb8d41e50Mark Andrews rather than BAD_GATEWAY or (especially) NOT_FOUND.
435a7cd2293dfa9264678508762ab9acb8d41e50Mark Andrews PR 46971 [evanc nortel.com]
b7a823a402eb5c4e99f283e58d778a903d2e72f5Michał Kępień *) Various modules: Do better checking of pollset operations in order to
b7a823a402eb5c4e99f283e58d778a903d2e72f5Michał Kępień avoid segmentation faults if they fail. PR 46467
b7a823a402eb5c4e99f283e58d778a903d2e72f5Michał Kępień [Stefan Fritsch <sf sfritsch.de>]
031bc55634f443c7c70fbf44c6ac6d8abe72f22bEvan Hunt *) mod_autoindex: Correctly create an empty cell if the description
031bc55634f443c7c70fbf44c6ac6d8abe72f22bEvan Hunt for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews *) ab: Fix broken error messages after resolver or connect() failures.
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews [Jeff Trawick]
0aadc6dd7b719539445e7a0a058b15dd9d982a9bMichał Kępień *) SECURITY: CVE-2009-1890 (cve.mitre.org)
0aadc6dd7b719539445e7a0a058b15dd9d982a9bMichał Kępień Fix a potential Denial-of-Service attack against mod_proxy in a
0aadc6dd7b719539445e7a0a058b15dd9d982a9bMichał Kępień reverse proxy configuration, where a remote attacker can force a
0aadc6dd7b719539445e7a0a058b15dd9d982a9bMichał Kępień proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
f20ff8b74d21fa3e3f071544f6fd060d015cf27eMichał Kępień *) SECURITY: CVE-2009-1191 (cve.mitre.org)
f20ff8b74d21fa3e3f071544f6fd060d015cf27eMichał Kępień mod_proxy_ajp: Avoid delivering content from a previous request which
f20ff8b74d21fa3e3f071544f6fd060d015cf27eMichał Kępień failed to send a request body. PR 46949 [Ruediger Pluem]
7ff682f3c628d785048bbe0242e6a32ea26c6747Michał Kępień *) htdbm: Fix possible buffer overflow if dbm database has very
7ff682f3c628d785048bbe0242e6a32ea26c6747Michał Kępień long values. PR 30586 [Dan Poirier]
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień *) core: Return APR_EOF if request body is shorter than the length announced
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
abcea74291c37abf68be4e06997c59e5494f06adMark Andrews *) mod_suexec: correctly set suexec_enabled when httpd is run by a
abcea74291c37abf68be4e06997c59e5494f06adMark Andrews non-root user and may have insufficient permissions.
abcea74291c37abf68be4e06997c59e5494f06adMark Andrews PR 42175 [Jim Radford <radford blackbean.org>]
d748d8a4afc200800f6289683361a393b15ba6bfMichał Kępień *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
d748d8a4afc200800f6289683361a393b15ba6bfMichał Kępień type. PR 45107. [Michael Ströder <michael stroeder.com>,
cbb33c87f4bcf415c840acb61c9d4642c3c2a8e0Michał Kępień Peter Sylvester <peter.sylvester edelweb.fr>]
cbb33c87f4bcf415c840acb61c9d4642c3c2a8e0Michał Kępień *) mod_proxy_http: fix case sensitivity checking transfer encoding
324b00ad4950b00346f5ba2382a51709bd82afe9Mark Andrews PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
296f5969a8dd6e3d1bb3761569c6a7070abd2e47Tinderbox User *) mod_alias: ensure Redirect issues a valid URL.
4dc6fa1e92af7a62875b6f6f2931beefd58cb4faEvan Hunt PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
4dc6fa1e92af7a62875b6f6f2931beefd58cb4faEvan Hunt *) mod_dir: add FallbackResource directive, to enable admin to specify
b81b178ab919bdbd92021cfc7e6e8d971cd38e83Mark Andrews an action to happen when a URL maps to no file, without resorting
b81b178ab919bdbd92021cfc7e6e8d971cd38e83Mark Andrews to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
bf216589c1a81e4431653a145b252b6ce367d7cdMark Andrews *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
bf216589c1a81e4431653a145b252b6ce367d7cdMark Andrews CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
7dbeb5e7f067585abfb12fac314a0d2a8f0dd040Evan Hunt *) mod_rewrite: Remove locking for writing to the rewritelog.
6e10f87913db176724e89b52e686b0992898da75Mukund Sivaraman PR 46942 [Dan Poirier <poirier pobox.com>]
6e10f87913db176724e89b52e686b0992898da75Mukund Sivaraman *) mod_alias: check sanity in Redirect arguments.
6e10f87913db176724e89b52e686b0992898da75Mukund Sivaraman PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
37f6466aa327a5b444e41c8cb57ab5caacfe6279Evan Hunt *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
37f6466aa327a5b444e41c8cb57ab5caacfe6279Evan Hunt PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
37f6466aa327a5b444e41c8cb57ab5caacfe6279Evan Hunt *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
4162d3b36d1a3c25724c7e37ce839f67b2352bbbMark Andrews defined session identifiers encoded in the URL when caching.
4162d3b36d1a3c25724c7e37ce839f67b2352bbbMark Andrews [Ruediger Pluem]
ce6f0c122140647b5652c0d4de523c994fcfea08Michał Kępień *) mod_rewrite: Fix the error string returned by RewriteRule.
ce6f0c122140647b5652c0d4de523c994fcfea08Michał Kępień RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
f72f5879424ce4081893b306b8c31f29fe9205e0Evan Hunt argument of RewriteRule was not started with "[" or not ended with "]".
f72f5879424ce4081893b306b8c31f29fe9205e0Evan Hunt PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
f72f5879424ce4081893b306b8c31f29fe9205e0Evan Hunt *) Windows: Fix usage message.
f72f5879424ce4081893b306b8c31f29fe9205e0Evan Hunt [Rainer Jung]
1073e2001caee13cc1fa52de97feddd633d50fd8Evan Hunt *) apachectl: When passing through arguments to httpd in
1073e2001caee13cc1fa52de97feddd633d50fd8Evan Hunt non-SysV mode, use the "$@" syntax to preserve arguments.
1073e2001caee13cc1fa52de97feddd633d50fd8Evan Hunt [Eric Covener]
78608b0a454246d0e1e0169f1d671b8427e48199Francis Dupont *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
11c4e6d8fcc9bc148543c1ee632315e096d2bcf2Michał Kępień be run when a connection is opened. PR 46827
11c4e6d8fcc9bc148543c1ee632315e096d2bcf2Michał Kępień [Marko Kevac <mkevac gmail.com>]
59122481b2aa65de4518677c6949f03711d2553aEvan Hunt *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
59122481b2aa65de4518677c6949f03711d2553aEvan Hunt PR 47037. [Jeff Trawick]
59122481b2aa65de4518677c6949f03711d2553aEvan Hunt *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
fe6d2fd8338d6f6ac4c79bea9a8daad903460040Evan Hunt protocol. [Mladen Turk]
fe6d2fd8338d6f6ac4c79bea9a8daad903460040Evan Hunt *) mod_proxy_ajp: Forward remote port information by default.
fe6d2fd8338d6f6ac4c79bea9a8daad903460040Evan Hunt [Rainer Jung]
05a456499af940762d6658366abafb220c5053ccMark Andrews *) Allow MPMs to be loaded dynamically, as with most other modules. Use
05a456499af940762d6658366abafb220c5053ccMark Andrews --enable-mpms-shared={list|"all"} to enable. This required changes to
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0Mark Andrews the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0Mark Andrews header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0Mark Andrews ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0Mark Andrews called until after the register-hooks phase. [Jeff Trawick]
e3efc855f9f0acc9b14bb8e9c833e0fa209068b6Mark Andrews *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
e3efc855f9f0acc9b14bb8e9c833e0fa209068b6Mark Andrews to enable stricter checking of remote server certificates.
e56c0854589d936f911e0aac2f2bf53cbc8a6af7Michał Kępień [Ruediger Pluem]
e56c0854589d936f911e0aac2f2bf53cbc8a6af7Michał Kępień *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
6727802528c27484e0d36d70f0b936022d3226e3Michał Kępień returns EINPROGRESS and a subsequent poll() returns only POLLERR.
6727802528c27484e0d36d70f0b936022d3226e3Michał Kępień Observed on HP-UX. [Eric Covener]
6727802528c27484e0d36d70f0b936022d3226e3Michał Kępień *) Remove broken support for BeOS, OS/2, TPF, and even older platforms such
4d41be5f9e86c11a6f00e2b005cfc5abae2c1ab3Mark Andrews as A/UX, Next, and Tandem. [Jeff Trawick]
bfde61d5194a534d800f3b90008d1f52261922c5Mark Andrews *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
bfde61d5194a534d800f3b90008d1f52261922c5Mark Andrews globbing characters to be retrieved instead of converted into a
bfde61d5194a534d800f3b90008d1f52261922c5Mark Andrews directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
6b56350522d18f10edbf2d3778cd0fea74e4f3d2Mark Andrews *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
6b56350522d18f10edbf2d3778cd0fea74e4f3d2Mark Andrews of module state across unload/load. [Jeff Trawick]
41caed6e2d7e9caace30e6c59f199ab6bd438f01Mark Andrews *) mod_substitute: Fix a memory leak. PR 44948
16f43564c6875e2bedd346c18c494933ad51e4faMukund Sivaraman [Dan Poirier <poirier pobox.com>]
16f43564c6875e2bedd346c18c494933ad51e4faMukund SivaramanChanges with Apache 2.3.2
16f43564c6875e2bedd346c18c494933ad51e4faMukund Sivaraman *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
72b322cde0e51c4c87df0c9e3226deac95dfb4ceMark Andrews *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
28ea558bc80f75e46d77ea0533232bb9d4e644f7Mark Andrews HTML injections and HTTP response splitting. PR 46837.
28ea558bc80f75e46d77ea0533232bb9d4e644f7Mark Andrews [Geoff Keating <geoffk apple.com>]
8ed6c49f1a7f06d3ed39bee7731ff91d8dfd8dc7Mark Andrews *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
447dfe4f115b17274eabf1087f035634e1129bb9Mark Andrews development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
6045abbc9a0d7d449a13b6fbfbf32d419b6bee96Mark Andrews *) ab: Fix maintenance of the pollset to resolve EALREADY errors
6045abbc9a0d7d449a13b6fbfbf32d419b6bee96Mark Andrews with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
f7d148398ca4511551c737e655b15f7d0d59a783Mark Andrews PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
f7d148398ca4511551c737e655b15f7d0d59a783Mark Andrews pollset implementations. [Jeff Trawick]
3a84275b10ab16965e86f6ca97e70c1bdca885a0Mark Andrews *) mod_disk_cache: The module now turns off sendfile support if
3a84275b10ab16965e86f6ca97e70c1bdca885a0Mark Andrews 'EnableSendfile off' is defined globally. [Lars Eilebrecht]
3a84275b10ab16965e86f6ca97e70c1bdca885a0Mark Andrews *) mod_deflate: Adjust content metadata before bailing out on 304
398834f7559617bdfd6c10ba555609a2f306e3d4Mark Andrews responses so that the metadata does not differ from 200 response.
398834f7559617bdfd6c10ba555609a2f306e3d4Mark Andrews [Roy T. Fielding]
398834f7559617bdfd6c10ba555609a2f306e3d4Mark Andrews *) mod_deflate: Fix creation of invalid Etag headers. We now make sure
398834f7559617bdfd6c10ba555609a2f306e3d4Mark Andrews that the Etag value is properly quoted when adding the gzip marker.
28061f80b698171892e81c0856bc722190947998Evan Hunt PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding]
28061f80b698171892e81c0856bc722190947998Evan Hunt *) Added 20x22 icons for ODF, SVG, and XML documents. PR 37185.
a785bf2c39c6f223a93c27bbff81591b38095577Mark Andrews [Peter Harlow]
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt *) Disabled DefaultType directive and removed ap_default_type()
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt from core. We now exclude Content-Type from responses for which
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt a media type has not been configured via mime.types, AddType,
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt ForceType, or some other mechanism. PR 13986. [Roy T. Fielding]
d315545e6db6792692fe2dcb788ac6717a33b75fEvan Hunt *) mod_rewrite: Add IPV6 variable to RewriteCond
d315545e6db6792692fe2dcb788ac6717a33b75fEvan Hunt [Ryan Phillips <ryan-apache trolocsis.com>]
00f131293520b70728cd48840e09953fa45a745bMark Andrews *) core: Enhance KeepAliveTimeout to support a value in milliseconds.
00f131293520b70728cd48840e09953fa45a745bMark Andrews PR 46275. [Takashi Sato]
b2e71853060a384070d422afda6d1c692ff608e3Mark Andrews *) rotatelogs: Allow size units B, K, M, G and combination of
b2e71853060a384070d422afda6d1c692ff608e3Mark Andrews time and size based rotation. [Rainer Jung]
b2e71853060a384070d422afda6d1c692ff608e3Mark Andrews *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung]
42c1acfa478aacfbda2d298cf74a137de2df4b87Michał Kępień *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508
214b53880b6d77359f60feccb91bd2589059300aEvan Hunt *) core: Translate the the status line to ASCII on EBCDIC platforms in
214b53880b6d77359f60feccb91bd2589059300aEvan Hunt ap_send_interim_response() and for locally generated "100 Continue"
dd5375de0a7a515ee4fb2fd217e9577259d38c07Mark Andrews responses. [Eric Covener]
dd5375de0a7a515ee4fb2fd217e9577259d38c07Mark Andrews *) prefork: Fix child process hang during graceful restart/stop in
3a58e1fefb0a9fd5dab11f271a320c6b90473f76Mukund Sivaraman configurations with multiple listening sockets. PR 42829. [Joe Orton,
3a58e1fefb0a9fd5dab11f271a320c6b90473f76Mukund Sivaraman Jeff Trawick]
7c67b8c2b076971e6a9f8b0db932201366f13d47Mark Andrews *) mod_session_crypto: Ensure that SessionCryptoDriver can only be
7c67b8c2b076971e6a9f8b0db932201366f13d47Mark Andrews set in the global scope. [Graham Leggett]
5aed5dc329a2bf1340e9ff2256c1cf4e3005ea0bMark Andrews *) mod_ext_filter: We need to detect failure to startup the filter
5aed5dc329a2bf1340e9ff2256c1cf4e3005ea0bMark Andrews program (a mangled response is not acceptable). Fix to detect
387f5e872d40426acbc739d2e9b2bb37c123dd56Mark Andrews failure, and offer configuration option either to abort or
8664a1bd40814ed0b42eacfc5eb354b598dfd6dfTinderbox User to remove the filter and continue.
c28e44f3f8bc46c6bf1c15cc06af0c42fcd7e924Evan Hunt PR 41120 [Nick Kew]
387f5e872d40426acbc739d2e9b2bb37c123dd56Mark Andrews *) mod_session_crypto: Rewrite the session_crypto module against the
3440cf9c60cd5d35634e7f274fd3eccbba2173a5Evan Hunt apr_crypto API. [Graham Leggett]
3440cf9c60cd5d35634e7f274fd3eccbba2173a5Evan Hunt *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest
387f5e872d40426acbc739d2e9b2bb37c123dd56Mark Andrews until the main request is cleaned up. [Graham Leggett]
541ce84ff2f0c54340da8b3e04c5686ed82420e1Mark AndrewsChanges with Apache 2.3.1
032d2134a4c1808696688db9bf6f20253e5d05b5Mark Andrews *) ap_slotmem: Add in new slot-based memory access API impl., including
032d2134a4c1808696688db9bf6f20253e5d05b5Mark Andrews 2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski,
fb9ef31fed818384ef8997f2dc5f27252c6f767eEvan Hunt Jean-Frederic Clere, Brian Akins <brian.akins turner.com>]
fb9ef31fed818384ef8997f2dc5f27252c6f767eEvan Hunt *) mod_include: support generating non-ASCII characters as entities in SSI
823ccd1f02802966395d58c916e9f988320fd6eeEvan Hunt PR 25202 [Nick Kew]
823ccd1f02802966395d58c916e9f988320fd6eeEvan Hunt *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
b6fa637fc8c92f42a21e6f97259598968717af3dEvan Hunt PR 25202 [Nick Kew]
b6fa637fc8c92f42a21e6f97259598968717af3dEvan Hunt *) mod_rewrite: fix "B" flag breakage by reverting r5589343
b6fa637fc8c92f42a21e6f97259598968717af3dEvan Hunt PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
ace5680c122ef239e64eec1120f13f5a7f087d79Mark Andrews *) CGI: return 504 (Gateway timeout) rather than 500 when a script
ace5680c122ef239e64eec1120f13f5a7f087d79Mark Andrews times out before returning status line/headers.
59d940391ce90963cd3f4b22201b3fca2ffda22aMark Andrews PR 42190 [Nick Kew]
59d940391ce90963cd3f4b22201b3fca2ffda22aMark Andrews *) mod_cgid: fix segfault problem on solaris.
6b432e11497f905a6b6f048df3e8a01ce8abbb1eMark Andrews PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
6b432e11497f905a6b6f048df3e8a01ce8abbb1eMark Andrews *) mod_proxy_scgi: Added. [André Malo]
cb9345c996de9d9c990009f14fc83fbbe9c5e3e6Mark Andrews *) mod_cache: Introduce 'no-cache' per-request environment variable
cb9345c996de9d9c990009f14fc83fbbe9c5e3e6Mark Andrews to prevent the saving of an otherwise cacheable response.
c935952ede45595a821cfed7f73b57f3b239ca2bMark Andrews [Eric Covener]
c935952ede45595a821cfed7f73b57f3b239ca2bMark Andrews *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
9604a49da0130534f2f4aaa0cbfa78b5f589196fMark Andrews way that per-directory rewrites append the previous notion of PATH_INFO
9604a49da0130534f2f4aaa0cbfa78b5f589196fMark Andrews to each substitution before evaluating subsequent rules.
9604a49da0130534f2f4aaa0cbfa78b5f589196fMark Andrews PR 38642 [Eric Covener]
da5b569ddb9b8bf84242f3085d18e215ec490fdaMark Andrews *) mod_cgid: Do not add an empty argument when calling the CGI script.
da5b569ddb9b8bf84242f3085d18e215ec490fdaMark Andrews PR 46380 [Ruediger Pluem]
c83a3061551c86bd661839be935de061f7322f5cEvan Hunt *) scoreboard: Remove unused sb_type from process_score.
c83a3061551c86bd661839be935de061f7322f5cEvan Hunt [Torsten Foertsch <torsten.foertsch gmx.net>, Chris Darroch]
ac9072210cea5283e554f1787876b647a08fda96Mark Andrews *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
ac9072210cea5283e554f1787876b647a08fda96Mark Andrews size of the buffer used for the request-body where necessary
ac9072210cea5283e554f1787876b647a08fda96Mark Andrews during a per-dir renegotiation. PR 39243. [Joe Orton]
512765ba1e3f0b29e2c1ae4b0138838c6422f2bdEvan Hunt *) mod_proxy_fdpass: New module to pass a client connection over to a separate
512765ba1e3f0b29e2c1ae4b0138838c6422f2bdEvan Hunt process that is reading from a unix daemon socket.
27a262bc4d38c7a8230677ac2685ec7a4f509f70Mark Andrews *) mod_ssl: Improve environment variable extraction to be more
27a262bc4d38c7a8230677ac2685ec7a4f509f70Mark Andrews efficient and to correctly handle DNs with duplicate tags.
27a262bc4d38c7a8230677ac2685ec7a4f509f70Mark Andrews PR 45975. [Joe Orton]
3b38e4b8344cb3bb28f2b116d2e39f8371ef8e34Mukund Sivaraman *) Remove the obsolete serial attribute from the RPM spec file. Compile
3b38e4b8344cb3bb28f2b116d2e39f8371ef8e34Mukund Sivaraman against the external pcre. Add missing binaries fcgistarter, and
3b38e4b8344cb3bb28f2b116d2e39f8371ef8e34Mukund Sivaraman mod_socache* and mod_session*. [Graham Leggett]
3b38e4b8344cb3bb28f2b116d2e39f8371ef8e34Mukund SivaramanChanges with Apache 2.3.0
0d24df5c0b2f9546f403113df8ac4457223bc92fEvan Hunt *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
0d24df5c0b2f9546f403113df8ac4457223bc92fEvan Hunt *) Remove X-Pad header which was added as a work around to a bug in
7c1c9b4dcd9efa507cdb58d3d83e99ab4836096dMark Andrews Netscape 2.x to 4.0b2. [Takashi Sato <takashi lans-tv.com>]
7c1c9b4dcd9efa507cdb58d3d83e99ab4836096dMark Andrews *) Add DTrace Statically Defined Tracing (SDT) probes.
9689922a0d936b04feb418fbaf4c1420f745ea58Mark Andrews [Theo Schlossnagle <jesus omniti.com>, Paul Querna]
9689922a0d936b04feb418fbaf4c1420f745ea58Mark Andrews *) mod_proxy_balancer: Move all load balancing implementations
02989eceeff85cd6c5dd31848a12674f74bba7cfEvan Hunt as individual, self-contained mod_proxy submodules under
34f649fa22a16acb488ccf0f8a41d541c6ba7da1Evan Hunt *) Rename APIs to include ap_ prefix:
34f649fa22a16acb488ccf0f8a41d541c6ba7da1Evan Hunt find_child_by_pid -> ap_find_child_by_pid
34f649fa22a16acb488ccf0f8a41d541c6ba7da1Evan Hunt suck_in_APR -> ap_suck_in_APR
34f649fa22a16acb488ccf0f8a41d541c6ba7da1Evan Hunt sys_privileges_handlers -> ap_sys_privileges_handlers
8b9c4592ed718c4187971f1104381faf538bf4f7Evan Hunt unixd_accept -> ap_unixd_accept
8b9c4592ed718c4187971f1104381faf538bf4f7Evan Hunt unixd_config -> ap_unixd_config
8b9c4592ed718c4187971f1104381faf538bf4f7Evan Hunt unixd_killpg -> ap_unixd_killpg
8b9c4592ed718c4187971f1104381faf538bf4f7Evan Hunt unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
264e17e73941059877ccf3c96f26aac15a25500bMukund Sivaraman unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
264e17e73941059877ccf3c96f26aac15a25500bMukund Sivaraman unixd_set_rlimit -> ap_unixd_set_rlimit
264e17e73941059877ccf3c96f26aac15a25500bMukund Sivaraman [Paul Querna]
9a8b2b3ab35fbbdf03acba32dade90ad91f75742Mukund Sivaraman *) core: When the ap_http_header_filter processes an error bucket, cleanup
9a8b2b3ab35fbbdf03acba32dade90ad91f75742Mukund Sivaraman the passed brigade before returning AP_FILTER_ERROR down the filter
9a8b2b3ab35fbbdf03acba32dade90ad91f75742Mukund Sivaraman chain. This unambiguously ensures the same error bucket isn't revisited
eeb16584fbd3564136cb4c950fc5e1b54690de68Mukund Sivaraman [Ruediger Pluem]
eeb16584fbd3564136cb4c950fc5e1b54690de68Mukund Sivaraman *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
eeb16584fbd3564136cb4c950fc5e1b54690de68Mukund Sivaraman based on heartbeats. [Paul Querna]
9540b42695c15fdd5f01b4c663e21936e6c38c82Mukund Sivaraman *) mod_heartmonitor: New module to collect heartbeats, and write out a file
9540b42695c15fdd5f01b4c663e21936e6c38c82Mukund Sivaraman so that other modules can load balance traffic as needed. [Paul Querna]
9540b42695c15fdd5f01b4c663e21936e6c38c82Mukund Sivaraman *) mod_heartbeat: New module to generate multicast heartbeats to know if a
9540b42695c15fdd5f01b4c663e21936e6c38c82Mukund Sivaraman server is online. [Paul Querna]
fec9247b8f1ab52e999643ae03f0550387ec359fMukund Sivaraman *) core: Error responses set by filters were being coerced into 500 errors,
fec9247b8f1ab52e999643ae03f0550387ec359fMukund Sivaraman sometimes appended to the original error response. Log entry of:
fec9247b8f1ab52e999643ae03f0550387ec359fMukund Sivaraman 'Handler for (null) returned invalid result code -3'
fec9247b8f1ab52e999643ae03f0550387ec359fMukund Sivaraman [Eric Covener]
0d7548ee341c83c540624a423e2c701b6e9ddc4eEvan Hunt *) mod_buffer: Honour the flush bucket and flush the buffer in the
0d7548ee341c83c540624a423e2c701b6e9ddc4eEvan Hunt input filter. Make sure that metadata buckets are written to
2883bbaef3b2b712acfb89358f5a9c7ebb62733bEvan Hunt the buffer, not to the final brigade. [Graham Leggett]
527163f0e5e8639bcceb7fe52387285042f5b24cEvan Hunt *) mod_buffer: Optimise the buffering of heap buckets when the heap
62a6147e51fd1ccb9ec1c1b6c97b6e9b9ef1f002Evan Hunt buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
62a6147e51fd1ccb9ec1c1b6c97b6e9b9ef1f002Evan Hunt Ruediger Pluem]
4c432aae90bc9b220725ca7df5a6af40cf4c74b3Mark Andrews *) mod_buffer: Optional support for buffering of the input and output
4c432aae90bc9b220725ca7df5a6af40cf4c74b3Mark Andrews filter stacks. Can collapse many small buckets into fewer larger
4c432aae90bc9b220725ca7df5a6af40cf4c74b3Mark Andrews buckets, and prevents excessively small chunks being sent over
3195754154292f0651c195433607696a259a98e2Evan Hunt the wire. [Graham Leggett]
911576956388270fe2401fbf9236d8879d2795e9Evan Hunt *) mod_privileges: new module to make httpd on Solaris privileges-aware
911576956388270fe2401fbf9236d8879d2795e9Evan Hunt and to enable different virtualhosts to run with different
911576956388270fe2401fbf9236d8879d2795e9Evan Hunt privileges and Unix user/group IDs [Nick Kew]
fd0d60b3a0139c040fedb0bb765fd9667831412eMark Andrews *) mod_mem_cache: this module has been removed. [William Rowe]
fd0d60b3a0139c040fedb0bb765fd9667831412eMark Andrews *) authn/z: Remove mod_authn_default and mod_authz_default.
3001a1b4e6298466882a4147307b4c28a3b08f91Mark Andrews [Chris Darroch]
3001a1b4e6298466882a4147307b4c28a3b08f91Mark Andrews *) authz: Fix handling of authz configurations, make default authz
1bce43adcc11d21afaf645cbe466553aabc725b2Mark Andrews logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
1bce43adcc11d21afaf645cbe466553aabc725b2Mark Andrews and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
da4823c08a9a41e7b5ff1f3a83c80007f60fd21cMark Andrews directives. [Chris Darroch]
da4823c08a9a41e7b5ff1f3a83c80007f60fd21cMark Andrews *) mod_authn_core: Prevent crash when provider alias created to
52cae869e0296713b764f6065bdad80832d4c493Mark Andrews provider which is not yet registered. [Chris Darroch]
52cae869e0296713b764f6065bdad80832d4c493Mark Andrews *) mod_authn_core: Add AuthType of None to support disabling
403e7b451207fe6514a5d641562713b1af233b9cEvan Hunt authentication. [Chris Darroch]
403e7b451207fe6514a5d641562713b1af233b9cEvan Hunt *) core: Allow <Limit> and <LimitExcept> directives to nest, and
62b5dd5b09cb575281f8193476b58a4bd9870fc9Evan Hunt constrain their use to conform with that of other access control
62b5dd5b09cb575281f8193476b58a4bd9870fc9Evan Hunt and authorization directives. [Chris Darroch]
7fcbbd6fa9ed199cf6947bb6b204da5438211faaMark Andrews *) unixd: turn existing code into a module, and turn the set user/group
8c31a25f3ff5d6783c7add7c887e52f7031d173dMark Andrews and chroot into a child_init function. [Nick Kew]
8c31a25f3ff5d6783c7add7c887e52f7031d173dMark Andrews *) core: Add ap_timeout_parameter_parse to public API. [Ruediger Pluem]
3be4330b77e6de0c6aa7cca74c1ae17fc661ac32Tinderbox User *) mod_dir: Support "DirectoryIndex disabled"
8bcd80824c51c802c2927236b012cd526f569b04Mark Andrews Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
7fcbbd6fa9ed199cf6947bb6b204da5438211faaMark Andrews *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
7fcbbd6fa9ed199cf6947bb6b204da5438211faaMark Andrews OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
559cbe04e73cf601784a371e09554c20407a6c7bEvan Hunt *) Export and install the mod_rewrite.h header to ensure the optional
559cbe04e73cf601784a371e09554c20407a6c7bEvan Hunt rewrite_mapfunc_t and ap_register_rewrite_mapfunc functions are
559cbe04e73cf601784a371e09554c20407a6c7bEvan Hunt available to third party modules. [Graham Leggett]
6ef61e764583887172e27c3bc681e36cfa27b469Mark Andrews *) mod_authnz_ldap: don't return NULL-valued environment variables to
94a94fca2444bb18b4bf74d6c5dbcbb89f139237Mark Andrews other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
b81977ae70138c9befd8fa4bb66b6145e1986561Mark Andrews *) Don't adjust case in pathname components that are not of interest
43769594c0e42e9822ef71daee8bbf35252d9300Evan Hunt to mod_mime. Fixes mod_negotiation's use of such components.
43769594c0e42e9822ef71daee8bbf35252d9300Evan Hunt PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
9ecedaea58defeadaf54dfc1211270653e0657ceMark Andrews *) Be tolerant in what you accept - accept slightly broken
fc8c8966c906b305cb8b416a8f23f21abf103b7fEvan Hunt status lines from a backend provide they include a valid status code.
fc8c8966c906b305cb8b416a8f23f21abf103b7fEvan Hunt *) New module mod_sed: filter Request/Response bodies through sed
07b7a3eadeda94eddd50977c9582dae2f955b638Evan Hunt *) mod_auth_form: Make sure that basic authentication is correctly
07b7a3eadeda94eddd50977c9582dae2f955b638Evan Hunt faked directly after login. [Graham Leggett]
85a26f938eac3e147a48f671f6a6b5ee9cd1767dEvan Hunt *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
85a26f938eac3e147a48f671f6a6b5ee9cd1767dEvan Hunt within the output headers and error output headers, so that the
4901f2c10b4393fd4407c8feb022c3415ab323c7Mark Andrews session is maintained across redirects. [Graham Leggett]
4901f2c10b4393fd4407c8feb022c3415ab323c7Mark Andrews *) mod_auth_form: Make sure the logged in user is populated correctly
8e9dbb62224ce4d7342b0e7db96cf31e415aaaf0Evan Hunt after a form login. Fixes a missing REMOTE_USER variable directly
8e9dbb62224ce4d7342b0e7db96cf31e415aaaf0Evan Hunt following a login. [Graham Leggett]
8e9dbb62224ce4d7342b0e7db96cf31e415aaaf0Evan Hunt *) mod_session_cookie: Make sure that cookie attributes are correctly
b5ad0916242ca4ce3f053efe78c1725dce996717Mark Andrews included in the blank cookie when cookies are removed. This fixes an
b5ad0916242ca4ce3f053efe78c1725dce996717Mark Andrews inability to log out when using mod_auth_form. [Graham Leggett]
da23e32e410eb9b106ae926858140303bfd1d96fMark Andrews *) mod_autoindex: add configuration option to insert string
da23e32e410eb9b106ae926858140303bfd1d96fMark Andrews in HTML HEAD. [Nick Kew]
18ab9a0a34ea025a6bbb09b711b00cfa11eec1b5Evan Hunt *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
18ab9a0a34ea025a6bbb09b711b00cfa11eec1b5Evan Hunt null value. [David Shane Holden <dpejesh apache.org>]
c742ef745e1f3400b79c9df3d188896ccbb50f15Evan Hunt *) mod_headers: Prevent Header edit from processing only the first header
832f5803f69f4548ba3777f8b5741768bbbf5f75Mark Andrews of possibly multiple headers with the same name and deleting the
5688a47c152def63dd2f5fb9a93911a0df46162eTinderbox User remaining ones. PR 45333. [Ruediger Pluem]
832f5803f69f4548ba3777f8b5741768bbbf5f75Mark Andrews *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
4441328a1d38bbb2ec20a0a219b84d472312da26Mark Andrews [Tom Donovan]
4441328a1d38bbb2ec20a0a219b84d472312da26Mark Andrews *) core, authn/z: Determine registered authn/z providers directly in
f2e8131f508ca9c92bf7601c80db3c9e1d3bc4ebMark Andrews ap_setup_auth_internal(), which allows optional functions that just
22e3ffcf2c52114092b2dbdf2bc1872371c96192Mark Andrews wrapped ap_list_provider_names() to be removed from authn/z modules.
22e3ffcf2c52114092b2dbdf2bc1872371c96192Mark Andrews [Chris Darroch]
7bcba68b9510908c07d6c2568faca06629511660Mark Andrews *) authn/z: Convert common provider version strings to macros.
7bcba68b9510908c07d6c2568faca06629511660Mark Andrews [Chris Darroch]
2cee8eadec6545fb0ce10fb8c1d7b60870ec2fb4Mark Andrews *) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
2cee8eadec6545fb0ce10fb8c1d7b60870ec2fb4Mark Andrews *) configure: Don't reject libtool 2.x
81df1363fbd13f3a80987704c23e14413e6f1d2aMark Andrews PR 44817 [Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA gmail.com>]
81df1363fbd13f3a80987704c23e14413e6f1d2aMark Andrews *) core: When testing for slash-terminated configuration paths in
08397f5b6ca783a8c55f48b827201b75c3fca4bfMark Andrews ap_location_walk(), don't look past the start of an empty string
08397f5b6ca783a8c55f48b827201b75c3fca4bfMark Andrews such as that created by a <Location ""> directive.
08397f5b6ca783a8c55f48b827201b75c3fca4bfMark Andrews [Chris Darroch]
e63d63dc8510c669e1575b2762265842e8783822Evan Hunt *) core, mod_proxy: If a kept_body is present, it becomes safe for
e63d63dc8510c669e1575b2762265842e8783822Evan Hunt subrequests to support message bodies. Make sure that safety
f5c17a057fc5974bb51d7bc8c5827a7fd6dc9aeeEvan Hunt checks within the core and within the proxy are not triggered
f5c17a057fc5974bb51d7bc8c5827a7fd6dc9aeeEvan Hunt when kept_body is present. This makes it possible to embed
f5c17a057fc5974bb51d7bc8c5827a7fd6dc9aeeEvan Hunt proxied POST requests within mod_include. [Graham Leggett]
d6080de9be23024f5f7a1e40d0cb06df94cdcb72Mark Andrews *) mod_auth_form: Make sure the input filter stack is properly set
2a2618356ecdf5962230fe11606d2b106a638295Tinderbox User up before reading the login form. Make sure the kept body filter
6649db1ca4f3dc2d14f41f77e03867ac013215f9Evan Hunt is correctly inserted to ensure the body can be read a second
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk time safely should the authn be successful. [Graham Leggett,
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk Ruediger Pluem]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk *) mod_request: Insert the KEPT_BODY filter via the insert_filter
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk hook instead of during fixups. Add a safety check to ensure the
6b45fd062bbcf2986078bf25b2b617b844a9fde4Mark Andrews filters cannot be inserted more than once. [Graham Leggett,
6b45fd062bbcf2986078bf25b2b617b844a9fde4Mark Andrews Ruediger Pluem]
6b45fd062bbcf2986078bf25b2b617b844a9fde4Mark Andrews *) core: Do not allow Options ALL if not all options are allowed to be
72cae054ad81a985f1e0023f9ff92b6ff1872183Mark Andrews overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
72cae054ad81a985f1e0023f9ff92b6ff1872183Mark Andrews *) ap_cache_cacheable_headers_out() will (now) always
f1e3dd087b7ce34382df8354efddaae79caa11b7Mark Andrews merge an error headers _before_ clearing them and _before_
f1e3dd087b7ce34382df8354efddaae79caa11b7Mark Andrews merging in the actual entity headers and doing normal
f1e3dd087b7ce34382df8354efddaae79caa11b7Mark Andrews hop-by-hop cleansing. [Dirk-Willem van Gulik].
23ac7e663494ffdfd78b52d1a0a62d93f0d30d93Mark Andrews *) cache: retire ap_cache_cacheable_hdrs_out() which was used
23ac7e663494ffdfd78b52d1a0a62d93f0d30d93Mark Andrews for both in- and out-put headers; and replace it by a single
458e816ed08044cfe82c89fecd38bce540b23ff0Mark Andrews ap_cache_cacheable_headers() wrapped in a in- and out-put
458e816ed08044cfe82c89fecd38bce540b23ff0Mark Andrews specific ap_cache_cacheable_headers_in()/out(). The latter
458e816ed08044cfe82c89fecd38bce540b23ff0Mark Andrews which will also merge error and ensure content-type. To keep
b1ab6766f7cf3d2c189b415c50cc574d9b21a9a2Mark Andrews cache modules consistent with ease. This API change bumps
d84a356d4b122d9a50dbca6776c820f5e59ec44dMark Andrews up the minor MM by one [Dirk-Willem van Gulik].
bc2510a6a5e406bdef580452e6ae3e1298a7d1d6Mark Andrews *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
bc2510a6a5e406bdef580452e6ae3e1298a7d1d6Mark Andrews PR 44799 [Christian Wenz <christian wenz.org>]
1160ea4c2847b276946cf6bd00504929ec4f6e44Mark Andrews *) Move the KeptBodySize directive, kept_body filters and the
1160ea4c2847b276946cf6bd00504929ec4f6e44Mark Andrews ap_parse_request_body function out of the http module and into a
348d80fb8490f4547aaa569e5f7ea2a032543bacMark Andrews new module called mod_request, reducing the size of the core.
348d80fb8490f4547aaa569e5f7ea2a032543bacMark Andrews [Graham Leggett]
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews *) mod_dbd: Handle integer configuration directive parameters with a
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews dedicated function.
f6f3264d8c81cda5d489e29d2141f1a92fbe4c84Mark Andrews *) Change the directives within the mod_session* modules to be valid
f6f3264d8c81cda5d489e29d2141f1a92fbe4c84Mark Andrews both inside and outside the location/directory sections, as
f6f3264d8c81cda5d489e29d2141f1a92fbe4c84Mark Andrews suggested by wrowe. [Graham Leggett]
960989925556246cc86f1905a5d62e6b0b69dc02Mark Andrews *) mod_auth_form: Add a module capable of allowing end users to log
960989925556246cc86f1905a5d62e6b0b69dc02Mark Andrews in using an HTML form, storing the credentials within mod_session.
960989925556246cc86f1905a5d62e6b0b69dc02Mark Andrews [Graham Leggett]
d77cab69bf9676f828c48c217828a25e8ba41c63Mark Andrews *) Add a function to the http filters that is able to parse an HTML
d77cab69bf9676f828c48c217828a25e8ba41c63Mark Andrews form request with the type of application/x-www-form-urlencoded.
d77cab69bf9676f828c48c217828a25e8ba41c63Mark Andrews [Graham Leggett]
f1b29d8428362842c429157b4925e529463eab4cEvan Hunt *) mod_session_crypto: Initialise SSL in the post config hook.
f1b29d8428362842c429157b4925e529463eab4cEvan Hunt [Ruediger Pluem, Graham Leggett]
d0c5ff7f65a08e2ccc9bc06e0ef9f61e36875b50Mark Andrews *) mod_session_dbd: Add a session implementation capable of storing
d0c5ff7f65a08e2ccc9bc06e0ef9f61e36875b50Mark Andrews session information in a SQL database via the dbd interface. Useful
83a28ca274521e15086fc39febde507bcc4e145eMark Andrews for sites where session privacy is important. [Graham Leggett]
1585a9f239969a65b974ff741ff2a7a79b148891Evan Hunt *) mod_session_crypto: Add a session encoding implementation capable
47071b7310bd6d4d12169c336faac72c8c3d9ecfMark Andrews of encrypting and decrypting sessions wherever they may be stored.
1585a9f239969a65b974ff741ff2a7a79b148891Evan Hunt Introduces a level of privacy when sessions are stored on the
2fb4184d9d55a6b8709356144730e323e265d58fEvan Hunt browser. [Graham Leggett]
2fb4184d9d55a6b8709356144730e323e265d58fEvan Hunt *) mod_session_cookie: Add a session implementation capable of storing
5be93f5dff21fa067f52065e3521b7d82f32c779Mark Andrews session information within cookies on the browser. Useful for high
5be93f5dff21fa067f52065e3521b7d82f32c779Mark Andrews volume sites where server bound sessions are too resource intensive.
5be93f5dff21fa067f52065e3521b7d82f32c779Mark Andrews [Graham Leggett]
6ae22c411920be5f5fd1780ac0cd44cbb21b144aMukund Sivaraman *) mod_session: Add a generic session interface to unify the different
6ae22c411920be5f5fd1780ac0cd44cbb21b144aMukund Sivaraman attempts at saving persistent sessions across requests.
74d98566ed6a2280ea84d146e7c81275f1c5649dMark Andrews [Graham Leggett]
74d98566ed6a2280ea84d146e7c81275f1c5649dMark Andrews *) core, authn/z: Avoid calling access control hooks for internal requests
1c89e89eaf761c378fd48bfd1c4abf1b5ad026e9Evan Hunt with configurations which match those of initial request. Revert to
1c89e89eaf761c378fd48bfd1c4abf1b5ad026e9Evan Hunt original behaviour (call access control hooks for internal requests
1c89e89eaf761c378fd48bfd1c4abf1b5ad026e9Evan Hunt with URIs different from initial request) if any access control hooks or
b1ab6766f7cf3d2c189b415c50cc574d9b21a9a2Mark Andrews providers are not registered as permitting this optimization.
0c2d891abeb2b35e290ca9da29e1227110b5be23Mark Andrews Introduce wrappers for access control hook and provider registration
0c2d891abeb2b35e290ca9da29e1227110b5be23Mark Andrews which can accept additional mode and flag data. [Chris Darroch]
fd017eea638d690b6a90c4d2a3f2ebe51c472173Mark Andrews *) Introduced ap_expr API for expression evaluation.
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews This is adapted from mod_include, which is the first module
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews to use the new API.
6ef1cdec9a52a21a3db649817184702abfe6dd95Mark Andrews *) mod_authz_dbd: When redirecting after successful login/logout per
6ef1cdec9a52a21a3db649817184702abfe6dd95Mark Andrews AuthzDBDRedirectQuery, do not report authorization failure, and use
6ef1cdec9a52a21a3db649817184702abfe6dd95Mark Andrews first row returned by database query instead of last row.
294ef74e5ad68d898207c4fb36d8b18d526a11f6Curtis Blackburn [Chris Darroch]
294ef74e5ad68d898207c4fb36d8b18d526a11f6Curtis Blackburn *) mod_ldap: Correctly return all requested attribute values
fe6557e5901162308e716791077ace6811728242Mark Andrews when some attributes have a null value.
fe6557e5901162308e716791077ace6811728242Mark Andrews PR 44560 [Anders Kaseorg <anders kaseorg.com>]
21e5f9c5cdb3052f282e3dbdc2dc47f29cfe1187Mark Andrews *) core: check symlink ownership if both FollowSymlinks and
21e5f9c5cdb3052f282e3dbdc2dc47f29cfe1187Mark Andrews SymlinksIfOwnerMatch are set [Nick Kew]
4df43743ab1ef4bad2b96840a7b2b9c77bc82bc2Mark Andrews *) core: fix origin checking in SymlinksIfOwnerMatch
4df43743ab1ef4bad2b96840a7b2b9c77bc82bc2Mark Andrews PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
60c47284e4d752ccefa57f47b61a9c82899f3297Mark Andrews *) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the
701aa95d9605fd6ad25b60dfd38d05a1942ee147Mark Andrews 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
701aa95d9605fd6ad25b60dfd38d05a1942ee147Mark Andrews mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
701aa95d9605fd6ad25b60dfd38d05a1942ee147Mark Andrews *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these
701aa95d9605fd6ad25b60dfd38d05a1942ee147Mark Andrews contain public function declarations which are useful for
7a3d063847290b204dfcedaef7288033c8424bfbEvan Hunt third party module authors. PR 42431 [Dirk-Willem van Gulik].
7a3d063847290b204dfcedaef7288033c8424bfbEvan Hunt *) mod_dir, mod_negotiation: pass the output filter information
b243aa40f97cb2f77fbe746977d61f0a8c2e9194Mark Andrews to newly created sub requests; as these are later on used
b243aa40f97cb2f77fbe746977d61f0a8c2e9194Mark Andrews as true requests with an internal redirect. This allows for
b243aa40f97cb2f77fbe746977d61f0a8c2e9194Mark Andrews mod_cache et.al. to trap the results of the redirect.
b243aa40f97cb2f77fbe746977d61f0a8c2e9194Mark Andrews [Dirk-Willem van Gulik, Ruediger Pluem]
6db55b4ff9b099bc8d6621f6e13ec1f087d35e04Mark Andrews *) mod_ldap: Add support (taking advantage of the new APR capability)
6db55b4ff9b099bc8d6621f6e13ec1f087d35e04Mark Andrews for ldap rebind callback while chasing referrals. This allows direct
2ac8829a8a7ce2f5fbcf006c3bf6c5a6c821abf3Mark Andrews searches on LDAP servers (in particular MS Active Directory 2003+)
2ac8829a8a7ce2f5fbcf006c3bf6c5a6c821abf3Mark Andrews using referrals without the use of the global catalog.
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrews PRs 26538, 40268, and 42557 [Paul J. Reder]
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrews *) mod_ssl: Added server name indication support (SNI, RFC 4366).
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrews PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
d9b96d0a42a70c1a43415dcbe0f8872b84d76a13Evan Hunt can be created with test/make_sni.sh [Dirk-Willem van Gulik].
3d0f9f8cca44ba9f1972de9e3fcabe6b70b5a33bMark Andrews *) ApacheMonitor.exe: Introduce --kill argument for use by the
8a5809527e6c85e39699901712a455d5480907c1Evan Hunt installer. This will permit the installation tool to remove
bd19cef22382906a11fb6f1ffdef11038e432bcaMark Andrews all running instances before attempting to remove the .exe.
bd19cef22382906a11fb6f1ffdef11038e432bcaMark Andrews [William Rowe]
a0e34c90eaf2464c6ef7c46c75c2df2dcb152293Mark Andrews *) mod_ssl: Add support for OCSP validation of client certificates.
a0e34c90eaf2464c6ef7c46c75c2df2dcb152293Mark Andrews PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton]
669e108d6753b27a9745cc506193a9e0b32d217cEvan Hunt *) mod_serf: New module for Reverse Proxying. [Paul Querna]
669e108d6753b27a9745cc506193a9e0b32d217cEvan Hunt *) core: Add the option to keep aside a request body up to a certain
45fd95544cd650a8e6a0fc39b656d1109b811ac0Evan Hunt size that would otherwise be discarded, to be consumed by filters
45fd95544cd650a8e6a0fc39b656d1109b811ac0Evan Hunt such as mod_include. When enabled for a directory, POST requests
45fd95544cd650a8e6a0fc39b656d1109b811ac0Evan Hunt to shtml files can be passed through to embedded scripts as POST
76af83c9adb772f7b045c62cf8b411165bfaa5efMark Andrews requests, rather being downgraded to GET requests. [Graham Leggett]
6552f33198438390724c5823b8dbcf477ec9638cEvan Hunt *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
6552f33198438390724c5823b8dbcf477ec9638cEvan Hunt *) scoreboard: Correctly declare ap_time_process_request.
9e0cd8be9aa2b24fa373fe227c5eaf5641ac62f4Mark Andrews *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
fb9cdee4af778c5e53fc9e25f15364f5bbd2dae3Mark Andrews from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
2a1860ad83294da4abe34a72bdb6f5a28b87f2efMark Andrews provide the unusual legacy lookup. [William Rowe]
de6469b663b55aacd19bdcdd925ce381f0c4b4dfMark Andrews *) mpm winnt: fix null pointer dereference
de6469b663b55aacd19bdcdd925ce381f0c4b4dfMark Andrews PR 42572 [Davi Arnaut]
b1ab6766f7cf3d2c189b415c50cc574d9b21a9a2Mark Andrews *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
d389069a397c99347b5b281f90577e19e7662b03Mark Andrews parameters to the environment. Improve portability to
d389069a397c99347b5b281f90577e19e7662b03Mark Andrews EBCDIC machines by using apr_toupper(). [Martin Kraemer]
fd2f4551d9498e1dce8e44a24e5e886ef2aa75cbMark Andrews *) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
fd2f4551d9498e1dce8e44a24e5e886ef2aa75cbMark Andrews to authorize an authenticated user via a "require ldap-group X" directive
fd2f4551d9498e1dce8e44a24e5e886ef2aa75cbMark Andrews where the user is not in group X, but is in a subgroup contained in X.
c5e8808e35310eddfd99398198660a3eb37ac51eMark Andrews PR 42891 [Paul J. Reder]
7c66fc970082f2f8b4a7ae1bbfca3531ab6798b4Mark Andrews *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
32f4f500a5dfa77631217a390f3cd616827cab18Mukund Sivaraman *) mod_ldap: Fix the search limit parameter to ldap_search_ext_s()
7c66fc970082f2f8b4a7ae1bbfca3531ab6798b4Mark Andrews for SDKs that define LDAP_NO_LIMIT to something other than -1.
2a80bc01530013293016172b1dcc1d12471ccf33Mark Andrews [David Jones <oscaremma gmail.com>]
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki *) apxs: Enhance -q flag to print all known variables and their values
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki when invoked without variable name(s).
3fe7c625ff1d4477806e5ecd700c5917ba2d7b90Mark Andrews [William Rowe, Sander Temme]
2bbab60f504e4cd905080d42eae5cc8fe62599cbMark Andrews *) apxs: Eliminate run-time check for mod_so. PR 40653.
3fe7c625ff1d4477806e5ecd700c5917ba2d7b90Mark Andrews [David M. Lee <dmlee crossroads.com>]
0b612b420df38f1b2f1ba19df727f77a492f08a7Mark Andrews *) beos MPM: Create pmain pool and run modules' child_init hooks when
3fe7c625ff1d4477806e5ecd700c5917ba2d7b90Mark Andrews entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
802e0662ef6041078cb7bad4cdb197a295eab770Mark Andrews [Chris Darroch]
802e0662ef6041078cb7bad4cdb197a295eab770Mark Andrews *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
3fe7c625ff1d4477806e5ecd700c5917ba2d7b90Mark Andrews cleanups registered in modules' child_init hooks are performed.
af9b975ccc2f0e6d82a4dfc2daa6cedfc5f4bdc2Mark Andrews [Chris Darroch]
af9b975ccc2f0e6d82a4dfc2daa6cedfc5f4bdc2Mark Andrews *) mod_dbd: Stash DBD connections in request_config of initial request
94694e720a911a38b01ff5036c01d883b3c9cbb1Evan Hunt only, or else sub-requests and internal redirections may cause
94694e720a911a38b01ff5036c01d883b3c9cbb1Evan Hunt entire DBD pool to be stashed in a single HTTP request. [Chris Darroch]
538c6bd3f15c6f525972e2226708805dbab03240Mark Andrews *) Fix issue which could cause error messages to be written to access logs
ef1e2f790639e187d2286292f25593ad7c6c2391Witold Krecicki on Win32. PR 40476. [Tom Donovan <Tom.Donovan acm.org>]
e8fab79146fe8010728513f4458cfd2f4d8bd48bWitold Krecicki *) The LockFile directive, which specifies the location of
c034b72ba147e86ec40816fdf0cfb19c9ed7f1d6Witold Krecicki the accept() mutex lockfile, is deprecated. Instead, the
c034b72ba147e86ec40816fdf0cfb19c9ed7f1d6Witold Krecicki AcceptMutex directive now takes an optional lockfile
7d238ed0c71ca817fd1582295c6027c6b925af51Mark Andrews location parameter, ala SSLMutex. [Jim Jagielski]
82a50a619afa73ae9a212399505b9f1b327128cdMark Andrews *) mod_authn_dbd: Export any additional columns queried in the SQL select
82a50a619afa73ae9a212399505b9f1b327128cdMark Andrews into the environment with the name AUTHENTICATE_<COLUMN>. This brings
82a50a619afa73ae9a212399505b9f1b327128cdMark Andrews mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
2f1c460beaa1e372255e7a1b8aad8996f011816dMark Andrews *) mod_dbd: Key the storage of prepared statements on the hex string
9ee66e3a5b45654235472711439f9db1766c82caMark Andrews value of server_rec, rather than the server name, as the server name
9ee66e3a5b45654235472711439f9db1766c82caMark Andrews may change (eg when the server name is set) at any time, causing
af9b975ccc2f0e6d82a4dfc2daa6cedfc5f4bdc2Mark Andrews weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
9ee66e3a5b45654235472711439f9db1766c82caMark Andrews *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
8b2b41ba4f8cabed897f2d852a6c07abfb23231eMark Andrews *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
47f8b47b8df05aade51e35b31c3df46fb121a098Mark Andrews the first bucket from the brigade, finds it not to be a FILE
47f8b47b8df05aade51e35b31c3df46fb121a098Mark Andrews bucket and barfs. The fix is to pass a bucket rather than a brigade.
fcadf0b3205be950da14c80fedbf088fc8fd2190Evan Hunt [Niklas Edmundsson <nikke acc.umu.se>]
fcadf0b3205be950da14c80fedbf088fc8fd2190Evan Hunt *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
fcadf0b3205be950da14c80fedbf088fc8fd2190Evan Hunt *) ap_get_server_version() has been removed. Third-party modules must
47f8b47b8df05aade51e35b31c3df46fb121a098Mark Andrews now use ap_get_server_banner() or ap_get_server_description().
47f8b47b8df05aade51e35b31c3df46fb121a098Mark Andrews [Jeff Trawick]
d9a713819621972af4f90dfaa9e2bc72aad54d48Mark Andrews *) All MPMs: Introduce a check_config phase between pre_config and
8269f06a0fdaf5f4f03ffb20a3c0effd557c794cMark Andrews open_logs, to allow modules to review interdependent configuration
db9781d4a2ed15c4b34bb5c97ea68b8f598992fcMark Andrews directive values and adjust them while messages can still be logged
db9781d4a2ed15c4b34bb5c97ea68b8f598992fcMark Andrews to the console. Handle relevant MPM directives during this phase
6f2752da7a1036cd59be17236ca66630d00f11cdMukund Sivaraman and format messages for both the console and the error log, as
6f2752da7a1036cd59be17236ca66630d00f11cdMukund Sivaraman appropriate. [Chris Darroch]
f0244761611dc4d0f80b36c0c0ccdb26fa6cf830Mark Andrews *) mod_proxy: don't URLencode tilde in path component
f0244761611dc4d0f80b36c0c0ccdb26fa6cf830Mark Andrews [Stijn Hoop <stijn sandcat.nl>]
48ec547968d7da5b1240222c53a90efce25157a2Mark Andrews *) mpm_winnt: Fix return values from wait_for_many_objects.
48ec547968d7da5b1240222c53a90efce25157a2Mark Andrews The return value is index to the signaled thread in the
48ec547968d7da5b1240222c53a90efce25157a2Mark Andrews creted_threads array. We can not use WAIT_TIMEOUT because
095c47be5456c17087d7b39dfc97ebee65e0dfbbMark Andrews his value is defined as 258, thus limiting the MaxThreads
095c47be5456c17087d7b39dfc97ebee65e0dfbbMark Andrews to that value. [Mladen Turk]
178dc0e1d617a6ef6387e9942ba9cdb370d1bde2Mark Andrews *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
178dc0e1d617a6ef6387e9942ba9cdb370d1bde2Mark Andrews to circumvent the symbolic link checks imposed by FollowSymLinks and
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
e51ba2650025460b26092fb2500e0b6dfbf6d548Mark Andrews configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
e51ba2650025460b26092fb2500e0b6dfbf6d548Mark Andrews The default is none as this is far greater debugging resolution than
e51ba2650025460b26092fb2500e0b6dfbf6d548Mark Andrews the typical administrator is prepared to untangle. [William Rowe]
143526179e5965921e1bd17a4759c3993854b4f4Mark Andrews *) mod_disk_cache: If possible, check if the size of an object to cache is
15bee593e70faca91a00331184fbbbc66080d422Mark Andrews within the configured boundaries before actually saving data.
15bee593e70faca91a00331184fbbbc66080d422Mark Andrews [Niklas Edmundsson <nikke acc.umu.se>]
af326c2e3f90d86a8966a1298d7aa157667f97cdEvan Hunt *) mod_disk_cache: Delete temporary files if they cannot be renamed to their
af326c2e3f90d86a8966a1298d7aa157667f97cdEvan Hunt final name. [Davi Arnaut <davi haxent.com.br>]
af326c2e3f90d86a8966a1298d7aa157667f97cdEvan Hunt *) Worker and event MPMs: Remove improper scoreboard updates which were
ce786900292468e465fb74df8712a625ce10e103Mukund Sivaraman performed in the event of a fork() failure. [Chris Darroch]
ce786900292468e465fb74df8712a625ce10e103Mukund Sivaraman *) Add support for fcgi:// proxies to mod_rewrite.
d102ab1b847716b045640faebf074a8092e0b023Mark Andrews [Markus Schiegl <ms schiegl.com>]
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews *) Remove incorrect comments from scoreboard.h regarding conditional
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews loading of worker_score structure with mod_status, and remove unused
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews definitions relating to old life_status field.
f503aa345b451f94875a5bab637223bcbbd93b6dEvan Hunt [Chris Darroch <chrisd pearsoncmg.com>]
f503aa345b451f94875a5bab637223bcbbd93b6dEvan Hunt *) Remove allocation of memory for unused array of lb_score pointers
f503aa345b451f94875a5bab637223bcbbd93b6dEvan Hunt in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
7df3f06c0bf0b78a88221348d6af6704d9ece7efMark Andrews *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
a3253fb44c15a52bbb19bb38592b4dc02a004527Tinderbox User [Garrett Rooney, Jim Jagielski, Paul Querna]
d1cacbb37474b0cbee6c1ddd05d27f731b2b43baMark Andrews *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
2be9d18ee9bd1b4eec4720218e4f43352603291fMark Andrews [Chris Darroch <chrisd pearsoncmg.com>]
2be9d18ee9bd1b4eec4720218e4f43352603291fMark Andrews *) mod_charset_lite: Remove Content-Length when output filter can
2be9d18ee9bd1b4eec4720218e4f43352603291fMark Andrews invalidate it. Warn when input filter can invalidate it.
4d506ae0d1671e5a1272ef1ef13986af01616ac4Mark Andrews [Jeff Trawick]
8b82b4982c21dfeb164f04700c7204f6541a7856Evan Hunt *) Authz: Add the new module mod_authn_core that will provide common
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews authn directives such as 'AuthType', 'AuthName'. Move the directives
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews into mod_authn_core. [Brad Nicholes]
f9e49fd80e2ac4fce0fef11d330b88ff3693ad99Witold Krecicki *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
e8c70b0c35c27a28ea2e0cafb252e1774ccc1727Mark Andrews into the new module mod_access_compat which can be loaded to provide
e8c70b0c35c27a28ea2e0cafb252e1774ccc1727Mark Andrews support for these directives.
e8c70b0c35c27a28ea2e0cafb252e1774ccc1727Mark Andrews [Brad Nicholes]
7204d08a319cf590ae4280b8cc20999320398574Mark Andrews *) Authz: Move the 'Require' directive from the core module as well as
7204d08a319cf590ae4280b8cc20999320398574Mark Andrews add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
7204d08a319cf590ae4280b8cc20999320398574Mark Andrews and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
6ce5279d0f30c8c760e27baf92bb44b3f4962354Evan Hunt logic into the authorization processing. [Brad Nicholes]
6ce5279d0f30c8c760e27baf92bb44b3f4962354Evan Hunt *) Authz: Add the new module mod_authz_core which acts as the
6ce5279d0f30c8c760e27baf92bb44b3f4962354Evan Hunt authorization provider vector and contains common authz
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt directives. [Brad Nicholes]
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt host-based access control provided by mod_authz_host and invoked
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt through the 'Require' directive. [Brad Nicholes]
c27c710939766a7bb315bde1f12ab18d93c77cc8Mark Andrews *) Authz: Convert all of the authz modules from hook based to
c27c710939766a7bb315bde1f12ab18d93c77cc8Mark Andrews provider based. [Brad Nicholes]
4e9a1ad22618a46dab82eeb2d030190cec0afbc6Mukund Sivaraman *) mod_cache: Add CacheMinExpire directive to set the minimum time in
4e9a1ad22618a46dab82eeb2d030190cec0afbc6Mukund Sivaraman seconds to cache a document.
4e9a1ad22618a46dab82eeb2d030190cec0afbc6Mukund Sivaraman [Brian Akins <brian.akins turner.com>, Ruediger Pluem]
4e9a1ad22618a46dab82eeb2d030190cec0afbc6Mukund Sivaraman *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
555469af35c12189525921abbc3de3cefb5f9f0fMark Andrews *) Fix typo in ProxyStatus syntax error message.
c5342425ea5568af04f4b87d5d9690453b21c9f1Mark Andrews [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
c5342425ea5568af04f4b87d5d9690453b21c9f1Mark Andrews *) Asynchronous write completion for the Event MPM. [Brian Pane]
b4bbf494183e4158b417d9200297ff0764af2f9dMark Andrews *) Added an End-Of-Request bucket type. The logging of a request and
b4bbf494183e4158b417d9200297ff0764af2f9dMark Andrews the freeing of its pool are now done when the EOR bucket is destroyed.
f3a4a5f8db3d9fd352a3e2eb6be779a78da03f52Mark Andrews This has the effect of delaying the logging until right after the last
f3a4a5f8db3d9fd352a3e2eb6be779a78da03f52Mark Andrews of the response is sent; ap_core_output_filter() calls the access logger
f3a4a5f8db3d9fd352a3e2eb6be779a78da03f52Mark Andrews indirectly when it destroys the EOR bucket. [Brian Pane]
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews *) Rewrite of logresolve support utility: IPv6 addresses are now supported
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews and the format of statistical output has changed. [Colm MacCarthaigh]
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
bc09fd1365d1a48972fa99cd6ed2aa788a28ef33Mark Andrews *) Added new connection states for handler and write completion
bc09fd1365d1a48972fa99cd6ed2aa788a28ef33Mark Andrews [Brian Pane]
36be0aad8ec241987e1866a547372eb28ee7dc09Mark Andrews *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
36be0aad8ec241987e1866a547372eb28ee7dc09Mark Andrews [Justin Erenkrantz]
36be0aad8ec241987e1866a547372eb28ee7dc09Mark Andrews *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
36be0aad8ec241987e1866a547372eb28ee7dc09Mark Andrews allowing string-valued client certificate attributes to be used for
33f91e248b67afa96c5b855ba3ace20b5d89dbd0Mark Andrews access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
33f91e248b67afa96c5b855ba3ace20b5d89dbd0Mark Andrews [Martin Kraemer, David Reid]
51227d6f16840ae359701b5d56970a5f3860db5aEvan Hunt [Apache 2.1.0-dev includes those bug fixes and changes with the
51227d6f16840ae359701b5d56970a5f3860db5aEvan Hunt Apache 2.2.xx tree as documented, and except as noted, below.]
175a8414a785689cb028e6e133385dba9e1b9a95Evan HuntChanges with Apache 2.2.x and later:
9e4811dc90cca1f6f2d1ef86182f9613add06df3Mark Andrews *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
12b791ae2018561482f3b68dd6658c2ad1a4d934Mark AndrewsChanges with Apache 2.0.x and later:
080582dc4739cabf0170b54e9a453785d577e364Mark Andrews *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
080582dc4739cabf0170b54e9a453785d577e364Mark AndrewsChanges with Apache 1.3.x and later: