CHANGES revision 7a975d0413ba303546b7619e4785cb641f7f09fd
436aad11e01e916f75e68a2e9cb89ac217a990d3Tinderbox User -*- coding: utf-8 -*-
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic UpdaterChanges with Apache 2.3.15
18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox User *) SECURITY: CVE-2011-3192 (cve.mitre.org)
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User core: Fix handling of byte-range requests to use less memory, to avoid
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User denial of service. If the sum of all ranges in a request is larger than
c57668a2fbbe558c1bd21652813616f2f517c469Tinderbox User the original file, ignore the ranges and send the complete file.
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) core: Allow MaxRanges none|unlimited|default and set 'Accept-Ranges: none'
8de3f14f1c300c3e1ed99084cc03485b42c92bf1Tinderbox User in the case Ranges are being ignored with MaxRanges none.
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox User [Eric Covener]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_ssl: revamp CRL-based revocation checking when validating
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews certificates of clients or proxied servers. Completely delegate
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews CRL processing to OpenSSL, and add a new [Proxy]CARevocationCheck
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews directive for controlling the revocation checking mode. [Kaspar Brand]
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews *) Fix a regression in the CVE-2011-3192 byterange fix.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews PR 51748. [low_priority <lowprio20 gmail.com>]
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews *) core: Add MaxRanges directive to control the number of ranges permitted
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews before returning the entire resource, with a default limit of 200.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [Eric Covener]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_cache: Ensure that CacheDisable can correctly appear within
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User a LocationMatch. [Graham Leggett]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) mod_cache: Fix the moving of the CACHE filter, which erroneously
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews stood down if the original filter was not added by configuration.
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User [Graham Leggett]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_ssl: improve certificate error logging. PR 47408. [Kaspar Brand]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_authz_groupfile: Increase length limit of lines in the group file to
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User 16MB. PR 43084. [Stefan Fritsch]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) core: Increase length limit of lines in the configuration file to 16MB.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews PR 45888. PR 50824. [Stefan Fritsch]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) core: Add API for resizable buffers. [Stefan Fritsch]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_ldap: Enable LDAPConnectionTimeout for LDAP toolkits that have
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt LDAP_OPT_CONNECT_TIMEOUT instead of LDAP_OPT_NETWORK_TIMEOUT, such
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User as Tivoli Directory Server 6.3 and later. [Eric Covener]
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt *) mod_ldap: Change default number of retries from 10 to 3, and add
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater an LDAPRetries and LDAPRetryDelay directives. [Eric Covener]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater *) mod_authnz_ldap: Don't retry during authentication, because this just
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt multiplies the ample retries already being done by mod_ldap. [Eric Covener]
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User *) configure: Allow to explicitly disable modules even with module selection
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt 'reallyall'. [Stefan Fritsch]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater *) mod_rewrite: Check validity of each internal (int:) RewriteMap even if the
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater RewriteEngine is disabled in server context, avoiding a crash while
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater referencing the invalid int: map at runtime. PR 50994.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Ben Noordhuis <info noordhuis nl>]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_ssl, configure: require OpenSSL 0.9.7 or later. [Kaspar Brand]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_ssl: remove ssl_toolkit_compat layer. [Kaspar Brand]
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater *) mod_ssl, configure, ab: drop support for RSA BSAFE SSL-C toolkit.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Kaspar Brand]
16f6050f29b6b0422cee858e609f65e474e70ef2Tinderbox User *) mod_usertrack: Run mod_usertrack earlier in the fixups hook to ensure the
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews cookie is set when modules such as mod_rewrite trigger a redirect. Also
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater use r->err_headers_out for the cookie, for the same reason. PR29755.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Sami J. Mäkinen <sjm almamedia fi>, Eric Covener]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_proxy_http, mod_proxy_connect: Add 'proxy-status' and
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews 'proxy-source-port' request notes for logging. PR 30195. [Stefan Fritsch]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) configure: Enable ldap modules in 'all' and 'most' selections if ldap
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt is compiled into apr-util. [Stefan Fritsch]
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt *) core: Add ap_check_cmd_context()-check if a command is executed in
95637507c3d47481fbf0a8a8c750a57f944f677fMark Andrews .htaccess file. [Stefan Fritsch]
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt *) mod_deflate: Fix endless loop if first bucket is metadata. PR 51590.
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt [Torsten Foertsch <torsten foertsch gmx net>]
2ae159b376dac23870d8005563c585acf85a4b5aEvan HuntChanges with Apache 2.3.14
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt *) mod_proxy_ajp: Improve trace logging. [Rainer Jung]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_proxy_ajp: Respect "reuse" flag in END_REPONSE packets.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [Rainer Jung]
27739dd25026283c24645c8a1044b95ef9eb5ac6Tinderbox User *) mod_proxy: enable absolute URLs to be rewritten with ProxyPassReverse,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews e.g. to reverse proxy "Location: https://other-internal-server/login"
7a6494cfb6cc7d3f67af07359561e05e6bb8c0edTinderbox User *) prefork, worker, event: Make sure crashes are logged to the error log if
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User httpd has already detached from the console. [Stefan Fritsch]
18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox User *) prefork, worker, event: Reduce period during startup/restart where a
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews successive signal may be lost. PR 43696. [Arun Bhalla <arun shme net>]
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox User *) mod_allowmethods: Correct Merging of "reset" and do not allow an
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews empty parameter list for the AllowMethods directive. [Rainer Jung]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) configure: Update selection of modules for 'all' and 'most'. 'all' will
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User now enable all modules except for example and test modules. Make the
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews selection for 'most' more useful (including ssl and proxy). Both 'all'
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User and 'most' will now disable modules if dependencies are missing instead
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews of aborting. If a specific module is requested with --enable-XXX=yes,
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User missing dependencies will still cause configure to exit with an error.
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews [Stefan Fritsch]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) mod_ldap: Revert the integration of apr-ldap as ap_ldap which was done
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews in 2.3.13. [Stefan Fritsch]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) core: For '*' or '_default_' vhosts, use a wildcard address of any
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User address family, rather than IPv4 only. [Joe Orton]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) core, mod_rewrite, mod_ssl, mod_nw_ssl: Make the SERVER_NAME variable
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews include [ ] for literal IPv6 addresses, as mandated by RFC 3875.
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User PR 26005. [Stefan Fritsch]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) mod_negotiation: Fix parsing of Content-Length in type maps. PR 42203.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Nagae Hidetake <nagae eagan jp>]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) core: Add more logging to ap_scan_script_header_err* functions. Add
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews ap_scan_script_header_err*_ex functions that take a module index for
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews mod_cgi, mod_cgid, mod_proxy_fcgi, mod_proxy_scgi, mod_isapi: Use the
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews new functions in order to make logging configurable per-module.
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User [Stefan Fritsch]
fd972434c29fc1169d66594e4cc7697d33036c2bTinderbox User *) mod_dir: Add DirectoryIndexRedirect to send an external redirect to
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User the proper index. [Eric Covener]
fd972434c29fc1169d66594e4cc7697d33036c2bTinderbox User *) mod_deflate: Don't try to compress requests with a zero sized body.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont PR 51350. [Stefan Fritsch]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) core: Fix startup on IP6-only systems. PR 50592. [Joe Orton,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont <root linkage white-void net>]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) suexec: Add environment variables CONTEXT_DOCUMENT_ROOT, CONTEXT_PREFIX,
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews REDIRECT_ERROR_NOTES, REDIRECT_SCRIPT_FILENAME, REQUEST_SCHEME to the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews whitelist in suexec. PR 51499. [Graham Laverty <graham reg ca>,
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews Stefan Fritsch]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_rewrite: Fix regexp RewriteCond with NoCase. [Stefan Fritsch]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) mod_log_debug: New module that allows to log custom messages at various
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews phases in the request processing. [Stefan Fritsch]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) mod_ssl: Add some debug logging when loading server certificates.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews PR 37912. [Nick Burch <nick burch alfresco com>]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) configure: Support reallyall option also for --enable-mods-static.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [Rainer Jung]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_socache_dc: add --with-distcache to configure for choosing
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews the distcache installation directory. [Rainer Jung]
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User *) mod_socache_dc: use correct build variable MOD_SOCACHE_DC_LDADD
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User instead of MOD_SOCACHE_LDADD in build macro. [Rainer Jung]
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater *) mod_lua, mod_deflate: respect platform specific runpath linker
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews flag. [Rainer Jung]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) configure: Only link the httpd binary against PCRE. No other support
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User binary needs PCRE. [Rainer Jung]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) configure: tolerate dependency checking failures for modules if
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews they have been enabled implicitely. [Rainer Jung]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) configure: Allow to specify module specific custom linker flags via
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User the MOD_XXX_LDADD variables. [Rainer Jung]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserChanges with Apache 2.3.13
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) ab: Support specifying the local address to use. PR 48930.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Peter Schuller <scode spotify com>]
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater *) core: Add support to ErrorLogFormat for logging the system unique
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User thread id under Linux. [Stefan Fritsch]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) event: New AsyncRequestWorkerFactor directive to influence how many
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews connections will be accepted per process. [Stefan Fritsch]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) prefork, worker, event: Rename MaxClients to MaxRequestWorkers which
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User describes more accurately what it does. [Stefan Fritsch]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) rotatelogs: Add -p argument to specify custom program to invoke
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews after a log rotation. PR 51285. [Sven Ulland <sveniu ifi.uio.no>,
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) mod_ssl: Don't do OCSP checks for valid self-issued certs. [Kaspar Brand]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) mod_ssl: Avoid unnecessary renegotiations with SSLVerifyDepth 0.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews PR 48215. [Kaspar Brand]
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater *) mod_status: Display information about asynchronous connections in the
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User server-status. PR 44377. [Stefan Fritsch]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) mpm_event: If the number of connections of a process is very high, or if
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews all workers are busy, don't accept new connections in that process.
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User [Stefan Fritsch]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) mpm_event: Process lingering close asynchronously instead of tying up
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews worker threads. [Jeff Trawick, Stefan Fritsch]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mpm_event: If MaxMemFree is set, limit the number of pools that is kept
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User around. [Stefan Fritsch]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) mpm_event: Fix graceful restart aborting connections. PR 43359.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Takashi Sato <takashi lans-tv com>]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_ssl: Disable AECDH ciphers in example config. PR 51363.
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User [Rob Stradling <rob comodo com>]
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews *) core: Introduce new function ap_get_conn_socket() to access the socket of
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews a connection. [Stefan Fritsch]
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User *) mod_data: Introduce a filter to support RFC2397 data URLs. [Graham
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User *) mod_userdir/mod_alias/mod_vhost_alias: Correctly set DOCUMENT_ROOT,
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews CONTEXT_DOCUMENT_ROOT, CONTEXT_PREFIX. PR 26052. PR 46198.
7ca715ad1587a68a531ea1cdea07515d7232567eTinderbox User [Stefan Fritsch]
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater *) core: Allow to override document_root on a per-request basis. Introduce
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater new context_document_root and context_prefix which provide information
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews about non-global URI-to-directory mappings (from e.g. mod_userdir or
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews mod_alias) to scripts. PR 49705. [Stefan Fritsch]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) core: Add <ElseIf> and <Else> to complement <If> sections.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews [Stefan Fritsch]
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews *) mod_ext_filter: Remove DebugLevel option in favor of per-module loglevel.
bc0a53583d92309bebcf93c408e2f3247ebd3d3cAutomatic Updater [Stefan Fritsch]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_include: Make the "#if expr" element use the new "ap_expr" expression
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater parser. The old parser can still be used by setting the new directive
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater SSILegacyExprParser. [Stefan Fritsch]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) core: Add some features to ap_expr for use by mod_include: a restricted
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater mode that does not allow to bypass request access restrictions; new
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater variables DOCUMENT_URI (alias for REQUEST_URI), LAST_MODIFIED; -A as an
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User alias for -U; an additional data entry in ap_expr_eval_ctx_t for use by
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User the consumer; an extensible ap_expr_exec_ctx() API that allows to use that
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater data entry. [Stefan Fritsch]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_include: Merge directory configs instead of one SSI* config directive
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater causing all other per-directory SSI* config directives to be reset.
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater [Stefan Fritsch]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_charset_lite: Remove DebugLevel option in favour of per-module
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater loglevel. [Stefan Fritsch]
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews *) core: Add ap_regexec_len() function that works with non-null-terminated
c2abd6efeb9affa70aabb63da2acb23e135cf7f2Mark Andrews strings. PR 51231. [Yehezkel Horowitz <horowity checkpoint com>]
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User *) mod_authnz_ldap: If the LDAP server returns constraint violation,
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews don't treat this as an error but as "auth denied". [Stefan Fritsch]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) mod_proxy_fcgi|scgi: Add support for "best guess" of PATH_INFO
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User for SCGI/FCGI. PR 50880, 50851. [Mark Montague <mark catseye.org>,
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User Jim Jagielski]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_cache: When content is served stale, and there is no means to
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews revalidate the content using ETag or Last-Modified, and we have
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User mandated no stale-on-error behaviour, stand down and don't cache.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Saves a cache write that will never be read.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Graham Leggett]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_reqtimeout: Fix a timed out connection going into the keep-alive
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews state after a timeout when discarding a request body. PR 51103.
bf5e2127e92e52cbf661e77dd6a76e5aef43542fTinderbox User [Stefan Fritsch]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) core: Add various file existance test operators to ap_expr.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [Stefan Fritsch]
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User *) mod_proxy_express: New mass reverse-proxy switch extension for
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User mod_proxy. [Jim Jagielski]
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews *) configure: Fix script error when configuring module set "reallyall".
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews [Rainer Jung]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserChanges with Apache 2.3.12
cf7e98f59148b559946a7f1ca728471374f1eef3Automatic Updater *) configure, core: Provide easier support for APR's hook probe
6025cbbe8408f4b09d53d5ec1e95cb6da97e0a8dTinderbox User capability. [Jim Jagielski, Jeff Trawick]
757ff043760e4743dda1a10e7d58349275934902Tinderbox User *) Silence autoconf 2.68 warnings. [Rainer Jung]
cf7e98f59148b559946a7f1ca728471374f1eef3Automatic Updater *) mod_authnz_ldap: Resolve crash when LDAP is used for authorization only
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews [Scott Hill <shill genscape.com>]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) support: Make sure check_forensic works with mod_unique_id loaded
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Joe Schaefer]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Add child_status hook for tracking creation/termination of MPM child
757ff043760e4743dda1a10e7d58349275934902Tinderbox User processes. Add end_generation hook for notification when the last
757ff043760e4743dda1a10e7d58349275934902Tinderbox User MPM child of a generation exits. [Jeff Trawick]
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User *) mod_ldap: Make LDAPSharedCacheSize 0 create a non-shared-memory cache per
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User process as opposed to disabling caching completely. This allows to use
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews the non-shared-memory cache as a workaround for the shared memory cache
3857cb6fcabeb79d85de4b3e3e4ab99912b701f8Mark Andrews not being available during graceful restarts. PR 48958. [Stefan Fritsch]
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User *) Add new ap_reserve_module_slots/ap_reserve_module_slots_directive API,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews necessary if a module (like mod_perl) registers additional modules late
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User in the startup phase. [Stefan Fritsch]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) core: Prevent segfault if DYNAMIC_MODULE_LIMIT is reached. PR 51072.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Torsten Förtsch <torsten foertsch gmx net>]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) WinNT MPM: Improve robustness under heavy load. [Jeff Trawick]
8292deab031e7599cd7622aa7675fbe139ca6095Mark Andrews *) MinGW build improvements. PR 49535. [John Vandenberg
e31cfd80616deb9781902306b34a69aa7309b6cbTinderbox User <jayvdb gmail.com>, Jeff Trawick]
4f45d802dc97f12f87e23be2f2e0ba6216e6cea2Tinderbox User *) core: Support module names with colons in loglevel configuration.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews [Torsten Förtsch <torsten foertsch gmx net>]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews [Stefan Fritsch]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) core: Abort if the MPM is changed across restart. [Jeff Trawick]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews [Peter Pramberger <peter pramberger.at>, Jim Jagielski]
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User *) mod_proxy_fcgi: Add support for 'ProxyErrorOverride on'. PR 50913.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews [Mark Montague <mark catseye.org>, Jim Jagielski]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) core: Change the APIs of ap_cfg_getline() and ap_cfg_getc() to return an
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews error code. Abort with a nice error message if a config line is too long.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews Partial fix for PR 50824. [Stefan Fritsch]
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater *) mod_info: Dump config to stdout during startup if -DDUMP_CONFIG is
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews specified. PR 31956. [Stefan Fritsch]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) Restore visibility of DEFAULT_PIDLOG to core and modules. MPM
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews helper function ap_remove_pid() added. [Jeff Trawick]
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater *) Enable DEFAULT_REL_RUNTIMEDIR on Windows and NetWare. [various]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) Correct C++ incompatibility with http_log.h. [Stefan Fritsch, Jeff
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_log_config: Prevent segfault. PR 50861. [Torsten Förtsch
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews in request URL path info but not decode them. Change behavior of option
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews "On" to decode the encoded slashes as 2.0 and 2.2 do. PR 35256,
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews PR 46830. [Dan Poirier]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_ssl: Check SNI hostname against Host header case-insensitively.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews PR 49491. [Mayank Agrawal <magrawal.08 gmail.com>]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_ldap: Add LDAPConnectionPoolTTL to give control over lifetime
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews of bound backend LDAP connections. PR47634 [Eric Covener]
c5a97a549c89d562e999d4f906b882c5a2a474e1Tinderbox User *) mod_cache: Make CacheEnable and CacheDisable configurable per
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User directory in addition to per server, making them work from within
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews a LocationMatch. [Graham Leggett]
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User *) worker, event, prefork: Correct several issues when built as
d585233c52e283d9a8849f16f04f452419a2484eTinderbox User DSOs; most notably, the scoreboard was reinitialized during graceful
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User restart, such that processes of the previous generation were not
d585233c52e283d9a8849f16f04f452419a2484eTinderbox User observable. [Jeff Trawick]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsChanges with Apache 2.3.11
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_win32: Added shebang check for '! so that .vbs scripts work as CGI.
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User Win32's cscript interpreter can only use a single quote as comment char.
757ff043760e4743dda1a10e7d58349275934902Tinderbox User [Guenter Knauf]
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User *) mod_proxy: balancer-manager now uses POST instead of GET.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [Jim Jagielski]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) core: new util function: ap_parse_form_data(). Previously,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater this capability was tucked away in mod_request. [Jim Jagielski]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) core: new hook: ap_run_pre_read_request. [Jim Jagielski]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_cache: When a request other than GET or HEAD arrives, we must
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews invalidate existing cache entities as per RFC2616 13.10. PR 15868.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Graham Leggett]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) modules: Fix many modules that were not correctly initializing if they
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews were not active during server startup but got enabled later during a
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews graceful restart. [Stefan Fritsch]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) core: Create new ap_state_query function that allows modules to determine
3a988722ad9e209ba4064604d482dc4efe0e19ebTinderbox User if the current configuration run is the initial one at server startup,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and if the server is started for testing/config dumping only.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Stefan Fritsch]
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews *) mod_proxy: Runtime configuration of many parameters for existing
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews balancers via the balancer-manager. [Jim Jagielski]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_proxy: Runtime addition of new workers (BalancerMember) for existing
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews balancers via the balancer-manager. [Jim Jagielski]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_cache: When a bad Expires date is present, we need to behave as if
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews the Expires is in the past, not as if the Expires is missing. PR 16521.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Co-Advisor <coad@measurement-factory.com>]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_cache: We must ignore quoted-string values that appear in a
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews Cache-Control header. PR 50199. [Graham Leggett]
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews *) mod_dav: Revert change to send 501 error if unknown Content-* header is
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews received for a PUT request. PR 42978. [Stefan Fritsch]
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews *) mod_cache: Respect s-maxage as described by RFC2616 14.9.3, which must
f7369b2881b5e63d69600adcedc8ba938303d30cTinderbox User take precedence if present. PR 35247. [Graham Leggett]
d6317350b1180aa4517f2e8a92fa8fbcbf904ad8Automatic Updater *) mod_ssl: Fix a possible startup failure if multiple SSL vhosts
bc0a4c01beede169df81a3ee5b614ed9e82339dbAutomatic Updater are configured with the same ServerName and private key file.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews [Masahiro Matsuya <mmatsuya redhat.com>, Joe Orton]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_socache_dc: Make module compile by fixing some typos.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR 50735 [Mark Montague <mark catseye.org>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) prefork: Update MPM state in children during a graceful stop or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington restart. PR 41743. [Andrew Punch <andrew.punch 247realmedia.com>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_mime: Ignore leading dots when looking for mime extensions.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR 50434 [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Add support to set variables with the 'Define' directive. The
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington variables that can then be used in the config using the ${VAR} syntax
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington known from envvar interpolation. [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy_http: make adding of X-Forwarded-* headers configurable.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ProxyAddHeaders defaults to On. [Vincent Deffontaines]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_slotmem_shm: Increase memory alignment for slotmem data.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Rainer Jung]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_ssl: Add config options for OCSP: SSLOCSPResponderTimeout,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington SSLOCSPResponseMaxAge, SSLOCSPResponseTimeSkew.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Kaspar Brand <httpd-dev.2011 velox.ch>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_ssl: Revamp output buffering to reduce network overhead for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington output fragmented into many buckets, such as chunked HTTP responses.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Apply <If> sections to all requests, not only to file base requests.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Allow to use <If> inside <Directory>, <Location>, and <Files> sections.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington The merging of <If> sections now happens after the merging of <Location>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington sections, even if an <If> section is embedded inside a <Directory> or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington <Files> section. [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy: Refactor usage of shared data by dropping the scoreboard
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and using slotmem. Create foundation for dynamic growth/changes of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington members within a balancer. Remove BalancerNonce in favor of a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington per-balancer 'nonce' parameter. [Jim Jagielski]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_status: Don't show slots which are disabled by MaxClients as open.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR: 47022 [Jordi Prats <jordi prats gmail com>, Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mpm_prefork: Fix ap_mpm_query results for AP_MPMQ_MAX_DAEMONS and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington AP_MPMQ_MAX_THREADS.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_authz_core: Fix bug in merging logic if user-based and non-user-based
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington authorization directives were mixed. [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_authn_socache: change directive name from AuthnCacheProvider
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to AuthnCacheProvideFor. The term "provider" is overloaded in
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews this module, and we should avoid confusion between the provider
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews of a backend (AuthnCacheSOCache) and the authn provider(s) for
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews which this module provides cacheing (AuthnCacheProvideFor).
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_proxy_http: Allocate the fake backend request from a child pool
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews of the backend connection, instead of misusing the pool of the frontend
22d32791e5daa0bc80335a0f10ab2de95f41ccdbTinderbox User request. Fixes a thread safety issue where buckets set aside in the
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater backend connection leak into other threads, and then disappear when
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater the frontend request is cleaned up, in turn causing corrupted buckets
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater to make other threads spin. [Graham Leggett]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater *) mod_ssl: Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User escape other special characters with backslashes. The old format can
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater still be used with the LegacyDNStringFormat argument to SSLOptions.
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater *) core, mod_rewrite: Make the REQUEST_SCHEME variable available to
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater scripts and mod_rewrite. [Stefan Fritsch]
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater *) mod_rewrite: Allow to use arbitrary boolean expressions (ap_expr) in
ae7e54b14c946e0984c191554db9abb4893f9349Automatic Updater RewriteCond. [Stefan Fritsch]
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews *) mod_rewrite: Allow to unset environment variables using E=!VAR.
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User PR 49512. [Mark Drayton <mark markdrayton info>, Stefan Fritsch]
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User *) mod_headers: Restore the 2.3.8 and earlier default for the first
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User argument of the Header directive ("onsuccess"). [Eric Covener]
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User *) core: Disallow the mixing of relative and absolute Options PR 33708.
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User [Sönke Tesch <st kino-fahrplan.de>]
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User *) core: When exporting request headers to HTTP_* environment variables,
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User drop variables whose names contain invalid characters. Describe in the
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) core: When selecting an IP-based virtual host, favor an exact match for
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews the port over a wildcard (or omitted) port instead of favoring the one
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User that came first in the configuration file. [Eric Covener]
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User *) core: Overlapping virtual host address/port combinations now implicitly
c11c7b47726c02eb05e29ff7be56a3343146e396Tinderbox User enable name-based virtual hosting for that address. The NameVirtualHost
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews directive has no effect, and _default_ is interpreted the same as "*".
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Eric Covener]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) core: In the absence of any Options directives, the default is now
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews "FollowSymlinks" instead of "All". [Igor Galić]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) rotatelogs: Add -e option to write logs through to stdout for optional
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews further processing. [Graham Leggett]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ssl: Correctly read full lines in input filter when the line is
febbdb34a7f7759922e239655e7429d78d3a8d26Tinderbox User incomplete during first read. PR 50481. [Ruediger Pluem]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_authz_core: Add AuthzSendForbiddenOnFailure directive to allow
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User sending '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authorization
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews fails for an authenticated user. PR 40721. [Stefan Fritsch]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsChanges with Apache 2.3.10
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_rewrite: Don't implicitly URL-escape the original query string
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews when no substitution has changed it. PR 50447. [Eric Covener]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) core: Honor 'AcceptPathInfo OFF' during internal redirects,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User such as per-directory mod_rewrite substitutions. PR 50349.
c01dec514a81ecf8c17ca3ef8c3ba95e437295ebAutomatic Updater [Eric Covener]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater rules/conditions before the overridden rules/conditions. PR 39313.
e8c42d50cdaf3a3b841074d8bf72b40ffbae2a4bTinderbox User [Jérôme Grandjanny <jerome.grandjanny cea.fr>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_autoindex: add IndexIgnoreReset to reset the list of IndexIgnored
e20309353e6246485c521278131d3fced73d7957Tinderbox User filenames in higher precedence configuration sections. PR 24243.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews [Eric Covener]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_cgid: RLimit* directive support for mod_cgid. PR 42135
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Eric Covener]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Fail startup when the argument to ServerName looks like a glob
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington or a regular expression instead of a hostname (*?[]). PR 39863
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_userdir: Add merging of enable, disable, and filename arguments
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to UserDir directive, leaving enable/disable of userlists unmerged.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR 44076 [Eric Covener]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) httpd: When no -k option is provided on the httpd command line, the server
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington was starting without checking for an existing pidfile. PR 50350
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Eric Covener]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy: Put the worker in error state if the SSL handshake with the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington backend fails. PR 50332.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_cache_disk: Fix Windows build which was broken after renaming
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the module. [Gregg L. Smith]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsChanges with Apache 2.3.9
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) SECURITY: CVE-2010-1623 (cve.mitre.org)
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews Fix a denial of service attack against mod_reqtimeout.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Stefan Fritsch]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) mod_headers: Change default first argument of Header directive
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews from "onsuccess" to "always". [Eric Covener]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_include: Add the onerror attribute to the include element,
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews allowing an URL to be specified to include on error. [Graham
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_cache_disk: mod_disk_cache renamed to mod_cache_disk, to be
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews consistent with the naming of other modules. [Graham Leggett]
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater *) mod_setenvif: Add SetEnvIfExpr directive to set env var depending on
79cea03ba823e2d3a34895f0ba91d7fb5ad799e7Automatic Updater expression. [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy: Fix ProxyPassInterpolateEnv directive. PR 50292.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington binary (Suexec Off), or force startup failure if suEXEC is required
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington but not supported (Suexec On). Change SuexecUserGroup to fail
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington startup instead of just printing a warning if suEXEC is disabled.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Jeff Trawick]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Add Error directive for aborting startup or htaccess processing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington with a specified error message. [Jeff Trawick]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_rewrite: Fix the RewriteEngine directive to work within a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington location. Previously, once RewriteEngine was switched on globally,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington it was impossible to switch off. [Graham Leggett]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) core, mod_include, mod_ssl: Move the expression parser derived from
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mod_include back into mod_include. Replace ap_expr with a parser
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington derived from mod_ssl's parser. Make mod_ssl use the new parser. Rework
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews ap_expr's public interface and provide hooks for modules to add variables
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and functions. [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Do the hook sorting earlier so that the hooks are properly sorted
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User for the pre_config hook and during parsing the config. [Stefan Fritsch]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) core: In the absence of any AllowOverride directives, the default is now
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews "None" instead of "All". PR49823 [Eric Covener]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews <Directory> or <Files>. PR47765 [Eric Covener]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) prefork/worker/event MPMS: default value (when no directive is present)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to match default configuration and manual. PR47782 [Eric Covener]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington when the child process is starting to exit. PR50220. [Eric Covener]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_autoindex: Fix inheritance of mod_autoindex directives into
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater contexts that don't have any mod_autoindex directives. PR47766.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Eric Covener]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of rewrite processing when a per-directory substitution occurs.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Eric Covener]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ssl: Make sure to always log an error if loading of CA certificates
56effd2e3f579fd77b1fb37d47871d1bf1286bc4Automatic Updater fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
0e91f17da8a29086876a88962e0a3482094b6057Evan Hunt *) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_dav: Send 400 error if malformed Content-Range header is received for
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_proxy: Release the backend connection as soon as EOS is detected,
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews so the backend isn't forced to wait for the client to eventually
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews acknowledge the data. [Graham Leggett]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_proxy: Optimise ProxyPass within a Location so that it is stored
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews per-directory, and chosen during the location walk. Make ProxyPass
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews work correctly from within a LocationMatch. [Graham Leggett]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) core: Fix segfault if per-module LogLevel is on virtual host
42bee07ebb8152a6ec2f87f4790d87368c24704cAutomatic Updater scope. PR 50117. [Stefan Fritsch]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_proxy: Move the ProxyErrorOverride directive to have per
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews directory scope. [Graham Leggett]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) mod_allowmethods: New module to deny certain HTTP methods without
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington interfering with authentication/authorization. [Paul Querna,
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews Igor Galić, Stefan Fritsch]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) mod_ssl: Log certificate information and improve error message if client
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews Stefan Fritsch]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) htcacheclean: Teach htcacheclean to limit cache size by number of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington inodes in addition to size of files. Prevents a cache disk from
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington running out of space when many small files are cached.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Graham Leggett]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington describes more accurately what the directive does. The old name
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington still works but logs a warning. [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_cache: Optionally serve stale data when a revalidation returns a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington 5xx response, controlled by the CacheStaleOnError directive.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Graham Leggett]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) htcacheclean: Allow the listing of valid URLs within the cache, with
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews the option to list entry metadata such as sizes and times. [Graham
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_cache: correctly parse quoted strings in cache headers.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews PR 50199 [Nick Kew]
89623368b8f662d458d9964b923050f33c5f75b0Tinderbox User *) mod_cache: Allow control over the base URL of reverse proxied requests
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington using the CacheKeyBaseURL directive, so that the cache key can be
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User calculated from the endpoint URL instead of the server URL. [Graham
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_cache: CacheLastModifiedFactor, CacheStoreNoStore, CacheStorePrivate,
757ff043760e4743dda1a10e7d58349275934902Tinderbox User CacheStoreExpired, CacheIgnoreNoLastMod, CacheDefaultExpire,
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews CacheMinExpire and CacheMaxExpire can be set per directory/location.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Graham Leggett]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_disk_cache: CacheMaxFileSize, CacheMinFileSize, CacheReadSize and
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews CacheReadTime can be set per directory/location. [Graham Leggett]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) core: Speed up config parsing if using a very large number of config
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater files. PR 50002 [andrew cloudaccess net]
da59e63e7af147a8bcef985b98b04443e04c3a0eTinderbox User *) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) htcacheclean: Allow the option to round up file sizes to a given
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews block size, improving the accuracy of disk usage. [Graham Leggett]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_ssl: Add authz providers for use with mod_authz_core and its
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews 'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews 'ssl-require' (expressions with same syntax as SSLRequire).
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Stefan Fritsch]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_ssl: Make the ssl expression parser thread-safe. It now requires
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User bison instead of yacc. [Stefan Fritsch]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_disk_cache: Change on-disk header file format to support the
cc5a9ce75af9870f2cb9e2bf00548c2f7e6398d6Automatic Updater link of the device/inode of the data file to the matching header
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater file, and to support the option of not writing a data file when
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User the data file is empty. [Graham Leggett]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews *) core/mod_unique_id: Add generate_log_id hook to allow to use
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User the ID generated by mod_unique_id as error log ID for requests.
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater [Stefan Fritsch]
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater *) mod_cache: Make sure that we never allow a 304 Not Modified response
532d27b39244fadfcf8d8b4593f4c65434c9c664Automatic Updater that we asked for to leak to the client should the 304 response be
91faa748a27dee38f6caea461d3e87f15b93abeaTinderbox User uncacheable. PR45341 [Graham Leggett]
91faa748a27dee38f6caea461d3e87f15b93abeaTinderbox User *) mod_cache: Add the cache_status hook to register the final cache
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews decision hit/miss/revalidate. Add optional support for an X-Cache
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews and/or an X-Cache-Detail header to add the cache status to the
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews response. PR48241 [Graham Leggett]
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews *) mod_authz_host: Add 'local' provider that matches connections originating
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews on the local host. PR 19938. [Stefan Fritsch]
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews *) Event MPM: Fix crash accessing pollset on worker thread when child
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews process is exiting. [Jeff Trawick]
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews *) core: For process invocation (cgi, fcgid, piped loggers and so forth)
93089a352d6903b0d7845a039de4ec2df9a0e35aTinderbox User pass the system library path (LD_LIBRARY_PATH or platform-specific
93089a352d6903b0d7845a039de4ec2df9a0e35aTinderbox User variables) along with the system PATH, by default. Both should be
93089a352d6903b0d7845a039de4ec2df9a0e35aTinderbox User overridden together as desired using PassEnv etc; see mod_env.
861836e5f5df62bfaea9ad8923a05278d5ab2f3dTinderbox User [William Rowe]
93089a352d6903b0d7845a039de4ec2df9a0e35aTinderbox User *) mod_cache: Introduce CacheStoreExpired, to allow administrators to
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater capture a stale backend response, perform If-Modified-Since requests
9c446b72069d0ab9f710502f4d7048e50875fccbAutomatic Updater against the backend, and serving from the cache all 304 responses.
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater This restores pre-2.2.4 cache behavior. [William Rowe]
93089a352d6903b0d7845a039de4ec2df9a0e35aTinderbox User *) mod_rewrite: Introduce <=, >= string comparison operators, and integer
93089a352d6903b0d7845a039de4ec2df9a0e35aTinderbox User comparators -lt, -le, -eq, -ge, and -gt. To help bash users and drop
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User the ambiguity of the symlink test "-ltest", introduce -h or -L as
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater symlink test operators. [William Rowe]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) mod_cache: Give the cache provider the opportunity to choose to cache
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater or not cache based on the buckets present in the brigade, such as the
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater presence of a FILE bucket.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater [Graham Leggett]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) mod_authz_core: Allow authz providers to check args while reading the
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater config and allow to cache parsed args. Move 'all' and 'env' authz
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater providers from mod_authz_host to mod_authz_core. Add 'method' authz
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater provider depending on the HTTP method. [Stefan Fritsch]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) mod_include: Move the request_rec within mod_include to be
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater exposed within include_ctx_t. [Graham Leggett]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) mod_include: Reinstate support for UTF-8 character sets by allowing a
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater variable being echoed or set to be decoded and then encoded as separate
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater steps. PR47686 [Graham Leggett]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) mod_cache: Add a discrete commit_entity() provider function within the
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater mod_cache provider interface which is called to indicate to the
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater provider that caching is complete, giving the provider the opportunity
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater to commit temporary files permanently to the cache in an atomic
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater fashion. Replace the inconsistent use of error cleanups with a formal
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater set of pool cleanups attached to a subpool, which is destroyed on error.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater [Graham Leggett]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) mod_cache: Change the signature of the store_body() provider function
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater within the mod_cache provider interface to support an "in" brigade
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater and an "out" brigade instead of just a single input brigade. This
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater gives a cache provider the option to consume only part of the brigade
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater passed to it, rather than the whole brigade as was required before.
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater This fixes an out of memory and a request timeout condition that would
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater occur when the original document was a large file. Introduce
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater CacheReadSize and CacheReadTime directives to mod_disk_cache to control
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater the amount of data to attempt to cache at a time. [Graham Leggett]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) core: Add ErrorLogFormat to allow configuring error log format, including
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater additional information that is logged once per connection or request. Add
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater error log IDs for connections and request to allow correlating error log
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater lines and the corresponding access log entry. [Stefan Fritsch]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) core: Disable sendfile by default. [Stefan Fritsch]
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater *) mod_cache: Check the request to determine whether we are allowed
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User to return cached content at all, and respect a "Cache-Control:
bbc0e1c4f47f101c4a64db3469352c49a49e734fTinderbox User no-cache" header from a client. Previously, "no-cache" would
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater behave like "max-age=0". [Graham Leggett]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_cache: Use a proper filter context to hold filter data instead
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User of misusing the per-request configuration. Fixes a segfault on trunk
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater when the normal handler is used. [Graham Leggett]
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews *) mod_cgid: Log a warning if the ScriptSock path is truncated because
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews it is too long. PR 49388. [Stefan Fritsch]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater *) vhosts: Do not allow _default_ in NameVirtualHost, or mixing *
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater and non-* ports on NameVirtualHost, or multiple NameVirtualHost
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater directives for the same address:port, or NameVirtualHost
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater directives with no matching VirtualHosts, or multiple ip-based
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater VirtualHost sections for the same address:port. These were
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater previously accepted with a warning, but the behavior was
3040b455151b1e1173193933664b2891b6159f24Mark Andrews undefined. [Dan Poirier]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) mod_remoteip: Fix a segfault when using mod_remoteip in conjunction with
ec8755f605d7dcb2de1076040e77bc2d7ec33b4aTinderbox User Allow/Deny. PR 49838. [Andrew Skalski <voltara gmail.com>]
40072ce70bc4125329addb4aaa56d18a1230bc17Automatic Updater *) core: DirectoryMatch can now match on the end of line character ($),
60d5d17479b47c03b9c7c86f54269718103750b8Automatic Updater and sub-directories of matched directories are no longer implicitly
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater matched. PR49809 [Eric Covener]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User *) Regexps: introduce new higher-level regexp utility including parsing
60d5d17479b47c03b9c7c86f54269718103750b8Automatic Updater and executing perl-style regexp ops (e.g s/foo/bar/i) and regexp memory
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) Proxy: support setting source address. PR 29404
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater [Multiple contributors iterating through bugzilla,
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater Aron Ujvari <xanco nikhok.hu>, Aleksey Midenkov <asm uezku.kemsu.ru>,
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater <dan listening-station.net; trunk version Nick Kew]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) HTTP protocol: return 400 not 503 if we have to abort due to malformed
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater chunked encoding. [Nick Kew]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic UpdaterChanges with Apache 2.3.8
19dbf2e20df03f2b81ed1f347e27718084374059Automatic Updater *) suexec: Support large log files. PR 45856. [Stefan Fritsch]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) core: Abort with sensible error message if no or more than one MPM is
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater loaded. [Stefan Fritsch]
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater *) mod_proxy: Rename erroronstatus to failonstatus.
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater [Daniel Ruggeri <DRuggeri primary.net>]
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater *) mod_dav_fs: Fix broken "creationdate" property.
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater Regression in version 2.3.7. [Rainer Jung]
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsChanges with Apache 2.3.7
7dd02af3c9350553e1d52d980a7812425b3f1295Automatic Updater *) SECURITY: CVE-2010-1452 (cve.mitre.org)
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
4fe0411487e8e4401477684c0a2bac041ca7c2d5Tinderbox User segment. PR: 49246 [Mark Drayton, Jeff Trawick]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington *) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrews [Stefan Fritsch]
01f91b9cd440833f66e7476e43659655cb52ad10Automatic Updater *) mod_rewrite: Log errors if rewrite map files cannot be opened. PR 49639.
4fe0411487e8e4401477684c0a2bac041ca7c2d5Tinderbox User [Stefan Fritsch]
4fe0411487e8e4401477684c0a2bac041ca7c2d5Tinderbox User *) mod_proxy_http: Support the 'ping' property for backend HTTP/1.1 servers
bec9d04b657e1582d2531bdc02503bebde2aa978Tinderbox User via leveraging 100-Continue as the initial "request".
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User [Jim Jagielski]
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User *) core/mod_authz_core: Introduce new access_checker_ex hook that enables
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User mod_authz_core to bypass authentication if access should be allowed by
f45f40ec2814a5ff1ed443c968772a1b2e25c462Mark Andrews IP address/env var/... [Stefan Fritsch]
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User *) core: Introduce note_auth_failure hook to allow modules to add support
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User for additional auth types. This makes ap_note_auth_failure() work with
2bd56b2684882faf74a2b29cb0914e6671d8005bTinderbox User mod_auth_digest again. PR 48807. [Stefan Fritsch]
aa49af836ce7a7a2888f5cedf4cbb14ff4dc1d11Mark Andrews *) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
a8677ecad546c955406b341eb8344ed06768b11eTinderbox User *) mod_authn_socache: new module [Nick Kew]
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark Andrews *) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews *) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]
789875a1bd6d50c00d3bd883cad17ead1d3c21cdMark Andrews *) mod_rewrite: Allow to set environment variables without explicitly
789875a1bd6d50c00d3bd883cad17ead1d3c21cdMark Andrews giving a value. [Rainer Jung]
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews *) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]
7e8129652903780873ba91f379f9ffca1f59773cMark Andrews *) mod_include: recognise "text/html; parameters" as text/html
7e8129652903780873ba91f379f9ffca1f59773cMark Andrews PR 49616 [Andrey Chernov <ache nagual.pp.ru>]
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews *) CGI vars: allow PATH to be set by SetEnv, consistent with LD_LIBRARY_PATH
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews PR 43906 [Nick Kew]
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews *) Core: Extra robustness: don't try authz and segfault if authn
3040b455151b1e1173193933664b2891b6159f24Mark Andrews fails to set r->user. Log bug and return 500 instead.
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews PR 42995 [Nick Kew]
f6ba5791728d244650c1887d8dd8ed771fd50a1dMark Andrews *) HTTP protocol filter: fix handling of longer chunk extensions
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User *) Update SSL cipher suite and add example for SSLHonorCipherOrder.
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt [Lars Eilebrecht, Rainer Jung]
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt *) move AddOutputFilterByType from core to mod_filter. This should
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt fix nasty side-effects that happen when content_type is set
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt more than once in processing a request, and make it fully
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt compatible with dynamic and proxied contents. [Nick Kew]
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt *) mod_log_config: Implement logging for sub second timestamps and
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt request end time. [Rainer Jung]
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox UserChanges with Apache 2.3.6
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt *) SECURITY: CVE-2009-3555 (cve.mitre.org)
b123be91958e0bc58a10c165be64d47661199e3bEvan Hunt mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User attack when compiled against OpenSSL version 0.9.8m or later. Introduces
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater and offer unsafe legacy renegotiation with clients which do not yet
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater support the new secure renegotiation protocol, RFC 5746.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Joe Orton, and with thanks to the OpenSSL Team]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) SECURITY: CVE-2009-3555 (cve.mitre.org)
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater by rejecting any client-initiated renegotiations. Forcibly disable
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater keepalive for the connection if there is any buffered data readable. Any
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configuration which requires renegotiation for per-directory/location
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews *) SECURITY: CVE-2010-0408 (cve.mitre.org)
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews when request headers indicate a request body is incoming; not a case of
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
be0d1ec971748020cb0382e02b4642b493ea1e7bTinderbox User *) SECURITY: CVE-2010-0425 (cve.mitre.org)
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews mod_isapi: Do not unload an isapi .dll module until the request
5b56652059e2c22185a0b2bb1f5e58eb89a44426Tinderbox User processing is completed, avoiding orphaned callback pointers.
be0d1ec971748020cb0382e02b4642b493ea1e7bTinderbox User [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
9a5217f827ac0e006016745e5305b31dc0c7767fTinderbox User *) core: Filter init functions are now run strictly once per request
e20309353e6246485c521278131d3fced73d7957Tinderbox User before handler invocation. The init functions are no longer run
e20309353e6246485c521278131d3fced73d7957Tinderbox User for connection filters. PR 49328. [Joe Orton]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) core: Adjust the output filter chain correctly in an internal
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User redirect from a subrequest, preserving filters from the main
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User request as necessary. PR 17629. [Joe Orton]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews Response if they so choose to do so. Previously an attempt to cache a 206
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews was arbitrarily allowed if the response contained an Expires or
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews Cache-Control header, and arbitrarily denied if both headers were missing.
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews [Graham Leggett]
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews *) core: Add microsecond timestamp fractions, process id and thread id
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews to the error log. [Rainer Jung]
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews *) configure: The "most" module set gets build by default. [Rainer Jung]
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews *) configure: Fix broken VPATH build when using included APR.
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews [Rainer Jung]
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews *) mod_session_crypto: Fix configure problem when building
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark Andrews with APR 2 and for VPATH builds with included APR.
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrews [Rainer Jung]
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrews *) mod_session_crypto: API compatibility with APR 2 crypto and
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrews APR Util 1.x crypto. [Rainer Jung]
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrews *) ab: Fix memory leak with -v2 and SSL. PR 49383.
3040b455151b1e1173193933664b2891b6159f24Mark Andrews [Pavel Kankovsky <peak argo troja mff cuni cz>]
d585233c52e283d9a8849f16f04f452419a2484eTinderbox User *) core: Add per-module and per-directory loglevel configuration.
d585233c52e283d9a8849f16f04f452419a2484eTinderbox User Add some more trace logging.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User mod_ssl: Replace LogLevelDebugDump with trace log levels.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User mod_dumpio: Replace DumpIOLogLevel with trace log levels.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Stefan Fritsch]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater title page only) when any mod_ldap directives were used in VirtualHost
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater context. [Eric Covener]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_disk_cache: Decline the opportunity to cache if the response is
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User a 206 Partial Content. This stops a reverse proxied partial response
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User from becoming cached, and then being served in subsequent responses.
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User [Graham Leggett]
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater *) mod_deflate: avoid the risk of forwarding data before headers are set.
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater PR 49369 [Matthew Steele <mdsteele google.com>]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_authnz_ldap: Ensure nested groups are checked when the
88d58d79c5bc7ce3c20a42461a5070116c736836Automatic Updater top-level group doesn't have any direct non-group members
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of attributes in AuthLDAPGroupAttribute. [Eric Covener]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_authnz_ldap: Search or Comparison during authorization phase
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater can use the credentials from the authentication phase
48b36fa08b2b5bc0d552dc2a4425b3f7007b3d59Automatic Updater (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 48340 [Domenico Rotiroti, Eric Covener]
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater *) mod_authnz_ldap: Allow the initial DN search during authentication
3040b455151b1e1173193933664b2891b6159f24Mark Andrews to use the HTTP username/pass instead of an anonymous or hard-coded
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Eric Covener]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User when this module is used for authorization. See AuthLDAPAuthorizePrefix.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User PR 45584 [Eric Covener]
9fa39c73fc1d8bc44fdbbb79a1d26b837e7dd555Mark Andrews *) apxs -q: Stop filtering out ':' characters from the reported values.
7f814b8b164ae04916a8487cdc5e88ee3ff51a58Automatic Updater PR 45343. [Bill Cole]
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt *) prefork MPM: Work around possible crashes on child exit in APR reslist
3040b455151b1e1173193933664b2891b6159f24Mark Andrews cleanup code. PR 43857. [Tom Donovan]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater [Bryn Dole <dole blekko.com>]
1959fd489a8832e4e3d311670f64ae18e5d08156Automatic Updater *) Log an error for failures to read a chunk-size, and return 408 instead of
3040b455151b1e1173193933664b2891b6159f24Mark Andrews 413 when this is due to a read timeout. This change also fixes some cases
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User of two error documents being sent in the response for the same scenario.
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt [Eric Covener] PR49167
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User to control/set the nonce used in the balancer-manager application.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User [Jim Jagielski]
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
8bc194b266a17f89e6c54469d4dfbb408070f39eMark Andrews [Stefan Fritsch]
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark Andrews *) Proxy balancer: support setting error status according to HTTP response
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
7addb3e8b5cf6e0c4df0e3cb8135aa71269f0261Tinderbox User *) htcacheclean: Introduce the ability to clean specific URLs from the
3040b455151b1e1173193933664b2891b6159f24Mark Andrews cache, if provided as an optional parameter on the command line.
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater [Graham Leggett]
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater *) core: Introduce the IncludeStrict directive, which explicitly fails
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User server startup if no files or directories match a wildcard path.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User [Graham Leggett]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) htcacheclean: Report additional statistics about entries deleted.
90b25b84f037ec923efaee84d2c0dc599293d04eTinderbox User PR 48944. [Mark Drayton mark markdrayton.info]
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark Andrews *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark Andrews builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark Andrews build of openssl is required for 'SSLFIPS on'. PR 46270.
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark Andrews [Dr Stephen Henson <steve openssl.org>, William Rowe]
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark Andrews *) mod_proxy_http: Log the port of the remote server in various messages.
e6fc17ec5ad5ba1c4bf5730b2b97c82d1f2b8f3cMark Andrews PR 48812. [Igor Galić <i galic brainsware org>]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupont connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupont *) mod_proxy_ajp: Really regard the operation a success, when the client
4dca64bb8991502db368028aeeba2f832d3b971dAutomatic Updater aborted the connection. In addition adjust the log message if the client
e5bf83fe0bbca838a0749e9071bd76d9ee0fb59bFrancis Dupont aborted the connection. [Ruediger Pluem]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater allows insecure renegotiation with clients which do not yet
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater support the secure renegotiation protocol. [Joe Orton]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater is configured for client cert auth. PR 46952. [Joe Orton]
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User *) core: Only log a 408 if it is no keepalive timeout. PR 39785
7169f76a893666eb20fc7750782e7f411db742d6Tinderbox User [Ruediger Pluem, Mark Montague <markmont umich.edu>]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater *) support/rotatelogs: Add -L option to create a link to the current
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater setting only, matching most of the documentation and examples.
2ba8f584b97cbab864570e38fd26b8cb90961428Tinderbox User PR 46541 [Paul Reder, Eric Covener]
ead8aa3182c5805fccb6c7c1636cede6a24a5fc1Automatic Updater *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
3040b455151b1e1173193933664b2891b6159f24Mark Andrews types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
2ba8f584b97cbab864570e38fd26b8cb90961428Tinderbox User *) mod_negotiation: Preserve query string over multiviews negotiation.
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt This buglet was fixed for type maps in 2.2.6, but the same issue
3040b455151b1e1173193933664b2891b6159f24Mark Andrews affected multiviews and was overlooked.
2ba8f584b97cbab864570e38fd26b8cb90961428Tinderbox User PR 33112 [Joergen Thomsen <apache jth.net>]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User when some are not password-protected. [Eric Covener]
e20309353e6246485c521278131d3fced73d7957Tinderbox User *) Fix startup segfault when the Mutex directive is used but no loaded
3040b455151b1e1173193933664b2891b6159f24Mark Andrews modules use httpd mutexes. PR 48787. [Jeff Trawick]
665ba746c0585088d0c314dcfc4671aa2c7b2dc1Automatic Updater *) Proxy: get the headers right in a HEAD request with
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater ProxyErrorOverride, by checking for an overridden error
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater before not after going into a catch-all code path.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 41646. [Nick Kew, Stuart Children]
50fa300826799727204b93cbe63bebc341c5eadeTinderbox User *) support/rotatelogs: Support the simplest log rotation case, log
50fa300826799727204b93cbe63bebc341c5eadeTinderbox User truncation. Useful when the log is being processed in real time
da82e232161d67b77df2d67898bdac693f647be1Automatic Updater using a command like tail. [Graham Leggett]
2da2220fe7af2c45724b50b0187523b1fab0cf08Rob Austein *) support/htcacheclean: Teach it how to write a pid file (modelled on
3040b455151b1e1173193933664b2891b6159f24Mark Andrews httpd's writing of a pid file) so that it becomes possible to run
e171a4137c6ba348957e61b7c4c3541493c0da02Automatic Updater more than one instance of htcacheclean on the same machine.
c53a6f37deaa396660adb6a4ca600c4a58adfd3fAutomatic Updater [Graham Leggett]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Log command line on startup, so there's a record of command line
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater arguments like -f. PR 48752. [Dan Poirier]
19ad308d84cbf446a144e5a91f2032389a9d65c1Tinderbox User *) Introduce mod_reflector, a handler capable of reflecting POSTed
b3386fba31414344f38f0c30849c056dceb22dceTinderbox User request bodies back within the response through the output filter
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater stack. Can be used to turn an output filter into a web service.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Graham Leggett]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater *) mod_proxy_http: Make sure that when an ErrorDocument is served
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater from a reverse proxied URL, that the subrequest respects the status
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater of the original request. This brings the behaviour of proxy_handler
af9cf290cea6ada6ce27b51c724ab77ad5d73fa0Tinderbox User in line with default_handler. PR 47106. [Graham Leggett]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User *) Support wildcards in both the directory and file components of
6671e343b8c7e44ac10a7900fde59555fbc71571Automatic Updater the path specified by the Include directive. [Graham Leggett]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater *) mod_proxy, mod_proxy_http: Support remote https proxies
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater by using HTTP CONNECT. PR 19188.
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater [Philip M. Gollucci]
99c231a3bd27893583204cd0a3e3103dc78dbc28Tinderbox User *) worker: Don't report server has reached MaxClients until it has.
4104e236f71eb5108fcfda6711878a97f6f4a8e7Automatic Updater Add message when server gets within MinSpareThreads of MaxClients.
4104e236f71eb5108fcfda6711878a97f6f4a8e7Automatic Updater PR 46996. [Dan Poirier]
50fa300826799727204b93cbe63bebc341c5eadeTinderbox User *) mod_session: Session expiry was being initialised, but not updated
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater on each session save, resulting in timed out sessions when there
7af91d15b2ce1ce32f7320f6d5cc3b83621c241aAutomatic Updater should not have been. Fixed. [Graham Leggett]
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews *) mod_log_config: Add the R option to log the handler used within the
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews request. [Christian Folini <christian.folini netnea com>]
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater *) mod_include: Allow fine control over the removal of Last-Modified and
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater ETag headers within the INCLUDES filter, making it possible to cache
664917bedafa65dee4349c84324a31731aa1e228Francis Dupont responses if desired. Fix the default value of the SSIAccessEnable
c53a6f37deaa396660adb6a4ca600c4a58adfd3fAutomatic Updater directive. [Graham Leggett]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User *) Add new UnDefine directive to undefine a variable. PR 35350.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User [Stefan Fritsch]
50fa300826799727204b93cbe63bebc341c5eadeTinderbox User *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater for regex backreferences as mod_rewrite and mod_include: Remove the use
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater of '&' as an alias for '$0' and allow to escape any character with a
e20309353e6246485c521278131d3fced73d7957Tinderbox User backslash. PR 48351. [Stefan Fritsch]
e20309353e6246485c521278131d3fced73d7957Tinderbox User *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
3040b455151b1e1173193933664b2891b6159f24Mark Andrews password to UTF-8. PR 45318.
e628576d3b3d91c8954679077f4c208f1e43b433Automatic Updater [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
e628576d3b3d91c8954679077f4c208f1e43b433Automatic Updater *) ab: Fix calculation of requests per second in HTML output. PR 48594.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews [Stefan Fritsch]
9d80d23172c30fd63e5046a7e69b8445e564ff31Automatic Updater *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
1f4c645185bd8fc70048e0a69eee46193a284e5cTinderbox User password now result in an informational level log entry instead of
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews warning level. [Eric Covener]
91d187ce035f39073f0732ff2a401a45c3c955fbMark AndrewsChanges with Apache 2.3.5
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews *) SECURITY: CVE-2010-0434 (cve.mitre.org)
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews Ensure each subrequest has a shallow copy of headers_in so that the
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews parent request headers are not corrupted. Eliminates a problematic
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews optimization in the case of no request body. PR 48359
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews [Jake Scott, William Rowe, Ruediger Pluem]
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews *) Turn static function get_server_name_for_url() into public
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews ap_get_server_name_for_url() and use it where appropriate. This
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews fixes mod_rewrite generating invalid URLs for redirects to IPv6
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews literal addresses. [Stefan Fritsch]
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews for LDAP operations like bind and search. [Stefan Fritsch]
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews mod_proxy_ftp. [Takashi Sato]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User mod_proxy_connect. [Takashi Sato]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_cache: Do an exact match of the keys defined by
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User CacheIgnoreURLSessionIdentifiers against the querystring instead of
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User a partial match. PR 48401.
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
61932ed91732417e05c8c6fd335acf1be896c778Mark Andrews *) Core HTTP: disable keepalive when the Client has sent
3040b455151b1e1173193933664b2891b6159f24Mark Andrews Expect: 100-continue
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User but we respond directly with a non-100 response.
3a988722ad9e209ba4064604d482dc4efe0e19ebTinderbox User Keepalive here led to data from clients continuing being treated as
3040b455151b1e1173193933664b2891b6159f24Mark Andrews a new request.
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User PR 47087 [Nick Kew]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) Core: reject NULLs in request line or request headers.
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User PR 43039 [Nick Kew]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) Core: (re)-introduce -T commandline option to suppress documentroot
e80c7005e3d59dfeb04dad186d36f3c15622954cTinderbox User check at startup.
08190bd4d89153cee463b34f9233ad6dd88965fcMark Andrews PR 41887 [Jan van den Berg <janvdberg gmail.com>]
08190bd4d89153cee463b34f9233ad6dd88965fcMark Andrews *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
08190bd4d89153cee463b34f9233ad6dd88965fcMark Andrews ScanHTMLTitles, ReadmeName, HeaderName
08190bd4d89153cee463b34f9233ad6dd88965fcMark Andrews PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
08190bd4d89153cee463b34f9233ad6dd88965fcMark Andrews *) Proxy: Fix ProxyPassReverse with relative URL
08190bd4d89153cee463b34f9233ad6dd88965fcMark Andrews Derived (slightly erroneously) from PR 38864 [Nick Kew]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_headers: align Header Edit with Header Set when used on Content-Type
3040b455151b1e1173193933664b2891b6159f24Mark Andrews PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews *) mod_headers: Enable multi-match-and-replace edit option
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews PR 46594 [Nick Kew]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews *) mod_filter: enable it to act on non-200 responses.
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews PR 48377 [Nick Kew]
48dfee71508886d86fe8fb12f91961b5daf3141dMark AndrewsChanges with Apache 2.3.4
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews and WatchdogMutexPath with a single Mutex directive. Add APIs to
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews simplify setup and user customization of APR proc and global mutexes.
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User *) http_core: KeepAlive no longer accepts other than On|Off.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User [Takashi Sato]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
f09f1bf18e3ad40a0e8a6cc3dabf1c11f04992cbMark Andrews [Jeff Trawick]
48dfee71508886d86fe8fb12f91961b5daf3141dMark Andrews *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User try other providers in the case of an LDAP bind failure.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User *) Build: fix --with-module to work as documented
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User PR 43881 [Gez Saunders <gez.saunders virgin.net>]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox UserChanges with Apache 2.3.3
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) SECURITY: CVE-2009-3095 (cve.mitre.org)
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater mod_proxy_ftp: sanity check authn credentials.
f09f1bf18e3ad40a0e8a6cc3dabf1c11f04992cbMark Andrews [Stefan Fritsch <sf fritsch.de>, Joe Orton]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) SECURITY: CVE-2009-3094 (cve.mitre.org)
3040b455151b1e1173193933664b2891b6159f24Mark Andrews mod_proxy_ftp: NULL pointer dereference on error paths.
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater [Stefan Fritsch <sf fritsch.de>, Joe Orton]
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
6025cbbe8408f4b09d53d5ec1e95cb6da97e0a8dTinderbox User OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews *) mod_dav: Include uri when logging a PUT error due to connection abort.
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews PR 38149. [Stefan Fritsch]
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater (a COPY request where the parent of the destination resource does not
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater exist). PR 39299. [Stefan Fritsch]
166c467a9414778bdd0f2a1e4a32220843c0fde3Tinderbox User *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 42896. [Stefan Fritsch]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
166c467a9414778bdd0f2a1e4a32220843c0fde3Tinderbox User old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
e007e3e5b0316c6c05698a71101885743aca22bdAutomatic Updater *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
e007e3e5b0316c6c05698a71101885743aca22bdAutomatic Updater creating files. On systems with inode numbers, this is a format change of
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews the DavLockDB. The old DavLockDB must be deleted on upgrade.
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews [Stefan Fritsch]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) mod_log_config: Make ${cookie}C correctly match whole cookie names
3e9c07abfd4ad76b1f8085f0f96f5646f2d9e219Tinderbox User instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews Stefan Fritsch]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) vhost: A purely-numeric Host: header should not be treated as a port.
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews PR 44979 [Nick Kew]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews LDAPReferralHopLimit is explicitly configured.
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews [Eric Covener]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews [Eric Covener]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) mod_ssl: Add support for OCSP Stapling. PR 43822.
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews [Dr Stephen Henson <shenson oss-institute.org>]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) mod_socache_shmcb: Allow parens in file name if cache size is given.
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews Fixes SSLSessionCache directive mis-parsing parens in pathname.
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews PR 47945. [Stefan Fritsch]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) mod_sed: Reduce memory consumption when processing very long lines.
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) ab: Fix segfault in case the argument for -n is a very large number.
3e9c07abfd4ad76b1f8085f0f96f5646f2d9e219Tinderbox User PR 47178. [Philipp Hagemeister <oss phihag.de>]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews [Stefan Fritsch]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews for worker MPM. [Takashi Sato]
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
95de440e8d2b07bb130505b4146059e5734e2eeaTinderbox User Brian France <brian brianfrance.com>]
3e9c07abfd4ad76b1f8085f0f96f5646f2d9e219Tinderbox User *) Build: Use install instead of cp if available on installing
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_cache: correctly consider s-maxage in cacheability
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater decisions. [Dan Poirier]
bbf7c3fd96ae5e02cb84743c581862e35327032aAutomatic Updater *) mod_logio/core: Report more accurate byte counts in mod_status if
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater mod_logio is loaded. PR 25656. [Stefan Fritsch]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User some cache entries and log a warning. Also increase the default
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User LDAPSharedCacheSize to 500000. This is a more realistic size suitable
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews PR 46749. [Stefan Fritsch]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
95cfad51a3f71246d263af79a7861a6821f7a0beAutomatic Updater Location section, in line with how ProxyPass works. [Graham Leggett]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_reqtimeout: New module to set timeouts and minimum data rates for
e80c7005e3d59dfeb04dad186d36f3c15622954cTinderbox User receiving requests from the client. [Stefan Fritsch]
bec9d04b657e1582d2531bdc02503bebde2aa978Tinderbox User *) core: Fix potential memory leaks by making sure to not destroy
0e91f17da8a29086876a88962e0a3482094b6057Evan Hunt bucket brigades that have been created by earlier filters.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews [Stefan Fritsch]
99c231a3bd27893583204cd0a3e3103dc78dbc28Tinderbox User *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
3040b455151b1e1173193933664b2891b6159f24Mark Andrews brigades in several places. [Stefan Fritsch]
6fd5f289d8455283fad33d1051e6fbaa3bec43d5Tinderbox User *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
08d53af7d51409036462fa80fb1bde7a8c2ac123Automatic Updater match by scheme, or by a wildcarded hostname. PR 40169
08d53af7d51409036462fa80fb1bde7a8c2ac123Automatic Updater [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
ec7751119a08c6a7250f3187beed69a8b836d349Tinderbox User *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
6fd5f289d8455283fad33d1051e6fbaa3bec43d5Tinderbox User on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater *) mod_mime: Make RemoveType override the info from TypesConfig.
5ecad47f69b3fd945472ab2900a9ff826a7ce2f6Automatic Updater PR 38330. [Stefan Fritsch]
07d9d0dbcc0c79deb3c34f4a8af05ac68a6800e4Mark Andrews *) mod_cache: Introduce the option to run the cache from within the
a66012b52c20200f118781463db4e4ee44454298Automatic Updater normal request handler, and to allow fine grained control over
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt where in the filter chain content is cached. [Graham Leggett]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) core: Treat timeout reading request as 408 error, not 400.
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater Log 408 errors in access log as was done in Apache 1.3.x.
18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox User PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User Stefan Fritsch <sf fritsch.de>, Dan Poirier]
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater [Peter Sylvester <peter.sylvester edelweb.fr>]
18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox User *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
2fd1e3918971180155c10d09454a277f015daecaAutomatic Updater PR15866. [Dan Poirier]
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User *) ab: ab segfaults in verbose mode on https sites
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User PR46393. [Ryan Niebur]
18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox User *) mod_dav: Allow other modules to become providers and add resource types
18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox User to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User Brian France <brian brianfrance.com>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_dav: Allow other modules to add things to the DAV or Allow headers
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Brian France <brian brianfrance.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) core: Lower memory usage of core output filter.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Stefan Fritsch <sf sfritsch.de>]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
c2abd6efeb9affa70aabb63da2acb23e135cf7f2Mark Andrews LocationMatch sections. PR47754. [Dan Poirier]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User *) mod_request: Make sure the KeptBodySize directive rejects values
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User that aren't valid numbers. [Graham Leggett]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User *) mod_session_crypto: Sanity check should the potentially encrypted
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User session cookie be too short. [Graham Leggett]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_session.c: Prevent a segfault when session is added but not
c2abd6efeb9affa70aabb63da2acb23e135cf7f2Mark Andrews configured. [Graham Leggett]
85b52a5959291f5014442814488ccb267cdea369Tinderbox User *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_auth_digest: Fail server start when nonce count checking
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews is configured without shared memory, or md5-sess algorithm is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater configured. [Dan Poirier]
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater *) mod_proxy_connect: The connect method doesn't work if the client is
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater connecting to the apache proxy through an ssl socket. Fixed.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
d145b64cacc8d9cda51f9924ec70cd4661c3e2cfAutomatic Updater Kevin Croft, Rudolf Cardinal]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_ssl: The error message when SSLCertificateFile is missing should
85b52a5959291f5014442814488ccb267cdea369Tinderbox User at least give the name or position of the problematic virtual host
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User definition. [Stefan Fritsch sf sfritsch.de]
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrews *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_headers: generalise the envclause to support expression
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater evaluation with ap_expr parser [Nick Kew]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
3040b455151b1e1173193933664b2891b6159f24Mark Andrews the flood of requests at bay that strike a backend webserver as
3040b455151b1e1173193933664b2891b6159f24Mark Andrews a cached entity goes stale. [Graham Leggett]
52cfbde0bd391cfb37e3c1a1b460c16ba6bf1a73Automatic Updater *) mod_auth_digest: Fix usage of shared memory and re-enable it.
4fda24d843edac463c98785ec0c850d912592dc1Tinderbox User PR 16057 [Dan Poirier]
24e0e8d17df315d5d494ca933874e545eadce773Automatic Updater *) Preserve Port information over internal redirects
4fda24d843edac463c98785ec0c850d912592dc1Tinderbox User PR 35999 [Jonas Ringh <jonas.ringh cixit.se>]
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
3040b455151b1e1173193933664b2891b6159f24Mark Andrews rather than BAD_GATEWAY or (especially) NOT_FOUND.
4fda24d843edac463c98785ec0c850d912592dc1Tinderbox User PR 46971 [evanc nortel.com]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) Various modules: Do better checking of pollset operations in order to
31a540386a9abaf681d8952f1b2cdf5c75a0ba6cAutomatic Updater avoid segmentation faults if they fail. PR 46467
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews [Stefan Fritsch <sf sfritsch.de>]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_autoindex: Correctly create an empty cell if the description
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) ab: Fix broken error messages after resolver or connect() failures.
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater [Jeff Trawick]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater *) SECURITY: CVE-2009-1890 (cve.mitre.org)
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater Fix a potential Denial-of-Service attack against mod_proxy in a
0c7657e9302e7f9a8fe4f32fe561dc7e7e7ee6b5Automatic Updater reverse proxy configuration, where a remote attacker can force a
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
dcff0bfce2963a14e5af5774fd8901a42f18c720Tinderbox User *) SECURITY: CVE-2009-1191 (cve.mitre.org)
3040b455151b1e1173193933664b2891b6159f24Mark Andrews mod_proxy_ajp: Avoid delivering content from a previous request which
12ee3c02ab36d7e7430bd705cc289db1a69a5733Mark Andrews failed to send a request body. PR 46949 [Ruediger Pluem]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) htdbm: Fix possible buffer overflow if dbm database has very
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater long values. PR 30586 [Dan Poirier]
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews *) core: Return APR_EOF if request body is shorter than the length announced
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
8ccd7da886e93cd490fcb6f4c4e98a6514f35820Automatic Updater *) mod_suexec: correctly set suexec_enabled when httpd is run by a
cd839f5cf5f84cf163f55ff05cb88ce37efd24d1Automatic Updater non-root user and may have insufficient permissions.
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews PR 42175 [Jim Radford <radford blackbean.org>]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt type. PR 45107. [Michael Ströder <michael stroeder.com>,
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_proxy_http: fix case sensitivity checking transfer encoding
d642d3857129678797a01adee14fbd70335b05a9Mark Andrews PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
fd8fb4df8499e292daeac765f599ac7c507d9ca3Mark Andrews *) mod_alias: ensure Redirect issues a valid URL.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater *) mod_dir: add FallbackResource directive, to enable admin to specify
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater an action to happen when a URL maps to no file, without resorting
3040b455151b1e1173193933664b2891b6159f24Mark Andrews to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
f9119ad8f6114b2255e7545bf5cd187f4db0a89bAutomatic Updater CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_rewrite: Remove locking for writing to the rewritelog.
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater PR 46942 [Dan Poirier <poirier pobox.com>]
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater *) mod_alias: check sanity in Redirect arguments.
c95f536d78842fbc8ebcef653d88e1f2270054f8Automatic Updater PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
45c349c278fd83acd4dcb91eec3482401a623e47Automatic Updater defined session identifiers encoded in the URL when caching.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews [Ruediger Pluem]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_rewrite: Fix the error string returned by RewriteRule.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
bf8c3776f1bf1a1270e5e0443ae5a8df022632a8Mark Andrews argument of RewriteRule was not started with "[" or not ended with "]".
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) Windows: Fix usage message.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews [Rainer Jung]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) apachectl: When passing through arguments to httpd in
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews non-SysV mode, use the "$@" syntax to preserve arguments.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews [Eric Covener]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater be run when a connection is opened. PR 46827
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater [Marko Kevac <mkevac gmail.com>]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater PR 47037. [Jeff Trawick]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater protocol. [Mladen Turk]
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater *) mod_proxy_ajp: Forward remote port information by default.
3040b455151b1e1173193933664b2891b6159f24Mark Andrews [Rainer Jung]
560d6da48f066000541dd43f5d407644dee12bebTinderbox User *) Allow MPMs to be loaded dynamically, as with most other modules. Use
9bc394fffdd50f6e47614b2d317da7274122366fTinderbox User --enable-mpms-shared={list|"all"} to enable. This required changes to
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed
3040b455151b1e1173193933664b2891b6159f24Mark Andrews header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
560d6da48f066000541dd43f5d407644dee12bebTinderbox User ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews called until after the register-hooks phase. [Jeff Trawick]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater to enable stricter checking of remote server certificates.
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater [Ruediger Pluem]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater returns EINPROGRESS and a subsequent poll() returns only POLLERR.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater Observed on HP-UX. [Eric Covener]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater *) Remove broken support for BeOS, TPF, and even older platforms such
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User as A/UX, Next, and Tandem. [Jeff Trawick]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User globbing characters to be retrieved instead of converted into a
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
e0bf4fc289705375be65c05a8fb085d514a98c97Tinderbox User of module state across unload/load. [Jeff Trawick]
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater *) mod_substitute: Fix a memory leak. PR 44948
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User [Dan Poirier <poirier pobox.com>]
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic UpdaterChanges with Apache 2.3.2
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User HTML injections and HTTP response splitting. PR 46837.
2cdbfcdad94eba75f3f8e77343a0eefabf553b8eAutomatic Updater [Geoff Keating <geoffk apple.com>]
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
3040b455151b1e1173193933664b2891b6159f24Mark Andrews development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User *) ab: Fix maintenance of the pollset to resolve EALREADY errors
f42fc714eda962112e45b904d1f846c61a080114Automatic Updater with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
4d813066e967a36c407ee641155ada0c614d4dc6Automatic Updater PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
dbd021853bb1cd6ab128e8da8865f5965030aedcTinderbox User pollset implementations. [Jeff Trawick]
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User *) mod_disk_cache: The module now turns off sendfile support if
44e3b272904bfd85556771d30cf1bc6fa539dd03Automatic Updater 'EnableSendfile off' is defined globally. [Lars Eilebrecht]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_deflate: Adjust content metadata before bailing out on 304
3040b455151b1e1173193933664b2891b6159f24Mark Andrews responses so that the metadata does not differ from 200 response.
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User [Roy T. Fielding]
d98b4b724343547314bde32a54966c8f124a5f03Mark Andrews *) mod_deflate: Fix creation of invalid Etag headers. We now make sure
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User that the Etag value is properly quoted when adding the gzip marker.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User *) Added 20x22 icons for ODF, SVG, and XML documents. PR 37185.
3040b455151b1e1173193933664b2891b6159f24Mark Andrews [Peter Harlow]
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User *) Disabled DefaultType directive and removed ap_default_type()
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews from core. We now exclude Content-Type from responses for which
3040b455151b1e1173193933664b2891b6159f24Mark Andrews a media type has not been configured via mime.types, AddType,
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews ForceType, or some other mechanism. PR 13986. [Roy T. Fielding]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews *) mod_rewrite: Add IPV6 variable to RewriteCond
e8e87ede5c36b95806c77bcd34894ad9c4b39a78Tinderbox User [Ryan Phillips <ryan-apache trolocsis.com>]
e8e87ede5c36b95806c77bcd34894ad9c4b39a78Tinderbox User *) core: Enhance KeepAliveTimeout to support a value in milliseconds.
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews PR 46275. [Takashi Sato]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews *) rotatelogs: Allow size units B, K, M, G and combination of
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews time and size based rotation. [Rainer Jung]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews *) core: Translate the the status line to ASCII on EBCDIC platforms in
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews ap_send_interim_response() and for locally generated "100 Continue"
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews responses. [Eric Covener]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews *) prefork: Fix child process hang during graceful restart/stop in
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt configurations with multiple listening sockets. PR 42829. [Joe Orton,
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews Jeff Trawick]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_session_crypto: Ensure that SessionCryptoDriver can only be
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews set in the global scope. [Graham Leggett]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews *) mod_ext_filter: We need to detect failure to startup the filter
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews program (a mangled response is not acceptable). Fix to detect
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews failure, and offer configuration option either to abort or
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews to remove the filter and continue.
d98b4b724343547314bde32a54966c8f124a5f03Mark Andrews PR 41120 [Nick Kew]
015f044f7f916eb18d053f2e5dcbee481425bc66Mark Andrews *) mod_session_crypto: Rewrite the session_crypto module against the
e7d35dad55e8deae14f29aabfb20d540b4b6ab3dMark Andrews apr_crypto API. [Graham Leggett]
e7d35dad55e8deae14f29aabfb20d540b4b6ab3dMark Andrews *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest
015f044f7f916eb18d053f2e5dcbee481425bc66Mark Andrews until the main request is cleaned up. [Graham Leggett]
609b8d08176469485edce25f3c2f50365bbd3819Mark AndrewsChanges with Apache 2.3.1
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews *) ap_slotmem: Add in new slot-based memory access API impl., including
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews 2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski,
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews Jean-Frederic Clere, Brian Akins <brian.akins turner.com>]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews *) mod_include: support generating non-ASCII characters as entities in SSI
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews PR 25202 [Nick Kew]
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
609b8d08176469485edce25f3c2f50365bbd3819Mark Andrews PR 25202 [Nick Kew]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_rewrite: fix "B" flag breakage by reverting r5589343
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) CGI: return 504 (Gateway timeout) rather than 500 when a script
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews times out before returning status line/headers.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews PR 42190 [Nick Kew]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_cgid: fix segfault problem on solaris.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_proxy_scgi: Added. [André Malo]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_cache: Introduce 'no-cache' per-request environment variable
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews to prevent the saving of an otherwise cacheable response.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews [Eric Covener]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews way that per-directory rewrites append the previous notion of PATH_INFO
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews to each substitution before evaluating subsequent rules.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews PR 38642 [Eric Covener]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_cgid: Do not add an empty argument when calling the CGI script.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews PR 46380 [Ruediger Pluem]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) scoreboard: Remove unused sb_type from process_score.
bbd726b86a5b0f97a192b6027958dc7b763dc48bTinderbox User [Torsten Foertsch <torsten.foertsch gmx.net>, Chris Darroch]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater size of the buffer used for the request-body where necessary
16f6050f29b6b0422cee858e609f65e474e70ef2Tinderbox User during a per-dir renegotiation. PR 39243. [Joe Orton]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) mod_proxy_fdpass: New module to pass a client connection over to a separate
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews process that is reading from a unix daemon socket.
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews *) mod_ssl: Improve environment variable extraction to be more
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews efficient and to correctly handle DNs with duplicate tags.
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews PR 45975. [Joe Orton]
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews *) Remove the obsolete serial attribute from the RPM spec file. Compile
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews against the external pcre. Add missing binaries fcgistarter, and
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews mod_socache* and mod_session*. [Graham Leggett]
3040b455151b1e1173193933664b2891b6159f24Mark AndrewsChanges with Apache 2.3.0
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews *) Remove X-Pad header which was added as a work around to a bug in
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews Netscape 2.x to 4.0b2. [Takashi Sato <takashi lans-tv.com>]
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews *) Add DTrace Statically Defined Tracing (SDT) probes.
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews [Theo Schlossnagle <jesus omniti.com>, Paul Querna]
351eca011cf38fd3272b325029afce144a9a1ebaMark Andrews *) mod_proxy_balancer: Move all load balancing implementations
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews as individual, self-contained mod_proxy submodules under
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) Rename APIs to include ap_ prefix:
d46a3a2f7c1032c947b7bfde6e08010442645139Tinderbox User find_child_by_pid -> ap_find_child_by_pid
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User suck_in_APR -> ap_suck_in_APR
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User sys_privileges_handlers -> ap_sys_privileges_handlers
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews unixd_accept -> ap_unixd_accept
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews unixd_config -> ap_unixd_config
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews unixd_killpg -> ap_unixd_killpg
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews unixd_set_rlimit -> ap_unixd_set_rlimit
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews [Paul Querna]
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater based on heartbeats. [Paul Querna]
ff8ec39ce4afc2d774ce99f2386474d2c8539cd4Automatic Updater *) mod_heartmonitor: New module to collect heartbeats, and write out a file
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews so that other modules can load balance traffic as needed. [Paul Querna]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_heartbeat: New module to generate multicast heartbeats to know if a
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User server is online. [Paul Querna]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_buffer: Honour the flush bucket and flush the buffer in the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater input filter. Make sure that metadata buckets are written to
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User the buffer, not to the final brigade. [Graham Leggett]
9a5217f827ac0e006016745e5305b31dc0c7767fTinderbox User *) mod_buffer: Optimise the buffering of heap buckets when the heap
9a5217f827ac0e006016745e5305b31dc0c7767fTinderbox User buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
9a5217f827ac0e006016745e5305b31dc0c7767fTinderbox User Ruediger Pluem]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_buffer: Optional support for buffering of the input and output
3040b455151b1e1173193933664b2891b6159f24Mark Andrews filter stacks. Can collapse many small buckets into fewer larger
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater buckets, and prevents excessively small chunks being sent over
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater the wire. [Graham Leggett]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) mod_privileges: new module to make httpd on Solaris privileges-aware
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater and to enable different virtualhosts to run with different
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater privileges and Unix user/group IDs [Nick Kew]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) mod_mem_cache: this module has been removed. [William Rowe]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) authn/z: Remove mod_authn_default and mod_authz_default.
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater [Chris Darroch]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) authz: Fix handling of authz configurations, make default authz
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater directives. [Chris Darroch]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) mod_authn_core: Prevent crash when provider alias created to
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater provider which is not yet registered. [Chris Darroch]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) mod_authn_core: Add AuthType of None to support disabling
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater authentication. [Chris Darroch]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) core: Allow <Limit> and <LimitExcept> directives to nest, and
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater constrain their use to conform with that of other access control
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater and authorization directives. [Chris Darroch]
8aa53dcb1d26277e8e805464bfff7bb7136f60cbAutomatic Updater *) unixd: turn existing code into a module, and turn the set user/group
3040b455151b1e1173193933664b2891b6159f24Mark Andrews and chroot into a child_init function. [Nick Kew]
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt *) mod_dir: Support "DirectoryIndex disabled"
3040b455151b1e1173193933664b2891b6159f24Mark Andrews Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User *) mod_authnz_ldap: don't return NULL-valued environment variables to
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User *) Don't adjust case in pathname components that are not of interest
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User to mod_mime. Fixes mod_negotiation's use of such components.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) Be tolerant in what you accept - accept slightly broken
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User status lines from a backend provided they include a valid status code.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User PR 44995 [Rainer Jung <rainer.jung kippdata.de>]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) New module mod_sed: filter Request/Response bodies through sed
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Basant Kumar Kukreja <basant.kukreja sun.com>]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User *) mod_auth_form: Make sure that basic authentication is correctly
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater faked directly after login. [Graham Leggett]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User within the output headers and error output headers, so that the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User session is maintained across redirects. [Graham Leggett]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_auth_form: Make sure the logged in user is populated correctly
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews after a form login. Fixes a missing REMOTE_USER variable directly
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater following a login. [Graham Leggett]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_session_cookie: Make sure that cookie attributes are correctly
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater included in the blank cookie when cookies are removed. This fixes an
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater inability to log out when using mod_auth_form. [Graham Leggett]
a5636b773fa05a272b6876afd99309c0b3090e2fMark Andrews *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
3040b455151b1e1173193933664b2891b6159f24Mark Andrews null value. [David Shane Holden <dpejesh apache.org>]
95de440e8d2b07bb130505b4146059e5734e2eeaTinderbox User *) core, authn/z: Determine registered authn/z providers directly in
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews ap_setup_auth_internal(), which allows optional functions that just
3040b455151b1e1173193933664b2891b6159f24Mark Andrews wrapped ap_list_provider_names() to be removed from authn/z modules.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews [Chris Darroch]
5b4ef313da4283079786e516b4b07a1691e1dc50Mark Andrews *) authn/z: Convert common provider version strings to macros.
3040b455151b1e1173193933664b2891b6159f24Mark Andrews [Chris Darroch]
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews *) core: When testing for slash-terminated configuration paths in
3040b455151b1e1173193933664b2891b6159f24Mark Andrews ap_location_walk(), don't look past the start of an empty string
3040b455151b1e1173193933664b2891b6159f24Mark Andrews such as that created by a <Location ""> directive.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User [Chris Darroch]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) core, mod_proxy: If a kept_body is present, it becomes safe for
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User subrequests to support message bodies. Make sure that safety
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User checks within the core and within the proxy are not triggered
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User when kept_body is present. This makes it possible to embed
3040b455151b1e1173193933664b2891b6159f24Mark Andrews proxied POST requests within mod_include. [Graham Leggett]
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater *) mod_auth_form: Make sure the input filter stack is properly set
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater up before reading the login form. Make sure the kept body filter
8f536463f9fdfa7da6a8310e4f4895373beb2961Mark Andrews is correctly inserted to ensure the body can be read a second
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User time safely should the authn be successful. [Graham Leggett,
f7a71eef29bcbf892270460269c79664f600cffdAutomatic Updater Ruediger Pluem]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_request: Insert the KEPT_BODY filter via the insert_filter
3040b455151b1e1173193933664b2891b6159f24Mark Andrews hook instead of during fixups. Add a safety check to ensure the
c5f7f6aa6c51d35353a9485b32abbabfe8358b4eMark Andrews filters cannot be inserted more than once. [Graham Leggett,
dcd42a39d311b44877161ffd1e27fa62700c0171Mark Andrews Ruediger Pluem]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) ap_cache_cacheable_headers_out() will (now) always
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater merge an error headers _before_ clearing them and _before_
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater merging in the actual entity headers and doing normal
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater hop-by-hop cleansing. [Dirk-Willem van Gulik].
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) cache: retire ap_cache_cacheable_hdrs_out() which was used
3f68e9c0e5a6ce475d15eef04bfed9b08a22afa9Tinderbox User for both in- and out-put headers; and replace it by a single
3f68e9c0e5a6ce475d15eef04bfed9b08a22afa9Tinderbox User ap_cache_cacheable_headers() wrapped in a in- and out-put
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater specific ap_cache_cacheable_headers_in()/out(). The latter
3f68e9c0e5a6ce475d15eef04bfed9b08a22afa9Tinderbox User which will also merge error and ensure content-type. To keep
3f68e9c0e5a6ce475d15eef04bfed9b08a22afa9Tinderbox User cache modules consistent with ease. This API change bumps
3040b455151b1e1173193933664b2891b6159f24Mark Andrews up the minor MM by one [Dirk-Willem van Gulik].
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) Move the KeptBodySize directive, kept_body filters and the
c5f7f6aa6c51d35353a9485b32abbabfe8358b4eMark Andrews ap_parse_request_body function out of the http module and into a
c5f7f6aa6c51d35353a9485b32abbabfe8358b4eMark Andrews new module called mod_request, reducing the size of the core.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User [Graham Leggett]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_dbd: Handle integer configuration directive parameters with a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington dedicated function.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Change the directives within the mod_session* modules to be valid
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater both inside and outside the location/directory sections, as
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater suggested by wrowe. [Graham Leggett]
63654fea53d6a58a65112234bc8d0c322e0c81b5Automatic Updater *) mod_auth_form: Add a module capable of allowing end users to log
63654fea53d6a58a65112234bc8d0c322e0c81b5Automatic Updater in using an HTML form, storing the credentials within mod_session.
3040b455151b1e1173193933664b2891b6159f24Mark Andrews [Graham Leggett]
64d59a0480180940d855a3431ac5ff617b53e997Tinderbox User *) Add a function to the http filters that is able to parse an HTML
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User form request with the type of application/x-www-form-urlencoded.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Graham Leggett]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_session_crypto: Initialise SSL in the post config hook.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Ruediger Pluem, Graham Leggett]
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater *) mod_session_dbd: Add a session implementation capable of storing
fd7c65dce9c2b1a3d12ca4df9074cd38019fdb5fAutomatic Updater session information in a SQL database via the dbd interface. Useful
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User for sites where session privacy is important. [Graham Leggett]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_session_crypto: Add a session encoding implementation capable
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt of encrypting and decrypting sessions wherever they may be stored.
3040b455151b1e1173193933664b2891b6159f24Mark Andrews Introduces a level of privacy when sessions are stored on the
551271d8198ae06e37edf5da519d8ee153eeac0fTinderbox User browser. [Graham Leggett]
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews *) mod_session_cookie: Add a session implementation capable of storing
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark Andrews session information within cookies on the browser. Useful for high
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater volume sites where server bound sessions are too resource intensive.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Graham Leggett]
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark Andrews *) mod_session: Add a generic session interface to unify the different
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater attempts at saving persistent sessions across requests.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Graham Leggett]
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark Andrews *) core, authn/z: Avoid calling access control hooks for internal requests
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark Andrews with configurations which match those of initial request. Revert to
b6561016dc8a813bfd91cef5b876b3dfc3f08ffaTinderbox User original behaviour (call access control hooks for internal requests
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark Andrews with URIs different from initial request) if any access control hooks or
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater providers are not registered as permitting this optimization.
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User Introduce wrappers for access control hook and provider registration
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User which can accept additional mode and flag data. [Chris Darroch]
80f05de86cd3cd8e4a4215c4501643891b942dafTinderbox User *) Introduced ap_expr API for expression evaluation.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User This is adapted from mod_include, which is the first module
fedd407a76adfdd745eb7d2461673693c6f9fea9Mark Andrews to use the new API.
5b4ef313da4283079786e516b4b07a1691e1dc50Mark Andrews *) mod_authz_dbd: When redirecting after successful login/logout per
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User AuthzDBDRedirectQuery, do not report authorization failure, and use
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User first row returned by database query instead of last row.
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User [Chris Darroch]
82a986aaa5d3384a541b5a7d6dae8cf0726d6513Tinderbox User *) mod_ldap: Correctly return all requested attribute values
3040b455151b1e1173193933664b2891b6159f24Mark Andrews when some attributes have a null value.
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrews PR 44560 [Anders Kaseorg <anders kaseorg.com>]
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrews *) core: check symlink ownership if both FollowSymlinks and
cc17f4a672fc4ce67327902dd797c4465f12c4c9Mark Andrews SymlinksIfOwnerMatch are set [Nick Kew]
5b4ef313da4283079786e516b4b07a1691e1dc50Mark Andrews *) core: fix origin checking in SymlinksIfOwnerMatch
5b4ef313da4283079786e516b4b07a1691e1dc50Mark Andrews PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the
5b4ef313da4283079786e516b4b07a1691e1dc50Mark Andrews 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater contain public function declarations which are useful for
82447d835d3ff5c658749b4e9b4f66166407b3eaAutomatic Updater third party module authors. PR 42431 [Dirk-Willem van Gulik].
551271d8198ae06e37edf5da519d8ee153eeac0fTinderbox User *) mod_dir, mod_negotiation: pass the output filter information
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews to newly created sub requests; as these are later on used
10702d681eb650391bcaa0e2704aa3cf2dbf0e98Mark Andrews as true requests with an internal redirect. This allows for
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater mod_cache et.al. to trap the results of the redirect.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [Dirk-Willem van Gulik, Ruediger Pluem]
551271d8198ae06e37edf5da519d8ee153eeac0fTinderbox User *) mod_ldap: Add support (taking advantage of the new APR capability)
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User for ldap rebind callback while chasing referrals. This allows direct
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User searches on LDAP servers (in particular MS Active Directory 2003+)
183b6c7fca54001820078f324d102fc33e64bbc6Automatic Updater using referrals without the use of the global catalog.
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater PRs 26538, 40268, and 42557 [Paul J. Reder]
08190bd4d89153cee463b34f9233ad6dd88965fcMark Andrews *) ApacheMonitor.exe: Introduce --kill argument for use by the
551271d8198ae06e37edf5da519d8ee153eeac0fTinderbox User installer. This will permit the installation tool to remove
551271d8198ae06e37edf5da519d8ee153eeac0fTinderbox User all running instances before attempting to remove the .exe.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User [William Rowe]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mod_ssl: Add support for OCSP validation of client certificates.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton]
601c1908d06375f5dea00ab98671a6c934d8a840Automatic Updater *) mod_serf: New module for Reverse Proxying. [Paul Querna]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) core: Add the option to keep aside a request body up to a certain
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User size that would otherwise be discarded, to be consumed by filters
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User such as mod_include. When enabled for a directory, POST requests
f46621af221784fd08339c6fe9509d9e48334561Tinderbox User to shtml files can be passed through to embedded scripts as POST
f46621af221784fd08339c6fe9509d9e48334561Tinderbox User requests, rather being downgraded to GET requests. [Graham Leggett]
f46621af221784fd08339c6fe9509d9e48334561Tinderbox User *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
f46621af221784fd08339c6fe9509d9e48334561Tinderbox User *) scoreboard: Correctly declare ap_time_process_request.
f46621af221784fd08339c6fe9509d9e48334561Tinderbox User *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater provide the unusual legacy lookup. [William Rowe]
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater *) mpm winnt: fix null pointer dereference
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater PR 42572 [Davi Arnaut]
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
e9e4257668ff6c4e583b0c0db2508650b0b677b8Tinderbox User parameters to the environment. Improve portability to
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater EBCDIC machines by using apr_toupper(). [Martin Kraemer]
3040b455151b1e1173193933664b2891b6159f24Mark Andrews *) mod_ldap, mod_authnz_ldap: Add support for nested groups (i.e. the ability
3497d225321ed571428ed011650deb229ccfc977Tinderbox User to authorize an authenticated user via a "require ldap-group X" directive
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User where the user is not in group X, but is in a subgroup contained in X.
859148b72a22e4221c3e918d15c7fdd5e78b6d8dTinderbox User PR 42891 [Paul J. Reder]
be0d1ec971748020cb0382e02b4642b493ea1e7bTinderbox User *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) apxs: Enhance -q flag to print all known variables and their values
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews when invoked without variable name(s).
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [William Rowe, Sander Temme]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) apxs: Eliminate run-time check for mod_so. PR 40653.
859148b72a22e4221c3e918d15c7fdd5e78b6d8dTinderbox User [David M. Lee <dmlee crossroads.com>]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) beos MPM: Create pmain pool and run modules' child_init hooks when
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Chris Darroch]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews cleanups registered in modules' child_init hooks are performed.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Chris Darroch]
17198e77b87667f796e910d31a4f47a80e256d09Mark Andrews *) Fix issue which could cause error messages to be written to access logs
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User on Win32. PR 40476. [Tom Donovan <Tom.Donovan acm.org>]
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater *) The LockFile directive, which specifies the location of
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater the accept() mutex lockfile, is deprecated. Instead, the
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User AcceptMutex directive now takes an optional lockfile
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User location parameter, ala SSLMutex. [Jim Jagielski]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_authn_dbd: Export any additional columns queried in the SQL select
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User into the environment with the name AUTHENTICATE_<COLUMN>. This brings
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
c07cdac6cf5bf3e9affc1aed25f8350087691f1eAutomatic Updater *) mod_dbd: Key the storage of prepared statements on the hex string
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User value of server_rec, rather than the server name, as the server name
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User may change (eg when the server name is set) at any time, causing
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater the first bucket from the brigade, finds it not to be a FILE
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User bucket and barfs. The fix is to pass a bucket rather than a brigade.
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User [Niklas Edmundsson <nikke acc.umu.se>]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater *) ap_get_server_version() has been removed. Third-party modules must
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater now use ap_get_server_banner() or ap_get_server_description().
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater [Jeff Trawick]
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User *) All MPMs: Introduce a check_config phase between pre_config and
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User open_logs, to allow modules to review interdependent configuration
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User directive values and adjust them while messages can still be logged
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User to the console. Handle relevant MPM directives during this phase
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User and format messages for both the console and the error log, as
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User appropriate. [Chris Darroch]
7c899ff8af55a6855100e7fb4f5dd9a0a04b48a0Automatic Updater *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews to circumvent the symbolic link checks imposed by FollowSymLinks and
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews The default is none as this is far greater debugging resolution than
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews the typical administrator is prepared to untangle. [William Rowe]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_disk_cache: If possible, check if the size of an object to cache is
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews within the configured boundaries before actually saving data.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Niklas Edmundsson <nikke acc.umu.se>]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Worker and event MPMs: Remove improper scoreboard updates which were
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews performed in the event of a fork() failure. [Chris Darroch]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Add support for fcgi:// proxies to mod_rewrite.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Markus Schiegl <ms schiegl.com>]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Remove incorrect comments from scoreboard.h regarding conditional
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews loading of worker_score structure with mod_status, and remove unused
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews definitions relating to old life_status field.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Chris Darroch <chrisd pearsoncmg.com>]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Remove allocation of memory for unused array of lb_score pointers
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Garrett Rooney, Jim Jagielski, Paul Querna]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Chris Darroch <chrisd pearsoncmg.com>]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) mod_charset_lite: Remove Content-Length when output filter can
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews invalidate it. Warn when input filter can invalidate it.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Jeff Trawick]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Authz: Add the new module mod_authn_core that will provide common
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews authn directives such as 'AuthType', 'AuthName'. Move the directives
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews into mod_authn_core. [Brad Nicholes]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater into the new module mod_access_compat which can be loaded to provide
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington support for these directives.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Brad Nicholes]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Authz: Move the 'Require' directive from the core module as well as
757ff043760e4743dda1a10e7d58349275934902Tinderbox User add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews logic into the authorization processing. [Brad Nicholes]
0df8ead472f207020f8da22a185fe4b945248ab8Automatic Updater *) Authz: Add the new module mod_authz_core which acts as the
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User authorization provider vector and contains common authz
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews directives. [Brad Nicholes]
6c910bd5e4a85a56e3a61fdf7b237a45bb2553eeTinderbox User *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
e213b38b48486b3a6349329655d9169085001fa0Tinderbox User host-based access control provided by mod_authz_host and invoked
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User through the 'Require' directive. [Brad Nicholes]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) Authz: Convert all of the authz modules from hook based to
71ba75c604df3604673232828a68bb28c420e698Mark Andrews provider based. [Brad Nicholes]
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews *) mod_cache: Add CacheMinExpire directive to set the minimum time in
c5a97a549c89d562e999d4f906b882c5a2a474e1Tinderbox User seconds to cache a document.
e7d35dad55e8deae14f29aabfb20d540b4b6ab3dMark Andrews [Brian Akins <brian.akins turner.com>, Ruediger Pluem]
c5a97a549c89d562e999d4f906b882c5a2a474e1Tinderbox User *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
757ff043760e4743dda1a10e7d58349275934902Tinderbox User *) Fix typo in ProxyStatus syntax error message.
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Asynchronous write completion for the Event MPM. [Brian Pane]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Added an End-Of-Request bucket type. The logging of a request and
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews the freeing of its pool are now done when the EOR bucket is destroyed.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews This has the effect of delaying the logging until right after the last
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews of the response is sent; ap_core_output_filter() calls the access logger
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews indirectly when it destroys the EOR bucket. [Brian Pane]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Rewrite of logresolve support utility: IPv6 addresses are now supported
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews and the format of statistical output has changed. [Colm MacCarthaigh]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
56334ccb2d4b5a04fc12b70b5852049db5d24088Evan Hunt *) Added new connection states for handler and write completion
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Justin Erenkrantz]
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews allowing string-valued client certificate attributes to be used for
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews [Martin Kraemer, David Reid]
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User [Apache 2.3.0-dev includes those bug fixes and changes with the
979e02d122cddf1624cca8a4dab8d084c900fa48Automatic Updater Apache 2.2.xx tree as documented, and except as noted, below.]
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsChanges with Apache 2.2.x and later:
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
51901858be9d4632c1d0bed28cfa8f29932c1967Tinderbox UserChanges with Apache 2.0.x and later: