CHANGES revision 8c2bb916633b1eb3dccf91c776363bbc3a6145de
a8c5a86d183db25a57bf193c06b41e092ec2e151Timo Sirainen -*- coding: utf-8 -*-
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo SirainenChanges with Apache 2.3.9
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) SECURITY: CVE-2010-1623 (cve.mitre.org)
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Fix a denial of service attack against mod_reqtimeout.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_autoindex: Fix inheritance of mod_autoindex directives into
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen contexts that don't have any mod_autoindex directives. PR47766.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Eric Covener]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen of rewrite processing when a per-directory substitution occurs.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Eric Covener]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ssl: Make sure to always log an error if loading of CA certificates
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_dav: Send 400 error if malformed Content-Range header is received for
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_proxy: Release the backend connection as soon as EOS is detected,
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen so the backend isn't forced to wait for the client to eventually
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen acknowledge the data. [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_proxy: Optimise ProxyPass within a Location so that it is stored
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen per-directory, and chosen during the location walk. Make ProxyPass
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen work correctly from within a LocationMatch. [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core: Fix segfault if per-module LogLevel is on virtual host
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen scope. PR 50117. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_proxy: Move the ProxyErrorOverride directive to have per
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen directory scope. [Graham Leggett]
917498e6f84969d2b93410c1e479735abe8e0ed7Timo Sirainen *) mod_allowmethods: New module to deny certain HTTP methods without
29543188462c9348f365ec29115d777ffe4769d3Timo Sirainen interfering with authentication/authorization. [Paul Querna,
29543188462c9348f365ec29115d777ffe4769d3Timo Sirainen Igor Galić, Stefan Fritsch]
917498e6f84969d2b93410c1e479735abe8e0ed7Timo Sirainen *) mod_ssl: Log certificate information and improve error message if client
917498e6f84969d2b93410c1e479735abe8e0ed7Timo Sirainen cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
917498e6f84969d2b93410c1e479735abe8e0ed7Timo Sirainen Stefan Fritsch]
29543188462c9348f365ec29115d777ffe4769d3Timo Sirainen *) htcacheclean: Teach htcacheclean to limit cache size by number of
29543188462c9348f365ec29115d777ffe4769d3Timo Sirainen inodes in addition to size of files. Prevents a cache disk from
29543188462c9348f365ec29115d777ffe4769d3Timo Sirainen running out of space when many small files are cached.
29543188462c9348f365ec29115d777ffe4769d3Timo Sirainen [Graham Leggett]
917498e6f84969d2b93410c1e479735abe8e0ed7Timo Sirainen *) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
917498e6f84969d2b93410c1e479735abe8e0ed7Timo Sirainen describes more accurately what the directive does. The old name
917498e6f84969d2b93410c1e479735abe8e0ed7Timo Sirainen still works but logs a warning. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_cache: Optionally serve stale data when a revalidation returns a
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen 5xx response, controlled by the CacheStaleOnError directive.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) htcacheclean: Allow the listing of valid URLs within the cache, with
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen the option to list entry metadata such as sizes and times. [Graham
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_cache: correctly parse quoted strings in cache headers.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 50199 [Nick Kew]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_cache: Allow control over the base URL of reverse proxied requests
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen using the CacheKeyBaseURL directive, so that the cache key can be
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen calculated from the endpoint URL instead of the server URL. [Graham
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_cache: CacheLastModifiedFactor, CacheStoreNoStore, CacheStorePrivate,
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen CacheStoreExpired, CacheIgnoreNoLastMod, CacheDefaultExpire,
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen CacheMinExpire and CacheMaxExpire can be set per directory/location.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_disk_cache: CacheMaxFileSize, CacheMinFileSize, CacheReadSize and
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen CacheReadTime can be set per directory/location. [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core: Speed up config parsing if using a very large number of config
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen files. PR 50002 [andrew cloudaccess net]
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen *) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen *) htcacheclean: Allow the option to round up file sizes to a given
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen block size, improving the accuracy of disk usage. [Graham Leggett]
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen *) mod_ssl: Add authz providers for use with mod_authz_core and its
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen 'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen 'ssl-require' (expressions with same syntax as SSLRequire).
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen [Stefan Fritsch]
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen *) mod_ssl: Make the ssl expression parser thread-safe. It now requires
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen bison instead of yacc. [Stefan Fritsch]
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen *) mod_disk_cache: Change on-disk header file format to support the
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen link of the device/inode of the data file to the matching header
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen file, and to support the option of not writing a data file when
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen the data file is empty. [Graham Leggett]
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen *) core/mod_unique_id: Add generate_log_id hook to allow to use
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen the ID generated by mod_unique_id as error log ID for requests.
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen [Stefan Fritsch]
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen *) mod_cache: Make sure that we never allow a 304 Not Modified response
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen that we asked for to leak to the client should the 304 response be
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen uncacheable. PR45341 [Graham Leggett]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) mod_cache: Add the cache_status hook to register the final cache
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen decision hit/miss/revalidate. Add optional support for an X-Cache
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen and/or an X-Cache-Detail header to add the cache status to the
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen response. PR48241 [Graham Leggett]
7da0a157dbcb64d3e97c01bcc87262bd944c6890Timo Sirainen *) mod_authz_host: Add 'local' provider that matches connections originating
7da0a157dbcb64d3e97c01bcc87262bd944c6890Timo Sirainen on the local host. PR 19938. [Stefan Fritsch]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) Event MPM: Fix crash accessing pollset on worker thread when child
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen process is exiting. [Jeff Trawick]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core: For process invocation (cgi, fcgid, piped loggers and so forth)
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen pass the system library path (LD_LIBRARY_PATH or platform-specific
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen variables) along with the system PATH, by default. Both should be
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen overridden together as desired using PassEnv etc; see mod_env.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [William Rowe]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_cache: Introduce CacheStoreExpired, to allow administrators to
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen capture a stale backend response, perform If-Modified-Since requests
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen against the backend, and serving from the cache all 304 responses.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen This restores pre-2.2.4 cache behavior. [William Rowe]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_rewrite: Introduce <=, >= string comparison operators, and integer
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen comparators -lt, -le, -eq, -ge, and -gt. To help bash users and drop
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen the ambiguity of the symlink test "-ltest", introduce -h or -L as
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen symlink test operators. [William Rowe]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_cache: Give the cache provider the opportunity to choose to cache
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen or not cache based on the buckets present in the brigade, such as the
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen presence of a FILE bucket.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_authz_core: Allow authz providers to check args while reading the
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen config and allow to cache parsed args. Move 'all' and 'env' authz
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen providers from mod_authz_host to mod_authz_core. Add 'method' authz
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen provider depending on the HTTP method. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_include: Move the request_rec within mod_include to be
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen exposed within include_ctx_t. [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_include: Reinstate support for UTF-8 character sets by allowing a
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen variable being echoed or set to be decoded and then encoded as separate
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen steps. PR47686 [Graham Leggett]
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen *) mod_cache: Add a discrete commit_entity() provider function within the
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen mod_cache provider interface which is called to indicate to the
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen provider that caching is complete, giving the provider the opportunity
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen to commit temporary files permanently to the cache in an atomic
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen fashion. Replace the inconsistent use of error cleanups with a formal
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen set of pool cleanups attached to a subpool, which is destroyed on error.
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen [Graham Leggett]
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen *) mod_cache: Change the signature of the store_body() provider function
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen within the mod_cache provider interface to support an "in" brigade
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen and an "out" brigade instead of just a single input brigade. This
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen gives a cache provider the option to consume only part of the brigade
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen passed to it, rather than the whole brigade as was required before.
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen This fixes an out of memory and a request timeout condition that would
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen occur when the original document was a large file. Introduce
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen CacheReadSize and CacheReadTime directives to mod_disk_cache to control
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen the amount of data to attempt to cache at a time. [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core: Add ErrorLogFormat to allow configuring error log format, including
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen additional information that is logged once per connection or request. Add
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen error log IDs for connections and request to allow correlating error log
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen lines and the corresponding access log entry. [Stefan Fritsch]
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen *) core: Disable sendfile by default. [Stefan Fritsch]
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen *) mod_cache: Check the request to determine whether we are allowed
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen to return cached content at all, and respect a "Cache-Control:
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen no-cache" header from a client. Previously, "no-cache" would
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen behave like "max-age=0". [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_cache: Use a proper filter context to hold filter data instead
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen of misusing the per-request configuration. Fixes a segfault on trunk
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen when the normal handler is used. [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_cgid: Log a warning if the ScriptSock path is truncated because
ca31fc1a8e48281c6882796fa7d4372acc2f97e5Timo Sirainen it is too long. PR 49388. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) vhosts: Do not allow _default_ in NameVirtualHost, or mixing *
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen and non-* ports on NameVirtualHost, or multiple NameVirtualHost
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen directives for the same address:port, or NameVirtualHost
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen directives with no matching VirtualHosts, or multiple ip-based
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen VirtualHost sections for the same address:port. These were
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen previously accepted with a warning, but the behavior was
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen undefined. [Dan Poirier]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_remoteip: Fix a segfault when using mod_remoteip in conjunction with
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Allow/Deny. PR 49838. [Andrew Skalski <voltara gmail.com>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core: DirectoryMatch can now match on the end of line character ($),
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen and sub-directories of matched directories are no longer implicitly
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen matched. PR49809 [Eric Covener]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Regexps: introduce new higher-level regexp utility including parsing
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen and executing perl-style regexp ops (e.g s/foo/bar/i) and regexp memory
3568ea090b5a072e498438e74db23b98103ff2deTimo SirainenChanges with Apache 2.3.8
3568ea090b5a072e498438e74db23b98103ff2deTimo Sirainen *) suexec: Support large log files. PR 45856. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core: Abort with sensible error message if no or more than one MPM is
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen loaded. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_proxy: Rename erroronstatus to failonstatus.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Daniel Ruggeri <DRuggeri primary.net>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_dav_fs: Fix broken "creationdate" property.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Regression in version 2.3.7. [Rainer Jung]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo SirainenChanges with Apache 2.3.7
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) SECURITY: CVE-2010-1452 (cve.mitre.org)
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen segment. PR: 49246 [Mark Drayton, Jeff Trawick]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_rewrite: Log errors if rewrite map files cannot be opened. PR 49639.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_proxy_http: Support the 'ping' property for backend HTTP/1.1 servers
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen via leveraging 100-Continue as the initial "request".
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Jim Jagielski]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core/mod_authz_core: Introduce new access_checker_ex hook that enables
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_authz_core to bypass authentication if access should be allowed by
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen IP address/env var/... [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core: Introduce note_auth_failure hook to allow modules to add support
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen for additional auth types. This makes ap_note_auth_failure() work with
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_auth_digest again. PR 48807. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_authn_cache: new module [Nick Kew]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_rewrite: Allow to set environment variables without explicitly
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen giving a value. [Rainer Jung]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_include: recognise "text/html; parameters" as text/html
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 49616 [Andrey Chernov <ache nagual.pp.ru>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) CGI vars: allow PATH to be set by SetEnv, consistent with LD_LIBRARY_PATH
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 43906 [Nick Kew]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Core: Extra robustness: don't try authz and segfault if authn
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen fails to set r->user. Log bug and return 500 instead.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 42995 [Nick Kew]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) HTTP protocol filter: fix handling of longer chunk extensions
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Update SSL cipher suite and add example for SSLHonorCipherOrder.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Lars Eilebrecht, Rainer Jung]
ca31fc1a8e48281c6882796fa7d4372acc2f97e5Timo Sirainen *) move AddOutputFilterByType from core to mod_filter. This should
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen fix nasty side-effects that happen when content_type is set
ca31fc1a8e48281c6882796fa7d4372acc2f97e5Timo Sirainen more than once in processing a request, and make it fully
ca31fc1a8e48281c6882796fa7d4372acc2f97e5Timo Sirainen compatible with dynamic and proxied contents. [Nick Kew]
58840b6cfccd09f0a7c6cd206437e52b6d8d386eTimo Sirainen *) mod_log_config: Implement logging for sub second timestamps and
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen request end time. [Rainer Jung]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo SirainenChanges with Apache 2.3.6
ca31fc1a8e48281c6882796fa7d4372acc2f97e5Timo Sirainen *) SECURITY: CVE-2009-3555 (cve.mitre.org)
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen attack when compiled against OpenSSL version 0.9.8m or later. Introduces
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen and offer unsafe legacy renegotiation with clients which do not yet
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen support the new secure renegotiation protocol, RFC 5746.
ca31fc1a8e48281c6882796fa7d4372acc2f97e5Timo Sirainen [Joe Orton, and with thanks to the OpenSSL Team]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) SECURITY: CVE-2009-3555 (cve.mitre.org)
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen by rejecting any client-initiated renegotiations. Forcibly disable
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen keepalive for the connection if there is any buffered data readable. Any
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen configuration which requires renegotiation for per-directory/location
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) SECURITY: CVE-2010-0408 (cve.mitre.org)
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen when request headers indicate a request body is incoming; not a case of
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) SECURITY: CVE-2010-0425 (cve.mitre.org)
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_isapi: Do not unload an isapi .dll module until the request
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen processing is completed, avoiding orphaned callback pointers.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
58840b6cfccd09f0a7c6cd206437e52b6d8d386eTimo Sirainen *) core: Filter init functions are now run strictly once per request
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen before handler invocation. The init functions are no longer run
ca31fc1a8e48281c6882796fa7d4372acc2f97e5Timo Sirainen for connection filters. PR 49328. [Joe Orton]
58840b6cfccd09f0a7c6cd206437e52b6d8d386eTimo Sirainen *) core: Adjust the output filter chain correctly in an internal
58840b6cfccd09f0a7c6cd206437e52b6d8d386eTimo Sirainen redirect from a subrequest, preserving filters from the main
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen request as necessary. PR 17629. [Joe Orton]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Response if they so choose to do so. Previously an attempt to cache a 206
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen was arbitrarily allowed if the response contained an Expires or
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Cache-Control header, and arbitrarily denied if both headers were missing.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core: Add microsecond timestamp fractions, process id and thread id
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen to the error log. [Rainer Jung]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) configure: The "most" module set gets build by default. [Rainer Jung]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) configure: Fix broken VPATH build when using included APR.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Rainer Jung]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_session_crypto: Fix configure problem when building
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen with APR 2 and for VPATH builds with included APR.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Rainer Jung]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_session_crypto: API compatibility with APR 2 crypto and
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen APR Util 1.x crypto. [Rainer Jung]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) ab: Fix memory leak with -v2 and SSL. PR 49383.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Pavel Kankovsky <peak argo troja mff cuni cz>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core: Add per-module and per-directory loglevel configuration.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Add some more trace logging.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_ssl: Replace LogLevelDebugDump with trace log levels.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_dumpio: Replace DumpIOLogLevel with trace log levels.
ca31fc1a8e48281c6882796fa7d4372acc2f97e5Timo Sirainen [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen title page only) when any mod_ldap directives were used in VirtualHost
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen context. [Eric Covener]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_disk_cache: Decline the opportunity to cache if the response is
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen a 206 Partial Content. This stops a reverse proxied partial response
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen from becoming cached, and then being served in subsequent responses.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_deflate: avoid the risk of forwarding data before headers are set.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 49369 [Matthew Steele <mdsteele google.com>]
ca31fc1a8e48281c6882796fa7d4372acc2f97e5Timo Sirainen *) mod_authnz_ldap: Ensure nested groups are checked when the
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen top-level group doesn't have any direct non-group members
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen of attributes in AuthLDAPGroupAttribute. [Eric Covener]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) mod_authnz_ldap: Search or Comparison during authorization phase
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen can use the credentials from the authentication phase
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen PR 48340 [Domenico Rotiroti, Eric Covener]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) mod_authnz_ldap: Allow the initial DN search during authentication
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen to use the HTTP username/pass instead of an anonymous or hard-coded
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen [Eric Covener]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen when this module is used for authorization. See AuthLDAPAuthorizePrefix.
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen PR 45584 [Eric Covener]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) apxs -q: Stop filtering out ':' characters from the reported values.
dfc96c43be0720d3a03faa1eb44032276cbf94cfTimo Sirainen PR 45343. [Bill Cole]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) prefork MPM: Work around possible crashes on child exit in APR reslist
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen cleanup code. PR 43857. [Tom Donovan]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen [Bryn Dole <dole blekko.com>]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) Log an error for failures to read a chunk-size, and return 408 instead of
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen 413 when this is due to a read timeout. This change also fixes some cases
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen of two error documents being sent in the response for the same scenario.
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen [Eric Covener] PR49167
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen to control/set the nonce used in the balancer-manager application.
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen [Jim Jagielski]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen [Stefan Fritsch]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) Proxy balancer: support setting error status according to HTTP response
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen *) htcacheclean: Introduce the ability to clean specific URLs from the
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen cache, if provided as an optional parameter on the command line.
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen [Graham Leggett]
d71d05cf4417eaedb4d72491480a7d2bb46d8df3Timo Sirainen *) core: Introduce the IncludeStrict directive, which explicitly fails
d71d05cf4417eaedb4d72491480a7d2bb46d8df3Timo Sirainen server startup if no files or directories match a wildcard path.
d71d05cf4417eaedb4d72491480a7d2bb46d8df3Timo Sirainen [Graham Leggett]
d71d05cf4417eaedb4d72491480a7d2bb46d8df3Timo Sirainen *) htcacheclean: Report additional statistics about entries deleted.
d71d05cf4417eaedb4d72491480a7d2bb46d8df3Timo Sirainen PR 48944. [Mark Drayton mark markdrayton.info]
d71d05cf4417eaedb4d72491480a7d2bb46d8df3Timo Sirainen *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
d71d05cf4417eaedb4d72491480a7d2bb46d8df3Timo Sirainen builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
d71d05cf4417eaedb4d72491480a7d2bb46d8df3Timo Sirainen build of openssl is required for 'SSLFIPS on'. PR 46270.
d71d05cf4417eaedb4d72491480a7d2bb46d8df3Timo Sirainen [Dr Stephen Henson <steve openssl.org>, William Rowe]
d71d05cf4417eaedb4d72491480a7d2bb46d8df3Timo Sirainen *) mod_proxy_http: Log the port of the remote server in various messages.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 48812. [Igor Galić <i galic brainsware org>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_proxy_ajp: Really regard the operation a success, when the client
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen aborted the connection. In addition adjust the log message if the client
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen aborted the connection. [Ruediger Pluem]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen allows insecure renegotiation with clients which do not yet
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen support the secure renegotiation protocol. [Joe Orton]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen is configured for client cert auth. PR 46952. [Joe Orton]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core: Only log a 408 if it is no keepalive timeout. PR 39785
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Ruediger Pluem, Mark Montague <markmont umich.edu>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) support/rotatelogs: Add -L option to create a link to the current
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen setting only, matching most of the documentation and examples.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 46541 [Paul Reder, Eric Covener]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_negotiation: Preserve query string over multiviews negotiation.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen This buglet was fixed for type maps in 2.2.6, but the same issue
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen affected multiviews and was overlooked.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 33112 [Joergen Thomsen <apache jth.net>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen when some are not password-protected. [Eric Covener]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Fix startup segfault when the Mutex directive is used but no loaded
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen modules use httpd mutexes. PR 48787. [Jeff Trawick]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Proxy: get the headers right in a HEAD request with
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen ProxyErrorOverride, by checking for an overridden error
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen before not after going into a catch-all code path.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 41646. [Nick Kew, Stuart Children]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) support/rotatelogs: Support the simplest log rotation case, log
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen truncation. Useful when the log is being processed in real time
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen using a command like tail. [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) support/htcacheclean: Teach it how to write a pid file (modelled on
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen httpd's writing of a pid file) so that it becomes possible to run
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen more than one instance of htcacheclean on the same machine.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Log command line on startup, so there's a record of command line
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen arguments like -f. PR 48752. [Dan Poirier]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Introduce mod_reflector, a handler capable of reflecting POSTed
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen request bodies back within the response through the output filter
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen stack. Can be used to turn an output filter into a web service.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_proxy_http: Make sure that when an ErrorDocument is served
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen from a reverse proxied URL, that the subrequest respects the status
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen of the original request. This brings the behaviour of proxy_handler
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen in line with default_handler. PR 47106. [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Support wildcards in both the directory and file components of
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen the path specified by the Include directive. [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_proxy, mod_proxy_http: Support remote https proxies
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen by using HTTP CONNECT. PR 19188.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Philip M. Gollucci]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) worker: Don't report server has reached MaxClients until it has.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Add message when server gets within MinSpareThreads of MaxClients.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 46996. [Dan Poirier]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_session: Session expiry was being initialised, but not updated
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen on each session save, resulting in timed out sessions when there
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen should not have been. Fixed. [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_log_config: Add the R option to log the handler used within the
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen request. [Christian Folini <christian.folini netnea com>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_include: Allow fine control over the removal of Last-Modified and
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen ETag headers within the INCLUDES filter, making it possible to cache
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen responses if desired. Fix the default value of the SSIAccessEnable
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen directive. [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Add new UnDefine directive to undefine a variable. PR 35350.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen for regex backreferences as mod_rewrite and mod_include: Remove the use
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen of '&' as an alias for '$0' and allow to escape any character with a
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen backslash. PR 48351. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen password to UTF-8. PR 45318.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) ab: Fix calculation of requests per second in HTML output. PR 48594.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen password now result in an informational level log entry instead of
201437e07fd40d296377cc20ed1dab1f2777544aTimo Sirainen warning level. [Eric Covener]
201437e07fd40d296377cc20ed1dab1f2777544aTimo SirainenChanges with Apache 2.3.5
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) SECURITY: CVE-2010-0434 (cve.mitre.org)
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Ensure each subrequest has a shallow copy of headers_in so that the
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen parent request headers are not corrupted. Eliminates a problematic
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen optimization in the case of no request body. PR 48359
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Jake Scott, William Rowe, Ruediger Pluem]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Turn static function get_server_name_for_url() into public
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen ap_get_server_name_for_url() and use it where appropriate. This
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen fixes mod_rewrite generating invalid URLs for redirects to IPv6
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen literal addresses. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen for LDAP operations like bind and search. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_proxy_ftp. [Takashi Sato]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_proxy_connect. [Takashi Sato]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_cache: Do an exact match of the keys defined by
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen CacheIgnoreURLSessionIdentifiers against the querystring instead of
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen a partial match. PR 48401.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Core HTTP: disable keepalive when the Client has sent
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Expect: 100-continue
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen but we respond directly with a non-100 response.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Keepalive here led to data from clients continuing being treated as
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen a new request.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 47087 [Nick Kew]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Core: reject NULLs in request line or request headers.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 43039 [Nick Kew]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Core: (re)-introduce -T commandline option to suppress documentroot
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen check at startup.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 41887 [Jan van den Berg <janvdberg gmail.com>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen ScanHTMLTitles, ReadmeName, HeaderName
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Proxy: Fix ProxyPassReverse with relative URL
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Derived (slightly erroneously) from PR 38864 [Nick Kew]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_headers: align Header Edit with Header Set when used on Content-Type
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_headers: Enable multi-match-and-replace edit option
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 46594 [Nick Kew]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_filter: enable it to act on non-200 responses.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 48377 [Nick Kew]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo SirainenChanges with Apache 2.3.4
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen and WatchdogMutexPath with a single Mutex directive. Add APIs to
f663bdd9d345a86e6a7924d83319bd04b2fcb600Timo Sirainen simplify setup and user customization of APR proc and global mutexes.
31159b598c4188211ff8f292daad1d23ee5db3cbTimo Sirainen (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
31159b598c4188211ff8f292daad1d23ee5db3cbTimo Sirainen respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
31159b598c4188211ff8f292daad1d23ee5db3cbTimo Sirainen *) http_core: KeepAlive no longer accepts other than On|Off.
31159b598c4188211ff8f292daad1d23ee5db3cbTimo Sirainen [Takashi Sato]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Jeff Trawick]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen try other providers in the case of an LDAP bind failure.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Build: fix --with-module to work as documented
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 43881 [Gez Saunders <gez.saunders virgin.net>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo SirainenChanges with Apache 2.3.3
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) SECURITY: CVE-2009-3095 (cve.mitre.org)
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_proxy_ftp: sanity check authn credentials.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Stefan Fritsch <sf fritsch.de>, Joe Orton]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) SECURITY: CVE-2009-3094 (cve.mitre.org)
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_proxy_ftp: NULL pointer dereference on error paths.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Stefan Fritsch <sf fritsch.de>, Joe Orton]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_dav: Include uri when logging a PUT error due to connection abort.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 38149. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen (a COPY request where the parent of the destination resource does not
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen exist). PR 39299. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 42896. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen creating files. On systems with inode numbers, this is a format change of
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen the DavLockDB. The old DavLockDB must be deleted on upgrade.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_log_config: Make ${cookie}C correctly match whole cookie names
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
90a2c5f48c5f88f07bbf0477e3023d2099252b92Timo Sirainen Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) vhost: A purely-numeric Host: header should not be treated as a port.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 44979 [Nick Kew]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
90a2c5f48c5f88f07bbf0477e3023d2099252b92Timo Sirainen when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
90a2c5f48c5f88f07bbf0477e3023d2099252b92Timo Sirainen LDAPReferralHopLimit is explicitly configured.
90a2c5f48c5f88f07bbf0477e3023d2099252b92Timo Sirainen [Eric Covener]
90a2c5f48c5f88f07bbf0477e3023d2099252b92Timo Sirainen *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
29543188462c9348f365ec29115d777ffe4769d3Timo Sirainen [Eric Covener]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ssl: Add support for OCSP Stapling. PR 43822.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Dr Stephen Henson <shenson oss-institute.org>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_socache_shmcb: Allow parens in file name if cache size is given.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Fixes SSLSessionCache directive mis-parsing parens in pathname.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 47945. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
90a2c5f48c5f88f07bbf0477e3023d2099252b92Timo Sirainen *) mod_sed: Reduce memory consumption when processing very long lines.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) ab: Fix segfault in case the argument for -n is a very large number.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 47178. [Philipp Hagemeister <oss phihag.de>]
90a2c5f48c5f88f07bbf0477e3023d2099252b92Timo Sirainen *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
90a2c5f48c5f88f07bbf0477e3023d2099252b92Timo Sirainen [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen for worker MPM. [Takashi Sato]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
29543188462c9348f365ec29115d777ffe4769d3Timo Sirainen Brian France <brian brianfrance.com>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) Build: Use install instead of cp if available on installing
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
917498e6f84969d2b93410c1e479735abe8e0ed7Timo Sirainen *) mod_cache: correctly consider s-maxage in cacheability
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen decisions. [Dan Poirier]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_logio/core: Report more accurate byte counts in mod_status if
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen mod_logio is loaded. PR 25656. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen some cache entries and log a warning. Also increase the default
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen LDAPSharedCacheSize to 500000. This is a more realistic size suitable
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen PR 46749. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen Location section, in line with how ProxyPass works. [Graham Leggett]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_reqtimeout: New module to set timeouts and minimum data rates for
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen receiving requests from the client. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core: Fix potential memory leaks by making sure to not destroy
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen bucket brigades that have been created by earlier filters.
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen brigades in several places. [Stefan Fritsch]
e0aff4c7e3336ec4b5edbcfc3a72e1e118603ee2Timo Sirainen *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
3a2f2adf5679aa383a2cab09f739d59233cada95Timo Sirainen match by scheme, or by a wildcarded hostname. PR 40169
d71d05cf4417eaedb4d72491480a7d2bb46d8df3Timo Sirainen [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
68b968ad67513632a02aa0f8f81679fe072ca3c0Timo Sirainen *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
68b968ad67513632a02aa0f8f81679fe072ca3c0Timo Sirainen on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
Log 408 errors in access log as was done in Apache 1.3.x.
PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
Stefan Fritsch <sf fritsch.de>, Dan Poirier]
Brian France <brian brianfrance.com>]
Brian France <brian brianfrance.com>]
[Stefan Fritsch <sf sfritsch.de>]
*) mod_session.c: Prevent a segfault when session is added but not
definition. [Stefan Fritsch sf sfritsch.de]
*) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
PR 46971 [evanc nortel.com]
[Stefan Fritsch <sf sfritsch.de>]
for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
PR 42175 [Jim Radford <radford blackbean.org>]
type. PR 45107. [Michael Ströder <michael stroeder.com>,
PR 44020 [Håkon Stordahl <hakon stordahl.org>]
CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
PR 46942 [Dan Poirier <poirier pobox.com>]
PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
[Marko Kevac <mkevac gmail.com>]
as A/UX, Next, and Tandem. [Jeff Trawick]
directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
of module state across unload/load. [Jeff Trawick]
[Dan Poirier <poirier pobox.com>]
[Geoff Keating <geoffk apple.com>]
with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
a media type has not been configured via mime.types, AddType,
[Ryan Phillips <ryan-apache trolocsis.com>]
[<tlhackque yahoo.com>]
*) prefork: Fix child process hang during graceful restart/stop in
*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
times out before returning status line/headers.
PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
[Theo Schlossnagle <jesus omniti.com>, Paul Querna]
modules/proxy/balancers [Jim Jagielski]
privileges and Unix user/group IDs [Nick Kew]
logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
*) unixd: turn existing code into a module, and turn the set user/group
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
*) New module mod_sed: filter Request/Response bodies through sed
null value. [David Shane Holden <dpejesh apache.org>]
both inside and outside the location/directory sections, as
form request with the type of application/x-www-form-urlencoded.
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnz_ldap: Add support for nested groups (i.e. the ability
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later:
Changes with Apache 1.3.x and later: