CHANGES revision 9376e7dc573bb2721491c79b92f9c06fdfacebe6
d51456e4537729c2263303350abeff45379b1105Evan Hunt -*- coding: utf-8 -*-
d51456e4537729c2263303350abeff45379b1105Evan HuntChanges with Apache 2.3.0
d51456e4537729c2263303350abeff45379b1105Evan Hunt[ When backported to 2.2.x, remove entry from this file ]
e69790ac0067c0034f57e070d513833550786a93Evan Hunt *) mod_buffer: Optimise the buffering of heap buckets when the heap
e69790ac0067c0034f57e070d513833550786a93Evan Hunt buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
e69790ac0067c0034f57e070d513833550786a93Evan Hunt Ruediger Pluem]
67d01dcacb2051a03377c8ec5c0e36604c17aea5Evan Hunt *) mod_buffer: Optional support for buffering of the input and output
67d01dcacb2051a03377c8ec5c0e36604c17aea5Evan Hunt filter stacks. Can collapse many small buckets into fewer larger
67d01dcacb2051a03377c8ec5c0e36604c17aea5Evan Hunt buckets, and prevents excessively small chunks being sent over
6be12fa63b38fe7648811e042c9aad58cee2ead7Evan Hunt the wire. [Graham Leggett]
6be12fa63b38fe7648811e042c9aad58cee2ead7Evan Hunt *) mod_privileges: new module to make httpd on Solaris privileges-aware
6be12fa63b38fe7648811e042c9aad58cee2ead7Evan Hunt and to enable different virtualhosts to run with different
262fea66373a062cac1a0e99b5a4675987bb61ffEvan Hunt privileges and Unix user/group IDs [Nick Kew]
262fea66373a062cac1a0e99b5a4675987bb61ffEvan Hunt *) Build: Correctly set SSL_LIBS during openssl detection if pkgconfig is
084ba95b083dc55fd10631ad43fa8fff48707648Evan Hunt not available. PR 46018 [Ruediger Pluem]
084ba95b083dc55fd10631ad43fa8fff48707648Evan Hunt *) authn/z: Remove mod_authn_default and mod_authz_default.
084ba95b083dc55fd10631ad43fa8fff48707648Evan Hunt [Chris Darroch]
3ef4b7383ab4310df48ee5143e361ab1cfa3c8e8Evan Hunt *) authz: Fix handling of authz configurations, make default authz
3ef4b7383ab4310df48ee5143e361ab1cfa3c8e8Evan Hunt logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
72aa3b2a4e33a1b9b3521fddce383002b7201ab7Evan Hunt and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
72aa3b2a4e33a1b9b3521fddce383002b7201ab7Evan Hunt directives. [Chris Darroch]
368aedf188d7c7782cae8a5ce2a978be47b5a764Evan Hunt *) mod_authn_core: Prevent crash when provider alias created to
368aedf188d7c7782cae8a5ce2a978be47b5a764Evan Hunt provider which is not yet registered. [Chris Darroch]
e71905610c72f474a2943934a48f43121c79c939Evan Hunt *) mod_authn_core: Add AuthType of None to support disabling
e71905610c72f474a2943934a48f43121c79c939Evan Hunt authentication. [Chris Darroch]
1aced7b8702288f656ded594cd5bd7678bb4fe70Evan Hunt *) core: Allow <Limit> and <LimitExcept> directives to nest, and
1aced7b8702288f656ded594cd5bd7678bb4fe70Evan Hunt constrain their use to conform with that of other access control
1aced7b8702288f656ded594cd5bd7678bb4fe70Evan Hunt and authorization directives. [Chris Darroch]
a60bf97f9f7dcde6f4ca6e8188245fb0866200dbEvan Hunt *) unixd: turn existing code into a module, and turn the set user/group
a60bf97f9f7dcde6f4ca6e8188245fb0866200dbEvan Hunt and chroot into a child_init function. [Nick Kew]
a60bf97f9f7dcde6f4ca6e8188245fb0866200dbEvan Hunt *) core: Add ap_timeout_parameter_parse to public API. [Ruediger Pluem]
f79ee00c69259b9a27f9f0d12afa6c7b64005dedEvan Hunt *) mod_dir: Support "DirectoryIndex None"
f79ee00c69259b9a27f9f0d12afa6c7b64005dedEvan Hunt Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
7fbbc9bfd34f47aab843de668d5f5ffbc53d6e45Mark Andrews *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
7fbbc9bfd34f47aab843de668d5f5ffbc53d6e45Mark Andrews OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
96c17c5ecb012028ad9d66f93a252994c6ed035cMark Andrews *) Export and install the mod_rewrite.h header to ensure the optional
96c17c5ecb012028ad9d66f93a252994c6ed035cMark Andrews rewrite_mapfunc_t and ap_register_rewrite_mapfunc functions are
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt available to third party modules. [Graham Leggett]
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt *) mod_authnz_ldap: don't return NULL-valued environment variables to
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt *) Don't adjust case in pathname components that are not of interest
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt to mod_mime. Fixes mod_negotiation's use of such components.
3a01ded15da064de23124e5d1a89143eceec5523Evan Hunt PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
3a01ded15da064de23124e5d1a89143eceec5523Evan Hunt *) Add new LogFormat parameter, %k, which logs the number of
0072ae822d966550f7c0956ed22184ec20e98f34Mark Andrews keepalive requests on this connection for this request..
0072ae822d966550f7c0956ed22184ec20e98f34Mark Andrews [Dan Poirier <poirier pobox.com>]
0072ae822d966550f7c0956ed22184ec20e98f34Mark Andrews *) Be tolerant in what you accept - accept slightly broken
9e39bafd2ef3e52719b5f16aec077c7885e7e1f1Mark Andrews status lines from a backend provide they include a valid status code.
9e39bafd2ef3e52719b5f16aec077c7885e7e1f1Mark Andrews PR 44995 [Rainer Jung <rainer.jung kippdata.de>]
02a5e3ed85cbfc099874bb34e5901537399b5e24Mark Andrews *) New module mod_sed: filter Request/Response bodies through sed
02a5e3ed85cbfc099874bb34e5901537399b5e24Mark Andrews [Basant Kumar Kukreja <basant.kukreja sun.com>]
bce9696c7ac65792469b29ce0ad13564953b62caEvan Hunt *) mod_auth_form: Make sure that basic authentication is correctly
bce9696c7ac65792469b29ce0ad13564953b62caEvan Hunt faked directly after login. [Graham Leggett]
edd82b2ce275d513fb2799b90ec464f434880e87Mark Andrews *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
edd82b2ce275d513fb2799b90ec464f434880e87Mark Andrews within the output headers and error output headers, so that the
86856f4f3069bb2d75851b56401ffde18f41198fMark Andrews session is maintained across redirects. [Graham Leggett]
86856f4f3069bb2d75851b56401ffde18f41198fMark Andrews *) mod_auth_form: Make sure the logged in user is populated correctly
86856f4f3069bb2d75851b56401ffde18f41198fMark Andrews after a form login. Fixes a missing REMOTE_USER variable directly
83eecff731c1a049b12f01fb699fa15ab7ddac2eEvan Hunt following a login. [Graham Leggett]
83eecff731c1a049b12f01fb699fa15ab7ddac2eEvan Hunt *) mod_session_cookie: Make sure that cookie attributes are correctly
83eecff731c1a049b12f01fb699fa15ab7ddac2eEvan Hunt included in the blank cookie when cookies are removed. This fixes an
16134801ce8fffbb6c42bb54d544c3397a45ad06Mark Andrews inability to log out when using mod_auth_form. [Graham Leggett]
64584aa0980625f834fa148dc3c95ab714efe703Evan Hunt *) mod_autoindex: add configuration option to insert string
64584aa0980625f834fa148dc3c95ab714efe703Evan Hunt in HTML HEAD. [Nick Kew]
64584aa0980625f834fa148dc3c95ab714efe703Evan Hunt *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
64584aa0980625f834fa148dc3c95ab714efe703Evan Hunt null value. [David Shane Holden <dpejesh apache.org>]
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt *) mod_headers: Prevent Header edit from processing only the first header
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt of possibly multiple headers with the same name and deleting the
4357e13a4bc2e175d73b20f9ef3e809b3e269ee4Evan Hunt remaining ones. PR 45333. [Ruediger Pluem]
d7b9756a214030b0022ce791b67b12fb7bceeea0Evan Hunt *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
fd75aaa2b9816703fda5e8b2cd071a3ec7387a08Evan Hunt [Tom Donovan]
7f5bdf7f4063c2fefb18900468d2c851f8de7816Evan Hunt *) core, authn/z: Determine registered authn/z providers directly in
7f5bdf7f4063c2fefb18900468d2c851f8de7816Evan Hunt ap_setup_auth_internal(), which allows optional functions that just
7f5bdf7f4063c2fefb18900468d2c851f8de7816Evan Hunt wrapped ap_list_provider_names() to be removed from authn/z modules.
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt [Chris Darroch]
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt *) authn/z: Convert common provider version strings to macros.
1361e038900701e126213261c0a1178025ae5a72Tinderbox User [Chris Darroch]
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt *) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
6a3fa181d1253db5191139e20231512eebaddeebEvan Hunt *) configure: Don't reject libtool 2.x
6a3fa181d1253db5191139e20231512eebaddeebEvan Hunt PR 44817 [Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA gmail.com>]
6a3fa181d1253db5191139e20231512eebaddeebEvan Hunt *) core: When testing for slash-terminated configuration paths in
6a3fa181d1253db5191139e20231512eebaddeebEvan Hunt ap_location_walk(), don't look past the start of an empty string
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews such as that created by a <Location ""> directive.
0a5927a14f055f5550c76c818119f4811984272cMark Andrews [Chris Darroch]
96a35905057eb2ba7d977460776b06ae0911c8a7Evan Hunt *) core, mod_proxy: If a kept_body is present, it becomes safe for
1361e038900701e126213261c0a1178025ae5a72Tinderbox User subrequests to support message bodies. Make sure that safety
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews checks within the core and within the proxy are not triggered
64584aa0980625f834fa148dc3c95ab714efe703Evan Hunt when kept_body is present. This makes it possible to embed
7da74ea46df30a7431441a3b8adf5134dab5067eJeremy C. Reed proxied POST requests within mod_include. [Graham Leggett]
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews *) mod_auth_form: Make sure the input filter stack is properly set
96a35905057eb2ba7d977460776b06ae0911c8a7Evan Hunt up before reading the login form. Make sure the kept body filter
96a35905057eb2ba7d977460776b06ae0911c8a7Evan Hunt is correctly inserted to ensure the body can be read a second
1361e038900701e126213261c0a1178025ae5a72Tinderbox User time safely should the authn be successful. [Graham Leggett,
1361e038900701e126213261c0a1178025ae5a72Tinderbox User Ruediger Pluem]
1361e038900701e126213261c0a1178025ae5a72Tinderbox User *) mod_request: Insert the KEPT_BODY filter via the insert_filter
1361e038900701e126213261c0a1178025ae5a72Tinderbox User hook instead of during fixups. Add a safety check to ensure the
1361e038900701e126213261c0a1178025ae5a72Tinderbox User filters cannot be inserted more than once. [Graham Leggett,
1361e038900701e126213261c0a1178025ae5a72Tinderbox User Ruediger Pluem]
38eabfcee7a9f206c268834ab9cb6d3408a31380Mark Andrews *) core: Do not allow Options ALL if not all options are allowed to be
38eabfcee7a9f206c268834ab9cb6d3408a31380Mark Andrews overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
38eabfcee7a9f206c268834ab9cb6d3408a31380Mark Andrews *) ap_cache_cacheable_headers_out() will (now) always
38eabfcee7a9f206c268834ab9cb6d3408a31380Mark Andrews merge an error heaeders _before_ clearing them and _before_
7b9cb698dd07644762c675b5f57446467b4d5663Mark Andrews merging in the actual entity headers and doing normal
7b9cb698dd07644762c675b5f57446467b4d5663Mark Andrews hop-by-hop cleansing. [Dirk-Willem van Gulik].
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt *) cache: retire ap_cache_cacheable_hdrs_out() which was used
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt for both in- and out-put headers; and replace it by a single
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt ap_cache_cacheable_headers() wrapped in a in- and out-put
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt specific ap_cache_cacheable_headers_in()/out(). The latter
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt which will also merge error and ensure content-type. To keep
1d761cb453c76353deb8423c78e98d00c5f86ffaEvan Hunt cache modules consistent with ease. This API change bumps
98922b2b2b024dcca25be7c220cf3b16b1e6c4b5Evan Hunt up the minor MM by one [Dirk-Willem van Gulik].
14bf4702f37cc707ede64a097f7d4aa671265492Evan Hunt *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
14bf4702f37cc707ede64a097f7d4aa671265492Evan Hunt PR 44799 [Christian Wenz <christian wenz.org>]
31f6244cc25ab0f8937edc26dbb26ba4f6a01f19Evan Hunt *) Move the KeptBodySize directive, kept_body filters and the
31f6244cc25ab0f8937edc26dbb26ba4f6a01f19Evan Hunt ap_parse_request_body function out of the http module and into a
31f6244cc25ab0f8937edc26dbb26ba4f6a01f19Evan Hunt new module called mod_request, reducing the size of the core.
2729aea3c1a720269aaae92ce3a84af1ba0a75ebMark Andrews [Graham Leggett]
a1271e2404dd42fcc477974bd0a190224f34f5f7Mark Andrews *) mod_dbd: Handle integer configuration directive parameters with a
a1271e2404dd42fcc477974bd0a190224f34f5f7Mark Andrews dedicated function.
842a3e6d0eb745e34a3cc3e19c8c39b9492ac739Evan Hunt *) Change the directives within the mod_session* modules to be valid
842a3e6d0eb745e34a3cc3e19c8c39b9492ac739Evan Hunt both inside and outside the location/directory sections, as
842a3e6d0eb745e34a3cc3e19c8c39b9492ac739Evan Hunt suggested by wrowe. [Graham Leggett]
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt *) mod_auth_form: Add a module capable of allowing end users to log
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt in using an HTML form, storing the credentials within mod_session.
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt [Graham Leggett]
d7729155dff87d3c7a2b9103bf6e5164ea4d7dd7Mark Andrews *) Add a function to the http filters that is able to parse an HTML
62ec9fd1681ffae7d6b0d54618599ecf650e3100Mark Andrews form request with the type of application/x-www-form-urlencoded.
62ec9fd1681ffae7d6b0d54618599ecf650e3100Mark Andrews [Graham Leggett]
850b5e80930907e4747347201dc41e4d04e036f8Mark Andrews *) mod_session_crypto: Initialise SSL in the post config hook.
62ec9fd1681ffae7d6b0d54618599ecf650e3100Mark Andrews [Ruediger Pluem, Graham Leggett]
62ec9fd1681ffae7d6b0d54618599ecf650e3100Mark Andrews *) mod_session_dbd: Add a session implementation capable of storing
41e55d04032c0eefd39d74ffb73657b04fb821ecEvan Hunt session information in a SQL database via the dbd interface. Useful
41e55d04032c0eefd39d74ffb73657b04fb821ecEvan Hunt for sites where session privacy is important. [Graham Leggett]
166341d55424ca522eb456a1c7d0211e391f1ac8Evan Hunt *) mod_session_crypto: Add a session encoding implementation capable
166341d55424ca522eb456a1c7d0211e391f1ac8Evan Hunt of encrypting and decrypting sessions wherever they may be stored.
166341d55424ca522eb456a1c7d0211e391f1ac8Evan Hunt Introduces a level of privacy when sessions are stored on the
166341d55424ca522eb456a1c7d0211e391f1ac8Evan Hunt browser. [Graham Leggett]
166341d55424ca522eb456a1c7d0211e391f1ac8Evan Hunt *) mod_session_cookie: Add a session implementation capable of storing
166341d55424ca522eb456a1c7d0211e391f1ac8Evan Hunt session information within cookies on the browser. Useful for high
166341d55424ca522eb456a1c7d0211e391f1ac8Evan Hunt volume sites where server bound sessions are too resource intensive.
166341d55424ca522eb456a1c7d0211e391f1ac8Evan Hunt [Graham Leggett]
a165a17a81ff3285f4f4d79785fafb465e626183Evan Hunt *) mod_session: Add a generic session interface to unify the different
a165a17a81ff3285f4f4d79785fafb465e626183Evan Hunt attempts at saving persistent sessions across requests.
a165a17a81ff3285f4f4d79785fafb465e626183Evan Hunt [Graham Leggett]
c41d8a22ab5f4a487f4c16b78f23792f78a3a851Francis Dupont *) core, authn/z: Avoid calling access control hooks for internal requests
a165a17a81ff3285f4f4d79785fafb465e626183Evan Hunt with configurations which match those of initial request. Revert to
a165a17a81ff3285f4f4d79785fafb465e626183Evan Hunt original behaviour (call access control hooks for internal requests
a165a17a81ff3285f4f4d79785fafb465e626183Evan Hunt with URIs different from initial request) if any access control hooks or
08c67b5b7a54047fbfed423a59b48c86177b9859Evan Hunt providers are not registered as permitting this optimization.
08c67b5b7a54047fbfed423a59b48c86177b9859Evan Hunt Introduce wrappers for access control hook and provider registration
08c67b5b7a54047fbfed423a59b48c86177b9859Evan Hunt which can accept additional mode and flag data. [Chris Darroch]
e5f9fa7e18d50569a7d723acbb6f641e13ed3787Evan Hunt *) Introduced ap_expr API for expression evaluation.
e5f9fa7e18d50569a7d723acbb6f641e13ed3787Evan Hunt This is adapted from mod_include, which is the first module
62cce60a15990bf8ec05b4234a5c965a5a8e86c0Evan Hunt to use the new API.
62cce60a15990bf8ec05b4234a5c965a5a8e86c0Evan Hunt *) mod_authz_dbd: When redirecting after successful login/logout per
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt AuthzDBDRedirectQuery, do not report authorization failure, and use
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt first row returned by database query instead of last row.
e2d635d630f6f61fefd3d4475c45b097b16b8a2aEvan Hunt [Chris Darroch]
0a35160f4eb349188a988d2857e0b3052ad4b778Evan Hunt *) mod_ldap: Correctly return all requested attribute values
0a35160f4eb349188a988d2857e0b3052ad4b778Evan Hunt when some attributes have a null value.
a8cdf2a2e7e9a716a94db550138f1a65000fc19fEvan Hunt PR 44560 [Anders Kaseorg <anders kaseorg.com>]
a8cdf2a2e7e9a716a94db550138f1a65000fc19fEvan Hunt *) core: check symlink ownership if both FollowSymlinks and
a8cdf2a2e7e9a716a94db550138f1a65000fc19fEvan Hunt SymlinksIfOwnerMatch are set [Nick Kew]
3249da26fc28297265d444a1f3647f1e6700a2a0Evan Hunt *) core: fix origin checking in SymlinksIfOwnerMatch
3249da26fc28297265d444a1f3647f1e6700a2a0Evan Hunt PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
d0803df3310ad09447c34b972e7594d576f5cbb5Evan Hunt *) Activate mod_cache, mod_file_cache and mod_disc_cache as part of the
d0803df3310ad09447c34b972e7594d576f5cbb5Evan Hunt 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
9d58bbdf12e77d2b62e669bc2965b0788b97731aJeremy C. Reed mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
47c847e286ac1d9dcc1b6dec5430ad9d2abad7b2Evan Hunt *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these
63add83a2699aac4e01be6d1f2d093cfed4f744aMark Andrews contain public function declarations which are useful for
63add83a2699aac4e01be6d1f2d093cfed4f744aMark Andrews third party module authors. PR 42431 [Dirk-Willem van Gulik].
75d747e1c5a30d6ef6c6238c6e27baa11d6f3bf6Mark Andrews *) mod_dir, mod_negotiation: pass the output filter information
fbc0e37e0c3732b20b0629056e98d712a118637fMark Andrews to newly created sub requests; as these are later on used
fbc0e37e0c3732b20b0629056e98d712a118637fMark Andrews as true requests with an internal redirect. This allows for
b8cf73a3b3e21d61f5a06670551ac22e61bcc4b1Mark Andrews mod_cache et.al. to trap the results of the redirect.
b8cf73a3b3e21d61f5a06670551ac22e61bcc4b1Mark Andrews [Dirk-Willem van Gulik, Ruediger Pluem]
b8cf73a3b3e21d61f5a06670551ac22e61bcc4b1Mark Andrews *) mod_ldap: Add support (taking advantage of the new APR capability)
b8cf73a3b3e21d61f5a06670551ac22e61bcc4b1Mark Andrews for ldap rebind callback while chasing referrals. This allows direct
b8cf73a3b3e21d61f5a06670551ac22e61bcc4b1Mark Andrews searches on LDAP servers (in particular MS Active Directory 2003+)
b8cf73a3b3e21d61f5a06670551ac22e61bcc4b1Mark Andrews using referrals without the use of the global catalog.
83f69fcd6ef72c9e2ebcb025b66a2ee74176becdEvan Hunt PRs 26538, 40268, and 42557 [Paul J. Reder]
83f69fcd6ef72c9e2ebcb025b66a2ee74176becdEvan Hunt *) mod_ssl: Added server name indication support (SNI, RFC 4366).
83f69fcd6ef72c9e2ebcb025b66a2ee74176becdEvan Hunt PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
83f69fcd6ef72c9e2ebcb025b66a2ee74176becdEvan Hunt can be created with test/make_sni.sh [Dirk-Willem van Gulik].
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt *) ApacheMonitor.exe: Introduce --kill argument for use by the
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt installer. This will permit the installation tool to remove
d58e33bfabfee19a035031dac633d36659738d56Evan Hunt all running instances before attempting to remove the .exe.
e45d0508c3460db87afb1f743bc5210522721bb3Evan Hunt [William Rowe]
e45d0508c3460db87afb1f743bc5210522721bb3Evan Hunt *) mod_ssl: Add support for OCSP validation of client certificates.
e45d0508c3460db87afb1f743bc5210522721bb3Evan Hunt PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton]
f8c990f6c2d3f75120bd67a55e87f21e88e9e5a6Evan Hunt *) mod_serf: New module for Reverse Proxying. [Paul Querna]
f8c990f6c2d3f75120bd67a55e87f21e88e9e5a6Evan Hunt *) core: Add the option to keep aside a request body up to a certain
db8938c993d3eaeae1d86feb1b5da511831a9014Mark Andrews size that would otherwise be discarded, to be consumed by filters
db8938c993d3eaeae1d86feb1b5da511831a9014Mark Andrews such as mod_include. When enabled for a directory, POST requests
db8938c993d3eaeae1d86feb1b5da511831a9014Mark Andrews to shtml files can be passed through to embedded scripts as POST
db8938c993d3eaeae1d86feb1b5da511831a9014Mark Andrews requests, rather being downgraded to GET requests. [Graham Leggett]
a147de10fe5e19e593d42152ffd6879eca69860dEvan Hunt *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
a147de10fe5e19e593d42152ffd6879eca69860dEvan Hunt *) scoreboard: Correctly declare ap_time_process_request.
702958d20247bb9e34019cf02d8ec18d4f3b1005Mark Andrews *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews provide the unusual legacy lookup. [William Rowe]
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews *) mpm winnt: fix null pointer dereference
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews PR 42572 [Davi Arnaut]
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews parameters to the environment. Improve portability to
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews EBCDIC machines by using apr_toupper(). [Martin Kraemer]
4882e183cac5772ea522811c758c402cd7e8ad5bEvan Hunt *) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews to authorize an authenticated user via a "require ldap-group X" directive
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews where the user is not in group X, but is in a subgroup contained in X.
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews PR 42891 [Paul J. Reder]
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews *) mod_ldap: Fix the search limit parameter to ldap_search_ext_s()
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews for SDKs that define LDAP_NO_LIMIT to something other than -1.
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews [David Jones <oscaremma gmail.com>]
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews *) apxs: Enhance -q flag to print all known variables and their values
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews when invoked without variable name(s).
cd7f8d18f8ed073ca5478d63f49179286d38d3d6Mark Andrews [William Rowe, Sander Temme]
a18fc12ba3d48b66bea298c80f3e3f09f3c91527Evan Hunt *) apxs: Eliminate run-time check for mod_so. PR 40653.
a18fc12ba3d48b66bea298c80f3e3f09f3c91527Evan Hunt [David M. Lee <dmlee crossroads.com>]
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt *) beos MPM: Create pmain pool and run modules' child_init hooks when
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt [Chris Darroch]
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt cleanups registered in modules' child_init hooks are performed.
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt [Chris Darroch]
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt *) mod_dbd: Stash DBD connections in request_config of initial request
07fb9b83308daea64e50a1f07052addc25c15ec3Mark Andrews only, or else sub-requests and internal redirections may cause
07fb9b83308daea64e50a1f07052addc25c15ec3Mark Andrews entire DBD pool to be stashed in a single HTTP request. [Chris Darroch]
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt *) Fix issue which could cause error messages to be written to access logs
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt on Win32. PR 40476. [Tom Donovan <Tom.Donovan acm.org>]
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt *) The LockFile directive, which specifies the location of
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt the accept() mutex lockfile, is deprecated. Instead, the
b751788932cf1a6d98ae83355f38a080125c2f3eEvan Hunt AcceptMutex directive now takes an optional lockfile
fb756ba3047770957173ba546257ca43af7ba3e4Mark Andrews location parameter, ala SSLMutex. [Jim Jagielski]
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt *) mod_authn_dbd: Export any additional columns queried in the SQL select
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt into the environment with the name AUTHENTICATE_<COLUMN>. This brings
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt *) mod_dbd: Key the storage of prepared statements on the hex string
7d2b185f16b165e311e5b451324fe9ab9898dcedEvan Hunt value of server_rec, rather than the server name, as the server name
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews may change (eg when the server name is set) at any time, causing
39c30670e869062914b6f7245b64b9ebe8747d86Mark Andrews weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
789252d55f025db52ee02aa933c9f09a4aadfa97Evan Hunt *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
789252d55f025db52ee02aa933c9f09a4aadfa97Evan Hunt *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
789252d55f025db52ee02aa933c9f09a4aadfa97Evan Hunt the first bucket from the brigade, finds it not to be a FILE
789252d55f025db52ee02aa933c9f09a4aadfa97Evan Hunt bucket and barfs. The fix is to pass a bucket rather than a brigade.
789252d55f025db52ee02aa933c9f09a4aadfa97Evan Hunt [Niklas Edmundsson <nikke acc.umu.se>]
789252d55f025db52ee02aa933c9f09a4aadfa97Evan Hunt *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
789252d55f025db52ee02aa933c9f09a4aadfa97Evan Hunt *) ap_get_server_version() has been removed. Third-party modules must
789252d55f025db52ee02aa933c9f09a4aadfa97Evan Hunt now use ap_get_server_banner() or ap_get_server_description().
e851ea826066ac5a5b01c2c23218faa0273a12e8Evan Hunt [Jeff Trawick]
e851ea826066ac5a5b01c2c23218faa0273a12e8Evan Hunt *) All MPMs: Introduce a check_config phase between pre_config and
d0e3216c217bf790c4a582191658c2a1900ff79fMark Andrews open_logs, to allow modules to review interdependent configuration
d0e3216c217bf790c4a582191658c2a1900ff79fMark Andrews directive values and adjust them while messages can still be logged
d0e3216c217bf790c4a582191658c2a1900ff79fMark Andrews to the console. Handle relevant MPM directives during this phase
e9649ece3bf32ff43faea13c76bbba7813d7e139Mark Andrews and format messages for both the console and the error log, as
e9649ece3bf32ff43faea13c76bbba7813d7e139Mark Andrews appropriate. [Chris Darroch]
2b258a1f5b02488c6a36ac1b0a7535b42ea6fd34Evan Hunt *) mod_proxy: don't URLencode tilde in path component
2b258a1f5b02488c6a36ac1b0a7535b42ea6fd34Evan Hunt [Stijn Hoop <stijn sandcat.nl>]
3f4a0e80fabe0233086e127aaabc6e68d6975c3aEvan Hunt *) mpm_winnt: Fix return values from wait_for_many_objects.
c14ba7107063650e7f4329e8c54adca57913381bEvan Hunt The return value is index to the signaled thread in the
b93ef543ab29be2c2d15049e02e66a31b27284aeMark Andrews creted_threads array. We can not use WAIT_TIMEOUT because
fa467e60c590072fd6848522456eb2cc41582c59Mark Andrews his value is defined as 258, thus limiting the MaxThreads
fa467e60c590072fd6848522456eb2cc41582c59Mark Andrews to that value. [Mladen Turk]
33a296aa3a3d5e808cabf556c95f29cc1eecff16Evan Hunt *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
b93ef543ab29be2c2d15049e02e66a31b27284aeMark Andrews to circumvent the symbolic link checks imposed by FollowSymLinks and
161e803a5608956271d8120be37a1b383d14b647Mark Andrews SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
161e803a5608956271d8120be37a1b383d14b647Mark Andrews *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
5f8d6cec48cef9055359c628942d633693f732b2Evan Hunt configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
5f8d6cec48cef9055359c628942d633693f732b2Evan Hunt The default is none as this is far greater debugging resolution than
5f8d6cec48cef9055359c628942d633693f732b2Evan Hunt the typical administrator is prepared to untangle. [William Rowe]
0606c47750ad362909f010db2ef1ff8dcc96f9cbEvan Hunt *) mod_disk_cache: If possible, check if the size of an object to cache is
0606c47750ad362909f010db2ef1ff8dcc96f9cbEvan Hunt within the configured boundaries before actually saving data.
0606c47750ad362909f010db2ef1ff8dcc96f9cbEvan Hunt [Niklas Edmundsson <nikke acc.umu.se>]
9b895f30f1734fd463a02b27cfd0cf36ec9893d5Evan Hunt *) mod_cache: Convert all values to seconds before comparing them when
9b895f30f1734fd463a02b27cfd0cf36ec9893d5Evan Hunt checking whether to send a Warning header for a stale response.
9b895f30f1734fd463a02b27cfd0cf36ec9893d5Evan Hunt PR 39713. [Owen Taylor <otaylor redhat.com>]
e4d0018d4c9c05fb2a2dbac05a67cc9ddbe2c3d9Mark Andrews *) mod_disk_cache: Delete temporary files if they cannot be renamed to their
e4d0018d4c9c05fb2a2dbac05a67cc9ddbe2c3d9Mark Andrews final name. [Davi Arnaut <davi haxent.com.br>]
00112618bc042f734de7b5ac86506cacb9acf36dMark Andrews *) Worker and event MPMs: Remove improper scoreboard updates which were
00112618bc042f734de7b5ac86506cacb9acf36dMark Andrews performed in the event of a fork() failure. [Chris Darroch]
0bbe3273a224aa07b6af4165a26fd26d6f30c0adEvan Hunt *) Add support for fcgi:// proxies to mod_rewrite.
0bbe3273a224aa07b6af4165a26fd26d6f30c0adEvan Hunt [Markus Schiegl <ms schiegl.com>]
445a354e63f84ac884d923f697b598b83288dc64Evan Hunt *) Remove incorrect comments from scoreboard.h regarding conditional
445a354e63f84ac884d923f697b598b83288dc64Evan Hunt loading of worker_score structure with mod_status, and remove unused
445a354e63f84ac884d923f697b598b83288dc64Evan Hunt definitions relating to old life_status field.
7d65cbaca0839ae23358dce26de426be1301657aMark Andrews [Chris Darroch <chrisd pearsoncmg.com>]
7d65cbaca0839ae23358dce26de426be1301657aMark Andrews *) Remove allocation of memory for unused array of lb_score pointers
bee9a28af0f923c205f76819618ed7ffcf3f6997Evan Hunt in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
bee9a28af0f923c205f76819618ed7ffcf3f6997Evan Hunt *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
8009525601d946805fae58b037cf7dad0da516f8Curtis Blackburn [Garrett Rooney, Jim Jagielski, Paul Querna]
bee9a28af0f923c205f76819618ed7ffcf3f6997Evan Hunt *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
8009525601d946805fae58b037cf7dad0da516f8Curtis Blackburn [Chris Darroch <chrisd pearsoncmg.com>]
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews *) mod_charset_lite: Remove Content-Length when output filter can
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews invalidate it. Warn when input filter can invalidate it.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews [Jeff Trawick]
2c2be89824d3899591d34c26adb155da6a993ce3Evan Hunt *) Authz: Add the new module mod_authn_core that will provide common
2c2be89824d3899591d34c26adb155da6a993ce3Evan Hunt authn directives such as 'AuthType', 'AuthName'. Move the directives
fb507315d4a921ffa9e2fd617cb3439ec8c15ca8Evan Hunt 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
fb507315d4a921ffa9e2fd617cb3439ec8c15ca8Evan Hunt into mod_authn_core. [Brad Nicholes]
ae871ebb28959bed920cc96cd9e91063b6625b78Mark Andrews *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
ae871ebb28959bed920cc96cd9e91063b6625b78Mark Andrews into the new module mod_access_compat which can be loaded to provide
49ae04f6ee2f2e2578e6cd8cd3d4c74e9098ccb0Mark Andrews support for these directives.
49ae04f6ee2f2e2578e6cd8cd3d4c74e9098ccb0Mark Andrews [Brad Nicholes]
d999ca28d40337907b55eebc28a255b638702379Evan Hunt *) Authz: Move the 'Require' directive from the core module as well as
d999ca28d40337907b55eebc28a255b638702379Evan Hunt add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
d999ca28d40337907b55eebc28a255b638702379Evan Hunt and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
fd63f3110fe9a20d6188bc30ebf4b44595bac8eeMark Andrews logic into the authorization processing. [Brad Nicholes]
fd63f3110fe9a20d6188bc30ebf4b44595bac8eeMark Andrews *) Authz: Add the new module mod_authz_core which acts as the
fd63f3110fe9a20d6188bc30ebf4b44595bac8eeMark Andrews authorization provider vector and contains common authz
15eb0cb8e15fc0f4f02713fd8d993476f0394763Evan Hunt directives. [Brad Nicholes]
225146b2c8c7de8dcff979841b56b15aef8aded2Mark Andrews *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
225146b2c8c7de8dcff979841b56b15aef8aded2Mark Andrews 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
434bfc3dfa2003ba0dd4b2392286806131fd6724Evan Hunt *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
434bfc3dfa2003ba0dd4b2392286806131fd6724Evan Hunt host-based access control provided by mod_authz_host and invoked
0618287859d99c2fc69790df28500fb37324d43dEvan Hunt through the 'Require' directive. [Brad Nicholes]
0618287859d99c2fc69790df28500fb37324d43dEvan Hunt *) Authz: Convert all of the authz modules from hook based to
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews provider based. [Brad Nicholes]
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews *) mod_cache: Add CacheMinExpire directive to set the minimum time in
eb5e0b8dec22de22dd824959e39b26c4f5b1c52dMark Andrews seconds to cache a document.
eb5e0b8dec22de22dd824959e39b26c4f5b1c52dMark Andrews [Brian Akins <brian.akins turner.com>, Ruediger Pluem]
77cf489a5fad28089cd9c2635a9b2494627545e1Mark Andrews *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
0a47bc90af557138a2aaff614ad73d95155ddd9eMark Andrews *) Fix typo in ProxyStatus syntax error message.
0a47bc90af557138a2aaff614ad73d95155ddd9eMark Andrews [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
c41afaf716091f1e04a1c55179c2c3ebdd0b9775Mark Andrews *) Asynchronous write completion for the Event MPM. [Brian Pane]
20489550151432d8d99c3f49629c7c718fdca6abMark Andrews *) Added an End-Of-Request bucket type. The logging of a request and
49c1e0d18d6f8b894ce2e6b485ef666599a83c21Mark Andrews the freeing of its pool are now done when the EOR bucket is destroyed.
49c1e0d18d6f8b894ce2e6b485ef666599a83c21Mark Andrews This has the effect of delaying the logging until right after the last
49c1e0d18d6f8b894ce2e6b485ef666599a83c21Mark Andrews of the response is sent; ap_core_output_filter() calls the access logger
49c1e0d18d6f8b894ce2e6b485ef666599a83c21Mark Andrews indirectly when it destroys the EOR bucket. [Brian Pane]
49c1e0d18d6f8b894ce2e6b485ef666599a83c21Mark Andrews *) Rewrite of logresolve support utility: IPv6 addresses are now supported
37bd255fd499c26aaf474f4294212951b84d9068Mark Andrews and the format of statistical output has changed. [Colm MacCarthaigh]
37bd255fd499c26aaf474f4294212951b84d9068Mark Andrews *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
7aa21a491d9468bfc29d8cc331a4e963874426dfFrancis Dupont *) Added new connection states for handler and write completion
34416a7954da96c5a5f5803fe02f059cb94bf6fdMark Andrews *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
34416a7954da96c5a5f5803fe02f059cb94bf6fdMark Andrews [Justin Erenkrantz]
6100b1769956200b2815803ab7b35556396ce0d1Mark Andrews *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
03152360db6fcb0fcc95fa63c20c5c829c95f1f6Mark Andrews allowing string-valued client certificate attributes to be used for
03152360db6fcb0fcc95fa63c20c5c829c95f1f6Mark Andrews access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
03152360db6fcb0fcc95fa63c20c5c829c95f1f6Mark Andrews [Martin Kraemer, David Reid]
aacd7daaf7859de742ab35eac00e70676b1b9f4fEvan Hunt [Apache 2.1.0-dev includes those bug fixes and changes with the
aacd7daaf7859de742ab35eac00e70676b1b9f4fEvan Hunt Apache 2.2.xx tree as documented, and except as noted, below.]
a379c8c108de279cc4e09139c12457c1531bd122Mark AndrewsChanges with Apache 2.2.x and later:
a379c8c108de279cc4e09139c12457c1531bd122Mark Andrews *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
7433a204d32673e9f6747172f202272cc5bfe27cMark AndrewsChanges with Apache 2.0.x and later:
1a4725bef25e60de161f77318f362c327b690d72Mark Andrews *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
1a4725bef25e60de161f77318f362c327b690d72Mark AndrewsChanges with Apache 1.3.x and later: