CHANGES revision 9ab5933c174cb21de69e8305f80544cbe7ed2a7c
d0cd4568592f103a454ac647f4961af293f88f4ejim -*- coding: utf-8 -*-
ec79b29695b183f794264bbb578c51e93d1f9b1emartinChanges with Apache 2.3.0
9ab5933c174cb21de69e8305f80544cbe7ed2a7ccovener *) mod_ldap: Copy cache lock into per-server config
9ab5933c174cb21de69e8305f80544cbe7ed2a7ccovener [Eric Covener]
9fcea5d26cbaf4df156b83df3aeecd2896a412fdniq *) mod_negotiation: preserve Query String in resolving a type map
9fcea5d26cbaf4df156b83df3aeecd2896a412fdniq PR 33112 [Jørgen Thomsen <apache jth.net>, Nick Kew]
c05a38095129d25a4ad10aa51584c774458fb089niq *) mod_deflate: fix content_encoding detection in inflate_out filter
c05a38095129d25a4ad10aa51584c774458fb089niq when it's not in response headers table.
c05a38095129d25a4ad10aa51584c774458fb089niq PR 42993 [Nick Kew]
c4a423b3ef5cf5bc7209b452ed0823b5a895ffd6jim *) mod_proxy: Improve network performance by setting APR_TCP_NODELAY
c4a423b3ef5cf5bc7209b452ed0823b5a895ffd6jim (disable Nagle algorithm) on sockets if implemented.
c4a423b3ef5cf5bc7209b452ed0823b5a895ffd6jim PR 42871 [Christian BOITEL <christian_boitel yahoo.fr>, Jim Jagielski]
5fc20796e4b0474cf8b2383945687783de1d3632jim *) mod_info: mod_info outputs invalid XHTML 1.0 transitional.
5fc20796e4b0474cf8b2383945687783de1d3632jim PR 42847 [Rici Lake <rici ricilake.net>]
277e6113b9243f84ba6bec5464914ab2172b9d4ajim *) mime.types: add registered Apple installer type
084d3bd7b9e5456e77664b61c0d6f3448edf3726niq PR 40379 [Peter Bierman <pmb+apache apple.com>]
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj *) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj to authorize an authenticated user via a "require ldap-group X" directive
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj where the user is not in group X, but is in a subgroup contained in X.
3f5585f7f4a7d74f2f94ec729ea8c1879d419e35rederpj PR 42891 [Paul J. Reder]
f85bcbc579bb47de4d3f7d72ccaacc8ad4525238gregames *) mod_deflate: don't try to process metadata buckets as data. what should
f85bcbc579bb47de4d3f7d72ccaacc8ad4525238gregames have been a 413 error was logged as a 500 and a blank screen appeared
f85bcbc579bb47de4d3f7d72ccaacc8ad4525238gregames at the browser.
f85bcbc579bb47de4d3f7d72ccaacc8ad4525238gregames [Greg Ames, Ruediger Pluem]
5d4512d8c3a70094ff3e941667007a42925f73e2jorton *) SECURITY: CVE-2007-3304 (cve.mitre.org)
5d4512d8c3a70094ff3e941667007a42925f73e2jorton prefork, worker, event MPMs: Ensure that the parent process cannot
5d4512d8c3a70094ff3e941667007a42925f73e2jorton be forced to kill processes outside its process group. [Joe Orton]
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton *) SECURITY: CVE-2006-5752 (cve.mitre.org)
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton mod_status: Fix a possible XSS attack against a site with a public
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton server-status page and ExtendedStatus enabled, for browsers which
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton perform charset "detection". Reported by Stefan Esser. [Joe Orton]
135402675e89e6df0e17735e48f428a1e1d8eb16pquerna *) Event MPM: Add support for running under mod_ssl, by reverting to the
135402675e89e6df0e17735e48f428a1e1d8eb16pquerna Worker MPM behaviors, when run under an input filter that buffers
135402675e89e6df0e17735e48f428a1e1d8eb16pquerna its own data. [Paul Querna]
e4b96ba15dc8b2b27d251d53e29b86da32cd5066pquerna *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
4233b18553d723a4e22d6126866f05e3d842f781covener *) SECURITY: CVE-2007-1862 (cve.mitre.org)
4233b18553d723a4e22d6126866f05e3d842f781covener mod_mem_cache: Copy headers into longer lived storage; header names and
4233b18553d723a4e22d6126866f05e3d842f781covener values could previously point to cleaned up storage
4233b18553d723a4e22d6126866f05e3d842f781covener PR 41551 [Davi Arnaut <davi haxent.com.br>]
c4313e35bed51fd5525e60333eb5d64021ab5057jerenkrantz *) mod_cache: Do not set Date or Expires when they are missing from
c4313e35bed51fd5525e60333eb5d64021ab5057jerenkrantz the original response or are invalid. [Justin Erenkrantz]
5b4d25005978c3667f44fbd5dcbd4cc34e9c714djerenkrantz *) mod_cache: Correctly handle HEAD requests on expired cache content.
5b4d25005978c3667f44fbd5dcbd4cc34e9c714djerenkrantz PR 41230. [Niklas Edmundsson]
236675b0526bbf82edb9a34e9b10be56cc10b9cdjim *) mod_proxy: Added ProxyPassMatch directive, which is similar
236675b0526bbf82edb9a34e9b10be56cc10b9cdjim to ProxyPass but takes a regex local path prefix. [Jim Jagielski]
7e852fc77c66ea1edb4e88808bb75ecd3603a2e5wrowe *) mod_so: Solve dev's confusion by reporting expected/seen module
7e852fc77c66ea1edb4e88808bb75ecd3603a2e5wrowe magic signatures when failing with a 'garbled' message, and solve
7e852fc77c66ea1edb4e88808bb75ecd3603a2e5wrowe user's confusion by pointing out 'perhaps compiled for a different
7e852fc77c66ea1edb4e88808bb75ecd3603a2e5wrowe version of apache?'. [William Rowe]
e5106092b7fae78cec4898042a78a10acccb4cacwrowe *) mod_ssl: Version reporting update; displays 'compiled against'
e5106092b7fae78cec4898042a78a10acccb4cacwrowe Apache and build-time SSL Library versions at loglevel [info],
e5106092b7fae78cec4898042a78a10acccb4cacwrowe while reporting the run-time SSL Library version in the server
e5106092b7fae78cec4898042a78a10acccb4cacwrowe info tags. Helps to identify a mod_ssl built against one flavor
e5106092b7fae78cec4898042a78a10acccb4cacwrowe of OpenSSL but running against another (also adds SSL-C version
e5106092b7fae78cec4898042a78a10acccb4cacwrowe number reporting.) [William Rowe]
470d223738c1dfc4e07c7fae5d186e9dfadd9643jorton *) core: Change etag generation to produce identical results on
470d223738c1dfc4e07c7fae5d186e9dfadd9643jorton 32-bit and 64-bit platforms. PR 40064. [Joe Orton]
81bd9331da3bd0f53255d52b1475480ff3a4b395trawick *) ab: Add -r option to continue after socket receive errors.
81bd9331da3bd0f53255d52b1475480ff3a4b395trawick [Filip Hanik <devlist hanik.com>]
cd3bbd6d2df78d6c75e5d159a81ef8bdd5f70df9trawick *) mod_ldap: Fix the search limit parameter to ldap_search_ext_s()
cd3bbd6d2df78d6c75e5d159a81ef8bdd5f70df9trawick for SDKs that define LDAP_NO_LIMIT to something other than -1.
cd3bbd6d2df78d6c75e5d159a81ef8bdd5f70df9trawick [David Jones <oscaremma gmail.com>]
c7c8dd19c90c5ee7205ccdf443585d14da3daecechrisd *) mod_dbd: Introduce configuration groups to allow inheritance by virtual
c7c8dd19c90c5ee7205ccdf443585d14da3daecechrisd hosts of database configurations from the main server. Determine the
c7c8dd19c90c5ee7205ccdf443585d14da3daecechrisd minimal set of distinct configurations and share connection pools
c7c8dd19c90c5ee7205ccdf443585d14da3daecechrisd whenever possible. Allow virtual hosts to override inherited SQL
13ce20bba632871d7ceb413f39dc73c718ddec7dchrisd statements. PR 41302. [Chris Darroch]
421e0a5d1c49de76406f61e9abef271af2336c31rpluem *) core: Fix broken chunk filtering that causes all non blocking reads to be
421e0a5d1c49de76406f61e9abef271af2336c31rpluem converted into blocking reads. PR 41056. [Jean-Frederic Clere, Jim Jagielski]
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme *) apxs: Enhance -q flag to print all known variables and their values
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme when invoked without variable name(s).
108ebbb87b2a46f4416ec507824471a483c39fe1sctemme [William Rowe, Sander Temme]
bed7fc979e00a75f76ed79245f003b52e91d40abchrisd *) mod_dbd: Create memory sub-pools for each DB connection and close
bed7fc979e00a75f76ed79245f003b52e91d40abchrisd DB connections in a pool cleanup function. Ensure prepared statements
bed7fc979e00a75f76ed79245f003b52e91d40abchrisd are destroyed before DB connection is closed. When using reslists,
bed7fc979e00a75f76ed79245f003b52e91d40abchrisd prevent segfaults when child processes exit, and stop memory leakage
bed7fc979e00a75f76ed79245f003b52e91d40abchrisd of ap_dbd_t structures. Avoid use of global s->process->pool, which
bed7fc979e00a75f76ed79245f003b52e91d40abchrisd isn't destroyed by exiting child processes in most multi-process MPMs.
bed7fc979e00a75f76ed79245f003b52e91d40abchrisd PR 39985. [Chris Darroch, Nick Kew]
7abe34dd5a20fc8fde09dca9116b88e6ddfd55ddjorton *) apxs: Eliminate run-time check for mod_so. PR 40653.
7abe34dd5a20fc8fde09dca9116b88e6ddfd55ddjorton [David M. Lee <dmlee crossroads.com>]
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd *) beos MPM: Create pmain pool and run modules' child_init hooks when
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
10d486b9267800c5e376c22f6c0d45dc2ae86f67chrisd [Chris Darroch]
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd cleanups registered in modules' child_init hooks are performed.
3e155218733389e7b1ea3a9ffd0aea533fd929cechrisd [Chris Darroch]
e4edb2d4252459327f6edd834de6825873e60134chrisd *) mod_dbd: Handle error conditions in dbd_construct() properly.
e4edb2d4252459327f6edd834de6825873e60134chrisd Simplify ap_dbd_open() and use correct arguments to apr_dbd_error()
e4edb2d4252459327f6edd834de6825873e60134chrisd when non-threaded. Register correct cleanup data in non-threaded
e4edb2d4252459327f6edd834de6825873e60134chrisd ap_dbd_acquire() and ap_dbd_cacquire(). Clean up configuration data
e4edb2d4252459327f6edd834de6825873e60134chrisd and merge function. Use ap_log_error() wherever possible.
e4edb2d4252459327f6edd834de6825873e60134chrisd [Chris Darroch, Nick Kew]
111c8f806b790a72ad0244aae35252470662e10drpluem *) core: Do not replace a Date header set by a proxied backend server.
111c8f806b790a72ad0244aae35252470662e10drpluem PR 40232. [Ruediger Pluem]
399d43256a3339482bfa6cb76eb72ce5b363ae7arpluem *) mod_proxy: Ensure that at least scheme://hostname[:port] matches between
399d43256a3339482bfa6cb76eb72ce5b363ae7arpluem worker and URL when searching for the best fitting worker for a given URL.
399d43256a3339482bfa6cb76eb72ce5b363ae7arpluem PR 40910. [Ruediger Pluem]
37b35c7feec8216b5119c0c083990cfe4e400769rpluem *) mod_cache: Remove expired content from cache that cannot be revalidated.
37b35c7feec8216b5119c0c083990cfe4e400769rpluem PR 30370. [Ruediger Pluem]
dd6199828976e6c7850ca6abd7a1ceba99e9ed16chrisd *) mod_dbd: Stash DBD connections in request_config of initial request
dd6199828976e6c7850ca6abd7a1ceba99e9ed16chrisd only, or else sub-requests and internal redirections may cause
dd6199828976e6c7850ca6abd7a1ceba99e9ed16chrisd entire DBD pool to be stashed in a single HTTP request. [Chris Darroch]
3ff68b9ee78262779dbedf791576d35fdd229f7brpluem *) mod_proxy: Add a missing assignment in an error checking code path.
3ff68b9ee78262779dbedf791576d35fdd229f7brpluem PR 40865. [Andrew Rucker Jones <arjones simultan.dyndns.org>]
de0fed4fa6741aea09dbe28f03aa4c20e822ed5drpluem *) mod_mem_cache: Increase the minimum and default value for
de0fed4fa6741aea09dbe28f03aa4c20e822ed5drpluem MCacheMinObjectSize from 0 to 1, as a MCacheMinObjectSize of 0 does not
de0fed4fa6741aea09dbe28f03aa4c20e822ed5drpluem make sense and leads to a division by zero. PR 40576.
ab43b4a17b2ac31ccb1cf280be8c42a8a314cecbjorton *) Fix issue which could cause error messages to be written to access logs
ab43b4a17b2ac31ccb1cf280be8c42a8a314cecbjorton on Win32. PR 40476. [Tom Donovan <Tom.Donovan acm.org>]
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim *) The LockFile directive, which specifies the location of
f3a5934ca0fb0f0f813bd9d9d06af8937e3f401fjim the accept() mutex lockfile, is deprecated. Instead, the
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim AcceptMutex directive now takes an optional lockfile
67139e2d50d1e11558d87f7042f61cb04bb0d1d2jim location parameter, ala SSLMutex. [Jim Jagielski]
a4ab95921be8ce5de50913cd6505d41b672eb375minfrin *) mod_authn_dbd: Export any additional columns queried in the SQL select
a4ab95921be8ce5de50913cd6505d41b672eb375minfrin into the environment with the name AUTHENTICATE_<COLUMN>. This brings
a4ab95921be8ce5de50913cd6505d41b672eb375minfrin mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin *) mod_dbd: Key the storage of prepared statements on the hex string
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin value of server_rec, rather than the server name, as the server name
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin may change (eg when the server name is set) at any time, causing
e605dd6afa940f799c873ffeaa5e25fa4ea9a2c8minfrin weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
50c06405bc48121db2913925549407fd3e79bcedmturk *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
dec02391360e503cd3437d16bed765dc653b9de5minfrin *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
dec02391360e503cd3437d16bed765dc653b9de5minfrin the first bucket from the brigade, finds it not to be a FILE
dec02391360e503cd3437d16bed765dc653b9de5minfrin bucket and barfs. The fix is to pass a bucket rather than a brigade.
dec02391360e503cd3437d16bed765dc653b9de5minfrin [Niklas Edmundsson <nikke acc.umu.se>]
1b27a3a26f18191db7ecb4d536cb121ba9520a8eniq *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
686ce4eade942e515b1725d0c9751da36b759a6ctrawick *) ap_get_server_version() has been removed. Third-party modules must
686ce4eade942e515b1725d0c9751da36b759a6ctrawick now use ap_get_server_banner() or ap_get_server_description().
686ce4eade942e515b1725d0c9751da36b759a6ctrawick [Jeff Trawick]
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd *) All MPMs: Introduce a check_config phase between pre_config and
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd open_logs, to allow modules to review interdependent configuration
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd directive values and adjust them while messages can still be logged
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd to the console. Handle relevant MPM directives during this phase
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd and format messages for both the console and the error log, as
4bd465052c4a0c8d41e573ee7a90c312d980355fchrisd appropriate. [Chris Darroch]
27b38d4191d5f638165e2a77ec6e6f567bd7784dniq *) mod_proxy: don't URLencode tilde in path component
27b38d4191d5f638165e2a77ec6e6f567bd7784dniq [Stijn Hoop <stijn sandcat.nl>]
a87e2a23083aa62229307482afbb3b802a0c2105mturk *) mpm_winnt: Fix return values from wait_for_many_objects.
a87e2a23083aa62229307482afbb3b802a0c2105mturk The return value is index to the signaled thread in the
a87e2a23083aa62229307482afbb3b802a0c2105mturk creted_threads array. We can not use WAIT_TIMEOUT because
a87e2a23083aa62229307482afbb3b802a0c2105mturk his value is defined as 258, thus limiting the MaxThreads
a87e2a23083aa62229307482afbb3b802a0c2105mturk to that value. [Mladen Turk]
8fd638698262130d00458b2c95548f6f94875847rpluem *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
534611d341a1a48b93c7a1fd5e333dbd261527d3rpluem to circumvent the symbolic link checks imposed by FollowSymLinks and
534611d341a1a48b93c7a1fd5e333dbd261527d3rpluem SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
e99dfd55d29a7b4209b814efc7270d0b74ccee74niq *) mod_proxy: Support environment variable interpolation in reverse
c3c8103039e36494987aff50451896459826a361rpluem proxying directives. [Nick Kew]
127aef4ce9f7b6b32a95c5ed9a93b796d18755e6rpluem *) core: Add the filename of the configuration file to the warning message
127aef4ce9f7b6b32a95c5ed9a93b796d18755e6rpluem about the useless use of AllowOverride. PR 39992.
127aef4ce9f7b6b32a95c5ed9a93b796d18755e6rpluem [Darryl Miles <darryl darrylmiles.org>]
79d4b708d021714647aab8b138ae671ed24765cewrowe *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
79d4b708d021714647aab8b138ae671ed24765cewrowe configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
79d4b708d021714647aab8b138ae671ed24765cewrowe The default is none as this is far greater debugging resolution than
79d4b708d021714647aab8b138ae671ed24765cewrowe the typical administrator is prepared to untangle. [William Rowe]
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem *) mod_disk_cache: If possible, check if the size of an object to cache is
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem within the configured boundaries before actually saving data.
88d0e50f16b21d4d0af0a48da7ad28fb5991834crpluem [Niklas Edmundsson <nikke acc.umu.se>]
15264721069299ec26493e21d56bf8ff7faf6f0drpluem *) mod_cache: Convert all values to seconds before comparing them when
15264721069299ec26493e21d56bf8ff7faf6f0drpluem checking whether to send a Warning header for a stale response.
15264721069299ec26493e21d56bf8ff7faf6f0drpluem PR 39713. [Owen Taylor <otaylor redhat.com>]
25a81ea1bca1c89cda713c4d23660e487b1488a0rpluem *) mod_disk_cache: Delete temporary files if they cannot be renamed to their
25a81ea1bca1c89cda713c4d23660e487b1488a0rpluem final name. [Davi Arnaut <davi haxent.com.br>]
48fa058fe468025347930610ac2473094fa0f4e4chrisd *) Worker and event MPMs: Remove improper scoreboard updates which were
48fa058fe468025347930610ac2473094fa0f4e4chrisd performed in the event of a fork() failure. [Chris Darroch]
3ec4328f079d8867cc323155e59678ad9437914frooneg *) Add support for fcgi:// proxies to mod_rewrite.
3ec4328f079d8867cc323155e59678ad9437914frooneg [Markus Schiegl <ms schiegl.com>]
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd *) Remove incorrect comments from scoreboard.h regarding conditional
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd loading of worker_score structure with mod_status, and remove unused
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd definitions relating to old life_status field.
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd [Chris Darroch <chrisd pearsoncmg.com>]
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd *) Remove allocation of memory for unused array of lb_score pointers
de0d0b50c96fae59c28e09fed61b0d15cfa4147bchrisd in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
db78659055df54243bca678c35bd2ce7e31a9237rooneg *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
edf6757df85878dc8ce11fb3840ee4cde6de5b2frooneg [Garrett Rooney, Jim Jagielski, Paul Querna]
95817edd05387a5276f51fcd5db79fc21b89b55brooneg *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
95817edd05387a5276f51fcd5db79fc21b89b55brooneg [Chris Darroch <chrisd pearsoncmg.com>]
63689d77e084e36b8194fb6df5adfc0344965e01trawick *) mod_charset_lite: Remove Content-Length when output filter can
63689d77e084e36b8194fb6df5adfc0344965e01trawick invalidate it. Warn when input filter can invalidate it.
63689d77e084e36b8194fb6df5adfc0344965e01trawick [Jeff Trawick]
5714cdd83e23557d801437daa5e3ab8ba78ae595jorton *) mod_ssl: Fix spurious hostname mismatch warning for valid
5714cdd83e23557d801437daa5e3ab8ba78ae595jorton wildcard certificates. PR 37911. [Nick Burch <nick torchbox.com>]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes *) Authz: Add the new module mod_authn_core that will provide common
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes authn directives such as 'AuthType', 'AuthName'. Move the directives
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes into mod_authn_core. [Brad Nicholes]
8b67b9d3ce40755d1b58971198a02b2749d8e13dbnicholes *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
8b67b9d3ce40755d1b58971198a02b2749d8e13dbnicholes into the new module mod_access_compat which can be loaded to provide
8b67b9d3ce40755d1b58971198a02b2749d8e13dbnicholes support for these directives.
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes [Brad Nicholes]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes *) Authz: Move the 'Require' directive from the core module as well as
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes logic into the authorization processing. [Brad Nicholes]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes *) Authz: Add the new module mod_authz_core which acts as the
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes authorization provider vector and contains common authz
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes directives. [Brad Nicholes]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes host-based access control provided by mod_authz_host and invoked
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes through the 'Require' directive. [Brad Nicholes]
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes *) Authz: Convert all of the authz modules from hook based to
69c36bbae91de0e99a682aaae9d6fa61fceb2771bnicholes provider based. [Brad Nicholes]
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem *) mod_cache: Add CacheMinExpire directive to set the minimum time in
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem seconds to cache a document.
1b0dce86d7fc8a5aa4c89b05255be26e508c615crpluem [Brian Akins <brian.akins turner.com>, Ruediger Pluem]
edc5389f50ce4153e6192740f3c7a188c8cf8d67niq *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
6c05afd314b4ddd545d63b4ff5de822cc30eec79trawick *) Fix typo in ProxyStatus syntax error message.
6c05afd314b4ddd545d63b4ff5de822cc30eec79trawick [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
13cd67e9c1dacbd6b9f040bda337c725cedd98f3brianp *) Asynchronous write completion for the Event MPM. [Brian Pane]
a623efbff95aab78da9e030524b0fa69b054f6d0brianp *) Added an End-Of-Request bucket type. The logging of a request and
a623efbff95aab78da9e030524b0fa69b054f6d0brianp the freeing of its pool are now done when the EOR bucket is destroyed.
a623efbff95aab78da9e030524b0fa69b054f6d0brianp This has the effect of delaying the logging until right after the last
a623efbff95aab78da9e030524b0fa69b054f6d0brianp of the response is sent; ap_core_output_filter() calls the access logger
a623efbff95aab78da9e030524b0fa69b054f6d0brianp indirectly when it destroys the EOR bucket. [Brian Pane]
0b4b04d8621478ba59f0a6ba2950ddc02ab92b58colm *) Rewrite of logresolve support utility: IPv6 addresses are now supported
0b4b04d8621478ba59f0a6ba2950ddc02ab92b58colm and the format of statistical output has changed. [Colm MacCarthaigh]
2f1bb5376c5c4022383bb729679ca751dd75a2eabrianp *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
ad862ab5716726a2d72a292ba1dfb29566c86153brianp *) Added new connection states for handler and write completion
ad862ab5716726a2d72a292ba1dfb29566c86153brianp [Brian Pane]
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
17d53ea32c4968e47733f1c2c063ae07d280efd6jerenkrantz [Justin Erenkrantz]
2d5532b13110a8d85653da92e97795b09cc25cc2trawick *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
b38565306421ff53e9f7499bc728d6df5cec294dpquerna allowing string-valued client certificate attributes to be used for
b38565306421ff53e9f7499bc728d6df5cec294dpquerna access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
b38565306421ff53e9f7499bc728d6df5cec294dpquerna [Martin Kraemer, David Reid]
6f715f23d1ef4d412dc89cf8e483bf1154686cedwroweChanges with Apache 2.2.5
bf511f47b2f272119c064c682e87f74809fed0fbjim *) mod_deflate: fix protocol handling in deflate input filter
bf511f47b2f272119c064c682e87f74809fed0fbjim PR 23287 [Nick Kew]
bf511f47b2f272119c064c682e87f74809fed0fbjim *) mod_proxy: fix buffer overflow issue
bf511f47b2f272119c064c682e87f74809fed0fbjim PR 41144 [Davi Arnaut]
96352b5caba97685f248e83585a58558ab61746cjim *) mime.types: add Registered Javascript/ECMAScript MIME types (RFC4329)
96352b5caba97685f248e83585a58558ab61746cjim PR 40299 [Dave Hodder <dmh dmh.org.uk>]
96352b5caba97685f248e83585a58558ab61746cjim *) mod_filter: fix integer comparisons in dispatch rules
96352b5caba97685f248e83585a58558ab61746cjim PR 41835 [Nick Kew]
96352b5caba97685f248e83585a58558ab61746cjim *) mod_filter: fix merging of ! and = in FilterChain
96352b5caba97685f248e83585a58558ab61746cjim PR 42186 [Issac Goldstand <margol beamartyr.net>]
211b32adc6bb57a312e7e8d089d177501767775ajim *) mod_cache: Let Cache-Control max-age set the expiration of the cached
211b32adc6bb57a312e7e8d089d177501767775ajim representation if Expires is not set. [Justin Erenkrantz]
86cea5a879d441110ad4f5a12261c1d6f9aa3523jerenkrantz *) mod_disk_cache: Allow Vary'd responses to be refreshed properly.
86cea5a879d441110ad4f5a12261c1d6f9aa3523jerenkrantz [Justin Erenkrantz]
86cea5a879d441110ad4f5a12261c1d6f9aa3523jerenkrantz *) mod_cache: Allow caching of requests with query arguments when
86cea5a879d441110ad4f5a12261c1d6f9aa3523jerenkrantz Cache-Control max-age is explicitly specified. [Justin Erenkrantz]
86cea5a879d441110ad4f5a12261c1d6f9aa3523jerenkrantz *) mod_proxy: Print the correct error message for erroneous configured
86cea5a879d441110ad4f5a12261c1d6f9aa3523jerenkrantz ProxyPass directives. PR 40439. [serai lans-tv.com]
86cea5a879d441110ad4f5a12261c1d6f9aa3523jerenkrantz *) mod_so: Provide more helpful LoadModule feedback when an error occurs.
86cea5a879d441110ad4f5a12261c1d6f9aa3523jerenkrantz [William Rowe]
86cea5a879d441110ad4f5a12261c1d6f9aa3523jerenkrantz *) mod_alias: Accept path components (URL part) in Redirects. PR 35314.
86cea5a879d441110ad4f5a12261c1d6f9aa3523jerenkrantz *) mod_headers: Allow % at the end of a Header value. PR 36609.
86cea5a879d441110ad4f5a12261c1d6f9aa3523jerenkrantz [Nick Kew, Ruediger Pluem]
8d29663ccfe9b7908257c3f6dd67829bca27da01rpluem *) mod_cache: Use the same cache key throughout the whole request processing
8d29663ccfe9b7908257c3f6dd67829bca27da01rpluem to handle escaped URLs correctly. PR 41475. [Ruediger Pluem]
8d29663ccfe9b7908257c3f6dd67829bca27da01rpluem *) mod_cache: Add CacheIgnoreQueryString directive. PR 41484.
f1ca07dc17883c1a894300534a144ac15018a545rpluem *) mod_cache: While serving a cached entity ensure that filters that have
f1ca07dc17883c1a894300534a144ac15018a545rpluem been applied to this cached entity before saving it to the cache are not
f1ca07dc17883c1a894300534a144ac15018a545rpluem applied again. PR 40090. [Ruediger Pluem]
961e5ad9f2e71ceebb585d38a2b34c98dcf5fc50rpluem *) mod_cache: Correctly cache objects whose URL query string has been
961e5ad9f2e71ceebb585d38a2b34c98dcf5fc50rpluem modified by mod_rewrite. PR 40805. [Ruediger Pluem]
9f4f51c3c7cad19cc4b40adf6780434553bd3c2bjorton *) mod_proxy_http: Change handling of ProxyErrorOverride such that
9f4f51c3c7cad19cc4b40adf6780434553bd3c2bjorton 3xx responses are no longer over-ridden (handling of 4xx and 5xx
9f4f51c3c7cad19cc4b40adf6780434553bd3c2bjorton responses is unchanged). PR 39245.
cf271ff5f3e95ebd3fec31d7073713ab6ada8225jim [Jeff Trawick, Bart van der Schans <schans hippo.nl>]
cf271ff5f3e95ebd3fec31d7073713ab6ada8225jim *) htdbm: Enable crypt support on platforms with crypt() but not
cf271ff5f3e95ebd3fec31d7073713ab6ada8225jim <crypt.h>, such as z/OS. [David Jones <oscaremma gmail.com>]
cf271ff5f3e95ebd3fec31d7073713ab6ada8225jim *) mod_ssl: initialize thread locks before initializing the hardware
cf271ff5f3e95ebd3fec31d7073713ab6ada8225jim acceleration library, so the latter can make use of the former.
cf271ff5f3e95ebd3fec31d7073713ab6ada8225jim PR 20951. [adunn at ncipher.com]
cf271ff5f3e95ebd3fec31d7073713ab6ada8225jim *) ab.c: Correct behavior of HTTP request headers sent by ab
cf271ff5f3e95ebd3fec31d7073713ab6ada8225jim in presence of -H command-line overrides. PR 31268, 26554.
cf271ff5f3e95ebd3fec31d7073713ab6ada8225jim *) ab.c: The apr_port_t type is unsigned, but ab was using a
cf271ff5f3e95ebd3fec31d7073713ab6ada8225jim signed format code in its reports. PR 42070.
cf271ff5f3e95ebd3fec31d7073713ab6ada8225jim [Takashi Sato <serai lans-tv.com>]
2d979f1a392940641629f0bbfbdc4e7ac1f52ad3trawick *) core: Correct a regression since 2.0.x in the handling of AllowOverride
2d979f1a392940641629f0bbfbdc4e7ac1f52ad3trawick Options. PR 41829. [Torsten Förtsch <torsten.foertsch gmx.net>]
2d979f1a392940641629f0bbfbdc4e7ac1f52ad3trawick *) mod_proxy_http: Handle request bodies larger than 2 GB by converting
2d979f1a392940641629f0bbfbdc4e7ac1f52ad3trawick the Content-Length header of the request correctly. PR 40883.
2d979f1a392940641629f0bbfbdc4e7ac1f52ad3trawick [Ruediger Pluem, toadie <toadie643 gmail.com>]
6a2a19c3a70c6e8f6bdce8e1dcde95bc5a591235jim *) mod_proxy: Fix some proxy setting inheritance problems (eg:
6a2a19c3a70c6e8f6bdce8e1dcde95bc5a591235jim ProxyTimeout). PR 11540. [Stuart Children <stuart terminus.co.uk>]
eed0a2641e6988b8190af0625d4a99b2d02bdde9trawick *) Unix MPMs: Catch SIGFPE so that exception hooks and CoreDumpDirectory
eed0a2641e6988b8190af0625d4a99b2d02bdde9trawick can work after that terminating signal.
eed0a2641e6988b8190af0625d4a99b2d02bdde9trawick [Eric Covener <covener gmail.com>]
6f715f23d1ef4d412dc89cf8e483bf1154686cedwrowe *) Win32: Makefile.win will now build with MS VC 8 (Visual Studio 2005)
6f715f23d1ef4d412dc89cf8e483bf1154686cedwrowe including embedding the .manifest information into each binary.
6f715f23d1ef4d412dc89cf8e483bf1154686cedwrowe [William Rowe]
2cef392e45f74260035e7449fc95d032baa88084jimChanges with Apache 2.2.4
205c204b61b6ecf592cc0ea251ae2f02fc7e19f1wrowe *) mod_isapi: Correctly present SERVER_PORT_SECURE.
205c204b61b6ecf592cc0ea251ae2f02fc7e19f1wrowe PR: 40573. [Matt Eaton <asf divinehawk.com>]
414d856f21668e07bcdcb8d050481796d84bda66trawick *) Allow htcacheclean, httxt2dbm, and fcgistarter to link apr/apr-util
414d856f21668e07bcdcb8d050481796d84bda66trawick statically like the older support programs.
414d856f21668e07bcdcb8d050481796d84bda66trawick [Eric Covener <covener gmail.com>]
e4eeafb5814b5add53efc27debb231db37d34676jim *) core: Fix NONBLOCK status of listening sockets on restart/graceful
e4eeafb5814b5add53efc27debb231db37d34676jim PR 37680. [Darius Davis <darius-abz free-range.com.au>]
29828f49377897a874aec410f90eda4977c144a7rpluem *) mod_deflate: Rework inflate output and deflate output filter to fix several
29828f49377897a874aec410f90eda4977c144a7rpluem issues: Incorrect handling of flush buckets, potential memory leaks,
29828f49377897a874aec410f90eda4977c144a7rpluem excessive memory usage in inflate output filter for large compressed
29828f49377897a874aec410f90eda4977c144a7rpluem content. PR 39854. [Ruediger Pluem, Nick Kew, Justin Erenkrantz]
6c7aa683421c46525e71a166a5a5b637f902e6bbjim *) mod_mem_cache: Memory leak fix: Unconditionally free the buffer.
6c7aa683421c46525e71a166a5a5b637f902e6bbjim [Davi Arnaut <davi haxent.com.br>]
cab76376671a3b885805a232b0fca9cd09763d6ejim *) Allow mod_dumpio to log at other than DEBUG levels via
cab76376671a3b885805a232b0fca9cd09763d6ejim the new DumpIOLogLevel directive. [Jim Jagielski]
57047462e24c25106ed3047dfa0f0673f0d6fc80trawick *) rotatelogs: Improve error message for open failures. PR 39487.
57047462e24c25106ed3047dfa0f0673f0d6fc80trawick [Joe Orton]
6584fe5dea4c3e48c28208482694e8b64e333790jim *) Better detection and clean up of ldap connection that has been
6584fe5dea4c3e48c28208482694e8b64e333790jim terminated by the ldap server. PR 40878.
6584fe5dea4c3e48c28208482694e8b64e333790jim [Rob Baily <rbaily servicebench com>]
554d13791e00914b9a752b05c3976d50dd27124ajim *) mod_mem_cache: Convert mod_mem_cache to use APR memory pool functions
554d13791e00914b9a752b05c3976d50dd27124ajim by creating a root pool for object persistence across requests. This
554d13791e00914b9a752b05c3976d50dd27124ajim also eliminates the need for custom serialization code.
554d13791e00914b9a752b05c3976d50dd27124ajim [Davi Arnaut <davi haxent.com.br>]
554d13791e00914b9a752b05c3976d50dd27124ajim *) mod_authnz_ldap: Add an AuthLDAPRemoteUserAttribute directive. If
554d13791e00914b9a752b05c3976d50dd27124ajim set, REMOTE_USER will be set to this attribute, rather than the
554d13791e00914b9a752b05c3976d50dd27124ajim username supplied by the user. Useful for example when you want users
554d13791e00914b9a752b05c3976d50dd27124ajim to log in using an email address, but need to supply a userid instead
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem to the backend. [Graham Leggett]
d247789737dad3168ec8c0aea51fcb9b87d371aajim *) mod_cgi and mod_cgid: Don't use apr_status_t error return
d247789737dad3168ec8c0aea51fcb9b87d371aajim from input filters as HTTP return value from the handler.
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem PR 31579. [Nick Kew]
8490276a0c949567788c47c37468eda0ca339d8etrawick *) mod_cache: Eliminate a bogus error in the log when a filter returns
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem AP_FILTER_ERROR. [Niklas Edmundsson <nikke acc.umu.se>]
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem *) core: Fix issue which could cause piped loggers to be orphaned and never
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem terminate after a graceful restart. PR 40651. [Joe Orton, Ruediger Pluem]
205c204b61b6ecf592cc0ea251ae2f02fc7e19f1wrowe *) core: Fix address-in-use startup failure caused by corruption of the list
205c204b61b6ecf592cc0ea251ae2f02fc7e19f1wrowe of listen sockets in some configurations with multiple generic Listen
b87fe8021e886342fdf61b56ee23be46641900d1trawick directives. [Jeff Trawick]
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem *) mod_headers: Support regexp-based editing of HTTP headers. [Nick Kew]
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem *) mod_proxy: Add explicit flushing feature. When Servlet container sends AJP
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem body message with size 0, this means that Servlet container has asked for
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem an explicit flush. Create flush bucket in that case. This feature has been
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem added to the recent Tomcat versions without breaking the AJP protocol.
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem [Mladen Turk]
735cd88c825038eeac04c63c70282afbf936b798jim *) mod_proxy_balancer: Set the new environment variable BALANCER_ROUTE_CHANGED
735cd88c825038eeac04c63c70282afbf936b798jim if a worker with a route different from the one supplied by the client
735cd88c825038eeac04c63c70282afbf936b798jim had been chosen or if the client supplied no routing information for
735cd88c825038eeac04c63c70282afbf936b798jim a balancer with sticky sessions. [Ruediger Pluem]
735cd88c825038eeac04c63c70282afbf936b798jim *) mod_proxy_balancer: Add information about the route, the sticky session
735cd88c825038eeac04c63c70282afbf936b798jim and the worker used during a request as environment variables. PR 39806.
735cd88c825038eeac04c63c70282afbf936b798jim [Brian <brectanu gmail.com>]
ce6e6ce15f92e55178acd9b9a56745b3f33898c6jim *) mod_proxy: Don't try to use dead backend connection. PR 37770.
ce6e6ce15f92e55178acd9b9a56745b3f33898c6jim [Olivier BOEL <ob dorrboel.com>]
ce6e6ce15f92e55178acd9b9a56745b3f33898c6jim *) mod_proxy_balancer: Extract stickysession routing information contained as
ce6e6ce15f92e55178acd9b9a56745b3f33898c6jim parameter in the URL correctly. PR 40400.
ce6e6ce15f92e55178acd9b9a56745b3f33898c6jim [Ruediger Pluem, Tomokazu Harada <harada sysrdc.ns-sol.co.jp>]
dcb2819b8b9d4b86852fa3de8871d05ca4de67cajim *) mod_proxy_ajp: Added cping/cpong support for the AJP protocol.
dcb2819b8b9d4b86852fa3de8871d05ca4de67cajim A new worker directive ping=timeout will cause CPING packet
dcb2819b8b9d4b86852fa3de8871d05ca4de67cajim to be send expecting CPONG packet within defined timeout.
dcb2819b8b9d4b86852fa3de8871d05ca4de67cajim In case the backend is too busy this will fail instead
dcb2819b8b9d4b86852fa3de8871d05ca4de67cajim sending the full header. [Mladen Turk]
acdf89d84940eb9ae13389097e625cb08c62d452minfrin *) mod_cache: From RFC3986 (section 6.2.3.) if a URI contains an
acdf89d84940eb9ae13389097e625cb08c62d452minfrin authority component and an empty path, the empty path is to be equivalent
acdf89d84940eb9ae13389097e625cb08c62d452minfrin to "/". It explicitly cites the following four URIs as equivalents:
acdf89d84940eb9ae13389097e625cb08c62d452minfrin [Davi Arnaut <davi haxent.com.br>]
acdf89d84940eb9ae13389097e625cb08c62d452minfrin *) mod_cache: Don't cache requests with a expires date in the past;
acdf89d84940eb9ae13389097e625cb08c62d452minfrin otherwise mod_cache will always try to cache the URL. This bug
acdf89d84940eb9ae13389097e625cb08c62d452minfrin might lead to numerous rename() errors on win32 if the URL was
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem previously cached. [Davi Arnaut <davi haxent.com.br>]
acdf89d84940eb9ae13389097e625cb08c62d452minfrin *) mod_disk_cache: Make sure that only positive integers are accepted
acdf89d84940eb9ae13389097e625cb08c62d452minfrin for the CacheMaxFileSize and CacheMinFileSize parameters in the
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem config file. PR39380. [Niklas Edmundsson <nikke acc.umu.se>]
2ce90d8d49fb2c464202a8a335e2cd4ea3cb5f33minfrin *) core: Deal with the widespread use of apr_status_t return values
2ce90d8d49fb2c464202a8a335e2cd4ea3cb5f33minfrin as HTTP status codes, as documented in PR#31759 (a bug shared by
2ce90d8d49fb2c464202a8a335e2cd4ea3cb5f33minfrin the default handler, mod_cgi, mod_cgid, mod_proxy, and probably
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem others). PR31759. [Jeff Trawick, Ruediger Pluem, Joe Orton]
cd6811891c9998e52e5e325f82f519dadbc82b39minfrin *) mod_ext_filter: Handle filter names which include capital letters.
cd6811891c9998e52e5e325f82f519dadbc82b39minfrin PR 40323. [Jeff Trawick]
e114df93a5d0da6e525a51eb1a29219d94d3eb3aminfrin *) mod_isapi: Avoid double trailing slashes in HSE_REQ_MAP_URL_TO_PATH
205c204b61b6ecf592cc0ea251ae2f02fc7e19f1wrowe support. Also corrects the slashes for Windows.
205c204b61b6ecf592cc0ea251ae2f02fc7e19f1wrowe PR 15993. [William Rowe]
e114df93a5d0da6e525a51eb1a29219d94d3eb3aminfrin *) mod_isapi: Handle "HTTP/1.1 200 OK" style status lines correctly, the
e114df93a5d0da6e525a51eb1a29219d94d3eb3aminfrin token parser worked while the resulting length was misinterpreted.
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem PR 29098. [Brock Bland <bbland serena.com>]
e114df93a5d0da6e525a51eb1a29219d94d3eb3aminfrin *) mod_isapi: Return 0 (failure) for more of the various ap_pass_brigade
205c204b61b6ecf592cc0ea251ae2f02fc7e19f1wrowe attempts to stream the response at the client. Log these as well.
205c204b61b6ecf592cc0ea251ae2f02fc7e19f1wrowe PR 30022, 40470. [William Rowe, Matt Eaton <asf divinehawk.com>]
e114df93a5d0da6e525a51eb1a29219d94d3eb3aminfrin *) mod_isapi: Ensure we walk through all the methods the developer may have
e114df93a5d0da6e525a51eb1a29219d94d3eb3aminfrin employed to report their HTTP status result code.
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem PR 16637 30033 28089. [Matt Lewandowsky <matt iamcode.net>, William Rowe]
e6d97c844003fd0a04cbd26eb8f68c97fd62c587rpluem *) mod_echo: Fix precedence problem in if statement. PR 40658.
e6d97c844003fd0a04cbd26eb8f68c97fd62c587rpluem [Larry Cipriani <lvc lucent.com>]
e6d97c844003fd0a04cbd26eb8f68c97fd62c587rpluem *) mod_mime_magic: Fix precedence problem in if statement. PR 40656.
e6d97c844003fd0a04cbd26eb8f68c97fd62c587rpluem [Larry Cipriani <lvc lucent.com>]
686ce4eade942e515b1725d0c9751da36b759a6ctrawick *) The full server version information is now included in the error log at
686ce4eade942e515b1725d0c9751da36b759a6ctrawick startup as well as server status reports, irrespective of the setting
686ce4eade942e515b1725d0c9751da36b759a6ctrawick of the ServerTokens directive. ap_get_server_version() is now
686ce4eade942e515b1725d0c9751da36b759a6ctrawick deprecated, and is replaced by ap_get_server_banner() and
686ce4eade942e515b1725d0c9751da36b759a6ctrawick ap_get_server_description(). [Jeff Trawick]
58c97901868722bc3b7833ac725a1d5658fa2920jim *) mod_proxy_balancer: Workers can now be defined as part of
58c97901868722bc3b7833ac725a1d5658fa2920jim a balancer cluster "set" in which members of a lower-numbered set
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem are preferred over higher numbered ones. [Jim Jagielski]
58c97901868722bc3b7833ac725a1d5658fa2920jim *) mod_proxy_balancer: Workers can now be defined as "hot standby" which
58c97901868722bc3b7833ac725a1d5658fa2920jim will only be used if all other workers are unusable (eg: in
58c97901868722bc3b7833ac725a1d5658fa2920jim error or disabled). Also, the balancer-manager displays the election
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem count and I/O counts of all workers. [Jim Jagielski]
2cef392e45f74260035e7449fc95d032baa88084jim *) mod_proxy_ajp: Close connection to backend if reading of request body
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem fails. PR 40310. [Ian Abel <ianabel mxtelecom.com>]
2cef392e45f74260035e7449fc95d032baa88084jim *) mod_proxy_balancer: Retry worker chosen by route / redirect worker if
2cef392e45f74260035e7449fc95d032baa88084jim it is in error state before sending "Service Temporarily Unavailable".
2d0d8213c4df303dabe883df8fa29ac8f2b42d63rpluem PR 38962. [Christian Boitel <cboitel lfdj.com>]
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluemChanges with Apache 2.2.3
5fb3861acae76b1e62571662d32a4312229bb926rpluem *) SECURITY: CVE-2006-3747 (cve.mitre.org)
5fb3861acae76b1e62571662d32a4312229bb926rpluem mod_rewrite: Fix an off-by-one security problem in the ldap scheme
5fb3861acae76b1e62571662d32a4312229bb926rpluem handling. For some RewriteRules this could lead to a pointer being
5fb3861acae76b1e62571662d32a4312229bb926rpluem written out of bounds. Reported by Mark Dowd of McAfee.
e2d680c8e2d17df28e0b9f5919e651af74e7378frpluem *) mod_authn_alias: Add a check to make sure that the base provider and the
e2d680c8e2d17df28e0b9f5919e651af74e7378frpluem alias names are different and also that the alias has not been registered
e2d680c8e2d17df28e0b9f5919e651af74e7378frpluem before. PR 40051. [Brad Nicholes]
e2d680c8e2d17df28e0b9f5919e651af74e7378frpluem *) mod_authnz_ldap: Fix a problem with invalid auth error detection for LDAP
e2d680c8e2d17df28e0b9f5919e651af74e7378frpluem client SDKs that don't support the LDAP_SECURITY_ERROR macro. PR 39529.
e2d680c8e2d17df28e0b9f5919e651af74e7378frpluem [Ray Price <dohrayme yahoo.com>, Josh Fenlason <jfenlason ptc.com>]
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem *) mod_cache: Do not overwrite the Content-Type in the cache, for
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem successfully revalidated cached objects. PR 39647. [Ruediger Pluem]
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem *) mod_speling: Add directive to deal with case corrections only
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem and ignore other misspellings [Olivier Thereaux <ot w3.org>]
65acd2837c0c846f8d1f7d265bbc861f04e8a9c5niq *) mod_dbd: Fix dependence on virtualhost configuration in
65acd2837c0c846f8d1f7d265bbc861f04e8a9c5niq defining prepared statements (possible segfault at startup
65acd2837c0c846f8d1f7d265bbc861f04e8a9c5niq in user modules such as mod_authn_dbd). [Nick Kew]
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem *) Add optional 'scheme://' prefix to ServerName directive,
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem allowing correct determination of the canonical server URL
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem for use behind a proxy or offload device handling SSL; fixing
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem redirect generation in those cases. PR 33398. [Sander Temme]
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem *) Added server_scheme field to server_rec for above. Minor MMN bump.
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem [Sander Temme]
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem *) mod_cache: Make caching of reverse SSL proxies possible again. PR 39593.
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem [Ruediger Pluem, Joe Orton]
4b4d33edc11ab08e8019d2c2557fea73b2fdbdb0trawick *) Worker MPM: On graceless shutdown or restart, send signals to
4b4d33edc11ab08e8019d2c2557fea73b2fdbdb0trawick each worker thread to wake them up if they're polling on a
4b4d33edc11ab08e8019d2c2557fea73b2fdbdb0trawick Keep-Alive connection. PR 38737. [Chris Darroch]
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem *) worker and event MPMs: fix excessive forking if fork() or child_init
4b4d33edc11ab08e8019d2c2557fea73b2fdbdb0trawick take a long time. PR 39275.
4b4d33edc11ab08e8019d2c2557fea73b2fdbdb0trawick [Greg Ames, Jeff Trawick, Chris Darroch <chrisd pearsoncmg.com> ]
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem *) configure: Add "--with-included-apr" flag to force use of the
b5fca7531f2de1c6710b45ed4f4b6089fa5a06c0rpluem bundled version of APR at build time. [Joe Orton]
a9e9e4d9b1e6bb081282f75bf450b7d7d5a1f581rpluem *) Respect GracefulShutdownTimeout in the worker and event MPMs.
a9e9e4d9b1e6bb081282f75bf450b7d7d5a1f581rpluem [Chris Darroch, Garrett Rooney]
a9e9e4d9b1e6bb081282f75bf450b7d7d5a1f581rpluem *) mod_mem_cache: Set content type correctly when delivering data from
a9e9e4d9b1e6bb081282f75bf450b7d7d5a1f581rpluem cache. PR 39266. [Ruediger Pluem]
a9e9e4d9b1e6bb081282f75bf450b7d7d5a1f581rpluem *) mod_autoindex: Fix filename escaping with FancyIndexing disabled.
a9e9e4d9b1e6bb081282f75bf450b7d7d5a1f581rpluem PR 38910. [Robby Griffin <rmg terc.edu>]
a9e9e4d9b1e6bb081282f75bf450b7d7d5a1f581rpluem *) mod_charset_lite: Bypass translation when the source and dest charsets
a9e9e4d9b1e6bb081282f75bf450b7d7d5a1f581rpluem are the same. [Jeff Trawick]
200fd0ce73d992a43b500ddfe94487a840bd56darpluemChanges with Apache 2.2.2
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem *) mod_deflate: Allow mod_deflate to handle internal redirects.
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem [Brian J. France <list firehawksystems.com>]
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem *) mod_proxy_balancer: Initialize members of a balancer correctly.
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem PR 38227. [James A. Robinson <jim.robinson stanford.edu>]
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem *) mod_proxy: Do not release connections from connection pool twice.
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem PR 38793. [Ruediger Pluem, matthias <mk-asf gigacodes.de>]
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem *) core: Prevent reading uninitialized memory while reading a line of
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem protocol input. PR 39282. [Davi Arnaut <davi haxent.com.br>]
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem *) mod_dbd: Update defaults, improve error reporting.
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem [Chris Darroch <chrisd pearsoncmg com>, Nick Kew]
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem *) mod_dbd: Create own pool and mutex to avoid problem use of
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem process pool in request processing.
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem [Chris Darroch <chrisd pearsoncmg com>]
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem *) HTML-escape the Expect error message. Not classed as security as
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem an attacker has no way to influence the Expect header a victim will
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem send to a target site. Reported by Thiago Zaninotti
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem <thiango nstalker.com>. [Mark Cox]
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem *) htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
0c5a6a11ce72ad41b14c755f4a2254e0c7b70245rpluem [Jeff Trawick]
200fd0ce73d992a43b500ddfe94487a840bd56darpluem *) htdbm: Warn the user when adding a plaintext password on a platform
200fd0ce73d992a43b500ddfe94487a840bd56darpluem where it wouldn't work with the server (i.e., anywhere that has
200fd0ce73d992a43b500ddfe94487a840bd56darpluem crypt()). [Jeff Trawick]
200fd0ce73d992a43b500ddfe94487a840bd56darpluem *) mod_proxy: don't reuse a connection that may be to the wrong backend
200fd0ce73d992a43b500ddfe94487a840bd56darpluem PR 39253 [Ruediger Pluem]
200fd0ce73d992a43b500ddfe94487a840bd56darpluem *) Default handler: Don't return output filter apr_status_t values.
200fd0ce73d992a43b500ddfe94487a840bd56darpluem PR 31759. [Jeff Trawick, Ruediger Pluem, Joe Orton]
cbb903af5066589fe0e73f3ecf06abdc71e38effrpluemChanges with Apache 2.2.1
0919d062982a9c9d2f4a8933ef54ccba2dd2b8f8rpluem *) SECURITY: CVE-2005-3357 (cve.mitre.org)
0919d062982a9c9d2f4a8933ef54ccba2dd2b8f8rpluem mod_ssl: Fix a possible crash during access control checks if a
0919d062982a9c9d2f4a8933ef54ccba2dd2b8f8rpluem non-SSL request is processed for an SSL vhost (such as the
0919d062982a9c9d2f4a8933ef54ccba2dd2b8f8rpluem "HTTP request received on SSL port" error message when an 400
0919d062982a9c9d2f4a8933ef54ccba2dd2b8f8rpluem ErrorDocument is configured, or if using "SSLEngine optional").
60262a02cfeba50d60d990b56d0e0c1d1fafb672sctemme PR 37791. [Rüdiger Plüm, Joe Orton]
0919d062982a9c9d2f4a8933ef54ccba2dd2b8f8rpluem *) SECURITY: CVE-2005-3352 (cve.mitre.org)
0919d062982a9c9d2f4a8933ef54ccba2dd2b8f8rpluem mod_imagemap: Escape untrusted referer header before outputting
0919d062982a9c9d2f4a8933ef54ccba2dd2b8f8rpluem in HTML to avoid potential cross-site scripting. Change also
0919d062982a9c9d2f4a8933ef54ccba2dd2b8f8rpluem made to ap_escape_html so we escape quotes. Reported by JPCERT.
c9ce3d3ead2ba4ea6f5bb176745172f3538aed60rpluem *) mod_proxy_ajp: Flushing of the output after each AJP chunk is now
c9ce3d3ead2ba4ea6f5bb176745172f3538aed60rpluem configurable at runtime via the 'flushpackets' and 'flushwait' worker
c9ce3d3ead2ba4ea6f5bb176745172f3538aed60rpluem params. Minor MMN bump. [Jim Jagielski]
c9ce3d3ead2ba4ea6f5bb176745172f3538aed60rpluem *) mod_proxy: Fix incorrect usage of local and shared worker init.
c9ce3d3ead2ba4ea6f5bb176745172f3538aed60rpluem PR 38403. [Jim Jagielski]
c9ce3d3ead2ba4ea6f5bb176745172f3538aed60rpluem *) mod_isapi: Fix compiler errors on Unix platforms.
c9ce3d3ead2ba4ea6f5bb176745172f3538aed60rpluem [William Rowe]
0deb1a75b17945f30e56e81b851a2a2ab08af50drpluem *) mod_proxy_http: Send HTTP Keep-Alive Headers. PR 38524.
0deb1a75b17945f30e56e81b851a2a2ab08af50drpluem [Rüdiger Plüm, Joe Orton]
0deb1a75b17945f30e56e81b851a2a2ab08af50drpluem *) mod_disk_cache: Return the correct error codes from bucket read
0deb1a75b17945f30e56e81b851a2a2ab08af50drpluem failures, instead of APR_EGENERAL.
0deb1a75b17945f30e56e81b851a2a2ab08af50drpluem *) Add APR/APR-Util Compiled and Runtime Version numbers to the
0deb1a75b17945f30e56e81b851a2a2ab08af50drpluem output of 'httpd -V'. [William Rowe]
0deb1a75b17945f30e56e81b851a2a2ab08af50drpluem *) http: If a connection is aborted while waiting for a chunked line,
0deb1a75b17945f30e56e81b851a2a2ab08af50drpluem flag the connection as errored out. [Justin Erenkrantz]
0919d062982a9c9d2f4a8933ef54ccba2dd2b8f8rpluem *) core: Reject invalid Expect header immediately. PR 38123.
0919d062982a9c9d2f4a8933ef54ccba2dd2b8f8rpluem [Ruediger Pluem]
8e72243380282ce619a2c6bce8f8359b8d95306fjim *) mod_proxy: Fix KeepAlives not being allowed and set to
8e72243380282ce619a2c6bce8f8359b8d95306fjim backend servers. PR 38602. [Ruediger Pluem, Jim Jagielski]
98179b7bdc84db9364cb774bf2fc9c511622c3ffjim *) mod_proxy: If we get an error reading the upstream response,
8e72243380282ce619a2c6bce8f8359b8d95306fjim close the connection. [Justin Erenkrantz, Roy T. Fielding,
8e72243380282ce619a2c6bce8f8359b8d95306fjim Jim Jagielski, Ruediger Pluem]
317b1987e48bbdbfe8b1dcccdcf5cd6c10a26436jim *) mod_proxy_ajp: Support common headers of the AJP protocol in responses.
317b1987e48bbdbfe8b1dcccdcf5cd6c10a26436jim PR 38340. [Aleksey Pesternikov <apesternikov yahoo.com>]
317b1987e48bbdbfe8b1dcccdcf5cd6c10a26436jim *) mod_proxy_balancer: Do not overwrite the status of initialized workers and
317b1987e48bbdbfe8b1dcccdcf5cd6c10a26436jim respect the configured status of uninitilized workers when creating a new
317b1987e48bbdbfe8b1dcccdcf5cd6c10a26436jim child process. [Ruediger Pluem]
317b1987e48bbdbfe8b1dcccdcf5cd6c10a26436jim *) mod_proxy_ajp: Crosscheck the length of the body chunk with the length of
317b1987e48bbdbfe8b1dcccdcf5cd6c10a26436jim the ajp message to prevent mod_proxy_ajp from reading beyond the buffer
317b1987e48bbdbfe8b1dcccdcf5cd6c10a26436jim boundaries and thus revealing possibly sensitive memory contents to the
317b1987e48bbdbfe8b1dcccdcf5cd6c10a26436jim client. [Ruediger Pluem]
b9ebc87040e76abda075c91317cd0e1a7c9810e4trawick *) Ensure that the proper status line is written to the client, fixing
b9ebc87040e76abda075c91317cd0e1a7c9810e4trawick incorrect status lines caused by filters which modify r->status without
b9ebc87040e76abda075c91317cd0e1a7c9810e4trawick resetting r->status_line, such as the built-in byterange filter.
b9ebc87040e76abda075c91317cd0e1a7c9810e4trawick [Jeff Trawick]
b9ebc87040e76abda075c91317cd0e1a7c9810e4trawick *) mod_speling: Stop crashing with certain non-file requests. [Jeff Trawick]
dc681b5cee49eb24c3ae8d6f50c4c9c9c05faa52rpluem *) mod_cache: Make caching of reverse proxies possible again. PR 38017.
dc681b5cee49eb24c3ae8d6f50c4c9c9c05faa52rpluem [Ruediger Pluem]
2c3721611cc8d1ebd87b152e7d933a6dec23b3dcwrowe *) Modify apr[util] .h detection to avoid breakage on VPATH builds
2c3721611cc8d1ebd87b152e7d933a6dec23b3dcwrowe using Solaris make (amoung others) and avoid breakage in ./buildconf
2c3721611cc8d1ebd87b152e7d933a6dec23b3dcwrowe when srclib/apr[-util] are symlinks rather than directories proper.
2c3721611cc8d1ebd87b152e7d933a6dec23b3dcwrowe [William Rowe]
2c3721611cc8d1ebd87b152e7d933a6dec23b3dcwrowe *) Chunk filter: Fix chunk filter to create correct chunks in the case that
2c3721611cc8d1ebd87b152e7d933a6dec23b3dcwrowe a flush bucket is surrounded by data buckets. [Ruediger Pluem]
cbb903af5066589fe0e73f3ecf06abdc71e38effrpluem *) Fix syntax error in httpd.h with strict compilers. PR 38740.
cbb903af5066589fe0e73f3ecf06abdc71e38effrpluem [Per Olausson <pao darkheim.freeserve.co.uk>]
cbb903af5066589fe0e73f3ecf06abdc71e38effrpluem *) Preserve the Content-Length header for a proxied HEAD response.
cbb903af5066589fe0e73f3ecf06abdc71e38effrpluem PR 18757. [Greg Ames]
cbb903af5066589fe0e73f3ecf06abdc71e38effrpluem *) Fix recursive ErrorDocument handling. PR 36090.
cbb903af5066589fe0e73f3ecf06abdc71e38effrpluem [Chris Darroch <chrisd pearsoncmg.com>]
cbb903af5066589fe0e73f3ecf06abdc71e38effrpluem *) Don't hang on error return from post_read_request. PR37790 [Nick Kew]
cbb903af5066589fe0e73f3ecf06abdc71e38effrpluem *) Fix off-by-one error in proxy_balancer. PR37753
cbb903af5066589fe0e73f3ecf06abdc71e38effrpluem [Kazuhiro Osawa <ko yappo ne jp>]
cbb903af5066589fe0e73f3ecf06abdc71e38effrpluemChanges with Apache 2.2.0
c0bcd91f17456a06ce290005aab0d1e360482ea5rpluem *) mod_negotiation: Minor performance tweak by reusing already calculated
c0bcd91f17456a06ce290005aab0d1e360482ea5rpluem [Ruediger Pluem, Christophe Jaillet <christophe.jaillet wanadoo.fr>]
941fcca87a4607a388e88cff3fd0cdefc29bb81cjerenkrantz *) Remove support for 'On' and 'Off' for AuthBasicProvider and
941fcca87a4607a388e88cff3fd0cdefc29bb81cjerenkrantz AuthDigestProvider. [Joshua Slive, Justin Erenkrantz]
d05d20b9ae48c6768f40277a76ed198d30aed06ajim *) Add in new UseCanonicalPhysicalPort directive, which controls
d05d20b9ae48c6768f40277a76ed198d30aed06ajim whether or not Apache will ever use the actual physical port
d05d20b9ae48c6768f40277a76ed198d30aed06ajim when constructing the canonical port number. [Jim Jagielski]
f6316e220101e5d4d99d82aab75ca7d668870942rpluem *) mod_dav: Fix a null pointer dereference in an error code path during the
f6316e220101e5d4d99d82aab75ca7d668870942rpluem handling of MKCOL.
f6316e220101e5d4d99d82aab75ca7d668870942rpluem [Ruediger Pluem, Ghassan Misherghi <ghassanm ucdavis.edu>]
c83edb2f6bafd5f7013cd6bad78753a1e0c5fbe6jim *) Fix DESTDIR=... installation when using bundled copy of APR.
c83edb2f6bafd5f7013cd6bad78753a1e0c5fbe6jim *) mod_proxy_balancer: When finding best worker, use case insensitive
c83edb2f6bafd5f7013cd6bad78753a1e0c5fbe6jim match for scheme and host, but case sensitive for the rest of
c83edb2f6bafd5f7013cd6bad78753a1e0c5fbe6jim the path. [Jim Jagielski, Ruediger Pluem]
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim [Apache 2.1.0-dev includes those bug fixes and changes with the
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim Apache 2.2.xx tree as documented, and except as noted, below.]
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajimChanges with Apache 2.2.x and later:
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajimChanges with Apache 2.0.x and later:
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajim *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
74499a117b3b2cd9666715a14f90c0e5d1a4ee8ajimChanges with Apache 1.3.x and later: