CHANGES revision b08558bf6a64f9501ad3eca34eaf4d978bd928cf
d5b7ba26785d7494166d48876362ba30ff30b98awrowe -*- coding: utf-8 -*-
c30ef289fe64ac7fedc44cfcc6b439f0f8458b4cgregamesChanges with Apache 2.3.13
b9e99e0d3154bbebe3e1b8d11d6c15bde79510a5nd *) core: Add support to ErrorLogFormat for logging the system unique
b9e99e0d3154bbebe3e1b8d11d6c15bde79510a5nd thread id under Linux. [Stefan Fritsch]
b9e99e0d3154bbebe3e1b8d11d6c15bde79510a5nd *) event: New AsyncRequestWorkerFactor directive to influence how many
6e128d9c91437b22850d19fc166a6165e3c4831ctrawick connections will be accepted per process. [Stefan Fritsch]
6e128d9c91437b22850d19fc166a6165e3c4831ctrawick *) prefork, worker, event: Rename MaxClients to MaxRequestWorkers which
ea5f8cfbb7ef1d19318f6994c26dd73c38ffd8ddjerenkrantz describes more accurately what it does. [Stefan Fritsch]
ea5f8cfbb7ef1d19318f6994c26dd73c38ffd8ddjerenkrantz *) rotatelogs: Add -p argument to specify custom program to invoke
4567cfc6a65328bd3e8dd2b758ca926b389c7058brianp after a log rotation. PR 51285. [<sveniu ifi.uio.no>, Joe Orton]
4567cfc6a65328bd3e8dd2b758ca926b389c7058brianp *) mod_ssl: Don't do OCSP checks for valid self-issued certs. [Kaspar Brand]
3068cf5757c8bdbea77e8f6805686aa0b0241a17nd *) mod_ssl: Avoid unnecessary renegotiations with SSLVerifyDepth 0.
3068cf5757c8bdbea77e8f6805686aa0b0241a17nd PR 48215. [Kaspar Brand]
396aeca634b86a3ab34d5bdb9c32cbce73c72421jerenkrantz *) mod_status: Display information about asynchronous connections in the
396aeca634b86a3ab34d5bdb9c32cbce73c72421jerenkrantz server-status. PR 44377. [Stefan Fritsch]
4cdc5446050c19b9d519a273a129188586e8d445jerenkrantz *) mpm_event: If the number of connections of a process is very high, or if
4cdc5446050c19b9d519a273a129188586e8d445jerenkrantz all workers are busy, don't accept new connections in that process.
4cdc5446050c19b9d519a273a129188586e8d445jerenkrantz [Stefan Fritsch]
e0b93afc77decfbc0aab461b08ee224a0af89af2rederpj *) mpm_event: Process lingering close asynchronously instead of tying up
e0b93afc77decfbc0aab461b08ee224a0af89af2rederpj worker threads. [Jeff Trawick, Stefan Fritsch]
e0b93afc77decfbc0aab461b08ee224a0af89af2rederpj *) mpm_event: If MaxMemFree is set, limit the number of pools that is kept
f5610d5460e701dd3f3514395867a6b5241fda81bnicholes around. [Stefan Fritsch]
f5610d5460e701dd3f3514395867a6b5241fda81bnicholes *) mpm_event: Fix graceful restart aborting connections. PR 43359.
f5610d5460e701dd3f3514395867a6b5241fda81bnicholes [Takashi Sato <takashi lans-tv com>]
f5610d5460e701dd3f3514395867a6b5241fda81bnicholes *) mod_ssl: Disable AECDH ciphers in example config. PR 51363.
f5610d5460e701dd3f3514395867a6b5241fda81bnicholes [Rob Stradling <rob comodo com>]
c30ef289fe64ac7fedc44cfcc6b439f0f8458b4cgregames *) core: Introduce new function ap_get_conn_socket() to access the socket of
c30ef289fe64ac7fedc44cfcc6b439f0f8458b4cgregames a connection. [Stefan Fritsch]
c30ef289fe64ac7fedc44cfcc6b439f0f8458b4cgregames *) mod_data: Introduce a filter to support RFC2397 data URLs. [Graham
2f408250e9111c4b85b2b4b9b8836e83987efdefstoddard *) mod_userdir/mod_alias/mod_vhost_alias: Correctly set DOCUMENT_ROOT,
2f408250e9111c4b85b2b4b9b8836e83987efdefstoddard CONTEXT_DOCUMENT_ROOT, CONTEXT_PREFIX. PR 26052. PR 46198.
d5b7ba26785d7494166d48876362ba30ff30b98awrowe [Stefan Fritsch]
47fe07199bddec6124ab7251c6be5c6c9ac00485jerenkrantz *) core: Allow to override document_root on a per-request basis. Introduce
c1bf42dc465137de1fdb8f3d9d1c3e4d2db5c003brianp new context_document_root and context_prefix which provide information
5a42079659ea008632642edc7fe18f9517cfea2aminfrin about non-global URI-to-directory mappings (from e.g. mod_userdir or
c1bf42dc465137de1fdb8f3d9d1c3e4d2db5c003brianp mod_alias) to scripts. PR 49705. [Stefan Fritsch]
6646a289c2d4778c8cd43d62b5a1cc966a356f85jerenkrantz *) core: Add <ElseIf> and <Else> to complement <If> sections.
6646a289c2d4778c8cd43d62b5a1cc966a356f85jerenkrantz [Stefan Fritsch]
aec70520ebe1e33e0d5e83c3626649d2a41dbe68wrowe *) mod_ext_filter: Remove DebugLevel option in favor of per-module loglevel.
aec70520ebe1e33e0d5e83c3626649d2a41dbe68wrowe [Stefan Fritsch]
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe *) mod_include: Make the "#if expr" element use the new "ap_expr" expression
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe parser. The old parser can still be used by setting the new directive
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe SSILegacyExprParser. [Stefan Fritsch]
367cefc17f8dcfe65651c9c16cb3151589c6cecetrawick *) core: Add some features to ap_expr for use by mod_include: a restricted
367cefc17f8dcfe65651c9c16cb3151589c6cecetrawick mode that does not allow to bypass request access restrictions; new
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe variables DOCUMENT_URI (alias for REQUEST_URI), LAST_MODIFIED; -A as an
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe alias for -U; an additional data entry in ap_expr_eval_ctx_t for use by
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe the consumer; an extensible ap_expr_exec_ctx() API that allows to use that
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe data entry. [Stefan Fritsch]
111b2312c9749936ebca4f273db445820a0a703ebrianp *) mod_include: Merge directory configs instead of one SSI* config directive
111b2312c9749936ebca4f273db445820a0a703ebrianp causing all other per-directory SSI* config directives to be reset.
ad877cddc14be8c8171938ba61338c6c7b896bbdtrawick [Stefan Fritsch]
ad877cddc14be8c8171938ba61338c6c7b896bbdtrawick *) mod_charset_lite: Remove DebugLevel option in favour of per-module
ad877cddc14be8c8171938ba61338c6c7b896bbdtrawick loglevel. [Stefan Fritsch]
ad877cddc14be8c8171938ba61338c6c7b896bbdtrawick *) core: Add ap_regexec_len() function that works with non-null-terminated
367cefc17f8dcfe65651c9c16cb3151589c6cecetrawick strings. PR 51231. [Yehezkel Horowitz <horowity checkpoint com>]
367cefc17f8dcfe65651c9c16cb3151589c6cecetrawick *) mod_authnz_ldap: If the LDAP server returns constraint violation,
367cefc17f8dcfe65651c9c16cb3151589c6cecetrawick don't treat this as an error but as "auth denied". [Stefan Fritsch]
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe *) mod_proxy_fcgi|scgi: Add support for "best guess" of PATH_INFO
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe for SCGI/FCGI. PR 50880, 50851. [Mark Montague <mark catseye.org>,
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe Jim Jagielski]
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe *) mod_cache: When content is served stale, and there is no means to
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe revalidate the content using ETag or Last-Modified, and we have
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe mandated no stale-on-error behaviour, stand down and don't cache.
f49cf8ce86a01c90d5d843fc27e19d2802dd0f77wrowe Saves a cache write that will never be read.
52435ceaabd1670b2c3a062acc191159a64fb7a1wrowe [Graham Leggett]
52435ceaabd1670b2c3a062acc191159a64fb7a1wrowe *) mod_reqtimeout: Fix a timed out connection going into the keep-alive
52435ceaabd1670b2c3a062acc191159a64fb7a1wrowe state after a timeout when discarding a request body. PR 51103.
52435ceaabd1670b2c3a062acc191159a64fb7a1wrowe [Stefan Fritsch]
52435ceaabd1670b2c3a062acc191159a64fb7a1wrowe *) core: Add various file existance test operators to ap_expr.
52435ceaabd1670b2c3a062acc191159a64fb7a1wrowe [Stefan Fritsch]
e199d79647c689a85951f19b08a08082263f4df8brianp *) mod_proxy_express: New mass reverse-proxy switch extension for
e199d79647c689a85951f19b08a08082263f4df8brianp mod_proxy. [Jim Jagielski]
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe *) configure: Fix script error when configuring module set "reallyall".
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe [Rainer Jung]
ad451e2e428a069086d1c18c9e3372f8846ec617wroweChanges with Apache 2.3.12
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe *) configure, core: Provide easier support for APR's hook probe
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe capability. [Jim Jagielski, Jeff Trawick]
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe *) Silence autoconf 2.68 warnings. [Rainer Jung]
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe *) mod_authnz_ldap: Resolve crash when LDAP is used for authorization only
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe [Scott Hill <shill genscape.com>]
ad451e2e428a069086d1c18c9e3372f8846ec617wrowe *) support: Make sure check_forensic works with mod_unique_id loaded
1e1e5c477f92840ffbcb8acd0003305022e5468atrawick [Joe Schaefer]
1e1e5c477f92840ffbcb8acd0003305022e5468atrawick *) Add child_status hook for tracking creation/termination of MPM child
1e1e5c477f92840ffbcb8acd0003305022e5468atrawick processes. Add end_generation hook for notification when the last
1e1e5c477f92840ffbcb8acd0003305022e5468atrawick MPM child of a generation exits. [Jeff Trawick]
c998c5be82bf2b41f8fc27de9376ba10651c74bcrederpj *) mod_ldap: Make LDAPSharedCacheSize 0 create a non-shared-memory cache per
c998c5be82bf2b41f8fc27de9376ba10651c74bcrederpj process as opposed to disabling caching completely. This allows to use
c998c5be82bf2b41f8fc27de9376ba10651c74bcrederpj the non-shared-memory cache as a workaround for the shared memory cache
c998c5be82bf2b41f8fc27de9376ba10651c74bcrederpj not being available during graceful restarts. PR 48958. [Stefan Fritsch]
c998c5be82bf2b41f8fc27de9376ba10651c74bcrederpj *) Add new ap_reserve_module_slots/ap_reserve_module_slots_directive API,
58eb8d7cca552570577aa8b636349a695ff193datrawick necessary if a module (like mod_perl) registers additional modules late
58eb8d7cca552570577aa8b636349a695ff193datrawick in the startup phase. [Stefan Fritsch]
58eb8d7cca552570577aa8b636349a695ff193datrawick *) core: Prevent segfault if DYNAMIC_MODULE_LIMIT is reached. PR 51072.
ecf435f0c6379df7ed83285d5597fc9aa39c6f6dbrianp [Torsten Förtsch <torsten foertsch gmx net>]
ecf435f0c6379df7ed83285d5597fc9aa39c6f6dbrianp *) WinNT MPM: Improve robustness under heavy load. [Jeff Trawick]
480f2a1b2fb27a8284e66e60a5bbaee6bc1ccb04trawick *) MinGW build improvements. PR 49535. [John Vandenberg
480f2a1b2fb27a8284e66e60a5bbaee6bc1ccb04trawick <jayvdb gmail.com>, Jeff Trawick]
480f2a1b2fb27a8284e66e60a5bbaee6bc1ccb04trawick *) core: Support module names with colons in loglevel configuration.
acc9093ae1f3c97acc635bd5b2c7c0969da21183trawick [Torsten Förtsch <torsten foertsch gmx net>]
acc9093ae1f3c97acc635bd5b2c7c0969da21183trawick *) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
2fa5f4c38890220c6ea439317e7dcb9e8b3c76f7jwoolley [Stefan Fritsch]
2fa5f4c38890220c6ea439317e7dcb9e8b3c76f7jwoolley *) core: Abort if the MPM is changed across restart. [Jeff Trawick]
95d00ea81131488769296fa5765ed745cbf45207trawick *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
95d00ea81131488769296fa5765ed745cbf45207trawick [Peter Pramberger <peter pramberger.at>, Jim Jagielski]
95d00ea81131488769296fa5765ed745cbf45207trawick *) mod_proxy_fcgi: Add support for 'ProxyErrorOverride on'. PR 50913.
95d00ea81131488769296fa5765ed745cbf45207trawick [Mark Montague <mark catseye.org>, Jim Jagielski]
95d00ea81131488769296fa5765ed745cbf45207trawick *) core: Change the APIs of ap_cfg_getline() and ap_cfg_getc() to return an
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj error code. Abort with a nice error message if a config line is too long.
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj Partial fix for PR 50824. [Stefan Fritsch]
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj *) mod_info: Dump config to stdout during startup if -DDUMP_CONFIG is
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj specified. PR 31956. [Stefan Fritsch]
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj *) Restore visibility of DEFAULT_PIDLOG to core and modules. MPM
f08574f1098defdf1dc7e7f18a1e3664ee157150rederpj helper function ap_remove_pid() added. [Jeff Trawick]
84854ca5d35fb9f101da948858097c88457eece8coar *) Enable DEFAULT_REL_RUNTIMEDIR on Windows and NetWare. [various]
84854ca5d35fb9f101da948858097c88457eece8coar *) Correct C++ incompatibility with http_log.h. [Stefan Fritsch, Jeff
30990c446eca5b0d16d42171a6b30da9456ff6b4trawick *) mod_log_config: Prevent segfault. PR 50861. [Torsten Förtsch
0fd9de72e2a1be5a6134ee70703324be80d816b7trawick *) core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
0fd9de72e2a1be5a6134ee70703324be80d816b7trawick in request URL path info but not decode them. Change behavior of option
0fd9de72e2a1be5a6134ee70703324be80d816b7trawick "On" to decode the encoded slashes as 2.0 and 2.2 do. PR 35256,
2213cc395cb461faf7bfeb187ebb61d97cd457efjerenkrantz PR 46830. [Dan Poirier]
2213cc395cb461faf7bfeb187ebb61d97cd457efjerenkrantz *) mod_ssl: Check SNI hostname against Host header case-insensitively.
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe PR 49491. [Mayank Agrawal <magrawal.08 gmail.com>]
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe *) mod_ldap: Add LDAPConnectionPoolTTL to give control over lifetime
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe of bound backend LDAP connections. PR47634 [Eric Covener]
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe *) mod_cache: Make CacheEnable and CacheDisable configurable per
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe directory in addition to per server, making them work from within
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe a LocationMatch. [Graham Leggett]
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe *) worker, event, prefork: Correct several issues when built as
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe DSOs; most notably, the scoreboard was reinitialized during graceful
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe restart, such that processes of the previous generation were not
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wrowe observable. [Jeff Trawick]
854c7bc4128fa2ad9fdfe0fc307d5ef30bcb5bb9wroweChanges with Apache 2.3.11
75f8e1cae5ca3a16a7400cdddf604815ab06b5a8rederpj *) mod_win32: Added shebang check for '! so that .vbs scripts work as CGI.
75f8e1cae5ca3a16a7400cdddf604815ab06b5a8rederpj Win32's cscript interpreter can only use a single quote as comment char.
75f8e1cae5ca3a16a7400cdddf604815ab06b5a8rederpj [Guenter Knauf]
75f8e1cae5ca3a16a7400cdddf604815ab06b5a8rederpj *) mod_proxy: balancer-manager now uses POST instead of GET.
75f8e1cae5ca3a16a7400cdddf604815ab06b5a8rederpj [Jim Jagielski]
7f481efe04fdc4da7a447c14be62c155cbe00ddbbrianp *) core: new util function: ap_parse_form_data(). Previously,
7f481efe04fdc4da7a447c14be62c155cbe00ddbbrianp this capability was tucked away in mod_request. [Jim Jagielski]
9ed34e5219ab3506ccfd2ca58751ce4c81b263a8rederpj *) core: new hook: ap_run_pre_read_request. [Jim Jagielski]
9ed34e5219ab3506ccfd2ca58751ce4c81b263a8rederpj *) mod_cache: When a request other than GET or HEAD arrives, we must
9ed34e5219ab3506ccfd2ca58751ce4c81b263a8rederpj invalidate existing cache entities as per RFC2616 13.10. PR 15868.
23b36269d124e7a6aaa5221891f7ae2ef3eeb158jerenkrantz [Graham Leggett]
23b36269d124e7a6aaa5221891f7ae2ef3eeb158jerenkrantz *) modules: Fix many modules that were not correctly initializing if they
d401ff3af66624a7023460054519070a025d31cfwrowe were not active during server startup but got enabled later during a
d401ff3af66624a7023460054519070a025d31cfwrowe graceful restart. [Stefan Fritsch]
d401ff3af66624a7023460054519070a025d31cfwrowe *) core: Create new ap_state_query function that allows modules to determine
e65b56dc229f063425fac589002e34c8246ad878trawick if the current configuration run is the initial one at server startup,
e65b56dc229f063425fac589002e34c8246ad878trawick and if the server is started for testing/config dumping only.
e65b56dc229f063425fac589002e34c8246ad878trawick [Stefan Fritsch]
306bd64cf6568149964abdf8ca748a617ed98500gregames *) mod_proxy: Runtime configuration of many parameters for existing
306bd64cf6568149964abdf8ca748a617ed98500gregames balancers via the balancer-manager. [Jim Jagielski]
5bd562b1d7da51cb5715899d32bb4c79c54459b0wrowe *) mod_proxy: Runtime addition of new workers (BalancerMember) for existing
ae3d212043d50288748fe9fdf0aa1a3e8f2ff3a6wrowe balancers via the balancer-manager. [Jim Jagielski]
ae3d212043d50288748fe9fdf0aa1a3e8f2ff3a6wrowe *) mod_cache: When a bad Expires date is present, we need to behave as if
ae3d212043d50288748fe9fdf0aa1a3e8f2ff3a6wrowe the Expires is in the past, not as if the Expires is missing. PR 16521.
ae3d212043d50288748fe9fdf0aa1a3e8f2ff3a6wrowe [Co-Advisor <coad@measurement-factory.com>]
766c20b0366e1d0e359e0d9a834669e19a4db3d9trawick *) mod_cache: We must ignore quoted-string values that appear in a
766c20b0366e1d0e359e0d9a834669e19a4db3d9trawick Cache-Control header. PR 50199. [Graham Leggett]
766c20b0366e1d0e359e0d9a834669e19a4db3d9trawick *) mod_dav: Revert change to send 501 error if unknown Content-* header is
766c20b0366e1d0e359e0d9a834669e19a4db3d9trawick received for a PUT request. PR 42978. [Stefan Fritsch]
2a6e98ba4ffa30ded5d8831664c5cb2a170a56b6coar *) mod_cache: Respect s-maxage as described by RFC2616 14.9.3, which must
2a6e98ba4ffa30ded5d8831664c5cb2a170a56b6coar take precedence if present. PR 35247. [Graham Leggett]
9a11fa4e07f50f2e5750d078ef3751ddbf441b8ftrawick *) mod_ssl: Fix a possible startup failure if multiple SSL vhosts
9a11fa4e07f50f2e5750d078ef3751ddbf441b8ftrawick are configured with the same ServerName and private key file.
9a11fa4e07f50f2e5750d078ef3751ddbf441b8ftrawick [Masahiro Matsuya <mmatsuya redhat.com>, Joe Orton]
1f279dc92a60df9f61bf58468162aab0eef072e4brianp *) mod_socache_dc: Make module compile by fixing some typos.
1f279dc92a60df9f61bf58468162aab0eef072e4brianp PR 50735 [Mark Montague <mark catseye.org>]
2fd0edbd8b2f47a8458322bedd3b82f825faf336trawick *) prefork: Update MPM state in children during a graceful stop or
2fd0edbd8b2f47a8458322bedd3b82f825faf336trawick restart. PR 41743. [Andrew Punch <andrew.punch 247realmedia.com>]
39021cf8b495cdb94013ca73531ccb32658fb793rederpj *) mod_mime: Ignore leading dots when looking for mime extensions.
39021cf8b495cdb94013ca73531ccb32658fb793rederpj PR 50434 [Stefan Fritsch]
39021cf8b495cdb94013ca73531ccb32658fb793rederpj *) core: Add support to set variables with the 'Define' directive. The
39021cf8b495cdb94013ca73531ccb32658fb793rederpj variables that can then be used in the config using the ${VAR} syntax
39021cf8b495cdb94013ca73531ccb32658fb793rederpj known from envvar interpolation. [Stefan Fritsch]
39021cf8b495cdb94013ca73531ccb32658fb793rederpj *) mod_proxy_http: make adding of X-Forwarded-* headers configurable.
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe ProxyAddHeaders defaults to On. [Vincent Deffontaines]
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe *) mod_slotmem_shm: Increase memory alignment for slotmem data.
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe [Rainer Jung]
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe *) mod_ssl: Add config options for OCSP: SSLOCSPResponderTimeout,
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe SSLOCSPResponseMaxAge, SSLOCSPResponseTimeSkew.
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe [Kaspar Brand <httpd-dev.2011 velox.ch>]
fa16f10bc02e46bc5a6c2c2c6371926cd1dbe2edwrowe *) mod_ssl: Revamp output buffering to reduce network overhead for
db8ac7cbb1fa6cdd6abcc4bb797d4deed32dd269jim output fragmented into many buckets, such as chunked HTTP responses.
db8ac7cbb1fa6cdd6abcc4bb797d4deed32dd269jim [Joe Orton]
db8ac7cbb1fa6cdd6abcc4bb797d4deed32dd269jim *) core: Apply <If> sections to all requests, not only to file base requests.
db8ac7cbb1fa6cdd6abcc4bb797d4deed32dd269jim Allow to use <If> inside <Directory>, <Location>, and <Files> sections.
7b979864a91b52ecebca11d0a9a22e09349e59baminfrin The merging of <If> sections now happens after the merging of <Location>
8d755accbdc5ae15bb0d00169b815d264c7de745minfrin sections, even if an <If> section is embedded inside a <Directory> or
8d755accbdc5ae15bb0d00169b815d264c7de745minfrin <Files> section. [Stefan Fritsch]
7b979864a91b52ecebca11d0a9a22e09349e59baminfrin *) mod_proxy: Refactor usage of shared data by dropping the scoreboard
7b0a3bcc0e689305df49f7d4da7abc35aa891862brianp and using slotmem. Create foundation for dynamic growth/changes of
7b0a3bcc0e689305df49f7d4da7abc35aa891862brianp members within a balancer. Remove BalancerNonce in favor of a
7b0a3bcc0e689305df49f7d4da7abc35aa891862brianp per-balancer 'nonce' parameter. [Jim Jagielski]
1bae4591a85d90325ecdacedf7e54d1bbfe31037aaron *) mod_status: Don't show slots which are disabled by MaxClients as open.
1bae4591a85d90325ecdacedf7e54d1bbfe31037aaron PR: 47022 [Jordi Prats <jordi prats gmail com>, Stefan Fritsch]
a6f48cc01ab8f5377e570c61826dcdfc36741936trawick *) mpm_prefork: Fix ap_mpm_query results for AP_MPMQ_MAX_DAEMONS and
a6f48cc01ab8f5377e570c61826dcdfc36741936trawick AP_MPMQ_MAX_THREADS.
2da345202997f8f5860c801d68f7913c02fc05fctrawick *) mod_authz_core: Fix bug in merging logic if user-based and non-user-based
2da345202997f8f5860c801d68f7913c02fc05fctrawick authorization directives were mixed. [Stefan Fritsch]
5bd562b1d7da51cb5715899d32bb4c79c54459b0wrowe *) mod_authn_socache: change directive name from AuthnCacheProvider
5bd562b1d7da51cb5715899d32bb4c79c54459b0wrowe to AuthnCacheProvideFor. The term "provider" is overloaded in
5bd562b1d7da51cb5715899d32bb4c79c54459b0wrowe this module, and we should avoid confusion between the provider
1c06e98017400874d5ff6ad79f13145ec4589225striker of a backend (AuthnCacheSOCache) and the authn provider(s) for
1c06e98017400874d5ff6ad79f13145ec4589225striker which this module provides cacheing (AuthnCacheProvideFor).
99a041314eb3db0b0cca325c9c40d0a6c5fdf04fwrowe *) mod_proxy_http: Allocate the fake backend request from a child pool
99a041314eb3db0b0cca325c9c40d0a6c5fdf04fwrowe of the backend connection, instead of misusing the pool of the frontend
99a041314eb3db0b0cca325c9c40d0a6c5fdf04fwrowe request. Fixes a thread safety issue where buckets set aside in the
99a041314eb3db0b0cca325c9c40d0a6c5fdf04fwrowe backend connection leak into other threads, and then disappear when
99a041314eb3db0b0cca325c9c40d0a6c5fdf04fwrowe the frontend request is cleaned up, in turn causing corrupted buckets
99a041314eb3db0b0cca325c9c40d0a6c5fdf04fwrowe to make other threads spin. [Graham Leggett]
6e119e632566d69798ce6cf4e714ed374b72914frederpj *) mod_ssl: Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
6e119e632566d69798ce6cf4e714ed374b72914frederpj to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
6e119e632566d69798ce6cf4e714ed374b72914frederpj escape other special characters with backslashes. The old format can
6e119e632566d69798ce6cf4e714ed374b72914frederpj still be used with the LegacyDNStringFormat argument to SSLOptions.
bd120542ebe7e09cdbada5daf4924f4690e5ece3trawick *) core, mod_rewrite: Make the REQUEST_SCHEME variable available to
bd120542ebe7e09cdbada5daf4924f4690e5ece3trawick scripts and mod_rewrite. [Stefan Fritsch]
bd120542ebe7e09cdbada5daf4924f4690e5ece3trawick *) mod_rewrite: Allow to use arbitrary boolean expressions (ap_expr) in
bd120542ebe7e09cdbada5daf4924f4690e5ece3trawick RewriteCond. [Stefan Fritsch]
68d439bc0482b2e41053480f748edc2574c2ea7btrawick *) mod_rewrite: Allow to unset environment variables using E=!VAR.
68d439bc0482b2e41053480f748edc2574c2ea7btrawick PR 49512. [Mark Drayton <mark markdrayton info>, Stefan Fritsch]
dddbde8480d265d06c84f2281f01e00f8ef52e94mjc *) mod_headers: Restore the 2.3.8 and earlier default for the first
dddbde8480d265d06c84f2281f01e00f8ef52e94mjc argument of the Header directive ("onsuccess"). [Eric Covener]
a5ca705e053a6c754c5958aafcd6f0aa60a2e67frbb *) core: Disallow the mixing of relative and absolute Options PR 33708.
e06675c51d084791089d79c3ac18aeae8dd465fcrbb [Sönke Tesch <st kino-fahrplan.de>]
e06675c51d084791089d79c3ac18aeae8dd465fcrbb *) core: When exporting request headers to HTTP_* environment variables,
e06675c51d084791089d79c3ac18aeae8dd465fcrbb drop variables whose names contain invalid characters. Describe in the
481c1206b6065a8f37ab75ca1fc26c947cb37852ianh docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
481c1206b6065a8f37ab75ca1fc26c947cb37852ianh *) core: When selecting an IP-based virtual host, favor an exact match for
a964f7434f5c7f512a5fa0d0178260ccb74c84berbb the port over a wildcard (or omitted) port instead of favoring the one
a964f7434f5c7f512a5fa0d0178260ccb74c84berbb that came first in the configuration file. [Eric Covener]
a964f7434f5c7f512a5fa0d0178260ccb74c84berbb *) core: Overlapping virtual host address/port combinations now implicitly
6a7877447bcb8e6ff848d72f82f184c404ef4c0bminfrin enable name-based virtual hosting for that address. The NameVirtualHost
6a7877447bcb8e6ff848d72f82f184c404ef4c0bminfrin directive has no effect, and _default_ is interpreted the same as "*".
6a7877447bcb8e6ff848d72f82f184c404ef4c0bminfrin [Eric Covener]
9335cbd541cca1ca6038af329bbd1645310aabccminfrin *) core: In the absence of any Options directives, the default is now
9335cbd541cca1ca6038af329bbd1645310aabccminfrin "FollowSymlinks" instead of "All". [Igor Galić]
9335cbd541cca1ca6038af329bbd1645310aabccminfrin *) rotatelogs: Add -e option to write logs through to stdout for optional
9335cbd541cca1ca6038af329bbd1645310aabccminfrin further processing. [Graham Leggett]
9335cbd541cca1ca6038af329bbd1645310aabccminfrin *) mod_ssl: Correctly read full lines in input filter when the line is
e156db58351d1c040bc72430f3eb072cb6ae7107brianp incomplete during first read. PR 50481. [Ruediger Pluem]
e156db58351d1c040bc72430f3eb072cb6ae7107brianp *) mod_authz_core: Add AuthzSendForbiddenOnFailure directive to allow
e156db58351d1c040bc72430f3eb072cb6ae7107brianp sending '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authorization
1c06e98017400874d5ff6ad79f13145ec4589225striker fails for an authenticated user. PR 40721. [Stefan Fritsch]
1c06e98017400874d5ff6ad79f13145ec4589225strikerChanges with Apache 2.3.10
eb1349e4ab58bd2935f7054a1bfc5c86ab5a5fa3striker *) mod_rewrite: Don't implicitly URL-escape the original query string
6a94da925498a20a09fde0a66002607be8d83b1astriker when no substitution has changed it. PR 50447. [Eric Covener]
75161f3b2029c25bdb3f8ab87b85cb1810c479eajerenkrantz *) core: Honor 'AcceptPathInfo OFF' during internal redirects,
7639aa8b39e0d9dbd096f9cc3379bcd3d5e4003bstriker such as per-directory mod_rewrite substitutions. PR 50349.
8dc5aa056a586ffa920a6ecd5c31048702371ea6brianp [Eric Covener]
4c9d27bfdfea41b388dc705f7cc2b49318ab5344jim *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base
4c9d27bfdfea41b388dc705f7cc2b49318ab5344jim rules/conditions before the overridden rules/conditions. PR 39313.
e8e8ab3cbc3d90f15eb78e094c381a6e908fd6efjerenkrantz [Jérôme Grandjanny <jerome.grandjanny cea.fr>]
e8e8ab3cbc3d90f15eb78e094c381a6e908fd6efjerenkrantz *) mod_autoindex: add IndexIgnoreReset to reset the list of IndexIgnored
f4c472b8dce3c2e559232dbb5b27ed2466922ea4jerenkrantz filenames in higher precedence configuration sections. PR 24243.
f4c472b8dce3c2e559232dbb5b27ed2466922ea4jerenkrantz [Eric Covener]
8dc5aa056a586ffa920a6ecd5c31048702371ea6brianp *) mod_cgid: RLimit* directive support for mod_cgid. PR 42135
8dc5aa056a586ffa920a6ecd5c31048702371ea6brianp [Eric Covener]
7e31ef4870c7ef94838585004405e8854fefcc51ianh *) core: Fail startup when the argument to ServerName looks like a glob
7e31ef4870c7ef94838585004405e8854fefcc51ianh or a regular expression instead of a hostname (*?[]). PR 39863
bd496a3a7752a55c849e62ed00cacc492d4f6d3erederpj *) mod_userdir: Add merging of enable, disable, and filename arguments
bd496a3a7752a55c849e62ed00cacc492d4f6d3erederpj to UserDir directive, leaving enable/disable of userlists unmerged.
bd496a3a7752a55c849e62ed00cacc492d4f6d3erederpj PR 44076 [Eric Covener]
bd496a3a7752a55c849e62ed00cacc492d4f6d3erederpj *) httpd: When no -k option is provided on the httpd command line, the server
a8c401eadf77822e851f19c7740e7ec6dca03daastoddard was starting without checking for an existing pidfile. PR 50350
a8c401eadf77822e851f19c7740e7ec6dca03daastoddard [Eric Covener]
a8c401eadf77822e851f19c7740e7ec6dca03daastoddard *) mod_proxy: Put the worker in error state if the SSL handshake with the
93d7153aa172665f55b04463b831ad556269c3efbrianp backend fails. PR 50332.
791781f2ccc1f1f1bc1b1643861d3da23edfd147jerenkrantz [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
2ffa5829cad36f12b0a1fc3481592e85bc210a5bjerenkrantz *) mod_cache_disk: Fix Windows build which was broken after renaming
2ffa5829cad36f12b0a1fc3481592e85bc210a5bjerenkrantz the module. [Gregg L. Smith]
02e8590d904653a95eca31bdf8e60866642bb592sliveChanges with Apache 2.3.9
30a5ee06ae5f7f67a83d6852871f654ae3e14aadslive *) SECURITY: CVE-2010-1623 (cve.mitre.org)
02e8590d904653a95eca31bdf8e60866642bb592slive Fix a denial of service attack against mod_reqtimeout.
a97c4ce2bea3dbf8ddc82c796cf93aa6b46765a4brianp [Stefan Fritsch]
a97c4ce2bea3dbf8ddc82c796cf93aa6b46765a4brianp *) mod_headers: Change default first argument of Header directive
b7838ae85a698af19d90ba4ebe03e10bdc149eacjerenkrantz from "onsuccess" to "always". [Eric Covener]
435d2db95b905b0d16d35410e18ff77dc39688aabrianp *) mod_include: Add the onerror attribute to the include element,
435d2db95b905b0d16d35410e18ff77dc39688aabrianp allowing an URL to be specified to include on error. [Graham
a574815e2c6db68b9d8139db89921ededf033decianh *) mod_cache_disk: mod_disk_cache renamed to mod_cache_disk, to be
a574815e2c6db68b9d8139db89921ededf033decianh consistent with the naming of other modules. [Graham Leggett]
964f539e766a3301b3e2f767baeffddcf9f6092bjerenkrantz *) mod_setenvif: Add SetEnvIfExpr directive to set env var depending on
964f539e766a3301b3e2f767baeffddcf9f6092bjerenkrantz expression. [Stefan Fritsch]
5e538c6ced13aa2f7c358e1a44f651d31dd5fab8brianp *) mod_proxy: Fix ProxyPassInterpolateEnv directive. PR 50292.
5e538c6ced13aa2f7c358e1a44f651d31dd5fab8brianp [Stefan Fritsch]
61202a45487668abad788c02e339f626176e645fianh *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
61202a45487668abad788c02e339f626176e645fianh binary (Suexec Off), or force startup failure if suEXEC is required
61202a45487668abad788c02e339f626176e645fianh but not supported (Suexec On). Change SuexecUserGroup to fail
02c49e1f35a4d1a171df2d319e76af0c5163dc4dmartin startup instead of just printing a warning if suEXEC is disabled.
02c49e1f35a4d1a171df2d319e76af0c5163dc4dmartin [Jeff Trawick]
6deb8bcfb8511ac38243a8274fc589842841b398ianh *) core: Add Error directive for aborting startup or htaccess processing
6deb8bcfb8511ac38243a8274fc589842841b398ianh with a specified error message. [Jeff Trawick]
49bbbd1939208be54a3eb00b95e61d90d180a606ianh *) mod_rewrite: Fix the RewriteEngine directive to work within a
49bbbd1939208be54a3eb00b95e61d90d180a606ianh location. Previously, once RewriteEngine was switched on globally,
93d7153aa172665f55b04463b831ad556269c3efbrianp it was impossible to switch off. [Graham Leggett]
93d7153aa172665f55b04463b831ad556269c3efbrianp *) core, mod_include, mod_ssl: Move the expression parser derived from
93d7153aa172665f55b04463b831ad556269c3efbrianp mod_include back into mod_include. Replace ap_expr with a parser
bc6600a6207e5d15b895294e370e4e3320a803d8stoddard derived from mod_ssl's parser. Make mod_ssl use the new parser. Rework
bc6600a6207e5d15b895294e370e4e3320a803d8stoddard ap_expr's public interface and provide hooks for modules to add variables
bc6600a6207e5d15b895294e370e4e3320a803d8stoddard and functions. [Stefan Fritsch]
bc6600a6207e5d15b895294e370e4e3320a803d8stoddard *) core: Do the hook sorting earlier so that the hooks are properly sorted
bc6600a6207e5d15b895294e370e4e3320a803d8stoddard for the pre_config hook and during parsing the config. [Stefan Fritsch]
4e21f1a207aefa9796dc758bf7274b0f1fea780fstoddard *) core: In the absence of any AllowOverride directives, the default is now
7a23067e782dd5612d4d4b539906e1733b664df7jwoolley "None" instead of "All". PR49823 [Eric Covener]
5c214a63f9722864ac4983995da11353779515dbrederpj *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
5c214a63f9722864ac4983995da11353779515dbrederpj <Directory> or <Files>. PR47765 [Eric Covener]
9f20717d827f2113a23dfa45539813171cf626eaianh *) prefork/worker/event MPMS: default value (when no directive is present)
9f20717d827f2113a23dfa45539813171cf626eaianh of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
9f20717d827f2113a23dfa45539813171cf626eaianh to match default configuration and manual. PR47782 [Eric Covener]
a0db2f093595083300ad3438314f90921405ccf9wrowe *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
a0db2f093595083300ad3438314f90921405ccf9wrowe when the child process is starting to exit. PR50220. [Eric Covener]
c66798efb2184ecf904cd8471acd17e65688b1caianh *) mod_autoindex: Fix inheritance of mod_autoindex directives into
c66798efb2184ecf904cd8471acd17e65688b1caianh contexts that don't have any mod_autoindex directives. PR47766.
fb59f85aab19883025f619727948b8088232cc4brederpj [Eric Covener]
fb59f85aab19883025f619727948b8088232cc4brederpj *) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
fb59f85aab19883025f619727948b8088232cc4brederpj of rewrite processing when a per-directory substitution occurs.
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh [Eric Covener]
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh *) mod_ssl: Make sure to always log an error if loading of CA certificates
1a1cf0ee9229ee29e5750b25dd94dbb9b04072cfianh fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
0bbb249eafe9ef9508821f0ef58e7440625ecd62trawick *) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
0bbb249eafe9ef9508821f0ef58e7440625ecd62trawick request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
7a23067e782dd5612d4d4b539906e1733b664df7jwoolley *) mod_dav: Send 400 error if malformed Content-Range header is received for
7a23067e782dd5612d4d4b539906e1733b664df7jwoolley a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
7a23067e782dd5612d4d4b539906e1733b664df7jwoolley *) mod_proxy: Release the backend connection as soon as EOS is detected,
6032a7c97a25c52f4bdd78ce23f2010e52c9e81arederpj so the backend isn't forced to wait for the client to eventually
6032a7c97a25c52f4bdd78ce23f2010e52c9e81arederpj acknowledge the data. [Graham Leggett]
ba2e14e474516f1c75a96b4f6d1a9dec332175efianh *) mod_proxy: Optimise ProxyPass within a Location so that it is stored
ba2e14e474516f1c75a96b4f6d1a9dec332175efianh per-directory, and chosen during the location walk. Make ProxyPass
ec69fc6e323eb1f3112966e06e9e37be608d052cianh work correctly from within a LocationMatch. [Graham Leggett]
f0791c5bdfd36969d292a4092df076aa6d1c34ccwrowe *) core: Fix segfault if per-module LogLevel is on virtual host
f0791c5bdfd36969d292a4092df076aa6d1c34ccwrowe scope. PR 50117. [Stefan Fritsch]
749011213737e8d0cd6ca78d5eb532ec6f6b9fdfianh *) mod_proxy: Move the ProxyErrorOverride directive to have per
749011213737e8d0cd6ca78d5eb532ec6f6b9fdfianh directory scope. [Graham Leggett]
ec69fc6e323eb1f3112966e06e9e37be608d052cianh *) mod_allowmethods: New module to deny certain HTTP methods without
ec69fc6e323eb1f3112966e06e9e37be608d052cianh interfering with authentication/authorization. [Paul Querna,
e7bf4d6f15d04e86e20002e65f60d7fbf80e5974stoddard Igor Galić, Stefan Fritsch]
8ab933f1df663f95c27e2ce5772127d4f3a10e0bstriker *) mod_ssl: Log certificate information and improve error message if client
de42d3dfd83a4cc62f0dd6b79ee5cbcfa69fd503brianp cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
de42d3dfd83a4cc62f0dd6b79ee5cbcfa69fd503brianp Stefan Fritsch]
de42d3dfd83a4cc62f0dd6b79ee5cbcfa69fd503brianp *) htcacheclean: Teach htcacheclean to limit cache size by number of
8ab933f1df663f95c27e2ce5772127d4f3a10e0bstriker inodes in addition to size of files. Prevents a cache disk from
44380fc1701cbb8b0a977d5a1497f0c6ee912e0bfielding running out of space when many small files are cached.
44380fc1701cbb8b0a977d5a1497f0c6ee912e0bfielding [Graham Leggett]
44380fc1701cbb8b0a977d5a1497f0c6ee912e0bfielding *) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
44380fc1701cbb8b0a977d5a1497f0c6ee912e0bfielding describes more accurately what the directive does. The old name
44380fc1701cbb8b0a977d5a1497f0c6ee912e0bfielding still works but logs a warning. [Stefan Fritsch]
a8dda281113c5038945423320d8c9b42e3d1ddb1jwoolley *) mod_cache: Optionally serve stale data when a revalidation returns a
50e60f30bdc074fbc887f0b98f4d570457ac97c9brianp 5xx response, controlled by the CacheStaleOnError directive.
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe [Graham Leggett]
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) htcacheclean: Allow the listing of valid URLs within the cache, with
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe the option to list entry metadata such as sizes and times. [Graham
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) mod_cache: correctly parse quoted strings in cache headers.
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe PR 50199 [Nick Kew]
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) mod_cache: Allow control over the base URL of reverse proxied requests
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe using the CacheKeyBaseURL directive, so that the cache key can be
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe calculated from the endpoint URL instead of the server URL. [Graham
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) mod_cache: CacheLastModifiedFactor, CacheStoreNoStore, CacheStorePrivate,
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe CacheStoreExpired, CacheIgnoreNoLastMod, CacheDefaultExpire,
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe CacheMinExpire and CacheMaxExpire can be set per directory/location.
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe [Graham Leggett]
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) mod_disk_cache: CacheMaxFileSize, CacheMinFileSize, CacheReadSize and
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe CacheReadTime can be set per directory/location. [Graham Leggett]
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe *) core: Speed up config parsing if using a very large number of config
39dde7f4cd79d701cc14e5beac8ea528bc58d038wrowe files. PR 50002 [andrew cloudaccess net]
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowe *) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowe *) htcacheclean: Allow the option to round up file sizes to a given
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowe block size, improving the accuracy of disk usage. [Graham Leggett]
6ba861fd6c705eaeb1f9bb97df86ddea6895e263minfrin *) mod_ssl: Add authz providers for use with mod_authz_core and its
6ba861fd6c705eaeb1f9bb97df86ddea6895e263minfrin RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
6ba861fd6c705eaeb1f9bb97df86ddea6895e263minfrin 'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
268ac122b1fd6fa948b30bdf0d8c0d80e75d68dawrowe 'ssl-require' (expressions with same syntax as SSLRequire).
b78ed256f4b99e72836d36fd68d4e7a26dbe032cianh [Stefan Fritsch]
b78ed256f4b99e72836d36fd68d4e7a26dbe032cianh *) mod_ssl: Make the ssl expression parser thread-safe. It now requires
698670444b30b79e808155739f98c39bec35f72awrowe bison instead of yacc. [Stefan Fritsch]
698670444b30b79e808155739f98c39bec35f72awrowe *) mod_disk_cache: Change on-disk header file format to support the
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowe link of the device/inode of the data file to the matching header
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowe file, and to support the option of not writing a data file when
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowe the data file is empty. [Graham Leggett]
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowe *) core/mod_unique_id: Add generate_log_id hook to allow to use
57bea0f0559e31536af3b7b5859d3681ee29a34cwrowe the ID generated by mod_unique_id as error log ID for requests.
94e2b2d12fa269af16fa63a6270d3336d9f126f2trawick [Stefan Fritsch]
94e2b2d12fa269af16fa63a6270d3336d9f126f2trawick *) mod_cache: Make sure that we never allow a 304 Not Modified response
94e2b2d12fa269af16fa63a6270d3336d9f126f2trawick that we asked for to leak to the client should the 304 response be
35313c8d7368125c3e95d3118238d2be9a613000trawick uncacheable. PR45341 [Graham Leggett]
35313c8d7368125c3e95d3118238d2be9a613000trawick *) mod_cache: Add the cache_status hook to register the final cache
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawick decision hit/miss/revalidate. Add optional support for an X-Cache
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawick and/or an X-Cache-Detail header to add the cache status to the
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawick response. PR48241 [Graham Leggett]
55da18d54a0ba74dc51aecba5b0daf71a2ed10a7trawick *) mod_authz_host: Add 'local' provider that matches connections originating
c51f2b89da23e3371959a74808dee1792d96f5c1wsanchez on the local host. PR 19938. [Stefan Fritsch]
c51f2b89da23e3371959a74808dee1792d96f5c1wsanchez *) Event MPM: Fix crash accessing pollset on worker thread when child
c51f2b89da23e3371959a74808dee1792d96f5c1wsanchez process is exiting. [Jeff Trawick]
79c9b0ac498d97336874edba0daf9f544ad14671trawick *) core: For process invocation (cgi, fcgid, piped loggers and so forth)
79c9b0ac498d97336874edba0daf9f544ad14671trawick pass the system library path (LD_LIBRARY_PATH or platform-specific
79c9b0ac498d97336874edba0daf9f544ad14671trawick variables) along with the system PATH, by default. Both should be
79c9b0ac498d97336874edba0daf9f544ad14671trawick overridden together as desired using PassEnv etc; see mod_env.
79c9b0ac498d97336874edba0daf9f544ad14671trawick [William Rowe]
5a7d934619b2be92e18be5dd3366f4ac6ddeab43trawick *) mod_cache: Introduce CacheStoreExpired, to allow administrators to
5a7d934619b2be92e18be5dd3366f4ac6ddeab43trawick capture a stale backend response, perform If-Modified-Since requests
5a70e5b66eb7758d0e64e070211f699fc83fca70wrowe against the backend, and serving from the cache all 304 responses.
5a70e5b66eb7758d0e64e070211f699fc83fca70wrowe This restores pre-2.2.4 cache behavior. [William Rowe]
5a70e5b66eb7758d0e64e070211f699fc83fca70wrowe *) mod_rewrite: Introduce <=, >= string comparison operators, and integer
5a70e5b66eb7758d0e64e070211f699fc83fca70wrowe comparators -lt, -le, -eq, -ge, and -gt. To help bash users and drop
84eeb0ab12215fc22577a9a0a9589cea2a445712trawick the ambiguity of the symlink test "-ltest", introduce -h or -L as
84eeb0ab12215fc22577a9a0a9589cea2a445712trawick symlink test operators. [William Rowe]
1d3fbd2d9f03c0826977d940a2081401edf522d4jerenkrantz *) mod_cache: Give the cache provider the opportunity to choose to cache
b5cc0253789825ace46944dc9cde744be08dd77fjerenkrantz or not cache based on the buckets present in the brigade, such as the
b5cc0253789825ace46944dc9cde744be08dd77fjerenkrantz presence of a FILE bucket.
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslive [Graham Leggett]
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslive *) mod_authz_core: Allow authz providers to check args while reading the
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslive config and allow to cache parsed args. Move 'all' and 'env' authz
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslive providers from mod_authz_host to mod_authz_core. Add 'method' authz
e4bb84f3c11f282d3ba66f64940b1b8e13f85e7aslive provider depending on the HTTP method. [Stefan Fritsch]
ba2bab42e97405dc41c0f8fe3416f7f9a79ed7a9brianp *) mod_include: Move the request_rec within mod_include to be
ba2bab42e97405dc41c0f8fe3416f7f9a79ed7a9brianp exposed within include_ctx_t. [Graham Leggett]
756b54396a86db555817bb52149d91b60d00e35fwrowe *) mod_include: Reinstate support for UTF-8 character sets by allowing a
756b54396a86db555817bb52149d91b60d00e35fwrowe variable being echoed or set to be decoded and then encoded as separate
756b54396a86db555817bb52149d91b60d00e35fwrowe steps. PR47686 [Graham Leggett]
b4251d1fbef86f96e01c68f8de086e0dbb8bcb74trawick *) mod_cache: Add a discrete commit_entity() provider function within the
b4251d1fbef86f96e01c68f8de086e0dbb8bcb74trawick mod_cache provider interface which is called to indicate to the
b4251d1fbef86f96e01c68f8de086e0dbb8bcb74trawick provider that caching is complete, giving the provider the opportunity
24efed0910118b762a4eb84830875d4714b8d315ianh to commit temporary files permanently to the cache in an atomic
24efed0910118b762a4eb84830875d4714b8d315ianh fashion. Replace the inconsistent use of error cleanups with a formal
50e60f30bdc074fbc887f0b98f4d570457ac97c9brianp set of pool cleanups attached to a subpool, which is destroyed on error.
50e60f30bdc074fbc887f0b98f4d570457ac97c9brianp [Graham Leggett]
bdbafc44d060509e86f0cc56ff4d19579438f846striker *) mod_cache: Change the signature of the store_body() provider function
bdbafc44d060509e86f0cc56ff4d19579438f846striker within the mod_cache provider interface to support an "in" brigade
bdbafc44d060509e86f0cc56ff4d19579438f846striker and an "out" brigade instead of just a single input brigade. This
fbd0c3dbae333ba4a7225dad2d090419ad894e4ctrawick gives a cache provider the option to consume only part of the brigade
bdbafc44d060509e86f0cc56ff4d19579438f846striker passed to it, rather than the whole brigade as was required before.
bdbafc44d060509e86f0cc56ff4d19579438f846striker This fixes an out of memory and a request timeout condition that would
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe occur when the original document was a large file. Introduce
6d0ec39a3ef89ce485f23008efa399b7b35bf1fdjwoolley CacheReadSize and CacheReadTime directives to mod_disk_cache to control
6d0ec39a3ef89ce485f23008efa399b7b35bf1fdjwoolley the amount of data to attempt to cache at a time. [Graham Leggett]
6d0ec39a3ef89ce485f23008efa399b7b35bf1fdjwoolley *) core: Add ErrorLogFormat to allow configuring error log format, including
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantz additional information that is logged once per connection or request. Add
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantz error log IDs for connections and request to allow correlating error log
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantz lines and the corresponding access log entry. [Stefan Fritsch]
0fdf8c342123fde84405b885fb1720ebc652e10djerenkrantz *) core: Disable sendfile by default. [Stefan Fritsch]
6b87b6eee6a43f40ef6bead9ef3173979b4cd76crbb *) mod_cache: Check the request to determine whether we are allowed
6b87b6eee6a43f40ef6bead9ef3173979b4cd76crbb to return cached content at all, and respect a "Cache-Control:
6b87b6eee6a43f40ef6bead9ef3173979b4cd76crbb no-cache" header from a client. Previously, "no-cache" would
6b87b6eee6a43f40ef6bead9ef3173979b4cd76crbb behave like "max-age=0". [Graham Leggett]
bfd2cedbf2918fcb95daa9f850ecdf5e24765c22jerenkrantz *) mod_cache: Use a proper filter context to hold filter data instead
bfd2cedbf2918fcb95daa9f850ecdf5e24765c22jerenkrantz of misusing the per-request configuration. Fixes a segfault on trunk
f9a773d26994c3b267589e404cdb5b760f83e888jerenkrantz when the normal handler is used. [Graham Leggett]
f9a773d26994c3b267589e404cdb5b760f83e888jerenkrantz *) mod_cgid: Log a warning if the ScriptSock path is truncated because
a250599aab6669d5877edf158032efd2538e5820trawick it is too long. PR 49388. [Stefan Fritsch]
a250599aab6669d5877edf158032efd2538e5820trawick *) vhosts: Do not allow _default_ in NameVirtualHost, or mixing *
a250599aab6669d5877edf158032efd2538e5820trawick and non-* ports on NameVirtualHost, or multiple NameVirtualHost
41338e6ead3fa8d60ad3841d069f4b47e71d9177wrowe directives for the same address:port, or NameVirtualHost
41338e6ead3fa8d60ad3841d069f4b47e71d9177wrowe directives with no matching VirtualHosts, or multiple ip-based
41338e6ead3fa8d60ad3841d069f4b47e71d9177wrowe VirtualHost sections for the same address:port. These were
41338e6ead3fa8d60ad3841d069f4b47e71d9177wrowe previously accepted with a warning, but the behavior was
92b0ffb9cbc04b3d9c7ce6becadc0c3d88dea2d9wrowe undefined. [Dan Poirier]
92b0ffb9cbc04b3d9c7ce6becadc0c3d88dea2d9wrowe *) mod_remoteip: Fix a segfault when using mod_remoteip in conjunction with
961ff00a8f1fe79a8ac8b18617b40a404e28cb35brianp Allow/Deny. PR 49838. [Andrew Skalski <voltara gmail.com>]
961ff00a8f1fe79a8ac8b18617b40a404e28cb35brianp *) core: DirectoryMatch can now match on the end of line character ($),
92b0ffb9cbc04b3d9c7ce6becadc0c3d88dea2d9wrowe and sub-directories of matched directories are no longer implicitly
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe matched. PR49809 [Eric Covener]
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe *) Regexps: introduce new higher-level regexp utility including parsing
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe and executing perl-style regexp ops (e.g s/foo/bar/i) and regexp memory
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe *) Proxy: support setting source address. PR 29404
6a82dfd37385024d0e94e71edd2f46b609796cfdwrowe [Multiple contributors iterating through bugzilla,
c43fd8f8f90a7549bffe1e581eedbd087db1163estoddard Aron Ujvari <xanco nikhok.hu>, Aleksey Midenkov <asm uezku.kemsu.ru>,
c43fd8f8f90a7549bffe1e581eedbd087db1163estoddard <dan listening-station.net; trunk version Nick Kew]
a8dda281113c5038945423320d8c9b42e3d1ddb1jwoolley *) HTTP protocol: return 400 not 503 if we have to abort due to malformed
854cc4d3451547c2359c27870a3c354ad385a49bianh chunked encoding. [Nick Kew]
854cc4d3451547c2359c27870a3c354ad385a49bianhChanges with Apache 2.3.8
02ec77ed8e15b4b601de98a322e4bd8d7d3e1ec2trawick *) suexec: Support large log files. PR 45856. [Stefan Fritsch]
49ada1eac7c4cae429ba193273b7f40f355d9c7ejwoolley *) core: Abort with sensible error message if no or more than one MPM is
49ada1eac7c4cae429ba193273b7f40f355d9c7ejwoolley loaded. [Stefan Fritsch]
88425bd3442321915195ac9dfa9a80ffcd968fa4brianp *) mod_proxy: Rename erroronstatus to failonstatus.
88425bd3442321915195ac9dfa9a80ffcd968fa4brianp [Daniel Ruggeri <DRuggeri primary.net>]
88425bd3442321915195ac9dfa9a80ffcd968fa4brianp *) mod_dav_fs: Fix broken "creationdate" property.
a8dda281113c5038945423320d8c9b42e3d1ddb1jwoolley Regression in version 2.3.7. [Rainer Jung]
a8dda281113c5038945423320d8c9b42e3d1ddb1jwoolleyChanges with Apache 2.3.7
37b8494ffaeb4ee9a9a2f9917d334078c16d4212jwoolley *) SECURITY: CVE-2010-1452 (cve.mitre.org)
37b8494ffaeb4ee9a9a2f9917d334078c16d4212jwoolley mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
bf3d1782a29630335a1df535eb395355ab1cd154jwoolley segment. PR: 49246 [Mark Drayton, Jeff Trawick]
37b8494ffaeb4ee9a9a2f9917d334078c16d4212jwoolley *) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
da16bea08c6ff10ceb8d250ff23e8e81a372cef8jwoolley [Stefan Fritsch]
99f692732327e0c200fd639105dbf9940bd229f1rbb *) mod_rewrite: Log errors if rewrite map files cannot be opened. PR 49639.
99f692732327e0c200fd639105dbf9940bd229f1rbb [Stefan Fritsch]
80f73246cc14f02d50bfac5306c079464c2dd1c6rbb *) mod_proxy_http: Support the 'ping' property for backend HTTP/1.1 servers
80f73246cc14f02d50bfac5306c079464c2dd1c6rbb via leveraging 100-Continue as the initial "request".
80f73246cc14f02d50bfac5306c079464c2dd1c6rbb [Jim Jagielski]
80f73246cc14f02d50bfac5306c079464c2dd1c6rbb *) core/mod_authz_core: Introduce new access_checker_ex hook that enables
dcdc78fce34f06533df4829abbc726f7fbf207fejwoolley mod_authz_core to bypass authentication if access should be allowed by
dcdc78fce34f06533df4829abbc726f7fbf207fejwoolley IP address/env var/... [Stefan Fritsch]
d4a93d608a28bf331625544a2896fa20bef4a2b4rbb *) core: Introduce note_auth_failure hook to allow modules to add support
d4a93d608a28bf331625544a2896fa20bef4a2b4rbb for additional auth types. This makes ap_note_auth_failure() work with
d4a93d608a28bf331625544a2896fa20bef4a2b4rbb mod_auth_digest again. PR 48807. [Stefan Fritsch]
d4a93d608a28bf331625544a2896fa20bef4a2b4rbb *) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
36fcd3d96b9bf9a2d4af424e64584b5dede3e3e6brianp *) mod_authn_socache: new module [Nick Kew]
4b34d6a5b70303010612df6c87da3ee91ae86078rbb *) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
4b34d6a5b70303010612df6c87da3ee91ae86078rbb *) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]
4b34d6a5b70303010612df6c87da3ee91ae86078rbb *) mod_rewrite: Allow to set environment variables without explicitly
4b34d6a5b70303010612df6c87da3ee91ae86078rbb giving a value. [Rainer Jung]
44d971eef4337ad80ba3d360c84ffa8188d50325trawick *) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]
84bdb86d57d2a2f828b17e77ac2379fed551c2adtrawick *) mod_include: recognise "text/html; parameters" as text/html
84bdb86d57d2a2f828b17e77ac2379fed551c2adtrawick PR 49616 [Andrey Chernov <ache nagual.pp.ru>]
46603605c2edcc1cc84fa45634e19a395134078atrawick *) CGI vars: allow PATH to be set by SetEnv, consistent with LD_LIBRARY_PATH
46603605c2edcc1cc84fa45634e19a395134078atrawick PR 43906 [Nick Kew]
46603605c2edcc1cc84fa45634e19a395134078atrawick *) Core: Extra robustness: don't try authz and segfault if authn
86826d685f83170ca07d56550db9f0c2922a916btrawick fails to set r->user. Log bug and return 500 instead.
86826d685f83170ca07d56550db9f0c2922a916btrawick PR 42995 [Nick Kew]
86826d685f83170ca07d56550db9f0c2922a916btrawick *) HTTP protocol filter: fix handling of longer chunk extensions
4f412c60e9c2af999619d11b236068a0e0e94944trawick *) Update SSL cipher suite and add example for SSLHonorCipherOrder.
4f412c60e9c2af999619d11b236068a0e0e94944trawick [Lars Eilebrecht, Rainer Jung]
4f6effa17a5084085c9104b0bb97c2ba1622cfa6jerenkrantz *) move AddOutputFilterByType from core to mod_filter. This should
4f6effa17a5084085c9104b0bb97c2ba1622cfa6jerenkrantz fix nasty side-effects that happen when content_type is set
4f6effa17a5084085c9104b0bb97c2ba1622cfa6jerenkrantz more than once in processing a request, and make it fully
bfa5c37259833629155d486bb1571d39a57de64dbnicholes compatible with dynamic and proxied contents. [Nick Kew]
bfa5c37259833629155d486bb1571d39a57de64dbnicholes *) mod_log_config: Implement logging for sub second timestamps and
a946a7e607c21cf6068e7380d7e81cc2bf027913trawick request end time. [Rainer Jung]
da16bea08c6ff10ceb8d250ff23e8e81a372cef8jwoolleyChanges with Apache 2.3.6
c88a70518d7d0b5bccb22a68d446c2d6589790dcjwoolley *) SECURITY: CVE-2009-3555 (cve.mitre.org)
e59e4b703b7e19c4b35030e4baac8a96a8d4b504dougm mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
e59e4b703b7e19c4b35030e4baac8a96a8d4b504dougm attack when compiled against OpenSSL version 0.9.8m or later. Introduces
e59e4b703b7e19c4b35030e4baac8a96a8d4b504dougm the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
e59e4b703b7e19c4b35030e4baac8a96a8d4b504dougm and offer unsafe legacy renegotiation with clients which do not yet
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougm support the new secure renegotiation protocol, RFC 5746.
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougm [Joe Orton, and with thanks to the OpenSSL Team]
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougm *) SECURITY: CVE-2009-3555 (cve.mitre.org)
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougm mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
5717c6b0b97a065a84fba32cebeee959a5fe4f15dougm by rejecting any client-initiated renegotiations. Forcibly disable
835836eaf9e2a23192a262307b08f626e50e2180trawick keepalive for the connection if there is any buffered data readable. Any
835836eaf9e2a23192a262307b08f626e50e2180trawick configuration which requires renegotiation for per-directory/location
835836eaf9e2a23192a262307b08f626e50e2180trawick access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
81dddb023f9dd43b350f782972c1f75a88a2d93ftrawick [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
81dddb023f9dd43b350f782972c1f75a88a2d93ftrawick *) SECURITY: CVE-2010-0408 (cve.mitre.org)
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowe mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowe when request headers indicate a request body is incoming; not a case of
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowe HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowe *) SECURITY: CVE-2010-0425 (cve.mitre.org)
9b9e0eca165f5f464e357bb2a9b8bbfc9621067cwrowe mod_isapi: Do not unload an isapi .dll module until the request
b26781e595625911fc8fc8215133ad2285ed75d8jim processing is completed, avoiding orphaned callback pointers.
b26781e595625911fc8fc8215133ad2285ed75d8jim [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
5117466ef123b1efbc2feba168f37069ef6f230bianh *) core: Filter init functions are now run strictly once per request
5117466ef123b1efbc2feba168f37069ef6f230bianh before handler invocation. The init functions are no longer run
5117466ef123b1efbc2feba168f37069ef6f230bianh for connection filters. PR 49328. [Joe Orton]
9c39f8fb982df4dbce5304e49385568e6d35bfa8trawick *) core: Adjust the output filter chain correctly in an internal
9c39f8fb982df4dbce5304e49385568e6d35bfa8trawick redirect from a subrequest, preserving filters from the main
9c39f8fb982df4dbce5304e49385568e6d35bfa8trawick request as necessary. PR 17629. [Joe Orton]
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowe *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowe Response if they so choose to do so. Previously an attempt to cache a 206
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowe was arbitrarily allowed if the response contained an Expires or
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowe Cache-Control header, and arbitrarily denied if both headers were missing.
1d50c90ddb7e3d144ec8a2bd848ca1e7bbf8e534bnicholes [Graham Leggett]
bdd4aa13a97de79596cd19708f1516e8fa92700ewrowe *) core: Add microsecond timestamp fractions, process id and thread id
1d50c90ddb7e3d144ec8a2bd848ca1e7bbf8e534bnicholes to the error log. [Rainer Jung]
24e361af20a3107dc934b4895911ce6bcce0603ejwoolley *) configure: The "most" module set gets build by default. [Rainer Jung]
24e361af20a3107dc934b4895911ce6bcce0603ejwoolley *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
4657f9b12af4b123b80e15c73fa03c190e47a8bftrawick *) configure: Fix broken VPATH build when using included APR.
4657f9b12af4b123b80e15c73fa03c190e47a8bftrawick [Rainer Jung]
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbb *) mod_session_crypto: Fix configure problem when building
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbb with APR 2 and for VPATH builds with included APR.
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbb [Rainer Jung]
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbb *) mod_session_crypto: API compatibility with APR 2 crypto and
c36bac9a918f59b2dbf5dcd7d67b50c1da04c89drbb APR Util 1.x crypto. [Rainer Jung]
ad668861e40da485f2eea24dc4c1f9940e470698rbb *) ab: Fix memory leak with -v2 and SSL. PR 49383.
ad668861e40da485f2eea24dc4c1f9940e470698rbb [Pavel Kankovsky <peak argo troja mff cuni cz>]
89211a5d592cdf0170d2b541946661b1a2a279c5trawick *) core: Add per-module and per-directory loglevel configuration.
89211a5d592cdf0170d2b541946661b1a2a279c5trawick Add some more trace logging.
89211a5d592cdf0170d2b541946661b1a2a279c5trawick mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
89211a5d592cdf0170d2b541946661b1a2a279c5trawick mod_ssl: Replace LogLevelDebugDump with trace log levels.
5caa0a5c428439b566a4fcc711747e2053bcfd1ajerenkrantz mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
5caa0a5c428439b566a4fcc711747e2053bcfd1ajerenkrantz mod_dumpio: Replace DumpIOLogLevel with trace log levels.
34d672a81f3e72f30568462135ddf6d71dcfa8d8bnicholes [Stefan Fritsch]
34d672a81f3e72f30568462135ddf6d71dcfa8d8bnicholes *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
b1d2d2797866636f792717f96401292481697145wrowe title page only) when any mod_ldap directives were used in VirtualHost
b1d2d2797866636f792717f96401292481697145wrowe context. [Eric Covener]
b1d2d2797866636f792717f96401292481697145wrowe *) mod_disk_cache: Decline the opportunity to cache if the response is
b1d2d2797866636f792717f96401292481697145wrowe a 206 Partial Content. This stops a reverse proxied partial response
b1d2d2797866636f792717f96401292481697145wrowe from becoming cached, and then being served in subsequent responses.
b1d2d2797866636f792717f96401292481697145wrowe [Graham Leggett]
b1d2d2797866636f792717f96401292481697145wrowe *) mod_deflate: avoid the risk of forwarding data before headers are set.
4a98c07ecf4f27a9b18963bbe85260857664d03bjerenkrantz PR 49369 [Matthew Steele <mdsteele google.com>]
8abcc73436888a98721b10f0c09206f6fea68c55jerenkrantz *) mod_authnz_ldap: Ensure nested groups are checked when the
b24d065530fdf97376f390522396be5a4469fcf4jerenkrantz top-level group doesn't have any direct non-group members
b24d065530fdf97376f390522396be5a4469fcf4jerenkrantz of attributes in AuthLDAPGroupAttribute. [Eric Covener]
a981bcb9c3b780184e75ff069d67fe84da6c3d3dbnicholes *) mod_authnz_ldap: Search or Comparison during authorization phase
a981bcb9c3b780184e75ff069d67fe84da6c3d3dbnicholes can use the credentials from the authentication phase
8e2e1446dd3b216c1f414493758f8b0d267a3c0dwrowe (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
a981bcb9c3b780184e75ff069d67fe84da6c3d3dbnicholes PR 48340 [Domenico Rotiroti, Eric Covener]
b5fe023e1cf0aa3d15a3bf2e237891e837980feastoddard *) mod_authnz_ldap: Allow the initial DN search during authentication
b5fe023e1cf0aa3d15a3bf2e237891e837980feastoddard to use the HTTP username/pass instead of an anonymous or hard-coded
b2cff333bc23b8e74c6aad9ee97973df02cca180aaron LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
b2cff333bc23b8e74c6aad9ee97973df02cca180aaron [Eric Covener]
7eb55be5bcc75f2acf789aeca38d88a9c75d001ejwoolley *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
7eb55be5bcc75f2acf789aeca38d88a9c75d001ejwoolley when this module is used for authorization. See AuthLDAPAuthorizePrefix.
d31e50dddb975275ef388ab64e380b6d4e5d9710jerenkrantz PR 45584 [Eric Covener]
d31e50dddb975275ef388ab64e380b6d4e5d9710jerenkrantz *) apxs -q: Stop filtering out ':' characters from the reported values.
d31e50dddb975275ef388ab64e380b6d4e5d9710jerenkrantz PR 45343. [Bill Cole]
d5eaaee4a1e5faaf21e7111fd61732c6e7dbe8b2jwoolley *) prefork MPM: Work around possible crashes on child exit in APR reslist
d5eaaee4a1e5faaf21e7111fd61732c6e7dbe8b2jwoolley cleanup code. PR 43857. [Tom Donovan]
c88a70518d7d0b5bccb22a68d446c2d6589790dcjwoolley *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
c88a70518d7d0b5bccb22a68d446c2d6589790dcjwoolley [Bryn Dole <dole blekko.com>]
c88a70518d7d0b5bccb22a68d446c2d6589790dcjwoolley *) Log an error for failures to read a chunk-size, and return 408 instead of
c64c364bf863ad985309ef10d68caaa93e8d09ccstoddard 413 when this is due to a read timeout. This change also fixes some cases
c64c364bf863ad985309ef10d68caaa93e8d09ccstoddard of two error documents being sent in the response for the same scenario.
c64c364bf863ad985309ef10d68caaa93e8d09ccstoddard [Eric Covener] PR49167
d8d240df2f2b23455be6b01343daedebaa6c4f96trawick *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
d8d240df2f2b23455be6b01343daedebaa6c4f96trawick to control/set the nonce used in the balancer-manager application.
d8d240df2f2b23455be6b01343daedebaa6c4f96trawick [Jim Jagielski]
d8d240df2f2b23455be6b01343daedebaa6c4f96trawick *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
b5b5e8cc4668ab29d8f08f590d829dcfaeda9d33brianp [Stefan Fritsch]
b5b5e8cc4668ab29d8f08f590d829dcfaeda9d33brianp *) Proxy balancer: support setting error status according to HTTP response
e2653756d0d14a9a620b24bd04a6ab1182178462brianp code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
e2653756d0d14a9a620b24bd04a6ab1182178462brianp *) htcacheclean: Introduce the ability to clean specific URLs from the
d980a97cfc68de0ef35432ce03f1c1e468a19877jwoolley cache, if provided as an optional parameter on the command line.
d980a97cfc68de0ef35432ce03f1c1e468a19877jwoolley [Graham Leggett]
d980a97cfc68de0ef35432ce03f1c1e468a19877jwoolley *) core: Introduce the IncludeStrict directive, which explicitly fails
d980a97cfc68de0ef35432ce03f1c1e468a19877jwoolley server startup if no files or directories match a wildcard path.
d980a97cfc68de0ef35432ce03f1c1e468a19877jwoolley [Graham Leggett]
aa3510b82ec5d82ddbf4748829ec90f1ce71398ebrianp *) htcacheclean: Report additional statistics about entries deleted.
aa3510b82ec5d82ddbf4748829ec90f1ce71398ebrianp PR 48944. [Mark Drayton mark markdrayton.info]
51b1d7f8eaa74807ab14479edde4421e77f5d1d7brianp *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
08aff55373b2ae69182a58055a5c1b3a12d927b0slive builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
08aff55373b2ae69182a58055a5c1b3a12d927b0slive build of openssl is required for 'SSLFIPS on'. PR 46270.
08aff55373b2ae69182a58055a5c1b3a12d927b0slive [Dr Stephen Henson <steve openssl.org>, William Rowe]
4f50bfb0367b91396c0fe85b80536b760080d39etrawick *) mod_proxy_http: Log the port of the remote server in various messages.
4f50bfb0367b91396c0fe85b80536b760080d39etrawick PR 48812. [Igor Galić <i galic brainsware org>]
5a63340978acb9dd7e87724be57d2bde1cf1f629trawick *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
5a63340978acb9dd7e87724be57d2bde1cf1f629trawick connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
8565f742f1ee3d514b2d48a1f2a5af5d7437c3b9trawick *) mod_proxy_ajp: Really regard the operation a success, when the client
8565f742f1ee3d514b2d48a1f2a5af5d7437c3b9trawick aborted the connection. In addition adjust the log message if the client
8565f742f1ee3d514b2d48a1f2a5af5d7437c3b9trawick aborted the connection. [Ruediger Pluem]
8843b75d1c70af3da9a7306c4aede3b3e9346deajwoolley *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
8843b75d1c70af3da9a7306c4aede3b3e9346deajwoolley allows insecure renegotiation with clients which do not yet
8843b75d1c70af3da9a7306c4aede3b3e9346deajwoolley support the secure renegotiation protocol. [Joe Orton]
dcecfbe7e63603d0fb95e4811e015039e9401990stoddard *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
dcecfbe7e63603d0fb95e4811e015039e9401990stoddard is configured for client cert auth. PR 46952. [Joe Orton]
0c7592379b55b7736dd70d2d87f53af9a2347614jerenkrantz *) core: Only log a 408 if it is no keepalive timeout. PR 39785
4844d314b0b6e55a309621b84c1786446c5fb418ianh [Ruediger Pluem, Mark Montague <markmont umich.edu>]
4844d314b0b6e55a309621b84c1786446c5fb418ianh *) support/rotatelogs: Add -L option to create a link to the current
127c81d6b2c9ba8932273c2e1b13e3ea3d673b07trawick log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
127c81d6b2c9ba8932273c2e1b13e3ea3d673b07trawick *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
127c81d6b2c9ba8932273c2e1b13e3ea3d673b07trawick setting only, matching most of the documentation and examples.
59d01b9ed1de043745262e49bb44bde7095c4723jwoolley PR 46541 [Paul Reder, Eric Covener]
59d01b9ed1de043745262e49bb44bde7095c4723jwoolley *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
59d01b9ed1de043745262e49bb44bde7095c4723jwoolley types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
e6e65585927961caf45d4e9e932bb1f4e9e89ca1jerenkrantz *) mod_negotiation: Preserve query string over multiviews negotiation.
e6e65585927961caf45d4e9e932bb1f4e9e89ca1jerenkrantz This buglet was fixed for type maps in 2.2.6, but the same issue
e6e65585927961caf45d4e9e932bb1f4e9e89ca1jerenkrantz affected multiviews and was overlooked.
b068b71651c802cc4e0b835495ad0e41c65e1174trawick PR 33112 [Joergen Thomsen <apache jth.net>]
b068b71651c802cc4e0b835495ad0e41c65e1174trawick *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe when some are not password-protected. [Eric Covener]
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe *) Fix startup segfault when the Mutex directive is used but no loaded
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe modules use httpd mutexes. PR 48787. [Jeff Trawick]
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe *) Proxy: get the headers right in a HEAD request with
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe ProxyErrorOverride, by checking for an overridden error
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe before not after going into a catch-all code path.
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe PR 41646. [Nick Kew, Stuart Children]
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe *) support/rotatelogs: Support the simplest log rotation case, log
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe truncation. Useful when the log is being processed in real time
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe using a command like tail. [Graham Leggett]
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe *) support/htcacheclean: Teach it how to write a pid file (modelled on
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe httpd's writing of a pid file) so that it becomes possible to run
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe more than one instance of htcacheclean on the same machine.
34a1e566d4af2735c87e2d3e6ac5e505855518aawrowe [Graham Leggett]
dd39efc1f7ed97cf526aefa24359f0be2ac5c3f4trawick *) Log command line on startup, so there's a record of command line
dd39efc1f7ed97cf526aefa24359f0be2ac5c3f4trawick arguments like -f. PR 48752. [Dan Poirier]
dd39efc1f7ed97cf526aefa24359f0be2ac5c3f4trawick *) Introduce mod_reflector, a handler capable of reflecting POSTed
f53367106769f90696d9c1f0ffcf9fbb4db883c2jerenkrantz request bodies back within the response through the output filter
f53367106769f90696d9c1f0ffcf9fbb4db883c2jerenkrantz stack. Can be used to turn an output filter into a web service.
f53367106769f90696d9c1f0ffcf9fbb4db883c2jerenkrantz [Graham Leggett]
9a940e8e90f9b163737e23bbf72a3f2c67a39220brianp *) mod_proxy_http: Make sure that when an ErrorDocument is served
9a940e8e90f9b163737e23bbf72a3f2c67a39220brianp from a reverse proxied URL, that the subrequest respects the status
8496c88debb9962575dac2b1ef9b81984d7bd759brianp of the original request. This brings the behaviour of proxy_handler
8496c88debb9962575dac2b1ef9b81984d7bd759brianp in line with default_handler. PR 47106. [Graham Leggett]
8496c88debb9962575dac2b1ef9b81984d7bd759brianp *) Support wildcards in both the directory and file components of
7c8747b339a5e47ea8301907051a9974d15b23b7brianp the path specified by the Include directive. [Graham Leggett]
98f81eac9530d487f05013cda9df99755bb59689trawick *) mod_proxy, mod_proxy_http: Support remote https proxies
98f81eac9530d487f05013cda9df99755bb59689trawick by using HTTP CONNECT. PR 19188.
0b493ad526b8bbc2ff21ce19510fc32238abb816jwoolley [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
0b493ad526b8bbc2ff21ce19510fc32238abb816jwoolley *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
0b493ad526b8bbc2ff21ce19510fc32238abb816jwoolley [Philip M. Gollucci]
1376737cb6afa24d3e12f3a223318fe1bd71bb1fslive *) worker: Don't report server has reached MaxClients until it has.
1376737cb6afa24d3e12f3a223318fe1bd71bb1fslive Add message when server gets within MinSpareThreads of MaxClients.
1376737cb6afa24d3e12f3a223318fe1bd71bb1fslive PR 46996. [Dan Poirier]
ec1719a5748717f67dcd279bb64bd0da424ae450jerenkrantz *) mod_session: Session expiry was being initialised, but not updated
ec1719a5748717f67dcd279bb64bd0da424ae450jerenkrantz on each session save, resulting in timed out sessions when there
dea9ded7417a8328f8fce5d57eca9d7af5500520trawick should not have been. Fixed. [Graham Leggett]
3f0220bf6e864d982a10348c9cc269bfe798d65eaaron *) mod_log_config: Add the R option to log the handler used within the
3f0220bf6e864d982a10348c9cc269bfe798d65eaaron request. [Christian Folini <christian.folini netnea com>]
3f0220bf6e864d982a10348c9cc269bfe798d65eaaron *) mod_include: Allow fine control over the removal of Last-Modified and
75d133afee2e3636b07366fd62102b13b67b1b1djerenkrantz ETag headers within the INCLUDES filter, making it possible to cache
75d133afee2e3636b07366fd62102b13b67b1b1djerenkrantz responses if desired. Fix the default value of the SSIAccessEnable
75d133afee2e3636b07366fd62102b13b67b1b1djerenkrantz directive. [Graham Leggett]
2ae7ad6f58b7e3188ed4bd375a8930808529ba71jwoolley *) Add new UnDefine directive to undefine a variable. PR 35350.
2ae7ad6f58b7e3188ed4bd375a8930808529ba71jwoolley [Stefan Fritsch]
5b30f835d627766b024500189c35bb55e686e890brianp *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
5b30f835d627766b024500189c35bb55e686e890brianp for regex backreferences as mod_rewrite and mod_include: Remove the use
5b30f835d627766b024500189c35bb55e686e890brianp of '&' as an alias for '$0' and allow to escape any character with a
d45481dadf7f1f0ffd95b38b1c5b0ea6b2d57888jerenkrantz backslash. PR 48351. [Stefan Fritsch]
d45481dadf7f1f0ffd95b38b1c5b0ea6b2d57888jerenkrantz *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
0c7592379b55b7736dd70d2d87f53af9a2347614jerenkrantz password to UTF-8. PR 45318.
0c7592379b55b7736dd70d2d87f53af9a2347614jerenkrantz [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
6d62bc22f8f22a43e66e2e4d8860a5a144316b1astoddard *) ab: Fix calculation of requests per second in HTML output. PR 48594.
6d62bc22f8f22a43e66e2e4d8860a5a144316b1astoddard [Stefan Fritsch]
8efcf516f2b6514879fff8d034be55b6d64ff830striker *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
71eda8b1c14e4d0adb2f294f22299587cd3d74a9striker password now result in an informational level log entry instead of
71eda8b1c14e4d0adb2f294f22299587cd3d74a9striker warning level. [Eric Covener]
922c0ad0014590bb10d13674012683eef44c0bbarederpjChanges with Apache 2.3.5
922c0ad0014590bb10d13674012683eef44c0bbarederpj *) SECURITY: CVE-2010-0434 (cve.mitre.org)
aec964227053fab7e59deb26709b94726ce67224rederpj Ensure each subrequest has a shallow copy of headers_in so that the
aec964227053fab7e59deb26709b94726ce67224rederpj parent request headers are not corrupted. Eliminates a problematic
8ffd5c9693162130d35be41953f0dd3bba18edf7rederpj optimization in the case of no request body. PR 48359
aec964227053fab7e59deb26709b94726ce67224rederpj [Jake Scott, William Rowe, Ruediger Pluem]
1e27f530f81c6058d1a11944ae1e2da45977fc7bjerenkrantz *) Turn static function get_server_name_for_url() into public
1e27f530f81c6058d1a11944ae1e2da45977fc7bjerenkrantz ap_get_server_name_for_url() and use it where appropriate. This
469549ac22c6f7b9ecdd9df2565925563e4df84djwoolley fixes mod_rewrite generating invalid URLs for redirects to IPv6
469549ac22c6f7b9ecdd9df2565925563e4df84djwoolley literal addresses. [Stefan Fritsch]
469549ac22c6f7b9ecdd9df2565925563e4df84djwoolley *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
469549ac22c6f7b9ecdd9df2565925563e4df84djwoolley for LDAP operations like bind and search. [Stefan Fritsch]
7a9f3bef545b0bbc93c2ed758119b0d2e2647c31trawick *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
7a9f3bef545b0bbc93c2ed758119b0d2e2647c31trawick mod_proxy_ftp. [Takashi Sato]
0be05c658c7e6e5a05fd2d4068d8ac0f030d4752jwoolley *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
223b367115aefc20f1c32fe2d4e2bfcc4bfe108fjwoolley mod_proxy_connect. [Takashi Sato]
223b367115aefc20f1c32fe2d4e2bfcc4bfe108fjwoolley *) mod_cache: Do an exact match of the keys defined by
223b367115aefc20f1c32fe2d4e2bfcc4bfe108fjwoolley CacheIgnoreURLSessionIdentifiers against the querystring instead of
223b367115aefc20f1c32fe2d4e2bfcc4bfe108fjwoolley a partial match. PR 48401.
639cf068707865a81ad2c610e72d57b043d20dd6wrowe [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
639cf068707865a81ad2c610e72d57b043d20dd6wrowe *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
f3f0c2a5f6009d06350341219d1f38a1644708bcbrianp *) Core HTTP: disable keepalive when the Client has sent
f3f0c2a5f6009d06350341219d1f38a1644708bcbrianp Expect: 100-continue
f3f0c2a5f6009d06350341219d1f38a1644708bcbrianp but we respond directly with a non-100 response.
33b095d35c5dac22358ce63c32635ab59ce7cb25aaron Keepalive here led to data from clients continuing being treated as
33b095d35c5dac22358ce63c32635ab59ce7cb25aaron a new request.
33b095d35c5dac22358ce63c32635ab59ce7cb25aaron PR 47087 [Nick Kew]
33b095d35c5dac22358ce63c32635ab59ce7cb25aaron *) Core: reject NULLs in request line or request headers.
100e6f5dec61d108494565f8f3bfa894afadc33ajerenkrantz PR 43039 [Nick Kew]
100e6f5dec61d108494565f8f3bfa894afadc33ajerenkrantz *) Core: (re)-introduce -T commandline option to suppress documentroot
100e6f5dec61d108494565f8f3bfa894afadc33ajerenkrantz check at startup.
5d5d5ca04c57c7ab865924f4648e8f80de27adfebrianp PR 41887 [Jan van den Berg <janvdberg gmail.com>]
4f3ec2ec53c7ca5ca308d85e2e0beb933a2fd0f9aaron *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
4f3ec2ec53c7ca5ca308d85e2e0beb933a2fd0f9aaron ScanHTMLTitles, ReadmeName, HeaderName
4f3ec2ec53c7ca5ca308d85e2e0beb933a2fd0f9aaron PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
4f3ec2ec53c7ca5ca308d85e2e0beb933a2fd0f9aaron *) Proxy: Fix ProxyPassReverse with relative URL
3c0c3ae288166a8736593093c636768702abf263aaron Derived (slightly erroneously) from PR 38864 [Nick Kew]
3c0c3ae288166a8736593093c636768702abf263aaron *) mod_headers: align Header Edit with Header Set when used on Content-Type
b8a843847aae3d9a1838fb8f1de84cd66212f48atrawick PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
c8411888a54dd5dbfd8a5d337ebf0e911a789063trawick *) mod_headers: Enable multi-match-and-replace edit option
c8411888a54dd5dbfd8a5d337ebf0e911a789063trawick PR 46594 [Nick Kew]
28caffb98f18c0b9562ac20870f7ab91f3d9a01fjerenkrantz *) mod_filter: enable it to act on non-200 responses.
28caffb98f18c0b9562ac20870f7ab91f3d9a01fjerenkrantz PR 48377 [Nick Kew]
d757628a07145aa711ba75b4e7c7c01a33133ca1jerenkrantzChanges with Apache 2.3.4
d757628a07145aa711ba75b4e7c7c01a33133ca1jerenkrantz *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
1585c2979d749ee71edb6a1d57bc9ff6db12a426jerenkrantz and WatchdogMutexPath with a single Mutex directive. Add APIs to
1585c2979d749ee71edb6a1d57bc9ff6db12a426jerenkrantz simplify setup and user customization of APR proc and global mutexes.
1585c2979d749ee71edb6a1d57bc9ff6db12a426jerenkrantz (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
6bdb2c094666367615890147775bb18761216c8dminfrin respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
6bdb2c094666367615890147775bb18761216c8dminfrin *) http_core: KeepAlive no longer accepts other than On|Off.
c069757188a3cd9ab19b05169b005a824b60b6fcaaron [Takashi Sato]
c069757188a3cd9ab19b05169b005a824b60b6fcaaron *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
c069757188a3cd9ab19b05169b005a824b60b6fcaaron and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
c069757188a3cd9ab19b05169b005a824b60b6fcaaron [Jeff Trawick]
11ce97701b22d795fd1a5ec3769a3367bc220921wrowe *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
11ce97701b22d795fd1a5ec3769a3367bc220921wrowe try other providers in the case of an LDAP bind failure.
11ce97701b22d795fd1a5ec3769a3367bc220921wrowe PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
6cdd5cd95d8323de5cfb912d8fc0df8c5e3d02cejerenkrantz *) Build: fix --with-module to work as documented
239ab9d14d3851c2efc1312b3b42c838073533f4jerenkrantzChanges with Apache 2.3.3
239ab9d14d3851c2efc1312b3b42c838073533f4jerenkrantz *) SECURITY: CVE-2009-3095 (cve.mitre.org)
239ab9d14d3851c2efc1312b3b42c838073533f4jerenkrantz mod_proxy_ftp: sanity check authn credentials.
c5fb76caa5498c60b991fcba8dfbf3c229f0f4d5rbb [Stefan Fritsch <sf fritsch.de>, Joe Orton]
c5fb76caa5498c60b991fcba8dfbf3c229f0f4d5rbb *) SECURITY: CVE-2009-3094 (cve.mitre.org)
c5fb76caa5498c60b991fcba8dfbf3c229f0f4d5rbb mod_proxy_ftp: NULL pointer dereference on error paths.
c5fb76caa5498c60b991fcba8dfbf3c229f0f4d5rbb [Stefan Fritsch <sf fritsch.de>, Joe Orton]
c5fb76caa5498c60b991fcba8dfbf3c229f0f4d5rbb *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
b9cf7102006ac2ccfebcb78174585986ff127ba9jwoolley OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
4b0939148fffde56f0b7db2a43cab1d1dc76ab3fmjc *) mod_dav: Include uri when logging a PUT error due to connection abort.
2b13bc45632d72cdf50ac42149e4fc8bc0d05bf2stoddard PR 38149. [Stefan Fritsch]
2b13bc45632d72cdf50ac42149e4fc8bc0d05bf2stoddard *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
2b13bc45632d72cdf50ac42149e4fc8bc0d05bf2stoddard resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
2b13bc45632d72cdf50ac42149e4fc8bc0d05bf2stoddard *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
2b13bc45632d72cdf50ac42149e4fc8bc0d05bf2stoddard (a COPY request where the parent of the destination resource does not
52617e76a53b1d90da027a5311790e1ccef8f60ftrawick exist). PR 39299. [Stefan Fritsch]
b584ec31a47334b1253f4a5ad73f023336ab2f28jwoolley *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
b584ec31a47334b1253f4a5ad73f023336ab2f28jwoolley PR 42896. [Stefan Fritsch]
b584ec31a47334b1253f4a5ad73f023336ab2f28jwoolley *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
7ac88dc1ac207b9a434fd76c0406651d68018d69rederpj old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
52617e76a53b1d90da027a5311790e1ccef8f60ftrawick *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
52617e76a53b1d90da027a5311790e1ccef8f60ftrawick creating files. On systems with inode numbers, this is a format change of
f905b21d99b264dbf26acc30b430ebe92838cdcejerenkrantz the DavLockDB. The old DavLockDB must be deleted on upgrade.
d157b208942316e96c34fa8b2222ed4cc2e56783trawick [Stefan Fritsch]
d157b208942316e96c34fa8b2222ed4cc2e56783trawick *) mod_log_config: Make ${cookie}C correctly match whole cookie names
d157b208942316e96c34fa8b2222ed4cc2e56783trawick instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
dc903d97a896d4e414efb1cb49f22ce00a49f070trawick Stefan Fritsch]
dc903d97a896d4e414efb1cb49f22ce00a49f070trawick *) vhost: A purely-numeric Host: header should not be treated as a port.
dc903d97a896d4e414efb1cb49f22ce00a49f070trawick PR 44979 [Nick Kew]
dc903d97a896d4e414efb1cb49f22ce00a49f070trawick *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
dc903d97a896d4e414efb1cb49f22ce00a49f070trawick when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
68f803c489cf61918fb4e61745fcd1e0cc980541jerenkrantz LDAPReferralHopLimit is explicitly configured.
68f803c489cf61918fb4e61745fcd1e0cc980541jerenkrantz [Eric Covener]
15405e91bb3fad5a80f7abe828a00b44a3a65bf8jerenkrantz *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
15405e91bb3fad5a80f7abe828a00b44a3a65bf8jerenkrantz [Eric Covener]
f905b21d99b264dbf26acc30b430ebe92838cdcejerenkrantz *) mod_ssl: Add support for OCSP Stapling. PR 43822.
f905b21d99b264dbf26acc30b430ebe92838cdcejerenkrantz [Dr Stephen Henson <shenson oss-institute.org>]
0e2340134f2336b98c92d7f157fb65d0a6f477d4stoddard *) mod_socache_shmcb: Allow parens in file name if cache size is given.
0e2340134f2336b98c92d7f157fb65d0a6f477d4stoddard Fixes SSLSessionCache directive mis-parsing parens in pathname.
431d6106eaf796cc8dfa8cb0db2b180dd93ed6dftrawick PR 47945. [Stefan Fritsch]
b3edf21d591bfd0e64bbec0dda73c0e41d7ecdb6wrowe *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
b3edf21d591bfd0e64bbec0dda73c0e41d7ecdb6wrowe *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
b3edf21d591bfd0e64bbec0dda73c0e41d7ecdb6wrowe *) mod_sed: Reduce memory consumption when processing very long lines.
5d238058bc748dfa13ff21890ae4a58481e3be89jerenkrantz PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
5d238058bc748dfa13ff21890ae4a58481e3be89jerenkrantz *) ab: Fix segfault in case the argument for -n is a very large number.
9282327b0ffe8981d39835130dfb334af192b508jerenkrantz PR 47178. [Philipp Hagemeister <oss phihag.de>]
9282327b0ffe8981d39835130dfb334af192b508jerenkrantz *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
8fcaadcb287f361bb304d53a69d508500840fafcjerenkrantz [Stefan Fritsch]
8fcaadcb287f361bb304d53a69d508500840fafcjerenkrantz *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
8fcaadcb287f361bb304d53a69d508500840fafcjerenkrantz for worker MPM. [Takashi Sato]
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
8af88bd6958b80c224e964892b8237720b13ab1ajerenkrantz Brian France <brian brianfrance.com>]
25b812bcab8b61981e288996b991e0ab4d224b92jerenkrantz *) Build: Use install instead of cp if available on installing
25b812bcab8b61981e288996b991e0ab4d224b92jerenkrantz modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
87f0329e30de94828e08d53a99ea23cda86a9fccjerenkrantz *) mod_cache: correctly consider s-maxage in cacheability
87f0329e30de94828e08d53a99ea23cda86a9fccjerenkrantz decisions. [Dan Poirier]
0396e75f271f51be57be778655e32ba8d64d240bwrowe *) mod_logio/core: Report more accurate byte counts in mod_status if
0396e75f271f51be57be778655e32ba8d64d240bwrowe mod_logio is loaded. PR 25656. [Stefan Fritsch]
0396e75f271f51be57be778655e32ba8d64d240bwrowe *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
dc10f7a2f87d4cd7cdd16dc248b165122b4ac62btrawick some cache entries and log a warning. Also increase the default
dc10f7a2f87d4cd7cdd16dc248b165122b4ac62btrawick LDAPSharedCacheSize to 500000. This is a more realistic size suitable
dc10f7a2f87d4cd7cdd16dc248b165122b4ac62btrawick for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
dc10f7a2f87d4cd7cdd16dc248b165122b4ac62btrawick PR 46749. [Stefan Fritsch]
431d6106eaf796cc8dfa8cb0db2b180dd93ed6dftrawick *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
390489eb69fe15943ddf67adcc832ca8de125cd9jerenkrantz the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
390489eb69fe15943ddf67adcc832ca8de125cd9jerenkrantz *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
390489eb69fe15943ddf67adcc832ca8de125cd9jerenkrantz Location section, in line with how ProxyPass works. [Graham Leggett]
a1e8b54f269a8f2388590174174509546e886e60stoddard *) mod_reqtimeout: New module to set timeouts and minimum data rates for
a1e8b54f269a8f2388590174174509546e886e60stoddard receiving requests from the client. [Stefan Fritsch]
109d280c3fcf810e573fc1af5e141ad525c45811bjh *) core: Fix potential memory leaks by making sure to not destroy
109d280c3fcf810e573fc1af5e141ad525c45811bjh bucket brigades that have been created by earlier filters.
109d280c3fcf810e573fc1af5e141ad525c45811bjh [Stefan Fritsch]
61d2cd001754548e90364aa3a7e76863616544b0minfrin *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
61d2cd001754548e90364aa3a7e76863616544b0minfrin brigades in several places. [Stefan Fritsch]
61d2cd001754548e90364aa3a7e76863616544b0minfrin *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
9a3bbca61e24c13d8b496116ac759117136c6bf4aaron match by scheme, or by a wildcarded hostname. PR 40169
9a3bbca61e24c13d8b496116ac759117136c6bf4aaron [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
9a3bbca61e24c13d8b496116ac759117136c6bf4aaron *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
9a3bbca61e24c13d8b496116ac759117136c6bf4aaron on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm *) mod_mime: Make RemoveType override the info from TypesConfig.
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm PR 38330. [Stefan Fritsch]
0506359f47150991eaaae37ca07f94117a9aa63dtrawick *) mod_cache: Introduce the option to run the cache from within the
0506359f47150991eaaae37ca07f94117a9aa63dtrawick normal request handler, and to allow fine grained control over
0506359f47150991eaaae37ca07f94117a9aa63dtrawick where in the filter chain content is cached. [Graham Leggett]
67f62b7a48ff9eb8d9f31898dceaf9f89280a723dougm *) core: Treat timeout reading request as 408 error, not 400.
67f62b7a48ff9eb8d9f31898dceaf9f89280a723dougm Log 408 errors in access log as was done in Apache 1.3.x.
9d3fdc3bb8077a46851080e17ef9f16c83720c8ftrawick PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
9d3fdc3bb8077a46851080e17ef9f16c83720c8ftrawick Stefan Fritsch <sf fritsch.de>, Dan Poirier]
219472ea2d5f1563509321d8b8a91b116792bf7adougm *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
219472ea2d5f1563509321d8b8a91b116792bf7adougm SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
c048b545f06921f53ceb830b30f99aed7b369d95dougm *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
c048b545f06921f53ceb830b30f99aed7b369d95dougm PR15866. [Dan Poirier]
621bd763d2e4d32f19013ac8b76b375b5a01851fdougm *) ab: ab segfaults in verbose mode on https sites
621bd763d2e4d32f19013ac8b76b375b5a01851fdougm PR46393. [Ryan Niebur]
0ea12b5dcb3d1d399f9bff6f56fb445d80205f9dstriker *) mod_dav: Allow other modules to become providers and add resource types
0ea12b5dcb3d1d399f9bff6f56fb445d80205f9dstriker to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
e93624301705e3dc68992e3b488a764389eb8b98trawick Brian France <brian brianfrance.com>]
cba0728e3535ee87e89cdb3cb54ce91eda18f6ccaaron *) mod_dav: Allow other modules to add things to the DAV or Allow headers
cba0728e3535ee87e89cdb3cb54ce91eda18f6ccaaron of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
cba0728e3535ee87e89cdb3cb54ce91eda18f6ccaaron Brian France <brian brianfrance.com>]
a45de374fb215f294eb1369d4406ac79d6596ee1brianp *) core: Lower memory usage of core output filter.
a45de374fb215f294eb1369d4406ac79d6596ee1brianp [Stefan Fritsch <sf sfritsch.de>]
7f14bcf6b594703df385ce84ba2ee3cdf3ccbae4trawick *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
7f14bcf6b594703df385ce84ba2ee3cdf3ccbae4trawick LocationMatch sections. PR47754. [Dan Poirier]
7f14bcf6b594703df385ce84ba2ee3cdf3ccbae4trawick *) mod_request: Make sure the KeptBodySize directive rejects values
0007bb1e01dd762bde7280beb57113309c1715a3trawick that aren't valid numbers. [Graham Leggett]
a1be7357e2c08b9dfe52c277063d212d65b15feejim *) mod_session_crypto: Sanity check should the potentially encrypted
a1be7357e2c08b9dfe52c277063d212d65b15feejim session cookie be too short. [Graham Leggett]
a1be7357e2c08b9dfe52c277063d212d65b15feejim *) mod_session.c: Prevent a segfault when session is added but not
6682df9b639663c50f447e5690dd62cce7b1c086trawick configured. [Graham Leggett]
6682df9b639663c50f447e5690dd62cce7b1c086trawick *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
51c0f0fe0a49a180389009442a83f74b1916f96atrawick *) mod_auth_digest: Fail server start when nonce count checking
51c0f0fe0a49a180389009442a83f74b1916f96atrawick is configured without shared memory, or md5-sess algorithm is
51c0f0fe0a49a180389009442a83f74b1916f96atrawick configured. [Dan Poirier]
7e8bc9ca9d1e752f6ca6debec6be8addae8bd72etrawick *) mod_proxy_connect: The connect method doesn't work if the client is
7e8bc9ca9d1e752f6ca6debec6be8addae8bd72etrawick connecting to the apache proxy through an ssl socket. Fixed.
7e8bc9ca9d1e752f6ca6debec6be8addae8bd72etrawick PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
ecb511c254d5affe7cc018482d53c19aaf145878jerenkrantz David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
ecb511c254d5affe7cc018482d53c19aaf145878jerenkrantz Kevin Croft, Rudolf Cardinal]
ecb511c254d5affe7cc018482d53c19aaf145878jerenkrantz *) mod_ssl: The error message when SSLCertificateFile is missing should
60b83cd8f9427809082340cfd7581091990962f5jwoolley at least give the name or position of the problematic virtual host
60b83cd8f9427809082340cfd7581091990962f5jwoolley definition. [Stefan Fritsch sf sfritsch.de]
e93624301705e3dc68992e3b488a764389eb8b98trawick *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
e93624301705e3dc68992e3b488a764389eb8b98trawick *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
a2d4f1da4e19836b2d6a673f80f33381a926a8bddougm *) mod_headers: generalise the envclause to support expression
d56d6753a75f5b915120c797aedbfcf13bb14c8brbb evaluation with ap_expr parser [Nick Kew]
d56d6753a75f5b915120c797aedbfcf13bb14c8brbb *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
d56d6753a75f5b915120c797aedbfcf13bb14c8brbb the flood of requests at bay that strike a backend webserver as
d56d6753a75f5b915120c797aedbfcf13bb14c8brbb a cached entity goes stale. [Graham Leggett]
4aaf7088758ca56823e585969320f2405a7cc5fcdougm *) mod_auth_digest: Fix usage of shared memory and re-enable it.
4aaf7088758ca56823e585969320f2405a7cc5fcdougm PR 16057 [Dan Poirier]
e0596968fe84a2bdaebe0192d8d64d2e9856d4d6brianp *) Preserve Port information over internal redirects
f33c2c86b419be97248c5289b71738b5f0c7ab0adirkx *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
f33c2c86b419be97248c5289b71738b5f0c7ab0adirkx rather than BAD_GATEWAY or (especially) NOT_FOUND.
c5fdaba2e790a0a351d796b5fe3dcfb585be1ba2jim PR 46971 [evanc nortel.com]
c5fdaba2e790a0a351d796b5fe3dcfb585be1ba2jim *) Various modules: Do better checking of pollset operations in order to
c5fdaba2e790a0a351d796b5fe3dcfb585be1ba2jim avoid segmentation faults if they fail. PR 46467
c5fdaba2e790a0a351d796b5fe3dcfb585be1ba2jim [Stefan Fritsch <sf sfritsch.de>]
2fc50921b88defeb7127985dfe4b4130175e069ejwoolley *) mod_autoindex: Correctly create an empty cell if the description
2fc50921b88defeb7127985dfe4b4130175e069ejwoolley for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
2fc50921b88defeb7127985dfe4b4130175e069ejwoolley *) ab: Fix broken error messages after resolver or connect() failures.
47638f4a67ce38e5a83e7a303d6f2d5c9ff47b4ebrianp [Jeff Trawick]
47638f4a67ce38e5a83e7a303d6f2d5c9ff47b4ebrianp *) SECURITY: CVE-2009-1890 (cve.mitre.org)
82630c4a04be47f39298d3284b2c596244fb509bbrianp Fix a potential Denial-of-Service attack against mod_proxy in a
82630c4a04be47f39298d3284b2c596244fb509bbrianp reverse proxy configuration, where a remote attacker can force a
0d24ea1c99d2267096caaf0843c7e5a1ac6b7c0bmjc proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
35d682920b0b7073bb9ff8c8794f0f73e3ee1a47slive *) SECURITY: CVE-2009-1191 (cve.mitre.org)
a2d4f1da4e19836b2d6a673f80f33381a926a8bddougm mod_proxy_ajp: Avoid delivering content from a previous request which
a2d4f1da4e19836b2d6a673f80f33381a926a8bddougm failed to send a request body. PR 46949 [Ruediger Pluem]
30b4a330a5f651eb5198fa93dbb9f3d3594564c9stoddard *) htdbm: Fix possible buffer overflow if dbm database has very
30b4a330a5f651eb5198fa93dbb9f3d3594564c9stoddard long values. PR 30586 [Dan Poirier]
30b4a330a5f651eb5198fa93dbb9f3d3594564c9stoddard *) core: Return APR_EOF if request body is shorter than the length announced
30b4a330a5f651eb5198fa93dbb9f3d3594564c9stoddard by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
983988ac7b8faaf037f4df0ab29729cd047a3ffdtrawick *) mod_suexec: correctly set suexec_enabled when httpd is run by a
983988ac7b8faaf037f4df0ab29729cd047a3ffdtrawick non-root user and may have insufficient permissions.
7a64b871b8b5e5a427b570e90f0e38e88266c783jim PR 42175 [Jim Radford <radford blackbean.org>]
7a64b871b8b5e5a427b570e90f0e38e88266c783jim *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
7a64b871b8b5e5a427b570e90f0e38e88266c783jim type. PR 45107. [Michael Ströder <michael stroeder.com>,
a736bac16e58d5e96945f35ee3c43a2cd2f5d37ejerenkrantz *) mod_proxy_http: fix case sensitivity checking transfer encoding
a736bac16e58d5e96945f35ee3c43a2cd2f5d37ejerenkrantz PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
797d596a95d4f9900e83ec18295b4ca4951bf763jerenkrantz *) mod_alias: ensure Redirect issues a valid URL.
797d596a95d4f9900e83ec18295b4ca4951bf763jerenkrantz PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
5842e6b336b1cc0252b6cc2944dd81c7d3a19a1bbrianp *) mod_dir: add FallbackResource directive, to enable admin to specify
2532433e80d73506f7bcc18bd0dab686f1c39397minfrin an action to happen when a URL maps to no file, without resorting
2532433e80d73506f7bcc18bd0dab686f1c39397minfrin to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
2532433e80d73506f7bcc18bd0dab686f1c39397minfrin *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
c148bc6b4eea544af816783400362f741c5f5fc2trawick CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
c148bc6b4eea544af816783400362f741c5f5fc2trawick *) mod_rewrite: Remove locking for writing to the rewritelog.
9d432e23f6025b78322cbee43e8e89262a108e5eaaron PR 46942 [Dan Poirier <poirier pobox.com>]
9d432e23f6025b78322cbee43e8e89262a108e5eaaron *) mod_alias: check sanity in Redirect arguments.
9d432e23f6025b78322cbee43e8e89262a108e5eaaron PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
9d432e23f6025b78322cbee43e8e89262a108e5eaaron *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
9d432e23f6025b78322cbee43e8e89262a108e5eaaron PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
6a5bdbbacf4a62adecde52b8f23ebcc4fa2a08b8trawick *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
6a5bdbbacf4a62adecde52b8f23ebcc4fa2a08b8trawick defined session identifiers encoded in the URL when caching.
10306ac2c175f420e6989568f4c8535a5dbc1349minfrin [Ruediger Pluem]
10306ac2c175f420e6989568f4c8535a5dbc1349minfrin *) mod_rewrite: Fix the error string returned by RewriteRule.
10306ac2c175f420e6989568f4c8535a5dbc1349minfrin RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
b4e4d76bf454e1b603b410110356dbcf12f3bc42jim argument of RewriteRule was not started with "[" or not ended with "]".
b4e4d76bf454e1b603b410110356dbcf12f3bc42jim PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
adb1e17ae7e1cf5cf4f8f2b07d3389cb55f4becetrawick *) Windows: Fix usage message.
adb1e17ae7e1cf5cf4f8f2b07d3389cb55f4becetrawick [Rainer Jung]
71f891073f6fa0209870791f64cbbf28d77ffdc1brianp *) apachectl: When passing through arguments to httpd in
71f891073f6fa0209870791f64cbbf28d77ffdc1brianp non-SysV mode, use the "$@" syntax to preserve arguments.
2864362ca8266097928e84f101010bdf814ffa08stoddard [Eric Covener]
2864362ca8266097928e84f101010bdf814ffa08stoddard *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
2864362ca8266097928e84f101010bdf814ffa08stoddard be run when a connection is opened. PR 46827
2864362ca8266097928e84f101010bdf814ffa08stoddard [Marko Kevac <mkevac gmail.com>]
893c106ae59d8e96d921524b123ae26dea8ad37fgstein *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
893c106ae59d8e96d921524b123ae26dea8ad37fgstein PR 47037. [Jeff Trawick]
893c106ae59d8e96d921524b123ae26dea8ad37fgstein *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
3aa6444bcee4e9fc32ec8860d832ff83a15784efianh protocol. [Mladen Turk]
e2bdfd25d9d0461e0a3ab18ceff2113215e3e115brianp *) mod_proxy_ajp: Forward remote port information by default.
e2bdfd25d9d0461e0a3ab18ceff2113215e3e115brianp [Rainer Jung]
b9fe73991e7c592a634242a7e11f924689f58e1fgstein *) Allow MPMs to be loaded dynamically, as with most other modules. Use
b9fe73991e7c592a634242a7e11f924689f58e1fgstein --enable-mpms-shared={list|"all"} to enable. This required changes to
b9fe73991e7c592a634242a7e11f924689f58e1fgstein the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed
b9fe73991e7c592a634242a7e11f924689f58e1fgstein header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
d9fcdb415d8661cbd9451df8f88e003a1aa04ce9trawick ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
d9fcdb415d8661cbd9451df8f88e003a1aa04ce9trawick called until after the register-hooks phase. [Jeff Trawick]
d9fcdb415d8661cbd9451df8f88e003a1aa04ce9trawick *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
d9fcdb415d8661cbd9451df8f88e003a1aa04ce9trawick to enable stricter checking of remote server certificates.
81b8d0f83e9d0bc2bf6900fc680737e0cac439a2brianp [Ruediger Pluem]
b5033962c73a470b6f36a3ac796c542a6ab4ddf6brianp *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
b5033962c73a470b6f36a3ac796c542a6ab4ddf6brianp returns EINPROGRESS and a subsequent poll() returns only POLLERR.
d7856f850b9b51165f23ae381a891bda894e1373ianh Observed on HP-UX. [Eric Covener]
d7856f850b9b51165f23ae381a891bda894e1373ianh *) Remove broken support for BeOS, TPF, and even older platforms such
d7856f850b9b51165f23ae381a891bda894e1373ianh as A/UX, Next, and Tandem. [Jeff Trawick]
d75626f0952c6152a99acd013a4f127d46f0f9edtrawick *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
d75626f0952c6152a99acd013a4f127d46f0f9edtrawick globbing characters to be retrieved instead of converted into a
d75626f0952c6152a99acd013a4f127d46f0f9edtrawick directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
d75626f0952c6152a99acd013a4f127d46f0f9edtrawick *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
ab2053f3cdda69cfa5e4ce0800ea7af203cc6d5ddougm of module state across unload/load. [Jeff Trawick]
ab2053f3cdda69cfa5e4ce0800ea7af203cc6d5ddougm *) mod_substitute: Fix a memory leak. PR 44948
88ecd979f1112454432371f55a1420240fae3743trawick [Dan Poirier <poirier pobox.com>]
88ecd979f1112454432371f55a1420240fae3743trawickChanges with Apache 2.3.2
548e06e26f5377b2efbb7e0dab20f536e5e24160trawick *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
c02a689f2274966ed5d1c16207f74b5128c35c86trawick *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
c02a689f2274966ed5d1c16207f74b5128c35c86trawick HTML injections and HTTP response splitting. PR 46837.
f51dbb1f5b66d94b5c190bfcd444aa73bdc2b176trawick [Geoff Keating <geoffk apple.com>]
f51dbb1f5b66d94b5c190bfcd444aa73bdc2b176trawick *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard *) ab: Fix maintenance of the pollset to resolve EALREADY errors
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard pollset implementations. [Jeff Trawick]
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard *) mod_disk_cache: The module now turns off sendfile support if
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard 'EnableSendfile off' is defined globally. [Lars Eilebrecht]
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard *) mod_deflate: Adjust content metadata before bailing out on 304
3a9c3ec5357b36fc34766cb8166168311af3562frbb responses so that the metadata does not differ from 200 response.
94f4821a5444a4fe782f772aef5db4d8b839675djerenkrantz [Roy T. Fielding]
94f4821a5444a4fe782f772aef5db4d8b839675djerenkrantz *) mod_deflate: Fix creation of invalid Etag headers. We now make sure
2a49e30bae376c9744b96c8681ab88122ccaa46cjerenkrantz that the Etag value is properly quoted when adding the gzip marker.
2a49e30bae376c9744b96c8681ab88122ccaa46cjerenkrantz PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding]
2a49e30bae376c9744b96c8681ab88122ccaa46cjerenkrantz *) Added 20x22 icons for ODF, SVG, and XML documents. PR 37185.
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin [Peter Harlow]
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin *) Disabled DefaultType directive and removed ap_default_type()
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin from core. We now exclude Content-Type from responses for which
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin a media type has not been configured via mime.types, AddType,
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin ForceType, or some other mechanism. PR 13986. [Roy T. Fielding]
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin *) mod_rewrite: Add IPV6 variable to RewriteCond
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin [Ryan Phillips <ryan-apache trolocsis.com>]
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin *) core: Enhance KeepAliveTimeout to support a value in milliseconds.
c49200a2bdbb8fa1f2e5c3b87cc497ecdeefa8feminfrin PR 46275. [Takashi Sato]
c49200a2bdbb8fa1f2e5c3b87cc497ecdeefa8feminfrin *) rotatelogs: Allow size units B, K, M, G and combination of
c49200a2bdbb8fa1f2e5c3b87cc497ecdeefa8feminfrin time and size based rotation. [Rainer Jung]
103005439776bb7aeccb95ebf4761ebfef3f9c39ianh *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung]
92d311b27a6182c2eed67317990c8c168584ee75trawick *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508
92d311b27a6182c2eed67317990c8c168584ee75trawick [<tlhackque yahoo.com>]
92d311b27a6182c2eed67317990c8c168584ee75trawick *) core: Translate the the status line to ASCII on EBCDIC platforms in
92d311b27a6182c2eed67317990c8c168584ee75trawick ap_send_interim_response() and for locally generated "100 Continue"
744ecbcc06a9128fc4730d1334cc180bf7fc521caaron responses. [Eric Covener]
6f0dd808a674b7c09a625b36f320030f4e339f8faaron *) prefork: Fix child process hang during graceful restart/stop in
744ecbcc06a9128fc4730d1334cc180bf7fc521caaron configurations with multiple listening sockets. PR 42829. [Joe Orton,
59511de77b389ced52253d055fc470ecfedfcd99aaron Jeff Trawick]
59511de77b389ced52253d055fc470ecfedfcd99aaron *) mod_session_crypto: Ensure that SessionCryptoDriver can only be
59511de77b389ced52253d055fc470ecfedfcd99aaron set in the global scope. [Graham Leggett]
b5cdec7910a44654cb254b99c5a39d7c180c4bcajerenkrantz *) mod_ext_filter: We need to detect failure to startup the filter
b5cdec7910a44654cb254b99c5a39d7c180c4bcajerenkrantz program (a mangled response is not acceptable). Fix to detect
b5cdec7910a44654cb254b99c5a39d7c180c4bcajerenkrantz failure, and offer configuration option either to abort or
b5cdec7910a44654cb254b99c5a39d7c180c4bcajerenkrantz to remove the filter and continue.
393bfaab1beb2410959a4a5e91f58446f01bac09rbb PR 41120 [Nick Kew]
6c2dc61d4760fa5e356f95c4b1685eec7f1d75dcaaron *) mod_session_crypto: Rewrite the session_crypto module against the
6c2dc61d4760fa5e356f95c4b1685eec7f1d75dcaaron apr_crypto API. [Graham Leggett]
6c2dc61d4760fa5e356f95c4b1685eec7f1d75dcaaron *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest
6c2dc61d4760fa5e356f95c4b1685eec7f1d75dcaaron until the main request is cleaned up. [Graham Leggett]
6c2dc61d4760fa5e356f95c4b1685eec7f1d75dcaaronChanges with Apache 2.3.1
01e8aca9299a0b872414c24c8b7724d6f88ae665ianh *) ap_slotmem: Add in new slot-based memory access API impl., including
01e8aca9299a0b872414c24c8b7724d6f88ae665ianh 2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski,
01e8aca9299a0b872414c24c8b7724d6f88ae665ianh Jean-Frederic Clere, Brian Akins <brian.akins turner.com>]
f783dff0c8b69344a6b67e97f16b91f8b0790799dougm *) mod_include: support generating non-ASCII characters as entities in SSI
f783dff0c8b69344a6b67e97f16b91f8b0790799dougm PR 25202 [Nick Kew]
f783dff0c8b69344a6b67e97f16b91f8b0790799dougm *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
6362515725d2b6d66ac3b26531f8c53ac75f8c20wrowe PR 25202 [Nick Kew]
f783dff0c8b69344a6b67e97f16b91f8b0790799dougm *) mod_rewrite: fix "B" flag breakage by reverting r5589343
6362515725d2b6d66ac3b26531f8c53ac75f8c20wrowe PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron *) CGI: return 504 (Gateway timeout) rather than 500 when a script
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron times out before returning status line/headers.
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron PR 42190 [Nick Kew]
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron *) mod_cgid: fix segfault problem on solaris.
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron *) mod_proxy_scgi: Added. [André Malo]
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron *) mod_cache: Introduce 'no-cache' per-request environment variable
9379749d811388a7d0e3410940ddd6743a33d330jim to prevent the saving of an otherwise cacheable response.
9379749d811388a7d0e3410940ddd6743a33d330jim [Eric Covener]
9379749d811388a7d0e3410940ddd6743a33d330jim *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
f37499bf7da81cd6b697d4667233137957426428jerenkrantz way that per-directory rewrites append the previous notion of PATH_INFO
f37499bf7da81cd6b697d4667233137957426428jerenkrantz to each substitution before evaluating subsequent rules.
421dc1d123c9adda60e024f93fb614bfada8b9e5wrowe PR 38642 [Eric Covener]
421dc1d123c9adda60e024f93fb614bfada8b9e5wrowe *) mod_cgid: Do not add an empty argument when calling the CGI script.
421dc1d123c9adda60e024f93fb614bfada8b9e5wrowe PR 46380 [Ruediger Pluem]
83d91d60d00dc345bfbcbc48ff206db4a6b23b2eaaron *) scoreboard: Remove unused sb_type from process_score.
83d91d60d00dc345bfbcbc48ff206db4a6b23b2eaaron [Torsten Foertsch <torsten.foertsch gmx.net>, Chris Darroch]
83d91d60d00dc345bfbcbc48ff206db4a6b23b2eaaron *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
83d91d60d00dc345bfbcbc48ff206db4a6b23b2eaaron size of the buffer used for the request-body where necessary
c10fe96ac7d024918e26af6c8ba5470273b75bb2jwoolley during a per-dir renegotiation. PR 39243. [Joe Orton]
c10fe96ac7d024918e26af6c8ba5470273b75bb2jwoolley *) mod_proxy_fdpass: New module to pass a client connection over to a separate
83ca150ef902e9692972aa923e893bc6406d20f1ianh process that is reading from a unix daemon socket.
cbfbf9598d686b11afc7a9f9d91a8facfdfa7216trawick *) mod_ssl: Improve environment variable extraction to be more
7a8a0744e378f2343c3ee6787fac0f8f959d2141brianp efficient and to correctly handle DNs with duplicate tags.
7a8a0744e378f2343c3ee6787fac0f8f959d2141brianp PR 45975. [Joe Orton]
7a8a0744e378f2343c3ee6787fac0f8f959d2141brianp *) Remove the obsolete serial attribute from the RPM spec file. Compile
7a8a0744e378f2343c3ee6787fac0f8f959d2141brianp against the external pcre. Add missing binaries fcgistarter, and
f5ce2873c97c12a34d6b03d2771b9250b7bbfe55wrowe mod_socache* and mod_session*. [Graham Leggett]
f5ce2873c97c12a34d6b03d2771b9250b7bbfe55wroweChanges with Apache 2.3.0
f5ce2873c97c12a34d6b03d2771b9250b7bbfe55wrowe *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
f5ce2873c97c12a34d6b03d2771b9250b7bbfe55wrowe *) Remove X-Pad header which was added as a work around to a bug in
f5ce2873c97c12a34d6b03d2771b9250b7bbfe55wrowe Netscape 2.x to 4.0b2. [Takashi Sato <takashi lans-tv.com>]
73cba74a34576f7ece4bd98fd58c8a932a178e6daaron *) Add DTrace Statically Defined Tracing (SDT) probes.
73cba74a34576f7ece4bd98fd58c8a932a178e6daaron [Theo Schlossnagle <jesus omniti.com>, Paul Querna]
73cba74a34576f7ece4bd98fd58c8a932a178e6daaron *) mod_proxy_balancer: Move all load balancing implementations
73cba74a34576f7ece4bd98fd58c8a932a178e6daaron as individual, self-contained mod_proxy submodules under
73cba74a34576f7ece4bd98fd58c8a932a178e6daaron modules/proxy/balancers [Jim Jagielski]
29c30db45f6a469017e16b606611e460cc1a1f2caaron *) Rename APIs to include ap_ prefix:
29c30db45f6a469017e16b606611e460cc1a1f2caaron find_child_by_pid -> ap_find_child_by_pid
095071bbd0b3ccccd6883edc7cd10f13cac71160ianh suck_in_APR -> ap_suck_in_APR
095071bbd0b3ccccd6883edc7cd10f13cac71160ianh sys_privileges_handlers -> ap_sys_privileges_handlers
095071bbd0b3ccccd6883edc7cd10f13cac71160ianh unixd_accept -> ap_unixd_accept
a322a82f79b790fb7ddcd7df4459d20725450fa7trawick unixd_config -> ap_unixd_config
a322a82f79b790fb7ddcd7df4459d20725450fa7trawick unixd_killpg -> ap_unixd_killpg
a322a82f79b790fb7ddcd7df4459d20725450fa7trawick unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
21644b4d1b09d0531911a8c9a891819a261480f8minfrin unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
21644b4d1b09d0531911a8c9a891819a261480f8minfrin unixd_set_rlimit -> ap_unixd_set_rlimit
21644b4d1b09d0531911a8c9a891819a261480f8minfrin [Paul Querna]
21644b4d1b09d0531911a8c9a891819a261480f8minfrin *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
21644b4d1b09d0531911a8c9a891819a261480f8minfrin based on heartbeats. [Paul Querna]
21644b4d1b09d0531911a8c9a891819a261480f8minfrin *) mod_heartmonitor: New module to collect heartbeats, and write out a file
21644b4d1b09d0531911a8c9a891819a261480f8minfrin so that other modules can load balance traffic as needed. [Paul Querna]
21644b4d1b09d0531911a8c9a891819a261480f8minfrin *) mod_heartbeat: New module to generate multicast heartbeats to know if a
bf5cf58cc30750e9f9764cc830aff426ced288f9aaron server is online. [Paul Querna]
bf5cf58cc30750e9f9764cc830aff426ced288f9aaron *) mod_buffer: Honour the flush bucket and flush the buffer in the
bf5cf58cc30750e9f9764cc830aff426ced288f9aaron input filter. Make sure that metadata buckets are written to
7cdc36a99b42a3c5e36ac47726ad41c9c7b039ceianh the buffer, not to the final brigade. [Graham Leggett]
cbfbf9598d686b11afc7a9f9d91a8facfdfa7216trawick *) mod_buffer: Optimise the buffering of heap buckets when the heap
cbfbf9598d686b11afc7a9f9d91a8facfdfa7216trawick buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
cbfbf9598d686b11afc7a9f9d91a8facfdfa7216trawick Ruediger Pluem]
fe808620434aa59b796e8b60cd6eec65a32dfc2dstoddard *) mod_buffer: Optional support for buffering of the input and output
e37c657172940f82d9b28a45fc1304140eb0b1d7stoddard filter stacks. Can collapse many small buckets into fewer larger
edd6c1f4be1aa23fc99134802941397f7f31b3d5jerenkrantz buckets, and prevents excessively small chunks being sent over
5f08a022a210f4e511561e89f500621a15e6177dtrawick the wire. [Graham Leggett]
6db5333c9461942b8af724b101e687af541d4d4cjerenkrantz *) mod_privileges: new module to make httpd on Solaris privileges-aware
6db5333c9461942b8af724b101e687af541d4d4cjerenkrantz and to enable different virtualhosts to run with different
d4fcf63a5d9171d50c0d04e05a35ec6bf1f85100jerenkrantz privileges and Unix user/group IDs [Nick Kew]
d4fcf63a5d9171d50c0d04e05a35ec6bf1f85100jerenkrantz *) mod_mem_cache: this module has been removed. [William Rowe]
dee6a8bde4d598087dc4b3ebf3d4dd06809d2dd7jerenkrantz *) authn/z: Remove mod_authn_default and mod_authz_default.
dee6a8bde4d598087dc4b3ebf3d4dd06809d2dd7jerenkrantz [Chris Darroch]
edd6c1f4be1aa23fc99134802941397f7f31b3d5jerenkrantz *) authz: Fix handling of authz configurations, make default authz
edd6c1f4be1aa23fc99134802941397f7f31b3d5jerenkrantz logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
d7d551e53cdfb3288eb651447d7209599c40d17estoddard and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
d7d551e53cdfb3288eb651447d7209599c40d17estoddard directives. [Chris Darroch]
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz *) mod_authn_core: Prevent crash when provider alias created to
956a1511249b1fec73aaee0fb7d69c8492aa1368aaron provider which is not yet registered. [Chris Darroch]
956a1511249b1fec73aaee0fb7d69c8492aa1368aaron *) mod_authn_core: Add AuthType of None to support disabling
956a1511249b1fec73aaee0fb7d69c8492aa1368aaron authentication. [Chris Darroch]
d0e4ca9bfd8bf44bea574733965851bfee939d95aaron *) core: Allow <Limit> and <LimitExcept> directives to nest, and
d0e4ca9bfd8bf44bea574733965851bfee939d95aaron constrain their use to conform with that of other access control
d0e4ca9bfd8bf44bea574733965851bfee939d95aaron and authorization directives. [Chris Darroch]
d0e4ca9bfd8bf44bea574733965851bfee939d95aaron *) unixd: turn existing code into a module, and turn the set user/group
956a1511249b1fec73aaee0fb7d69c8492aa1368aaron and chroot into a child_init function. [Nick Kew]
a4b3fb28f3d2e0983b15b4c6828c6980f2fc9b15jerenkrantz *) mod_dir: Support "DirectoryIndex disabled"
a4b3fb28f3d2e0983b15b4c6828c6980f2fc9b15jerenkrantz Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
548b2980e83f609186a76e98fb245d02e8547bc3jerenkrantz *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
548b2980e83f609186a76e98fb245d02e8547bc3jerenkrantz OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
e54b09d79ca9bc18ea5ae33367fd907473621dcejerenkrantz *) mod_authnz_ldap: don't return NULL-valued environment variables to
e54b09d79ca9bc18ea5ae33367fd907473621dcejerenkrantz other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz *) Don't adjust case in pathname components that are not of interest
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz to mod_mime. Fixes mod_negotiation's use of such components.
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz *) Be tolerant in what you accept - accept slightly broken
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz status lines from a backend provided they include a valid status code.
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz PR 44995 [Rainer Jung <rainer.jung kippdata.de>]
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz *) New module mod_sed: filter Request/Response bodies through sed
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz *) mod_auth_form: Make sure that basic authentication is correctly
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz faked directly after login. [Graham Leggett]
0733b4ac1b339822a5b506be8a28fea6e384cbfetrawick *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
1582553026e5e3a1921a34222eaee923fddee9b9wrowe within the output headers and error output headers, so that the
1582553026e5e3a1921a34222eaee923fddee9b9wrowe session is maintained across redirects. [Graham Leggett]
1582553026e5e3a1921a34222eaee923fddee9b9wrowe *) mod_auth_form: Make sure the logged in user is populated correctly
1582553026e5e3a1921a34222eaee923fddee9b9wrowe after a form login. Fixes a missing REMOTE_USER variable directly
1582553026e5e3a1921a34222eaee923fddee9b9wrowe following a login. [Graham Leggett]
1582553026e5e3a1921a34222eaee923fddee9b9wrowe *) mod_session_cookie: Make sure that cookie attributes are correctly
1582553026e5e3a1921a34222eaee923fddee9b9wrowe included in the blank cookie when cookies are removed. This fixes an
1582553026e5e3a1921a34222eaee923fddee9b9wrowe inability to log out when using mod_auth_form. [Graham Leggett]
1582553026e5e3a1921a34222eaee923fddee9b9wrowe *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
1582553026e5e3a1921a34222eaee923fddee9b9wrowe null value. [David Shane Holden <dpejesh apache.org>]
1582553026e5e3a1921a34222eaee923fddee9b9wrowe *) core, authn/z: Determine registered authn/z providers directly in
1582553026e5e3a1921a34222eaee923fddee9b9wrowe ap_setup_auth_internal(), which allows optional functions that just
1582553026e5e3a1921a34222eaee923fddee9b9wrowe wrapped ap_list_provider_names() to be removed from authn/z modules.
bd214bbc8d9db9d6d1dcb6b24462e6d1da8e8bbbstoddard [Chris Darroch]
bd214bbc8d9db9d6d1dcb6b24462e6d1da8e8bbbstoddard *) authn/z: Convert common provider version strings to macros.
064448ce15afe798e3c1dc0445fe2a30eb256bf6gregames [Chris Darroch]
1078b2c97bb39352bae929d2ed3f290a420470a7ianh *) core: When testing for slash-terminated configuration paths in
762c82a23cc3ddaac92f941b2f871e94efdf4e6bgregames ap_location_walk(), don't look past the start of an empty string
762c82a23cc3ddaac92f941b2f871e94efdf4e6bgregames such as that created by a <Location ""> directive.
762c82a23cc3ddaac92f941b2f871e94efdf4e6bgregames [Chris Darroch]
fb50cf6056a42f94cc9e8eeabea1eb8d05e0aefcaaron *) core, mod_proxy: If a kept_body is present, it becomes safe for
fb50cf6056a42f94cc9e8eeabea1eb8d05e0aefcaaron subrequests to support message bodies. Make sure that safety
fb50cf6056a42f94cc9e8eeabea1eb8d05e0aefcaaron checks within the core and within the proxy are not triggered
fb50cf6056a42f94cc9e8eeabea1eb8d05e0aefcaaron when kept_body is present. This makes it possible to embed
d56c38bfb6293bfff7c980858b19e32039106618jerenkrantz proxied POST requests within mod_include. [Graham Leggett]
d56c38bfb6293bfff7c980858b19e32039106618jerenkrantz *) mod_auth_form: Make sure the input filter stack is properly set
d56c38bfb6293bfff7c980858b19e32039106618jerenkrantz up before reading the login form. Make sure the kept body filter
7c301a1818939f85da8f3629cc3e9b5588610ef0jerenkrantz is correctly inserted to ensure the body can be read a second
7c301a1818939f85da8f3629cc3e9b5588610ef0jerenkrantz time safely should the authn be successful. [Graham Leggett,
7c301a1818939f85da8f3629cc3e9b5588610ef0jerenkrantz Ruediger Pluem]
a7fb6d64e059872d5410e873b7f492d62a5cf916rbb *) mod_request: Insert the KEPT_BODY filter via the insert_filter
a7fb6d64e059872d5410e873b7f492d62a5cf916rbb hook instead of during fixups. Add a safety check to ensure the
a7fb6d64e059872d5410e873b7f492d62a5cf916rbb filters cannot be inserted more than once. [Graham Leggett,
a7fb6d64e059872d5410e873b7f492d62a5cf916rbb Ruediger Pluem]
a985ccb3ebd4be0fda23a0ce9ad95fd233089463trawick *) ap_cache_cacheable_headers_out() will (now) always
a985ccb3ebd4be0fda23a0ce9ad95fd233089463trawick merge an error headers _before_ clearing them and _before_
a985ccb3ebd4be0fda23a0ce9ad95fd233089463trawick merging in the actual entity headers and doing normal
a985ccb3ebd4be0fda23a0ce9ad95fd233089463trawick hop-by-hop cleansing. [Dirk-Willem van Gulik].
af262486b3d1c33299307195a715bd1e373f99afrbb *) cache: retire ap_cache_cacheable_hdrs_out() which was used
af262486b3d1c33299307195a715bd1e373f99afrbb for both in- and out-put headers; and replace it by a single
af262486b3d1c33299307195a715bd1e373f99afrbb ap_cache_cacheable_headers() wrapped in a in- and out-put
af262486b3d1c33299307195a715bd1e373f99afrbb specific ap_cache_cacheable_headers_in()/out(). The latter
628ce9384209a460022be952ccdcc8538ad3ca84slive which will also merge error and ensure content-type. To keep
628ce9384209a460022be952ccdcc8538ad3ca84slive cache modules consistent with ease. This API change bumps
628ce9384209a460022be952ccdcc8538ad3ca84slive up the minor MM by one [Dirk-Willem van Gulik].
628ce9384209a460022be952ccdcc8538ad3ca84slive *) Move the KeptBodySize directive, kept_body filters and the
2b9a9a94658c0febcad2f76621b2d5ab856edc6atrawick ap_parse_request_body function out of the http module and into a
2b9a9a94658c0febcad2f76621b2d5ab856edc6atrawick new module called mod_request, reducing the size of the core.
2b9a9a94658c0febcad2f76621b2d5ab856edc6atrawick [Graham Leggett]
f6f453bf03007f391d347dc821e507cdd924d1bftrawick *) mod_dbd: Handle integer configuration directive parameters with a
f6f453bf03007f391d347dc821e507cdd924d1bftrawick dedicated function.
f6f453bf03007f391d347dc821e507cdd924d1bftrawick *) Change the directives within the mod_session* modules to be valid
f6f453bf03007f391d347dc821e507cdd924d1bftrawick both inside and outside the location/directory sections, as
205f4595abf32ae208958d7f8abea68b335c9f39trawick suggested by wrowe. [Graham Leggett]
205f4595abf32ae208958d7f8abea68b335c9f39trawick *) mod_auth_form: Add a module capable of allowing end users to log
205f4595abf32ae208958d7f8abea68b335c9f39trawick in using an HTML form, storing the credentials within mod_session.
1078b2c97bb39352bae929d2ed3f290a420470a7ianh [Graham Leggett]
1078b2c97bb39352bae929d2ed3f290a420470a7ianh *) Add a function to the http filters that is able to parse an HTML
1078b2c97bb39352bae929d2ed3f290a420470a7ianh form request with the type of application/x-www-form-urlencoded.
1078b2c97bb39352bae929d2ed3f290a420470a7ianh [Graham Leggett]
1078b2c97bb39352bae929d2ed3f290a420470a7ianh *) mod_session_crypto: Initialise SSL in the post config hook.
b6135e7458bf348c694157b042786562d2b86e18ianh [Ruediger Pluem, Graham Leggett]
611e46c801a6bd62e58a7f68abe1d2bbba473a92aaron *) mod_session_dbd: Add a session implementation capable of storing
611e46c801a6bd62e58a7f68abe1d2bbba473a92aaron session information in a SQL database via the dbd interface. Useful
611e46c801a6bd62e58a7f68abe1d2bbba473a92aaron for sites where session privacy is important. [Graham Leggett]
4224d5789080ea5586d49420da1e1996f5653bb5ianh *) mod_session_crypto: Add a session encoding implementation capable
4224d5789080ea5586d49420da1e1996f5653bb5ianh of encrypting and decrypting sessions wherever they may be stored.
fd3fa792f04fc9c4e8f5f83dceb0fc34e71f8570ianh Introduces a level of privacy when sessions are stored on the
2d2e3667d789f527a04ce6a0089621470c8143ccmartin browser. [Graham Leggett]
2d2e3667d789f527a04ce6a0089621470c8143ccmartin *) mod_session_cookie: Add a session implementation capable of storing
2d2e3667d789f527a04ce6a0089621470c8143ccmartin session information within cookies on the browser. Useful for high
2d2e3667d789f527a04ce6a0089621470c8143ccmartin volume sites where server bound sessions are too resource intensive.
2d2e3667d789f527a04ce6a0089621470c8143ccmartin [Graham Leggett]
2d2e3667d789f527a04ce6a0089621470c8143ccmartin *) mod_session: Add a generic session interface to unify the different
2d2e3667d789f527a04ce6a0089621470c8143ccmartin attempts at saving persistent sessions across requests.
2d2e3667d789f527a04ce6a0089621470c8143ccmartin [Graham Leggett]
9b0141308bc27f61d82742c198356975aa6b488abrianp *) core, authn/z: Avoid calling access control hooks for internal requests
9b0141308bc27f61d82742c198356975aa6b488abrianp with configurations which match those of initial request. Revert to
fd3fa792f04fc9c4e8f5f83dceb0fc34e71f8570ianh original behaviour (call access control hooks for internal requests
fd3fa792f04fc9c4e8f5f83dceb0fc34e71f8570ianh with URIs different from initial request) if any access control hooks or
fd3fa792f04fc9c4e8f5f83dceb0fc34e71f8570ianh providers are not registered as permitting this optimization.
fd3fa792f04fc9c4e8f5f83dceb0fc34e71f8570ianh Introduce wrappers for access control hook and provider registration
22d348febc3c258df246ac93e37945398dbf0348ianh which can accept additional mode and flag data. [Chris Darroch]
7a95e47ff0d0e4306df0901d56131b49dca5691etrawick *) Introduced ap_expr API for expression evaluation.
62af8654f682ca4913636bae099bec0befab985ctrawick This is adapted from mod_include, which is the first module
62af8654f682ca4913636bae099bec0befab985ctrawick to use the new API.
1e557a77c091a1d2f2872872a7c20e9f2ffccbc1aaron *) mod_authz_dbd: When redirecting after successful login/logout per
1e557a77c091a1d2f2872872a7c20e9f2ffccbc1aaron AuthzDBDRedirectQuery, do not report authorization failure, and use
1e557a77c091a1d2f2872872a7c20e9f2ffccbc1aaron first row returned by database query instead of last row.
1e557a77c091a1d2f2872872a7c20e9f2ffccbc1aaron [Chris Darroch]
5e98e52df07f59be456af01ebf46d81defef2385trawick *) mod_ldap: Correctly return all requested attribute values
5e98e52df07f59be456af01ebf46d81defef2385trawick when some attributes have a null value.
5e98e52df07f59be456af01ebf46d81defef2385trawick PR 44560 [Anders Kaseorg <anders kaseorg.com>]
7a95e47ff0d0e4306df0901d56131b49dca5691etrawick *) core: check symlink ownership if both FollowSymlinks and
1e557a77c091a1d2f2872872a7c20e9f2ffccbc1aaron SymlinksIfOwnerMatch are set [Nick Kew]
b393bdb2e1eabbe4b9b37c5eaeeeca799b2eb324stoddard *) core: fix origin checking in SymlinksIfOwnerMatch
b393bdb2e1eabbe4b9b37c5eaeeeca799b2eb324stoddard PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
6f912b4ad14f622aa8d57f887c8c745e13ff6dbfjerenkrantz *) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the
3cd826b00280881e5a2f03d8ec1f8d55802b93dewrowe 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
3cd826b00280881e5a2f03d8ec1f8d55802b93dewrowe mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
3cd826b00280881e5a2f03d8ec1f8d55802b93dewrowe *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these
435c423bdcfa61ff871a9e289d1140f2bac839b8brianp contain public function declarations which are useful for
435c423bdcfa61ff871a9e289d1140f2bac839b8brianp third party module authors. PR 42431 [Dirk-Willem van Gulik].
435c423bdcfa61ff871a9e289d1140f2bac839b8brianp *) mod_dir, mod_negotiation: pass the output filter information
bf9e1eb04f8b0af835d15ac1d0ebcd8a154474cfjerenkrantz to newly created sub requests; as these are later on used
e93cea6246ce30bf9791530a15c56f9e2eecf9cbianh as true requests with an internal redirect. This allows for
e93cea6246ce30bf9791530a15c56f9e2eecf9cbianh mod_cache et.al. to trap the results of the redirect.
f65342c1467751310036d4f9d75f554eaaf01cc6wrowe [Dirk-Willem van Gulik, Ruediger Pluem]
960eba6c6d512880c3ed0516f5d15c6e7bc7581ajerenkrantz *) mod_ldap: Add support (taking advantage of the new APR capability)
960eba6c6d512880c3ed0516f5d15c6e7bc7581ajerenkrantz for ldap rebind callback while chasing referrals. This allows direct
960eba6c6d512880c3ed0516f5d15c6e7bc7581ajerenkrantz searches on LDAP servers (in particular MS Active Directory 2003+)
45613d36b9466a48def0498cffa07f48980720f8jerenkrantz using referrals without the use of the global catalog.
45613d36b9466a48def0498cffa07f48980720f8jerenkrantz PRs 26538, 40268, and 42557 [Paul J. Reder]
6f912b4ad14f622aa8d57f887c8c745e13ff6dbfjerenkrantz *) ApacheMonitor.exe: Introduce --kill argument for use by the
6f912b4ad14f622aa8d57f887c8c745e13ff6dbfjerenkrantz installer. This will permit the installation tool to remove
1abe6003aeb198cc97263503bceed457a6c2cb4aaaron all running instances before attempting to remove the .exe.
1abe6003aeb198cc97263503bceed457a6c2cb4aaaron [William Rowe]
cbd8d35ca8d9780f1081f30ebfe4abda44cab7ebianh *) mod_ssl: Add support for OCSP validation of client certificates.
cbd8d35ca8d9780f1081f30ebfe4abda44cab7ebianh PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton]
cbd8d35ca8d9780f1081f30ebfe4abda44cab7ebianh *) mod_serf: New module for Reverse Proxying. [Paul Querna]
cbd8d35ca8d9780f1081f30ebfe4abda44cab7ebianh *) core: Add the option to keep aside a request body up to a certain
0dc14774d2c21baf6123fcafdb853af5be1d97edwrowe size that would otherwise be discarded, to be consumed by filters
3ad5a1fa75e728431fa7b8e3d8a74bcadcd79d4dlars such as mod_include. When enabled for a directory, POST requests
3ad5a1fa75e728431fa7b8e3d8a74bcadcd79d4dlars to shtml files can be passed through to embedded scripts as POST
3ad5a1fa75e728431fa7b8e3d8a74bcadcd79d4dlars requests, rather being downgraded to GET requests. [Graham Leggett]
3fde4c273ea649d1320ec9c51e7d096cd9340a94jerenkrantz *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
75eee56d2eaac9c27d32fc46b90bb6b1eac85359trawick *) scoreboard: Correctly declare ap_time_process_request.
0dc14774d2c21baf6123fcafdb853af5be1d97edwrowe *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
741a54303329728b27fe347447a362e1c576135etrawick from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
0dc14774d2c21baf6123fcafdb853af5be1d97edwrowe provide the unusual legacy lookup. [William Rowe]
9f62694a8b4e2b88994a14555d144b3836b311cfstoddard *) mpm winnt: fix null pointer dereference
9f62694a8b4e2b88994a14555d144b3836b311cfstoddard PR 42572 [Davi Arnaut]
52489511342e4ff3fe399e57f29d38e5c4227bc8trawick *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
52489511342e4ff3fe399e57f29d38e5c4227bc8trawick parameters to the environment. Improve portability to
52489511342e4ff3fe399e57f29d38e5c4227bc8trawick EBCDIC machines by using apr_toupper(). [Martin Kraemer]
8864d6f5f4744b5d2b638e2a53e2660bcf8b5ab5dougm *) mod_ldap, mod_authnz_ldap: Add support for nested groups (i.e. the ability
8864d6f5f4744b5d2b638e2a53e2660bcf8b5ab5dougm to authorize an authenticated user via a "require ldap-group X" directive
8864d6f5f4744b5d2b638e2a53e2660bcf8b5ab5dougm where the user is not in group X, but is in a subgroup contained in X.
ea512a4af20e6b6e6931de4929d54d93f03a0139ianh PR 42891 [Paul J. Reder]
1dfb5e008f35ed13c343b7f6306675e33c399792gstein *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
1dfb5e008f35ed13c343b7f6306675e33c399792gstein *) apxs: Enhance -q flag to print all known variables and their values
1dfb5e008f35ed13c343b7f6306675e33c399792gstein when invoked without variable name(s).
eadb64379834961679105b7fd4178253fbb9f95dtrawick [William Rowe, Sander Temme]
eadb64379834961679105b7fd4178253fbb9f95dtrawick *) apxs: Eliminate run-time check for mod_so. PR 40653.
eadb64379834961679105b7fd4178253fbb9f95dtrawick [David M. Lee <dmlee crossroads.com>]
c7e917aa56886c47bfe061c5e9f603a5aaef0d87trawick *) beos MPM: Create pmain pool and run modules' child_init hooks when
c7e917aa56886c47bfe061c5e9f603a5aaef0d87trawick entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
c7e917aa56886c47bfe061c5e9f603a5aaef0d87trawick [Chris Darroch]
b8daf4c5ea3d5bb2111b1b021de6d3cd891e403bcoar *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
b8daf4c5ea3d5bb2111b1b021de6d3cd891e403bcoar cleanups registered in modules' child_init hooks are performed.
b8daf4c5ea3d5bb2111b1b021de6d3cd891e403bcoar [Chris Darroch]
6b6083e6518007139257ee449c2af3032d2437d0trawick *) Fix issue which could cause error messages to be written to access logs
6b6083e6518007139257ee449c2af3032d2437d0trawick on Win32. PR 40476. [Tom Donovan <Tom.Donovan acm.org>]
88dd056b9863502bba82c2889a0c4cde9fc0ba93trawick *) The LockFile directive, which specifies the location of
88dd056b9863502bba82c2889a0c4cde9fc0ba93trawick the accept() mutex lockfile, is deprecated. Instead, the
88dd056b9863502bba82c2889a0c4cde9fc0ba93trawick AcceptMutex directive now takes an optional lockfile
88dd056b9863502bba82c2889a0c4cde9fc0ba93trawick location parameter, ala SSLMutex. [Jim Jagielski]
7ef3a1797818c6d25efe8c5fadb5eec3b965a6fabrianp *) mod_authn_dbd: Export any additional columns queried in the SQL select
7ef3a1797818c6d25efe8c5fadb5eec3b965a6fabrianp into the environment with the name AUTHENTICATE_<COLUMN>. This brings
1e83c8de3aa48b316b28057d53995272baf1260cwrowe mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
1e83c8de3aa48b316b28057d53995272baf1260cwrowe *) mod_dbd: Key the storage of prepared statements on the hex string
1e83c8de3aa48b316b28057d53995272baf1260cwrowe value of server_rec, rather than the server name, as the server name
1e83c8de3aa48b316b28057d53995272baf1260cwrowe may change (eg when the server name is set) at any time, causing
1e83c8de3aa48b316b28057d53995272baf1260cwrowe weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
1e83c8de3aa48b316b28057d53995272baf1260cwrowe *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
1e83c8de3aa48b316b28057d53995272baf1260cwrowe *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
7f683bb300df767164724ebc664f339ac396b434dougm the first bucket from the brigade, finds it not to be a FILE
7f683bb300df767164724ebc664f339ac396b434dougm bucket and barfs. The fix is to pass a bucket rather than a brigade.
7f683bb300df767164724ebc664f339ac396b434dougm [Niklas Edmundsson <nikke acc.umu.se>]
7f683bb300df767164724ebc664f339ac396b434dougm *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
7f683bb300df767164724ebc664f339ac396b434dougm *) ap_get_server_version() has been removed. Third-party modules must
26dfa083a1662d57ba7cc410eec4e0696b9be469wrowe now use ap_get_server_banner() or ap_get_server_description().
26dfa083a1662d57ba7cc410eec4e0696b9be469wrowe [Jeff Trawick]
26dfa083a1662d57ba7cc410eec4e0696b9be469wrowe *) All MPMs: Introduce a check_config phase between pre_config and
4760aa1f19600972cf531ad7da73c1ee5a0225cedougm open_logs, to allow modules to review interdependent configuration
4760aa1f19600972cf531ad7da73c1ee5a0225cedougm directive values and adjust them while messages can still be logged
87a1c79b7b37702a254920ca5214fb282a4fb085dougm to the console. Handle relevant MPM directives during this phase
994c3fbc3335e8fe883b1ce4515efc0c85061cdfaaron and format messages for both the console and the error log, as
d5d164b22a2004abed640cb52fc275f00ed92f69jerenkrantz appropriate. [Chris Darroch]
e93d563852e1fa7a8c73af3b807916b41942d2f6dreid *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
e93d563852e1fa7a8c73af3b807916b41942d2f6dreid to circumvent the symbolic link checks imposed by FollowSymLinks and
e93d563852e1fa7a8c73af3b807916b41942d2f6dreid SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
525508562a53864b78cf8da91ac13be9c072bba7jerenkrantz *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
525508562a53864b78cf8da91ac13be9c072bba7jerenkrantz configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
525508562a53864b78cf8da91ac13be9c072bba7jerenkrantz The default is none as this is far greater debugging resolution than
f1fe10268cdadb775eef841aa4fa7305291d35fdtrawick the typical administrator is prepared to untangle. [William Rowe]
f1fe10268cdadb775eef841aa4fa7305291d35fdtrawick *) mod_disk_cache: If possible, check if the size of an object to cache is
f1fe10268cdadb775eef841aa4fa7305291d35fdtrawick within the configured boundaries before actually saving data.
f04ad0ba7fe0eea5ea7a92f852cef75747ab2090trawick [Niklas Edmundsson <nikke acc.umu.se>]
f04ad0ba7fe0eea5ea7a92f852cef75747ab2090trawick *) Worker and event MPMs: Remove improper scoreboard updates which were
65a1588701f9e5d0f62261d0da85733a23edc92ftrawick performed in the event of a fork() failure. [Chris Darroch]
65a1588701f9e5d0f62261d0da85733a23edc92ftrawick *) Add support for fcgi:// proxies to mod_rewrite.
65a1588701f9e5d0f62261d0da85733a23edc92ftrawick [Markus Schiegl <ms schiegl.com>]
d5d164b22a2004abed640cb52fc275f00ed92f69jerenkrantz *) Remove incorrect comments from scoreboard.h regarding conditional
d5d164b22a2004abed640cb52fc275f00ed92f69jerenkrantz loading of worker_score structure with mod_status, and remove unused
d5d164b22a2004abed640cb52fc275f00ed92f69jerenkrantz definitions relating to old life_status field.
360a9d933a8c25f5975e0ddc883607a5d37e408estoddard [Chris Darroch <chrisd pearsoncmg.com>]
360a9d933a8c25f5975e0ddc883607a5d37e408estoddard *) Remove allocation of memory for unused array of lb_score pointers
360a9d933a8c25f5975e0ddc883607a5d37e408estoddard in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
9b8afc47122e9b0eabb860b6ba2cf9c061c6060fstoddard *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
9b8afc47122e9b0eabb860b6ba2cf9c061c6060fstoddard [Garrett Rooney, Jim Jagielski, Paul Querna]
a21148678a1459064627d917a66669e7e8d140e6stoddard *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
a21148678a1459064627d917a66669e7e8d140e6stoddard [Chris Darroch <chrisd pearsoncmg.com>]
c6a9d49433c9ba5b18b26c3d764f1bbcb9746090wrowe *) mod_charset_lite: Remove Content-Length when output filter can
c6a9d49433c9ba5b18b26c3d764f1bbcb9746090wrowe invalidate it. Warn when input filter can invalidate it.
c6a9d49433c9ba5b18b26c3d764f1bbcb9746090wrowe [Jeff Trawick]
51be7fc538641ed7cb22e959eb31629f7183f70fianh *) Authz: Add the new module mod_authn_core that will provide common
bb6a7fc0427d0d197c50de34b94a0d23e5732696wrowe authn directives such as 'AuthType', 'AuthName'. Move the directives
bb6a7fc0427d0d197c50de34b94a0d23e5732696wrowe 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
bb6a7fc0427d0d197c50de34b94a0d23e5732696wrowe into mod_authn_core. [Brad Nicholes]
decd0c23bb26f6662f4b963cf86ee569613bffeagregames *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
decd0c23bb26f6662f4b963cf86ee569613bffeagregames into the new module mod_access_compat which can be loaded to provide
decd0c23bb26f6662f4b963cf86ee569613bffeagregames support for these directives.
e1753aabf5df187b5b04e72a958af4b65b1a125daaron [Brad Nicholes]
e1753aabf5df187b5b04e72a958af4b65b1a125daaron *) Authz: Move the 'Require' directive from the core module as well as
e1753aabf5df187b5b04e72a958af4b65b1a125daaron add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
e1753aabf5df187b5b04e72a958af4b65b1a125daaron and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
e1753aabf5df187b5b04e72a958af4b65b1a125daaron logic into the authorization processing. [Brad Nicholes]
e57f991fe2b9a4c080cd50ca913a2a5693b096b5aaron *) Authz: Add the new module mod_authz_core which acts as the
e57f991fe2b9a4c080cd50ca913a2a5693b096b5aaron authorization provider vector and contains common authz
e57f991fe2b9a4c080cd50ca913a2a5693b096b5aaron directives. [Brad Nicholes]
924c8dd40352ca7775704a31a7a77ab86dc951b4ianh *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
910df8b3f50a0515b430b999d4750de94c509f2atrawick 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
910df8b3f50a0515b430b999d4750de94c509f2atrawick *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
910df8b3f50a0515b430b999d4750de94c509f2atrawick host-based access control provided by mod_authz_host and invoked
0d628dd174dd6de13463b10d2599f6cac24e9fe8brianp through the 'Require' directive. [Brad Nicholes]
0d628dd174dd6de13463b10d2599f6cac24e9fe8brianp *) Authz: Convert all of the authz modules from hook based to
2fee4fe267fa3577fd71d8c314fe9b527e2b90c0brianp provider based. [Brad Nicholes]
2fee4fe267fa3577fd71d8c314fe9b527e2b90c0brianp *) mod_cache: Add CacheMinExpire directive to set the minimum time in
2fee4fe267fa3577fd71d8c314fe9b527e2b90c0brianp seconds to cache a document.
7bf77d70b6830636bc36e6b76a228c301be23ff7brianp [Brian Akins <brian.akins turner.com>, Ruediger Pluem]
7bf77d70b6830636bc36e6b76a228c301be23ff7brianp *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
6ef713e25735887d4a59a879b97a68bd575ecb92trawick *) Fix typo in ProxyStatus syntax error message.
cef5cb47e2ea4c174c01762d4430613db0f41e5cstoddard [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
cef5cb47e2ea4c174c01762d4430613db0f41e5cstoddard *) Asynchronous write completion for the Event MPM. [Brian Pane]
8abd60101b9794e224795ccf68b8ba984efbc94astoddard *) Added an End-Of-Request bucket type. The logging of a request and
8abd60101b9794e224795ccf68b8ba984efbc94astoddard the freeing of its pool are now done when the EOR bucket is destroyed.
ca47a2b6bcea23e8af185c68f256dcbbfd2a0f9dtrawick This has the effect of delaying the logging until right after the last
ca47a2b6bcea23e8af185c68f256dcbbfd2a0f9dtrawick of the response is sent; ap_core_output_filter() calls the access logger
6ef713e25735887d4a59a879b97a68bd575ecb92trawick indirectly when it destroys the EOR bucket. [Brian Pane]
ca47a2b6bcea23e8af185c68f256dcbbfd2a0f9dtrawick *) Rewrite of logresolve support utility: IPv6 addresses are now supported
26d590c0e5338f66ca1aad6f925374843fac5121stoddard and the format of statistical output has changed. [Colm MacCarthaigh]
26d590c0e5338f66ca1aad6f925374843fac5121stoddard *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
26d590c0e5338f66ca1aad6f925374843fac5121stoddard *) Added new connection states for handler and write completion
2b31ac2c6342d2afcf67b7b0f08c928a87f98c74wrowe [Brian Pane]
d472f67198d6b15dd1270136f180cca9c9263243trawick *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
d472f67198d6b15dd1270136f180cca9c9263243trawick [Justin Erenkrantz]
d472f67198d6b15dd1270136f180cca9c9263243trawick *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
d472f67198d6b15dd1270136f180cca9c9263243trawick allowing string-valued client certificate attributes to be used for
d472f67198d6b15dd1270136f180cca9c9263243trawick access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
a3bb95a3600153c7f09f62749e32093658943c32brianp [Martin Kraemer, David Reid]
a3bb95a3600153c7f09f62749e32093658943c32brianp [Apache 2.3.0-dev includes those bug fixes and changes with the
b760518cc17e7124ba546ed63063603f1ab82a40aaron Apache 2.2.xx tree as documented, and except as noted, below.]
b760518cc17e7124ba546ed63063603f1ab82a40aaronChanges with Apache 2.2.x and later:
b760518cc17e7124ba546ed63063603f1ab82a40aaron *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
b760518cc17e7124ba546ed63063603f1ab82a40aaronChanges with Apache 2.0.x and later: