CHANGES revision d46dfdce9351f52a971777948d9b02f8fc668ff8
3a9c3ec5357b36fc34766cb8166168311af3562frbb -*- coding: utf-8 -*-
3aa6444bcee4e9fc32ec8860d832ff83a15784efianhChanges with Apache 2.3.7
e2bdfd25d9d0461e0a3ab18ceff2113215e3e115brianp *) SECURITY: CVE-2009-3555 (cve.mitre.org)
e2bdfd25d9d0461e0a3ab18ceff2113215e3e115brianp mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
e2bdfd25d9d0461e0a3ab18ceff2113215e3e115brianp attack when compiled against OpenSSL version 0.9.8m or later. Introduces
b9fe73991e7c592a634242a7e11f924689f58e1fgstein the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
b9fe73991e7c592a634242a7e11f924689f58e1fgstein and offer unsafe legacy renegotiation with clients which do not yet
b9fe73991e7c592a634242a7e11f924689f58e1fgstein support the new secure renegotiation protocol, RFC 5746.
b9fe73991e7c592a634242a7e11f924689f58e1fgstein [Joe Orton, and with thanks to the OpenSSL Team]
d9fcdb415d8661cbd9451df8f88e003a1aa04ce9trawick *) SECURITY: CVE-2009-3555 (cve.mitre.org)
d9fcdb415d8661cbd9451df8f88e003a1aa04ce9trawick mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
d9fcdb415d8661cbd9451df8f88e003a1aa04ce9trawick by rejecting any client-initiated renegotiations. Forcibly disable
d9fcdb415d8661cbd9451df8f88e003a1aa04ce9trawick keepalive for the connection if there is any buffered data readable. Any
81b8d0f83e9d0bc2bf6900fc680737e0cac439a2brianp configuration which requires renegotiation for per-directory/location
81b8d0f83e9d0bc2bf6900fc680737e0cac439a2brianp access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
b5033962c73a470b6f36a3ac796c542a6ab4ddf6brianp [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
d7856f850b9b51165f23ae381a891bda894e1373ianh *) SECURITY: CVE-2010-0408 (cve.mitre.org)
d7856f850b9b51165f23ae381a891bda894e1373ianh mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
d7856f850b9b51165f23ae381a891bda894e1373ianh when request headers indicate a request body is incoming; not a case of
d7856f850b9b51165f23ae381a891bda894e1373ianh HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
d75626f0952c6152a99acd013a4f127d46f0f9edtrawick *) SECURITY: CVE-2010-0425 (cve.mitre.org)
d75626f0952c6152a99acd013a4f127d46f0f9edtrawick mod_isapi: Do not unload an isapi .dll module until the request
d75626f0952c6152a99acd013a4f127d46f0f9edtrawick processing is completed, avoiding orphaned callback pointers.
d75626f0952c6152a99acd013a4f127d46f0f9edtrawick [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
ab2053f3cdda69cfa5e4ce0800ea7af203cc6d5ddougm *) Proxy balancer: support setting error status according to
ab2053f3cdda69cfa5e4ce0800ea7af203cc6d5ddougm HTTP response code from a backend.
ab2053f3cdda69cfa5e4ce0800ea7af203cc6d5ddougm PR 48939 [Daniel Ruggeri <DRuggeri primary.net>]
88ecd979f1112454432371f55a1420240fae3743trawick *) htcacheclean: Introduce the ability to clean specific URLs from the
88ecd979f1112454432371f55a1420240fae3743trawick cache, if provided as an optional parameter on the command line.
548e06e26f5377b2efbb7e0dab20f536e5e24160trawick [Graham Leggett]
548e06e26f5377b2efbb7e0dab20f536e5e24160trawick *) core: Introduce the IncludeStrict directive, which explicitly fails
c02a689f2274966ed5d1c16207f74b5128c35c86trawick server startup if no files or directories match a wildcard path.
c02a689f2274966ed5d1c16207f74b5128c35c86trawick [Graham Leggett]
f51dbb1f5b66d94b5c190bfcd444aa73bdc2b176trawick *) htcacheclean: Report additional statistics about entries deleted.
f51dbb1f5b66d94b5c190bfcd444aa73bdc2b176trawick PR 48944. [Mark Drayton mark markdrayton.info]
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard build of openssl is required for 'SSLFIPS on'. PR 46270.
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard [Dr Stephen Henson <steve openssl.org>, William Rowe]
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard *) mod_proxy_http: Log the port of the remote server in various messages.
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard PR 48812. [Igor Galić <i galic brainsware org>]
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
aa202cda00837ed5381d5f67254e08c565a5c3a8stoddard connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
94f4821a5444a4fe782f772aef5db4d8b839675djerenkrantz *) mod_proxy_ajp: Really regard the operation a success, when the client
94f4821a5444a4fe782f772aef5db4d8b839675djerenkrantz aborted the connection. In addition adjust the log message if the client
94f4821a5444a4fe782f772aef5db4d8b839675djerenkrantz aborted the connection. [Ruediger Pluem]
2a49e30bae376c9744b96c8681ab88122ccaa46cjerenkrantz *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
2a49e30bae376c9744b96c8681ab88122ccaa46cjerenkrantz allows insecure renegotiation with clients which do not yet
2a49e30bae376c9744b96c8681ab88122ccaa46cjerenkrantz support the secure renegotiation protocol. [Joe Orton]
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin is configured for client cert auth. PR 46952. [Joe Orton]
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin *) core: Only log a 408 if it is no keepalive timeout. PR 39785
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin [Ruediger Pluem, Mark Montague <markmont umich.edu>]
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin *) support/rotatelogs: Add -L option to create a link to the current
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
afef080e47ef499a5cbceb7ad7fadbb3abca0b48minfrin *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
c49200a2bdbb8fa1f2e5c3b87cc497ecdeefa8feminfrin setting only, matching most of the documentation and examples.
c49200a2bdbb8fa1f2e5c3b87cc497ecdeefa8feminfrin PR 46541 [Paul Reder, Eric Covener]
c49200a2bdbb8fa1f2e5c3b87cc497ecdeefa8feminfrin *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
103005439776bb7aeccb95ebf4761ebfef3f9c39ianh types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
103005439776bb7aeccb95ebf4761ebfef3f9c39ianh *) mod_negotiation: Preserve query string over multiviews negotiation.
92d311b27a6182c2eed67317990c8c168584ee75trawick This buglet was fixed for type maps in 2.2.6, but the same issue
92d311b27a6182c2eed67317990c8c168584ee75trawick affected multiviews and was overlooked.
92d311b27a6182c2eed67317990c8c168584ee75trawick PR 33112 [Joergen Thomsen <apache jth.net>]
92d311b27a6182c2eed67317990c8c168584ee75trawick *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
744ecbcc06a9128fc4730d1334cc180bf7fc521caaron when some are not password-protected. [Eric Covener]
6f0dd808a674b7c09a625b36f320030f4e339f8faaron *) Fix startup segfault when the Mutex directive is used but no loaded
744ecbcc06a9128fc4730d1334cc180bf7fc521caaron modules use httpd mutexes. PR 48787. [Jeff Trawick]
59511de77b389ced52253d055fc470ecfedfcd99aaron *) Proxy: get the headers right in a HEAD request with
59511de77b389ced52253d055fc470ecfedfcd99aaron ProxyErrorOverride, by checking for an overridden error
59511de77b389ced52253d055fc470ecfedfcd99aaron before not after going into a catch-all code path.
b5cdec7910a44654cb254b99c5a39d7c180c4bcajerenkrantz PR 41646. [Nick Kew, Stuart Children]
b5cdec7910a44654cb254b99c5a39d7c180c4bcajerenkrantz *) support/rotatelogs: Support the simplest log rotation case, log
b5cdec7910a44654cb254b99c5a39d7c180c4bcajerenkrantz truncation. Useful when the log is being processed in real time
b5cdec7910a44654cb254b99c5a39d7c180c4bcajerenkrantz using a command like tail. [Graham Leggett]
c10fe96ac7d024918e26af6c8ba5470273b75bb2jwoolley *) support/htcacheclean: Teach it how to write a pid file (modelled on
6c2dc61d4760fa5e356f95c4b1685eec7f1d75dcaaron httpd's writing of a pid file) so that it becomes possible to run
6c2dc61d4760fa5e356f95c4b1685eec7f1d75dcaaron more than one instance of htcacheclean on the same machine.
6c2dc61d4760fa5e356f95c4b1685eec7f1d75dcaaron [Graham Leggett]
6c2dc61d4760fa5e356f95c4b1685eec7f1d75dcaaron *) Log command line on startup, so there's a record of command line
6c2dc61d4760fa5e356f95c4b1685eec7f1d75dcaaron arguments like -f. PR 48752. [Dan Poirier]
6c2dc61d4760fa5e356f95c4b1685eec7f1d75dcaaron *) Introduce mod_reflector, a handler capable of reflecting POSTed
01e8aca9299a0b872414c24c8b7724d6f88ae665ianh request bodies back within the response through the output filter
01e8aca9299a0b872414c24c8b7724d6f88ae665ianh stack. Can be used to turn an output filter into a web service.
01e8aca9299a0b872414c24c8b7724d6f88ae665ianh [Graham Leggett]
f783dff0c8b69344a6b67e97f16b91f8b0790799dougm *) mod_proxy_http: Make sure that when an ErrorDocument is served
f783dff0c8b69344a6b67e97f16b91f8b0790799dougm from a reverse proxied URL, that the subrequest respects the status
f783dff0c8b69344a6b67e97f16b91f8b0790799dougm of the original request. This brings the behaviour of proxy_handler
f783dff0c8b69344a6b67e97f16b91f8b0790799dougm in line with default_handler. PR 47106. [Graham Leggett]
6362515725d2b6d66ac3b26531f8c53ac75f8c20wrowe *) Support wildcards in both the directory and file components of
f783dff0c8b69344a6b67e97f16b91f8b0790799dougm the path specified by the Include directive. [Graham Leggett]
6362515725d2b6d66ac3b26531f8c53ac75f8c20wrowe *) mod_proxy, mod_proxy_http: Support remote https proxies
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron by using HTTP CONNECT. PR 19188.
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
98ae9b96926a3dd99b195d7628c7e527e720f6acaaronChanges with Apache 2.3.6
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron *) worker: Don't report server has reached MaxClients until it has.
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron Add message when server gets within MinSpareThreads of MaxClients.
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron PR 46996. [Dan Poirier]
98ae9b96926a3dd99b195d7628c7e527e720f6acaaron *) mod_session: Session expiry was being initialised, but not updated
9379749d811388a7d0e3410940ddd6743a33d330jim on each session save, resulting in timed out sessions when there
9379749d811388a7d0e3410940ddd6743a33d330jim should not have been. Fixed. [Graham Leggett]
9379749d811388a7d0e3410940ddd6743a33d330jim *) mod_log_config: Add the R option to log the handler used within the
f37499bf7da81cd6b697d4667233137957426428jerenkrantz request. [Christian Folini <christian.folini netnea com>]
421dc1d123c9adda60e024f93fb614bfada8b9e5wrowe *) mod_include: Allow fine control over the removal of Last-Modified and
b8c2b4dfc363e33a8a1c2464802c3fb05cab86bbwrowe ETag headers within the INCLUDES filter, making it possible to cache
421dc1d123c9adda60e024f93fb614bfada8b9e5wrowe responses if desired. Fix the default value of the SSIAccessEnable
421dc1d123c9adda60e024f93fb614bfada8b9e5wrowe directive. [Graham Leggett]
83d91d60d00dc345bfbcbc48ff206db4a6b23b2eaaron *) Add new UnDefine directive to undefine a variable. PR 35350.
83d91d60d00dc345bfbcbc48ff206db4a6b23b2eaaron [Stefan Fritsch]
83d91d60d00dc345bfbcbc48ff206db4a6b23b2eaaron *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
83d91d60d00dc345bfbcbc48ff206db4a6b23b2eaaron for regex backreferences as mod_rewrite and mod_include: Remove the use
c10fe96ac7d024918e26af6c8ba5470273b75bb2jwoolley of '&' as an alias for '$0' and allow to escape any character with a
c10fe96ac7d024918e26af6c8ba5470273b75bb2jwoolley backslash. PR 48351. [Stefan Fritsch]
83ca150ef902e9692972aa923e893bc6406d20f1ianh *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
f37499bf7da81cd6b697d4667233137957426428jerenkrantz password to UTF-8. PR 45318.
cbfbf9598d686b11afc7a9f9d91a8facfdfa7216trawick [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
7a8a0744e378f2343c3ee6787fac0f8f959d2141brianp *) ab: Fix calculation of requests per second in HTML output. PR 48594.
7a8a0744e378f2343c3ee6787fac0f8f959d2141brianp [Stefan Fritsch]
7a8a0744e378f2343c3ee6787fac0f8f959d2141brianp *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
f5ce2873c97c12a34d6b03d2771b9250b7bbfe55wrowe password now result in an informational level log entry instead of
f5ce2873c97c12a34d6b03d2771b9250b7bbfe55wrowe warning level. [Eric Covener]
f5ce2873c97c12a34d6b03d2771b9250b7bbfe55wroweChanges with Apache 2.3.5
f5ce2873c97c12a34d6b03d2771b9250b7bbfe55wrowe *) SECURITY: CVE-2010-0434 (cve.mitre.org)
f5ce2873c97c12a34d6b03d2771b9250b7bbfe55wrowe Ensure each subrequest has a shallow copy of headers_in so that the
f5ce2873c97c12a34d6b03d2771b9250b7bbfe55wrowe parent request headers are not corrupted. Eliminates a problematic
73cba74a34576f7ece4bd98fd58c8a932a178e6daaron optimization in the case of no request body. PR 48359
73cba74a34576f7ece4bd98fd58c8a932a178e6daaron [Jake Scott, William Rowe, Ruediger Pluem]
73cba74a34576f7ece4bd98fd58c8a932a178e6daaron *) Turn static function get_server_name_for_url() into public
73cba74a34576f7ece4bd98fd58c8a932a178e6daaron ap_get_server_name_for_url() and use it where appropriate. This
73cba74a34576f7ece4bd98fd58c8a932a178e6daaron fixes mod_rewrite generating invalid URLs for redirects to IPv6
73cba74a34576f7ece4bd98fd58c8a932a178e6daaron literal addresses. [Stefan Fritsch]
29c30db45f6a469017e16b606611e460cc1a1f2caaron *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
29c30db45f6a469017e16b606611e460cc1a1f2caaron for LDAP operations like bind and search. [Stefan Fritsch]
095071bbd0b3ccccd6883edc7cd10f13cac71160ianh *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
095071bbd0b3ccccd6883edc7cd10f13cac71160ianh mod_proxy_ftp. [Takashi Sato]
a322a82f79b790fb7ddcd7df4459d20725450fa7trawick *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
a322a82f79b790fb7ddcd7df4459d20725450fa7trawick mod_proxy_connect. [Takashi Sato]
21644b4d1b09d0531911a8c9a891819a261480f8minfrin *) mod_cache: Do an exact match of the keys defined by
21644b4d1b09d0531911a8c9a891819a261480f8minfrin CacheIgnoreURLSessionIdentifiers against the querystring instead of
21644b4d1b09d0531911a8c9a891819a261480f8minfrin a partial match. PR 48401.
21644b4d1b09d0531911a8c9a891819a261480f8minfrin [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
21644b4d1b09d0531911a8c9a891819a261480f8minfrin *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
21644b4d1b09d0531911a8c9a891819a261480f8minfrin *) Core HTTP: disable keepalive when the Client has sent
21644b4d1b09d0531911a8c9a891819a261480f8minfrin Expect: 100-continue
21644b4d1b09d0531911a8c9a891819a261480f8minfrin but we respond directly with a non-100 response.
bf5cf58cc30750e9f9764cc830aff426ced288f9aaron Keepalive here led to data from clients continuing being treated as
bf5cf58cc30750e9f9764cc830aff426ced288f9aaron a new request.
bf5cf58cc30750e9f9764cc830aff426ced288f9aaron PR 47087 [Nick Kew]
7cdc36a99b42a3c5e36ac47726ad41c9c7b039ceianh *) Core: reject NULLs in request line or request headers.
7cdc36a99b42a3c5e36ac47726ad41c9c7b039ceianh PR 43039 [Nick Kew]
cbfbf9598d686b11afc7a9f9d91a8facfdfa7216trawick *) Core: (re)-introduce -T commandline option to suppress documentroot
cbfbf9598d686b11afc7a9f9d91a8facfdfa7216trawick check at startup.
e37c657172940f82d9b28a45fc1304140eb0b1d7stoddard PR 41887 [Jan van den Berg <janvdberg gmail.com>]
e37c657172940f82d9b28a45fc1304140eb0b1d7stoddard *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
edd6c1f4be1aa23fc99134802941397f7f31b3d5jerenkrantz ScanHTMLTitles, ReadmeName, HeaderName
5f08a022a210f4e511561e89f500621a15e6177dtrawick PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
6db5333c9461942b8af724b101e687af541d4d4cjerenkrantz *) Proxy: Fix ProxyPassReverse with relative URL
6db5333c9461942b8af724b101e687af541d4d4cjerenkrantz Derived (slightly erroneously) from PR 38864 [Nick Kew]
d4fcf63a5d9171d50c0d04e05a35ec6bf1f85100jerenkrantz *) mod_headers: align Header Edit with Header Set when used on Content-Type
d4fcf63a5d9171d50c0d04e05a35ec6bf1f85100jerenkrantz PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
dee6a8bde4d598087dc4b3ebf3d4dd06809d2dd7jerenkrantz *) mod_headers: Enable multi-match-and-replace edit option
dee6a8bde4d598087dc4b3ebf3d4dd06809d2dd7jerenkrantz PR 47066 [Nick Kew]
edd6c1f4be1aa23fc99134802941397f7f31b3d5jerenkrantz *) mod_filter: enable it to act on non-200 responses.
edd6c1f4be1aa23fc99134802941397f7f31b3d5jerenkrantz PR 48377 [Nick Kew]
d7d551e53cdfb3288eb651447d7209599c40d17estoddardChanges with Apache 2.3.4
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
956a1511249b1fec73aaee0fb7d69c8492aa1368aaron and WatchdogMutexPath with a single Mutex directive. Add APIs to
956a1511249b1fec73aaee0fb7d69c8492aa1368aaron simplify setup and user customization of APR proc and global mutexes.
956a1511249b1fec73aaee0fb7d69c8492aa1368aaron (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
956a1511249b1fec73aaee0fb7d69c8492aa1368aaron respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
d0e4ca9bfd8bf44bea574733965851bfee939d95aaron *) http_core: KeepAlive no longer accepts other than On|Off.
d0e4ca9bfd8bf44bea574733965851bfee939d95aaron [Takashi Sato]
d0e4ca9bfd8bf44bea574733965851bfee939d95aaron *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
d0e4ca9bfd8bf44bea574733965851bfee939d95aaron and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
956a1511249b1fec73aaee0fb7d69c8492aa1368aaron [Jeff Trawick]
a4b3fb28f3d2e0983b15b4c6828c6980f2fc9b15jerenkrantz *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
a4b3fb28f3d2e0983b15b4c6828c6980f2fc9b15jerenkrantz try other providers in the case of an LDAP bind failure.
a4b3fb28f3d2e0983b15b4c6828c6980f2fc9b15jerenkrantz PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
548b2980e83f609186a76e98fb245d02e8547bc3jerenkrantz *) Build: fix --with-module to work as documented
548b2980e83f609186a76e98fb245d02e8547bc3jerenkrantz PR 43881 [Gez Saunders <gez.saunders virgin.net>]
e54b09d79ca9bc18ea5ae33367fd907473621dcejerenkrantzChanges with Apache 2.3.3
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz *) SECURITY: CVE-2009-3095 (cve.mitre.org)
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz mod_proxy_ftp: sanity check authn credentials.
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz [Stefan Fritsch <sf fritsch.de>, Joe Orton]
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz *) SECURITY: CVE-2009-3094 (cve.mitre.org)
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz mod_proxy_ftp: NULL pointer dereference on error paths.
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz [Stefan Fritsch <sf fritsch.de>, Joe Orton]
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz *) mod_dav: Include uri when logging a PUT error due to connection abort.
edcd9e6d9d29f60b25f7b9779dbd33e9dc1cc79ejerenkrantz PR 38149. [Stefan Fritsch]
3dacbb0a9d24ff7178be1d79846225549719c0c7jerenkrantz *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
0733b4ac1b339822a5b506be8a28fea6e384cbfetrawick resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
1582553026e5e3a1921a34222eaee923fddee9b9wrowe *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
1582553026e5e3a1921a34222eaee923fddee9b9wrowe (a COPY request where the parent of the destination resource does not
1582553026e5e3a1921a34222eaee923fddee9b9wrowe exist). PR 39299. [Stefan Fritsch]
1582553026e5e3a1921a34222eaee923fddee9b9wrowe *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
1582553026e5e3a1921a34222eaee923fddee9b9wrowe PR 42896. [Stefan Fritsch]
1582553026e5e3a1921a34222eaee923fddee9b9wrowe *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
1582553026e5e3a1921a34222eaee923fddee9b9wrowe old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
1582553026e5e3a1921a34222eaee923fddee9b9wrowe *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
1582553026e5e3a1921a34222eaee923fddee9b9wrowe creating files. On systems with inode numbers, this is a format change of
1582553026e5e3a1921a34222eaee923fddee9b9wrowe the DavLockDB. The old DavLockDB must be deleted on upgrade.
1582553026e5e3a1921a34222eaee923fddee9b9wrowe [Stefan Fritsch]
1582553026e5e3a1921a34222eaee923fddee9b9wrowe *) mod_log_config: Make ${cookie}C correctly match whole cookie names
bd214bbc8d9db9d6d1dcb6b24462e6d1da8e8bbbstoddard instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
bd214bbc8d9db9d6d1dcb6b24462e6d1da8e8bbbstoddard Stefan Fritsch]
064448ce15afe798e3c1dc0445fe2a30eb256bf6gregames *) vhost: A purely-numeric Host: header should not be treated as a port.
064448ce15afe798e3c1dc0445fe2a30eb256bf6gregames PR 44979 [Nick Kew]
762c82a23cc3ddaac92f941b2f871e94efdf4e6bgregames *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
762c82a23cc3ddaac92f941b2f871e94efdf4e6bgregames when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
762c82a23cc3ddaac92f941b2f871e94efdf4e6bgregames LDAPReferralHopLimit is explicitly configured.
fb50cf6056a42f94cc9e8eeabea1eb8d05e0aefcaaron [Eric Covener]
fb50cf6056a42f94cc9e8eeabea1eb8d05e0aefcaaron *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
fb50cf6056a42f94cc9e8eeabea1eb8d05e0aefcaaron [Eric Covener]
d56c38bfb6293bfff7c980858b19e32039106618jerenkrantz *) mod_ssl: Add support for OCSP Stapling. PR 43822.
d56c38bfb6293bfff7c980858b19e32039106618jerenkrantz [Dr Stephen Henson <shenson oss-institute.org>]
d56c38bfb6293bfff7c980858b19e32039106618jerenkrantz *) mod_socache_shmcb: Allow parens in file name if cache size is given.
7c301a1818939f85da8f3629cc3e9b5588610ef0jerenkrantz Fixes SSLSessionCache directive mis-parsing parens in pathname.
7c301a1818939f85da8f3629cc3e9b5588610ef0jerenkrantz PR 47945. [Stefan Fritsch]
a7fb6d64e059872d5410e873b7f492d62a5cf916rbb *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
a7fb6d64e059872d5410e873b7f492d62a5cf916rbb *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
a7fb6d64e059872d5410e873b7f492d62a5cf916rbb *) mod_sed: Reduce memory consumption when processing very long lines.
a985ccb3ebd4be0fda23a0ce9ad95fd233089463trawick PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
a985ccb3ebd4be0fda23a0ce9ad95fd233089463trawick *) ab: Fix segfault in case the argument for -n is a very large number.
a985ccb3ebd4be0fda23a0ce9ad95fd233089463trawick PR 47178. [Philipp Hagemeister <oss phihag.de>]
af262486b3d1c33299307195a715bd1e373f99afrbb *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
af262486b3d1c33299307195a715bd1e373f99afrbb [Stefan Fritsch]
af262486b3d1c33299307195a715bd1e373f99afrbb *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
af262486b3d1c33299307195a715bd1e373f99afrbb for worker MPM. [Takashi Sato]
628ce9384209a460022be952ccdcc8538ad3ca84slive *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
628ce9384209a460022be952ccdcc8538ad3ca84slive from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
628ce9384209a460022be952ccdcc8538ad3ca84slive Brian France <brian brianfrance.com>]
2b9a9a94658c0febcad2f76621b2d5ab856edc6atrawick *) Build: Use install instead of cp if available on installing
2b9a9a94658c0febcad2f76621b2d5ab856edc6atrawick modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
2b9a9a94658c0febcad2f76621b2d5ab856edc6atrawick *) mod_cache: correctly consider s-maxage in cacheability
f6f453bf03007f391d347dc821e507cdd924d1bftrawick decisions. [Dan Poirier]
f6f453bf03007f391d347dc821e507cdd924d1bftrawick *) mod_logio/core: Report more accurate byte counts in mod_status if
f6f453bf03007f391d347dc821e507cdd924d1bftrawick mod_logio is loaded. PR 25656. [Stefan Fritsch]
205f4595abf32ae208958d7f8abea68b335c9f39trawick *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
205f4595abf32ae208958d7f8abea68b335c9f39trawick some cache entries and log a warning. Also increase the default
205f4595abf32ae208958d7f8abea68b335c9f39trawick LDAPSharedCacheSize to 500000. This is a more realistic size suitable
205f4595abf32ae208958d7f8abea68b335c9f39trawick for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
1078b2c97bb39352bae929d2ed3f290a420470a7ianh PR 46749. [Stefan Fritsch]
1078b2c97bb39352bae929d2ed3f290a420470a7ianh *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
1078b2c97bb39352bae929d2ed3f290a420470a7ianh the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
1078b2c97bb39352bae929d2ed3f290a420470a7ianh *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
1078b2c97bb39352bae929d2ed3f290a420470a7ianh Location section, in line with how ProxyPass works. [Graham Leggett]
a8d5ccbcbde8cb6cf3a9dcf2eb05f393ab76baa9ianh *) mod_reqtimeout: New module to set timeouts and minimum data rates for
611e46c801a6bd62e58a7f68abe1d2bbba473a92aaron receiving requests from the client. [Stefan Fritsch]
611e46c801a6bd62e58a7f68abe1d2bbba473a92aaron *) core: Fix potential memory leaks by making sure to not destroy
611e46c801a6bd62e58a7f68abe1d2bbba473a92aaron bucket brigades that have been created by earlier filters.
4224d5789080ea5586d49420da1e1996f5653bb5ianh [Stefan Fritsch]
fd3fa792f04fc9c4e8f5f83dceb0fc34e71f8570ianh *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
2d2e3667d789f527a04ce6a0089621470c8143ccmartin brigades in several places. [Stefan Fritsch]
2d2e3667d789f527a04ce6a0089621470c8143ccmartin *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
2d2e3667d789f527a04ce6a0089621470c8143ccmartin match by scheme, or by a wildcarded hostname. PR 40169
2d2e3667d789f527a04ce6a0089621470c8143ccmartin [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
2d2e3667d789f527a04ce6a0089621470c8143ccmartin *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
2d2e3667d789f527a04ce6a0089621470c8143ccmartin on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
2d2e3667d789f527a04ce6a0089621470c8143ccmartin *) mod_mime: Make RemoveType override the info from TypesConfig.
9b0141308bc27f61d82742c198356975aa6b488abrianp PR 38330. [Stefan Fritsch]
9b0141308bc27f61d82742c198356975aa6b488abrianp *) mod_cache: Introduce the option to run the cache from within the
fd3fa792f04fc9c4e8f5f83dceb0fc34e71f8570ianh normal request handler, and to allow fine grained control over
fd3fa792f04fc9c4e8f5f83dceb0fc34e71f8570ianh where in the filter chain content is cached. [Graham Leggett]
fd3fa792f04fc9c4e8f5f83dceb0fc34e71f8570ianh *) core: Treat timeout reading request as 408 error, not 400.
22d348febc3c258df246ac93e37945398dbf0348ianh Log 408 errors in access log as was done in Apache 1.3.x.
22d348febc3c258df246ac93e37945398dbf0348ianh PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
7a95e47ff0d0e4306df0901d56131b49dca5691etrawick Stefan Fritsch <sf fritsch.de>, Dan Poirier]
62af8654f682ca4913636bae099bec0befab985ctrawick *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
62af8654f682ca4913636bae099bec0befab985ctrawick SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
1e557a77c091a1d2f2872872a7c20e9f2ffccbc1aaron *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
1e557a77c091a1d2f2872872a7c20e9f2ffccbc1aaron PR15866. [Dan Poirier]
5e98e52df07f59be456af01ebf46d81defef2385trawick *) ab: ab segfaults in verbose mode on https sites
5e98e52df07f59be456af01ebf46d81defef2385trawick PR46393. [Ryan Niebur]
5e98e52df07f59be456af01ebf46d81defef2385trawick *) mod_dav: Allow other modules to become providers and add resource types
7a95e47ff0d0e4306df0901d56131b49dca5691etrawick to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
7a95e47ff0d0e4306df0901d56131b49dca5691etrawick Brian France <brian brianfrance.com>]
7a95e47ff0d0e4306df0901d56131b49dca5691etrawick *) mod_dav: Allow other modules to add things to the DAV or Allow headers
b393bdb2e1eabbe4b9b37c5eaeeeca799b2eb324stoddard of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
b393bdb2e1eabbe4b9b37c5eaeeeca799b2eb324stoddard Brian France <brian brianfrance.com>]
6f912b4ad14f622aa8d57f887c8c745e13ff6dbfjerenkrantz *) core: Lower memory usage of core output filter.
3cd826b00280881e5a2f03d8ec1f8d55802b93dewrowe [Stefan Fritsch <sf sfritsch.de>]
3cd826b00280881e5a2f03d8ec1f8d55802b93dewrowe *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
3cd826b00280881e5a2f03d8ec1f8d55802b93dewrowe LocationMatch sections. PR47754. [Dan Poirier]
435c423bdcfa61ff871a9e289d1140f2bac839b8brianp *) mod_request: Make sure the KeptBodySize directive rejects values
435c423bdcfa61ff871a9e289d1140f2bac839b8brianp that aren't valid numbers. [Graham Leggett]
bf9e1eb04f8b0af835d15ac1d0ebcd8a154474cfjerenkrantz *) mod_session_crypto: Sanity check should the potentially encrypted
e93cea6246ce30bf9791530a15c56f9e2eecf9cbianh session cookie be too short. [Graham Leggett]
f65342c1467751310036d4f9d75f554eaaf01cc6wrowe *) mod_session.c: Prevent a segfault when session is added but not
f65342c1467751310036d4f9d75f554eaaf01cc6wrowe configured. [Graham Leggett]
960eba6c6d512880c3ed0516f5d15c6e7bc7581ajerenkrantz *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
45613d36b9466a48def0498cffa07f48980720f8jerenkrantz *) mod_auth_digest: Fail server start when nonce count checking
45613d36b9466a48def0498cffa07f48980720f8jerenkrantz is configured without shared memory, or md5-sess algorithm is
45613d36b9466a48def0498cffa07f48980720f8jerenkrantz configured. [Dan Poirier]
6f912b4ad14f622aa8d57f887c8c745e13ff6dbfjerenkrantz *) mod_proxy_connect: The connect method doesn't work if the client is
1abe6003aeb198cc97263503bceed457a6c2cb4aaaron connecting to the apache proxy through an ssl socket. Fixed.
1abe6003aeb198cc97263503bceed457a6c2cb4aaaron PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
1abe6003aeb198cc97263503bceed457a6c2cb4aaaron David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
cbd8d35ca8d9780f1081f30ebfe4abda44cab7ebianh Kevin Croft, Rudolf Cardinal]
cbd8d35ca8d9780f1081f30ebfe4abda44cab7ebianh *) mod_ssl: The error message when SSLCertificateFile is missing should
cbd8d35ca8d9780f1081f30ebfe4abda44cab7ebianh at least give the name or position of the problematic virtual host
cbd8d35ca8d9780f1081f30ebfe4abda44cab7ebianh definition. [Stefan Fritsch sf sfritsch.de]
0dc14774d2c21baf6123fcafdb853af5be1d97edwrowe *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
3ad5a1fa75e728431fa7b8e3d8a74bcadcd79d4dlars *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
3fde4c273ea649d1320ec9c51e7d096cd9340a94jerenkrantz *) mod_headers: generalise the envclause to support expression
3fde4c273ea649d1320ec9c51e7d096cd9340a94jerenkrantz evaluation with ap_expr parser [Nick Kew]
75eee56d2eaac9c27d32fc46b90bb6b1eac85359trawick *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
75eee56d2eaac9c27d32fc46b90bb6b1eac85359trawick the flood of requests at bay that strike a backend webserver as
0dc14774d2c21baf6123fcafdb853af5be1d97edwrowe a cached entity goes stale. [Graham Leggett]
741a54303329728b27fe347447a362e1c576135etrawick *) mod_auth_digest: Fix usage of shared memory and re-enable it.
0dc14774d2c21baf6123fcafdb853af5be1d97edwrowe PR 16057 [Dan Poirier]
9f62694a8b4e2b88994a14555d144b3836b311cfstoddard *) Preserve Port information over internal redirects
52489511342e4ff3fe399e57f29d38e5c4227bc8trawick *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
52489511342e4ff3fe399e57f29d38e5c4227bc8trawick rather than BAD_GATEWAY or (especially) NOT_FOUND.
52489511342e4ff3fe399e57f29d38e5c4227bc8trawick PR 46971 [evanc nortel.com]
8864d6f5f4744b5d2b638e2a53e2660bcf8b5ab5dougm *) Various modules: Do better checking of pollset operations in order to
8864d6f5f4744b5d2b638e2a53e2660bcf8b5ab5dougm avoid segmentation faults if they fail. PR 46467
8864d6f5f4744b5d2b638e2a53e2660bcf8b5ab5dougm [Stefan Fritsch <sf sfritsch.de>]
1e83c8de3aa48b316b28057d53995272baf1260cwrowe *) mod_autoindex: Correctly create an empty cell if the description
1dfb5e008f35ed13c343b7f6306675e33c399792gstein for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
1dfb5e008f35ed13c343b7f6306675e33c399792gstein *) ab: Fix broken error messages after resolver or connect() failures.
1dfb5e008f35ed13c343b7f6306675e33c399792gstein [Jeff Trawick]
eadb64379834961679105b7fd4178253fbb9f95dtrawick *) SECURITY: CVE-2009-1890 (cve.mitre.org)
eadb64379834961679105b7fd4178253fbb9f95dtrawick Fix a potential Denial-of-Service attack against mod_proxy in a
eadb64379834961679105b7fd4178253fbb9f95dtrawick reverse proxy configuration, where a remote attacker can force a
eadb64379834961679105b7fd4178253fbb9f95dtrawick proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
c7e917aa56886c47bfe061c5e9f603a5aaef0d87trawick *) SECURITY: CVE-2009-1191 (cve.mitre.org)
c7e917aa56886c47bfe061c5e9f603a5aaef0d87trawick mod_proxy_ajp: Avoid delivering content from a previous request which
b8daf4c5ea3d5bb2111b1b021de6d3cd891e403bcoar failed to send a request body. PR 46949 [Ruediger Pluem]
b8daf4c5ea3d5bb2111b1b021de6d3cd891e403bcoar *) htdbm: Fix possible buffer overflow if dbm database has very
b8daf4c5ea3d5bb2111b1b021de6d3cd891e403bcoar long values. PR 30586 [Dan Poirier]
6b6083e6518007139257ee449c2af3032d2437d0trawick *) core: Return APR_EOF if request body is shorter than the length announced
6b6083e6518007139257ee449c2af3032d2437d0trawick by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
88dd056b9863502bba82c2889a0c4cde9fc0ba93trawick *) mod_suexec: correctly set suexec_enabled when httpd is run by a
88dd056b9863502bba82c2889a0c4cde9fc0ba93trawick non-root user and may have insufficient permissions.
88dd056b9863502bba82c2889a0c4cde9fc0ba93trawick PR 42175 [Jim Radford <radford blackbean.org>]
7ef3a1797818c6d25efe8c5fadb5eec3b965a6fabrianp *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
7ef3a1797818c6d25efe8c5fadb5eec3b965a6fabrianp type. PR 45107. [Michael Ströder <michael stroeder.com>,
1e83c8de3aa48b316b28057d53995272baf1260cwrowe *) mod_proxy_http: fix case sensitivity checking transfer encoding
1e83c8de3aa48b316b28057d53995272baf1260cwrowe *) mod_alias: ensure Redirect issues a valid URL.
1e83c8de3aa48b316b28057d53995272baf1260cwrowe PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
1e83c8de3aa48b316b28057d53995272baf1260cwrowe *) mod_dir: add FallbackResource directive, to enable admin to specify
1e83c8de3aa48b316b28057d53995272baf1260cwrowe an action to happen when a URL maps to no file, without resorting
1e83c8de3aa48b316b28057d53995272baf1260cwrowe to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
7f683bb300df767164724ebc664f339ac396b434dougm *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
7f683bb300df767164724ebc664f339ac396b434dougm CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
7f683bb300df767164724ebc664f339ac396b434dougm *) mod_rewrite: Remove locking for writing to the rewritelog.
7f683bb300df767164724ebc664f339ac396b434dougm PR 46942 [Dan Poirier <poirier pobox.com>]
26dfa083a1662d57ba7cc410eec4e0696b9be469wrowe *) mod_alias: check sanity in Redirect arguments.
26dfa083a1662d57ba7cc410eec4e0696b9be469wrowe PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
26dfa083a1662d57ba7cc410eec4e0696b9be469wrowe *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
4760aa1f19600972cf531ad7da73c1ee5a0225cedougm PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
87a1c79b7b37702a254920ca5214fb282a4fb085dougm *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
994c3fbc3335e8fe883b1ce4515efc0c85061cdfaaron defined session identifiers encoded in the URL when caching.
d5d164b22a2004abed640cb52fc275f00ed92f69jerenkrantz [Ruediger Pluem]
e93d563852e1fa7a8c73af3b807916b41942d2f6dreid *) mod_rewrite: Fix the error string returned by RewriteRule.
e93d563852e1fa7a8c73af3b807916b41942d2f6dreid RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
e93d563852e1fa7a8c73af3b807916b41942d2f6dreid argument of RewriteRule was not started with "[" or not ended with "]".
e93d563852e1fa7a8c73af3b807916b41942d2f6dreid PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
525508562a53864b78cf8da91ac13be9c072bba7jerenkrantz *) Windows: Fix usage message.
525508562a53864b78cf8da91ac13be9c072bba7jerenkrantz [Rainer Jung]
f1fe10268cdadb775eef841aa4fa7305291d35fdtrawick *) apachectl: When passing through arguments to httpd in
f1fe10268cdadb775eef841aa4fa7305291d35fdtrawick non-SysV mode, use the "$@" syntax to preserve arguments.
f1fe10268cdadb775eef841aa4fa7305291d35fdtrawick [Eric Covener]
f04ad0ba7fe0eea5ea7a92f852cef75747ab2090trawick *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
f04ad0ba7fe0eea5ea7a92f852cef75747ab2090trawick be run when a connection is opened. PR 46827
65a1588701f9e5d0f62261d0da85733a23edc92ftrawick [Marko Kevac <mkevac gmail.com>]
65a1588701f9e5d0f62261d0da85733a23edc92ftrawick *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
65a1588701f9e5d0f62261d0da85733a23edc92ftrawick PR 47037. [Jeff Trawick]
d5d164b22a2004abed640cb52fc275f00ed92f69jerenkrantz *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
d5d164b22a2004abed640cb52fc275f00ed92f69jerenkrantz protocol. [Mladen Turk]
360a9d933a8c25f5975e0ddc883607a5d37e408estoddard *) mod_proxy_ajp: Forward remote port information by default.
360a9d933a8c25f5975e0ddc883607a5d37e408estoddard [Rainer Jung]
360a9d933a8c25f5975e0ddc883607a5d37e408estoddard *) Allow MPMs to be loaded dynamically, as with most other modules. Use
9b8afc47122e9b0eabb860b6ba2cf9c061c6060fstoddard --enable-mpms-shared={list|"all"} to enable. This required changes to
9b8afc47122e9b0eabb860b6ba2cf9c061c6060fstoddard the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed
9b8afc47122e9b0eabb860b6ba2cf9c061c6060fstoddard header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
9b8afc47122e9b0eabb860b6ba2cf9c061c6060fstoddard ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
a21148678a1459064627d917a66669e7e8d140e6stoddard called until after the register-hooks phase. [Jeff Trawick]
910df8b3f50a0515b430b999d4750de94c509f2atrawick *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
c6a9d49433c9ba5b18b26c3d764f1bbcb9746090wrowe to enable stricter checking of remote server certificates.
c6a9d49433c9ba5b18b26c3d764f1bbcb9746090wrowe [Ruediger Pluem]
51be7fc538641ed7cb22e959eb31629f7183f70fianh *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
51be7fc538641ed7cb22e959eb31629f7183f70fianh returns EINPROGRESS and a subsequent poll() returns only POLLERR.
bb6a7fc0427d0d197c50de34b94a0d23e5732696wrowe Observed on HP-UX. [Eric Covener]
bb6a7fc0427d0d197c50de34b94a0d23e5732696wrowe *) Remove broken support for BeOS, OS/2, TPF, and even older platforms such
bb6a7fc0427d0d197c50de34b94a0d23e5732696wrowe as A/UX, Next, and Tandem. [Jeff Trawick]
decd0c23bb26f6662f4b963cf86ee569613bffeagregames *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
decd0c23bb26f6662f4b963cf86ee569613bffeagregames globbing characters to be retrieved instead of converted into a
e1753aabf5df187b5b04e72a958af4b65b1a125daaron directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
e1753aabf5df187b5b04e72a958af4b65b1a125daaron *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
e1753aabf5df187b5b04e72a958af4b65b1a125daaron of module state across unload/load. [Jeff Trawick]
e1753aabf5df187b5b04e72a958af4b65b1a125daaron *) mod_substitute: Fix a memory leak. PR 44948
e1753aabf5df187b5b04e72a958af4b65b1a125daaron [Dan Poirier <poirier pobox.com>]
e57f991fe2b9a4c080cd50ca913a2a5693b096b5aaronChanges with Apache 2.3.2
924c8dd40352ca7775704a31a7a77ab86dc951b4ianh *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
910df8b3f50a0515b430b999d4750de94c509f2atrawick *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
910df8b3f50a0515b430b999d4750de94c509f2atrawick HTML injections and HTTP response splitting. PR 46837.
910df8b3f50a0515b430b999d4750de94c509f2atrawick [Geoff Keating <geoffk apple.com>]
0d628dd174dd6de13463b10d2599f6cac24e9fe8brianp *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
0d628dd174dd6de13463b10d2599f6cac24e9fe8brianp development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
2fee4fe267fa3577fd71d8c314fe9b527e2b90c0brianp *) ab: Fix maintenance of the pollset to resolve EALREADY errors
2fee4fe267fa3577fd71d8c314fe9b527e2b90c0brianp with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
2fee4fe267fa3577fd71d8c314fe9b527e2b90c0brianp PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
2fee4fe267fa3577fd71d8c314fe9b527e2b90c0brianp pollset implementations. [Jeff Trawick]
7bf77d70b6830636bc36e6b76a228c301be23ff7brianp *) mod_disk_cache: The module now turns off sendfile support if
7bf77d70b6830636bc36e6b76a228c301be23ff7brianp 'EnableSendfile off' is defined globally. [Lars Eilebrecht]
6ef713e25735887d4a59a879b97a68bd575ecb92trawick *) mod_deflate: Adjust content metadata before bailing out on 304
cef5cb47e2ea4c174c01762d4430613db0f41e5cstoddard responses so that the metadata does not differ from 200 response.
cef5cb47e2ea4c174c01762d4430613db0f41e5cstoddard [Roy T. Fielding]
1eb1f02a23de724c105b2c6c9fbd469a611059c6trawick *) mod_deflate: Fix creation of invalid Etag headers. We now make sure
8abd60101b9794e224795ccf68b8ba984efbc94astoddard that the Etag value is properly quoted when adding the gzip marker.
8abd60101b9794e224795ccf68b8ba984efbc94astoddard PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding]
ca47a2b6bcea23e8af185c68f256dcbbfd2a0f9dtrawick *) Added 20x22 icons for ODF, SVG, and XML documents. PR 37185.
6ef713e25735887d4a59a879b97a68bd575ecb92trawick [Peter Harlow]
ca47a2b6bcea23e8af185c68f256dcbbfd2a0f9dtrawick *) Disabled DefaultType directive and removed ap_default_type()
26d590c0e5338f66ca1aad6f925374843fac5121stoddard from core. We now exclude Content-Type from responses for which
26d590c0e5338f66ca1aad6f925374843fac5121stoddard a media type has not been configured via mime.types, AddType,
26d590c0e5338f66ca1aad6f925374843fac5121stoddard ForceType, or some other mechanism. PR 13986. [Roy T. Fielding]
26d590c0e5338f66ca1aad6f925374843fac5121stoddard *) mod_rewrite: Add IPV6 variable to RewriteCond
2b31ac2c6342d2afcf67b7b0f08c928a87f98c74wrowe [Ryan Phillips <ryan-apache trolocsis.com>]
d472f67198d6b15dd1270136f180cca9c9263243trawick *) core: Enhance KeepAliveTimeout to support a value in milliseconds.
d472f67198d6b15dd1270136f180cca9c9263243trawick PR 46275. [Takashi Sato]
d472f67198d6b15dd1270136f180cca9c9263243trawick *) rotatelogs: Allow size units B, K, M, G and combination of
d472f67198d6b15dd1270136f180cca9c9263243trawick time and size based rotation. [Rainer Jung]
a3bb95a3600153c7f09f62749e32093658943c32brianp *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung]
a3bb95a3600153c7f09f62749e32093658943c32brianp *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508
b760518cc17e7124ba546ed63063603f1ab82a40aaron [<tlhackque yahoo.com>]
b760518cc17e7124ba546ed63063603f1ab82a40aaron *) core: Translate the the status line to ASCII on EBCDIC platforms in
b760518cc17e7124ba546ed63063603f1ab82a40aaron ap_send_interim_response() and for locally generated "100 Continue"
b760518cc17e7124ba546ed63063603f1ab82a40aaron responses. [Eric Covener]
b760518cc17e7124ba546ed63063603f1ab82a40aaron *) prefork: Fix child process hang during graceful restart/stop in
b760518cc17e7124ba546ed63063603f1ab82a40aaron configurations with multiple listening sockets. PR 42829. [Joe Orton,
23d8f62856c1531526042e1c5edf44557cadd2e5trawick Jeff Trawick]
23d8f62856c1531526042e1c5edf44557cadd2e5trawick *) mod_session_crypto: Ensure that SessionCryptoDriver can only be
705c8ed3ef608706c91ca12483d7b54ff9007cc9jerenkrantz set in the global scope. [Graham Leggett]
705c8ed3ef608706c91ca12483d7b54ff9007cc9jerenkrantz *) mod_ext_filter: We need to detect failure to startup the filter
ef154948c97c53cdc1ad5329cb83c32ad26cf416aaron program (a mangled response is not acceptable). Fix to detect
ef154948c97c53cdc1ad5329cb83c32ad26cf416aaron failure, and offer configuration option either to abort or
ef154948c97c53cdc1ad5329cb83c32ad26cf416aaron to remove the filter and continue.
c6741d11357aace4c9ba39535d3cb2d751f46114trawick PR 41120 [Nick Kew]
c6741d11357aace4c9ba39535d3cb2d751f46114trawick *) mod_session_crypto: Rewrite the session_crypto module against the
c6741d11357aace4c9ba39535d3cb2d751f46114trawick apr_crypto API. [Graham Leggett]
7230f1eb017a35b7d20e0e9ec0d234766f2a732dtrawick *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest
86a5d34400b7f586ad2cca97c8b33b2f55bac61btrawick until the main request is cleaned up. [Graham Leggett]
86a5d34400b7f586ad2cca97c8b33b2f55bac61btrawickChanges with Apache 2.3.1
86a5d34400b7f586ad2cca97c8b33b2f55bac61btrawick *) ap_slotmem: Add in new slot-based memory access API impl., including
86a5d34400b7f586ad2cca97c8b33b2f55bac61btrawick 2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski,
86a5d34400b7f586ad2cca97c8b33b2f55bac61btrawick Jean-Frederic Clere, Brian Akins <brian.akins turner.com>]
6b477c0a238733ca8fd156629310513d29dc7e02trawick *) mod_include: support generating non-ASCII characters as entities in SSI
6b477c0a238733ca8fd156629310513d29dc7e02trawick PR 25202 [Nick Kew]
2b31ac2c6342d2afcf67b7b0f08c928a87f98c74wrowe *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
2b31ac2c6342d2afcf67b7b0f08c928a87f98c74wrowe PR 25202 [Nick Kew]
557eb8d48357657fa898250560f089c65539c634gregames *) mod_rewrite: fix "B" flag breakage by reverting r5589343
557eb8d48357657fa898250560f089c65539c634gregames PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
25b715e9687f82ea055fdea2a9761c7e5f1ac6eetrawick *) CGI: return 504 (Gateway timeout) rather than 500 when a script
25b715e9687f82ea055fdea2a9761c7e5f1ac6eetrawick times out before returning status line/headers.
25b715e9687f82ea055fdea2a9761c7e5f1ac6eetrawick PR 42190 [Nick Kew]
51ced3b28ef430a96586284d4320f7dbdaf7225ebrianp *) mod_cgid: fix segfault problem on solaris.
51ced3b28ef430a96586284d4320f7dbdaf7225ebrianp PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
a222035458f89e2db231450ba6d5fae8052da5f5aaron *) mod_proxy_scgi: Added. [André Malo]
a222035458f89e2db231450ba6d5fae8052da5f5aaron *) mod_cache: Introduce 'no-cache' per-request environment variable
a222035458f89e2db231450ba6d5fae8052da5f5aaron to prevent the saving of an otherwise cacheable response.
4a872628ca5bf20847f442a625c255b643120db0wrowe [Eric Covener]
4a872628ca5bf20847f442a625c255b643120db0wrowe *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
74528257888620220641cd28366731539a37e1f3ianh way that per-directory rewrites append the previous notion of PATH_INFO
74528257888620220641cd28366731539a37e1f3ianh to each substitution before evaluating subsequent rules.
74528257888620220641cd28366731539a37e1f3ianh PR 38642 [Eric Covener]
0632de713e41fa3aa928a1777677b0d79843ae2bdougm *) mod_cgid: Do not add an empty argument when calling the CGI script.
0cc82c261350ab8dc8a9992cad7197c4d22d597eianh PR 46380 [Ruediger Pluem]
855e263a93fde2e30d10a48a9ffc047039bfc9d9brianp *) scoreboard: Remove unused sb_type from process_score.
855e263a93fde2e30d10a48a9ffc047039bfc9d9brianp [Torsten Foertsch <torsten.foertsch gmx.net>, Chris Darroch]
855e263a93fde2e30d10a48a9ffc047039bfc9d9brianp *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
54b3b7946d22324cea615d7c8a4ff0c9eadd1f8crbb size of the buffer used for the request-body where necessary
54b3b7946d22324cea615d7c8a4ff0c9eadd1f8crbb during a per-dir renegotiation. PR 39243. [Joe Orton]
54b3b7946d22324cea615d7c8a4ff0c9eadd1f8crbb *) mod_proxy_fdpass: New module to pass a client connection over to a separate
54b3b7946d22324cea615d7c8a4ff0c9eadd1f8crbb process that is reading from a unix daemon socket.
e28c02dc08247d3fcb71e81791cac2311a248dfdrbb *) mod_ssl: Improve environment variable extraction to be more
e28c02dc08247d3fcb71e81791cac2311a248dfdrbb efficient and to correctly handle DNs with duplicate tags.
e28c02dc08247d3fcb71e81791cac2311a248dfdrbb PR 45975. [Joe Orton]
e28c02dc08247d3fcb71e81791cac2311a248dfdrbb *) Remove the obsolete serial attribute from the RPM spec file. Compile
e28c02dc08247d3fcb71e81791cac2311a248dfdrbb against the external pcre. Add missing binaries fcgistarter, and
f9f506f0686ad065b4c6fe14dd962cdd478350dbianh mod_socache* and mod_session*. [Graham Leggett]
f9f506f0686ad065b4c6fe14dd962cdd478350dbianhChanges with Apache 2.3.0
9d0665da83d1e22c0ea0e5f6f940f70f75bf5237ianh *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
9d0665da83d1e22c0ea0e5f6f940f70f75bf5237ianh *) Remove X-Pad header which was added as a work around to a bug in
9d0665da83d1e22c0ea0e5f6f940f70f75bf5237ianh Netscape 2.x to 4.0b2. [Takashi Sato <takashi lans-tv.com>]
47c2fb4c1f155ddb6954e46e7f6d125eef78b3bbaaron *) Add DTrace Statically Defined Tracing (SDT) probes.
47c2fb4c1f155ddb6954e46e7f6d125eef78b3bbaaron [Theo Schlossnagle <jesus omniti.com>, Paul Querna]
9ca934cec0a1cc3c425fde5dc51956bce6cd3183brianp *) mod_proxy_balancer: Move all load balancing implementations
9ca934cec0a1cc3c425fde5dc51956bce6cd3183brianp as individual, self-contained mod_proxy submodules under
0cdca1e056a05a09fe16fe736abcf79969c9767ejerenkrantz *) Rename APIs to include ap_ prefix:
0cdca1e056a05a09fe16fe736abcf79969c9767ejerenkrantz find_child_by_pid -> ap_find_child_by_pid
f2afeedf074acc1a698a9527154eacd138e6c5a1trawick suck_in_APR -> ap_suck_in_APR
f2afeedf074acc1a698a9527154eacd138e6c5a1trawick sys_privileges_handlers -> ap_sys_privileges_handlers
f2afeedf074acc1a698a9527154eacd138e6c5a1trawick unixd_accept -> ap_unixd_accept
0a2d57d962bef3a8898723925b3fb02d2e836994dougm unixd_config -> ap_unixd_config
0a2d57d962bef3a8898723925b3fb02d2e836994dougm unixd_killpg -> ap_unixd_killpg
2a20a2f8432a15b530e0a6b0998c32f40aef82a8gregames unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
06461d67f387ea068187e6dfa036875a8205c04cjerenkrantz unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
06461d67f387ea068187e6dfa036875a8205c04cjerenkrantz unixd_set_rlimit -> ap_unixd_set_rlimit
900127764fb985c340ee4979cac97146a330c694trawick [Paul Querna]
1a6a0072a95887164091e366ba0e89c2b39a954abrianp *) core: When the ap_http_header_filter processes an error bucket, cleanup
1a6a0072a95887164091e366ba0e89c2b39a954abrianp the passed brigade before returning AP_FILTER_ERROR down the filter
1a6a0072a95887164091e366ba0e89c2b39a954abrianp chain. This unambiguously ensures the same error bucket isn't revisited
6f4c27ba6e152792f3729069e8d8313ebc87cc60jwoolley [Ruediger Pluem]
6f4c27ba6e152792f3729069e8d8313ebc87cc60jwoolley *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
23ce412bd50a47accab4dd26019b78810bbf46ebtrawick based on heartbeats. [Paul Querna]
23ce412bd50a47accab4dd26019b78810bbf46ebtrawick *) mod_heartmonitor: New module to collect heartbeats, and write out a file
6865813dee5d3c1ebf12dd810368171792a0190atrawick so that other modules can load balance traffic as needed. [Paul Querna]
6865813dee5d3c1ebf12dd810368171792a0190atrawick *) mod_heartbeat: New module to generate multicast heartbeats to know if a
97719ad970d779ac48af9364ab0ea9fdcc27470ajwoolley server is online. [Paul Querna]
97719ad970d779ac48af9364ab0ea9fdcc27470ajwoolley *) core: Error responses set by filters were being coerced into 500 errors,
5ad238c42b1e159ee8f164515e0c4ee6c727c2fdtrawick sometimes appended to the original error response. Log entry of:
5ad238c42b1e159ee8f164515e0c4ee6c727c2fdtrawick 'Handler for (null) returned invalid result code -3'
5ad238c42b1e159ee8f164515e0c4ee6c727c2fdtrawick [Eric Covener]
ba00c3b7c20f00ce631b89ae3b1cd3bae8d1b165rbb *) mod_buffer: Honour the flush bucket and flush the buffer in the
ba00c3b7c20f00ce631b89ae3b1cd3bae8d1b165rbb input filter. Make sure that metadata buckets are written to
ba00c3b7c20f00ce631b89ae3b1cd3bae8d1b165rbb the buffer, not to the final brigade. [Graham Leggett]
ba00c3b7c20f00ce631b89ae3b1cd3bae8d1b165rbb *) mod_buffer: Optimise the buffering of heap buckets when the heap
6e954603b02f2b7d4ad80af17d9b3cc6f0bacf69rbb buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
6e954603b02f2b7d4ad80af17d9b3cc6f0bacf69rbb Ruediger Pluem]
6e954603b02f2b7d4ad80af17d9b3cc6f0bacf69rbb *) mod_buffer: Optional support for buffering of the input and output
6e954603b02f2b7d4ad80af17d9b3cc6f0bacf69rbb filter stacks. Can collapse many small buckets into fewer larger
6e954603b02f2b7d4ad80af17d9b3cc6f0bacf69rbb buckets, and prevents excessively small chunks being sent over
6e954603b02f2b7d4ad80af17d9b3cc6f0bacf69rbb the wire. [Graham Leggett]
fa449f5bc87c5d87c4c60e778c9c882e7254de7ejwoolley *) mod_privileges: new module to make httpd on Solaris privileges-aware
fa449f5bc87c5d87c4c60e778c9c882e7254de7ejwoolley and to enable different virtualhosts to run with different
fa449f5bc87c5d87c4c60e778c9c882e7254de7ejwoolley privileges and Unix user/group IDs [Nick Kew]
fa449f5bc87c5d87c4c60e778c9c882e7254de7ejwoolley *) mod_mem_cache: this module has been removed. [William Rowe]
227d23a7db41dd89f52391c9356dbb1adcd675e0jwoolley *) authn/z: Remove mod_authn_default and mod_authz_default.
227d23a7db41dd89f52391c9356dbb1adcd675e0jwoolley [Chris Darroch]
227d23a7db41dd89f52391c9356dbb1adcd675e0jwoolley *) authz: Fix handling of authz configurations, make default authz
227d23a7db41dd89f52391c9356dbb1adcd675e0jwoolley logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
227d23a7db41dd89f52391c9356dbb1adcd675e0jwoolley and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
1c0b7c3bdace07946457fa7ba04b7f97b6599792rbb directives. [Chris Darroch]
17bc0e8f2e3816e25bc8fd3fadf39357340aebd0jerenkrantz *) mod_authn_core: Prevent crash when provider alias created to
17bc0e8f2e3816e25bc8fd3fadf39357340aebd0jerenkrantz provider which is not yet registered. [Chris Darroch]
17bc0e8f2e3816e25bc8fd3fadf39357340aebd0jerenkrantz *) mod_authn_core: Add AuthType of None to support disabling
e6cc28a5eb3371ba0c38e941855e71ff0054f50erbb authentication. [Chris Darroch]
e6cc28a5eb3371ba0c38e941855e71ff0054f50erbb *) core: Allow <Limit> and <LimitExcept> directives to nest, and
e6cc28a5eb3371ba0c38e941855e71ff0054f50erbb constrain their use to conform with that of other access control
e6cc28a5eb3371ba0c38e941855e71ff0054f50erbb and authorization directives. [Chris Darroch]
e6cc28a5eb3371ba0c38e941855e71ff0054f50erbb *) unixd: turn existing code into a module, and turn the set user/group
e6cc28a5eb3371ba0c38e941855e71ff0054f50erbb and chroot into a child_init function. [Nick Kew]
cf233fb4b439415a2bf7bab7e622afd994e0bebftrawick *) core: Add ap_timeout_parameter_parse to public API. [Ruediger Pluem]
cf233fb4b439415a2bf7bab7e622afd994e0bebftrawick *) mod_dir: Support "DirectoryIndex disabled"
ae64f3e7385f21ca9d4f30cc7f8702a9ac1034b6trawick Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
2a20a2f8432a15b530e0a6b0998c32f40aef82a8gregames *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
2a20a2f8432a15b530e0a6b0998c32f40aef82a8gregames OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
2a20a2f8432a15b530e0a6b0998c32f40aef82a8gregames *) Export and install the mod_rewrite.h header to ensure the optional
2a20a2f8432a15b530e0a6b0998c32f40aef82a8gregames rewrite_mapfunc_t and ap_register_rewrite_mapfunc functions are
2a20a2f8432a15b530e0a6b0998c32f40aef82a8gregames available to third party modules. [Graham Leggett]
2a20a2f8432a15b530e0a6b0998c32f40aef82a8gregames *) mod_authnz_ldap: don't return NULL-valued environment variables to
2a20a2f8432a15b530e0a6b0998c32f40aef82a8gregames other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
8d49090fd56a8ce06c7f7135f19e5ff8e24b5ff3gregames *) Don't adjust case in pathname components that are not of interest
f99bffd6087564cf9c05cc29d1c6b38d94e0ed30gregames to mod_mime. Fixes mod_negotiation's use of such components.
270609308f247c5e934b400b5f1691c2cca16c61jerenkrantz PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
270609308f247c5e934b400b5f1691c2cca16c61jerenkrantz *) Be tolerant in what you accept - accept slightly broken
8458877c9ba0af86acd590eea531476adde3d02dmartin status lines from a backend provide they include a valid status code.
8458877c9ba0af86acd590eea531476adde3d02dmartin *) New module mod_sed: filter Request/Response bodies through sed
644be6f54749d2d9950d2c4d2ac448f7af016d26martin *) mod_auth_form: Make sure that basic authentication is correctly
644be6f54749d2d9950d2c4d2ac448f7af016d26martin faked directly after login. [Graham Leggett]
8458877c9ba0af86acd590eea531476adde3d02dmartin *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
b30b04f639d479b96cc08c43ffa34c92ba275676ianh within the output headers and error output headers, so that the
b30b04f639d479b96cc08c43ffa34c92ba275676ianh session is maintained across redirects. [Graham Leggett]
c4fbc4018fd2b6716673a38ee27eeb36cba41c5djwoolley *) mod_auth_form: Make sure the logged in user is populated correctly
c4fbc4018fd2b6716673a38ee27eeb36cba41c5djwoolley after a form login. Fixes a missing REMOTE_USER variable directly
c4fbc4018fd2b6716673a38ee27eeb36cba41c5djwoolley following a login. [Graham Leggett]
f4e4643c309e5b5da60e13f9a25984d54b307caawrowe *) mod_session_cookie: Make sure that cookie attributes are correctly
f4e4643c309e5b5da60e13f9a25984d54b307caawrowe included in the blank cookie when cookies are removed. This fixes an
f4e4643c309e5b5da60e13f9a25984d54b307caawrowe inability to log out when using mod_auth_form. [Graham Leggett]
2548497d480c4f3e9b3fe14711bd510aa2157434gregames *) mod_autoindex: add configuration option to insert string
2548497d480c4f3e9b3fe14711bd510aa2157434gregames in HTML HEAD. [Nick Kew]
0e58e92812f2f679d6bf2ff66cbcfa6c1d1e14bbjerenkrantz *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
da6e93dca0222159650783802e23172e3160605egregames null value. [David Shane Holden <dpejesh apache.org>]
da6e93dca0222159650783802e23172e3160605egregames *) mod_headers: Prevent Header edit from processing only the first header
c927e13f298c42251296d33cc1fa3eb8232b843daaron of possibly multiple headers with the same name and deleting the
c927e13f298c42251296d33cc1fa3eb8232b843daaron remaining ones. PR 45333. [Ruediger Pluem]
c927e13f298c42251296d33cc1fa3eb8232b843daaron *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
c927e13f298c42251296d33cc1fa3eb8232b843daaron [Tom Donovan]
9126ed10455a2a98a3a51c68ed1b356e1873e8e6aaron *) core, authn/z: Determine registered authn/z providers directly in
9126ed10455a2a98a3a51c68ed1b356e1873e8e6aaron ap_setup_auth_internal(), which allows optional functions that just
9126ed10455a2a98a3a51c68ed1b356e1873e8e6aaron wrapped ap_list_provider_names() to be removed from authn/z modules.
fa3ca21e09bac0dbc2045e9f53963ba46cfed5b1trawick [Chris Darroch]
fa3ca21e09bac0dbc2045e9f53963ba46cfed5b1trawick *) authn/z: Convert common provider version strings to macros.
fa3ca21e09bac0dbc2045e9f53963ba46cfed5b1trawick [Chris Darroch]
18acb2c0df442ead1d075a1a2207cbb197725b14coar *) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
18acb2c0df442ead1d075a1a2207cbb197725b14coar *) configure: Don't reject libtool 2.x
617f972690d850a52cd4e9ef2f32d356e0fae715aaron PR 44817 [Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA gmail.com>]
617f972690d850a52cd4e9ef2f32d356e0fae715aaron *) core: When testing for slash-terminated configuration paths in
617f972690d850a52cd4e9ef2f32d356e0fae715aaron ap_location_walk(), don't look past the start of an empty string
617f972690d850a52cd4e9ef2f32d356e0fae715aaron such as that created by a <Location ""> directive.
9278d5393ef084f4fc6d7ec8641af5959442c157jwoolley [Chris Darroch]
9278d5393ef084f4fc6d7ec8641af5959442c157jwoolley *) core, mod_proxy: If a kept_body is present, it becomes safe for
022cff78006f698453640e0a0e97cc5f8c9de59drbb subrequests to support message bodies. Make sure that safety
022cff78006f698453640e0a0e97cc5f8c9de59drbb checks within the core and within the proxy are not triggered
022cff78006f698453640e0a0e97cc5f8c9de59drbb when kept_body is present. This makes it possible to embed
022cff78006f698453640e0a0e97cc5f8c9de59drbb proxied POST requests within mod_include. [Graham Leggett]
526a776292f420ffeea0d081c61971ed381fad20stoddard *) mod_auth_form: Make sure the input filter stack is properly set
526a776292f420ffeea0d081c61971ed381fad20stoddard up before reading the login form. Make sure the kept body filter
526a776292f420ffeea0d081c61971ed381fad20stoddard is correctly inserted to ensure the body can be read a second
526a776292f420ffeea0d081c61971ed381fad20stoddard time safely should the authn be successful. [Graham Leggett,
526a776292f420ffeea0d081c61971ed381fad20stoddard Ruediger Pluem]
526a776292f420ffeea0d081c61971ed381fad20stoddard *) mod_request: Insert the KEPT_BODY filter via the insert_filter
526a776292f420ffeea0d081c61971ed381fad20stoddard hook instead of during fixups. Add a safety check to ensure the
526a776292f420ffeea0d081c61971ed381fad20stoddard filters cannot be inserted more than once. [Graham Leggett,
526a776292f420ffeea0d081c61971ed381fad20stoddard Ruediger Pluem]
62ddc9851530478919d169ba9c34b80f60cf7718trawick *) core: Do not allow Options ALL if not all options are allowed to be
62ddc9851530478919d169ba9c34b80f60cf7718trawick overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
62ddc9851530478919d169ba9c34b80f60cf7718trawick *) ap_cache_cacheable_headers_out() will (now) always
62ddc9851530478919d169ba9c34b80f60cf7718trawick merge an error headers _before_ clearing them and _before_
904d7bf799c6216beb34519463596b4fce630308wrowe merging in the actual entity headers and doing normal
904d7bf799c6216beb34519463596b4fce630308wrowe hop-by-hop cleansing. [Dirk-Willem van Gulik].
904d7bf799c6216beb34519463596b4fce630308wrowe *) cache: retire ap_cache_cacheable_hdrs_out() which was used
904d7bf799c6216beb34519463596b4fce630308wrowe for both in- and out-put headers; and replace it by a single
904d7bf799c6216beb34519463596b4fce630308wrowe ap_cache_cacheable_headers() wrapped in a in- and out-put
904d7bf799c6216beb34519463596b4fce630308wrowe specific ap_cache_cacheable_headers_in()/out(). The latter
904d7bf799c6216beb34519463596b4fce630308wrowe which will also merge error and ensure content-type. To keep
904d7bf799c6216beb34519463596b4fce630308wrowe cache modules consistent with ease. This API change bumps
17a4c6968b2fa692ff4dde12fe305230ee6b0421aaron up the minor MM by one [Dirk-Willem van Gulik].
17a4c6968b2fa692ff4dde12fe305230ee6b0421aaron *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
17a4c6968b2fa692ff4dde12fe305230ee6b0421aaron PR 44799 [Christian Wenz <christian wenz.org>]
83b031099aa3dc8a5fd2f708e397818cbd16c9aajerenkrantz *) Move the KeptBodySize directive, kept_body filters and the
83b031099aa3dc8a5fd2f708e397818cbd16c9aajerenkrantz ap_parse_request_body function out of the http module and into a
01e77cadbd9ad4962993380245bcc033dde523e4rbb new module called mod_request, reducing the size of the core.
01e77cadbd9ad4962993380245bcc033dde523e4rbb [Graham Leggett]
8ea9794272347cfdd92861f46295406649f01afatrawick *) mod_dbd: Handle integer configuration directive parameters with a
8ea9794272347cfdd92861f46295406649f01afatrawick dedicated function.
8ea9794272347cfdd92861f46295406649f01afatrawick *) Change the directives within the mod_session* modules to be valid
b900452c9c36031434d318880f023c0fb9143325rbb both inside and outside the location/directory sections, as
b900452c9c36031434d318880f023c0fb9143325rbb suggested by wrowe. [Graham Leggett]
b900452c9c36031434d318880f023c0fb9143325rbb *) mod_auth_form: Add a module capable of allowing end users to log
b900452c9c36031434d318880f023c0fb9143325rbb in using an HTML form, storing the credentials within mod_session.
b900452c9c36031434d318880f023c0fb9143325rbb [Graham Leggett]
b900452c9c36031434d318880f023c0fb9143325rbb *) Add a function to the http filters that is able to parse an HTML
b900452c9c36031434d318880f023c0fb9143325rbb form request with the type of application/x-www-form-urlencoded.
43053faf24ffe7657bb32bc06d4058dedf3ef053rbb [Graham Leggett]
c453a141db60a5b19649eac508f4851a8729c556rbb *) mod_session_crypto: Initialise SSL in the post config hook.
c453a141db60a5b19649eac508f4851a8729c556rbb [Ruediger Pluem, Graham Leggett]
8b91dcac0e1ef7796c72d16b0962267313cac486jerenkrantz *) mod_session_dbd: Add a session implementation capable of storing
8b91dcac0e1ef7796c72d16b0962267313cac486jerenkrantz session information in a SQL database via the dbd interface. Useful
8b91dcac0e1ef7796c72d16b0962267313cac486jerenkrantz for sites where session privacy is important. [Graham Leggett]
6ce942b017db75b559a42bdc2d7b8ea9e869a956wrowe *) mod_session_crypto: Add a session encoding implementation capable
6ce942b017db75b559a42bdc2d7b8ea9e869a956wrowe of encrypting and decrypting sessions wherever they may be stored.
6ce942b017db75b559a42bdc2d7b8ea9e869a956wrowe Introduces a level of privacy when sessions are stored on the
6ce942b017db75b559a42bdc2d7b8ea9e869a956wrowe browser. [Graham Leggett]
6ce942b017db75b559a42bdc2d7b8ea9e869a956wrowe *) mod_session_cookie: Add a session implementation capable of storing
6ce942b017db75b559a42bdc2d7b8ea9e869a956wrowe session information within cookies on the browser. Useful for high
7dfed2b71c9c4223996cbd7c5c0c85c7c8fef2a4rbb volume sites where server bound sessions are too resource intensive.
7dfed2b71c9c4223996cbd7c5c0c85c7c8fef2a4rbb [Graham Leggett]
7dfed2b71c9c4223996cbd7c5c0c85c7c8fef2a4rbb *) mod_session: Add a generic session interface to unify the different
574f6ff9ee80ef4f772649c5c8319b764a8abe42jerenkrantz attempts at saving persistent sessions across requests.
574f6ff9ee80ef4f772649c5c8319b764a8abe42jerenkrantz [Graham Leggett]
6d7d70dbda8e461d87f2d41e323755496ae3ebc7trawick *) core, authn/z: Avoid calling access control hooks for internal requests
6d7d70dbda8e461d87f2d41e323755496ae3ebc7trawick with configurations which match those of initial request. Revert to
6d7d70dbda8e461d87f2d41e323755496ae3ebc7trawick original behaviour (call access control hooks for internal requests
22a25f3393393b781e214f4abef17950bcb8bbe3jerenkrantz with URIs different from initial request) if any access control hooks or
22a25f3393393b781e214f4abef17950bcb8bbe3jerenkrantz providers are not registered as permitting this optimization.
22a25f3393393b781e214f4abef17950bcb8bbe3jerenkrantz Introduce wrappers for access control hook and provider registration
a310497ca9c5112d759871e1b7d9f6a40fb78bcfwrowe which can accept additional mode and flag data. [Chris Darroch]
a310497ca9c5112d759871e1b7d9f6a40fb78bcfwrowe *) Introduced ap_expr API for expression evaluation.
a310497ca9c5112d759871e1b7d9f6a40fb78bcfwrowe This is adapted from mod_include, which is the first module
a310497ca9c5112d759871e1b7d9f6a40fb78bcfwrowe to use the new API.
8bda0627eb2aca9e678c1303a0423d33069388dfwrowe *) mod_authz_dbd: When redirecting after successful login/logout per
de63b1eeff87cd19cf42bb83cca85381026965ddjerenkrantz AuthzDBDRedirectQuery, do not report authorization failure, and use
f00bc25ff5027f3a40e9cd0ade782641bd0bf1d0wrowe first row returned by database query instead of last row.
e36ef0d081aa59867688bcbb3da65952ec16fae3rbb [Chris Darroch]
e36ef0d081aa59867688bcbb3da65952ec16fae3rbb *) mod_ldap: Correctly return all requested attribute values
e36ef0d081aa59867688bcbb3da65952ec16fae3rbb when some attributes have a null value.
e36ef0d081aa59867688bcbb3da65952ec16fae3rbb PR 44560 [Anders Kaseorg <anders kaseorg.com>]
e36ef0d081aa59867688bcbb3da65952ec16fae3rbb *) core: check symlink ownership if both FollowSymlinks and
e36ef0d081aa59867688bcbb3da65952ec16fae3rbb SymlinksIfOwnerMatch are set [Nick Kew]
e36ef0d081aa59867688bcbb3da65952ec16fae3rbb *) core: fix origin checking in SymlinksIfOwnerMatch
e36ef0d081aa59867688bcbb3da65952ec16fae3rbb PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
52df98b165194a0ad68885f49f81fdaf56ece568wrowe *) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the
52df98b165194a0ad68885f49f81fdaf56ece568wrowe 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
2c294c31addd5c957bafe6e78c4a30d423ad6e80rbb mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
2c294c31addd5c957bafe6e78c4a30d423ad6e80rbb *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these
2c294c31addd5c957bafe6e78c4a30d423ad6e80rbb contain public function declarations which are useful for
7e44dd5082cd865068285e8f915bb5f045e0bb80lars third party module authors. PR 42431 [Dirk-Willem van Gulik].
7e44dd5082cd865068285e8f915bb5f045e0bb80lars *) mod_dir, mod_negotiation: pass the output filter information
7e44dd5082cd865068285e8f915bb5f045e0bb80lars to newly created sub requests; as these are later on used
44a4ee1140769173da7bc2b42d1a686e3260ad84wrowe as true requests with an internal redirect. This allows for
44a4ee1140769173da7bc2b42d1a686e3260ad84wrowe mod_cache et.al. to trap the results of the redirect.
44a4ee1140769173da7bc2b42d1a686e3260ad84wrowe [Dirk-Willem van Gulik, Ruediger Pluem]
44a4ee1140769173da7bc2b42d1a686e3260ad84wrowe *) mod_ldap: Add support (taking advantage of the new APR capability)
e379fc6d7f79163700290d92ce75deb4f3005301jerenkrantz for ldap rebind callback while chasing referrals. This allows direct
e379fc6d7f79163700290d92ce75deb4f3005301jerenkrantz searches on LDAP servers (in particular MS Active Directory 2003+)
e379fc6d7f79163700290d92ce75deb4f3005301jerenkrantz using referrals without the use of the global catalog.
978faa9e29e0f0c42e66c07240e562325a4717b0jerenkrantz PRs 26538, 40268, and 42557 [Paul J. Reder]
978faa9e29e0f0c42e66c07240e562325a4717b0jerenkrantz *) mod_ssl: Added server name indication support (SNI, RFC 4366).
978faa9e29e0f0c42e66c07240e562325a4717b0jerenkrantz PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
976501adbc040220270f7d1d77c4b8373033be69wrowe can be created with test/make_sni.sh [Dirk-Willem van Gulik].
976501adbc040220270f7d1d77c4b8373033be69wrowe *) ApacheMonitor.exe: Introduce --kill argument for use by the
976501adbc040220270f7d1d77c4b8373033be69wrowe installer. This will permit the installation tool to remove
976501adbc040220270f7d1d77c4b8373033be69wrowe all running instances before attempting to remove the .exe.
976501adbc040220270f7d1d77c4b8373033be69wrowe [William Rowe]
10a00688adcf1df367b1243810beedaabe6b1abeminfrin *) mod_ssl: Add support for OCSP validation of client certificates.
10a00688adcf1df367b1243810beedaabe6b1abeminfrin PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton]
8a3a703eae0e35f674b189181609545c6fc77a09rbb *) mod_serf: New module for Reverse Proxying. [Paul Querna]
8a3a703eae0e35f674b189181609545c6fc77a09rbb *) core: Add the option to keep aside a request body up to a certain
9af1ccb223d0669b3c3a43eed070d815afde9084mjc size that would otherwise be discarded, to be consumed by filters
9af1ccb223d0669b3c3a43eed070d815afde9084mjc such as mod_include. When enabled for a directory, POST requests
9af1ccb223d0669b3c3a43eed070d815afde9084mjc to shtml files can be passed through to embedded scripts as POST
9d41fafe32b324c197f25224207fc6ce34f085bfrbb requests, rather being downgraded to GET requests. [Graham Leggett]
9d41fafe32b324c197f25224207fc6ce34f085bfrbb *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
9d41fafe32b324c197f25224207fc6ce34f085bfrbb *) scoreboard: Correctly declare ap_time_process_request.
889d9c84f8b1ad850f977a6d8e548696994f8f86jerenkrantz *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
8c83461e53ca7d204e1d634f0c78199d60320d7bjerenkrantz from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
8c83461e53ca7d204e1d634f0c78199d60320d7bjerenkrantz provide the unusual legacy lookup. [William Rowe]
8e5842bc05146bb5c171e53b00b24063d17c666cjerenkrantz *) mpm winnt: fix null pointer dereference
8e5842bc05146bb5c171e53b00b24063d17c666cjerenkrantz PR 42572 [Davi Arnaut]
cdb15137887e284797e9510029098dc725b4dacfjerenkrantz *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
cdb15137887e284797e9510029098dc725b4dacfjerenkrantz parameters to the environment. Improve portability to
798c7c11dc2fe3b08e591e9c76fc1a84857f2cd4jerenkrantz EBCDIC machines by using apr_toupper(). [Martin Kraemer]
798c7c11dc2fe3b08e591e9c76fc1a84857f2cd4jerenkrantz *) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
798c7c11dc2fe3b08e591e9c76fc1a84857f2cd4jerenkrantz to authorize an authenticated user via a "require ldap-group X" directive
abaaa634d7cee882b7c4bf078ded749ebf11997erbb where the user is not in group X, but is in a subgroup contained in X.
abaaa634d7cee882b7c4bf078ded749ebf11997erbb PR 42891 [Paul J. Reder]
abaaa634d7cee882b7c4bf078ded749ebf11997erbb *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
0aa8e8fd5a242948518655f2296b3c76386754e5jerenkrantz *) mod_ldap: Fix the search limit parameter to ldap_search_ext_s()
0aa8e8fd5a242948518655f2296b3c76386754e5jerenkrantz for SDKs that define LDAP_NO_LIMIT to something other than -1.
de3abad1fe263e577bb11e99b358836bd901397crbb [David Jones <oscaremma gmail.com>]
de3abad1fe263e577bb11e99b358836bd901397crbb *) apxs: Enhance -q flag to print all known variables and their values
de3abad1fe263e577bb11e99b358836bd901397crbb when invoked without variable name(s).
de3abad1fe263e577bb11e99b358836bd901397crbb [William Rowe, Sander Temme]
de3abad1fe263e577bb11e99b358836bd901397crbb *) apxs: Eliminate run-time check for mod_so. PR 40653.
de3abad1fe263e577bb11e99b358836bd901397crbb [David M. Lee <dmlee crossroads.com>]
0a549489abdb309ef25483431e1e5610ed4ba7a8gstein *) beos MPM: Create pmain pool and run modules' child_init hooks when
0a549489abdb309ef25483431e1e5610ed4ba7a8gstein entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
0a549489abdb309ef25483431e1e5610ed4ba7a8gstein [Chris Darroch]
0a549489abdb309ef25483431e1e5610ed4ba7a8gstein *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
0a549489abdb309ef25483431e1e5610ed4ba7a8gstein cleanups registered in modules' child_init hooks are performed.
14c6f2e13d97a4fafac1fbc247a274a298d5b418wrowe [Chris Darroch]
14c6f2e13d97a4fafac1fbc247a274a298d5b418wrowe *) mod_dbd: Stash DBD connections in request_config of initial request
14c6f2e13d97a4fafac1fbc247a274a298d5b418wrowe only, or else sub-requests and internal redirections may cause
f00d1e76bae896c2f6a520eec69b1d0d802d4108jerenkrantz entire DBD pool to be stashed in a single HTTP request. [Chris Darroch]
f00d1e76bae896c2f6a520eec69b1d0d802d4108jerenkrantz *) Fix issue which could cause error messages to be written to access logs
58097d7d8d1a394092374b9f6ddf76b7993724a4rbb *) The LockFile directive, which specifies the location of
58097d7d8d1a394092374b9f6ddf76b7993724a4rbb the accept() mutex lockfile, is deprecated. Instead, the
2f6cebd6b8bf0b044f6579d23117a4a3c364a554wrowe AcceptMutex directive now takes an optional lockfile
2f6cebd6b8bf0b044f6579d23117a4a3c364a554wrowe location parameter, ala SSLMutex. [Jim Jagielski]
2f6cebd6b8bf0b044f6579d23117a4a3c364a554wrowe *) mod_authn_dbd: Export any additional columns queried in the SQL select
2f6cebd6b8bf0b044f6579d23117a4a3c364a554wrowe into the environment with the name AUTHENTICATE_<COLUMN>. This brings
070d2f9fd52a3f0e45ca7ae1235c5a5755b80d24rbb mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
070d2f9fd52a3f0e45ca7ae1235c5a5755b80d24rbb *) mod_dbd: Key the storage of prepared statements on the hex string
070d2f9fd52a3f0e45ca7ae1235c5a5755b80d24rbb value of server_rec, rather than the server name, as the server name
070d2f9fd52a3f0e45ca7ae1235c5a5755b80d24rbb may change (eg when the server name is set) at any time, causing
7c19ce86bbd72bba1d018522250f5f315ffbc0afjerenkrantz weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
7c19ce86bbd72bba1d018522250f5f315ffbc0afjerenkrantz *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
2264fbcbab4c796c4222c30393c0b218c98b6befrbb *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
2264fbcbab4c796c4222c30393c0b218c98b6befrbb the first bucket from the brigade, finds it not to be a FILE
2264fbcbab4c796c4222c30393c0b218c98b6befrbb bucket and barfs. The fix is to pass a bucket rather than a brigade.
e099672a13ea4ff4a11f130406f1baecba5949bajerenkrantz [Niklas Edmundsson <nikke acc.umu.se>]
e099672a13ea4ff4a11f130406f1baecba5949bajerenkrantz *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
9b29e0cfeb2c89a047806cc4a2a764afed6bb170wrowe *) ap_get_server_version() has been removed. Third-party modules must
9b29e0cfeb2c89a047806cc4a2a764afed6bb170wrowe now use ap_get_server_banner() or ap_get_server_description().
9b29e0cfeb2c89a047806cc4a2a764afed6bb170wrowe [Jeff Trawick]
441bd066858500e75e4f63ef149120bcf523de58jerenkrantz *) All MPMs: Introduce a check_config phase between pre_config and
441bd066858500e75e4f63ef149120bcf523de58jerenkrantz open_logs, to allow modules to review interdependent configuration
d6a93816bfaa5b3de5f2e6cb0d172cbe20dd056ejerenkrantz directive values and adjust them while messages can still be logged
d6a93816bfaa5b3de5f2e6cb0d172cbe20dd056ejerenkrantz to the console. Handle relevant MPM directives during this phase
d6a93816bfaa5b3de5f2e6cb0d172cbe20dd056ejerenkrantz and format messages for both the console and the error log, as
c839614b4216fe34f6346668ad646aca2c0f23c6wrowe appropriate. [Chris Darroch]
c839614b4216fe34f6346668ad646aca2c0f23c6wrowe *) mod_proxy: don't URLencode tilde in path component
c839614b4216fe34f6346668ad646aca2c0f23c6wrowe [Stijn Hoop <stijn sandcat.nl>]
c839614b4216fe34f6346668ad646aca2c0f23c6wrowe *) mpm_winnt: Fix return values from wait_for_many_objects.
117e2968318323d2ad2187fcd4de379d2eca245cwrowe The return value is index to the signaled thread in the
117e2968318323d2ad2187fcd4de379d2eca245cwrowe creted_threads array. We can not use WAIT_TIMEOUT because
117e2968318323d2ad2187fcd4de379d2eca245cwrowe his value is defined as 258, thus limiting the MaxThreads
117e2968318323d2ad2187fcd4de379d2eca245cwrowe to that value. [Mladen Turk]
117e2968318323d2ad2187fcd4de379d2eca245cwrowe *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
117e2968318323d2ad2187fcd4de379d2eca245cwrowe to circumvent the symbolic link checks imposed by FollowSymLinks and
117e2968318323d2ad2187fcd4de379d2eca245cwrowe SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
117e2968318323d2ad2187fcd4de379d2eca245cwrowe *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
117e2968318323d2ad2187fcd4de379d2eca245cwrowe configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
117e2968318323d2ad2187fcd4de379d2eca245cwrowe The default is none as this is far greater debugging resolution than
e9fa5a00f39f6aabbc5dcd776c5bc6bd0638f955wrowe the typical administrator is prepared to untangle. [William Rowe]
e9fa5a00f39f6aabbc5dcd776c5bc6bd0638f955wrowe *) mod_disk_cache: If possible, check if the size of an object to cache is
e9fa5a00f39f6aabbc5dcd776c5bc6bd0638f955wrowe within the configured boundaries before actually saving data.
e9fa5a00f39f6aabbc5dcd776c5bc6bd0638f955wrowe [Niklas Edmundsson <nikke acc.umu.se>]
e9fa5a00f39f6aabbc5dcd776c5bc6bd0638f955wrowe *) mod_disk_cache: Delete temporary files if they cannot be renamed to their
de419544885a5c64589dddf1b8517672ee17c1feminfrin final name. [Davi Arnaut <davi haxent.com.br>]
de419544885a5c64589dddf1b8517672ee17c1feminfrin *) Worker and event MPMs: Remove improper scoreboard updates which were
df14f0d3a5191cdd7c4bb5b03acd135d43a6f51brbb performed in the event of a fork() failure. [Chris Darroch]
9c4321d9cc4eecbb0c5d568aea53d5e6812c7b96martin *) Add support for fcgi:// proxies to mod_rewrite.
9c4321d9cc4eecbb0c5d568aea53d5e6812c7b96martin [Markus Schiegl <ms schiegl.com>]
9c4321d9cc4eecbb0c5d568aea53d5e6812c7b96martin *) Remove incorrect comments from scoreboard.h regarding conditional
9c4321d9cc4eecbb0c5d568aea53d5e6812c7b96martin loading of worker_score structure with mod_status, and remove unused
956c6100798467199833e7159a00506ee879d772minfrin definitions relating to old life_status field.
956c6100798467199833e7159a00506ee879d772minfrin [Chris Darroch <chrisd pearsoncmg.com>]
956c6100798467199833e7159a00506ee879d772minfrin *) Remove allocation of memory for unused array of lb_score pointers
956c6100798467199833e7159a00506ee879d772minfrin in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
47697533fd7ced2259f9150677ea5efa583b6c13rbb *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
47697533fd7ced2259f9150677ea5efa583b6c13rbb [Garrett Rooney, Jim Jagielski, Paul Querna]
47697533fd7ced2259f9150677ea5efa583b6c13rbb *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
7ba1a2c8babfd7c7c46bb03567a868d51e1023dbwrowe [Chris Darroch <chrisd pearsoncmg.com>]
7ba1a2c8babfd7c7c46bb03567a868d51e1023dbwrowe *) mod_charset_lite: Remove Content-Length when output filter can
7ba1a2c8babfd7c7c46bb03567a868d51e1023dbwrowe invalidate it. Warn when input filter can invalidate it.
7ba1a2c8babfd7c7c46bb03567a868d51e1023dbwrowe [Jeff Trawick]
7ba1a2c8babfd7c7c46bb03567a868d51e1023dbwrowe *) Authz: Add the new module mod_authn_core that will provide common
7ba1a2c8babfd7c7c46bb03567a868d51e1023dbwrowe authn directives such as 'AuthType', 'AuthName'. Move the directives
7ba1a2c8babfd7c7c46bb03567a868d51e1023dbwrowe 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
7ba1a2c8babfd7c7c46bb03567a868d51e1023dbwrowe into mod_authn_core. [Brad Nicholes]
b2c2c8a4bc977c0a6bb937af995efc56dc3879a3wrowe *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
b2c2c8a4bc977c0a6bb937af995efc56dc3879a3wrowe into the new module mod_access_compat which can be loaded to provide
b2c2c8a4bc977c0a6bb937af995efc56dc3879a3wrowe support for these directives.
b2c2c8a4bc977c0a6bb937af995efc56dc3879a3wrowe [Brad Nicholes]
67869a9db2967cb50405e51b1d6d1ebab1219e03trawick *) Authz: Move the 'Require' directive from the core module as well as
67869a9db2967cb50405e51b1d6d1ebab1219e03trawick add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
4d003677925ceb0abefb9c95355b4c9e9e502899rederpj and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
4d003677925ceb0abefb9c95355b4c9e9e502899rederpj logic into the authorization processing. [Brad Nicholes]
67869a9db2967cb50405e51b1d6d1ebab1219e03trawick *) Authz: Add the new module mod_authz_core which acts as the
4d003677925ceb0abefb9c95355b4c9e9e502899rederpj authorization provider vector and contains common authz
e00ae6859667e293a4c40108f524408ae1289f2frbb directives. [Brad Nicholes]
0db1b9810f06c0e3c537e0e0dfbc30160c308526trawick *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
0db1b9810f06c0e3c537e0e0dfbc30160c308526trawick 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
13bac43a0f21d8c6401debc1baa76be984474074rbb *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
13bac43a0f21d8c6401debc1baa76be984474074rbb host-based access control provided by mod_authz_host and invoked
053497224246c4dbef9af594cacf5c00ed271e6cwrowe through the 'Require' directive. [Brad Nicholes]
053497224246c4dbef9af594cacf5c00ed271e6cwrowe *) Authz: Convert all of the authz modules from hook based to
053497224246c4dbef9af594cacf5c00ed271e6cwrowe provider based. [Brad Nicholes]
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe *) mod_cache: Add CacheMinExpire directive to set the minimum time in
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe seconds to cache a document.
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe [Brian Akins <brian.akins turner.com>, Ruediger Pluem]
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
ac06e54654494445fd3d39e90bd23b436b4f84ccwrowe *) Fix typo in ProxyStatus syntax error message.
314b1f3fac7a0b556146ef055f37df00020604d0jwoolley [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
78e8198247420a3efeb21e38b42c423e5863cbb0jwoolley *) Asynchronous write completion for the Event MPM. [Brian Pane]
78e8198247420a3efeb21e38b42c423e5863cbb0jwoolley *) Added an End-Of-Request bucket type. The logging of a request and
a2a0abd88b19e042a3eb2a9fa1702c25ad51303dwrowe the freeing of its pool are now done when the EOR bucket is destroyed.
a2a0abd88b19e042a3eb2a9fa1702c25ad51303dwrowe This has the effect of delaying the logging until right after the last
a2a0abd88b19e042a3eb2a9fa1702c25ad51303dwrowe of the response is sent; ap_core_output_filter() calls the access logger
a2a0abd88b19e042a3eb2a9fa1702c25ad51303dwrowe indirectly when it destroys the EOR bucket. [Brian Pane]
a2a0abd88b19e042a3eb2a9fa1702c25ad51303dwrowe *) Rewrite of logresolve support utility: IPv6 addresses are now supported
a906160166014e14adc01c87a956d89de0d79918rbb and the format of statistical output has changed. [Colm MacCarthaigh]
a906160166014e14adc01c87a956d89de0d79918rbb *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
a906160166014e14adc01c87a956d89de0d79918rbb *) Added new connection states for handler and write completion
a906160166014e14adc01c87a956d89de0d79918rbb [Brian Pane]
7f66c5be12d3b48b1ebfa79033c099e4f91ff302dougm *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
7f66c5be12d3b48b1ebfa79033c099e4f91ff302dougm [Justin Erenkrantz]
7f66c5be12d3b48b1ebfa79033c099e4f91ff302dougm *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
7f66c5be12d3b48b1ebfa79033c099e4f91ff302dougm allowing string-valued client certificate attributes to be used for
e00ae6859667e293a4c40108f524408ae1289f2frbb access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
e00ae6859667e293a4c40108f524408ae1289f2frbb [Martin Kraemer, David Reid]
e00ae6859667e293a4c40108f524408ae1289f2frbb [Apache 2.1.0-dev includes those bug fixes and changes with the
e00ae6859667e293a4c40108f524408ae1289f2frbb Apache 2.2.xx tree as documented, and except as noted, below.]
d94fd18ee21dc9b8c1f422144a881e941687d41fdougmChanges with Apache 2.2.x and later:
53b8cdb3621b11b897438d8990d20e0b78f0d4b7rederpj *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
53b8cdb3621b11b897438d8990d20e0b78f0d4b7rederpjChanges with Apache 2.0.x and later:
53b8cdb3621b11b897438d8990d20e0b78f0d4b7rederpj *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
53b8cdb3621b11b897438d8990d20e0b78f0d4b7rederpjChanges with Apache 1.3.x and later: