Cross Reference: /httpd/CHANGES

	CHANGES revision ef056d09d39412b9f7d9b71f48ff3d00222833f6
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift                                                         -*- coding: utf-8 -*-
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swiftChanges with Apache 2.5.0
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift  *) SECURITY: CVE-2012-2687 (cve.mitre.org)
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift     mod_negotiation: Escape filenames in variant list to prevent an
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift     possible XSS for a site where untrusted users can upload files to
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift     a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift  *) mod_authz_core: If an expression in "Require expr" returns denied and
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift     references %{REMOTE_USER}, trigger authentication and retry. PR 52892.
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift     [Stefan Fritsch]
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift  *) mod_lua: Add new directive LuaAuthzProvider to allow implementing an
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift     authorization provider in lua. [Stefan Fritsch]
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift  *) mod_lua: Add a few missing request_rec fields. Rename remote_ip to
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift     client_ip to match conn_rec. [Stefan Fritsch]
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift  *) mod_lua: Change prototype of vm_construct, to work around gcc bug which
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift     causes a segfault. PR 52779. [Dick Snippe <Dick Snippe tech omroep nl>]
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift  *) mod_lua: Add the parsebody function for parsing POST data. PR 53064.
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift     [Daniel Gruno]
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift  *) mod_ssl: If exiting during initialization because of a fatal error,
a3d3ab94806056d2355afea6fe8daac41059b9fbludovicp     log a message to the main error log pointing to the appropriate
0f8553e2af5fc49a510ecfcfc93e66d06713f631ludo     virtual host error log. [Stefan Fritsch]
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift  *) mod_ldap: Treat the "server unavailable" condition as a transient
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift     error with all LDAP SDKs.  [Filip Valder <filip.valder vsb.cz>]
0f8553e2af5fc49a510ecfcfc93e66d06713f631ludo
27f8adec83293fb8bd3bfa37175322b0ee3bb933jvergara  *) mod_ssl: Add support for TLS-SRP (Secure Remote Password key exchange
2f0f7926326cc76419b074fd91a589cb68980ffbdugan     for TLS, RFC 5054). PR 51075. [Quinn Slack <sqs cs stanford edu>,
c7adcf7755f9492075a6cc9ad913a0c5a3d2d46cmatthew_swift     Christophe Renou, Peter Sylvester]

  *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
     [Paul Wouters <pwouters redhat.com>, Joe Orton]

  *) mod_ssl: Add new directive SSLCompression to disable TLS-level
     compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]

  *) core: Make ap_regcomp() return AP_REG_ESPACE if out of memory.  Make
     ap_pregcomp() abort if out of memory. This raises the minimum PCRE
     requirement to version 6.0. PR 53284. [Stefan Fritsch]

  *) apxs: Use LDFLAGS from config_vars.mk in addition to CFLAGS and CPPFLAGS.
     [Stefan Fritsch]

  *) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch]

  *) suexec: Add --enable-suexec-capabilites support on Linux, to use
     setuid/setgid capability bits rather than a setuid root binary.
     [Joe Orton]

  *) suexec: Add support for logging to syslog as an alternative to logging
     to a file; configure --without-suexec-logfile --with-suexec-syslog.
     [Joe Orton]

  *) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on
     one connection. PR 52275. [Naohiro Ooiwa <naohiro ooiwa miraclelinux com>]

  *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
     forwarding to SSL backends. PR 53134.
     [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]

  *) mod_ssl: Add support for TLS Next Protocol Negotiation.  PR 52210.
     [Matthew Steele <mdsteele google.com>]

  *) mod_so: If a filename without slashes is specified for LoadFile or
     LoadModule and the file cannot be found in the server root directory,
     try to use the standard dlopen() search path. [Stefan Fritsch]

  *) various modules, rotatelogs: Replace use of apr_file_write() with
     apr_file_write_full() to prevent incomplete writes. PR 53131.
     [Nicolas Viennot <apache viennot biz>, Stefan Fritsch]

  *) cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will
     be compiled by the build compiler instead of the host compiler.
     Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected.
     PR 51257. [Guenter Knauf]

  *) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
     PR 53048. [Stefan Fritsch]

  *) core: Fix error handling in ap_scan_script_header_err_brigade() if there
     is no EOS bucket in the brigade. Fixes segfault with mod_proxy_fcgi.
     PR 48272. [Stefan Fritsch]

  *) mod_proxy_fcgi: If there is an error reading the headers from the
     backend, send an error to the client. PR 52879. [Stefan Fritsch]

  *) mod_rewrite: Fix RewriteCond integer checks to be parsed correctly.
     PR 53023. [Axel Reinhold <apache freakout.de>, André Malo]

  *) Fix MPM DSO load failure on AIX.  [Jeff Trawick]

  *) core: Add the port number to the vhost's name in the scoreboard.
     [Stefan Fritsch]

  *) mpm_event: Don't do a blocking write when starting a lingering close
     from the listener thread. PR 52229. [Stefan Fritsch]

  *) core: In maintainer mode, replace apr_palloc with a version that
     initializes the allocated memory with non-zero values, except if
     AP_DEBUG_NO_ALLOC_POISON is defined. [Stefan Fritsch]

  *) mod_authnz_ldap: Don't try a potentially expensive nested groups
     search before exhausting all AuthLDAPGroupAttribute checks on the
     current group. PR52464 [Eric Covener]

  *) mod_policy: Add a new testing module to help server administrators
     enforce a configurable level of protocol compliance on their
     servers and application servers behind theirs. [Graham Leggett]

  *) mod_firehose: Add a new debugging module able to record traffic
     passing through the server in such a way that connections and/or
     requests be reconstructed and replayed. [Graham Leggett]

  *) mod_noloris

  *) APREQ

  *) Simple MPM

  *) mod_serf

  [Apache 2.5.0-dev includes those bug fixes and changes with the
   Apache 2.4.xx tree as documented below, except as noted.]

Changes with Apache 2.4.x and later:

  *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup

Changes with Apache 2.2.x and later:

  *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup

Changes with Apache 2.0.x and later:

  *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup