CHANGES revision f436f5cf34615c3c7d49dd229560ba658033f9ea
03745451370778a867e46fdbe315eb958745a391Mark Andrews -*- coding: utf-8 -*-
03745451370778a867e46fdbe315eb958745a391Mark AndrewsChanges with Apache 2.3.0
f183f4c0cd40354f423bdb129e7a0c9badb5082cMark Andrews[ When backported to 2.2.x, remove entry from this file ]
f183f4c0cd40354f423bdb129e7a0c9badb5082cMark Andrews *) mod_authn_core: Prevent crash when provider alias created to
f183f4c0cd40354f423bdb129e7a0c9badb5082cMark Andrews provider which is not yet registered. [Chris Darroch]
19bcb91965916ed8f0a47da2284ddaecce70bc69Evan Hunt *) mod_authn_core: Add AuthType of None to support disabling
19bcb91965916ed8f0a47da2284ddaecce70bc69Evan Hunt authentication. [Chris Darroch]
71f4918fd8a5ec4f0a05aac657b614fdf2467bebMark Andrews *) core: Allow <Limit> and <LimitExcept> directives to nest, and
71f4918fd8a5ec4f0a05aac657b614fdf2467bebMark Andrews constrain their use to conform with that of other access control
873a2046fb73aee49934d7978efe3da6509faed3Evan Hunt and authorization directives. [Chris Darroch]
a1e2170ad5c5018fbe8f7b8449d8885d5d298e88Mark Andrews *) unixd: turn existing code into a module, and turn the set user/group
a1e2170ad5c5018fbe8f7b8449d8885d5d298e88Mark Andrews and chroot into a child_init function. [Nick Kew]
a1e2170ad5c5018fbe8f7b8449d8885d5d298e88Mark Andrews *) core: Add ap_timeout_parameter_parse to public API. [Ruediger Pluem]
a1e2170ad5c5018fbe8f7b8449d8885d5d298e88Mark Andrews *) mod_proxy: Prevent segmentation faults by correctly flushing all buckets
a1e2170ad5c5018fbe8f7b8449d8885d5d298e88Mark Andrews from the proxy backend. PR 45792 [Ruediger Pluem]
05d2776f6fa8e3628555463b06cb43288c9ee68eEvan Hunt *) mod_dir: Support "DirectoryIndex None"
05d2776f6fa8e3628555463b06cb43288c9ee68eEvan Hunt Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
8327cdb88fdbf306eb4c37fe00a29aac4c2f55c5Evan Hunt *) mod_proxy: Add the possibility to set the worker parameters
f2d8c4a4c3dfa212ddcf5b86d4c5fced4965e52eMark Andrews connectiontimeout and ping in milliseconds. [Ruediger Pluem]
8c76634f88c5b3169b61505925e10b997ea08e54Mark Andrews *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
8c76634f88c5b3169b61505925e10b997ea08e54Mark Andrews OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
8bedd9647f4d6894e12a8c94d3ccc624dddcee50Mark Andrews *) Export and install the mod_rewrite.h header to ensure the optional
8bedd9647f4d6894e12a8c94d3ccc624dddcee50Mark Andrews rewrite_mapfunc_t and ap_register_rewrite_mapfunc functions are
8bedd9647f4d6894e12a8c94d3ccc624dddcee50Mark Andrews available to third party modules. [Graham Leggett]
ca84283333d22c64abfbcb87872dd5e6d9172c5aMark Andrews *) Build the odbc dbd driver by default on Windows.
ca84283333d22c64abfbcb87872dd5e6d9172c5aMark Andrews DBD_LIST is still used to build additional dbd drivers.
ca84283333d22c64abfbcb87872dd5e6d9172c5aMark Andrews [Tom Donovan]
e6555b046798b1900e93c3208d26301872f50ca5Shane Kerr *) mod_proxy_ajp: Fix wrongly formatted requests where client
e6555b046798b1900e93c3208d26301872f50ca5Shane Kerr sets Content-Length header, but doesn't provide a body.
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews Servlet container always expects that next packet is
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews body whenever C-L is present in the headers. This can lead
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews to wrong interpretation of the packets. In this case
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews send the empty body packet, so container can deal with
bf98702c1941f368e54c499dd1ff59ee684cf125Mark Andrews that. [Mladen Turk]
bf98702c1941f368e54c499dd1ff59ee684cf125Mark Andrews *) mod_authnz_ldap: don't return NULL-valued environment variables to
bf98702c1941f368e54c499dd1ff59ee684cf125Mark Andrews other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
bf98702c1941f368e54c499dd1ff59ee684cf125Mark Andrews *) Don't adjust case in pathname components that are not of interest
bf98702c1941f368e54c499dd1ff59ee684cf125Mark Andrews to mod_mime. Fixes mod_negotiation's use of such components.
bf98702c1941f368e54c499dd1ff59ee684cf125Mark Andrews PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
65391557db5d7dc725ed3f2b759248fea31a2445Mark Andrews *) Add new LogFormat parameter, %k, which logs the number of
e2c3f8059e77a8e11c4378d22e5d8e78b423a28fMark Andrews keepalive requests on this connection for this request..
e2c3f8059e77a8e11c4378d22e5d8e78b423a28fMark Andrews [Dan Poirier <poirier pobox.com>]
a7b7a4ebc38ec7460e95da6d3d70ffe7b59573b8Mark Andrews *) Be tolerant in what you accept - accept slightly broken
a7b7a4ebc38ec7460e95da6d3d70ffe7b59573b8Mark Andrews status lines from a backend provide they include a valid status code.
1ca168b58e02fda534cad741a248e549e0f98d4dMark Andrews PR 44995 [Rainer Jung <rainer.jung kippdata.de>]
23450c23fd19138cfad95b6c7728e2965abfc154Mark Andrews *) New module mod_sed: filter Request/Response bodies through sed
de05f7d061abfe0ce555e0d0f2089f1261b031b6Mark Andrews [Basant Kumar Kukreja <basant.kukreja sun.com>]
d468b1b7b2ccfdf132df15f600be48dccf447eb1Evan Hunt *) mod_auth_form: Make sure that basic authentication is correctly
d468b1b7b2ccfdf132df15f600be48dccf447eb1Evan Hunt faked directly after login. [Graham Leggett]
c7e266b7e5675e12d1ca3cc929f24b3e86d41f8eEvan Hunt *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
c7e266b7e5675e12d1ca3cc929f24b3e86d41f8eEvan Hunt within the output headers and error output headers, so that the
c7e266b7e5675e12d1ca3cc929f24b3e86d41f8eEvan Hunt session is maintained across redirects. [Graham Leggett]
85db2b5fb360ccd2aeec1e6e22336b3d654bb39aMark Andrews *) mod_auth_form: Make sure the logged in user is populated correctly
85db2b5fb360ccd2aeec1e6e22336b3d654bb39aMark Andrews after a form login. Fixes a missing REMOTE_USER variable directly
a0749e59c0356381fdaea0fefe66256589ec8c99Mark Andrews following a login. [Graham Leggett]
a0749e59c0356381fdaea0fefe66256589ec8c99Mark Andrews *) mod_session_cookie: Make sure that cookie attributes are correctly
709220567fb820cf7e7625925449dadf86317629Mark Andrews included in the blank cookie when cookies are removed. This fixes an
709220567fb820cf7e7625925449dadf86317629Mark Andrews inability to log out when using mod_auth_form. [Graham Leggett]
fe6b6eebd74f7c5c20088f67081ae690228f9744Mark Andrews *) mod_autoindex: add configuration option to insert string
adc3f2c0fdcc0a2bee469ffb0e7ae41b83cbf403Mark Andrews in HTML HEAD. [Nick Kew]
31a2f82193a91e24f31454ff18e0b7723c066a74Mark Andrews *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
45deeddf4cf1ea57b8b493dcd2410f2332a36128Mark Andrews null value. [David Shane Holden <dpejesh apache.org>]
8731a2bd2f5483f50d82cf28e315090b7ceeed54Mark Andrews *) mod_headers: Prevent Header edit from processing only the first header
2de90cd1e20061bde684a21c3d852056a2e290d0Mark Andrews of possibly multiple headers with the same name and deleting the
2de90cd1e20061bde684a21c3d852056a2e290d0Mark Andrews remaining ones. PR 45333. [Ruediger Pluem]
8a45eeebb8bdd4633bccfd9d77d9b50c1d337d54Mark Andrews *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
8a45eeebb8bdd4633bccfd9d77d9b50c1d337d54Mark Andrews [Tom Donovan]
d4034b48fd112ef43933f1455b194b5249a88ee6Mark Andrews *) core, authn/z: Determine registered authn/z providers directly in
d4034b48fd112ef43933f1455b194b5249a88ee6Mark Andrews ap_setup_auth_internal(), which allows optional functions that just
d4034b48fd112ef43933f1455b194b5249a88ee6Mark Andrews wrapped ap_list_provider_names() to be removed from authn/z modules.
d4034b48fd112ef43933f1455b194b5249a88ee6Mark Andrews [Chris Darroch]
ee4bbc8454cc0cb36a25a7d26c5b47370f96d9b2Mark Andrews *) authn/z: Convert common provider version strings to macros.
ee4bbc8454cc0cb36a25a7d26c5b47370f96d9b2Mark Andrews [Chris Darroch]
03ec481ee88f4ab72af6abb4efe096fe2c661d60Mark Andrews *) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
03ec481ee88f4ab72af6abb4efe096fe2c661d60Mark Andrews *) configure: Don't reject libtool 2.x
f568dad6c7ddaa732e6562a4b89fd2ac922d263bMark Andrews PR 44817 [Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA gmail.com>]
8e74bfb6045d78af71b54a2934823b334b3e423aMark Andrews *) core: When testing for slash-terminated configuration paths in
8e74bfb6045d78af71b54a2934823b334b3e423aMark Andrews ap_location_walk(), don't look past the start of an empty string
d91df50b670d92d0ab784b741e2ee9af7f2dc4a1Mark Andrews such as that created by a <Location ""> directive.
88a4de3c24caf71426bf06e42ce18f6099d7a439Mark Andrews [Chris Darroch]
3eab85ca54b681504d772b1d6bb3ccf4f08d4305Mark Andrews *) core, mod_proxy: If a kept_body is present, it becomes safe for
3eab85ca54b681504d772b1d6bb3ccf4f08d4305Mark Andrews subrequests to support message bodies. Make sure that safety
3eab85ca54b681504d772b1d6bb3ccf4f08d4305Mark Andrews checks within the core and within the proxy are not triggered
c5adbd722da0908f91be4fb710c082b4b68ec782Mark Andrews when kept_body is present. This makes it possible to embed
c5adbd722da0908f91be4fb710c082b4b68ec782Mark Andrews proxied POST requests within mod_include. [Graham Leggett]
557bcc2092642b2d4668c9b08872c9f2bb88bddbMark Andrews *) mod_auth_form: Make sure the input filter stack is properly set
557bcc2092642b2d4668c9b08872c9f2bb88bddbMark Andrews up before reading the login form. Make sure the kept body filter
c60eaaf9b3c6bb4d693cdb5f68acdfacf076e1fdMark Andrews is correctly inserted to ensure the body can be read a second
c60eaaf9b3c6bb4d693cdb5f68acdfacf076e1fdMark Andrews time safely should the authn be successful. [Graham Leggett,
634a4da58460979fa0fcad5304b810d189f9cf49Mark Andrews Ruediger Pluem]
634a4da58460979fa0fcad5304b810d189f9cf49Mark Andrews *) mod_request: Insert the KEPT_BODY filter via the insert_filter
634a4da58460979fa0fcad5304b810d189f9cf49Mark Andrews hook instead of during fixups. Add a safety check to ensure the
c0720b90ed6e673264b17eb752d873a89cbd6db5Mark Andrews filters cannot be inserted more than once. [Graham Leggett,
c0720b90ed6e673264b17eb752d873a89cbd6db5Mark Andrews Ruediger Pluem]
576e48e28aae9f28b8e6daa2aabc839bb5c520e3Mark Andrews *) core: Do not allow Options ALL if not all options are allowed to be
c06cb907737eb7ce128c92dd729c73798733f37aMark Andrews overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
6e5e27c38d86f2338688f5123d2ff84558956dd0Mark Andrews *) ap_cache_cacheable_headers_out() will (now) always
6e5e27c38d86f2338688f5123d2ff84558956dd0Mark Andrews merge an error heaeders _before_ clearing them and _before_
6e5e27c38d86f2338688f5123d2ff84558956dd0Mark Andrews merging in the actual entity headers and doing normal
5059b393e80cda6beffb74f2f30d7329502c41e6Mark Andrews hop-by-hop cleansing. [Dirk-Willem van Gulik].
5059b393e80cda6beffb74f2f30d7329502c41e6Mark Andrews *) cache: retire ap_cache_cacheable_hdrs_out() which was used
c16aed9c469a986f1b84e457db4a8c4d2da01ca3Mark Andrews for both in- and out-put headers; and replace it by a single
c16aed9c469a986f1b84e457db4a8c4d2da01ca3Mark Andrews ap_cache_cacheable_headers() wrapped in a in- and out-put
c16aed9c469a986f1b84e457db4a8c4d2da01ca3Mark Andrews specific ap_cache_cacheable_headers_in()/out(). The latter
c16aed9c469a986f1b84e457db4a8c4d2da01ca3Mark Andrews which will also merge error and ensure content-type. To keep
dd19fbaf817f974c24ddfa1d276d7594d5b18750Mark Andrews cache modules consistent with ease. This API change bumps
dd19fbaf817f974c24ddfa1d276d7594d5b18750Mark Andrews up the minor MM by one [Dirk-Willem van Gulik].
f408773d47b25594d1302525a4db6efb84b1843cMark Andrews *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
f408773d47b25594d1302525a4db6efb84b1843cMark Andrews PR 44799 [Christian Wenz <christian wenz.org>]
cd315d4cf631753c94f27fabaa42a37a27d30530Mark Andrews *) Move the KeptBodySize directive, kept_body filters and the
cd315d4cf631753c94f27fabaa42a37a27d30530Mark Andrews ap_parse_request_body function out of the http module and into a
69826a6a2f89ecb2b280eeb6d4adb4826bf0db72Mark Andrews new module called mod_request, reducing the size of the core.
69826a6a2f89ecb2b280eeb6d4adb4826bf0db72Mark Andrews [Graham Leggett]
69826a6a2f89ecb2b280eeb6d4adb4826bf0db72Mark Andrews *) mod_dbd: Handle integer configuration directive parameters with a
69826a6a2f89ecb2b280eeb6d4adb4826bf0db72Mark Andrews dedicated function.
69826a6a2f89ecb2b280eeb6d4adb4826bf0db72Mark Andrews *) Change the directives within the mod_session* modules to be valid
69826a6a2f89ecb2b280eeb6d4adb4826bf0db72Mark Andrews both inside and outside the location/directory sections, as
69826a6a2f89ecb2b280eeb6d4adb4826bf0db72Mark Andrews suggested by wrowe. [Graham Leggett]
69826a6a2f89ecb2b280eeb6d4adb4826bf0db72Mark Andrews *) mod_auth_form: Add a module capable of allowing end users to log
69826a6a2f89ecb2b280eeb6d4adb4826bf0db72Mark Andrews in using an HTML form, storing the credentials within mod_session.
69826a6a2f89ecb2b280eeb6d4adb4826bf0db72Mark Andrews [Graham Leggett]
69826a6a2f89ecb2b280eeb6d4adb4826bf0db72Mark Andrews *) Add a function to the http filters that is able to parse an HTML
5888f62c204a99da60d7854fe01eda4960fb3b36Mark Andrews form request with the type of application/x-www-form-urlencoded.
5888f62c204a99da60d7854fe01eda4960fb3b36Mark Andrews [Graham Leggett]
fd23bc509d5fddb91247a2a1ca52d432969067e5Mark Andrews *) mod_session_crypto: Initialise SSL in the post config hook.
7c200913aa7e55bbe28de456bb593c1e05bf6f79Mark Andrews [Ruediger Pluem, Graham Leggett]
07072c9456f1112705db701bb35f12dbdcb217b0Mark Andrews *) mod_session_dbd: Add a session implementation capable of storing
07072c9456f1112705db701bb35f12dbdcb217b0Mark Andrews session information in a SQL database via the dbd interface. Useful
afd002e89aadf30181155566544480349e70339dMark Andrews for sites where session privacy is important. [Graham Leggett]
afd002e89aadf30181155566544480349e70339dMark Andrews *) mod_session_crypto: Add a session encoding implementation capable
7b52c2ad3c9ca65712e962ddc803e34641f2bc07Mark Andrews of encrypting and decrypting sessions wherever they may be stored.
ba5d2a97ee0cd2cc9d4b9e7e344ae8f607cc2994Mark Andrews Introduces a level of privacy when sessions are stored on the
ba5d2a97ee0cd2cc9d4b9e7e344ae8f607cc2994Mark Andrews browser. [Graham Leggett]
6133734cecb05630e32edb63031b95d333df8e48Mark Andrews *) mod_session_cookie: Add a session implementation capable of storing
6133734cecb05630e32edb63031b95d333df8e48Mark Andrews session information within cookies on the browser. Useful for high
47ee25b1f58a5924c51b59194b84621b9b7b6ba5Mark Andrews volume sites where server bound sessions are too resource intensive.
47ee25b1f58a5924c51b59194b84621b9b7b6ba5Mark Andrews [Graham Leggett]
32391301db6f532ad17033f188d4540ae3f409f1Mark Andrews *) mod_session: Add a generic session interface to unify the different
32391301db6f532ad17033f188d4540ae3f409f1Mark Andrews attempts at saving persistent sessions across requests.
32391301db6f532ad17033f188d4540ae3f409f1Mark Andrews [Graham Leggett]
0cedbe4ab56e00d5827941697418476318cbdeb3Mark Andrews *) core, authn/z: Avoid calling access control hooks for internal requests
0cedbe4ab56e00d5827941697418476318cbdeb3Mark Andrews with configurations which match those of initial request. Revert to
0cedbe4ab56e00d5827941697418476318cbdeb3Mark Andrews original behaviour (call access control hooks for internal requests
f05a4bf2bfac3aaff0462560b2793cd99a85a297Mark Andrews with URIs different from initial request) if any access control hooks or
0cedbe4ab56e00d5827941697418476318cbdeb3Mark Andrews providers are not registered as permitting this optimization.
f05a4bf2bfac3aaff0462560b2793cd99a85a297Mark Andrews Introduce wrappers for access control hook and provider registration
bf45f72ed319628eebce60c368177320943d001fMark Andrews which can accept additional mode and flag data. [Chris Darroch]
bf45f72ed319628eebce60c368177320943d001fMark Andrews *) Introduced ap_expr API for expression evaluation.
e078f002c06b6b26e2d7749a4f9e3907f3e85de3Mark Andrews This is adapted from mod_include, which is the first module
af1e00675fa573fec779e9a01aac5bedb99f0fd6Mark Andrews to use the new API.
d1199d9c06ba470fa4779981bea2f8f7403e8eabMark Andrews *) mod_authz_dbd: When redirecting after successful login/logout per
d1199d9c06ba470fa4779981bea2f8f7403e8eabMark Andrews AuthzDBDRedirectQuery, do not report authorization failure, and use
d1199d9c06ba470fa4779981bea2f8f7403e8eabMark Andrews first row returned by database query instead of last row.
7c5dfcc60a7ee41ae5ba15a3e1fe337af3bef1a9Mark Andrews [Chris Darroch]
7c5dfcc60a7ee41ae5ba15a3e1fe337af3bef1a9Mark Andrews *) mod_ldap: Correctly return all requested attribute values
7c5dfcc60a7ee41ae5ba15a3e1fe337af3bef1a9Mark Andrews when some attributes have a null value.
0f8c9b5eed7e8714ceb7d6d3675555df9c5f6350Mark Andrews PR 44560 [Anders Kaseorg <anders kaseorg.com>]
0f8c9b5eed7e8714ceb7d6d3675555df9c5f6350Mark Andrews *) core: check symlink ownership if both FollowSymlinks and
fc8197c3ce31d81cd5e23703680572fac09a2e8aMark Andrews SymlinksIfOwnerMatch are set [Nick Kew]
0f8c9b5eed7e8714ceb7d6d3675555df9c5f6350Mark Andrews *) core: fix origin checking in SymlinksIfOwnerMatch
0f8c9b5eed7e8714ceb7d6d3675555df9c5f6350Mark Andrews PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
bc6af069c80ca33a5619d71d57859724cab1f4c4Mark Andrews *) Activate mod_cache, mod_file_cache and mod_disc_cache as part of the
bc6af069c80ca33a5619d71d57859724cab1f4c4Mark Andrews 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
bc6af069c80ca33a5619d71d57859724cab1f4c4Mark Andrews mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
4bb0f1046f3f3c26539ff91e28b3c8872519df17Mark Andrews *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these
68df4d65c624a9ca06e94fc67ef915adf2ec97beMark Andrews contain public function declarations which are useful for
ab6e5af4cd644b174709f95c2702ec4c442aa755Mark Andrews third party module authors. PR 42431 [Dirk-Willem van Gulik].
f3139b9d763cbfd3f8dbf1062191a688ed5195e4Mark Andrews *) mod_dir, mod_negotiation: pass the output filter information
f3139b9d763cbfd3f8dbf1062191a688ed5195e4Mark Andrews to newly created sub requests; as these are later on used
f3139b9d763cbfd3f8dbf1062191a688ed5195e4Mark Andrews as true requests with an internal redirect. This allows for
f3139b9d763cbfd3f8dbf1062191a688ed5195e4Mark Andrews mod_cache et.al. to trap the results of the redirect.
79e3817e2c0f1b017643638dc3876ba41da94335Mark Andrews [Dirk-Willem van Gulik, Ruediger Pluem]
79e3817e2c0f1b017643638dc3876ba41da94335Mark Andrews *) mod_ldap: Add support (taking advantage of the new APR capability)
2d78cc9624dd735ffdc634e6c39dd30bddfb95f7Mark Andrews for ldap rebind callback while chasing referrals. This allows direct
2d78cc9624dd735ffdc634e6c39dd30bddfb95f7Mark Andrews searches on LDAP servers (in particular MS Active Directory 2003+)
2d78cc9624dd735ffdc634e6c39dd30bddfb95f7Mark Andrews using referrals without the use of the global catalog.
eea8cd8d1a9b2762480fab793972d1cefbc7cf90Mark Andrews PRs 26538, 40268, and 42557 [Paul J. Reder]
eea8cd8d1a9b2762480fab793972d1cefbc7cf90Mark Andrews *) mod_ssl: Added server name indication support (SNI, RFC 4366).
9860862cedd41ffaf69e7806e8f8959263552721Mark Andrews PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
9860862cedd41ffaf69e7806e8f8959263552721Mark Andrews can be created with test/make_sni.sh [Dirk-Willem van Gulik].
25e2824175eb0c186df3ab0737c83d322410594cMark Andrews *) ApacheMonitor.exe: Introduce --kill argument for use by the
25e2824175eb0c186df3ab0737c83d322410594cMark Andrews installer. This will permit the installation tool to remove
25e2824175eb0c186df3ab0737c83d322410594cMark Andrews all running instances before attempting to remove the .exe.
25e2824175eb0c186df3ab0737c83d322410594cMark Andrews [William Rowe]
63aaac8137bd1d86aab8c950fb066bb522a26e5bMark Andrews *) mod_ssl: Add support for OCSP validation of client certificates.
fe3220466e3c23cd2c22a59a4db46bc97ce0827dMark Andrews PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton]
fe3220466e3c23cd2c22a59a4db46bc97ce0827dMark Andrews *) mod_serf: New module for Reverse Proxying. [Paul Querna]
40aadb6a143e0f2d351e743dce43cfc894d4d855Mark Andrews *) core: Add the option to keep aside a request body up to a certain
40aadb6a143e0f2d351e743dce43cfc894d4d855Mark Andrews size that would otherwise be discarded, to be consumed by filters
65b26a4dc8c6c16d0a5ccb03b67cf968c77d6570Mark Andrews such as mod_include. When enabled for a directory, POST requests
65b26a4dc8c6c16d0a5ccb03b67cf968c77d6570Mark Andrews to shtml files can be passed through to embedded scripts as POST
65b26a4dc8c6c16d0a5ccb03b67cf968c77d6570Mark Andrews requests, rather being downgraded to GET requests. [Graham Leggett]
c58821f7100821e1d4e4bbace727b988bb3e0623Mark Andrews *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
337e70ead93aafec305ac0a7a62090339543b8d1Mark Andrews *) scoreboard: Correctly declare ap_time_process_request.
f0a1b8c85792d4e04716f995a2b2a8ca73f8367dMark Andrews *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
a5d7c242b564cbd3cebc0dd27c19d9093d38b3abMark Andrews from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
a5d7c242b564cbd3cebc0dd27c19d9093d38b3abMark Andrews provide the unusual legacy lookup. [William Rowe]
1de5f8f80930dc322688010740c7dfe56eb035b0Mark Andrews *) mpm winnt: fix null pointer dereference
1de5f8f80930dc322688010740c7dfe56eb035b0Mark Andrews PR 42572 [Davi Arnaut]
7a253b705ccbc30821253e7a124658623f10c499Mark Andrews *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
f6476fa52240e3c8278ac4a27fa2cc8a5b7a3e3bMark Andrews parameters to the environment. Improve portability to
f6476fa52240e3c8278ac4a27fa2cc8a5b7a3e3bMark Andrews EBCDIC machines by using apr_toupper(). [Martin Kraemer]
cd1e58c339b2a6709d543a525de0c995bf8b5868Mark Andrews *) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
cd1e58c339b2a6709d543a525de0c995bf8b5868Mark Andrews to authorize an authenticated user via a "require ldap-group X" directive
cd1e58c339b2a6709d543a525de0c995bf8b5868Mark Andrews where the user is not in group X, but is in a subgroup contained in X.
a05f23d07e1b60a1d88119678111a47014480611Mark Andrews PR 42891 [Paul J. Reder]
a05f23d07e1b60a1d88119678111a47014480611Mark Andrews *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
429e23d2f56d28d86439f75c13cda2b4ac5ab67bMark Andrews *) mod_ldap: Fix the search limit parameter to ldap_search_ext_s()
429e23d2f56d28d86439f75c13cda2b4ac5ab67bMark Andrews for SDKs that define LDAP_NO_LIMIT to something other than -1.
c5c825bf07a00a2478afd9400e9f8534457980b0Mark Andrews [David Jones <oscaremma gmail.com>]
c5c825bf07a00a2478afd9400e9f8534457980b0Mark Andrews *) apxs: Enhance -q flag to print all known variables and their values
aaa42824d2d1f5cc4add01f0191e3784ee0f7396Mark Andrews when invoked without variable name(s).
43da7565913277c020ded34d6ee2139998b743b6Mark Andrews [William Rowe, Sander Temme]
43da7565913277c020ded34d6ee2139998b743b6Mark Andrews *) apxs: Eliminate run-time check for mod_so. PR 40653.
c1297b6025bf8ccdc832b7bca705da1d4cf2944eMark Andrews [David M. Lee <dmlee crossroads.com>]
25820cf1d110ec22cec5f6be5257aabe6853ca92Evan Hunt *) beos MPM: Create pmain pool and run modules' child_init hooks when
25820cf1d110ec22cec5f6be5257aabe6853ca92Evan Hunt entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
25820cf1d110ec22cec5f6be5257aabe6853ca92Evan Hunt [Chris Darroch]
99cce386a489671727a737b3748937cf3a0676e8Evan Hunt *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
99cce386a489671727a737b3748937cf3a0676e8Evan Hunt cleanups registered in modules' child_init hooks are performed.
99cce386a489671727a737b3748937cf3a0676e8Evan Hunt [Chris Darroch]
819b98479eff49ed93f57f4d65eb0ffe72136adcMark Andrews *) mod_dbd: Stash DBD connections in request_config of initial request
819b98479eff49ed93f57f4d65eb0ffe72136adcMark Andrews only, or else sub-requests and internal redirections may cause
819b98479eff49ed93f57f4d65eb0ffe72136adcMark Andrews entire DBD pool to be stashed in a single HTTP request. [Chris Darroch]
113e0b7819103f02d5a16bad1b7356587d866ac2Mark Andrews *) Fix issue which could cause error messages to be written to access logs
113e0b7819103f02d5a16bad1b7356587d866ac2Mark Andrews on Win32. PR 40476. [Tom Donovan <Tom.Donovan acm.org>]
113e0b7819103f02d5a16bad1b7356587d866ac2Mark Andrews *) The LockFile directive, which specifies the location of
6dfc78fab61fafc9bffdc3cbc331cc996bfa2198Mark Andrews the accept() mutex lockfile, is deprecated. Instead, the
6dfc78fab61fafc9bffdc3cbc331cc996bfa2198Mark Andrews AcceptMutex directive now takes an optional lockfile
6dfc78fab61fafc9bffdc3cbc331cc996bfa2198Mark Andrews location parameter, ala SSLMutex. [Jim Jagielski]
65085946d4f92481699678e276e3ced04bcfdafbMark Andrews *) mod_authn_dbd: Export any additional columns queried in the SQL select
65085946d4f92481699678e276e3ced04bcfdafbMark Andrews into the environment with the name AUTHENTICATE_<COLUMN>. This brings
65085946d4f92481699678e276e3ced04bcfdafbMark Andrews mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
b5f690e1618cffeec15b3bcb9525443206fb7007Mark Andrews *) mod_dbd: Key the storage of prepared statements on the hex string
b5f690e1618cffeec15b3bcb9525443206fb7007Mark Andrews value of server_rec, rather than the server name, as the server name
37d373d88631c7be57a30bf4a49c824a9195781fMark Andrews may change (eg when the server name is set) at any time, causing
37d373d88631c7be57a30bf4a49c824a9195781fMark Andrews weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
b130bf8b4ebdabd5c94eb5c6522a9971997b6ac9Mark Andrews *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
072eaf055b7fa0d8abe96146fbb9152b14946c84Mark Andrews *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
072eaf055b7fa0d8abe96146fbb9152b14946c84Mark Andrews the first bucket from the brigade, finds it not to be a FILE
7a3c2d189e811933c48aace1900a868dffd42f5fMark Andrews bucket and barfs. The fix is to pass a bucket rather than a brigade.
7a3c2d189e811933c48aace1900a868dffd42f5fMark Andrews [Niklas Edmundsson <nikke acc.umu.se>]
a56f5ada432128085e4a06815328023ee0c9610dMark Andrews *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
a56f5ada432128085e4a06815328023ee0c9610dMark Andrews *) ap_get_server_version() has been removed. Third-party modules must
a56f5ada432128085e4a06815328023ee0c9610dMark Andrews now use ap_get_server_banner() or ap_get_server_description().
a56f5ada432128085e4a06815328023ee0c9610dMark Andrews [Jeff Trawick]
a56f5ada432128085e4a06815328023ee0c9610dMark Andrews *) All MPMs: Introduce a check_config phase between pre_config and
a56f5ada432128085e4a06815328023ee0c9610dMark Andrews open_logs, to allow modules to review interdependent configuration
4259095c8058beb9b475f1884dbeda375979e6f6Mark Andrews directive values and adjust them while messages can still be logged
4259095c8058beb9b475f1884dbeda375979e6f6Mark Andrews to the console. Handle relevant MPM directives during this phase
4259095c8058beb9b475f1884dbeda375979e6f6Mark Andrews and format messages for both the console and the error log, as
c53a5699c8242636fd913a4d07b4447efebe3bbfMark Andrews appropriate. [Chris Darroch]
c53a5699c8242636fd913a4d07b4447efebe3bbfMark Andrews *) mod_proxy: don't URLencode tilde in path component
8c731c1219f1698f15bf5b1fcf6bc301cfd9bc42Mark Andrews [Stijn Hoop <stijn sandcat.nl>]
a630d60b8b628cb2ce46b906dc7b1a5b83b74ed5Mark Andrews *) mpm_winnt: Fix return values from wait_for_many_objects.
a630d60b8b628cb2ce46b906dc7b1a5b83b74ed5Mark Andrews The return value is index to the signaled thread in the
a630d60b8b628cb2ce46b906dc7b1a5b83b74ed5Mark Andrews creted_threads array. We can not use WAIT_TIMEOUT because
b53871d8592a0bfeacdd06ccba46d75aa96e4fecMark Andrews his value is defined as 258, thus limiting the MaxThreads
b53871d8592a0bfeacdd06ccba46d75aa96e4fecMark Andrews to that value. [Mladen Turk]
9dabd0455ca923b5b02f74c1e999702ddc9c6fd2Mark Andrews *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
9dabd0455ca923b5b02f74c1e999702ddc9c6fd2Mark Andrews to circumvent the symbolic link checks imposed by FollowSymLinks and
9dabd0455ca923b5b02f74c1e999702ddc9c6fd2Mark Andrews SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
58f32ac26ea330054f7b85579cd93a6376168fe7Mark Andrews *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
58f32ac26ea330054f7b85579cd93a6376168fe7Mark Andrews configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
58f32ac26ea330054f7b85579cd93a6376168fe7Mark Andrews The default is none as this is far greater debugging resolution than
58f32ac26ea330054f7b85579cd93a6376168fe7Mark Andrews the typical administrator is prepared to untangle. [William Rowe]
bde20a0436dff13e2299cfd4230ddec54d396d02Mark Andrews *) mod_disk_cache: If possible, check if the size of an object to cache is
0deee29113e5919c88f341ec3a181b70f7c905ccMark Andrews within the configured boundaries before actually saving data.
0deee29113e5919c88f341ec3a181b70f7c905ccMark Andrews [Niklas Edmundsson <nikke acc.umu.se>]
340a05967aaad53d90694426c33d81b490b0f915Mark Andrews *) mod_cache: Convert all values to seconds before comparing them when
340a05967aaad53d90694426c33d81b490b0f915Mark Andrews checking whether to send a Warning header for a stale response.
340a05967aaad53d90694426c33d81b490b0f915Mark Andrews PR 39713. [Owen Taylor <otaylor redhat.com>]
394f4aec2189750d7f861d00f97fe28ffcd9f659Mark Andrews *) mod_disk_cache: Delete temporary files if they cannot be renamed to their
394f4aec2189750d7f861d00f97fe28ffcd9f659Mark Andrews final name. [Davi Arnaut <davi haxent.com.br>]
2e676167cc8cbb2e6dbb54e9859098dd5b9cd5c8Mark Andrews *) Worker and event MPMs: Remove improper scoreboard updates which were
2e676167cc8cbb2e6dbb54e9859098dd5b9cd5c8Mark Andrews performed in the event of a fork() failure. [Chris Darroch]
4098271a81b3e965da14f77c893232a0b6be22f3Mark Andrews *) Add support for fcgi:// proxies to mod_rewrite.
4098271a81b3e965da14f77c893232a0b6be22f3Mark Andrews [Markus Schiegl <ms schiegl.com>]
57eb7efe13b67455e8c6a08cf080afb3de2ac622Mark Andrews *) Remove incorrect comments from scoreboard.h regarding conditional
7228a4d9ca1f1b868e257a28de86c6a1f21e9ffeMark Andrews loading of worker_score structure with mod_status, and remove unused
7228a4d9ca1f1b868e257a28de86c6a1f21e9ffeMark Andrews definitions relating to old life_status field.
5dcc67a0fff89e7ebf051f64b6b987862c331a04Mark Andrews [Chris Darroch <chrisd pearsoncmg.com>]
5dcc67a0fff89e7ebf051f64b6b987862c331a04Mark Andrews *) Remove allocation of memory for unused array of lb_score pointers
8363ddb32da86811663d12d0b2c61a8ea2fa0eaeMark Andrews in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
8363ddb32da86811663d12d0b2c61a8ea2fa0eaeMark Andrews *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
cc2720da38bb7bab2bf283de56dd90e9093d7f00Mark Andrews [Garrett Rooney, Jim Jagielski, Paul Querna]
cc2720da38bb7bab2bf283de56dd90e9093d7f00Mark Andrews *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
10fc76d48aa7ecb8a7242970585ba154b368f97eMark Andrews [Chris Darroch <chrisd pearsoncmg.com>]
5cc6a0f7dae472e5c2022b2cbb5343ec9f7f4942Mark Andrews *) mod_charset_lite: Remove Content-Length when output filter can
4490e14feb50cd59a62ce9f348ff53b68a0594ebMark Andrews invalidate it. Warn when input filter can invalidate it.
5cc6a0f7dae472e5c2022b2cbb5343ec9f7f4942Mark Andrews [Jeff Trawick]
1e70c9a36639bb1e8d537dcefa3cd12a7bb39db0Mark Andrews *) Authz: Add the new module mod_authn_core that will provide common
1e70c9a36639bb1e8d537dcefa3cd12a7bb39db0Mark Andrews authn directives such as 'AuthType', 'AuthName'. Move the directives
9baec3ca233efe8ffca6fbafea5c75021adff03cMark Andrews 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
9baec3ca233efe8ffca6fbafea5c75021adff03cMark Andrews into mod_authn_core. [Brad Nicholes]
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
f31446e6b5925395fce4f62adf71f7ad70cea6ceMark Andrews into the new module mod_access_compat which can be loaded to provide
f31446e6b5925395fce4f62adf71f7ad70cea6ceMark Andrews support for these directives.
f31446e6b5925395fce4f62adf71f7ad70cea6ceMark Andrews [Brad Nicholes]
0961ac0868e7d60e7cb665160f6d3717e1da5228Mark Andrews *) Authz: Move the 'Require' directive from the core module as well as
0961ac0868e7d60e7cb665160f6d3717e1da5228Mark Andrews add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
3d697a7eddf375586435f8fb6e1440fb3ce9058dMark Andrews and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
3d697a7eddf375586435f8fb6e1440fb3ce9058dMark Andrews logic into the authorization processing. [Brad Nicholes]
8943ff626fa337419cbffad6a4a910c7d99509f4Mark Andrews *) Authz: Add the new module mod_authz_core which acts as the
281bab0f36eaedc56f859721fbdf45568b71cd60Mark Andrews authorization provider vector and contains common authz
281bab0f36eaedc56f859721fbdf45568b71cd60Mark Andrews directives. [Brad Nicholes]
281bab0f36eaedc56f859721fbdf45568b71cd60Mark Andrews *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
5cd4555ad444fd391002ae32450572054369fd42Rob Austein 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
8eb4eca37538183edb36db88580b5232f15931b0Mark Andrews *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
8eb4eca37538183edb36db88580b5232f15931b0Mark Andrews host-based access control provided by mod_authz_host and invoked
fa3d0b9991ea0d8344881c5dd4609d9c33314b9bMark Andrews through the 'Require' directive. [Brad Nicholes]
e7d32e57a5c8600893f91ec08f74117c983f8b8dMark Andrews *) Authz: Convert all of the authz modules from hook based to
e7d32e57a5c8600893f91ec08f74117c983f8b8dMark Andrews provider based. [Brad Nicholes]
fa3d0b9991ea0d8344881c5dd4609d9c33314b9bMark Andrews *) mod_cache: Add CacheMinExpire directive to set the minimum time in
e3f66e1617f9fca7313e4005b8c3c611551906d1Mark Andrews seconds to cache a document.
ed954ce73b1c712b24eab945190028871433f803Mark Andrews [Brian Akins <brian.akins turner.com>, Ruediger Pluem]
ed954ce73b1c712b24eab945190028871433f803Mark Andrews *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
29747dfe5e073a299b3681e01f5c55540f8bfed7Mark Andrews *) Fix typo in ProxyStatus syntax error message.
29747dfe5e073a299b3681e01f5c55540f8bfed7Mark Andrews [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews *) Asynchronous write completion for the Event MPM. [Brian Pane]
1372e172d0e0b08996376b782a9041d1e3542489Mark Andrews *) Added an End-Of-Request bucket type. The logging of a request and
1372e172d0e0b08996376b782a9041d1e3542489Mark Andrews the freeing of its pool are now done when the EOR bucket is destroyed.
1372e172d0e0b08996376b782a9041d1e3542489Mark Andrews This has the effect of delaying the logging until right after the last
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein of the response is sent; ap_core_output_filter() calls the access logger
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein indirectly when it destroys the EOR bucket. [Brian Pane]
23235c00eda9089f38ace0a1371fed9a466ea5ddMark Andrews *) Rewrite of logresolve support utility: IPv6 addresses are now supported
23235c00eda9089f38ace0a1371fed9a466ea5ddMark Andrews and the format of statistical output has changed. [Colm MacCarthaigh]
514aeac2acbbe2b77ff3c4e310617523cf5651c5Mark Andrews *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
514aeac2acbbe2b77ff3c4e310617523cf5651c5Mark Andrews *) Added new connection states for handler and write completion
514aeac2acbbe2b77ff3c4e310617523cf5651c5Mark Andrews [Brian Pane]
1ea2595e1b33cc63ea73ee1d54b580b717d7d155Mark Andrews *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
1ea2595e1b33cc63ea73ee1d54b580b717d7d155Mark Andrews [Justin Erenkrantz]
1ea2595e1b33cc63ea73ee1d54b580b717d7d155Mark Andrews *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
1ea2595e1b33cc63ea73ee1d54b580b717d7d155Mark Andrews allowing string-valued client certificate attributes to be used for
1ea2595e1b33cc63ea73ee1d54b580b717d7d155Mark Andrews access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
e60f01cdd29c71e9224273214521b15aef4d4555Mark Andrews [Martin Kraemer, David Reid]
e60f01cdd29c71e9224273214521b15aef4d4555Mark Andrews [Apache 2.1.0-dev includes those bug fixes and changes with the
13290782cb83ee43c4dc942d186761a46c4a2692Mark Andrews Apache 2.2.xx tree as documented, and except as noted, below.]
13290782cb83ee43c4dc942d186761a46c4a2692Mark AndrewsChanges with Apache 2.2.x and later:
895ae38da194143331d667289affd3b43c5bfc14Mark Andrews *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
bca16e31b457598cd1dbbf0cdc7a26a6d2ec3753Mark AndrewsChanges with Apache 2.0.x and later:
bca16e31b457598cd1dbbf0cdc7a26a6d2ec3753Mark Andrews *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
58ea8fb1dfc8c055a7d4ad74d65e345436ede790Mark AndrewsChanges with Apache 1.3.x and later: