CHANGES revision 0ed19acadd3d3dd593759173d87d2243e97914e2
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews -*- coding: utf-8 -*-
04428429c4e689333e3ef8d19a2debeb20d4d15dMark AndrewsChanges with Apache 2.3.9
e999539fb3e45b2617571e0e3ecd651992291701Mark Andrews *) SECURITY: CVE-2010-1623 (cve.mitre.org)
2a40fdc2d34adb8a5c72a748449699666032d461Mark Andrews Fix a denial of service attack against mod_reqtimeout.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Stefan Fritsch]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews *) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews *) htcacheclean: Allow the option to round up file sizes to a given
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews block size, improving the accuracy of disk usage. [Graham Leggett]
d56e188030368b835122d759ebbf8d9613c166f4Mark Andrews *) mod_ssl: Add authz providers for use with mod_authz_core and its
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews 'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews 'ssl-require' (expressions with same syntax as SSLRequire).
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews [Stefan Fritsch]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_ssl: Make the ssl expression parser thread-safe. It now requires
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews bison instead of yacc. [Stefan Fritsch]
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews *) mod_disk_cache: Change on-disk header file format to support the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews link of the device/inode of the data file to the matching header
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews file, and to support the option of not writing a data file when
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews the data file is empty. [Graham Leggett]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) core/mod_unique_id: Add generate_log_id hook to allow to use
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews the ID generated by mod_unique_id as error log ID for requests.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) mod_cache: Make sure that we never allow a 304 Not Modified response
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews that we asked for to leak to the client should the 304 response be
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington uncacheable. PR45341 [Graham Leggett]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_cache: Add the cache_status hook to register the final cache
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews decision hit/miss/revalidate. Add optional support for an X-Cache
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews and/or an X-Cache-Detail header to add the cache status to the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews response. PR48241 [Graham Leggett]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_authz_host: Add 'local' provider that matches connections originating
c069a20053d41ae299eb9457e50ea44ae9f73ed2Mark Andrews on the local host. PR 19938. [Stefan Fritsch]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Event MPM: Fix crash accessing pollset on worker thread when child
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews process is exiting. [Jeff Trawick]
3f6174bffe227be44e241a29d186add00c032ff6Mark Andrews *) core: For process invocation (cgi, fcgid, piped loggers and so forth)
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews pass the system library path (LD_LIBRARY_PATH or platform-specific
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews variables) along with the system PATH, by default. Both should be
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews overridden together as desired using PassEnv etc; see mod_env.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson [William Rowe]
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews *) mod_cache: Introduce CacheStoreExpired, to allow administrators to
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews capture a stale backend response, perform If-Modified-Since requests
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews against the backend, and serving from the cache all 304 responses.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson This restores pre-2.2.4 cache behavior. [William Rowe]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) mod_rewrite: Introduce <=, >= string comparison operators, and integer
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson comparators -lt, -le, -eq, -ge, and -gt. To help bash users and drop
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews the ambiguity of the symlink test "-ltest", introduce -h or -L as
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington symlink test operators. [William Rowe]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_cache: Give the cache provider the opportunity to choose to cache
6f046a065e5543f8cd7e2f24991c65d2372f4c8dMark Andrews or not cache based on the buckets present in the brigade, such as the
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews presence of a FILE bucket.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews [Graham Leggett]
62ee2c9f460d2e2e45dcf1abc8b4b4a4a43f5618Mark Andrews *) mod_authz_core: Allow authz providers to check args while reading the
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews config and allow to cache parsed args. Move 'all' and 'env' authz
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews providers from mod_authz_host to mod_authz_core. Add 'method' authz
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews provider depending on the HTTP method. [Stefan Fritsch]
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews *) mod_include: Move the request_rec within mod_include to be
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews exposed within include_ctx_t. [Graham Leggett]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) mod_include: Reinstate support for UTF-8 character sets by allowing a
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews variable being echoed or set to be decoded and then encoded as separate
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews steps. PR47686 [Graham Leggett]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) mod_cache: Add a discrete commit_entity() provider function within the
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson mod_cache provider interface which is called to indicate to the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews provider that caching is complete, giving the provider the opportunity
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to commit temporary files permanently to the cache in an atomic
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews fashion. Replace the inconsistent use of error cleanups with a formal
80f9a970ae6681c08529ef209eaabbe078c27ca3Mark Andrews set of pool cleanups attached to a subpool, which is destroyed on error.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews [Graham Leggett]
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews *) mod_cache: Change the signature of the store_body() provider function
dd9ad704c3800e3ab07ede8595871eac79984871Mark Andrews within the mod_cache provider interface to support an "in" brigade
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews and an "out" brigade instead of just a single input brigade. This
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews gives a cache provider the option to consume only part of the brigade
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews passed to it, rather than the whole brigade as was required before.
ab81f57ca0c3addfec3df3babdcea9644757cf23Mark Andrews This fixes an out of memory and a request timeout condition that would
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews occur when the original document was a large file. Introduce
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews CacheReadSize and CacheReadTime directives to mod_disk_cache to control
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews the amount of data to attempt to cache at a time. [Graham Leggett]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews *) core: Add ErrorLogFormat to allow configuring error log format, including
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews additional information that is logged once per connection or request. Add
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews error log IDs for connections and request to allow correlating error log
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews lines and the corresponding access log entry. [Stefan Fritsch]
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews *) core: Disable sendfile by default. [Stefan Fritsch]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews *) mod_cache: Check the request to determine whether we are allowed
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews to return cached content at all, and respect a "Cache-Control:
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews no-cache" header from a client. Previously, "no-cache" would
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews behave like "max-age=0". [Graham Leggett]
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews *) mod_cache: Use a proper filter context to hold filter data instead
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews of misusing the per-request configuration. Fixes a segfault on trunk
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews when the normal handler is used. [Graham Leggett]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews *) mod_cgid: Log a warning if the ScriptSock path is truncated because
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews it is too long. PR 49388. [Stefan Fritsch]
d3a3e690ab1f87fa02b3fa77be5ddea5c1fe0cd4Mark Andrews *) vhosts: Do not allow _default_ in NameVirtualHost, or mixing *
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews and non-* ports on NameVirtualHost, or multiple NameVirtualHost
d56e188030368b835122d759ebbf8d9613c166f4Mark Andrews directives for the same address:port, or NameVirtualHost
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews directives with no matching VirtualHosts, or multiple ip-based
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews VirtualHost sections for the same address:port. These were
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews previously accepted with a warning, but the behavior was
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews undefined. [Dan Poirier]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews *) mod_remoteip: Fix a segfault when using mod_remoteip in conjunction with
b7aab05edae933e169d5f83c653935b17c7f0a8bMark Andrews Allow/Deny. PR 49838. [Andrew Skalski <voltara gmail.com>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) core: DirectoryMatch can now match on the end of line character ($),
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews and sub-directories of matched directories are no longer implicitly
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews matched. PR49809 [Eric Covener]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews *) Regexps: introduce new higher-level regexp utility including parsing
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews and executing perl-style regexp ops (e.g s/foo/bar/i) and regexp memory
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark AndrewsChanges with Apache 2.3.8
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews *) suexec: Support large log files. PR 45856. [Stefan Fritsch]
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews *) core: Abort with sensible error message if no or more than one MPM is
5147281cb8e25c599d759dfa65fdb6f9125efefbMark Andrews loaded. [Stefan Fritsch]
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews *) mod_proxy: Rename erroronstatus to failonstatus.
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews [Daniel Ruggeri <DRuggeri primary.net>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_dav_fs: Fix broken "creationdate" property.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Regression in version 2.3.7. [Rainer Jung]
62ee2c9f460d2e2e45dcf1abc8b4b4a4a43f5618Mark AndrewsChanges with Apache 2.3.7
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) SECURITY: CVE-2010-1452 (cve.mitre.org)
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews segment. PR: 49246 [Mark Drayton, Jeff Trawick]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews [Stefan Fritsch]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_rewrite: Log errors if rewrite map files cannot be opened. PR 49639.
1eb1e1e838d2ea00b166c918bf50764a95826be8Mark Andrews [Stefan Fritsch]
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews *) mod_proxy_http: Support the 'ping' property for backend HTTP/1.1 servers
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews via leveraging 100-Continue as the initial "request".
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews [Jim Jagielski]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) core/mod_authz_core: Introduce new access_checker_ex hook that enables
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews mod_authz_core to bypass authentication if access should be allowed by
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson IP address/env var/... [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Introduce note_auth_failure hook to allow modules to add support
8ae412a86ed138263796195eed82a4716e7effcbMark Andrews for additional auth types. This makes ap_note_auth_failure() work with
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews mod_auth_digest again. PR 48807. [Stefan Fritsch]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews *) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_authn_cache: new module [Nick Kew]
6b5c57e52ac8c3e0af1547be3140ebbfb41a85b3Mark Andrews *) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews *) mod_rewrite: Allow to set environment variables without explicitly
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews giving a value. [Rainer Jung]
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson *) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews *) mod_include: recognise "text/html; parameters" as text/html
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews PR 49616 [Andrey Chernov <ache nagual.pp.ru>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) CGI vars: allow PATH to be set by SetEnv, consistent with LD_LIBRARY_PATH
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson PR 43906 [Nick Kew]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Core: Extra robustness: don't try authz and segfault if authn
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews fails to set r->user. Log bug and return 500 instead.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson PR 42995 [Nick Kew]
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews *) HTTP protocol filter: fix handling of longer chunk extensions
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Update SSL cipher suite and add example for SSLHonorCipherOrder.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Lars Eilebrecht, Rainer Jung]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews *) move AddOutputFilterByType from core to mod_filter. This should
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews fix nasty side-effects that happen when content_type is set
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews more than once in processing a request, and make it fully
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews compatible with dynamic and proxied contents. [Nick Kew]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews *) mod_log_config: Implement logging for sub second timestamps and
abf32d940f8f674b3971ef41b306a01b3da8d2cfMark Andrews request end time. [Rainer Jung]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark AndrewsChanges with Apache 2.3.6
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) SECURITY: CVE-2009-3555 (cve.mitre.org)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington attack when compiled against OpenSSL version 0.9.8m or later. Introduces
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington and offer unsafe legacy renegotiation with clients which do not yet
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington support the new secure renegotiation protocol, RFC 5746.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Joe Orton, and with thanks to the OpenSSL Team]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) SECURITY: CVE-2009-3555 (cve.mitre.org)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington by rejecting any client-initiated renegotiations. Forcibly disable
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington keepalive for the connection if there is any buffered data readable. Any
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington configuration which requires renegotiation for per-directory/location
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) SECURITY: CVE-2010-0408 (cve.mitre.org)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington when request headers indicate a request body is incoming; not a case of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) SECURITY: CVE-2010-0425 (cve.mitre.org)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mod_isapi: Do not unload an isapi .dll module until the request
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington processing is completed, avoiding orphaned callback pointers.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Filter init functions are now run strictly once per request
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington before handler invocation. The init functions are no longer run
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington for connection filters. PR 49328. [Joe Orton]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Adjust the output filter chain correctly in an internal
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington redirect from a subrequest, preserving filters from the main
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington request as necessary. PR 17629. [Joe Orton]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Response if they so choose to do so. Previously an attempt to cache a 206
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington was arbitrarily allowed if the response contained an Expires or
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Cache-Control header, and arbitrarily denied if both headers were missing.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Graham Leggett]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Add microsecond timestamp fractions, process id and thread id
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to the error log. [Rainer Jung]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) configure: The "most" module set gets build by default. [Rainer Jung]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) configure: Fix broken VPATH build when using included APR.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Rainer Jung]
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews *) mod_session_crypto: Fix configure problem when building
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews with APR 2 and for VPATH builds with included APR.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington [Rainer Jung]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington *) mod_session_crypto: API compatibility with APR 2 crypto and
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington APR Util 1.x crypto. [Rainer Jung]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) ab: Fix memory leak with -v2 and SSL. PR 49383.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Pavel Kankovsky <peak argo troja mff cuni cz>]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington *) core: Add per-module and per-directory loglevel configuration.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Add some more trace logging.
0d3490f93bb980fde704055e74c1b508987a5fe4Mark Andrews mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mod_ssl: Replace LogLevelDebugDump with trace log levels.
bf54ac86eeddce16b67c525d38d1096cc956f478Mark Andrews mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mod_dumpio: Replace DumpIOLogLevel with trace log levels.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
bf54ac86eeddce16b67c525d38d1096cc956f478Mark Andrews title page only) when any mod_ldap directives were used in VirtualHost
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews context. [Eric Covener]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews *) mod_disk_cache: Decline the opportunity to cache if the response is
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews a 206 Partial Content. This stops a reverse proxied partial response
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews from becoming cached, and then being served in subsequent responses.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews [Graham Leggett]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_deflate: avoid the risk of forwarding data before headers are set.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews PR 49369 [Matthew Steele <mdsteele google.com>]
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews *) mod_authnz_ldap: Ensure nested groups are checked when the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews top-level group doesn't have any direct non-group members
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews of attributes in AuthLDAPGroupAttribute. [Eric Covener]
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews *) mod_authnz_ldap: Search or Comparison during authorization phase
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews can use the credentials from the authentication phase
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews PR 48340 [Domenico Rotiroti, Eric Covener]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_authnz_ldap: Allow the initial DN search during authentication
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to use the HTTP username/pass instead of an anonymous or hard-coded
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Eric Covener]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington when this module is used for authorization. See AuthLDAPAuthorizePrefix.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR 45584 [Eric Covener]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) apxs -q: Stop filtering out ':' characters from the reported values.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR 45343. [Bill Cole]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) prefork MPM: Run cleanups for final request when process exits gracefully.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR 43857. [Tom Donovan]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Bryn Dole <dole blekko.com>]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) Log an error for failures to read a chunk-size, and return 408 instead of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington 413 when this is due to a read timeout. This change also fixes some cases
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington of two error documents being sent in the response for the same scenario.
bf54ac86eeddce16b67c525d38d1096cc956f478Mark Andrews [Eric Covener] PR49167
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
01bf5871f8861eb805dd8ca79bdb9b0b9e4e6a5eMark Andrews to control/set the nonce used in the balancer-manager application.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Jim Jagielski]
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Stefan Fritsch]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) Proxy balancer: support setting error status according to HTTP response
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) htcacheclean: Introduce the ability to clean specific URLs from the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington cache, if provided as an optional parameter on the command line.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Graham Leggett]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Introduce the IncludeStrict directive, which explicitly fails
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington server startup if no files or directories match a wildcard path.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Graham Leggett]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) htcacheclean: Report additional statistics about entries deleted.
b7aab05edae933e169d5f83c653935b17c7f0a8bMark Andrews PR 48944. [Mark Drayton mark markdrayton.info]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews build of openssl is required for 'SSLFIPS on'. PR 46270.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews [Dr Stephen Henson <steve openssl.org>, William Rowe]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy_http: Log the port of the remote server in various messages.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews PR 48812. [Igor Galić <i galic brainsware org>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy_ajp: Really regard the operation a success, when the client
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington aborted the connection. In addition adjust the log message if the client
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington aborted the connection. [Ruediger Pluem]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington allows insecure renegotiation with clients which do not yet
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington support the secure renegotiation protocol. [Joe Orton]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews is configured for client cert auth. PR 46952. [Joe Orton]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Only log a 408 if it is no keepalive timeout. PR 39785
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews [Ruediger Pluem, Mark Montague <markmont umich.edu>]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) support/rotatelogs: Add -L option to create a link to the current
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews setting only, matching most of the documentation and examples.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 46541 [Paul Reder, Eric Covener]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_negotiation: Preserve query string over multiviews negotiation.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews This buglet was fixed for type maps in 2.2.6, but the same issue
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington affected multiviews and was overlooked.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews PR 33112 [Joergen Thomsen <apache jth.net>]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews when some are not password-protected. [Eric Covener]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) Fix startup segfault when the Mutex directive is used but no loaded
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews modules use httpd mutexes. PR 48787. [Jeff Trawick]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Proxy: get the headers right in a HEAD request with
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington ProxyErrorOverride, by checking for an overridden error
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington before not after going into a catch-all code path.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR 41646. [Nick Kew, Stuart Children]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) support/rotatelogs: Support the simplest log rotation case, log
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington truncation. Useful when the log is being processed in real time
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington using a command like tail. [Graham Leggett]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) support/htcacheclean: Teach it how to write a pid file (modelled on
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington httpd's writing of a pid file) so that it becomes possible to run
bf54ac86eeddce16b67c525d38d1096cc956f478Mark Andrews more than one instance of htcacheclean on the same machine.
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews [Graham Leggett]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Log command line on startup, so there's a record of command line
abf32d940f8f674b3971ef41b306a01b3da8d2cfMark Andrews arguments like -f. PR 48752. [Dan Poirier]
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews *) Introduce mod_reflector, a handler capable of reflecting POSTed
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews request bodies back within the response through the output filter
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews stack. Can be used to turn an output filter into a web service.
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews [Graham Leggett]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy_http: Make sure that when an ErrorDocument is served
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews from a reverse proxied URL, that the subrequest respects the status
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews of the original request. This brings the behaviour of proxy_handler
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews in line with default_handler. PR 47106. [Graham Leggett]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Support wildcards in both the directory and file components of
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews the path specified by the Include directive. [Graham Leggett]
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington *) mod_proxy, mod_proxy_http: Support remote https proxies
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington by using HTTP CONNECT. PR 19188.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
83a810eba60ae87341a2d177ff60d834e26d7a90Mark Andrews *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington [Philip M. Gollucci]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) worker: Don't report server has reached MaxClients until it has.
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews Add message when server gets within MinSpareThreads of MaxClients.
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews PR 46996. [Dan Poirier]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) mod_session: Session expiry was being initialised, but not updated
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews on each session save, resulting in timed out sessions when there
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews should not have been. Fixed. [Graham Leggett]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) mod_log_config: Add the R option to log the handler used within the
83a810eba60ae87341a2d177ff60d834e26d7a90Mark Andrews request. [Christian Folini <christian.folini netnea com>]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) mod_include: Allow fine control over the removal of Last-Modified and
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews ETag headers within the INCLUDES filter, making it possible to cache
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews responses if desired. Fix the default value of the SSIAccessEnable
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews directive. [Graham Leggett]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) Add new UnDefine directive to undefine a variable. PR 35350.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews [Stefan Fritsch]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews for regex backreferences as mod_rewrite and mod_include: Remove the use
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews of '&' as an alias for '$0' and allow to escape any character with a
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews backslash. PR 48351. [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews password to UTF-8. PR 45318.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) ab: Fix calculation of requests per second in HTML output. PR 48594.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews password now result in an informational level log entry instead of
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews warning level. [Eric Covener]
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsChanges with Apache 2.3.5
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews *) SECURITY: CVE-2010-0434 (cve.mitre.org)
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews Ensure each subrequest has a shallow copy of headers_in so that the
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews parent request headers are not corrupted. Eliminates a problematic
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews optimization in the case of no request body. PR 48359
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews [Jake Scott, William Rowe, Ruediger Pluem]
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews *) Turn static function get_server_name_for_url() into public
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews ap_get_server_name_for_url() and use it where appropriate. This
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews fixes mod_rewrite generating invalid URLs for redirects to IPv6
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews literal addresses. [Stefan Fritsch]
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews for LDAP operations like bind and search. [Stefan Fritsch]
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
6fac7ff1f9ec9c3873d3b55c5079fa79aba1f146Mark Andrews mod_proxy_ftp. [Takashi Sato]
48b492d73ae5328c5efef4b9e0f22063e0ab058aMark Andrews *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
48b492d73ae5328c5efef4b9e0f22063e0ab058aMark Andrews mod_proxy_connect. [Takashi Sato]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_cache: Do an exact match of the keys defined by
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews CacheIgnoreURLSessionIdentifiers against the querystring instead of
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews a partial match. PR 48401.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Core HTTP: disable keepalive when the Client has sent
ca9a8f6d0b0f2a400a96f868193471510364336fMark Andrews Expect: 100-continue
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews but we respond directly with a non-100 response.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews Keepalive here led to data from clients continuing being treated as
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews a new request.
3a9a66b32adf379e680d18e92428058910880119Mark Andrews PR 47087 [Nick Kew]
2da2220fe7af2c45724b50b0187523b1fab0cf08Rob Austein *) Core: reject NULLs in request line or request headers.
7e5b2100ea65658a7ec3795919b4ecd29a6f118aMark Andrews PR 43039 [Nick Kew]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Core: (re)-introduce -T commandline option to suppress documentroot
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews check at startup.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 41887 [Jan van den Berg <janvdberg gmail.com>]
3a9a66b32adf379e680d18e92428058910880119Mark Andrews *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews ScanHTMLTitles, ReadmeName, HeaderName
7e5b2100ea65658a7ec3795919b4ecd29a6f118aMark Andrews PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
3a9a66b32adf379e680d18e92428058910880119Mark Andrews *) Proxy: Fix ProxyPassReverse with relative URL
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Derived (slightly erroneously) from PR 38864 [Nick Kew]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_headers: align Header Edit with Header Set when used on Content-Type
3a9a66b32adf379e680d18e92428058910880119Mark Andrews PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_headers: Enable multi-match-and-replace edit option
abf32d940f8f674b3971ef41b306a01b3da8d2cfMark Andrews PR 46594 [Nick Kew]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_filter: enable it to act on non-200 responses.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR 48377 [Nick Kew]
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsChanges with Apache 2.3.4
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews and WatchdogMutexPath with a single Mutex directive. Add APIs to
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews simplify setup and user customization of APR proc and global mutexes.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) http_core: KeepAlive no longer accepts other than On|Off.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews [Takashi Sato]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Jeff Trawick]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington try other providers in the case of an LDAP bind failure.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
83a810eba60ae87341a2d177ff60d834e26d7a90Mark Andrews *) Build: fix --with-module to work as documented
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 43881 [Gez Saunders <gez.saunders virgin.net>]
068a66979695c77359e7a9181bb3f831c965b21cMark AndrewsChanges with Apache 2.3.3
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) SECURITY: CVE-2009-3095 (cve.mitre.org)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington mod_proxy_ftp: sanity check authn credentials.
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews [Stefan Fritsch <sf fritsch.de>, Joe Orton]
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington *) SECURITY: CVE-2009-3094 (cve.mitre.org)
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews mod_proxy_ftp: NULL pointer dereference on error paths.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Stefan Fritsch <sf fritsch.de>, Joe Orton]
7a6ad11e0185a73984410f3252f3c49c3a301dbdBrian Wellington *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_dav: Include uri when logging a PUT error due to connection abort.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 38149. [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (a COPY request where the parent of the destination resource does not
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews exist). PR 39299. [Stefan Fritsch]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 42896. [Stefan Fritsch]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews creating files. On systems with inode numbers, this is a format change of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington the DavLockDB. The old DavLockDB must be deleted on upgrade.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Stefan Fritsch]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_log_config: Make ${cookie}C correctly match whole cookie names
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Stefan Fritsch]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) vhost: A purely-numeric Host: header should not be treated as a port.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 44979 [Nick Kew]
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews LDAPReferralHopLimit is explicitly configured.
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson [Eric Covener]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Eric Covener]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_ssl: Add support for OCSP Stapling. PR 43822.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Dr Stephen Henson <shenson oss-institute.org>]
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews *) mod_socache_shmcb: Allow parens in file name if cache size is given.
01bf5871f8861eb805dd8ca79bdb9b0b9e4e6a5eMark Andrews Fixes SSLSessionCache directive mis-parsing parens in pathname.
01bf5871f8861eb805dd8ca79bdb9b0b9e4e6a5eMark Andrews PR 47945. [Stefan Fritsch]
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) mod_sed: Reduce memory consumption when processing very long lines.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) ab: Fix segfault in case the argument for -n is a very large number.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 47178. [Philipp Hagemeister <oss phihag.de>]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews [Stefan Fritsch]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews for worker MPM. [Takashi Sato]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Brian France <brian brianfrance.com>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Build: Use install instead of cp if available on installing
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
49ef9cb60f37eb190986b750db57a194c8f7321cMark Andrews *) mod_cache: correctly consider s-maxage in cacheability
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington decisions. [Dan Poirier]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_logio/core: Report more accurate byte counts in mod_status if
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews mod_logio is loaded. PR 25656. [Stefan Fritsch]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews some cache entries and log a warning. Also increase the default
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington LDAPSharedCacheSize to 500000. This is a more realistic size suitable
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 46749. [Stefan Fritsch]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews Location section, in line with how ProxyPass works. [Graham Leggett]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) mod_reqtimeout: New module to set timeouts and minimum data rates for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington receiving requests from the client. [Stefan Fritsch]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) core: Fix potential memory leaks by making sure to not destroy
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews bucket brigades that have been created by earlier filters.
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington [Stefan Fritsch]
53aed64e0f8553762fc0c380ee41cb42f514c7d5Brian Wellington *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews brigades in several places. [Stefan Fritsch]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews match by scheme, or by a wildcarded hostname. PR 40169
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_mime: Make RemoveType override the info from TypesConfig.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews PR 38330. [Stefan Fritsch]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_cache: Introduce the option to run the cache from within the
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews normal request handler, and to allow fine grained control over
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews where in the filter chain content is cached. [Graham Leggett]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) core: Treat timeout reading request as 408 error, not 400.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews Log 408 errors in access log as was done in Apache 1.3.x.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews Stefan Fritsch <sf fritsch.de>, Dan Poirier]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews PR15866. [Dan Poirier]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) ab: ab segfaults in verbose mode on https sites
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews PR46393. [Ryan Niebur]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_dav: Allow other modules to become providers and add resource types
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews Brian France <brian brianfrance.com>]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_dav: Allow other modules to add things to the DAV or Allow headers
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews Brian France <brian brianfrance.com>]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) core: Lower memory usage of core output filter.
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews [Stefan Fritsch <sf sfritsch.de>]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews LocationMatch sections. PR47754. [Dan Poirier]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_request: Make sure the KeptBodySize directive rejects values
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington that aren't valid numbers. [Graham Leggett]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) mod_session_crypto: Sanity check should the potentially encrypted
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews session cookie be too short. [Graham Leggett]
7e1a8f402e3881388db37152f71c698cb1f1c426Mark Andrews *) mod_session.c: Prevent a segfault when session is added but not
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews configured. [Graham Leggett]
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_auth_digest: Fail server start when nonce count checking
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews is configured without shared memory, or md5-sess algorithm is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington configured. [Dan Poirier]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_proxy_connect: The connect method doesn't work if the client is
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews connecting to the apache proxy through an ssl socket. Fixed.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Kevin Croft, Rudolf Cardinal]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_ssl: The error message when SSLCertificateFile is missing should
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews at least give the name or position of the problematic virtual host
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews definition. [Stefan Fritsch sf sfritsch.de]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_headers: generalise the envclause to support expression
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews evaluation with ap_expr parser [Nick Kew]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews the flood of requests at bay that strike a backend webserver as
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews a cached entity goes stale. [Graham Leggett]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_auth_digest: Fix usage of shared memory and re-enable it.
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington PR 16057 [Dan Poirier]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Preserve Port information over internal redirects
73eb75dc212911e4da58a3ce0a4672d3910193ebBrian Wellington *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews rather than BAD_GATEWAY or (especially) NOT_FOUND.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 46971 [evanc nortel.com]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Various modules: Do better checking of pollset operations in order to
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews avoid segmentation faults if they fail. PR 46467
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews [Stefan Fritsch <sf sfritsch.de>]
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews *) mod_autoindex: Correctly create an empty cell if the description
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) ab: Fix broken error messages after resolver or connect() failures.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Jeff Trawick]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) SECURITY: CVE-2009-1890 (cve.mitre.org)
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Fix a potential Denial-of-Service attack against mod_proxy in a
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews reverse proxy configuration, where a remote attacker can force a
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) SECURITY: CVE-2009-1191 (cve.mitre.org)
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews mod_proxy_ajp: Avoid delivering content from a previous request which
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews failed to send a request body. PR 46949 [Ruediger Pluem]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) htdbm: Fix possible buffer overflow if dbm database has very
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington long values. PR 30586 [Dan Poirier]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) core: Return APR_EOF if request body is shorter than the length announced
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) mod_suexec: correctly set suexec_enabled when httpd is run by a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington non-root user and may have insufficient permissions.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews PR 42175 [Jim Radford <radford blackbean.org>]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews type. PR 45107. [Michael Ströder <michael stroeder.com>,
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson *) mod_proxy_http: fix case sensitivity checking transfer encoding
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson *) mod_alias: ensure Redirect issues a valid URL.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 44020 [Håkon Stordahl <hakon stordahl.org>]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_dir: add FallbackResource directive, to enable admin to specify
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews an action to happen when a URL maps to no file, without resorting
8227257b1c0224a7991e04bb79dc5059d5062dfbAndreas Gustafsson to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_rewrite: Remove locking for writing to the rewritelog.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews PR 46942 [Dan Poirier <poirier pobox.com>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_alias: check sanity in Redirect arguments.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews defined session identifiers encoded in the URL when caching.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews [Ruediger Pluem]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_rewrite: Fix the error string returned by RewriteRule.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews argument of RewriteRule was not started with "[" or not ended with "]".
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Windows: Fix usage message.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews [Rainer Jung]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) apachectl: When passing through arguments to httpd in
83a810eba60ae87341a2d177ff60d834e26d7a90Mark Andrews non-SysV mode, use the "$@" syntax to preserve arguments.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Eric Covener]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
b0804b92737de82fc15fb44e35f70797b4ee166fMark Andrews be run when a connection is opened. PR 46827
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Marko Kevac <mkevac gmail.com>]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 47037. [Jeff Trawick]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington protocol. [Mladen Turk]
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews *) mod_proxy_ajp: Forward remote port information by default.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Rainer Jung]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Allow MPMs to be loaded dynamically, as with most other modules. Use
832cebe0cbc843785897f1c124ae54958028c4e7Mark Andrews --enable-mpms-shared={list|"all"} to enable. This required changes to
832cebe0cbc843785897f1c124ae54958028c4e7Mark Andrews the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed
832cebe0cbc843785897f1c124ae54958028c4e7Mark Andrews header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
832cebe0cbc843785897f1c124ae54958028c4e7Mark Andrews ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
832cebe0cbc843785897f1c124ae54958028c4e7Mark Andrews called until after the register-hooks phase. [Jeff Trawick]
832cebe0cbc843785897f1c124ae54958028c4e7Mark Andrews *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
832cebe0cbc843785897f1c124ae54958028c4e7Mark Andrews to enable stricter checking of remote server certificates.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Ruediger Pluem]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews returns EINPROGRESS and a subsequent poll() returns only POLLERR.
aa85e0c64e3e659f11d10e40eafdfe122ff684afMark Andrews Observed on HP-UX. [Eric Covener]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Remove broken support for BeOS, TPF, and even older platforms such
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews as A/UX, Next, and Tandem. [Jeff Trawick]
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington globbing characters to be retrieved instead of converted into a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews of module state across unload/load. [Jeff Trawick]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_substitute: Fix a memory leak. PR 44948
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Dan Poirier <poirier pobox.com>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas GustafssonChanges with Apache 2.3.2
992616aaf75643a0c9f84826f0a1ed5a27e84328Mark Andrews *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
113aa279d1f5dbe77dfaa5a7f35623d49c85b77fMark Andrews *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews HTML injections and HTTP response splitting. PR 46837.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Geoff Keating <geoffk apple.com>]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
3341c8b653577f2f0cb8b72702ea6197035334ffMark Andrews development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson *) ab: Fix maintenance of the pollset to resolve EALREADY errors
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
d912d1139efa8410785f0fc88dfb7dc7fbaae6deMark Andrews pollset implementations. [Jeff Trawick]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews *) mod_disk_cache: The module now turns off sendfile support if
1b0a1b6d994d736ccb243886c3ba188978003641Mark Andrews 'EnableSendfile off' is defined globally. [Lars Eilebrecht]
282e38d96feb488fddbbc0b0409491094786977fMark Andrews *) mod_deflate: Adjust content metadata before bailing out on 304
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews responses so that the metadata does not differ from 200 response.
5147281cb8e25c599d759dfa65fdb6f9125efefbMark Andrews [Roy T. Fielding]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_deflate: Fix creation of invalid Etag headers. We now make sure
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews that the Etag value is properly quoted when adding the gzip marker.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) Added 20x22 icons for ODF, SVG, and XML documents. PR 37185.
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews [Peter Harlow]
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews *) Disabled DefaultType directive and removed ap_default_type()
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews from core. We now exclude Content-Type from responses for which
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews a media type has not been configured via mime.types, AddType,
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews ForceType, or some other mechanism. PR 13986. [Roy T. Fielding]
0ca8fddd5b5e26d8a05f0936fc4b2666a025b9c0Mark Andrews *) mod_rewrite: Add IPV6 variable to RewriteCond
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews [Ryan Phillips <ryan-apache trolocsis.com>]
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews *) core: Enhance KeepAliveTimeout to support a value in milliseconds.
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews PR 46275. [Takashi Sato]
8fca573ba41a1669fff64f234275e956551eb6e5Mark Andrews *) rotatelogs: Allow size units B, K, M, G and combination of
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews time and size based rotation. [Rainer Jung]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews *) core: Translate the the status line to ASCII on EBCDIC platforms in
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews ap_send_interim_response() and for locally generated "100 Continue"
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews responses. [Eric Covener]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews *) prefork: Fix child process hang during graceful restart/stop in
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews configurations with multiple listening sockets. PR 42829. [Joe Orton,
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews Jeff Trawick]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews *) mod_session_crypto: Ensure that SessionCryptoDriver can only be
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews set in the global scope. [Graham Leggett]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews *) mod_ext_filter: We need to detect failure to startup the filter
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews program (a mangled response is not acceptable). Fix to detect
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews failure, and offer configuration option either to abort or
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews to remove the filter and continue.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews PR 41120 [Nick Kew]
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews *) mod_session_crypto: Rewrite the session_crypto module against the
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews apr_crypto API. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews until the main request is cleaned up. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsChanges with Apache 2.3.1
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) ap_slotmem: Add in new slot-based memory access API impl., including
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews 2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Jean-Frederic Clere, Brian Akins <brian.akins turner.com>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_include: support generating non-ASCII characters as entities in SSI
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 25202 [Nick Kew]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 25202 [Nick Kew]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_rewrite: fix "B" flag breakage by reverting r5589343
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) CGI: return 504 (Gateway timeout) rather than 500 when a script
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews times out before returning status line/headers.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 42190 [Nick Kew]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_cgid: fix segfault problem on solaris.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_proxy_scgi: Added. [André Malo]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_cache: Introduce 'no-cache' per-request environment variable
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to prevent the saving of an otherwise cacheable response.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Eric Covener]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews way that per-directory rewrites append the previous notion of PATH_INFO
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to each substitution before evaluating subsequent rules.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 38642 [Eric Covener]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_cgid: Do not add an empty argument when calling the CGI script.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 46380 [Ruediger Pluem]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) scoreboard: Remove unused sb_type from process_score.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Torsten Foertsch <torsten.foertsch gmx.net>, Chris Darroch]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews size of the buffer used for the request-body where necessary
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews during a per-dir renegotiation. PR 39243. [Joe Orton]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_proxy_fdpass: New module to pass a client connection over to a separate
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews process that is reading from a unix daemon socket.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_ssl: Improve environment variable extraction to be more
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews efficient and to correctly handle DNs with duplicate tags.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 45975. [Joe Orton]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Remove the obsolete serial attribute from the RPM spec file. Compile
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews against the external pcre. Add missing binaries fcgistarter, and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews mod_socache* and mod_session*. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark AndrewsChanges with Apache 2.3.0
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Remove X-Pad header which was added as a work around to a bug in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Netscape 2.x to 4.0b2. [Takashi Sato <takashi lans-tv.com>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Add DTrace Statically Defined Tracing (SDT) probes.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Theo Schlossnagle <jesus omniti.com>, Paul Querna]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_proxy_balancer: Move all load balancing implementations
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews as individual, self-contained mod_proxy submodules under
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Rename APIs to include ap_ prefix:
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews find_child_by_pid -> ap_find_child_by_pid
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews suck_in_APR -> ap_suck_in_APR
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews sys_privileges_handlers -> ap_sys_privileges_handlers
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews unixd_accept -> ap_unixd_accept
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews unixd_config -> ap_unixd_config
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews unixd_killpg -> ap_unixd_killpg
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews unixd_set_rlimit -> ap_unixd_set_rlimit
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Paul Querna]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews based on heartbeats. [Paul Querna]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_heartmonitor: New module to collect heartbeats, and write out a file
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews so that other modules can load balance traffic as needed. [Paul Querna]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_heartbeat: New module to generate multicast heartbeats to know if a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews server is online. [Paul Querna]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_buffer: Honour the flush bucket and flush the buffer in the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews input filter. Make sure that metadata buckets are written to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the buffer, not to the final brigade. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_buffer: Optimise the buffering of heap buckets when the heap
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Ruediger Pluem]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_buffer: Optional support for buffering of the input and output
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews filter stacks. Can collapse many small buckets into fewer larger
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews buckets, and prevents excessively small chunks being sent over
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews the wire. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_privileges: new module to make httpd on Solaris privileges-aware
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and to enable different virtualhosts to run with different
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews privileges and Unix user/group IDs [Nick Kew]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_mem_cache: this module has been removed. [William Rowe]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) authn/z: Remove mod_authn_default and mod_authz_default.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Chris Darroch]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) authz: Fix handling of authz configurations, make default authz
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews directives. [Chris Darroch]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_authn_core: Prevent crash when provider alias created to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews provider which is not yet registered. [Chris Darroch]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_authn_core: Add AuthType of None to support disabling
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews authentication. [Chris Darroch]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) core: Allow <Limit> and <LimitExcept> directives to nest, and
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews constrain their use to conform with that of other access control
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and authorization directives. [Chris Darroch]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) unixd: turn existing code into a module, and turn the set user/group
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews and chroot into a child_init function. [Nick Kew]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_dir: Support "DirectoryIndex disabled"
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_authnz_ldap: don't return NULL-valued environment variables to
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Don't adjust case in pathname components that are not of interest
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews to mod_mime. Fixes mod_negotiation's use of such components.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) Be tolerant in what you accept - accept slightly broken
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews status lines from a backend provided they include a valid status code.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews PR 44995 [Rainer Jung <rainer.jung kippdata.de>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) New module mod_sed: filter Request/Response bodies through sed
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Basant Kumar Kukreja <basant.kukreja sun.com>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_auth_form: Make sure that basic authentication is correctly
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews faked directly after login. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews within the output headers and error output headers, so that the
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews session is maintained across redirects. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_auth_form: Make sure the logged in user is populated correctly
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews after a form login. Fixes a missing REMOTE_USER variable directly
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews following a login. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_session_cookie: Make sure that cookie attributes are correctly
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews included in the blank cookie when cookies are removed. This fixes an
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews inability to log out when using mod_auth_form. [Graham Leggett]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews null value. [David Shane Holden <dpejesh apache.org>]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) core, authn/z: Determine registered authn/z providers directly in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ap_setup_auth_internal(), which allows optional functions that just
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews wrapped ap_list_provider_names() to be removed from authn/z modules.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Chris Darroch]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) authn/z: Convert common provider version strings to macros.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Chris Darroch]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) core: When testing for slash-terminated configuration paths in
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews ap_location_walk(), don't look past the start of an empty string
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews such as that created by a <Location ""> directive.
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews [Chris Darroch]
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews *) core, mod_proxy: If a kept_body is present, it becomes safe for
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews subrequests to support message bodies. Make sure that safety
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews checks within the core and within the proxy are not triggered
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews when kept_body is present. This makes it possible to embed
4f087942583014b241adca1bc78c6db89ed96e94Mark Andrews proxied POST requests within mod_include. [Graham Leggett]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_auth_form: Make sure the input filter stack is properly set
5b356953d735e579e5daca68319cb747a3bb8b87Mark Andrews up before reading the login form. Make sure the kept body filter
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews is correctly inserted to ensure the body can be read a second
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews time safely should the authn be successful. [Graham Leggett,
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews Ruediger Pluem]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) mod_request: Insert the KEPT_BODY filter via the insert_filter
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews hook instead of during fixups. Add a safety check to ensure the
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews filters cannot be inserted more than once. [Graham Leggett,
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews Ruediger Pluem]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews *) ap_cache_cacheable_headers_out() will (now) always
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews merge an error headers _before_ clearing them and _before_
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews merging in the actual entity headers and doing normal
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews hop-by-hop cleansing. [Dirk-Willem van Gulik].
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews *) cache: retire ap_cache_cacheable_hdrs_out() which was used
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews for both in- and out-put headers; and replace it by a single
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews ap_cache_cacheable_headers() wrapped in a in- and out-put
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews specific ap_cache_cacheable_headers_in()/out(). The latter
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews which will also merge error and ensure content-type. To keep
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews cache modules consistent with ease. This API change bumps
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews up the minor MM by one [Dirk-Willem van Gulik].
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews *) Move the KeptBodySize directive, kept_body filters and the
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews ap_parse_request_body function out of the http module and into a
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews new module called mod_request, reducing the size of the core.
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews [Graham Leggett]
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews *) mod_dbd: Handle integer configuration directive parameters with a
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews dedicated function.
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews *) Change the directives within the mod_session* modules to be valid
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews both inside and outside the location/directory sections, as
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews suggested by wrowe. [Graham Leggett]
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews *) mod_auth_form: Add a module capable of allowing end users to log
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews in using an HTML form, storing the credentials within mod_session.
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews [Graham Leggett]
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews *) Add a function to the http filters that is able to parse an HTML
959fb01017fa83578e7c8776ed3baba3076a2409Mark Andrews form request with the type of application/x-www-form-urlencoded.
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson [Graham Leggett]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson *) mod_session_crypto: Initialise SSL in the post config hook.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Ruediger Pluem, Graham Leggett]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson *) mod_session_dbd: Add a session implementation capable of storing
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson session information in a SQL database via the dbd interface. Useful
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews for sites where session privacy is important. [Graham Leggett]
754ebd37e782356aedbb2987e3c1a8ab4f29574eMark Andrews *) mod_session_crypto: Add a session encoding implementation capable
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews of encrypting and decrypting sessions wherever they may be stored.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews Introduces a level of privacy when sessions are stored on the
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews browser. [Graham Leggett]
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews *) mod_session_cookie: Add a session implementation capable of storing
5c679dbb66df92766f6a7e7bb93c18d61275d1feMark Andrews session information within cookies on the browser. Useful for high
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews volume sites where server bound sessions are too resource intensive.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Graham Leggett]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) mod_session: Add a generic session interface to unify the different
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews attempts at saving persistent sessions across requests.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Graham Leggett]
da93950363b307b718d156514b95b9df93a63776Mark Andrews *) core, authn/z: Avoid calling access control hooks for internal requests
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews with configurations which match those of initial request. Revert to
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews original behaviour (call access control hooks for internal requests
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews with URIs different from initial request) if any access control hooks or
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews providers are not registered as permitting this optimization.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Introduce wrappers for access control hook and provider registration
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews which can accept additional mode and flag data. [Chris Darroch]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) Introduced ap_expr API for expression evaluation.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews This is adapted from mod_include, which is the first module
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington to use the new API.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews *) mod_authz_dbd: When redirecting after successful login/logout per
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews AuthzDBDRedirectQuery, do not report authorization failure, and use
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews first row returned by database query instead of last row.
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews [Chris Darroch]
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews *) mod_ldap: Correctly return all requested attribute values
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews when some attributes have a null value.
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews PR 44560 [Anders Kaseorg <anders kaseorg.com>]
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews *) core: check symlink ownership if both FollowSymlinks and
195e7b7a6e0bdc80373d65085e12a2950e9a1226Mark Andrews SymlinksIfOwnerMatch are set [Nick Kew]
e7c6cbab8c749cdfcbaec6be9b5360d7055b65d7Mark Andrews *) core: fix origin checking in SymlinksIfOwnerMatch
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
251227789bd26421471076f04f4e9eb7f0efb2f1Mark Andrews *) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews contain public function declarations which are useful for
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews third party module authors. PR 42431 [Dirk-Willem van Gulik].
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews *) mod_dir, mod_negotiation: pass the output filter information
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews to newly created sub requests; as these are later on used
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews as true requests with an internal redirect. This allows for
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews mod_cache et.al. to trap the results of the redirect.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Dirk-Willem van Gulik, Ruediger Pluem]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_ldap: Add support (taking advantage of the new APR capability)
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews for ldap rebind callback while chasing referrals. This allows direct
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews searches on LDAP servers (in particular MS Active Directory 2003+)
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews using referrals without the use of the global catalog.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PRs 26538, 40268, and 42557 [Paul J. Reder]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) ApacheMonitor.exe: Introduce --kill argument for use by the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews installer. This will permit the installation tool to remove
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews all running instances before attempting to remove the .exe.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [William Rowe]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_ssl: Add support for OCSP validation of client certificates.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_serf: New module for Reverse Proxying. [Paul Querna]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) core: Add the option to keep aside a request body up to a certain
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews size that would otherwise be discarded, to be consumed by filters
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews such as mod_include. When enabled for a directory, POST requests
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews to shtml files can be passed through to embedded scripts as POST
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews requests, rather being downgraded to GET requests. [Graham Leggett]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) scoreboard: Correctly declare ap_time_process_request.
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews provide the unusual legacy lookup. [William Rowe]
45eca3a5d46ed15aee14d81f6cb6c9fb6f365344Mark Andrews *) mpm winnt: fix null pointer dereference
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews PR 42572 [Davi Arnaut]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews parameters to the environment. Improve portability to
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews EBCDIC machines by using apr_toupper(). [Martin Kraemer]
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews *) mod_ldap, mod_authnz_ldap: Add support for nested groups (i.e. the ability
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews to authorize an authenticated user via a "require ldap-group X" directive
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews where the user is not in group X, but is in a subgroup contained in X.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews PR 42891 [Paul J. Reder]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews *) apxs: Enhance -q flag to print all known variables and their values
702d5594271bf0ade096b5a9bf4092f43604d451Mark Andrews when invoked without variable name(s).
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [William Rowe, Sander Temme]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) apxs: Eliminate run-time check for mod_so. PR 40653.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [David M. Lee <dmlee crossroads.com>]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) beos MPM: Create pmain pool and run modules' child_init hooks when
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington [Chris Darroch]
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews cleanups registered in modules' child_init hooks are performed.
251227789bd26421471076f04f4e9eb7f0efb2f1Mark Andrews [Chris Darroch]
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews *) Fix issue which could cause error messages to be written to access logs
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews on Win32. PR 40476. [Tom Donovan <Tom.Donovan acm.org>]
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews *) The LockFile directive, which specifies the location of
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews the accept() mutex lockfile, is deprecated. Instead, the
c28a1243429dfaf8dc5f6c1db0dccdc6ce386baeMark Andrews AcceptMutex directive now takes an optional lockfile
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews location parameter, ala SSLMutex. [Jim Jagielski]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) mod_authn_dbd: Export any additional columns queried in the SQL select
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews into the environment with the name AUTHENTICATE_<COLUMN>. This brings
5f7e0eb1cb917b788906d3e2aa01bfc4885dcae4Mark Andrews mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews *) mod_dbd: Key the storage of prepared statements on the hex string
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews value of server_rec, rather than the server name, as the server name
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews may change (eg when the server name is set) at any time, causing
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
920c892667f7a1a284cc0f62e52a0cd3a7a78e14Mark Andrews *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
70232e6b444994979d8bab60bc9a8656ffd861e9Mark Andrews the first bucket from the brigade, finds it not to be a FILE
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson bucket and barfs. The fix is to pass a bucket rather than a brigade.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews [Niklas Edmundsson <nikke acc.umu.se>]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews *) ap_get_server_version() has been removed. Third-party modules must
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews now use ap_get_server_banner() or ap_get_server_description().
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews [Jeff Trawick]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews *) All MPMs: Introduce a check_config phase between pre_config and
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews open_logs, to allow modules to review interdependent configuration
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews directive values and adjust them while messages can still be logged
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews to the console. Handle relevant MPM directives during this phase
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews and format messages for both the console and the error log, as
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews appropriate. [Chris Darroch]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews to circumvent the symbolic link checks imposed by FollowSymLinks and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
f55369d776907119cd8699a4119d9c80daa7cae4Mark Andrews *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews The default is none as this is far greater debugging resolution than
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews the typical administrator is prepared to untangle. [William Rowe]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) mod_disk_cache: If possible, check if the size of an object to cache is
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews within the configured boundaries before actually saving data.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Niklas Edmundsson <nikke acc.umu.se>]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews *) Worker and event MPMs: Remove improper scoreboard updates which were
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson performed in the event of a fork() failure. [Chris Darroch]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Add support for fcgi:// proxies to mod_rewrite.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Markus Schiegl <ms schiegl.com>]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews *) Remove incorrect comments from scoreboard.h regarding conditional
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews loading of worker_score structure with mod_status, and remove unused
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews definitions relating to old life_status field.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Chris Darroch <chrisd pearsoncmg.com>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Remove allocation of memory for unused array of lb_score pointers
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Garrett Rooney, Jim Jagielski, Paul Querna]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Chris Darroch <chrisd pearsoncmg.com>]
7adcb4de92bf4383a4c5624c4ed256736d02bc6dMark Andrews *) mod_charset_lite: Remove Content-Length when output filter can
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews invalidate it. Warn when input filter can invalidate it.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Jeff Trawick]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Authz: Add the new module mod_authn_core that will provide common
e49d15b398d34b76ceb51e50bcfea9501ade07b6Mark Andrews authn directives such as 'AuthType', 'AuthName'. Move the directives
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews into mod_authn_core. [Brad Nicholes]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews into the new module mod_access_compat which can be loaded to provide
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews support for these directives.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews [Brad Nicholes]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Authz: Move the 'Require' directive from the core module as well as
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews logic into the authorization processing. [Brad Nicholes]
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews *) Authz: Add the new module mod_authz_core which acts as the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews authorization provider vector and contains common authz
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews directives. [Brad Nicholes]
e4757e3dafe50ae59f693eec828f68c42c197a70Andreas Gustafsson *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews host-based access control provided by mod_authz_host and invoked
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews through the 'Require' directive. [Brad Nicholes]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Authz: Convert all of the authz modules from hook based to
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews provider based. [Brad Nicholes]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) mod_cache: Add CacheMinExpire directive to set the minimum time in
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews seconds to cache a document.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Brian Akins <brian.akins turner.com>, Ruediger Pluem]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Fix typo in ProxyStatus syntax error message.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Asynchronous write completion for the Event MPM. [Brian Pane]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Added an End-Of-Request bucket type. The logging of a request and
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews the freeing of its pool are now done when the EOR bucket is destroyed.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews This has the effect of delaying the logging until right after the last
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews of the response is sent; ap_core_output_filter() calls the access logger
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews indirectly when it destroys the EOR bucket. [Brian Pane]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Rewrite of logresolve support utility: IPv6 addresses are now supported
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews and the format of statistical output has changed. [Colm MacCarthaigh]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Added new connection states for handler and write completion
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Brian Pane]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Justin Erenkrantz]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews allowing string-valued client certificate attributes to be used for
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Martin Kraemer, David Reid]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews [Apache 2.3.0-dev includes those bug fixes and changes with the
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews Apache 2.2.xx tree as documented, and except as noted, below.]
aa1d397c4736cd86540555193d71e55fa3b37b2aMark AndrewsChanges with Apache 2.2.x and later:
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
aa1d397c4736cd86540555193d71e55fa3b37b2aMark AndrewsChanges with Apache 2.0.x and later:
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
aa1d397c4736cd86540555193d71e55fa3b37b2aMark AndrewsChanges with Apache 1.3.x and later: