CHANGES revision 12b26f433fd7d6fc9f76413d7c2cabf4fa5cb300
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte -*- coding: utf-8 -*-
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteChanges with Apache 2.3.11
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_rewrite: Allow to unset environment variables using E=!VAR.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 49512. [Mark Drayton <mark markdrayton info>, Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_headers: Restore the 2.3.8 and earlier default for the first
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte argument of the Header directive ("onsuccess"). [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Disallow the mixing of relative and absolute Options PR 33708.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Sönke Tesch <st kino-fahrplan.de>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: When exporting request headers to HTTP_* environment variables,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte drop variables whose names contain invalid characters. Describe in the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: When selecting an IP-based virtual host, favor an exact match for
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte the port over a wildcard (or omitted) port instead of favoring the one
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte that came first in the configuration file. [Eric Covener]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) core: Overlapping virtual host address/port combinations now implicitly
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte enable name-based virtual hosting for that address. The NameVirtualHost
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte directive has no effect, and _default_ is interpreted the same as "*".
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: In the absence of any Options directives, the default is now
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte "FollowSymlinks" instead of "All". [Igor Galić]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) rotatelogs: Add -e option to write logs through to stdout for optional
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte further processing. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ssl: Correctly read full lines in input filter when the line is
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte incomplete during first read. PR 50481. [Ruediger Pluem]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_authz_core: Add AuthzSendForbiddenOnFailure directive to allow
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte sending '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authorization
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte fails for an authenticated user. PR 40721. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteChanges with Apache 2.3.10
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_rewrite: Don't implicitly URL-escape the original query string
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte when no substitution has changed it. PR 50447. [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Honor 'AcceptPathInfo OFF' during internal redirects,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte such as per-directory mod_rewrite substitutions. PR 50349.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte rules/conditions before the overridden rules/conditions. PR 39313.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_autoindex: add IndexIgnoreReset to reset the list of IndexIgnored
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte filenames in higher precedence configuration sections. PR 24243.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cgid: RLimit* directive support for mod_cgid. PR 42135
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Fail startup when the argument to ServerName looks like a glob
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte or a regular expression instead of a hostname (*?[]). PR 39863
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_userdir: Add merging of enable, disable, and filename arguments
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte to UserDir directive, leaving enable/disable of userlists unmerged.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 44076 [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) httpd: When no -k option is provided on the httpd command line, the server
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte was starting without checking for an existing pidfile. PR 50350
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy: Put the worker in error state if the SSL handshake with the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte backend fails. PR 50332.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache_disk: Fix Windows build which was broken after renaming
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte the module. [Gregg L. Smith]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteChanges with Apache 2.3.9
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) SECURITY: CVE-2010-1623 (cve.mitre.org)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Fix a denial of service attack against mod_reqtimeout.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_headers: Change default first argument of Header directive
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte from "onsuccess" to "always". [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_include: Add the onerror attribute to the include element,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte allowing an URL to be specified to include on error. [Graham
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache_disk: mod_disk_cache renamed to mod_cache_disk, to be
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte consistent with the naming of other modules. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_setenvif: Add SetEnvIfExpr directive to set env var depending on
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte expression. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy: Fix ProxyPassInterpolateEnv directive. PR 50292.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte binary (Suexec Off), or force startup failure if suEXEC is required
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte but not supported (Suexec On). Change SuexecUserGroup to fail
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte startup instead of just printing a warning if suEXEC is disabled.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Jeff Trawick]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Add Error directive for aborting startup or htaccess processing
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte with a specified error message. [Jeff Trawick]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_rewrite: Fix the RewriteEngine directive to work within a
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte location. Previously, once RewriteEngine was switched on globally,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte it was impossible to switch off. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core, mod_include, mod_ssl: Move the expression parser derived from
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_include back into mod_include. Replace ap_expr with a parser
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte derived from mod_ssl's parser. Make mod_ssl use the new parser. Rework
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte ap_expr's public interface and provide hooks for modules to add variables
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte and functions. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Do the hook sorting earlier so that the hooks are properly sorted
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte for the pre_config hook and during parsing the config. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: In the absence of any AllowOverride directives, the default is now
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte "None" instead of "All". PR49823 [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <Directory> or <Files>. PR47765 [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) prefork/worker/event MPMS: default value (when no directive is present)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte to match default configuration and manual. PR47782 [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte when the child process is starting to exit. PR50220. [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_autoindex: Fix inheritance of mod_autoindex directives into
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte contexts that don't have any mod_autoindex directives. PR47766.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte of rewrite processing when a per-directory substitution occurs.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ssl: Make sure to always log an error if loading of CA certificates
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_dav: Send 400 error if malformed Content-Range header is received for
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy: Release the backend connection as soon as EOS is detected,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte so the backend isn't forced to wait for the client to eventually
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte acknowledge the data. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy: Optimise ProxyPass within a Location so that it is stored
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte per-directory, and chosen during the location walk. Make ProxyPass
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte work correctly from within a LocationMatch. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Fix segfault if per-module LogLevel is on virtual host
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte scope. PR 50117. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy: Move the ProxyErrorOverride directive to have per
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte directory scope. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_allowmethods: New module to deny certain HTTP methods without
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte interfering with authentication/authorization. [Paul Querna,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Igor Galić, Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ssl: Log certificate information and improve error message if client
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) htcacheclean: Teach htcacheclean to limit cache size by number of
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte inodes in addition to size of files. Prevents a cache disk from
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte running out of space when many small files are cached.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte describes more accurately what the directive does. The old name
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte still works but logs a warning. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Optionally serve stale data when a revalidation returns a
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte 5xx response, controlled by the CacheStaleOnError directive.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) htcacheclean: Allow the listing of valid URLs within the cache, with
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte the option to list entry metadata such as sizes and times. [Graham
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: correctly parse quoted strings in cache headers.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 50199 [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Allow control over the base URL of reverse proxied requests
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte using the CacheKeyBaseURL directive, so that the cache key can be
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte calculated from the endpoint URL instead of the server URL. [Graham
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: CacheLastModifiedFactor, CacheStoreNoStore, CacheStorePrivate,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte CacheStoreExpired, CacheIgnoreNoLastMod, CacheDefaultExpire,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte CacheMinExpire and CacheMaxExpire can be set per directory/location.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_disk_cache: CacheMaxFileSize, CacheMinFileSize, CacheReadSize and
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte CacheReadTime can be set per directory/location. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Speed up config parsing if using a very large number of config
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte files. PR 50002 [andrew cloudaccess net]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) htcacheclean: Allow the option to round up file sizes to a given
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte block size, improving the accuracy of disk usage. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ssl: Add authz providers for use with mod_authz_core and its
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte 'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte 'ssl-require' (expressions with same syntax as SSLRequire).
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ssl: Make the ssl expression parser thread-safe. It now requires
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte bison instead of yacc. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_disk_cache: Change on-disk header file format to support the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte link of the device/inode of the data file to the matching header
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte file, and to support the option of not writing a data file when
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte the data file is empty. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core/mod_unique_id: Add generate_log_id hook to allow to use
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte the ID generated by mod_unique_id as error log ID for requests.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Make sure that we never allow a 304 Not Modified response
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte that we asked for to leak to the client should the 304 response be
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte uncacheable. PR45341 [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Add the cache_status hook to register the final cache
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte decision hit/miss/revalidate. Add optional support for an X-Cache
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte and/or an X-Cache-Detail header to add the cache status to the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte response. PR48241 [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_authz_host: Add 'local' provider that matches connections originating
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte on the local host. PR 19938. [Stefan Fritsch]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) Event MPM: Fix crash accessing pollset on worker thread when child
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte process is exiting. [Jeff Trawick]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: For process invocation (cgi, fcgid, piped loggers and so forth)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte pass the system library path (LD_LIBRARY_PATH or platform-specific
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte variables) along with the system PATH, by default. Both should be
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte overridden together as desired using PassEnv etc; see mod_env.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [William Rowe]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Introduce CacheStoreExpired, to allow administrators to
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte capture a stale backend response, perform If-Modified-Since requests
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte against the backend, and serving from the cache all 304 responses.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte This restores pre-2.2.4 cache behavior. [William Rowe]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_rewrite: Introduce <=, >= string comparison operators, and integer
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte comparators -lt, -le, -eq, -ge, and -gt. To help bash users and drop
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte the ambiguity of the symlink test "-ltest", introduce -h or -L as
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte symlink test operators. [William Rowe]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Give the cache provider the opportunity to choose to cache
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte or not cache based on the buckets present in the brigade, such as the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte presence of a FILE bucket.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_authz_core: Allow authz providers to check args while reading the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte config and allow to cache parsed args. Move 'all' and 'env' authz
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte providers from mod_authz_host to mod_authz_core. Add 'method' authz
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte provider depending on the HTTP method. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_include: Move the request_rec within mod_include to be
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte exposed within include_ctx_t. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_include: Reinstate support for UTF-8 character sets by allowing a
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte variable being echoed or set to be decoded and then encoded as separate
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte steps. PR47686 [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Add a discrete commit_entity() provider function within the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_cache provider interface which is called to indicate to the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte provider that caching is complete, giving the provider the opportunity
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte to commit temporary files permanently to the cache in an atomic
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte fashion. Replace the inconsistent use of error cleanups with a formal
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte set of pool cleanups attached to a subpool, which is destroyed on error.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Change the signature of the store_body() provider function
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte within the mod_cache provider interface to support an "in" brigade
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte and an "out" brigade instead of just a single input brigade. This
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte gives a cache provider the option to consume only part of the brigade
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte passed to it, rather than the whole brigade as was required before.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte This fixes an out of memory and a request timeout condition that would
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte occur when the original document was a large file. Introduce
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte CacheReadSize and CacheReadTime directives to mod_disk_cache to control
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte the amount of data to attempt to cache at a time. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Add ErrorLogFormat to allow configuring error log format, including
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte additional information that is logged once per connection or request. Add
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte error log IDs for connections and request to allow correlating error log
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte lines and the corresponding access log entry. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Disable sendfile by default. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Check the request to determine whether we are allowed
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte to return cached content at all, and respect a "Cache-Control:
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte no-cache" header from a client. Previously, "no-cache" would
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte behave like "max-age=0". [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Use a proper filter context to hold filter data instead
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte of misusing the per-request configuration. Fixes a segfault on trunk
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte when the normal handler is used. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cgid: Log a warning if the ScriptSock path is truncated because
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte it is too long. PR 49388. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) vhosts: Do not allow _default_ in NameVirtualHost, or mixing *
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte and non-* ports on NameVirtualHost, or multiple NameVirtualHost
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte directives for the same address:port, or NameVirtualHost
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte directives with no matching VirtualHosts, or multiple ip-based
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte VirtualHost sections for the same address:port. These were
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte previously accepted with a warning, but the behavior was
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte undefined. [Dan Poirier]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_remoteip: Fix a segfault when using mod_remoteip in conjunction with
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Allow/Deny. PR 49838. [Andrew Skalski <voltara gmail.com>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: DirectoryMatch can now match on the end of line character ($),
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte and sub-directories of matched directories are no longer implicitly
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte matched. PR49809 [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Regexps: introduce new higher-level regexp utility including parsing
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte and executing perl-style regexp ops (e.g s/foo/bar/i) and regexp memory
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Proxy: support setting source address. PR 29404
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Multiple contributors iterating through bugzilla,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Aron Ujvari <xanco nikhok.hu>, Aleksey Midenkov <asm uezku.kemsu.ru>,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte <dan listening-station.net; trunk version Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) HTTP protocol: return 400 not 503 if we have to abort due to malformed
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte chunked encoding. [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteChanges with Apache 2.3.8
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) suexec: Support large log files. PR 45856. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Abort with sensible error message if no or more than one MPM is
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte loaded. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy: Rename erroronstatus to failonstatus.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Daniel Ruggeri <DRuggeri primary.net>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_dav_fs: Fix broken "creationdate" property.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Regression in version 2.3.7. [Rainer Jung]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteChanges with Apache 2.3.7
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) SECURITY: CVE-2010-1452 (cve.mitre.org)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte segment. PR: 49246 [Mark Drayton, Jeff Trawick]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_rewrite: Log errors if rewrite map files cannot be opened. PR 49639.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy_http: Support the 'ping' property for backend HTTP/1.1 servers
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte via leveraging 100-Continue as the initial "request".
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Jim Jagielski]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core/mod_authz_core: Introduce new access_checker_ex hook that enables
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_authz_core to bypass authentication if access should be allowed by
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki IP address/env var/... [Stefan Fritsch]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) core: Introduce note_auth_failure hook to allow modules to add support
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte for additional auth types. This makes ap_note_auth_failure() work with
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki mod_auth_digest again. PR 48807. [Stefan Fritsch]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_authn_socache: new module [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) mod_rewrite: Allow to set environment variables without explicitly
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte giving a value. [Rainer Jung]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_include: recognise "text/html; parameters" as text/html
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 49616 [Andrey Chernov <ache nagual.pp.ru>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) CGI vars: allow PATH to be set by SetEnv, consistent with LD_LIBRARY_PATH
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 43906 [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Core: Extra robustness: don't try authz and segfault if authn
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte fails to set r->user. Log bug and return 500 instead.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 42995 [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) HTTP protocol filter: fix handling of longer chunk extensions
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Update SSL cipher suite and add example for SSLHonorCipherOrder.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Lars Eilebrecht, Rainer Jung]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) move AddOutputFilterByType from core to mod_filter. This should
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte fix nasty side-effects that happen when content_type is set
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte more than once in processing a request, and make it fully
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte compatible with dynamic and proxied contents. [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_log_config: Implement logging for sub second timestamps and
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte request end time. [Rainer Jung]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteChanges with Apache 2.3.6
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) SECURITY: CVE-2009-3555 (cve.mitre.org)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki attack when compiled against OpenSSL version 0.9.8m or later. Introduces
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki and offer unsafe legacy renegotiation with clients which do not yet
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki support the new secure renegotiation protocol, RFC 5746.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Joe Orton, and with thanks to the OpenSSL Team]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) SECURITY: CVE-2009-3555 (cve.mitre.org)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki by rejecting any client-initiated renegotiations. Forcibly disable
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte keepalive for the connection if there is any buffered data readable. Any
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte configuration which requires renegotiation for per-directory/location
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) SECURITY: CVE-2010-0408 (cve.mitre.org)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte when request headers indicate a request body is incoming; not a case of
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) SECURITY: CVE-2010-0425 (cve.mitre.org)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_isapi: Do not unload an isapi .dll module until the request
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte processing is completed, avoiding orphaned callback pointers.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Filter init functions are now run strictly once per request
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte before handler invocation. The init functions are no longer run
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte for connection filters. PR 49328. [Joe Orton]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Adjust the output filter chain correctly in an internal
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte redirect from a subrequest, preserving filters from the main
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte request as necessary. PR 17629. [Joe Orton]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Response if they so choose to do so. Previously an attempt to cache a 206
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte was arbitrarily allowed if the response contained an Expires or
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Cache-Control header, and arbitrarily denied if both headers were missing.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Add microsecond timestamp fractions, process id and thread id
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki to the error log. [Rainer Jung]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) configure: The "most" module set gets build by default. [Rainer Jung]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) configure: Fix broken VPATH build when using included APR.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Rainer Jung]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_session_crypto: Fix configure problem when building
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte with APR 2 and for VPATH builds with included APR.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Rainer Jung]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_session_crypto: API compatibility with APR 2 crypto and
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki APR Util 1.x crypto. [Rainer Jung]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) ab: Fix memory leak with -v2 and SSL. PR 49383.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Pavel Kankovsky <peak argo troja mff cuni cz>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Add per-module and per-directory loglevel configuration.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Add some more trace logging.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_ssl: Replace LogLevelDebugDump with trace log levels.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_dumpio: Replace DumpIOLogLevel with trace log levels.
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki [Stefan Fritsch]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte title page only) when any mod_ldap directives were used in VirtualHost
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte context. [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_disk_cache: Decline the opportunity to cache if the response is
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte a 206 Partial Content. This stops a reverse proxied partial response
e31df31051ab05e561eab5b23bb1c00627a10d64Thomas Atkins from becoming cached, and then being served in subsequent responses.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_deflate: avoid the risk of forwarding data before headers are set.
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki PR 49369 [Matthew Steele <mdsteele google.com>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_authnz_ldap: Ensure nested groups are checked when the
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki top-level group doesn't have any direct non-group members
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte of attributes in AuthLDAPGroupAttribute. [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_authnz_ldap: Search or Comparison during authorization phase
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte can use the credentials from the authentication phase
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 48340 [Domenico Rotiroti, Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_authnz_ldap: Allow the initial DN search during authentication
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte to use the HTTP username/pass instead of an anonymous or hard-coded
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki when this module is used for authorization. See AuthLDAPAuthorizePrefix.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 45584 [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) apxs -q: Stop filtering out ':' characters from the reported values.
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki PR 45343. [Bill Cole]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) prefork MPM: Work around possible crashes on child exit in APR reslist
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte cleanup code. PR 43857. [Tom Donovan]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Bryn Dole <dole blekko.com>]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) Log an error for failures to read a chunk-size, and return 408 instead of
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki 413 when this is due to a read timeout. This change also fixes some cases
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki of two error documents being sent in the response for the same scenario.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Eric Covener] PR49167
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte to control/set the nonce used in the balancer-manager application.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Jim Jagielski]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Stefan Fritsch]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) Proxy balancer: support setting error status according to HTTP response
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) htcacheclean: Introduce the ability to clean specific URLs from the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte cache, if provided as an optional parameter on the command line.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Introduce the IncludeStrict directive, which explicitly fails
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte server startup if no files or directories match a wildcard path.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) htcacheclean: Report additional statistics about entries deleted.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 48944. [Mark Drayton mark markdrayton.info]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte build of openssl is required for 'SSLFIPS on'. PR 46270.
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki [Dr Stephen Henson <steve openssl.org>, William Rowe]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) mod_proxy_http: Log the port of the remote server in various messages.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 48812. [Igor Galić <i galic brainsware org>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy_ajp: Really regard the operation a success, when the client
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte aborted the connection. In addition adjust the log message if the client
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte aborted the connection. [Ruediger Pluem]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki allows insecure renegotiation with clients which do not yet
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki support the secure renegotiation protocol. [Joe Orton]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki is configured for client cert auth. PR 46952. [Joe Orton]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) core: Only log a 408 if it is no keepalive timeout. PR 39785
e31df31051ab05e561eab5b23bb1c00627a10d64Thomas Atkins [Ruediger Pluem, Mark Montague <markmont umich.edu>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) support/rotatelogs: Add -L option to create a link to the current
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki setting only, matching most of the documentation and examples.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 46541 [Paul Reder, Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_negotiation: Preserve query string over multiviews negotiation.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte This buglet was fixed for type maps in 2.2.6, but the same issue
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte affected multiviews and was overlooked.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 33112 [Joergen Thomsen <apache jth.net>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte when some are not password-protected. [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Fix startup segfault when the Mutex directive is used but no loaded
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte modules use httpd mutexes. PR 48787. [Jeff Trawick]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Proxy: get the headers right in a HEAD request with
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte ProxyErrorOverride, by checking for an overridden error
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki before not after going into a catch-all code path.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 41646. [Nick Kew, Stuart Children]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) support/rotatelogs: Support the simplest log rotation case, log
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki truncation. Useful when the log is being processed in real time
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte using a command like tail. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) support/htcacheclean: Teach it how to write a pid file (modelled on
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte httpd's writing of a pid file) so that it becomes possible to run
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte more than one instance of htcacheclean on the same machine.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Log command line on startup, so there's a record of command line
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte arguments like -f. PR 48752. [Dan Poirier]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) Introduce mod_reflector, a handler capable of reflecting POSTed
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki request bodies back within the response through the output filter
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte stack. Can be used to turn an output filter into a web service.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy_http: Make sure that when an ErrorDocument is served
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte from a reverse proxied URL, that the subrequest respects the status
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte of the original request. This brings the behaviour of proxy_handler
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte in line with default_handler. PR 47106. [Graham Leggett]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) Support wildcards in both the directory and file components of
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte the path specified by the Include directive. [Graham Leggett]
e31df31051ab05e561eab5b23bb1c00627a10d64Thomas Atkins *) mod_proxy, mod_proxy_http: Support remote https proxies
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte by using HTTP CONNECT. PR 19188.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Philip M. Gollucci]
570de38f63910201fdd77246630b7aa8f9dc5661Surya Prakki *) worker: Don't report server has reached MaxClients until it has.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Add message when server gets within MinSpareThreads of MaxClients.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 46996. [Dan Poirier]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_session: Session expiry was being initialised, but not updated
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte on each session save, resulting in timed out sessions when there
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte should not have been. Fixed. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_log_config: Add the R option to log the handler used within the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte request. [Christian Folini <christian.folini netnea com>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_include: Allow fine control over the removal of Last-Modified and
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte ETag headers within the INCLUDES filter, making it possible to cache
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte responses if desired. Fix the default value of the SSIAccessEnable
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte directive. [Graham Leggett]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Add new UnDefine directive to undefine a variable. PR 35350.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte for regex backreferences as mod_rewrite and mod_include: Remove the use
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte of '&' as an alias for '$0' and allow to escape any character with a
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte backslash. PR 48351. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte password to UTF-8. PR 45318.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) ab: Fix calculation of requests per second in HTML output. PR 48594.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte password now result in an informational level log entry instead of
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte warning level. [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteChanges with Apache 2.3.5
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) SECURITY: CVE-2010-0434 (cve.mitre.org)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Ensure each subrequest has a shallow copy of headers_in so that the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte parent request headers are not corrupted. Eliminates a problematic
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte optimization in the case of no request body. PR 48359
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Jake Scott, William Rowe, Ruediger Pluem]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Turn static function get_server_name_for_url() into public
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte ap_get_server_name_for_url() and use it where appropriate. This
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte fixes mod_rewrite generating invalid URLs for redirects to IPv6
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte literal addresses. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte for LDAP operations like bind and search. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_proxy_ftp. [Takashi Sato]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_proxy_connect. [Takashi Sato]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_cache: Do an exact match of the keys defined by
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte CacheIgnoreURLSessionIdentifiers against the querystring instead of
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte a partial match. PR 48401.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Core HTTP: disable keepalive when the Client has sent
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Expect: 100-continue
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte but we respond directly with a non-100 response.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Keepalive here led to data from clients continuing being treated as
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte a new request.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 47087 [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Core: reject NULLs in request line or request headers.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 43039 [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Core: (re)-introduce -T commandline option to suppress documentroot
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte check at startup.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 41887 [Jan van den Berg <janvdberg gmail.com>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte ScanHTMLTitles, ReadmeName, HeaderName
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Proxy: Fix ProxyPassReverse with relative URL
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Derived (slightly erroneously) from PR 38864 [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_headers: align Header Edit with Header Set when used on Content-Type
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_headers: Enable multi-match-and-replace edit option
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 46594 [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_filter: enable it to act on non-200 responses.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 48377 [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteChanges with Apache 2.3.4
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte and WatchdogMutexPath with a single Mutex directive. Add APIs to
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte simplify setup and user customization of APR proc and global mutexes.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) http_core: KeepAlive no longer accepts other than On|Off.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Takashi Sato]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Jeff Trawick]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte try other providers in the case of an LDAP bind failure.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) Build: fix --with-module to work as documented
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 43881 [Gez Saunders <gez.saunders virgin.net>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteChanges with Apache 2.3.3
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) SECURITY: CVE-2009-3095 (cve.mitre.org)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_proxy_ftp: sanity check authn credentials.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Stefan Fritsch <sf fritsch.de>, Joe Orton]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) SECURITY: CVE-2009-3094 (cve.mitre.org)
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte mod_proxy_ftp: NULL pointer dereference on error paths.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Stefan Fritsch <sf fritsch.de>, Joe Orton]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_dav: Include uri when logging a PUT error due to connection abort.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 38149. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte (a COPY request where the parent of the destination resource does not
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte exist). PR 39299. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 42896. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte creating files. On systems with inode numbers, this is a format change of
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte the DavLockDB. The old DavLockDB must be deleted on upgrade.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_log_config: Make ${cookie}C correctly match whole cookie names
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) vhost: A purely-numeric Host: header should not be treated as a port.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 44979 [Nick Kew]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte LDAPReferralHopLimit is explicitly configured.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Eric Covener]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_ssl: Add support for OCSP Stapling. PR 43822.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte [Dr Stephen Henson <shenson oss-institute.org>]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) mod_socache_shmcb: Allow parens in file name if cache size is given.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte Fixes SSLSessionCache directive mis-parsing parens in pathname.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte PR 47945. [Stefan Fritsch]
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
PR 47178. [Philipp Hagemeister <oss phihag.de>]
Brian France <brian brianfrance.com>]
modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
*) mod_logio/core: Report more accurate byte counts in mod_status if
for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
[Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
Log 408 errors in access log as was done in Apache 1.3.x.
PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
Stefan Fritsch <sf fritsch.de>, Dan Poirier]
Brian France <brian brianfrance.com>]
Brian France <brian brianfrance.com>]
[Stefan Fritsch <sf sfritsch.de>]
*) mod_session.c: Prevent a segfault when session is added but not
definition. [Stefan Fritsch sf sfritsch.de]
*) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
PR 46971 [evanc nortel.com]
[Stefan Fritsch <sf sfritsch.de>]
for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
PR 42175 [Jim Radford <radford blackbean.org>]
type. PR 45107. [Michael Ströder <michael stroeder.com>,
PR 44020 [Håkon Stordahl <hakon stordahl.org>]
CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
PR 46942 [Dan Poirier <poirier pobox.com>]
PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
[Marko Kevac <mkevac gmail.com>]
as A/UX, Next, and Tandem. [Jeff Trawick]
directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
of module state across unload/load. [Jeff Trawick]
[Dan Poirier <poirier pobox.com>]
[Geoff Keating <geoffk apple.com>]
with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
a media type has not been configured via mime.types, AddType,
[Ryan Phillips <ryan-apache trolocsis.com>]
[<tlhackque yahoo.com>]
*) prefork: Fix child process hang during graceful restart/stop in
*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
times out before returning status line/headers.
PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
[Theo Schlossnagle <jesus omniti.com>, Paul Querna]
modules/proxy/balancers [Jim Jagielski]
privileges and Unix user/group IDs [Nick Kew]
logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
*) unixd: turn existing code into a module, and turn the set user/group
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
*) New module mod_sed: filter Request/Response bodies through sed
null value. [David Shane Holden <dpejesh apache.org>]
both inside and outside the location/directory sections, as
form request with the type of application/x-www-form-urlencoded.
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnz_ldap: Add support for nested groups (i.e. the ability
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later:
Changes with Apache 1.3.x and later: