CHANGES revision 262f9062097b84b950f8aec72344eb0734948f78
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe -*- coding: utf-8 -*-
a601d863bd772fefc4dc82a883589d8be6a44811wroweChanges with Apache 2.5.0
a601d863bd772fefc4dc82a883589d8be6a44811wrowe *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
a601d863bd772fefc4dc82a883589d8be6a44811wrowe resumed by TLS session resumption (RFC 5077). [Rainer Jung]
a601d863bd772fefc4dc82a883589d8be6a44811wrowe *) mod_proxy_ajp: Forward local IP address as a custom request attribute
a601d863bd772fefc4dc82a883589d8be6a44811wrowe like we already do for the remote port. [Rainer Jung]
6f51bbc3054846e0c0a897d5f16ceba1726bebc6jerenkrantz *) mod_authnz_ldap: Return LDAP connections to the pool before the handler
6f51bbc3054846e0c0a897d5f16ceba1726bebc6jerenkrantz is run, instead of waiting until the end of the request. [Eric Covener]
6f51bbc3054846e0c0a897d5f16ceba1726bebc6jerenkrantz *) mod_ldap: Be more conservative with the last-used time for
6f51bbc3054846e0c0a897d5f16ceba1726bebc6jerenkrantz LDAPConnectionPoolTTL. PR54587 [Eric Covener]
a601d863bd772fefc4dc82a883589d8be6a44811wrowe *) mod_deflate: Don't fail when flushing inflated data to the user-agent
ff920f8ae37ba372801b67ea7c3d5bf1dfb55585dreid and that coincides with the end of stream ("Zlib error flushing inflate
ff920f8ae37ba372801b67ea7c3d5bf1dfb55585dreid buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
ff920f8ae37ba372801b67ea7c3d5bf1dfb55585dreid *) mod_proxy: Don't limit the size of the connectable Unix Domain Socket
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe paths. [Christophe Jaillet, Yann Ylavic]
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe *) mod_ssl: dump SSL IO/state for the write side of the connection(s),
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe like reads (level TRACE4). [Yann Ylavic]
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe *) mod_proxy: Shutdown (eg. close notify) the backend connection before
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe closing. [Yann Ylavic]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeout
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe expires. PR54998. [Yann Ylavic]
a601d863bd772fefc4dc82a883589d8be6a44811wrowe *) mod_ssl: Ensure that the SSL close notify alert is flushed to the client.
a601d863bd772fefc4dc82a883589d8be6a44811wrowe PR54998. [Tim Kosse <tim.kosse filezilla-project.org>, Yann Ylavic]
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe *) mod_log_config: Add GlobalLog to allow a globally defined log to
a601d863bd772fefc4dc82a883589d8be6a44811wrowe be inherited by virtual hosts that define a CustomLog.
a601d863bd772fefc4dc82a883589d8be6a44811wrowe [Edward Lu <Chaosed0 gmail.com>]
a601d863bd772fefc4dc82a883589d8be6a44811wrowe *) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe records for scalability. [Yingqi Lu <yingqi.lu@intel.com>,
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe Jeff Trawick, Jim Jagielski]
a601d863bd772fefc4dc82a883589d8be6a44811wrowe *) mod_proxy_html: support automatic detection of doctype and processing
a601d863bd772fefc4dc82a883589d8be6a44811wrowe of FPIs. PR56285 [Micha Lenk <micha lenk info>, Nick Kew]
a601d863bd772fefc4dc82a883589d8be6a44811wrowe *) mod_proxy_html: skip documents shorter than 4 bytes
a601d863bd772fefc4dc82a883589d8be6a44811wrowe PR 56286 [Micha Lenk <micha lenk info>]
a601d863bd772fefc4dc82a883589d8be6a44811wrowe *) mod_proxy_fdpass: Fix computation of the size of 'struct sockaddr_un'
a601d863bd772fefc4dc82a883589d8be6a44811wrowe when passed to 'connect()'.
a601d863bd772fefc4dc82a883589d8be6a44811wrowe [Graham Dumpleton <grahamd apache org>]
a601d863bd772fefc4dc82a883589d8be6a44811wrowe *) core: Add ap_mpm_resume_suspended() API to allow a suspended connection
fc9e01023a2fb7f7af9b25621ab080bbe7a95611jerenkrantz to resume. PR56333
a601d863bd772fefc4dc82a883589d8be6a44811wrowe [Artem <artemciy gmail.com>, Edward Lu <Chaosed0 gmail.com>]
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe *) core: Add ap_mpm_register_socket_callback_timeout() API. [Eric Covener]
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe *) mod_proxy_wstunnel: Honor ProxyWebsocketIdleTimeout in asynchronous
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe processing mode. [Eric Covener]
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe *) mod_authnz_ldap: Fail explicitly when the filter is too long. Remove
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe unnecessary apr_pstrdup() and strlen(). [Graham Leggett]
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe *) Add the ldap-search option to mod_authnz_ldap, allowing authorization
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe to be based on arbitrary expressions that do not include the username.
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe [Graham Leggett]
bfae8a5d3c37df19dea49b411b109198c7e84a4fbrianp *) Add the ldap function to the expression API, allowing LDAP filters and
bfae8a5d3c37df19dea49b411b109198c7e84a4fbrianp distinguished names based on expressions to be escaped correctly to
7dfb10a15cdfd48a23a9aa5713a2deb129821761wrowe guard against LDAP injection. [Graham Leggett]
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe *) Add module mod_ssl_ct, which provides an implementation of Certificate
998a0c99bc22357406f359ace2f602c5d6e376c6wrowe Transparency (RFC 6962) for httpd. [Jeff Trawick]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_proxy: Preserve original request headers even if they differ
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein from the ones to be forwarded to the backend. PR 45387.
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein [Yann Ylavic]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_remoteip: Prevent an external proxy from presenting an internal
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein proxy. PR 55962. [Mike Rumph]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_ssl: Add hooks to allow other modules to perform processing at
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein several stages of initialization and connection handling. See
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein mod_ssl_openssl.h. [Jeff Trawick]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_proxy_wstunnel: Avoid sending error responses down an upgraded
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein websockets connection as it is being close down. [Eric Covener]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_proxy_wstunnel: Allow the administrator to cap the amount
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein of time a synchronous websockets connection stays idle with
cdc56e100a8fa11e989d1633914502db1c8e0818wrowe ProxyWebsocketIdleTimeout. [Eric Covener]
cdc56e100a8fa11e989d1633914502db1c8e0818wrowe *) mod_proxy_wstunnel: Change to opt-in for asynchronous support, adding
cdc56e100a8fa11e989d1633914502db1c8e0818wrowe directives ProxyWebsocketAsync and ProxyWebsocketAsyncDelay.
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein [Eric Covener]
cdc56e100a8fa11e989d1633914502db1c8e0818wrowe *) mod_proxy_wstunnel: Stop leaking websockets backend connections under
cdc56e100a8fa11e989d1633914502db1c8e0818wrowe event MPM (trunk-only). [Eric Covener]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_proxy_http: Add detach_backend hook (potentially usable
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein in other proxy scheme handlers). [Jeff Trawick]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_deflate: Add DeflateAlterETag to control how the ETag
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein is modified. The 'NoChange' parameter mimics 2.2.x behavior.
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein PR 45023, PR 39727. [Eric Covener]
cdc56e100a8fa11e989d1633914502db1c8e0818wrowe *) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein allow spaces in backreferences to be encoded as %20 instead of '+'.
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein [Eric Covener]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_rewrite: Support an optional list of characters to escape in the
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein argument for the 'B' (escape backreferences) flag. [Eric Covener]
cdc56e100a8fa11e989d1633914502db1c8e0818wrowe *) mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
cdc56e100a8fa11e989d1633914502db1c8e0818wrowe OCSP requests should use a nonce to be checked against the responder's
cdc56e100a8fa11e989d1633914502db1c8e0818wrowe one. PR 56233. [ Yann Ylavic ]
cdc56e100a8fa11e989d1633914502db1c8e0818wrowe *) mod_dir: Default to 2.2-like behavior and skip execution when method is
cdc56e100a8fa11e989d1633914502db1c8e0818wrowe neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch]
cdc56e100a8fa11e989d1633914502db1c8e0818wrowe *) mod_rewrite: Rename the handler that does per-directory internal
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein redirects to "rewrite-redirect-handler" from "redirect-handler" so
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein it is less ambiguous and less likely to be reused. [Eric Covener]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_rewrite: Protect against looping with the [N] flag by enforcing a
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein default limit of 10000 iterations, and allowing each rule to change its
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein limit. [Eric Covener]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein [Jeff Trawick]
10a6f4803b893e9e77f5ad60ccb387ca1a15f84djerenkrantz *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
10a6f4803b893e9e77f5ad60ccb387ca1a15f84djerenkrantz [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein [Jan Kaluza]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein to support write completion. [Graham Leggett]
10a6f4803b893e9e77f5ad60ccb387ca1a15f84djerenkrantz *) core: Add parse_errorlog_arg callback to ap_errorlog_provider
10a6f4803b893e9e77f5ad60ccb387ca1a15f84djerenkrantz to allow providers to check the ErrorLog argument. [Jan Kaluza]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_cgid: Use the servers Timeout for each read from a CGI script,
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein allow override with new CGIDRequestTimeout directive. PR43494
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) core: ensure any abnormal exit is reported to stderr if it's a tty.
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein PR 55670 [Nick Kew]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_lua: Let the Inter-VM get/set functions work with a global
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein shared memory pool instead of a per-process pool. [Daniel Gruno]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) ldap: Support ldaps when using the Microsoft LDAP SDK.
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein PR 54626. [Jean-Frederic Clere]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_proxy: Add ap_connection_reusable() for checking if a connection
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein is reusable as of this point in processing. [Jeff Trawick]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein to avoid performance problems when subgroups aren't in use. [Eric Covener]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_syslog: New module implementing syslog ap_error_log provider.
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein Previously, this code was part of core, now it's in separate module.
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein [Jan Kaluza]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein syslog support from core to new mod_syslog. [Jan Kaluza]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) mod_status, mod_echo: Fix the display of client addresses.
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein They were truncated to 31 characters which is not enough for IPv6 addresses.
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein PR 54848 [Bernhard Schmidt <berni birkenwald de>]
27ddebab333df2a3d82b0f4ea63878d1d9f38ae8gstein *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
[Jan Kaluza <jkaluza redhat.com>]
filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
haven't had a Content-Type set via e.g. mod_mime. [Eric Covener]
*) AIX: Install DSO's with "cp" instead of "install" in instdso.sh
HTML/XHTML [Nick Kew]
[Jan Kaluza <jkaluza redhat.com>]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
setuid/setgid capability bits rather than a setuid root binary.
[Matthew Steele <mdsteele google.com>]
passing through the server in such a way that connections and/or
Apache 2.4.xx tree as documented below, except as noted.]
Changes with Apache 2.4.x and later:
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later: