CHANGES revision 2792ea4d5c772a6bc19dece2e098b8125bf7184c
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers -*- coding: utf-8 -*-
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay SieversChanges with Apache 2.3.13
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_proxy_fcgi|scgi: Add support for "best guess" of PATH_INFO
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers for SCGI/FCGI. PR 50880, 50851. [Mark Montague <mark catseye.org>,
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers Jim Jagielski]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_cache: When content is served stale, and there is no means to
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers revalidate the content using ETag or Last-Modified, and we have
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers mandated no stale-on-error behaviour, stand down and don't cache.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers Saves a cache write that will never be read.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_reqtimeout: Fix a timed out connection going into the keep-alive
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers state after a timeout when discarding a request body. PR 51103.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Stefan Fritsch]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) core: Add various file existance test operators to ap_expr.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Stefan Fritsch]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_proxy_express: New mass reverse-proxy switch extension for
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers mod_proxy. [Jim Jagielski]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) configure: Fix script error when configuring module set "reallyall".
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Rainer Jung]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay SieversChanges with Apache 2.3.12
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) configure, core: Provide easier support for APR's hook probe
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek capability. [Jim Jagielski, Jeff Trawick]
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek *) Silence autoconf 2.68 warnings. [Rainer Jung]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_authnz_ldap: Resolve crash when LDAP is used for authorization only
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek [Scott Hill <shill genscape.com>]
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek *) support: Make sure check_forensic works with mod_unique_id loaded
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) Add child_status hook for tracking creation/termination of MPM child
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers processes. Add end_generation hook for notification when the last
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek MPM child of a generation exits. [Jeff Trawick]
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek *) mod_ldap: Make LDAPSharedCacheSize 0 create a non-shared-memory cache per
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek process as opposed to disabling caching completely. This allows to use
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek the non-shared-memory cache as a workaround for the shared memory cache
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek not being available during graceful restarts. PR 48958. [Stefan Fritsch]
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek *) Add new ap_reserve_module_slots/ap_reserve_module_slots_directive API,
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek necessary if a module (like mod_perl) registers additional modules late
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek in the startup phase. [Stefan Fritsch]
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek *) core: Prevent segfault if DYNAMIC_MODULE_LIMIT is reached. PR 51072.
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek [Torsten Förtsch <torsten foertsch gmx net>]
fa9d4be3f1f4a792b2f3624c2a08fe9cc6ce6e54Zbigniew Jędrzejewski-Szmek *) WinNT MPM: Improve robustness under heavy load. [Jeff Trawick]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) MinGW build improvements. PR 49535. [John Vandenberg
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers <jayvdb gmail.com>, Jeff Trawick]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) core: Support module names with colons in loglevel configuration.
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt [Torsten Förtsch <torsten foertsch gmx net>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Abort if the MPM is changed across restart. [Jeff Trawick]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt [Peter Pramberger <peter pramberger.at>, Jim Jagielski]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_proxy_fcgi: Add support for 'ProxyErrorOverride on'. PR 50913.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Mark Montague <mark catseye.org>, Jim Jagielski]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Change the APIs of ap_cfg_getline() and ap_cfg_getc() to return an
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers error code. Abort with a nice error message if a config line is too long.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Partial fix for PR 50824. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_info: Dump config to stdout during startup if -DDUMP_CONFIG is
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers specified. PR 31956. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) Restore visibility of DEFAULT_PIDLOG to core and modules. MPM
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers helper function ap_remove_pid() added. [Jeff Trawick]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) Enable DEFAULT_REL_RUNTIMEDIR on Windows and NetWare. [various]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) Correct C++ incompatibility with http_log.h. [Stefan Fritsch, Jeff
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt *) mod_log_config: Prevent segfault. PR 50861. [Torsten Förtsch
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt *) core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt in request URL path info but not decode them. Change behavior of option
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt "On" to decode the encoded slashes as 2.0 and 2.2 do. PR 35256,
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt PR 46830. [Dan Poirier]
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt *) mod_ssl: Check SNI hostname against Host header case-insensitively.
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt PR 49491. [Mayank Agrawal <magrawal.08 gmail.com>]
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt *) mod_ldap: Add LDAPConnectionPoolTTL to give control over lifetime
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt of bound backend LDAP connections. PR47634 [Eric Covener]
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt *) mod_cache: Make CacheEnable and CacheDisable configurable per
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt directory in addition to per server, making them work from within
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt a LocationMatch. [Graham Leggett]
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt *) worker, event, prefork: Correct several issues when built as
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt DSOs; most notably, the scoreboard was reinitialized during graceful
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt restart, such that processes of the previous generation were not
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt observable. [Jeff Trawick]
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin PittChanges with Apache 2.3.11
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt *) mod_win32: Added shebang check for '! so that .vbs scripts work as CGI.
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt Win32's cscript interpreter can only use a single quote as comment char.
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt [Guenter Knauf]
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt *) mod_proxy: balancer-manager now uses POST instead of GET.
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt [Jim Jagielski]
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt *) core: new util function: ap_parse_form_data(). Previously,
c5b7838ddeae1fcd5c613ea15f04918b945823e5Martin Pitt this capability was tucked away in mod_request. [Jim Jagielski]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: new hook: ap_run_pre_read_request. [Jim Jagielski]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cache: When a request other than GET or HEAD arrives, we must
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers invalidate existing cache entities as per RFC2616 13.10. PR 15868.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Graham Leggett]
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt *) modules: Fix many modules that were not correctly initializing if they
2dd30e7da94b32df03451df8cf602e9454a376cbKay Sievers were not active during server startup but got enabled later during a
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers graceful restart. [Stefan Fritsch]
1e091c1285b59d0fbab58e6e5113ad111bc08794Martin Pitt *) core: Create new ap_state_query function that allows modules to determine
1e091c1285b59d0fbab58e6e5113ad111bc08794Martin Pitt if the current configuration run is the initial one at server startup,
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers and if the server is started for testing/config dumping only.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_proxy: Runtime configuration of many parameters for existing
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers balancers via the balancer-manager. [Jim Jagielski]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_proxy: Runtime addition of new workers (BalancerMember) for existing
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers balancers via the balancer-manager. [Jim Jagielski]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_cache: When a bad Expires date is present, we need to behave as if
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers the Expires is in the past, not as if the Expires is missing. PR 16521.
ee2babf4c36f9ab65e9ebbe966ed7839c532df45Martin Pitt [Co-Advisor <coad@measurement-factory.com>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cache: We must ignore quoted-string values that appear in a
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Cache-Control header. PR 50199. [Graham Leggett]
33e74db2667103e33f7e47277378612dcdbdfaa5Martin Pitt *) mod_dav: Revert change to send 501 error if unknown Content-* header is
e55edb22a71e67f01534d28f91c6aa27bba48fc1Martin Pitt received for a PUT request. PR 42978. [Stefan Fritsch]
33e74db2667103e33f7e47277378612dcdbdfaa5Martin Pitt *) mod_cache: Respect s-maxage as described by RFC2616 14.9.3, which must
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers take precedence if present. PR 35247. [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_ssl: Fix a possible startup failure if multiple SSL vhosts
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers are configured with the same ServerName and private key file.
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt [Masahiro Matsuya <mmatsuya redhat.com>, Joe Orton]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_socache_dc: Make module compile by fixing some typos.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers PR 50735 [Mark Montague <mark catseye.org>]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) prefork: Update MPM state in children during a graceful stop or
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers restart. PR 41743. [Andrew Punch <andrew.punch 247realmedia.com>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_mime: Ignore leading dots when looking for mime extensions.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers PR 50434 [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Add support to set variables with the 'Define' directive. The
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers variables that can then be used in the config using the ${VAR} syntax
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers known from envvar interpolation. [Stefan Fritsch]
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt *) mod_proxy_http: make adding of X-Forwarded-* headers configurable.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers ProxyAddHeaders defaults to On. [Vincent Deffontaines]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_slotmem_shm: Increase memory alignment for slotmem data.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Rainer Jung]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_ssl: Add config options for OCSP: SSLOCSPResponderTimeout,
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers SSLOCSPResponseMaxAge, SSLOCSPResponseTimeSkew.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Kaspar Brand <httpd-dev.2011 velox.ch>]
ee2babf4c36f9ab65e9ebbe966ed7839c532df45Martin Pitt *) mod_ssl: Revamp output buffering to reduce network overhead for
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers output fragmented into many buckets, such as chunked HTTP responses.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Apply <If> sections to all requests, not only to file base requests.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Allow to use <If> inside <Directory>, <Location>, and <Files> sections.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers The merging of <If> sections now happens after the merging of <Location>
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers sections, even if an <If> section is embedded inside a <Directory> or
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers <Files> section. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_proxy: Refactor usage of shared data by dropping the scoreboard
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers and using slotmem. Create foundation for dynamic growth/changes of
42a9de1c2513aa348df369080cdd941ef4ab00abMartin Pitt members within a balancer. Remove BalancerNonce in favor of a
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers per-balancer 'nonce' parameter. [Jim Jagielski]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_status: Don't show slots which are disabled by MaxClients as open.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR: 47022 [Jordi Prats <jordi prats gmail com>, Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mpm_prefork: Fix ap_mpm_query results for AP_MPMQ_MAX_DAEMONS and
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers AP_MPMQ_MAX_THREADS.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_authz_core: Fix bug in merging logic if user-based and non-user-based
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers authorization directives were mixed. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_authn_socache: change directive name from AuthnCacheProvider
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers to AuthnCacheProvideFor. The term "provider" is overloaded in
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers this module, and we should avoid confusion between the provider
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers of a backend (AuthnCacheSOCache) and the authn provider(s) for
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers which this module provides cacheing (AuthnCacheProvideFor).
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_proxy_http: Allocate the fake backend request from a child pool
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt of the backend connection, instead of misusing the pool of the frontend
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt request. Fixes a thread safety issue where buckets set aside in the
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt backend connection leak into other threads, and then disappear when
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt the frontend request is cleaned up, in turn causing corrupted buckets
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers to make other threads spin. [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_ssl: Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers escape other special characters with backslashes. The old format can
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers still be used with the LegacyDNStringFormat argument to SSLOptions.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core, mod_rewrite: Make the REQUEST_SCHEME variable available to
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers scripts and mod_rewrite. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_rewrite: Allow to use arbitrary boolean expressions (ap_expr) in
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers RewriteCond. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_rewrite: Allow to unset environment variables using E=!VAR.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 49512. [Mark Drayton <mark markdrayton info>, Stefan Fritsch]
78f66c2151813166549e5482a3dccffe4f890b44Martin Pitt *) mod_headers: Restore the 2.3.8 and earlier default for the first
3f42b51f21171a3166200af3d9966812f1ddd0f0Martin Pitt argument of the Header directive ("onsuccess"). [Eric Covener]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Disallow the mixing of relative and absolute Options PR 33708.
db7c6e6fc85d13ab18eb0d918957210c7476cba6Martin Pitt [Sönke Tesch <st kino-fahrplan.de>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: When exporting request headers to HTTP_* environment variables,
1f6d36f267186c0e3184bab4c7eca48481c6faabHui Wang drop variables whose names contain invalid characters. Describe in the
1f6d36f267186c0e3184bab4c7eca48481c6faabHui Wang docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
1f6d36f267186c0e3184bab4c7eca48481c6faabHui Wang *) core: When selecting an IP-based virtual host, favor an exact match for
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers the port over a wildcard (or omitted) port instead of favoring the one
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers that came first in the configuration file. [Eric Covener]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Overlapping virtual host address/port combinations now implicitly
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers enable name-based virtual hosting for that address. The NameVirtualHost
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers directive has no effect, and _default_ is interpreted the same as "*".
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Eric Covener]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: In the absence of any Options directives, the default is now
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers "FollowSymlinks" instead of "All". [Igor Galić]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) rotatelogs: Add -e option to write logs through to stdout for optional
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers further processing. [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_ssl: Correctly read full lines in input filter when the line is
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers incomplete during first read. PR 50481. [Ruediger Pluem]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_authz_core: Add AuthzSendForbiddenOnFailure directive to allow
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers sending '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authorization
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers fails for an authenticated user. PR 40721. [Stefan Fritsch]
b534166eaec8fef9902a68f75cab8eeae458b23cMartin PittChanges with Apache 2.3.10
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_rewrite: Don't implicitly URL-escape the original query string
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers when no substitution has changed it. PR 50447. [Eric Covener]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Honor 'AcceptPathInfo OFF' during internal redirects,
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers such as per-directory mod_rewrite substitutions. PR 50349.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Eric Covener]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt rules/conditions before the overridden rules/conditions. PR 39313.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_autoindex: add IndexIgnoreReset to reset the list of IndexIgnored
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers filenames in higher precedence configuration sections. PR 24243.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Eric Covener]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cgid: RLimit* directive support for mod_cgid. PR 42135
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Eric Covener]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Fail startup when the argument to ServerName looks like a glob
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers or a regular expression instead of a hostname (*?[]). PR 39863
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_userdir: Add merging of enable, disable, and filename arguments
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers to UserDir directive, leaving enable/disable of userlists unmerged.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 44076 [Eric Covener]
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt *) httpd: When no -k option is provided on the httpd command line, the server
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers was starting without checking for an existing pidfile. PR 50350
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Eric Covener]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_proxy: Put the worker in error state if the SSL handshake with the
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers backend fails. PR 50332.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cache_disk: Fix Windows build which was broken after renaming
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt the module. [Gregg L. Smith]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay SieversChanges with Apache 2.3.9
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) SECURITY: CVE-2010-1623 (cve.mitre.org)
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Fix a denial of service attack against mod_reqtimeout.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_headers: Change default first argument of Header directive
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers from "onsuccess" to "always". [Eric Covener]
0787758d26337ec897d9553fe962678fbf0a0962Zbigniew Jędrzejewski-Szmek *) mod_include: Add the onerror attribute to the include element,
0787758d26337ec897d9553fe962678fbf0a0962Zbigniew Jędrzejewski-Szmek allowing an URL to be specified to include on error. [Graham
0787758d26337ec897d9553fe962678fbf0a0962Zbigniew Jędrzejewski-Szmek *) mod_cache_disk: mod_disk_cache renamed to mod_cache_disk, to be
0787758d26337ec897d9553fe962678fbf0a0962Zbigniew Jędrzejewski-Szmek consistent with the naming of other modules. [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_setenvif: Add SetEnvIfExpr directive to set env var depending on
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers expression. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_proxy: Fix ProxyPassInterpolateEnv directive. PR 50292.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers binary (Suexec Off), or force startup failure if suEXEC is required
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers but not supported (Suexec On). Change SuexecUserGroup to fail
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers startup instead of just printing a warning if suEXEC is disabled.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Jeff Trawick]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Add Error directive for aborting startup or htaccess processing
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers with a specified error message. [Jeff Trawick]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_rewrite: Fix the RewriteEngine directive to work within a
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers location. Previously, once RewriteEngine was switched on globally,
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers it was impossible to switch off. [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core, mod_include, mod_ssl: Move the expression parser derived from
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers mod_include back into mod_include. Replace ap_expr with a parser
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers derived from mod_ssl's parser. Make mod_ssl use the new parser. Rework
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers ap_expr's public interface and provide hooks for modules to add variables
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers and functions. [Stefan Fritsch]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) core: Do the hook sorting earlier so that the hooks are properly sorted
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers for the pre_config hook and during parsing the config. [Stefan Fritsch]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) core: In the absence of any AllowOverride directives, the default is now
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers "None" instead of "All". PR49823 [Eric Covener]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers <Directory> or <Files>. PR47765 [Eric Covener]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) prefork/worker/event MPMS: default value (when no directive is present)
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers to match default configuration and manual. PR47782 [Eric Covener]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers when the child process is starting to exit. PR50220. [Eric Covener]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_autoindex: Fix inheritance of mod_autoindex directives into
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers contexts that don't have any mod_autoindex directives. PR47766.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Eric Covener]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers of rewrite processing when a per-directory substitution occurs.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Eric Covener]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_ssl: Make sure to always log an error if loading of CA certificates
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt *) mod_dav: Send 400 error if malformed Content-Range header is received for
e7627e14dc883ab0ad73c931e4ff0caa1cad6860Zbigniew Jędrzejewski-Szmek a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
e7627e14dc883ab0ad73c931e4ff0caa1cad6860Zbigniew Jędrzejewski-Szmek *) mod_proxy: Release the backend connection as soon as EOS is detected,
efb4bf4e419e14a13eead6289ea40165579a816fMartin Pitt so the backend isn't forced to wait for the client to eventually
e7627e14dc883ab0ad73c931e4ff0caa1cad6860Zbigniew Jędrzejewski-Szmek acknowledge the data. [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_proxy: Optimise ProxyPass within a Location so that it is stored
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers per-directory, and chosen during the location walk. Make ProxyPass
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers work correctly from within a LocationMatch. [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) core: Fix segfault if per-module LogLevel is on virtual host
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers scope. PR 50117. [Stefan Fritsch]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_proxy: Move the ProxyErrorOverride directive to have per
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers directory scope. [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_allowmethods: New module to deny certain HTTP methods without
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers interfering with authentication/authorization. [Paul Querna,
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers Igor Galić, Stefan Fritsch]
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt *) mod_ssl: Log certificate information and improve error message if client
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers Stefan Fritsch]
4a792f4676e5f8fa86aff8aac09c4b6391dee313Christoph Junghans *) htcacheclean: Teach htcacheclean to limit cache size by number of
4a792f4676e5f8fa86aff8aac09c4b6391dee313Christoph Junghans inodes in addition to size of files. Prevents a cache disk from
4a792f4676e5f8fa86aff8aac09c4b6391dee313Christoph Junghans running out of space when many small files are cached.
4a792f4676e5f8fa86aff8aac09c4b6391dee313Christoph Junghans [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers describes more accurately what the directive does. The old name
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers still works but logs a warning. [Stefan Fritsch]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_cache: Optionally serve stale data when a revalidation returns a
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers 5xx response, controlled by the CacheStaleOnError directive.
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) htcacheclean: Allow the listing of valid URLs within the cache, with
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers the option to list entry metadata such as sizes and times. [Graham
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt *) mod_cache: correctly parse quoted strings in cache headers.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers PR 50199 [Nick Kew]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_cache: Allow control over the base URL of reverse proxied requests
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers using the CacheKeyBaseURL directive, so that the cache key can be
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers calculated from the endpoint URL instead of the server URL. [Graham
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt *) mod_cache: CacheLastModifiedFactor, CacheStoreNoStore, CacheStorePrivate,
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers CacheStoreExpired, CacheIgnoreNoLastMod, CacheDefaultExpire,
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers CacheMinExpire and CacheMaxExpire can be set per directory/location.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_disk_cache: CacheMaxFileSize, CacheMinFileSize, CacheReadSize and
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers CacheReadTime can be set per directory/location. [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) core: Speed up config parsing if using a very large number of config
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers files. PR 50002 [andrew cloudaccess net]
82cd413782cca6de3088c2705f839ff31abec7f9Martin Pitt *) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
82cd413782cca6de3088c2705f839ff31abec7f9Martin Pitt *) htcacheclean: Allow the option to round up file sizes to a given
82cd413782cca6de3088c2705f839ff31abec7f9Martin Pitt block size, improving the accuracy of disk usage. [Graham Leggett]
82cd413782cca6de3088c2705f839ff31abec7f9Martin Pitt *) mod_ssl: Add authz providers for use with mod_authz_core and its
82cd413782cca6de3088c2705f839ff31abec7f9Martin Pitt RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
82cd413782cca6de3088c2705f839ff31abec7f9Martin Pitt 'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
82cd413782cca6de3088c2705f839ff31abec7f9Martin Pitt 'ssl-require' (expressions with same syntax as SSLRequire).
82cd413782cca6de3088c2705f839ff31abec7f9Martin Pitt [Stefan Fritsch]
82cd413782cca6de3088c2705f839ff31abec7f9Martin Pitt *) mod_ssl: Make the ssl expression parser thread-safe. It now requires
82cd413782cca6de3088c2705f839ff31abec7f9Martin Pitt bison instead of yacc. [Stefan Fritsch]
82cd413782cca6de3088c2705f839ff31abec7f9Martin Pitt *) mod_disk_cache: Change on-disk header file format to support the
82cd413782cca6de3088c2705f839ff31abec7f9Martin Pitt link of the device/inode of the data file to the matching header
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers file, and to support the option of not writing a data file when
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers the data file is empty. [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) core/mod_unique_id: Add generate_log_id hook to allow to use
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers the ID generated by mod_unique_id as error log ID for requests.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cache: Make sure that we never allow a 304 Not Modified response
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers that we asked for to leak to the client should the 304 response be
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers uncacheable. PR45341 [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cache: Add the cache_status hook to register the final cache
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers decision hit/miss/revalidate. Add optional support for an X-Cache
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers and/or an X-Cache-Detail header to add the cache status to the
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers response. PR48241 [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_authz_host: Add 'local' provider that matches connections originating
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers on the local host. PR 19938. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) Event MPM: Fix crash accessing pollset on worker thread when child
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers process is exiting. [Jeff Trawick]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) core: For process invocation (cgi, fcgid, piped loggers and so forth)
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers pass the system library path (LD_LIBRARY_PATH or platform-specific
ddc77f62244bb41d5c8261517e2e1ff1b763fc94Kay Sievers variables) along with the system PATH, by default. Both should be
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers overridden together as desired using PassEnv etc; see mod_env.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [William Rowe]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cache: Introduce CacheStoreExpired, to allow administrators to
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers capture a stale backend response, perform If-Modified-Since requests
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers against the backend, and serving from the cache all 304 responses.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers This restores pre-2.2.4 cache behavior. [William Rowe]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_rewrite: Introduce <=, >= string comparison operators, and integer
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers comparators -lt, -le, -eq, -ge, and -gt. To help bash users and drop
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers the ambiguity of the symlink test "-ltest", introduce -h or -L as
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers symlink test operators. [William Rowe]
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt *) mod_cache: Give the cache provider the opportunity to choose to cache
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers or not cache based on the buckets present in the brigade, such as the
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers presence of a FILE bucket.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_authz_core: Allow authz providers to check args while reading the
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers config and allow to cache parsed args. Move 'all' and 'env' authz
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers providers from mod_authz_host to mod_authz_core. Add 'method' authz
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers provider depending on the HTTP method. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_include: Move the request_rec within mod_include to be
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers exposed within include_ctx_t. [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_include: Reinstate support for UTF-8 character sets by allowing a
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers variable being echoed or set to be decoded and then encoded as separate
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers steps. PR47686 [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cache: Add a discrete commit_entity() provider function within the
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers mod_cache provider interface which is called to indicate to the
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers provider that caching is complete, giving the provider the opportunity
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers to commit temporary files permanently to the cache in an atomic
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers fashion. Replace the inconsistent use of error cleanups with a formal
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers set of pool cleanups attached to a subpool, which is destroyed on error.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cache: Change the signature of the store_body() provider function
d946bb53f94713241004810de92cc37f1e19c2d2Martin Pitt within the mod_cache provider interface to support an "in" brigade
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers and an "out" brigade instead of just a single input brigade. This
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers gives a cache provider the option to consume only part of the brigade
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers passed to it, rather than the whole brigade as was required before.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers This fixes an out of memory and a request timeout condition that would
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers occur when the original document was a large file. Introduce
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers CacheReadSize and CacheReadTime directives to mod_disk_cache to control
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers the amount of data to attempt to cache at a time. [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Add ErrorLogFormat to allow configuring error log format, including
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers additional information that is logged once per connection or request. Add
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers error log IDs for connections and request to allow correlating error log
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers lines and the corresponding access log entry. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Disable sendfile by default. [Stefan Fritsch]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_cache: Check the request to determine whether we are allowed
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers to return cached content at all, and respect a "Cache-Control:
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers no-cache" header from a client. Previously, "no-cache" would
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers behave like "max-age=0". [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cache: Use a proper filter context to hold filter data instead
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers of misusing the per-request configuration. Fixes a segfault on trunk
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers when the normal handler is used. [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cgid: Log a warning if the ScriptSock path is truncated because
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers it is too long. PR 49388. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) vhosts: Do not allow _default_ in NameVirtualHost, or mixing *
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers and non-* ports on NameVirtualHost, or multiple NameVirtualHost
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers directives for the same address:port, or NameVirtualHost
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers directives with no matching VirtualHosts, or multiple ip-based
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers VirtualHost sections for the same address:port. These were
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers previously accepted with a warning, but the behavior was
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers undefined. [Dan Poirier]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_remoteip: Fix a segfault when using mod_remoteip in conjunction with
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt Allow/Deny. PR 49838. [Andrew Skalski <voltara gmail.com>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: DirectoryMatch can now match on the end of line character ($),
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers and sub-directories of matched directories are no longer implicitly
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers matched. PR49809 [Eric Covener]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) Regexps: introduce new higher-level regexp utility including parsing
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers and executing perl-style regexp ops (e.g s/foo/bar/i) and regexp memory
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt *) Proxy: support setting source address. PR 29404
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Multiple contributors iterating through bugzilla,
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Aron Ujvari <xanco nikhok.hu>, Aleksey Midenkov <asm uezku.kemsu.ru>,
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers <dan listening-station.net; trunk version Nick Kew]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) HTTP protocol: return 400 not 503 if we have to abort due to malformed
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers chunked encoding. [Nick Kew]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay SieversChanges with Apache 2.3.8
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) suexec: Support large log files. PR 45856. [Stefan Fritsch]
df7daa9a689277126b9eb36508abcc2510fa5594Martin Pitt *) core: Abort with sensible error message if no or more than one MPM is
df7daa9a689277126b9eb36508abcc2510fa5594Martin Pitt loaded. [Stefan Fritsch]
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt *) mod_proxy: Rename erroronstatus to failonstatus.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Daniel Ruggeri <DRuggeri primary.net>]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_dav_fs: Fix broken "creationdate" property.
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt Regression in version 2.3.7. [Rainer Jung]
d946bb53f94713241004810de92cc37f1e19c2d2Martin PittChanges with Apache 2.3.7
a7792fecc36fa3e9dae4a5a00aaacdf1da9a661bMartin Pitt *) SECURITY: CVE-2010-1452 (cve.mitre.org)
a7792fecc36fa3e9dae4a5a00aaacdf1da9a661bMartin Pitt mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
a7792fecc36fa3e9dae4a5a00aaacdf1da9a661bMartin Pitt segment. PR: 49246 [Mark Drayton, Jeff Trawick]
a7792fecc36fa3e9dae4a5a00aaacdf1da9a661bMartin Pitt *) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
df7daa9a689277126b9eb36508abcc2510fa5594Martin Pitt [Stefan Fritsch]
df7daa9a689277126b9eb36508abcc2510fa5594Martin Pitt *) mod_rewrite: Log errors if rewrite map files cannot be opened. PR 49639.
df7daa9a689277126b9eb36508abcc2510fa5594Martin Pitt [Stefan Fritsch]
d258d4967eb24122c2b1014d4e873f61b633f1d2Martin Pitt *) mod_proxy_http: Support the 'ping' property for backend HTTP/1.1 servers
d258d4967eb24122c2b1014d4e873f61b633f1d2Martin Pitt via leveraging 100-Continue as the initial "request".
d258d4967eb24122c2b1014d4e873f61b633f1d2Martin Pitt [Jim Jagielski]
d258d4967eb24122c2b1014d4e873f61b633f1d2Martin Pitt *) core/mod_authz_core: Introduce new access_checker_ex hook that enables
d258d4967eb24122c2b1014d4e873f61b633f1d2Martin Pitt mod_authz_core to bypass authentication if access should be allowed by
d258d4967eb24122c2b1014d4e873f61b633f1d2Martin Pitt IP address/env var/... [Stefan Fritsch]
d258d4967eb24122c2b1014d4e873f61b633f1d2Martin Pitt *) core: Introduce note_auth_failure hook to allow modules to add support
d258d4967eb24122c2b1014d4e873f61b633f1d2Martin Pitt for additional auth types. This makes ap_note_auth_failure() work with
d258d4967eb24122c2b1014d4e873f61b633f1d2Martin Pitt mod_auth_digest again. PR 48807. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_authn_socache: new module [Nick Kew]
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt *) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
ce39bb6909578017aa10031638e724e038f0b859Kay Sievers *) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]
ce39bb6909578017aa10031638e724e038f0b859Kay Sievers *) mod_rewrite: Allow to set environment variables without explicitly
ce39bb6909578017aa10031638e724e038f0b859Kay Sievers giving a value. [Rainer Jung]
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt *) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt *) mod_include: recognise "text/html; parameters" as text/html
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt PR 49616 [Andrey Chernov <ache nagual.pp.ru>]
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt *) CGI vars: allow PATH to be set by SetEnv, consistent with LD_LIBRARY_PATH
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt PR 43906 [Nick Kew]
ce39bb6909578017aa10031638e724e038f0b859Kay Sievers *) Core: Extra robustness: don't try authz and segfault if authn
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt fails to set r->user. Log bug and return 500 instead.
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt PR 42995 [Nick Kew]
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt *) HTTP protocol filter: fix handling of longer chunk extensions
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt *) Update SSL cipher suite and add example for SSLHonorCipherOrder.
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt [Lars Eilebrecht, Rainer Jung]
ce39bb6909578017aa10031638e724e038f0b859Kay Sievers *) move AddOutputFilterByType from core to mod_filter. This should
ce39bb6909578017aa10031638e724e038f0b859Kay Sievers fix nasty side-effects that happen when content_type is set
ce39bb6909578017aa10031638e724e038f0b859Kay Sievers more than once in processing a request, and make it fully
ce39bb6909578017aa10031638e724e038f0b859Kay Sievers compatible with dynamic and proxied contents. [Nick Kew]
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt *) mod_log_config: Implement logging for sub second timestamps and
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt request end time. [Rainer Jung]
1b6bce89b3383904d0dab619dd38bff673f7286eMartin PittChanges with Apache 2.3.6
bf89b99c5a39115112c2eda4c2103e2db54988d2Martin Pitt *) SECURITY: CVE-2009-3555 (cve.mitre.org)
bf89b99c5a39115112c2eda4c2103e2db54988d2Martin Pitt mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
bf89b99c5a39115112c2eda4c2103e2db54988d2Martin Pitt attack when compiled against OpenSSL version 0.9.8m or later. Introduces
bf89b99c5a39115112c2eda4c2103e2db54988d2Martin Pitt the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
bf89b99c5a39115112c2eda4c2103e2db54988d2Martin Pitt and offer unsafe legacy renegotiation with clients which do not yet
bf89b99c5a39115112c2eda4c2103e2db54988d2Martin Pitt support the new secure renegotiation protocol, RFC 5746.
ce39bb6909578017aa10031638e724e038f0b859Kay Sievers [Joe Orton, and with thanks to the OpenSSL Team]
ce39bb6909578017aa10031638e724e038f0b859Kay Sievers *) SECURITY: CVE-2009-3555 (cve.mitre.org)
ce39bb6909578017aa10031638e724e038f0b859Kay Sievers mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
ce39bb6909578017aa10031638e724e038f0b859Kay Sievers by rejecting any client-initiated renegotiations. Forcibly disable
bf89b99c5a39115112c2eda4c2103e2db54988d2Martin Pitt keepalive for the connection if there is any buffered data readable. Any
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt configuration which requires renegotiation for per-directory/location
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
1b6bce89b3383904d0dab619dd38bff673f7286eMartin Pitt [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) SECURITY: CVE-2010-0408 (cve.mitre.org)
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers when request headers indicate a request body is incoming; not a case of
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) SECURITY: CVE-2010-0425 (cve.mitre.org)
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers mod_isapi: Do not unload an isapi .dll module until the request
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers processing is completed, avoiding orphaned callback pointers.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Filter init functions are now run strictly once per request
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers before handler invocation. The init functions are no longer run
19c98efe17155734698c12482cd40834a89f0e48Lennart Poettering for connection filters. PR 49328. [Joe Orton]
19c98efe17155734698c12482cd40834a89f0e48Lennart Poettering *) core: Adjust the output filter chain correctly in an internal
19c98efe17155734698c12482cd40834a89f0e48Lennart Poettering redirect from a subrequest, preserving filters from the main
19c98efe17155734698c12482cd40834a89f0e48Lennart Poettering request as necessary. PR 17629. [Joe Orton]
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt Response if they so choose to do so. Previously an attempt to cache a 206
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt was arbitrarily allowed if the response contained an Expires or
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt Cache-Control header, and arbitrarily denied if both headers were missing.
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt [Graham Leggett]
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt *) core: Add microsecond timestamp fractions, process id and thread id
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt to the error log. [Rainer Jung]
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt *) configure: The "most" module set gets build by default. [Rainer Jung]
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt *) configure: Fix broken VPATH build when using included APR.
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt [Rainer Jung]
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt *) mod_session_crypto: Fix configure problem when building
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt with APR 2 and for VPATH builds with included APR.
792d616391159f4fa992341bf264c9407e480c6dMartin Pitt [Rainer Jung]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_session_crypto: API compatibility with APR 2 crypto and
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers APR Util 1.x crypto. [Rainer Jung]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) ab: Fix memory leak with -v2 and SSL. PR 49383.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Pavel Kankovsky <peak argo troja mff cuni cz>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Add per-module and per-directory loglevel configuration.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Add some more trace logging.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers mod_ssl: Replace LogLevelDebugDump with trace log levels.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers mod_dumpio: Replace DumpIOLogLevel with trace log levels.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Stefan Fritsch]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers title page only) when any mod_ldap directives were used in VirtualHost
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers context. [Eric Covener]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_disk_cache: Decline the opportunity to cache if the response is
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers a 206 Partial Content. This stops a reverse proxied partial response
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers from becoming cached, and then being served in subsequent responses.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_deflate: avoid the risk of forwarding data before headers are set.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 49369 [Matthew Steele <mdsteele google.com>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_authnz_ldap: Ensure nested groups are checked when the
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers top-level group doesn't have any direct non-group members
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers of attributes in AuthLDAPGroupAttribute. [Eric Covener]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_authnz_ldap: Search or Comparison during authorization phase
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers can use the credentials from the authentication phase
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 48340 [Domenico Rotiroti, Eric Covener]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_authnz_ldap: Allow the initial DN search during authentication
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers to use the HTTP username/pass instead of an anonymous or hard-coded
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Eric Covener]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers when this module is used for authorization. See AuthLDAPAuthorizePrefix.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers PR 45584 [Eric Covener]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) apxs -q: Stop filtering out ':' characters from the reported values.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers PR 45343. [Bill Cole]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) prefork MPM: Work around possible crashes on child exit in APR reslist
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers cleanup code. PR 43857. [Tom Donovan]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Bryn Dole <dole blekko.com>]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) Log an error for failures to read a chunk-size, and return 408 instead of
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers 413 when this is due to a read timeout. This change also fixes some cases
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers of two error documents being sent in the response for the same scenario.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Eric Covener] PR49167
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers to control/set the nonce used in the balancer-manager application.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Jim Jagielski]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Stefan Fritsch]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) Proxy balancer: support setting error status according to HTTP response
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) htcacheclean: Introduce the ability to clean specific URLs from the
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers cache, if provided as an optional parameter on the command line.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Graham Leggett]
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers *) core: Introduce the IncludeStrict directive, which explicitly fails
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers server startup if no files or directories match a wildcard path.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) htcacheclean: Report additional statistics about entries deleted.
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers PR 48944. [Mark Drayton mark markdrayton.info]
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers build of openssl is required for 'SSLFIPS on'. PR 46270.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Dr Stephen Henson <steve openssl.org>, William Rowe]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_proxy_http: Log the port of the remote server in various messages.
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers PR 48812. [Igor Galić <i galic brainsware org>]
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_proxy_ajp: Really regard the operation a success, when the client
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers aborted the connection. In addition adjust the log message if the client
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers aborted the connection. [Ruediger Pluem]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers allows insecure renegotiation with clients which do not yet
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers support the secure renegotiation protocol. [Joe Orton]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers is configured for client cert auth. PR 46952. [Joe Orton]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) core: Only log a 408 if it is no keepalive timeout. PR 39785
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Ruediger Pluem, Mark Montague <markmont umich.edu>]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) support/rotatelogs: Add -L option to create a link to the current
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers setting only, matching most of the documentation and examples.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers PR 46541 [Paul Reder, Eric Covener]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_negotiation: Preserve query string over multiviews negotiation.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers This buglet was fixed for type maps in 2.2.6, but the same issue
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers affected multiviews and was overlooked.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers PR 33112 [Joergen Thomsen <apache jth.net>]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers when some are not password-protected. [Eric Covener]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) Fix startup segfault when the Mutex directive is used but no loaded
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers modules use httpd mutexes. PR 48787. [Jeff Trawick]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) Proxy: get the headers right in a HEAD request with
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers ProxyErrorOverride, by checking for an overridden error
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers before not after going into a catch-all code path.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers PR 41646. [Nick Kew, Stuart Children]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) support/rotatelogs: Support the simplest log rotation case, log
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers truncation. Useful when the log is being processed in real time
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers using a command like tail. [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) support/htcacheclean: Teach it how to write a pid file (modelled on
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers httpd's writing of a pid file) so that it becomes possible to run
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers more than one instance of htcacheclean on the same machine.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) Log command line on startup, so there's a record of command line
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers arguments like -f. PR 48752. [Dan Poirier]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) Introduce mod_reflector, a handler capable of reflecting POSTed
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers request bodies back within the response through the output filter
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers stack. Can be used to turn an output filter into a web service.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_proxy_http: Make sure that when an ErrorDocument is served
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers from a reverse proxied URL, that the subrequest respects the status
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers of the original request. This brings the behaviour of proxy_handler
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt in line with default_handler. PR 47106. [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) Support wildcards in both the directory and file components of
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers the path specified by the Include directive. [Graham Leggett]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_proxy, mod_proxy_http: Support remote https proxies
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers by using HTTP CONNECT. PR 19188.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Philip M. Gollucci]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) worker: Don't report server has reached MaxClients until it has.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers Add message when server gets within MinSpareThreads of MaxClients.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers PR 46996. [Dan Poirier]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_session: Session expiry was being initialised, but not updated
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers on each session save, resulting in timed out sessions when there
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers should not have been. Fixed. [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_log_config: Add the R option to log the handler used within the
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt request. [Christian Folini <christian.folini netnea com>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_include: Allow fine control over the removal of Last-Modified and
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers ETag headers within the INCLUDES filter, making it possible to cache
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers responses if desired. Fix the default value of the SSIAccessEnable
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers directive. [Graham Leggett]
9e3dbf6b2b99d0e16989d9cedb458729db5a60c3Zbigniew Jędrzejewski-Szmek *) Add new UnDefine directive to undefine a variable. PR 35350.
9e3dbf6b2b99d0e16989d9cedb458729db5a60c3Zbigniew Jędrzejewski-Szmek [Stefan Fritsch]
9e3dbf6b2b99d0e16989d9cedb458729db5a60c3Zbigniew Jędrzejewski-Szmek *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
9e3dbf6b2b99d0e16989d9cedb458729db5a60c3Zbigniew Jędrzejewski-Szmek for regex backreferences as mod_rewrite and mod_include: Remove the use
4c02dd7153f970244950b5e00f7bdfea8d2ff0beKay Sievers of '&' as an alias for '$0' and allow to escape any character with a
9e3dbf6b2b99d0e16989d9cedb458729db5a60c3Zbigniew Jędrzejewski-Szmek backslash. PR 48351. [Stefan Fritsch]
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers password to UTF-8. PR 45318.
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) ab: Fix calculation of requests per second in HTML output. PR 48594.
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers [Stefan Fritsch]
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers password now result in an informational level log entry instead of
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers warning level. [Eric Covener]
ee2babf4c36f9ab65e9ebbe966ed7839c532df45Martin PittChanges with Apache 2.3.5
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) SECURITY: CVE-2010-0434 (cve.mitre.org)
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Ensure each subrequest has a shallow copy of headers_in so that the
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers parent request headers are not corrupted. Eliminates a problematic
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers optimization in the case of no request body. PR 48359
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Jake Scott, William Rowe, Ruediger Pluem]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) Turn static function get_server_name_for_url() into public
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers ap_get_server_name_for_url() and use it where appropriate. This
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers fixes mod_rewrite generating invalid URLs for redirects to IPv6
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers literal addresses. [Stefan Fritsch]
6e1452d6f015ebca6801e497d12bc6c7c114386dMartin Pitt *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
6e1452d6f015ebca6801e497d12bc6c7c114386dMartin Pitt for LDAP operations like bind and search. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers mod_proxy_ftp. [Takashi Sato]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers mod_proxy_connect. [Takashi Sato]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cache: Do an exact match of the keys defined by
93a279e34a8d2c38b1c6bcf750548e730f5309d8Herczeg Zsolt CacheIgnoreURLSessionIdentifiers against the querystring instead of
6e1452d6f015ebca6801e497d12bc6c7c114386dMartin Pitt a partial match. PR 48401.
6e1452d6f015ebca6801e497d12bc6c7c114386dMartin Pitt [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
6e1452d6f015ebca6801e497d12bc6c7c114386dMartin Pitt *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
6e1452d6f015ebca6801e497d12bc6c7c114386dMartin Pitt *) Core HTTP: disable keepalive when the Client has sent
6e1452d6f015ebca6801e497d12bc6c7c114386dMartin Pitt Expect: 100-continue
6e1452d6f015ebca6801e497d12bc6c7c114386dMartin Pitt but we respond directly with a non-100 response.
6e1452d6f015ebca6801e497d12bc6c7c114386dMartin Pitt Keepalive here led to data from clients continuing being treated as
6e1452d6f015ebca6801e497d12bc6c7c114386dMartin Pitt a new request.
77e8ff6974ffaa6c9954e3d2264d9aa75ef25233Kieran Clancy PR 47087 [Nick Kew]
dcafc342bfa44d4d5ee76e5ddc12fd36f8f64af5Dmitry Pisklov *) Core: reject NULLs in request line or request headers.
77e8ff6974ffaa6c9954e3d2264d9aa75ef25233Kieran Clancy PR 43039 [Nick Kew]
93a279e34a8d2c38b1c6bcf750548e730f5309d8Herczeg Zsolt *) Core: (re)-introduce -T commandline option to suppress documentroot
93a279e34a8d2c38b1c6bcf750548e730f5309d8Herczeg Zsolt check at startup.
93a279e34a8d2c38b1c6bcf750548e730f5309d8Herczeg Zsolt PR 41887 [Jan van den Berg <janvdberg gmail.com>]
93a279e34a8d2c38b1c6bcf750548e730f5309d8Herczeg Zsolt *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
93a279e34a8d2c38b1c6bcf750548e730f5309d8Herczeg Zsolt ScanHTMLTitles, ReadmeName, HeaderName
93a279e34a8d2c38b1c6bcf750548e730f5309d8Herczeg Zsolt PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
35bffce819222e18dd363027d7a6ad4fc245b05fMartin Pitt *) Proxy: Fix ProxyPassReverse with relative URL
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Derived (slightly erroneously) from PR 38864 [Nick Kew]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_headers: align Header Edit with Header Set when used on Content-Type
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_headers: Enable multi-match-and-replace edit option
dfa2ea215df5f1e78084de862a54c0f1f321a13aRaudi PR 46594 [Nick Kew]
dfa2ea215df5f1e78084de862a54c0f1f321a13aRaudi *) mod_filter: enable it to act on non-200 responses.
dfa2ea215df5f1e78084de862a54c0f1f321a13aRaudi PR 48377 [Nick Kew]
dfa2ea215df5f1e78084de862a54c0f1f321a13aRaudiChanges with Apache 2.3.4
15f392394e75ffb7f318920008fd1bbe4e82b488Scott Thrasher *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
15f392394e75ffb7f318920008fd1bbe4e82b488Scott Thrasher and WatchdogMutexPath with a single Mutex directive. Add APIs to
15f392394e75ffb7f318920008fd1bbe4e82b488Scott Thrasher simplify setup and user customization of APR proc and global mutexes.
15f392394e75ffb7f318920008fd1bbe4e82b488Scott Thrasher (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
15f392394e75ffb7f318920008fd1bbe4e82b488Scott Thrasher respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
15f392394e75ffb7f318920008fd1bbe4e82b488Scott Thrasher *) http_core: KeepAlive no longer accepts other than On|Off.
15f392394e75ffb7f318920008fd1bbe4e82b488Scott Thrasher [Takashi Sato]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Jeff Trawick]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers try other providers in the case of an LDAP bind failure.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) Build: fix --with-module to work as documented
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 43881 [Gez Saunders <gez.saunders virgin.net>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay SieversChanges with Apache 2.3.3
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) SECURITY: CVE-2009-3095 (cve.mitre.org)
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers mod_proxy_ftp: sanity check authn credentials.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Stefan Fritsch <sf fritsch.de>, Joe Orton]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) SECURITY: CVE-2009-3094 (cve.mitre.org)
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers mod_proxy_ftp: NULL pointer dereference on error paths.
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers [Stefan Fritsch <sf fritsch.de>, Joe Orton]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_dav: Include uri when logging a PUT error due to connection abort.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 38149. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers (a COPY request where the parent of the destination resource does not
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers exist). PR 39299. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 42896. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers creating files. On systems with inode numbers, this is a format change of
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers the DavLockDB. The old DavLockDB must be deleted on upgrade.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_log_config: Make ${cookie}C correctly match whole cookie names
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) vhost: A purely-numeric Host: header should not be treated as a port.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 44979 [Nick Kew]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers LDAPReferralHopLimit is explicitly configured.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Eric Covener]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers [Eric Covener]
7b36bf82c4deeadef6d914cef750b4a51ff2ed48Martin Pitt *) mod_ssl: Add support for OCSP Stapling. PR 43822.
7b36bf82c4deeadef6d914cef750b4a51ff2ed48Martin Pitt [Dr Stephen Henson <shenson oss-institute.org>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_socache_shmcb: Allow parens in file name if cache size is given.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Fixes SSLSessionCache directive mis-parsing parens in pathname.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 47945. [Stefan Fritsch]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers *) mod_sed: Reduce memory consumption when processing very long lines.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) ab: Fix segfault in case the argument for -n is a very large number.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 47178. [Philipp Hagemeister <oss phihag.de>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers for worker MPM. [Takashi Sato]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Brian France <brian brianfrance.com>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) Build: Use install instead of cp if available on installing
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cache: correctly consider s-maxage in cacheability
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt decisions. [Dan Poirier]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_logio/core: Report more accurate byte counts in mod_status if
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers mod_logio is loaded. PR 25656. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers some cache entries and log a warning. Also increase the default
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers LDAPSharedCacheSize to 500000. This is a more realistic size suitable
176cceb051fd9537239e5e8a43f80a33d06fe3b8Zbigniew Jędrzejewski-Szmek for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
176cceb051fd9537239e5e8a43f80a33d06fe3b8Zbigniew Jędrzejewski-Szmek PR 46749. [Stefan Fritsch]
176cceb051fd9537239e5e8a43f80a33d06fe3b8Zbigniew Jędrzejewski-Szmek *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
176cceb051fd9537239e5e8a43f80a33d06fe3b8Zbigniew Jędrzejewski-Szmek the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
176cceb051fd9537239e5e8a43f80a33d06fe3b8Zbigniew Jędrzejewski-Szmek *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
bc9cdba5ddf78d0ecb5c64f55621bb2f474ea280Jose Ignacio Naranjo Location section, in line with how ProxyPass works. [Graham Leggett]
bc9cdba5ddf78d0ecb5c64f55621bb2f474ea280Jose Ignacio Naranjo *) mod_reqtimeout: New module to set timeouts and minimum data rates for
bc9cdba5ddf78d0ecb5c64f55621bb2f474ea280Jose Ignacio Naranjo receiving requests from the client. [Stefan Fritsch]
bc9cdba5ddf78d0ecb5c64f55621bb2f474ea280Jose Ignacio Naranjo *) core: Fix potential memory leaks by making sure to not destroy
bc9cdba5ddf78d0ecb5c64f55621bb2f474ea280Jose Ignacio Naranjo bucket brigades that have been created by earlier filters.
2a61aaac6607d998e981481c34ae06e3e3ace4feUnai Uribarri [Stefan Fritsch]
2a61aaac6607d998e981481c34ae06e3e3ace4feUnai Uribarri *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
2a61aaac6607d998e981481c34ae06e3e3ace4feUnai Uribarri brigades in several places. [Stefan Fritsch]
2a61aaac6607d998e981481c34ae06e3e3ace4feUnai Uribarri *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
2a61aaac6607d998e981481c34ae06e3e3ace4feUnai Uribarri match by scheme, or by a wildcarded hostname. PR 40169
2a61aaac6607d998e981481c34ae06e3e3ace4feUnai Uribarri [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_mime: Make RemoveType override the info from TypesConfig.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 38330. [Stefan Fritsch]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_cache: Introduce the option to run the cache from within the
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers normal request handler, and to allow fine grained control over
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers where in the filter chain content is cached. [Graham Leggett]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) core: Treat timeout reading request as 408 error, not 400.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Log 408 errors in access log as was done in Apache 1.3.x.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Stefan Fritsch <sf fritsch.de>, Dan Poirier]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR15866. [Dan Poirier]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) ab: ab segfaults in verbose mode on https sites
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers PR46393. [Ryan Niebur]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_dav: Allow other modules to become providers and add resource types
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Brian France <brian brianfrance.com>]
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers *) mod_dav: Allow other modules to add things to the DAV or Allow headers
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
aedc2eddd16e48d468e6ad0aea2caf00c7d37365Kay Sievers Brian France <brian brianfrance.com>]
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers *) core: Lower memory usage of core output filter.
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers [Stefan Fritsch <sf sfritsch.de>]
0c959b39175b126fdb70ae00de37ca6d9c8ca3a1Kay Sievers *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers LocationMatch sections. PR47754. [Dan Poirier]
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers *) mod_request: Make sure the KeptBodySize directive rejects values
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers that aren't valid numbers. [Graham Leggett]
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt *) mod_session_crypto: Sanity check should the potentially encrypted
c79af123de72cdb70f122c7fda5b2401acc5ea7bMartin Pitt session cookie be too short. [Graham Leggett]
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt *) mod_session.c: Prevent a segfault when session is added but not
c9cf047362cd8e4530c10bc7c2d6db988452305dMartin Pitt configured. [Graham Leggett]
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers *) mod_auth_digest: Fail server start when nonce count checking
b534166eaec8fef9902a68f75cab8eeae458b23cMartin Pitt is configured without shared memory, or md5-sess algorithm is
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers configured. [Dan Poirier]
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers *) mod_proxy_connect: The connect method doesn't work if the client is
e8193554925a22b63bef0e77b8397b56d63a91ffKay Sievers connecting to the apache proxy through an ssl socket. Fixed.
definition. [Stefan Fritsch sf sfritsch.de]
*) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
PR 46971 [evanc nortel.com]
[Stefan Fritsch <sf sfritsch.de>]
for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
PR 42175 [Jim Radford <radford blackbean.org>]
type. PR 45107. [Michael Ströder <michael stroeder.com>,
PR 44020 [Håkon Stordahl <hakon stordahl.org>]
CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
PR 46942 [Dan Poirier <poirier pobox.com>]
PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
[Marko Kevac <mkevac gmail.com>]
as A/UX, Next, and Tandem. [Jeff Trawick]
directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
of module state across unload/load. [Jeff Trawick]
[Dan Poirier <poirier pobox.com>]
[Geoff Keating <geoffk apple.com>]
with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
a media type has not been configured via mime.types, AddType,
[Ryan Phillips <ryan-apache trolocsis.com>]
[<tlhackque yahoo.com>]
*) prefork: Fix child process hang during graceful restart/stop in
*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
times out before returning status line/headers.
PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
[Theo Schlossnagle <jesus omniti.com>, Paul Querna]
modules/proxy/balancers [Jim Jagielski]
privileges and Unix user/group IDs [Nick Kew]
logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
*) unixd: turn existing code into a module, and turn the set user/group
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
*) New module mod_sed: filter Request/Response bodies through sed
null value. [David Shane Holden <dpejesh apache.org>]
both inside and outside the location/directory sections, as
form request with the type of application/x-www-form-urlencoded.
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnz_ldap: Add support for nested groups (i.e. the ability
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later: