CHANGES revision 3ef519991d73cff6763052b5a44c206bda01541d
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm -*- coding: utf-8 -*-
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmChanges with Apache 2.3.14
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) suexec: Add environment variables CONTEXT_DOCUMENT_ROOT, CONTEXT_PREFIX,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm REDIRECT_ERROR_NOTES, REDIRECT_SCRIPT_FILENAME, REQUEST_SCHEME to the
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm whitelist in suexec. PR 51499. [Graham Laverty <graham reg ca>,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_rewrite: Fix regexp RewriteCond with NoCase. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_log_debug: New module that allows to log custom messages at various
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm phases in the request processing. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Add some debug logging when loading server certificates.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm PR 37912. [Nick Burch <nick burch alfresco com>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) configure: Support reallyall option also for --enable-mods-static.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Rainer Jung]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_socache_dc: add --with-distcache to configure for choosing
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm the distcache installation directory. [Rainer Jung]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_socache_dc: use correct build variable MOD_SOCACHE_DC_LDADD
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm instead of MOD_SOCACHE_LDADD in build macro. [Rainer Jung]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_lua, mod_deflate: respect platform specific runpath linker
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm flag. [Rainer Jung]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) configure: Only link the httpd binary against PCRE. No other support
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm binary needs PCRE. [Rainer Jung]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) configure: tolerate dependency checking failures for modules if
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm they have been enabled implicitely. [Rainer Jung]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) configure: Allow to specify module specific custom linker flags via
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm the MOD_XXX_LDADD variables. [Rainer Jung]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmChanges with Apache 2.3.13
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) ab: Support specifying the local address to use. PR 48930.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Peter Schuller <scode spotify com>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Add support to ErrorLogFormat for logging the system unique
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm thread id under Linux. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) event: New AsyncRequestWorkerFactor directive to influence how many
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm connections will be accepted per process. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) prefork, worker, event: Rename MaxClients to MaxRequestWorkers which
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm describes more accurately what it does. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) rotatelogs: Add -p argument to specify custom program to invoke
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm after a log rotation. PR 51285. [Sven Ulland <sveniu ifi.uio.no>,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm Joe Orton]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Don't do OCSP checks for valid self-issued certs. [Kaspar Brand]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Avoid unnecessary renegotiations with SSLVerifyDepth 0.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm PR 48215. [Kaspar Brand]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_status: Display information about asynchronous connections in the
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm server-status. PR 44377. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mpm_event: If the number of connections of a process is very high, or if
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm all workers are busy, don't accept new connections in that process.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mpm_event: Process lingering close asynchronously instead of tying up
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm worker threads. [Jeff Trawick, Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mpm_event: If MaxMemFree is set, limit the number of pools that is kept
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm around. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mpm_event: Fix graceful restart aborting connections. PR 43359.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Takashi Sato <takashi lans-tv com>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Disable AECDH ciphers in example config. PR 51363.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Rob Stradling <rob comodo com>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Introduce new function ap_get_conn_socket() to access the socket of
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm a connection. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_data: Introduce a filter to support RFC2397 data URLs. [Graham
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_userdir/mod_alias/mod_vhost_alias: Correctly set DOCUMENT_ROOT,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm CONTEXT_DOCUMENT_ROOT, CONTEXT_PREFIX. PR 26052. PR 46198.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Allow to override document_root on a per-request basis. Introduce
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm new context_document_root and context_prefix which provide information
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm about non-global URI-to-directory mappings (from e.g. mod_userdir or
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm mod_alias) to scripts. PR 49705. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Add <ElseIf> and <Else> to complement <If> sections.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ext_filter: Remove DebugLevel option in favor of per-module loglevel.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_include: Make the "#if expr" element use the new "ap_expr" expression
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm parser. The old parser can still be used by setting the new directive
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm SSILegacyExprParser. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Add some features to ap_expr for use by mod_include: a restricted
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm mode that does not allow to bypass request access restrictions; new
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm variables DOCUMENT_URI (alias for REQUEST_URI), LAST_MODIFIED; -A as an
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm alias for -U; an additional data entry in ap_expr_eval_ctx_t for use by
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm the consumer; an extensible ap_expr_exec_ctx() API that allows to use that
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm data entry. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_include: Merge directory configs instead of one SSI* config directive
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm causing all other per-directory SSI* config directives to be reset.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_charset_lite: Remove DebugLevel option in favour of per-module
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm loglevel. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Add ap_regexec_len() function that works with non-null-terminated
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm strings. PR 51231. [Yehezkel Horowitz <horowity checkpoint com>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_authnz_ldap: If the LDAP server returns constraint violation,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm don't treat this as an error but as "auth denied". [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy_fcgi|scgi: Add support for "best guess" of PATH_INFO
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm for SCGI/FCGI. PR 50880, 50851. [Mark Montague <mark catseye.org>,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm Jim Jagielski]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache: When content is served stale, and there is no means to
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm revalidate the content using ETag or Last-Modified, and we have
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm mandated no stale-on-error behaviour, stand down and don't cache.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm Saves a cache write that will never be read.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_reqtimeout: Fix a timed out connection going into the keep-alive
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm state after a timeout when discarding a request body. PR 51103.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Add various file existance test operators to ap_expr.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy_express: New mass reverse-proxy switch extension for
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm mod_proxy. [Jim Jagielski]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) configure: Fix script error when configuring module set "reallyall".
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Rainer Jung]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmChanges with Apache 2.3.12
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) configure, core: Provide easier support for APR's hook probe
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm capability. [Jim Jagielski, Jeff Trawick]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) Silence autoconf 2.68 warnings. [Rainer Jung]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_authnz_ldap: Resolve crash when LDAP is used for authorization only
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Scott Hill <shill genscape.com>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) support: Make sure check_forensic works with mod_unique_id loaded
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Joe Schaefer]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) Add child_status hook for tracking creation/termination of MPM child
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm processes. Add end_generation hook for notification when the last
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm MPM child of a generation exits. [Jeff Trawick]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ldap: Make LDAPSharedCacheSize 0 create a non-shared-memory cache per
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm process as opposed to disabling caching completely. This allows to use
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm the non-shared-memory cache as a workaround for the shared memory cache
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm not being available during graceful restarts. PR 48958. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) Add new ap_reserve_module_slots/ap_reserve_module_slots_directive API,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm necessary if a module (like mod_perl) registers additional modules late
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm in the startup phase. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Prevent segfault if DYNAMIC_MODULE_LIMIT is reached. PR 51072.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Torsten Förtsch <torsten foertsch gmx net>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) WinNT MPM: Improve robustness under heavy load. [Jeff Trawick]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) MinGW build improvements. PR 49535. [John Vandenberg
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm <jayvdb gmail.com>, Jeff Trawick]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Support module names with colons in loglevel configuration.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Torsten Förtsch <torsten foertsch gmx net>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Abort if the MPM is changed across restart. [Jeff Trawick]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Peter Pramberger <peter pramberger.at>, Jim Jagielski]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy_fcgi: Add support for 'ProxyErrorOverride on'. PR 50913.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Mark Montague <mark catseye.org>, Jim Jagielski]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Change the APIs of ap_cfg_getline() and ap_cfg_getc() to return an
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm error code. Abort with a nice error message if a config line is too long.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm Partial fix for PR 50824. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_info: Dump config to stdout during startup if -DDUMP_CONFIG is
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm specified. PR 31956. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) Restore visibility of DEFAULT_PIDLOG to core and modules. MPM
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm helper function ap_remove_pid() added. [Jeff Trawick]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) Enable DEFAULT_REL_RUNTIMEDIR on Windows and NetWare. [various]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) Correct C++ incompatibility with http_log.h. [Stefan Fritsch, Jeff
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_log_config: Prevent segfault. PR 50861. [Torsten Förtsch
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm in request URL path info but not decode them. Change behavior of option
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm "On" to decode the encoded slashes as 2.0 and 2.2 do. PR 35256,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm PR 46830. [Dan Poirier]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Check SNI hostname against Host header case-insensitively.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm PR 49491. [Mayank Agrawal <magrawal.08 gmail.com>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ldap: Add LDAPConnectionPoolTTL to give control over lifetime
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm of bound backend LDAP connections. PR47634 [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache: Make CacheEnable and CacheDisable configurable per
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm directory in addition to per server, making them work from within
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm a LocationMatch. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) worker, event, prefork: Correct several issues when built as
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm DSOs; most notably, the scoreboard was reinitialized during graceful
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm restart, such that processes of the previous generation were not
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm observable. [Jeff Trawick]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmChanges with Apache 2.3.11
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_win32: Added shebang check for '! so that .vbs scripts work as CGI.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm Win32's cscript interpreter can only use a single quote as comment char.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Guenter Knauf]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy: balancer-manager now uses POST instead of GET.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Jim Jagielski]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: new util function: ap_parse_form_data(). Previously,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm this capability was tucked away in mod_request. [Jim Jagielski]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: new hook: ap_run_pre_read_request. [Jim Jagielski]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache: When a request other than GET or HEAD arrives, we must
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm invalidate existing cache entities as per RFC2616 13.10. PR 15868.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) modules: Fix many modules that were not correctly initializing if they
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm were not active during server startup but got enabled later during a
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm graceful restart. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Create new ap_state_query function that allows modules to determine
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm if the current configuration run is the initial one at server startup,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm and if the server is started for testing/config dumping only.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy: Runtime configuration of many parameters for existing
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm balancers via the balancer-manager. [Jim Jagielski]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy: Runtime addition of new workers (BalancerMember) for existing
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm balancers via the balancer-manager. [Jim Jagielski]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache: When a bad Expires date is present, we need to behave as if
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm the Expires is in the past, not as if the Expires is missing. PR 16521.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Co-Advisor <coad@measurement-factory.com>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache: We must ignore quoted-string values that appear in a
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm Cache-Control header. PR 50199. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_dav: Revert change to send 501 error if unknown Content-* header is
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm received for a PUT request. PR 42978. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache: Respect s-maxage as described by RFC2616 14.9.3, which must
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm take precedence if present. PR 35247. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Fix a possible startup failure if multiple SSL vhosts
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm are configured with the same ServerName and private key file.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Masahiro Matsuya <mmatsuya redhat.com>, Joe Orton]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_socache_dc: Make module compile by fixing some typos.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm PR 50735 [Mark Montague <mark catseye.org>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) prefork: Update MPM state in children during a graceful stop or
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm restart. PR 41743. [Andrew Punch <andrew.punch 247realmedia.com>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_mime: Ignore leading dots when looking for mime extensions.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm PR 50434 [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Add support to set variables with the 'Define' directive. The
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm variables that can then be used in the config using the ${VAR} syntax
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm known from envvar interpolation. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy_http: make adding of X-Forwarded-* headers configurable.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm ProxyAddHeaders defaults to On. [Vincent Deffontaines]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_slotmem_shm: Increase memory alignment for slotmem data.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Rainer Jung]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Add config options for OCSP: SSLOCSPResponderTimeout,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm SSLOCSPResponseMaxAge, SSLOCSPResponseTimeSkew.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Kaspar Brand <httpd-dev.2011 velox.ch>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Revamp output buffering to reduce network overhead for
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm output fragmented into many buckets, such as chunked HTTP responses.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Joe Orton]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Apply <If> sections to all requests, not only to file base requests.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm Allow to use <If> inside <Directory>, <Location>, and <Files> sections.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm The merging of <If> sections now happens after the merging of <Location>
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm sections, even if an <If> section is embedded inside a <Directory> or
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm <Files> section. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy: Refactor usage of shared data by dropping the scoreboard
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm and using slotmem. Create foundation for dynamic growth/changes of
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm members within a balancer. Remove BalancerNonce in favor of a
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm per-balancer 'nonce' parameter. [Jim Jagielski]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_status: Don't show slots which are disabled by MaxClients as open.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm PR: 47022 [Jordi Prats <jordi prats gmail com>, Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mpm_prefork: Fix ap_mpm_query results for AP_MPMQ_MAX_DAEMONS and
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm AP_MPMQ_MAX_THREADS.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_authz_core: Fix bug in merging logic if user-based and non-user-based
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm authorization directives were mixed. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_authn_socache: change directive name from AuthnCacheProvider
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm to AuthnCacheProvideFor. The term "provider" is overloaded in
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm this module, and we should avoid confusion between the provider
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm of a backend (AuthnCacheSOCache) and the authn provider(s) for
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm which this module provides cacheing (AuthnCacheProvideFor).
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Nick Kew]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy_http: Allocate the fake backend request from a child pool
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm of the backend connection, instead of misusing the pool of the frontend
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm request. Fixes a thread safety issue where buckets set aside in the
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm backend connection leak into other threads, and then disappear when
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm the frontend request is cleaned up, in turn causing corrupted buckets
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm to make other threads spin. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm escape other special characters with backslashes. The old format can
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm still be used with the LegacyDNStringFormat argument to SSLOptions.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core, mod_rewrite: Make the REQUEST_SCHEME variable available to
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm scripts and mod_rewrite. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_rewrite: Allow to use arbitrary boolean expressions (ap_expr) in
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm RewriteCond. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_rewrite: Allow to unset environment variables using E=!VAR.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm PR 49512. [Mark Drayton <mark markdrayton info>, Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_headers: Restore the 2.3.8 and earlier default for the first
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm argument of the Header directive ("onsuccess"). [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Disallow the mixing of relative and absolute Options PR 33708.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Sönke Tesch <st kino-fahrplan.de>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: When exporting request headers to HTTP_* environment variables,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm drop variables whose names contain invalid characters. Describe in the
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: When selecting an IP-based virtual host, favor an exact match for
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm the port over a wildcard (or omitted) port instead of favoring the one
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm that came first in the configuration file. [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Overlapping virtual host address/port combinations now implicitly
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm enable name-based virtual hosting for that address. The NameVirtualHost
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm directive has no effect, and _default_ is interpreted the same as "*".
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: In the absence of any Options directives, the default is now
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm "FollowSymlinks" instead of "All". [Igor Galić]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) rotatelogs: Add -e option to write logs through to stdout for optional
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm further processing. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Correctly read full lines in input filter when the line is
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm incomplete during first read. PR 50481. [Ruediger Pluem]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_authz_core: Add AuthzSendForbiddenOnFailure directive to allow
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm sending '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authorization
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm fails for an authenticated user. PR 40721. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmChanges with Apache 2.3.10
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_rewrite: Don't implicitly URL-escape the original query string
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm when no substitution has changed it. PR 50447. [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Honor 'AcceptPathInfo OFF' during internal redirects,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm such as per-directory mod_rewrite substitutions. PR 50349.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm rules/conditions before the overridden rules/conditions. PR 39313.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_autoindex: add IndexIgnoreReset to reset the list of IndexIgnored
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm filenames in higher precedence configuration sections. PR 24243.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cgid: RLimit* directive support for mod_cgid. PR 42135
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Fail startup when the argument to ServerName looks like a glob
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm or a regular expression instead of a hostname (*?[]). PR 39863
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_userdir: Add merging of enable, disable, and filename arguments
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm to UserDir directive, leaving enable/disable of userlists unmerged.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm PR 44076 [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) httpd: When no -k option is provided on the httpd command line, the server
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm was starting without checking for an existing pidfile. PR 50350
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy: Put the worker in error state if the SSL handshake with the
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm backend fails. PR 50332.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache_disk: Fix Windows build which was broken after renaming
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm the module. [Gregg L. Smith]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gmChanges with Apache 2.3.9
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) SECURITY: CVE-2010-1623 (cve.mitre.org)
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm Fix a denial of service attack against mod_reqtimeout.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_headers: Change default first argument of Header directive
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm from "onsuccess" to "always". [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_include: Add the onerror attribute to the include element,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm allowing an URL to be specified to include on error. [Graham
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache_disk: mod_disk_cache renamed to mod_cache_disk, to be
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm consistent with the naming of other modules. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_setenvif: Add SetEnvIfExpr directive to set env var depending on
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm expression. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy: Fix ProxyPassInterpolateEnv directive. PR 50292.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm binary (Suexec Off), or force startup failure if suEXEC is required
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm but not supported (Suexec On). Change SuexecUserGroup to fail
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm startup instead of just printing a warning if suEXEC is disabled.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Jeff Trawick]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Add Error directive for aborting startup or htaccess processing
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm with a specified error message. [Jeff Trawick]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_rewrite: Fix the RewriteEngine directive to work within a
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm location. Previously, once RewriteEngine was switched on globally,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm it was impossible to switch off. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core, mod_include, mod_ssl: Move the expression parser derived from
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm mod_include back into mod_include. Replace ap_expr with a parser
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm derived from mod_ssl's parser. Make mod_ssl use the new parser. Rework
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm ap_expr's public interface and provide hooks for modules to add variables
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm and functions. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Do the hook sorting earlier so that the hooks are properly sorted
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm for the pre_config hook and during parsing the config. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: In the absence of any AllowOverride directives, the default is now
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm "None" instead of "All". PR49823 [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm <Directory> or <Files>. PR47765 [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) prefork/worker/event MPMS: default value (when no directive is present)
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm to match default configuration and manual. PR47782 [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm when the child process is starting to exit. PR50220. [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_autoindex: Fix inheritance of mod_autoindex directives into
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm contexts that don't have any mod_autoindex directives. PR47766.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm of rewrite processing when a per-directory substitution occurs.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Eric Covener]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Make sure to always log an error if loading of CA certificates
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_dav: Send 400 error if malformed Content-Range header is received for
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy: Release the backend connection as soon as EOS is detected,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm so the backend isn't forced to wait for the client to eventually
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm acknowledge the data. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy: Optimise ProxyPass within a Location so that it is stored
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm per-directory, and chosen during the location walk. Make ProxyPass
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm work correctly from within a LocationMatch. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Fix segfault if per-module LogLevel is on virtual host
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm scope. PR 50117. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_proxy: Move the ProxyErrorOverride directive to have per
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm directory scope. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_allowmethods: New module to deny certain HTTP methods without
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm interfering with authentication/authorization. [Paul Querna,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm Igor Galić, Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Log certificate information and improve error message if client
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) htcacheclean: Teach htcacheclean to limit cache size by number of
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm inodes in addition to size of files. Prevents a cache disk from
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm running out of space when many small files are cached.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm describes more accurately what the directive does. The old name
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm still works but logs a warning. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache: Optionally serve stale data when a revalidation returns a
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm 5xx response, controlled by the CacheStaleOnError directive.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) htcacheclean: Allow the listing of valid URLs within the cache, with
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm the option to list entry metadata such as sizes and times. [Graham
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache: correctly parse quoted strings in cache headers.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm PR 50199 [Nick Kew]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache: Allow control over the base URL of reverse proxied requests
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm using the CacheKeyBaseURL directive, so that the cache key can be
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm calculated from the endpoint URL instead of the server URL. [Graham
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache: CacheLastModifiedFactor, CacheStoreNoStore, CacheStorePrivate,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm CacheStoreExpired, CacheIgnoreNoLastMod, CacheDefaultExpire,
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm CacheMinExpire and CacheMaxExpire can be set per directory/location.
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_disk_cache: CacheMaxFileSize, CacheMinFileSize, CacheReadSize and
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm CacheReadTime can be set per directory/location. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) core: Speed up config parsing if using a very large number of config
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm files. PR 50002 [andrew cloudaccess net]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) htcacheclean: Allow the option to round up file sizes to a given
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm block size, improving the accuracy of disk usage. [Graham Leggett]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Add authz providers for use with mod_authz_core and its
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm 'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm 'ssl-require' (expressions with same syntax as SSLRequire).
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_ssl: Make the ssl expression parser thread-safe. It now requires
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm bison instead of yacc. [Stefan Fritsch]
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm *) mod_disk_cache: Change on-disk header file format to support the
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm link of the device/inode of the data file to the matching header
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm file, and to support the option of not writing a data file when
88f8b78a88cbdc6d8c1af5c3e54bc49d25095c98gm the data file is empty. [Graham Leggett]
*) core/mod_unique_id: Add generate_log_id hook to allow to use
decision hit/miss/revalidate. Add optional support for an X-Cache
and/or an X-Cache-Detail header to add the cache status to the
<dan listening-station.net; trunk version Nick Kew]
[Daniel Ruggeri <DRuggeri primary.net>]
*) SECURITY: CVE-2010-1452 (cve.mitre.org)
*) core/mod_authz_core: Introduce new access_checker_ex hook that enables
IP address/env var/... [Stefan Fritsch]
PR 49616 [Andrey Chernov <ache nagual.pp.ru>]
*) SECURITY: CVE-2009-3555 (cve.mitre.org)
*) SECURITY: CVE-2009-3555 (cve.mitre.org)
configuration which requires renegotiation for per-directory/location
*) SECURITY: CVE-2010-0408 (cve.mitre.org)
*) SECURITY: CVE-2010-0425 (cve.mitre.org)
[Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
APR Util 1.x crypto. [Rainer Jung]
mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
PR 49369 [Matthew Steele <mdsteele google.com>]
to use the HTTP username/pass instead of an anonymous or hard-coded
[Bryn Dole <dole blekko.com>]
to control/set the nonce used in the balancer-manager application.
code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
PR 48944. [Mark Drayton mark markdrayton.info]
[Dr Stephen Henson <steve openssl.org>, William Rowe]
[Ruediger Pluem, Mark Montague <markmont umich.edu>]
*) support/rotatelogs: Add -L option to create a link to the current
log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
*) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
PR 33112 [Joergen Thomsen <apache jth.net>]
*) support/rotatelogs: Support the simplest log rotation case, log
*) support/htcacheclean: Teach it how to write a pid file (modelled on
[Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
*) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
request. [Christian Folini <christian.folini netnea com>]
[Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
*) SECURITY: CVE-2010-0434 (cve.mitre.org)
[Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
PR 41887 [Jan van den Berg <janvdberg gmail.com>]
PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
(See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
*) SECURITY: CVE-2009-3095 (cve.mitre.org)
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
*) SECURITY: CVE-2009-3094 (cve.mitre.org)
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
[Dr Stephen Henson <shenson oss-institute.org>]
PR 47178. [Philipp Hagemeister <oss phihag.de>]
Brian France <brian brianfrance.com>]
modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
*) mod_logio/core: Report more accurate byte counts in mod_status if
for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
[Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
Log 408 errors in access log as was done in Apache 1.3.x.
PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
Stefan Fritsch <sf fritsch.de>, Dan Poirier]
Brian France <brian brianfrance.com>]
Brian France <brian brianfrance.com>]
[Stefan Fritsch <sf sfritsch.de>]
*) mod_session.c: Prevent a segfault when session is added but not
definition. [Stefan Fritsch sf sfritsch.de]
*) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
PR 46971 [evanc nortel.com]
[Stefan Fritsch <sf sfritsch.de>]
for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
PR 42175 [Jim Radford <radford blackbean.org>]
type. PR 45107. [Michael Ströder <michael stroeder.com>,
PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
PR 46942 [Dan Poirier <poirier pobox.com>]
PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
[Marko Kevac <mkevac gmail.com>]
as A/UX, Next, and Tandem. [Jeff Trawick]
directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
of module state across unload/load. [Jeff Trawick]
[Dan Poirier <poirier pobox.com>]
[Geoff Keating <geoffk apple.com>]
with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
a media type has not been configured via mime.types, AddType,
[Ryan Phillips <ryan-apache trolocsis.com>]
[<tlhackque yahoo.com>]
*) prefork: Fix child process hang during graceful restart/stop in
*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
times out before returning status line/headers.
PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
[Theo Schlossnagle <jesus omniti.com>, Paul Querna]
modules/proxy/balancers [Jim Jagielski]
privileges and Unix user/group IDs [Nick Kew]
logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
*) unixd: turn existing code into a module, and turn the set user/group
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
*) New module mod_sed: filter Request/Response bodies through sed
null value. [David Shane Holden <dpejesh apache.org>]
both inside and outside the location/directory sections, as
form request with the type of application/x-www-form-urlencoded.
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnz_ldap: Add support for nested groups (i.e. the ability
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later: