CHANGES revision 40b22d3b20454959fe51fdc89907908d77701078
af84459fbf938e508fd10b01cb8d699c79083813takashi -*- coding: utf-8 -*-
af84459fbf938e508fd10b01cb8d699c79083813takashiChanges with Apache 2.3.9
af84459fbf938e508fd10b01cb8d699c79083813takashi *) SECURITY: CVE-2010-1623 (cve.mitre.org)
af84459fbf938e508fd10b01cb8d699c79083813takashi Fix a denial of service attack against mod_reqtimeout.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_proxy: Move the ProxyErrorOverride directive to have per
af84459fbf938e508fd10b01cb8d699c79083813takashi directory scope. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_allowmethods: New module to deny certain HTTP methods without
af84459fbf938e508fd10b01cb8d699c79083813takashi interfering with authentication/authorization. [Paul Querna,
af84459fbf938e508fd10b01cb8d699c79083813takashi Igor Galić, Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ssl: Log certificate information if client cert verification
af84459fbf938e508fd10b01cb8d699c79083813takashi fails. PR 50094. [Lassi Tuura <lat cern ch>, Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) htcacheclean: Teach htcacheclean to limit cache size by number of
af84459fbf938e508fd10b01cb8d699c79083813takashi inodes in addition to size of files. Prevents a cache disk from
af84459fbf938e508fd10b01cb8d699c79083813takashi running out of space when many small files are cached.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
af84459fbf938e508fd10b01cb8d699c79083813takashi describes more accurately what the directive does. The old name
af84459fbf938e508fd10b01cb8d699c79083813takashi still works but logs a warning. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Optionally serve stale data when a revalidation returns a
af84459fbf938e508fd10b01cb8d699c79083813takashi 5xx response, controlled by the CacheStaleOnError directive.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) htcacheclean: Allow the listing of valid URLs within the cache, with
af84459fbf938e508fd10b01cb8d699c79083813takashi the option to list entry metadata such as sizes and times. [Graham
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Allow control over the base URL of reverse proxied requests
af84459fbf938e508fd10b01cb8d699c79083813takashi using the CacheKeyBaseURL directive, so that the cache key can be
af84459fbf938e508fd10b01cb8d699c79083813takashi calculated from the endpoint URL instead of the server URL. [Graham
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: CacheLastModifiedFactor, CacheStoreNoStore, CacheStorePrivate,
af84459fbf938e508fd10b01cb8d699c79083813takashi CacheStoreExpired, CacheIgnoreNoLastMod, CacheDefaultExpire,
af84459fbf938e508fd10b01cb8d699c79083813takashi CacheMinExpire and CacheMaxExpire can be set per directory/location.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_disk_cache: CacheMaxFileSize, CacheMinFileSize, CacheReadSize and
af84459fbf938e508fd10b01cb8d699c79083813takashi CacheReadTime can be set per directory/location. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Speed up config parsing if using a very large number of config
af84459fbf938e508fd10b01cb8d699c79083813takashi files. PR 50002 [andrew cloudaccess net]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) htcacheclean: Allow the option to round up file sizes to a given
af84459fbf938e508fd10b01cb8d699c79083813takashi block size, improving the accuracy of disk usage. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ssl: Add authz providers for use with mod_authz_core and its
af84459fbf938e508fd10b01cb8d699c79083813takashi RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
af84459fbf938e508fd10b01cb8d699c79083813takashi 'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
af84459fbf938e508fd10b01cb8d699c79083813takashi 'ssl-require' (expressions with same syntax as SSLRequire).
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ssl: Make the ssl expression parser thread-safe. It now requires
af84459fbf938e508fd10b01cb8d699c79083813takashi bison instead of yacc. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_disk_cache: Change on-disk header file format to support the
af84459fbf938e508fd10b01cb8d699c79083813takashi link of the device/inode of the data file to the matching header
af84459fbf938e508fd10b01cb8d699c79083813takashi file, and to support the option of not writing a data file when
af84459fbf938e508fd10b01cb8d699c79083813takashi the data file is empty. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core/mod_unique_id: Add generate_log_id hook to allow to use
af84459fbf938e508fd10b01cb8d699c79083813takashi the ID generated by mod_unique_id as error log ID for requests.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Make sure that we never allow a 304 Not Modified response
af84459fbf938e508fd10b01cb8d699c79083813takashi that we asked for to leak to the client should the 304 response be
af84459fbf938e508fd10b01cb8d699c79083813takashi uncacheable. PR45341 [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Add the cache_status hook to register the final cache
af84459fbf938e508fd10b01cb8d699c79083813takashi decision hit/miss/revalidate. Add optional support for an X-Cache
af84459fbf938e508fd10b01cb8d699c79083813takashi and/or an X-Cache-Detail header to add the cache status to the
af84459fbf938e508fd10b01cb8d699c79083813takashi response. PR48241 [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_authz_host: Add 'local' provider that matches connections originating
af84459fbf938e508fd10b01cb8d699c79083813takashi on the local host. PR 19938. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Event MPM: Fix crash accessing pollset on worker thread when child
af84459fbf938e508fd10b01cb8d699c79083813takashi process is exiting. [Jeff Trawick]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: For process invocation (cgi, fcgid, piped loggers and so forth)
af84459fbf938e508fd10b01cb8d699c79083813takashi pass the system library path (LD_LIBRARY_PATH or platform-specific
af84459fbf938e508fd10b01cb8d699c79083813takashi variables) along with the system PATH, by default. Both should be
af84459fbf938e508fd10b01cb8d699c79083813takashi overridden together as desired using PassEnv etc; see mod_env.
af84459fbf938e508fd10b01cb8d699c79083813takashi [William Rowe]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Introduce CacheStoreExpired, to allow administrators to
af84459fbf938e508fd10b01cb8d699c79083813takashi capture a stale backend response, perform If-Modified-Since requests
af84459fbf938e508fd10b01cb8d699c79083813takashi against the backend, and serving from the cache all 304 responses.
af84459fbf938e508fd10b01cb8d699c79083813takashi This restores pre-2.2.4 cache behavior. [William Rowe]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_rewrite: Introduce <=, >= string comparison operators, and integer
af84459fbf938e508fd10b01cb8d699c79083813takashi comparators -lt, -le, -eq, -ge, and -gt. To help bash users and drop
af84459fbf938e508fd10b01cb8d699c79083813takashi the ambiguity of the symlink test "-ltest", introduce -h or -L as
af84459fbf938e508fd10b01cb8d699c79083813takashi symlink test operators. [William Rowe]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Give the cache provider the opportunity to choose to cache
af84459fbf938e508fd10b01cb8d699c79083813takashi or not cache based on the buckets present in the brigade, such as the
af84459fbf938e508fd10b01cb8d699c79083813takashi presence of a FILE bucket.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_authz_core: Allow authz providers to check args while reading the
af84459fbf938e508fd10b01cb8d699c79083813takashi config and allow to cache parsed args. Move 'all' and 'env' authz
af84459fbf938e508fd10b01cb8d699c79083813takashi providers from mod_authz_host to mod_authz_core. Add 'method' authz
af84459fbf938e508fd10b01cb8d699c79083813takashi provider depending on the HTTP method. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_include: Move the request_rec within mod_include to be
af84459fbf938e508fd10b01cb8d699c79083813takashi exposed within include_ctx_t. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_include: Reinstate support for UTF-8 character sets by allowing a
af84459fbf938e508fd10b01cb8d699c79083813takashi variable being echoed or set to be decoded and then encoded as separate
af84459fbf938e508fd10b01cb8d699c79083813takashi steps. PR47686 [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Add a discrete commit_entity() provider function within the
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_cache provider interface which is called to indicate to the
af84459fbf938e508fd10b01cb8d699c79083813takashi provider that caching is complete, giving the provider the opportunity
af84459fbf938e508fd10b01cb8d699c79083813takashi to commit temporary files permanently to the cache in an atomic
af84459fbf938e508fd10b01cb8d699c79083813takashi fashion. Replace the inconsistent use of error cleanups with a formal
af84459fbf938e508fd10b01cb8d699c79083813takashi set of pool cleanups attached to a subpool, which is destroyed on error.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Change the signature of the store_body() provider function
af84459fbf938e508fd10b01cb8d699c79083813takashi within the mod_cache provider interface to support an "in" brigade
af84459fbf938e508fd10b01cb8d699c79083813takashi and an "out" brigade instead of just a single input brigade. This
af84459fbf938e508fd10b01cb8d699c79083813takashi gives a cache provider the option to consume only part of the brigade
af84459fbf938e508fd10b01cb8d699c79083813takashi passed to it, rather than the whole brigade as was required before.
af84459fbf938e508fd10b01cb8d699c79083813takashi This fixes an out of memory and a request timeout condition that would
af84459fbf938e508fd10b01cb8d699c79083813takashi occur when the original document was a large file. Introduce
af84459fbf938e508fd10b01cb8d699c79083813takashi CacheReadSize and CacheReadTime directives to mod_disk_cache to control
af84459fbf938e508fd10b01cb8d699c79083813takashi the amount of data to attempt to cache at a time. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Add ErrorLogFormat to allow configuring error log format, including
af84459fbf938e508fd10b01cb8d699c79083813takashi additional information that is logged once per connection or request. Add
af84459fbf938e508fd10b01cb8d699c79083813takashi error log IDs for connections and request to allow correlating error log
af84459fbf938e508fd10b01cb8d699c79083813takashi lines and the corresponding access log entry. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Disable sendfile by default. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Check the request to determine whether we are allowed
af84459fbf938e508fd10b01cb8d699c79083813takashi to return cached content at all, and respect a "Cache-Control:
af84459fbf938e508fd10b01cb8d699c79083813takashi no-cache" header from a client. Previously, "no-cache" would
af84459fbf938e508fd10b01cb8d699c79083813takashi behave like "max-age=0". [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Use a proper filter context to hold filter data instead
af84459fbf938e508fd10b01cb8d699c79083813takashi of misusing the per-request configuration. Fixes a segfault on trunk
af84459fbf938e508fd10b01cb8d699c79083813takashi when the normal handler is used. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cgid: Log a warning if the ScriptSock path is truncated because
af84459fbf938e508fd10b01cb8d699c79083813takashi it is too long. PR 49388. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) vhosts: Do not allow _default_ in NameVirtualHost, or mixing *
af84459fbf938e508fd10b01cb8d699c79083813takashi and non-* ports on NameVirtualHost, or multiple NameVirtualHost
af84459fbf938e508fd10b01cb8d699c79083813takashi directives for the same address:port, or NameVirtualHost
af84459fbf938e508fd10b01cb8d699c79083813takashi directives with no matching VirtualHosts, or multiple ip-based
af84459fbf938e508fd10b01cb8d699c79083813takashi VirtualHost sections for the same address:port. These were
af84459fbf938e508fd10b01cb8d699c79083813takashi previously accepted with a warning, but the behavior was
af84459fbf938e508fd10b01cb8d699c79083813takashi undefined. [Dan Poirier]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_remoteip: Fix a segfault when using mod_remoteip in conjunction with
af84459fbf938e508fd10b01cb8d699c79083813takashi Allow/Deny. PR 49838. [Andrew Skalski <voltara gmail.com>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: DirectoryMatch can now match on the end of line character ($),
af84459fbf938e508fd10b01cb8d699c79083813takashi and sub-directories of matched directories are no longer implicitly
af84459fbf938e508fd10b01cb8d699c79083813takashi matched. PR49809 [Eric Covener]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Regexps: introduce new higher-level regexp utility including parsing
af84459fbf938e508fd10b01cb8d699c79083813takashi and executing perl-style regexp ops (e.g s/foo/bar/i) and regexp memory
af84459fbf938e508fd10b01cb8d699c79083813takashiChanges with Apache 2.3.8
af84459fbf938e508fd10b01cb8d699c79083813takashi *) suexec: Support large log files. PR 45856. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Abort with sensible error message if no or more than one MPM is
af84459fbf938e508fd10b01cb8d699c79083813takashi loaded. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_proxy: Rename erroronstatus to failonstatus.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Daniel Ruggeri <DRuggeri primary.net>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_dav_fs: Fix broken "creationdate" property.
af84459fbf938e508fd10b01cb8d699c79083813takashi Regression in version 2.3.7. [Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashiChanges with Apache 2.3.7
af84459fbf938e508fd10b01cb8d699c79083813takashi *) SECURITY: CVE-2010-1452 (cve.mitre.org)
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
af84459fbf938e508fd10b01cb8d699c79083813takashi segment. PR: 49246 [Mark Drayton, Jeff Trawick]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_rewrite: Log errors if rewrite map files cannot be opened. PR 49639.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_proxy_http: Support the 'ping' property for backend HTTP/1.1 servers
af84459fbf938e508fd10b01cb8d699c79083813takashi via leveraging 100-Continue as the initial "request".
af84459fbf938e508fd10b01cb8d699c79083813takashi [Jim Jagielski]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core/mod_authz_core: Introduce new access_checker_ex hook that enables
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_authz_core to bypass authentication if access should be allowed by
af84459fbf938e508fd10b01cb8d699c79083813takashi IP address/env var/... [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Introduce note_auth_failure hook to allow modules to add support
af84459fbf938e508fd10b01cb8d699c79083813takashi for additional auth types. This makes ap_note_auth_failure() work with
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_auth_digest again. PR 48807. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_authn_cache: new module [Nick Kew]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_rewrite: Allow to set environment variables without explicitly
af84459fbf938e508fd10b01cb8d699c79083813takashi giving a value. [Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_include: recognise "text/html; parameters" as text/html
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 49616 [Andrey Chernov <ache nagual.pp.ru>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) CGI vars: allow PATH to be set by SetEnv, consistent with LD_LIBRARY_PATH
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 43906 [Nick Kew]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Core: Extra robustness: don't try authz and segfault if authn
af84459fbf938e508fd10b01cb8d699c79083813takashi fails to set r->user. Log bug and return 500 instead.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 42995 [Nick Kew]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) HTTP protocol filter: fix handling of longer chunk extensions
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Update SSL cipher suite and add example for SSLHonorCipherOrder.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Lars Eilebrecht, Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) move AddOutputFilterByType from core to mod_filter. This should
af84459fbf938e508fd10b01cb8d699c79083813takashi fix nasty side-effects that happen when content_type is set
af84459fbf938e508fd10b01cb8d699c79083813takashi more than once in processing a request, and make it fully
af84459fbf938e508fd10b01cb8d699c79083813takashi compatible with dynamic and proxied contents. [Nick Kew]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_log_config: Implement logging for sub second timestamps and
af84459fbf938e508fd10b01cb8d699c79083813takashi request end time. [Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashiChanges with Apache 2.3.6
af84459fbf938e508fd10b01cb8d699c79083813takashi *) SECURITY: CVE-2009-3555 (cve.mitre.org)
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
af84459fbf938e508fd10b01cb8d699c79083813takashi attack when compiled against OpenSSL version 0.9.8m or later. Introduces
af84459fbf938e508fd10b01cb8d699c79083813takashi the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
af84459fbf938e508fd10b01cb8d699c79083813takashi and offer unsafe legacy renegotiation with clients which do not yet
af84459fbf938e508fd10b01cb8d699c79083813takashi support the new secure renegotiation protocol, RFC 5746.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Joe Orton, and with thanks to the OpenSSL Team]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) SECURITY: CVE-2009-3555 (cve.mitre.org)
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
af84459fbf938e508fd10b01cb8d699c79083813takashi by rejecting any client-initiated renegotiations. Forcibly disable
af84459fbf938e508fd10b01cb8d699c79083813takashi keepalive for the connection if there is any buffered data readable. Any
af84459fbf938e508fd10b01cb8d699c79083813takashi configuration which requires renegotiation for per-directory/location
af84459fbf938e508fd10b01cb8d699c79083813takashi access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) SECURITY: CVE-2010-0408 (cve.mitre.org)
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
af84459fbf938e508fd10b01cb8d699c79083813takashi when request headers indicate a request body is incoming; not a case of
af84459fbf938e508fd10b01cb8d699c79083813takashi HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) SECURITY: CVE-2010-0425 (cve.mitre.org)
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_isapi: Do not unload an isapi .dll module until the request
af84459fbf938e508fd10b01cb8d699c79083813takashi processing is completed, avoiding orphaned callback pointers.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Filter init functions are now run strictly once per request
af84459fbf938e508fd10b01cb8d699c79083813takashi before handler invocation. The init functions are no longer run
af84459fbf938e508fd10b01cb8d699c79083813takashi for connection filters. PR 49328. [Joe Orton]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Adjust the output filter chain correctly in an internal
af84459fbf938e508fd10b01cb8d699c79083813takashi redirect from a subrequest, preserving filters from the main
af84459fbf938e508fd10b01cb8d699c79083813takashi request as necessary. PR 17629. [Joe Orton]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
af84459fbf938e508fd10b01cb8d699c79083813takashi Response if they so choose to do so. Previously an attempt to cache a 206
af84459fbf938e508fd10b01cb8d699c79083813takashi was arbitrarily allowed if the response contained an Expires or
af84459fbf938e508fd10b01cb8d699c79083813takashi Cache-Control header, and arbitrarily denied if both headers were missing.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Add microsecond timestamp fractions, process id and thread id
af84459fbf938e508fd10b01cb8d699c79083813takashi to the error log. [Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) configure: The "most" module set gets build by default. [Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) configure: Fix broken VPATH build when using included APR.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_session_crypto: Fix configure problem when building
af84459fbf938e508fd10b01cb8d699c79083813takashi with APR 2 and for VPATH builds with included APR.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_session_crypto: API compatibility with APR 2 crypto and
af84459fbf938e508fd10b01cb8d699c79083813takashi APR Util 1.x crypto. [Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) ab: Fix memory leak with -v2 and SSL. PR 49383.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Pavel Kankovsky <peak argo troja mff cuni cz>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Add per-module and per-directory loglevel configuration.
af84459fbf938e508fd10b01cb8d699c79083813takashi Add some more trace logging.
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_ssl: Replace LogLevelDebugDump with trace log levels.
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_dumpio: Replace DumpIOLogLevel with trace log levels.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
af84459fbf938e508fd10b01cb8d699c79083813takashi title page only) when any mod_ldap directives were used in VirtualHost
af84459fbf938e508fd10b01cb8d699c79083813takashi context. [Eric Covener]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_disk_cache: Decline the opportunity to cache if the response is
af84459fbf938e508fd10b01cb8d699c79083813takashi a 206 Partial Content. This stops a reverse proxied partial response
af84459fbf938e508fd10b01cb8d699c79083813takashi from becoming cached, and then being served in subsequent responses.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_deflate: avoid the risk of forwarding data before headers are set.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 49369 [Matthew Steele <mdsteele google.com>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_authnz_ldap: Ensure nested groups are checked when the
af84459fbf938e508fd10b01cb8d699c79083813takashi top-level group doesn't have any direct non-group members
af84459fbf938e508fd10b01cb8d699c79083813takashi of attributes in AuthLDAPGroupAttribute. [Eric Covener]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_authnz_ldap: Search or Comparison during authorization phase
af84459fbf938e508fd10b01cb8d699c79083813takashi can use the credentials from the authentication phase
af84459fbf938e508fd10b01cb8d699c79083813takashi (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 48340 [Domenico Rotiroti, Eric Covener]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_authnz_ldap: Allow the initial DN search during authentication
af84459fbf938e508fd10b01cb8d699c79083813takashi to use the HTTP username/pass instead of an anonymous or hard-coded
af84459fbf938e508fd10b01cb8d699c79083813takashi LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
af84459fbf938e508fd10b01cb8d699c79083813takashi [Eric Covener]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
af84459fbf938e508fd10b01cb8d699c79083813takashi when this module is used for authorization. See AuthLDAPAuthorizePrefix.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 45584 [Eric Covener]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) apxs -q: Stop filtering out ':' characters from the reported values.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 45343. [Bill Cole]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) prefork MPM: Work around possible crashes on child exit in APR reslist
af84459fbf938e508fd10b01cb8d699c79083813takashi cleanup code. PR 43857. [Tom Donovan]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Bryn Dole <dole blekko.com>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Log an error for failures to read a chunk-size, and return 408 instead of
af84459fbf938e508fd10b01cb8d699c79083813takashi 413 when this is due to a read timeout. This change also fixes some cases
af84459fbf938e508fd10b01cb8d699c79083813takashi of two error documents being sent in the response for the same scenario.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Eric Covener] PR49167
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
af84459fbf938e508fd10b01cb8d699c79083813takashi to control/set the nonce used in the balancer-manager application.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Jim Jagielski]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Proxy balancer: support setting error status according to HTTP response
af84459fbf938e508fd10b01cb8d699c79083813takashi code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) htcacheclean: Introduce the ability to clean specific URLs from the
af84459fbf938e508fd10b01cb8d699c79083813takashi cache, if provided as an optional parameter on the command line.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Introduce the IncludeStrict directive, which explicitly fails
af84459fbf938e508fd10b01cb8d699c79083813takashi server startup if no files or directories match a wildcard path.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) htcacheclean: Report additional statistics about entries deleted.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 48944. [Mark Drayton mark markdrayton.info]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
af84459fbf938e508fd10b01cb8d699c79083813takashi builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
af84459fbf938e508fd10b01cb8d699c79083813takashi build of openssl is required for 'SSLFIPS on'. PR 46270.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Dr Stephen Henson <steve openssl.org>, William Rowe]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_proxy_http: Log the port of the remote server in various messages.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 48812. [Igor Galić <i galic brainsware org>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
af84459fbf938e508fd10b01cb8d699c79083813takashi connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_proxy_ajp: Really regard the operation a success, when the client
af84459fbf938e508fd10b01cb8d699c79083813takashi aborted the connection. In addition adjust the log message if the client
af84459fbf938e508fd10b01cb8d699c79083813takashi aborted the connection. [Ruediger Pluem]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
af84459fbf938e508fd10b01cb8d699c79083813takashi allows insecure renegotiation with clients which do not yet
af84459fbf938e508fd10b01cb8d699c79083813takashi support the secure renegotiation protocol. [Joe Orton]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
af84459fbf938e508fd10b01cb8d699c79083813takashi is configured for client cert auth. PR 46952. [Joe Orton]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Only log a 408 if it is no keepalive timeout. PR 39785
af84459fbf938e508fd10b01cb8d699c79083813takashi [Ruediger Pluem, Mark Montague <markmont umich.edu>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) support/rotatelogs: Add -L option to create a link to the current
af84459fbf938e508fd10b01cb8d699c79083813takashi log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
af84459fbf938e508fd10b01cb8d699c79083813takashi setting only, matching most of the documentation and examples.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 46541 [Paul Reder, Eric Covener]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
af84459fbf938e508fd10b01cb8d699c79083813takashi types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_negotiation: Preserve query string over multiviews negotiation.
af84459fbf938e508fd10b01cb8d699c79083813takashi This buglet was fixed for type maps in 2.2.6, but the same issue
af84459fbf938e508fd10b01cb8d699c79083813takashi affected multiviews and was overlooked.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 33112 [Joergen Thomsen <apache jth.net>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
af84459fbf938e508fd10b01cb8d699c79083813takashi when some are not password-protected. [Eric Covener]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Fix startup segfault when the Mutex directive is used but no loaded
af84459fbf938e508fd10b01cb8d699c79083813takashi modules use httpd mutexes. PR 48787. [Jeff Trawick]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Proxy: get the headers right in a HEAD request with
af84459fbf938e508fd10b01cb8d699c79083813takashi ProxyErrorOverride, by checking for an overridden error
af84459fbf938e508fd10b01cb8d699c79083813takashi before not after going into a catch-all code path.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 41646. [Nick Kew, Stuart Children]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) support/rotatelogs: Support the simplest log rotation case, log
af84459fbf938e508fd10b01cb8d699c79083813takashi truncation. Useful when the log is being processed in real time
af84459fbf938e508fd10b01cb8d699c79083813takashi using a command like tail. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) support/htcacheclean: Teach it how to write a pid file (modelled on
af84459fbf938e508fd10b01cb8d699c79083813takashi httpd's writing of a pid file) so that it becomes possible to run
af84459fbf938e508fd10b01cb8d699c79083813takashi more than one instance of htcacheclean on the same machine.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Log command line on startup, so there's a record of command line
af84459fbf938e508fd10b01cb8d699c79083813takashi arguments like -f. PR 48752. [Dan Poirier]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Introduce mod_reflector, a handler capable of reflecting POSTed
af84459fbf938e508fd10b01cb8d699c79083813takashi request bodies back within the response through the output filter
af84459fbf938e508fd10b01cb8d699c79083813takashi stack. Can be used to turn an output filter into a web service.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_proxy_http: Make sure that when an ErrorDocument is served
af84459fbf938e508fd10b01cb8d699c79083813takashi from a reverse proxied URL, that the subrequest respects the status
af84459fbf938e508fd10b01cb8d699c79083813takashi of the original request. This brings the behaviour of proxy_handler
af84459fbf938e508fd10b01cb8d699c79083813takashi in line with default_handler. PR 47106. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Support wildcards in both the directory and file components of
af84459fbf938e508fd10b01cb8d699c79083813takashi the path specified by the Include directive. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_proxy, mod_proxy_http: Support remote https proxies
af84459fbf938e508fd10b01cb8d699c79083813takashi by using HTTP CONNECT. PR 19188.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
af84459fbf938e508fd10b01cb8d699c79083813takashi [Philip M. Gollucci]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) worker: Don't report server has reached MaxClients until it has.
af84459fbf938e508fd10b01cb8d699c79083813takashi Add message when server gets within MinSpareThreads of MaxClients.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 46996. [Dan Poirier]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_session: Session expiry was being initialised, but not updated
af84459fbf938e508fd10b01cb8d699c79083813takashi on each session save, resulting in timed out sessions when there
af84459fbf938e508fd10b01cb8d699c79083813takashi should not have been. Fixed. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_log_config: Add the R option to log the handler used within the
af84459fbf938e508fd10b01cb8d699c79083813takashi request. [Christian Folini <christian.folini netnea com>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_include: Allow fine control over the removal of Last-Modified and
af84459fbf938e508fd10b01cb8d699c79083813takashi ETag headers within the INCLUDES filter, making it possible to cache
af84459fbf938e508fd10b01cb8d699c79083813takashi responses if desired. Fix the default value of the SSIAccessEnable
af84459fbf938e508fd10b01cb8d699c79083813takashi directive. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Add new UnDefine directive to undefine a variable. PR 35350.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
af84459fbf938e508fd10b01cb8d699c79083813takashi for regex backreferences as mod_rewrite and mod_include: Remove the use
af84459fbf938e508fd10b01cb8d699c79083813takashi of '&' as an alias for '$0' and allow to escape any character with a
af84459fbf938e508fd10b01cb8d699c79083813takashi backslash. PR 48351. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
af84459fbf938e508fd10b01cb8d699c79083813takashi password to UTF-8. PR 45318.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) ab: Fix calculation of requests per second in HTML output. PR 48594.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
af84459fbf938e508fd10b01cb8d699c79083813takashi password now result in an informational level log entry instead of
af84459fbf938e508fd10b01cb8d699c79083813takashi warning level. [Eric Covener]
af84459fbf938e508fd10b01cb8d699c79083813takashiChanges with Apache 2.3.5
af84459fbf938e508fd10b01cb8d699c79083813takashi *) SECURITY: CVE-2010-0434 (cve.mitre.org)
af84459fbf938e508fd10b01cb8d699c79083813takashi Ensure each subrequest has a shallow copy of headers_in so that the
af84459fbf938e508fd10b01cb8d699c79083813takashi parent request headers are not corrupted. Eliminates a problematic
af84459fbf938e508fd10b01cb8d699c79083813takashi optimization in the case of no request body. PR 48359
af84459fbf938e508fd10b01cb8d699c79083813takashi [Jake Scott, William Rowe, Ruediger Pluem]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Turn static function get_server_name_for_url() into public
af84459fbf938e508fd10b01cb8d699c79083813takashi ap_get_server_name_for_url() and use it where appropriate. This
af84459fbf938e508fd10b01cb8d699c79083813takashi fixes mod_rewrite generating invalid URLs for redirects to IPv6
af84459fbf938e508fd10b01cb8d699c79083813takashi literal addresses. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
af84459fbf938e508fd10b01cb8d699c79083813takashi for LDAP operations like bind and search. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_proxy_ftp. [Takashi Sato]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_proxy_connect. [Takashi Sato]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Do an exact match of the keys defined by
af84459fbf938e508fd10b01cb8d699c79083813takashi CacheIgnoreURLSessionIdentifiers against the querystring instead of
af84459fbf938e508fd10b01cb8d699c79083813takashi a partial match. PR 48401.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Core HTTP: disable keepalive when the Client has sent
af84459fbf938e508fd10b01cb8d699c79083813takashi Expect: 100-continue
af84459fbf938e508fd10b01cb8d699c79083813takashi but we respond directly with a non-100 response.
af84459fbf938e508fd10b01cb8d699c79083813takashi Keepalive here led to data from clients continuing being treated as
af84459fbf938e508fd10b01cb8d699c79083813takashi a new request.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 47087 [Nick Kew]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Core: reject NULLs in request line or request headers.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 43039 [Nick Kew]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Core: (re)-introduce -T commandline option to suppress documentroot
af84459fbf938e508fd10b01cb8d699c79083813takashi check at startup.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 41887 [Jan van den Berg <janvdberg gmail.com>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
af84459fbf938e508fd10b01cb8d699c79083813takashi ScanHTMLTitles, ReadmeName, HeaderName
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Proxy: Fix ProxyPassReverse with relative URL
af84459fbf938e508fd10b01cb8d699c79083813takashi Derived (slightly erroneously) from PR 38864 [Nick Kew]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_headers: align Header Edit with Header Set when used on Content-Type
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_headers: Enable multi-match-and-replace edit option
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 46594 [Nick Kew]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_filter: enable it to act on non-200 responses.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 48377 [Nick Kew]
af84459fbf938e508fd10b01cb8d699c79083813takashiChanges with Apache 2.3.4
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
af84459fbf938e508fd10b01cb8d699c79083813takashi and WatchdogMutexPath with a single Mutex directive. Add APIs to
af84459fbf938e508fd10b01cb8d699c79083813takashi simplify setup and user customization of APR proc and global mutexes.
af84459fbf938e508fd10b01cb8d699c79083813takashi (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
af84459fbf938e508fd10b01cb8d699c79083813takashi respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) http_core: KeepAlive no longer accepts other than On|Off.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Takashi Sato]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
af84459fbf938e508fd10b01cb8d699c79083813takashi and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Jeff Trawick]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
af84459fbf938e508fd10b01cb8d699c79083813takashi try other providers in the case of an LDAP bind failure.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Build: fix --with-module to work as documented
af84459fbf938e508fd10b01cb8d699c79083813takashiChanges with Apache 2.3.3
af84459fbf938e508fd10b01cb8d699c79083813takashi *) SECURITY: CVE-2009-3095 (cve.mitre.org)
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_proxy_ftp: sanity check authn credentials.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch <sf fritsch.de>, Joe Orton]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) SECURITY: CVE-2009-3094 (cve.mitre.org)
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_proxy_ftp: NULL pointer dereference on error paths.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch <sf fritsch.de>, Joe Orton]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
af84459fbf938e508fd10b01cb8d699c79083813takashi OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_dav: Include uri when logging a PUT error due to connection abort.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 38149. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
af84459fbf938e508fd10b01cb8d699c79083813takashi resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
af84459fbf938e508fd10b01cb8d699c79083813takashi (a COPY request where the parent of the destination resource does not
af84459fbf938e508fd10b01cb8d699c79083813takashi exist). PR 39299. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 42896. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
af84459fbf938e508fd10b01cb8d699c79083813takashi old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
af84459fbf938e508fd10b01cb8d699c79083813takashi creating files. On systems with inode numbers, this is a format change of
af84459fbf938e508fd10b01cb8d699c79083813takashi the DavLockDB. The old DavLockDB must be deleted on upgrade.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_log_config: Make ${cookie}C correctly match whole cookie names
af84459fbf938e508fd10b01cb8d699c79083813takashi instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
af84459fbf938e508fd10b01cb8d699c79083813takashi Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) vhost: A purely-numeric Host: header should not be treated as a port.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 44979 [Nick Kew]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
af84459fbf938e508fd10b01cb8d699c79083813takashi when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
af84459fbf938e508fd10b01cb8d699c79083813takashi LDAPReferralHopLimit is explicitly configured.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Eric Covener]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Eric Covener]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ssl: Add support for OCSP Stapling. PR 43822.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Dr Stephen Henson <shenson oss-institute.org>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_socache_shmcb: Allow parens in file name if cache size is given.
af84459fbf938e508fd10b01cb8d699c79083813takashi Fixes SSLSessionCache directive mis-parsing parens in pathname.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 47945. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_sed: Reduce memory consumption when processing very long lines.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) ab: Fix segfault in case the argument for -n is a very large number.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 47178. [Philipp Hagemeister <oss phihag.de>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
af84459fbf938e508fd10b01cb8d699c79083813takashi for worker MPM. [Takashi Sato]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
af84459fbf938e508fd10b01cb8d699c79083813takashi from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
af84459fbf938e508fd10b01cb8d699c79083813takashi Brian France <brian brianfrance.com>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) Build: Use install instead of cp if available on installing
af84459fbf938e508fd10b01cb8d699c79083813takashi modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: correctly consider s-maxage in cacheability
af84459fbf938e508fd10b01cb8d699c79083813takashi decisions. [Dan Poirier]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_logio/core: Report more accurate byte counts in mod_status if
af84459fbf938e508fd10b01cb8d699c79083813takashi mod_logio is loaded. PR 25656. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
af84459fbf938e508fd10b01cb8d699c79083813takashi some cache entries and log a warning. Also increase the default
af84459fbf938e508fd10b01cb8d699c79083813takashi LDAPSharedCacheSize to 500000. This is a more realistic size suitable
af84459fbf938e508fd10b01cb8d699c79083813takashi for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 46749. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
af84459fbf938e508fd10b01cb8d699c79083813takashi the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
af84459fbf938e508fd10b01cb8d699c79083813takashi Location section, in line with how ProxyPass works. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_reqtimeout: New module to set timeouts and minimum data rates for
af84459fbf938e508fd10b01cb8d699c79083813takashi receiving requests from the client. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Fix potential memory leaks by making sure to not destroy
af84459fbf938e508fd10b01cb8d699c79083813takashi bucket brigades that have been created by earlier filters.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
af84459fbf938e508fd10b01cb8d699c79083813takashi brigades in several places. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
af84459fbf938e508fd10b01cb8d699c79083813takashi match by scheme, or by a wildcarded hostname. PR 40169
af84459fbf938e508fd10b01cb8d699c79083813takashi [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
af84459fbf938e508fd10b01cb8d699c79083813takashi on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_mime: Make RemoveType override the info from TypesConfig.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 38330. [Stefan Fritsch]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_cache: Introduce the option to run the cache from within the
af84459fbf938e508fd10b01cb8d699c79083813takashi normal request handler, and to allow fine grained control over
af84459fbf938e508fd10b01cb8d699c79083813takashi where in the filter chain content is cached. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Treat timeout reading request as 408 error, not 400.
af84459fbf938e508fd10b01cb8d699c79083813takashi Log 408 errors in access log as was done in Apache 1.3.x.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
af84459fbf938e508fd10b01cb8d699c79083813takashi Stefan Fritsch <sf fritsch.de>, Dan Poirier]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
af84459fbf938e508fd10b01cb8d699c79083813takashi SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
af84459fbf938e508fd10b01cb8d699c79083813takashi PR15866. [Dan Poirier]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) ab: ab segfaults in verbose mode on https sites
af84459fbf938e508fd10b01cb8d699c79083813takashi PR46393. [Ryan Niebur]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_dav: Allow other modules to become providers and add resource types
af84459fbf938e508fd10b01cb8d699c79083813takashi to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
af84459fbf938e508fd10b01cb8d699c79083813takashi Brian France <brian brianfrance.com>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_dav: Allow other modules to add things to the DAV or Allow headers
af84459fbf938e508fd10b01cb8d699c79083813takashi of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
af84459fbf938e508fd10b01cb8d699c79083813takashi Brian France <brian brianfrance.com>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) core: Lower memory usage of core output filter.
af84459fbf938e508fd10b01cb8d699c79083813takashi [Stefan Fritsch <sf sfritsch.de>]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
af84459fbf938e508fd10b01cb8d699c79083813takashi LocationMatch sections. PR47754. [Dan Poirier]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_request: Make sure the KeptBodySize directive rejects values
af84459fbf938e508fd10b01cb8d699c79083813takashi that aren't valid numbers. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_session_crypto: Sanity check should the potentially encrypted
af84459fbf938e508fd10b01cb8d699c79083813takashi session cookie be too short. [Graham Leggett]
af84459fbf938e508fd10b01cb8d699c79083813takashi *) mod_session.c: Prevent a segfault when session is added but not
definition. [Stefan Fritsch sf sfritsch.de]
*) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
PR 46971 [evanc nortel.com]
[Stefan Fritsch <sf sfritsch.de>]
for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
PR 42175 [Jim Radford <radford blackbean.org>]
type. PR 45107. [Michael Ströder <michael stroeder.com>,
PR 44020 [Håkon Stordahl <hakon stordahl.org>]
CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
PR 46942 [Dan Poirier <poirier pobox.com>]
PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
[Marko Kevac <mkevac gmail.com>]
as A/UX, Next, and Tandem. [Jeff Trawick]
directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
of module state across unload/load. [Jeff Trawick]
[Dan Poirier <poirier pobox.com>]
[Geoff Keating <geoffk apple.com>]
with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
a media type has not been configured via mime.types, AddType,
[Ryan Phillips <ryan-apache trolocsis.com>]
[<tlhackque yahoo.com>]
*) prefork: Fix child process hang during graceful restart/stop in
*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
times out before returning status line/headers.
PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
[Theo Schlossnagle <jesus omniti.com>, Paul Querna]
modules/proxy/balancers [Jim Jagielski]
privileges and Unix user/group IDs [Nick Kew]
logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
*) unixd: turn existing code into a module, and turn the set user/group
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
*) New module mod_sed: filter Request/Response bodies through sed
null value. [David Shane Holden <dpejesh apache.org>]
both inside and outside the location/directory sections, as
form request with the type of application/x-www-form-urlencoded.
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnz_ldap: Add support for nested groups (i.e. the ability
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later:
Changes with Apache 1.3.x and later: