CHANGES revision 680e7b4c70df00b695883c824947ca6ec15d69ec
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews -*- coding: utf-8 -*-
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox UserChanges with Apache 2.3.7
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User *) SECURITY: CVE-2009-3555 (cve.mitre.org)
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User attack when compiled against OpenSSL version 0.9.8m or later. Introduces
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews and offer unsafe legacy renegotiation with clients which do not yet
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein support the new secure renegotiation protocol, RFC 5746.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Joe Orton, and with thanks to the OpenSSL Team]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) SECURITY: CVE-2009-3555 (cve.mitre.org)
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by rejecting any client-initiated renegotiations. Forcibly disable
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein keepalive for the connection if there is any buffered data readable. Any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein configuration which requires renegotiation for per-directory/location
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) SECURITY: CVE-2010-0408 (cve.mitre.org)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein when request headers indicate a request body is incoming; not a case of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) SECURITY: CVE-2010-0425 (cve.mitre.org)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mod_isapi: Do not unload an isapi .dll module until the request
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein processing is completed, avoiding orphaned callback pointers.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Stefan Fritsch]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) Proxy balancer: support setting error status according to HTTP response
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) htcacheclean: Introduce the ability to clean specific URLs from the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User cache, if provided as an optional parameter on the command line.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User [Graham Leggett]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User *) core: Introduce the IncludeStrict directive, which explicitly fails
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User server startup if no files or directories match a wildcard path.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Graham Leggett]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User *) htcacheclean: Report additional statistics about entries deleted.
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User PR 48944. [Mark Drayton mark markdrayton.info]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein build of openssl is required for 'SSLFIPS on'. PR 46270.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Dr Stephen Henson <steve openssl.org>, William Rowe]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_proxy_http: Log the port of the remote server in various messages.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews PR 48812. [Igor Galić <i galic brainsware org>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews *) mod_proxy_ajp: Really regard the operation a success, when the client
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein aborted the connection. In addition adjust the log message if the client
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein aborted the connection. [Ruediger Pluem]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allows insecure renegotiation with clients which do not yet
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User support the secure renegotiation protocol. [Joe Orton]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
c48c7872a0e020a63a96faed166c6ae960e4c1e9Mark Andrews is configured for client cert auth. PR 46952. [Joe Orton]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) core: Only log a 408 if it is no keepalive timeout. PR 39785
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews [Ruediger Pluem, Mark Montague <markmont umich.edu>]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews *) support/rotatelogs: Add -L option to create a link to the current
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User setting only, matching most of the documentation and examples.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 46541 [Paul Reder, Eric Covener]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews *) mod_negotiation: Preserve query string over multiviews negotiation.
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater This buglet was fixed for type maps in 2.2.6, but the same issue
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein affected multiviews and was overlooked.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 33112 [Joergen Thomsen <apache jth.net>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater when some are not password-protected. [Eric Covener]
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater *) Fix startup segfault when the Mutex directive is used but no loaded
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews modules use httpd mutexes. PR 48787. [Jeff Trawick]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Proxy: get the headers right in a HEAD request with
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater ProxyErrorOverride, by checking for an overridden error
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein before not after going into a catch-all code path.
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater PR 41646. [Nick Kew, Stuart Children]
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews *) support/rotatelogs: Support the simplest log rotation case, log
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews truncation. Useful when the log is being processed in real time
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews using a command like tail. [Graham Leggett]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) support/htcacheclean: Teach it how to write a pid file (modelled on
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein httpd's writing of a pid file) so that it becomes possible to run
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User more than one instance of htcacheclean on the same machine.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User [Graham Leggett]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User *) Log command line on startup, so there's a record of command line
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User arguments like -f. PR 48752. [Dan Poirier]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Introduce mod_reflector, a handler capable of reflecting POSTed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein request bodies back within the response through the output filter
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User stack. Can be used to turn an output filter into a web service.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Graham Leggett]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt *) mod_proxy_http: Make sure that when an ErrorDocument is served
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein from a reverse proxied URL, that the subrequest respects the status
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of the original request. This brings the behaviour of proxy_handler
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in line with default_handler. PR 47106. [Graham Leggett]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Support wildcards in both the directory and file components of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the path specified by the Include directive. [Graham Leggett]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy, mod_proxy_http: Support remote https proxies
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by using HTTP CONNECT. PR 19188.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinChanges with Apache 2.3.6
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) worker: Don't report server has reached MaxClients until it has.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Add message when server gets within MinSpareThreads of MaxClients.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 46996. [Dan Poirier]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_session: Session expiry was being initialised, but not updated
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein on each session save, resulting in timed out sessions when there
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein should not have been. Fixed. [Graham Leggett]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_log_config: Add the R option to log the handler used within the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein request. [Christian Folini <christian.folini netnea com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_include: Allow fine control over the removal of Last-Modified and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ETag headers within the INCLUDES filter, making it possible to cache
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein responses if desired. Fix the default value of the SSIAccessEnable
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein directive. [Graham Leggett]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Add new UnDefine directive to undefine a variable. PR 35350.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for regex backreferences as mod_rewrite and mod_include: Remove the use
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of '&' as an alias for '$0' and allow to escape any character with a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein backslash. PR 48351. [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein password to UTF-8. PR 45318.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) ab: Fix calculation of requests per second in HTML output. PR 48594.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein password now result in an informational level log entry instead of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein warning level. [Eric Covener]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinChanges with Apache 2.3.5
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) SECURITY: CVE-2010-0434 (cve.mitre.org)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Ensure each subrequest has a shallow copy of headers_in so that the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein parent request headers are not corrupted. Eliminates a problematic
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User optimization in the case of no request body. PR 48359
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User [Jake Scott, William Rowe, Ruediger Pluem]
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews *) Turn static function get_server_name_for_url() into public
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User ap_get_server_name_for_url() and use it where appropriate. This
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein fixes mod_rewrite generating invalid URLs for redirects to IPv6
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt literal addresses. [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for LDAP operations like bind and search. [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mod_proxy_ftp. [Takashi Sato]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mod_proxy_connect. [Takashi Sato]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_cache: Do an exact match of the keys defined by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein CacheIgnoreURLSessionIdentifiers against the querystring instead of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a partial match. PR 48401.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Core HTTP: disable keepalive when the Client has sent
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Expect: 100-continue
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein but we respond directly with a non-100 response.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Keepalive here led to data from clients continuing being treated as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a new request.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 47087 [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Core: reject NULLs in request line or request headers.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 43039 [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Core: (re)-introduce -T commandline option to suppress documentroot
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein check at startup.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 41887 [Jan van den Berg <janvdberg gmail.com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ScanHTMLTitles, ReadmeName, HeaderName
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Proxy: Fix ProxyPassReverse with relative URL
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Derived (slightly erroneously) from PR 38864 [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_headers: align Header Edit with Header Set when used on Content-Type
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_headers: Enable multi-match-and-replace edit option
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 47066 [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_filter: enable it to act on non-200 responses.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 48377 [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinChanges with Apache 2.3.4
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and WatchdogMutexPath with a single Mutex directive. Add APIs to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein simplify setup and user customization of APR proc and global mutexes.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) http_core: KeepAlive no longer accepts other than On|Off.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User [Takashi Sato]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Jeff Trawick]
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein try other providers in the case of an LDAP bind failure.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) Build: fix --with-module to work as documented
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 43881 [Gez Saunders <gez.saunders virgin.net>]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox UserChanges with Apache 2.3.3
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) SECURITY: CVE-2009-3095 (cve.mitre.org)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mod_proxy_ftp: sanity check authn credentials.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Stefan Fritsch <sf fritsch.de>, Joe Orton]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) SECURITY: CVE-2009-3094 (cve.mitre.org)
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User mod_proxy_ftp: NULL pointer dereference on error paths.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Stefan Fritsch <sf fritsch.de>, Joe Orton]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_dav: Include uri when logging a PUT error due to connection abort.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt PR 38149. [Stefan Fritsch]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User (a COPY request where the parent of the destination resource does not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein exist). PR 39299. [Stefan Fritsch]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 42896. [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein creating files. On systems with inode numbers, this is a format change of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the DavLockDB. The old DavLockDB must be deleted on upgrade.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Stefan Fritsch]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_log_config: Make ${cookie}C correctly match whole cookie names
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) vhost: A purely-numeric Host: header should not be treated as a port.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 44979 [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein LDAPReferralHopLimit is explicitly configured.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Eric Covener]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Eric Covener]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ssl: Add support for OCSP Stapling. PR 43822.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Dr Stephen Henson <shenson oss-institute.org>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_socache_shmcb: Allow parens in file name if cache size is given.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Fixes SSLSessionCache directive mis-parsing parens in pathname.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User PR 47945. [Stefan Fritsch]
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_sed: Reduce memory consumption when processing very long lines.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt *) ab: Fix segfault in case the argument for -n is a very large number.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 47178. [Philipp Hagemeister <oss phihag.de>]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Stefan Fritsch]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for worker MPM. [Takashi Sato]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Brian France <brian brianfrance.com>]
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews *) Build: Use install instead of cp if available on installing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_cache: correctly consider s-maxage in cacheability
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein decisions. [Dan Poirier]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_logio/core: Report more accurate byte counts in mod_status if
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mod_logio is loaded. PR 25656. [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User some cache entries and log a warning. Also increase the default
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein LDAPSharedCacheSize to 500000. This is a more realistic size suitable
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 46749. [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Location section, in line with how ProxyPass works. [Graham Leggett]
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews *) mod_reqtimeout: New module to set timeouts and minimum data rates for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein receiving requests from the client. [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) core: Fix potential memory leaks by making sure to not destroy
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein bucket brigades that have been created by earlier filters.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein brigades in several places. [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User match by scheme, or by a wildcarded hostname. PR 40169
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_mime: Make RemoveType override the info from TypesConfig.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 38330. [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_cache: Introduce the option to run the cache from within the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User normal request handler, and to allow fine grained control over
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User where in the filter chain content is cached. [Graham Leggett]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User *) core: Treat timeout reading request as 408 error, not 400.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Log 408 errors in access log as was done in Apache 1.3.x.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Stefan Fritsch <sf fritsch.de>, Dan Poirier]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR15866. [Dan Poirier]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) ab: ab segfaults in verbose mode on https sites
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt PR46393. [Ryan Niebur]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_dav: Allow other modules to become providers and add resource types
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User Brian France <brian brianfrance.com>]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews *) mod_dav: Allow other modules to add things to the DAV or Allow headers
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Brian France <brian brianfrance.com>]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews *) core: Lower memory usage of core output filter.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews [Stefan Fritsch <sf sfritsch.de>]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews LocationMatch sections. PR47754. [Dan Poirier]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_request: Make sure the KeptBodySize directive rejects values
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews that aren't valid numbers. [Graham Leggett]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews *) mod_session_crypto: Sanity check should the potentially encrypted
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein session cookie be too short. [Graham Leggett]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_session.c: Prevent a segfault when session is added but not
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein configured. [Graham Leggett]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_auth_digest: Fail server start when nonce count checking
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is configured without shared memory, or md5-sess algorithm is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein configured. [Dan Poirier]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy_connect: The connect method doesn't work if the client is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein connecting to the apache proxy through an ssl socket. Fixed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Kevin Croft, Rudolf Cardinal]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_ssl: The error message when SSLCertificateFile is missing should
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User at least give the name or position of the problematic virtual host
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein definition. [Stefan Fritsch sf sfritsch.de]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_headers: generalise the envclause to support expression
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein evaluation with ap_expr parser [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the flood of requests at bay that strike a backend webserver as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a cached entity goes stale. [Graham Leggett]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_auth_digest: Fix usage of shared memory and re-enable it.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 16057 [Dan Poirier]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Preserve Port information over internal redirects
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein rather than BAD_GATEWAY or (especially) NOT_FOUND.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 46971 [evanc nortel.com]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Various modules: Do better checking of pollset operations in order to
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User avoid segmentation faults if they fail. PR 46467
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Stefan Fritsch <sf sfritsch.de>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_autoindex: Correctly create an empty cell if the description
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) ab: Fix broken error messages after resolver or connect() failures.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Jeff Trawick]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) SECURITY: CVE-2009-1890 (cve.mitre.org)
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User Fix a potential Denial-of-Service attack against mod_proxy in a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein reverse proxy configuration, where a remote attacker can force a
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) SECURITY: CVE-2009-1191 (cve.mitre.org)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mod_proxy_ajp: Avoid delivering content from a previous request which
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein failed to send a request body. PR 46949 [Ruediger Pluem]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) htdbm: Fix possible buffer overflow if dbm database has very
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein long values. PR 30586 [Dan Poirier]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) core: Return APR_EOF if request body is shorter than the length announced
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_suexec: correctly set suexec_enabled when httpd is run by a
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User non-root user and may have insufficient permissions.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 42175 [Jim Radford <radford blackbean.org>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein type. PR 45107. [Michael Ströder <michael stroeder.com>,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_proxy_http: fix case sensitivity checking transfer encoding
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_alias: ensure Redirect issues a valid URL.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_dir: add FallbackResource directive, to enable admin to specify
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User an action to happen when a URL maps to no file, without resorting
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_rewrite: Remove locking for writing to the rewritelog.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 46942 [Dan Poirier <poirier pobox.com>]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_alias: check sanity in Redirect arguments.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein defined session identifiers encoded in the URL when caching.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews [Ruediger Pluem]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_rewrite: Fix the error string returned by RewriteRule.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews argument of RewriteRule was not started with "[" or not ended with "]".
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) Windows: Fix usage message.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User [Rainer Jung]
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User *) apachectl: When passing through arguments to httpd in
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User non-SysV mode, use the "$@" syntax to preserve arguments.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews [Eric Covener]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein be run when a connection is opened. PR 46827
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Marko Kevac <mkevac gmail.com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 47037. [Jeff Trawick]
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein protocol. [Mladen Turk]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy_ajp: Forward remote port information by default.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Allow MPMs to be loaded dynamically, as with most other modules. Use
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein --enable-mpms-shared={list|"all"} to enable. This required changes to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User called until after the register-hooks phase. [Jeff Trawick]
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to enable stricter checking of remote server certificates.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Ruediger Pluem]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein returns EINPROGRESS and a subsequent poll() returns only POLLERR.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Observed on HP-UX. [Eric Covener]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Remove broken support for BeOS, OS/2, TPF, and even older platforms such
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein as A/UX, Next, and Tandem. [Jeff Trawick]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein globbing characters to be retrieved instead of converted into a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of module state across unload/load. [Jeff Trawick]
1ca759b3f5c0672b2a66bc02288fe010cabbfe37Tinderbox User *) mod_substitute: Fix a memory leak. PR 44948
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Dan Poirier <poirier pobox.com>]
[Geoff Keating <geoffk apple.com>]
with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
a media type has not been configured via mime.types, AddType,
[Ryan Phillips <ryan-apache trolocsis.com>]
[<tlhackque yahoo.com>]
*) prefork: Fix child process hang during graceful restart/stop in
*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
times out before returning status line/headers.
PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
[Theo Schlossnagle <jesus omniti.com>, Paul Querna]
modules/proxy/balancers [Jim Jagielski]
privileges and Unix user/group IDs [Nick Kew]
logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
*) unixd: turn existing code into a module, and turn the set user/group
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
*) Export and install the mod_rewrite.h header to ensure the optional
*) New module mod_sed: filter Request/Response bodies through sed
null value. [David Shane Holden <dpejesh apache.org>]
*) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
*) configure: Don't reject libtool 2.x
overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
PR 44799 [Christian Wenz <christian wenz.org>]
both inside and outside the location/directory sections, as
form request with the type of application/x-www-form-urlencoded.
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
can be created with test/make_sni.sh [Dirk-Willem van Gulik].
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
[David Jones <oscaremma gmail.com>]
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Stijn Hoop <stijn sandcat.nl>]
[Niklas Edmundsson <nikke acc.umu.se>]
final name. [Davi Arnaut <davi haxent.com.br>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later:
Changes with Apache 1.3.x and later: