1N/A -*- coding: utf-8 -*-
1N/AChanges with Apache 2.3.0
1N/A[ When backported to
2.2.x, remove entry from this file ]
1N/A *) mod_auth_form: Make sure the logged in user is populated correctly
1N/A after a form login. Fixes a missing REMOTE_USER variable directly
1N/A following a login. [Graham Leggett]
1N/A *) mod_session_cookie: Make sure that cookie attributes are correctly
1N/A included in the blank cookie when cookies are removed. This fixes an
1N/A inability to log out when using mod_auth_form. [Graham Leggett]
1N/A *) mod_autoindex: add configuration option to insert string
1N/A in HTML HEAD. [Nick Kew]
1N/A *) mod_ssl: implement dynamic mutex callbacks for the benefit of
1N/A OpenSSL. [Sander Temme]
1N/A *) mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to
1N/A avoid reusing pooled connections if the client connection is an initial
1N/A connection. PR 37770. [Ruediger Pluem]
1N/A *) mod_proxy: Add connectiontimeout parameter for proxy workers in order to
1N/A be able to set the timeout for connecting to the backend separately.
1N/A *) mod_auth_core: Detect during startup when AuthDigestProvider
1N/A is configured to use an incompatible provider via AuthnProviderAlias.
1N/A PR 45196 [Eric Covener]
1N/A *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
1N/A *) mod_headers: Prevent Header edit from processing only the first header
1N/A of possibly multiple headers with the same name and deleting the
1N/A remaining ones. PR 45333. [Ruediger Pluem]
1N/A *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
1N/A *) core, authn/z: Determine registered authn/z providers directly in
1N/A ap_setup_auth_internal(), which allows optional functions that just
1N/A wrapped ap_list_provider_names() to be removed from authn/z modules.
1N/A *) authn/z: Convert common provider version strings to macros.
1N/A *) ab: Make
ab.c compile on VC6. PR 45024 [Ruediger Pluem]
1N/A *) configure: Don't reject libtool
2.x 1N/A *) core: When testing for slash-terminated configuration paths in
1N/A ap_location_walk(), don't look past the start of an empty string
1N/A such as that created by a <Location ""> directive.
1N/A *) core, mod_proxy: If a kept_body is present, it becomes safe for
1N/A subrequests to support message bodies. Make sure that safety
1N/A checks within the core and within the proxy are not triggered
1N/A when kept_body is present. This makes it possible to embed
1N/A proxied POST requests within mod_include. [Graham Leggett]
1N/A *) mod_auth_form: Make sure the input filter stack is properly set
1N/A up before reading the login form. Make sure the kept body filter
1N/A is correctly inserted to ensure the body can be read a second
1N/A time safely should the authn be successful. [Graham Leggett,
1N/A *) mod_request: Insert the KEPT_BODY filter via the insert_filter
1N/A hook instead of during fixups. Add a safety check to ensure the
1N/A filters cannot be inserted more than once. [Graham Leggett,
1N/A *) core: Do not allow Options ALL if not all options are allowed to be
1N/A overwritten. PR 44262 [Michał Grzędzicki <lazy
iq.pl>]
1N/A *) ap_cache_cacheable_headers_out() will (now) always
1N/A merge an error heaeders _before_ clearing them and _before_
1N/A merging in the actual entity headers and doing normal
1N/A hop-by-hop cleansing. [Dirk-Willem van Gulik].
1N/A *) cache: retire ap_cache_cacheable_hdrs_out() which was used
1N/A for both in- and out-put headers; and replace it by a single
1N/A ap_cache_cacheable_headers() wrapped in a in- and out-put
1N/A specific ap_cache_cacheable_headers_in()/out(). The latter
1N/A which will also merge error and ensure content-type. To keep
1N/A cache modules consistent with ease. This API change bumps
1N/A up the minor MM by one [Dirk-Willem van Gulik].
1N/A *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
1N/A *) Move the KeptBodySize directive, kept_body filters and the
1N/A ap_parse_request_body function out of the http module and into a
1N/A new module called mod_request, reducing the size of the core.
1N/A *) mod_dbd: Handle integer configuration directive parameters with a
1N/A *) Change the directives within the mod_session* modules to be valid
1N/A suggested by wrowe. [Graham Leggett]
1N/A *) mod_auth_form: Add a module capable of allowing end users to log
1N/A in using an HTML form, storing the credentials within mod_session.
1N/A *) Add a function to the http filters that is able to parse an HTML
1N/A *) mod_session_crypto: Initialise SSL in the post config hook.
1N/A [Ruediger Pluem, Graham Leggett]
1N/A *) mod_session_dbd: Add a session implementation capable of storing
1N/A session information in a SQL database via the dbd interface. Useful
1N/A for sites where session privacy is important. [Graham Leggett]
1N/A *) mod_session_crypto: Add a session encoding implementation capable
1N/A of encrypting and decrypting sessions wherever they may be stored.
1N/A Introduces a level of privacy when sessions are stored on the
1N/A browser. [Graham Leggett]
1N/A *) mod_session_cookie: Add a session implementation capable of storing
1N/A session information within cookies on the browser. Useful for high
1N/A volume sites where server bound sessions are too resource intensive.
1N/A *) mod_session: Add a generic session interface to unify the different
1N/A attempts at saving persistent sessions across requests.
1N/A *) core, authn/z: Avoid calling access control hooks for internal requests
1N/A with configurations which match those of initial request. Revert to
1N/A original behaviour (call access control hooks for internal requests
1N/A with URIs different from initial request) if any access control hooks or
1N/A providers are not registered as permitting this optimization.
1N/A Introduce wrappers for access control hook and provider registration
1N/A which can accept additional mode and flag data. [Chris Darroch]
1N/A *) Introduced ap_expr API for expression evaluation.
1N/A This is adapted from mod_include, which is the first module
1N/A AuthzDBDRedirectQuery, do not report authorization failure, and use
1N/A first row returned by database query instead of last row.
1N/A *) mod_ldap: Correctly return all requested attribute values
1N/A when some attributes have a null value.
1N/A *) core: check symlink ownership if both FollowSymlinks and
1N/A SymlinksIfOwnerMatch are set [Nick Kew]
1N/A *) core: fix origin checking in SymlinksIfOwnerMatch
1N/A *) Activate mod_cache, mod_file_cache and mod_disc_cache as part of the
1N/A 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
1N/A mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
1N/A contain public function declarations which are useful for
1N/A third party module authors. PR 42431 [Dirk-Willem van Gulik].
1N/A *) mod_dir, mod_negotiation: pass the output filter information
1N/A to newly created sub requests; as these are later on used
1N/A as true requests with an internal redirect. This allows for
1N/A mod_cache
et.al. to trap the results of the redirect.
1N/A [Dirk-Willem van Gulik, Ruediger Pluem]
1N/A *) mod_ldap: Add support (taking advantage of the new APR capability)
1N/A for ldap rebind callback while chasing referrals. This allows direct
1N/A searches on LDAP servers (in particular MS Active Directory 2003+)
1N/A using referrals without the use of the global catalog.
1N/A PRs 26538, 40268, and 42557 [Paul J. Reder]
1N/A *) Support chroot on Unix-family platforms
1N/A *) mod_ssl: Added server name indication support (SNI, RFC 4366).
1N/A PR 34607. [Kaspar Brand <asfbugz
velox.ch>]. A test configuration
1N/A installer. This will permit the installation tool to remove
1N/A all running instances before attempting to remove the .exe.
1N/A *) mod_ssl: Add support for OCSP validation of client certificates.
1N/A *) mod_serf: New module for Reverse Proxying. [Paul Querna]
1N/A *) core: Add the option to keep aside a request body up to a certain
1N/A size that would otherwise be discarded, to be consumed by filters
1N/A such as mod_include. When enabled for a directory, POST requests
1N/A to shtml files can be passed through to embedded scripts as POST
1N/A requests, rather being downgraded to GET requests. [Graham Leggett]
1N/A *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
1N/A *) scoreboard: Correctly declare ap_time_process_request.
1N/A *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
1N/A from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
1N/A provide the unusual legacy lookup. [William Rowe]
1N/A *) mpm winnt: fix null pointer dereference
1N/A PR 42572 [Davi Arnaut]
1N/A *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
1N/A parameters to the environment. Improve portability to
1N/A EBCDIC machines by using apr_toupper(). [Martin Kraemer]
1N/A *) mod_ldap, mod_authnzldap: Add support for nested groups (
i.e. the ability
1N/A to authorize an authenticated user via a "require ldap-group X" directive
1N/A where the user is not in group X, but is in a subgroup contained in X.
1N/A PR 42891 [Paul J. Reder]
1N/A *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
1N/A *) mod_ldap: Fix the search limit parameter to ldap_search_ext_s()
1N/A for SDKs that define LDAP_NO_LIMIT to something other than -1.
1N/A *) apxs: Enhance -q flag to print all known variables and their values
1N/A when invoked without variable name(s).
1N/A [William Rowe, Sander Temme]
1N/A *) apxs: Eliminate run-time check for mod_so. PR 40653.
1N/A *) beos MPM: Create pmain pool and run modules' child_init hooks when
1N/A entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
1N/A *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
1N/A cleanups registered in modules' child_init hooks are performed.
1N/A *) mod_dbd: Stash DBD connections in request_config of initial request
1N/A only, or else sub-requests and internal redirections may cause
1N/A entire DBD pool to be stashed in a single HTTP request. [Chris Darroch]
1N/A *) Fix issue which could cause error messages to be written to access logs
1N/A *) The LockFile directive, which specifies the location of
1N/A the accept() mutex lockfile, is deprecated. Instead, the
1N/A AcceptMutex directive now takes an optional lockfile
1N/A location parameter, ala SSLMutex. [Jim Jagielski]
1N/A *) mod_authn_dbd: Export any additional columns queried in the SQL select
1N/A into the environment with the name AUTHENTICATE_<COLUMN>. This brings
1N/A mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
1N/A *) mod_dbd: Key the storage of prepared statements on the hex string
1N/A value of server_rec, rather than the server name, as the server name
1N/A may change (eg when the server name is set) at any time, causing
1N/A weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
1N/A *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
1N/A *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
1N/A the first bucket from the brigade, finds it not to be a FILE
1N/A bucket and barfs. The fix is to pass a bucket rather than a brigade.
1N/A *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
1N/A *) ap_get_server_version() has been removed. Third-party modules must
1N/A now use ap_get_server_banner() or ap_get_server_description().
1N/A *) All MPMs: Introduce a check_config phase between pre_config and
1N/A open_logs, to allow modules to review interdependent configuration
1N/A directive values and adjust them while messages can still be logged
1N/A to the console. Handle relevant MPM directives during this phase
1N/A and format messages for both the console and the error log, as
1N/A appropriate. [Chris Darroch]
1N/A *) mod_proxy: don't URLencode tilde in path component
1N/A *) mpm_winnt: Fix return values from wait_for_many_objects.
1N/A The return value is index to the signaled thread in the
1N/A creted_threads array. We can not use WAIT_TIMEOUT because
1N/A his value is defined as 258, thus limiting the MaxThreads
1N/A to that value. [Mladen Turk]
1N/A *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
1N/A to circumvent the symbolic link checks imposed by FollowSymLinks and
1N/A SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
1N/A *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
1N/A configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
1N/A The default is none as this is far greater debugging resolution than
1N/A the typical administrator is prepared to untangle. [William Rowe]
1N/A *) mod_disk_cache: If possible, check if the size of an object to cache is
1N/A within the configured boundaries before actually saving data.
1N/A *) mod_cache: Convert all values to seconds before comparing them when
1N/A checking whether to send a Warning header for a stale response.
1N/A *) mod_disk_cache: Delete temporary files if they cannot be renamed to their
1N/A *) Worker and event MPMs: Remove improper scoreboard updates which were
1N/A performed in the event of a fork() failure. [Chris Darroch]
1N/A *) Add support for fcgi:// proxies to mod_rewrite.
1N/A loading of worker_score structure with mod_status, and remove unused
1N/A definitions relating to old life_status field.
1N/A *) Remove allocation of memory for unused array of lb_score pointers
1N/A *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
1N/A [Garrett Rooney, Jim Jagielski, Paul Querna]
1N/A *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
1N/A *) mod_charset_lite: Remove Content-Length when output filter can
1N/A invalidate it. Warn when input filter can invalidate it.
1N/A *) Authz: Add the new module mod_authn_core that will provide common
1N/A authn directives such as 'AuthType', 'AuthName'. Move the directives
1N/A 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
1N/A into mod_authn_core. [Brad Nicholes]
1N/A *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
1N/A into the new module mod_access_compat which can be loaded to provide
1N/A support for these directives.
1N/A *) Authz: Move the 'Require' directive from the core module as well as
1N/A add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
1N/A and 'Reject' to mod_authz_core. The new directives introduce '
AND/OR'
1N/A logic into the authorization processing. [Brad Nicholes]
1N/A *) Authz: Add the new module mod_authz_core which acts as the
1N/A authorization provider vector and contains common authz
1N/A directives. [Brad Nicholes]
1N/A *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
1N/A 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
1N/A *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
1N/A host-based access control provided by mod_authz_host and invoked
1N/A through the 'Require' directive. [Brad Nicholes]
1N/A *) Authz: Convert all of the authz modules from hook based to
1N/A provider based. [Brad Nicholes]
1N/A *) mod_cache: Add CacheMinExpire directive to set the minimum time in
1N/A seconds to cache a document.
1N/A *) Fix typo in ProxyStatus syntax error message.
1N/A *) Asynchronous write completion for the Event MPM. [Brian Pane]
1N/A *) Added an End-Of-Request bucket type. The logging of a request and
1N/A the freeing of its pool are now done when the EOR bucket is destroyed.
1N/A This has the effect of delaying the logging until right after the last
1N/A of the response is sent; ap_core_output_filter() calls the access logger
1N/A indirectly when it destroys the EOR bucket. [Brian Pane]
1N/A *) Rewrite of logresolve support utility: IPv6 addresses are now supported
1N/A and the format of statistical output has changed. [Colm MacCarthaigh]
1N/A *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
1N/A *) Added new connection states for handler and write completion
1N/A *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
1N/A *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
1N/A allowing string-valued client certificate attributes to be used for
1N/A access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
1N/A [Martin Kraemer, David Reid]
1N/A [Apache 2.1.0-dev includes those bug fixes and changes with the
1N/A Apache
2.2.xx tree as documented, and except as noted, below.]