CHANGES revision 72709d60c290ddc1f60fe2c78ab67b7954e9230d
842ae4bd224140319ae7feec1872b93dfd491143fielding -*- coding: utf-8 -*-
842ae4bd224140319ae7feec1872b93dfd491143fieldingChanges with Apache 2.5.0
842ae4bd224140319ae7feec1872b93dfd491143fielding *) SECURITY: CVE-2012-2687 (cve.mitre.org)
842ae4bd224140319ae7feec1872b93dfd491143fielding mod_negotiation: Escape filenames in variant list to prevent an
842ae4bd224140319ae7feec1872b93dfd491143fielding possible XSS for a site where untrusted users can upload files to
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd *) mod_ssl: Add RFC 5878 support. [Ben Laurie]
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd *) mod_authz_core: If an expression in "Require expr" returns denied and
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd references %{REMOTE_USER}, trigger authentication and retry. PR 52892.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding [Stefan Fritsch]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mod_lua: Add new directive LuaAuthzProvider to allow implementing an
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding authorization provider in lua. [Stefan Fritsch]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mod_lua: Add a few missing request_rec fields. Rename remote_ip to
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding client_ip to match conn_rec. [Stefan Fritsch]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mod_lua: Change prototype of vm_construct, to work around gcc bug which
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding causes a segfault. PR 52779. [Dick Snippe <Dick Snippe tech omroep nl>]
1b21d7b3d97def358b2e923655edeb16613a1c31gstein *) mod_lua: Add the parsebody function for parsing POST data. PR 53064.
1b21d7b3d97def358b2e923655edeb16613a1c31gstein [Daniel Gruno]
1b21d7b3d97def358b2e923655edeb16613a1c31gstein *) mod_ssl: If exiting during initialization because of a fatal error,
1b21d7b3d97def358b2e923655edeb16613a1c31gstein log a message to the main error log pointing to the appropriate
2d71630471d1c23f0137309e3c3957c633ecbfd6rbb virtual host error log. [Stefan Fritsch]
449efc4dc68e42cc4421d15498a689618aab5dc3coar *) mod_ldap: Treat the "server unavailable" condition as a transient
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]
a877b7d5d03f91d6c93076d9ccf14469c70c648dcoar *) mod_ssl: Add support for TLS-SRP (Secure Remote Password key exchange
1b21d7b3d97def358b2e923655edeb16613a1c31gstein for TLS, RFC 5054). PR 51075. [Quinn Slack <sqs cs stanford edu>,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding Christophe Renou, Peter Sylvester]
a7ad08f37d876bde1a32f0cf793f4799536ab1a5ben *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
a7ad08f37d876bde1a32f0cf793f4799536ab1a5ben [Paul Wouters <pwouters redhat.com>, Joe Orton]
ef5650b61a8e35f3cc93ec07e73efc17ea329894jorton *) mod_ssl: Add new directive SSLCompression to disable TLS-level
076ae4ad21f0b3f25e2feabd9886b9500929eb2ejerenkrantz compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) core: Make ap_regcomp() return AP_REG_ESPACE if out of memory. Make
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding ap_pregcomp() abort if out of memory. This raises the minimum PCRE
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm requirement to version 6.0. PR 53284. [Stefan Fritsch]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) apxs: Use LDFLAGS from config_vars.mk in addition to CFLAGS and CPPFLAGS.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding [Stefan Fritsch]
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm *) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) suexec: Add --enable-suexec-capabilites support on Linux, to use
3d96ee83babeec32482c9082c9426340cee8c44dwrowe setuid/setgid capability bits rather than a setuid root binary.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding [Joe Orton]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) suexec: Add support for logging to syslog as an alternative to logging
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding to a file; configure --without-suexec-logfile --with-suexec-syslog.
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm [Joe Orton]
066877f1a045103acfdd376d48cdd473c33f409bdougm *) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on
066877f1a045103acfdd376d48cdd473c33f409bdougm one connection. PR 52275. [Naohiro Ooiwa <naohiro ooiwa miraclelinux com>]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding forwarding to SSL backends. PR 53134.
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210.
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm [Matthew Steele <mdsteele google.com>]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mod_so: If a filename without slashes is specified for LoadFile or
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding LoadModule and the file cannot be found in the server root directory,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding try to use the standard dlopen() search path. [Stefan Fritsch]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) various modules, rotatelogs: Replace use of apr_file_write() with
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding apr_file_write_full() to prevent incomplete writes. PR 53131.
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm [Nicolas Viennot <apache viennot biz>, Stefan Fritsch]
076ae4ad21f0b3f25e2feabd9886b9500929eb2ejerenkrantz *) cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding be compiled by the build compiler instead of the host compiler.
066877f1a045103acfdd376d48cdd473c33f409bdougm Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected.
066877f1a045103acfdd376d48cdd473c33f409bdougm PR 51257. [Guenter Knauf]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding PR 53048. [Stefan Fritsch]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) core: Fix error handling in ap_scan_script_header_err_brigade() if there
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding is no EOS bucket in the brigade. Fixes segfault with mod_proxy_fcgi.
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm PR 48272. [Stefan Fritsch]
076ae4ad21f0b3f25e2feabd9886b9500929eb2ejerenkrantz *) mod_proxy_fcgi: If there is an error reading the headers from the
066877f1a045103acfdd376d48cdd473c33f409bdougm backend, send an error to the client. PR 52879. [Stefan Fritsch]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mod_rewrite: Fix RewriteCond integer checks to be parsed correctly.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding PR 53023. [Axel Reinhold <apache freakout.de>, André Malo]
4d7e28c869788fb00bffda29a67f1b10e19f159dnd *) Fix MPM DSO load failure on AIX. [Jeff Trawick]
a7ad08f37d876bde1a32f0cf793f4799536ab1a5ben *) core: Add the port number to the vhost's name in the scoreboard.
36d38d22e0d385db01f5773a579f44b8f02e4b1fsf [Stefan Fritsch]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mpm_event: Don't do a blocking write when starting a lingering close
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding from the listener thread. PR 52229. [Stefan Fritsch]
a6b9ed64fdf548c61de9714e2cfb999ec59d149cgstein *) core: In maintainer mode, replace apr_palloc with a version that
066877f1a045103acfdd376d48cdd473c33f409bdougm initializes the allocated memory with non-zero values, except if
4d7e28c869788fb00bffda29a67f1b10e19f159dnd AP_DEBUG_NO_ALLOC_POISON is defined. [Stefan Fritsch]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mod_authnz_ldap: Don't try a potentially expensive nested groups
36d38d22e0d385db01f5773a579f44b8f02e4b1fsf search before exhausting all AuthLDAPGroupAttribute checks on the
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding current group. PR52464 [Eric Covener]
36d38d22e0d385db01f5773a579f44b8f02e4b1fsf *) mod_policy: Add a new testing module to help server administrators
076ae4ad21f0b3f25e2feabd9886b9500929eb2ejerenkrantz enforce a configurable level of protocol compliance on their
076ae4ad21f0b3f25e2feabd9886b9500929eb2ejerenkrantz servers and application servers behind theirs. [Graham Leggett]
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mod_firehose: Add a new debugging module able to record traffic
9bf4319b4fc7b31295b945215a55e2a92ba57903wrowe passing through the server in such a way that connections and/or
9bf4319b4fc7b31295b945215a55e2a92ba57903wrowe requests be reconstructed and replayed. [Graham Leggett]
9bf4319b4fc7b31295b945215a55e2a92ba57903wrowe *) mod_noloris
9bf4319b4fc7b31295b945215a55e2a92ba57903wrowe *) Simple MPM
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *) mod_serf
4d7e28c869788fb00bffda29a67f1b10e19f159dnd [Apache 2.5.0-dev includes those bug fixes and changes with the
4d7e28c869788fb00bffda29a67f1b10e19f159dnd Apache 2.4.xx tree as documented below, except as noted.]
4d7e28c869788fb00bffda29a67f1b10e19f159dndChanges with Apache 2.4.x and later:
36d38d22e0d385db01f5773a579f44b8f02e4b1fsf *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup
36d38d22e0d385db01f5773a579f44b8f02e4b1fsfChanges with Apache 2.2.x and later:
4d7e28c869788fb00bffda29a67f1b10e19f159dnd *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
1f0ca94141196628ecadf1a91f2b60a33349872fndChanges with Apache 2.0.x and later: