CHANGES revision 75f5c2db254c0167a0e396254460de09b775d203
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj -*- coding: utf-8 -*-
1c6fb1e726ce22694de0e9a957adb67b929e5d4fstoddardChanges with Apache 2.5.0
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) Add module mod_ssl_ct, which provides an implementation of Certificate
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj Transparency (RFC 6962) for httpd. [Jeff Trawick]
09bd86d0db1114ee23eda0a6eb76ca055877a1cftrawick *) mod_cache: Fix AH00784 errors on Windows when the the CacheLock directive
2deb319e6b3de239f45c16a3e9e836d44f1f7108rbb is enabled. [Eric Covener]
70f6f32765cfaadd6da8de6f0fea97ddd72d8fadmanoj *) mod_proxy: Preserve original request headers even if they differ
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj from the ones to be forwarded to the backend. PR 45387.
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj [Yann Ylavic]
1c6fb1e726ce22694de0e9a957adb67b929e5d4fstoddard *) mod_proxy: When ping/pong is configured for a worker, don't send or
91a71946d0fb28c0866139edef3dd59f36ba5b9cstoddard forward "100 Continue" (interim) response to the client if it does
91a71946d0fb28c0866139edef3dd59f36ba5b9cstoddard not expect one. [Yann Ylavic]
91a71946d0fb28c0866139edef3dd59f36ba5b9cstoddard *) mod_remoteip: Prevent an external proxy from presenting an internal
91a71946d0fb28c0866139edef3dd59f36ba5b9cstoddard proxy. PR 55962. [Mike Rumph]
369edcdd0a9c5516c61e736ec2a6fc8fb0d92fe2manoj *) mod_ssl: Add hooks to allow other modules to perform processing at
369edcdd0a9c5516c61e736ec2a6fc8fb0d92fe2manoj several stages of initialization and connection handling. See
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj mod_ssl_openssl.h. [Jeff Trawick]
85cbdc16ac57fa68ce1358a308269abcd417f4d9stoddard *) mod_proxy_wstunnel: Avoid sending error responses down an upgraded
85cbdc16ac57fa68ce1358a308269abcd417f4d9stoddard websockets connection as it is being close down. [Eric Covener]
d208bda4a893cc81ed5d3ed1cdd7d706e012bd42stoddard *) mod_proxy_wstunnel: Allow the administrator to cap the amount
d208bda4a893cc81ed5d3ed1cdd7d706e012bd42stoddard of time a synchronous websockets connection stays idle with
d208bda4a893cc81ed5d3ed1cdd7d706e012bd42stoddard ProxyWebsocketIdleTimeout. [Eric Covener]
10b386767f6c87b45937244371cb751f0b454d16wrowe *) mod_proxy_wstunnel: Change to opt-in for asynchronous support, adding
75960f20f88dad6bc67892c711c429946063d133stoddard directives ProxyWebsocketAsync and ProxyWebsocketAsyncDelay.
75960f20f88dad6bc67892c711c429946063d133stoddard [Eric Covener]
75960f20f88dad6bc67892c711c429946063d133stoddard *) mod_proxy_wstunnel: Stop leaking websockets backend connections under
75960f20f88dad6bc67892c711c429946063d133stoddard event MPM (trunk-only). [Eric Covener]
75960f20f88dad6bc67892c711c429946063d133stoddard *) mod_proxy_wstunnel: Don't issue AH02447 and log a 500 on routine
10b386767f6c87b45937244371cb751f0b454d16wrowe hangups from websockets origin servers. PR 56299
10b386767f6c87b45937244371cb751f0b454d16wrowe [Yann Ylavic, Edward Lu <Chaosed0 gmail com>, Eric Covener]
10b386767f6c87b45937244371cb751f0b454d16wrowe *) mod_proxy_wstunnel: Don't pool backend websockets connections,
10b386767f6c87b45937244371cb751f0b454d16wrowe because we need to handshake every time. PR 55890.
10b386767f6c87b45937244371cb751f0b454d16wrowe [Eric Covener]
10b386767f6c87b45937244371cb751f0b454d16wrowe *) mod_proxy_http: Add detach_backend hook (potentially usable
10b386767f6c87b45937244371cb751f0b454d16wrowe in other proxy scheme handlers). [Jeff Trawick]
10b386767f6c87b45937244371cb751f0b454d16wrowe *) mod_deflate: Add DeflateAlterETag to control how the ETag
a9e07e4f90adcc7bc768db3055431c3dcd560cd1manoj is modified. The 'NoChange' parameter mimics 2.2.x behavior.
f6a6245816cd866361da8c576b1f47c7a54b6610fanf PR 45023, PR 39727. [Eric Covener]
97b758d0b174d7b7c5a1de1a583f5840ec3fc910trawick *) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to
db3ccce11afac4fc1d4f51a65424412f7480c46cgstein allow spaces in backreferences to be encoded as %20 instead of '+'.
641cb23141f2238ed09e3b9fa79189225f8a2bcbrbb [Eric Covener]
641cb23141f2238ed09e3b9fa79189225f8a2bcbrbb *) mod_expires: don't add Expires header to error responses (4xx/5xx),
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj be they generated or forwarded. PR 55669. [ Yann Ylavic ]
1c6fb1e726ce22694de0e9a957adb67b929e5d4fstoddard *) mod_rewrite: Support an optional list of characters to escape in the
1c6fb1e726ce22694de0e9a957adb67b929e5d4fstoddard argument for the 'B' (escape backreferences) flag. [Eric Covener]
1c6fb1e726ce22694de0e9a957adb67b929e5d4fstoddard *) mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
8bed76428f56e5c643174a2d6807c3f18016af5cbjh OCSP requests should use a nonce to be checked against the responder's
8bed76428f56e5c643174a2d6807c3f18016af5cbjh one. PR 56233. [ Yann Ylavic ]
8bed76428f56e5c643174a2d6807c3f18016af5cbjh *) mod_dir: Default to 2.2-like behavior and skip execution when method is
8bed76428f56e5c643174a2d6807c3f18016af5cbjh neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch]
cfc020d6d6fc9b31d8945915e65a8787a796eb73stoddard *) mod_rewrite: Rename the handler that does per-directory internal
cfc020d6d6fc9b31d8945915e65a8787a796eb73stoddard redirects to "rewrite-redirect-handler" from "redirect-handler" so
2aae6faee508221efbeaba5547ca79b7a20ef047stoddard it is less ambiguous and less likely to be reused. [Eric Covener]
10b386767f6c87b45937244371cb751f0b454d16wrowe *) mod_rewrite: Protect against looping with the [N] flag by enforcing a
10b386767f6c87b45937244371cb751f0b454d16wrowe default limit of 10000 iterations, and allowing each rule to change its
10b386767f6c87b45937244371cb751f0b454d16wrowe limit. [Eric Covener]
10b386767f6c87b45937244371cb751f0b454d16wrowe *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
10b386767f6c87b45937244371cb751f0b454d16wrowe [Jeff Trawick]
10b386767f6c87b45937244371cb751f0b454d16wrowe *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
75960f20f88dad6bc67892c711c429946063d133stoddard [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
a5ed555df952c85bc1b179f5981e8a6c54ba16e6stoddard *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
a5ed555df952c85bc1b179f5981e8a6c54ba16e6stoddard 5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]
a5ed555df952c85bc1b179f5981e8a6c54ba16e6stoddard *) mod_auth_form: Add a debug message when the fields on a form are not
56ca30c968906053ae61acb218420667bb58d996rbb recognised. [Graham Leggett]
56ca30c968906053ae61acb218420667bb58d996rbb *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
56ca30c968906053ae61acb218420667bb58d996rbb configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
70f6f32765cfaadd6da8de6f0fea97ddd72d8fadmanoj [Jan Kaluza]
70f6f32765cfaadd6da8de6f0fea97ddd72d8fadmanoj *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl
56ca30c968906053ae61acb218420667bb58d996rbb to support write completion. [Graham Leggett]
0bff2f28ef945280c17099c142126178a78e1e54manoj *) core: Add parse_errorlog_arg callback to ap_errorlog_provider
0bff2f28ef945280c17099c142126178a78e1e54manoj to allow providers to check the ErrorLog argument. [Jan Kaluza]
1e585ba09ea32272e63c4c39c35491e975d21d98stoddard *) mod_cgid: Use the servers Timeout for each read from a CGI script,
1e585ba09ea32272e63c4c39c35491e975d21d98stoddard allow override with new CGIDRequestTimeout directive. PR43494
1e585ba09ea32272e63c4c39c35491e975d21d98stoddard [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>]
1e585ba09ea32272e63c4c39c35491e975d21d98stoddard *) core: Add missing Reason-Phrase in HTTP response headers.
0bff2f28ef945280c17099c142126178a78e1e54manoj PR 54946. [Rainer Jung]
0bff2f28ef945280c17099c142126178a78e1e54manoj *) core: ensure any abnormal exit is reported to stderr if it's a tty.
9c09943bad734ebd5c7cc10bd6d63b75c4c6e056stoddard PR 55670 [Nick Kew]
f03d292915be9977eaf74e9be7b0404aec226f84manoj *) mod_lua: Let the Inter-VM get/set functions work with a global
aa1faea36e4ae357bc603a2337b6adc54f5daec1manoj shared memory pool instead of a per-process pool. [Daniel Gruno]
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) ldap: Support ldaps when using the Microsoft LDAP SDK.
302dc1f7b3feee23a91ad8f3cf3cb2edd95a557bmanoj PR 54626. [Jean-Frederic Clere]
302dc1f7b3feee23a91ad8f3cf3cb2edd95a557bmanoj *) mod_proxy: Add ap_connection_reusable() for checking if a connection
302dc1f7b3feee23a91ad8f3cf3cb2edd95a557bmanoj is reusable as of this point in processing. [Jeff Trawick]
ff849e4163ed879288f0df15f78b6c9d278ec804fanf *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0
9805ac88e1befa6dea11d8513023f150d8f8e807fanf to avoid performance problems when subgroups aren't in use. [Eric Covener]
9805ac88e1befa6dea11d8513023f150d8f8e807fanf *) mod_syslog: New module implementing syslog ap_error_log provider.
9805ac88e1befa6dea11d8513023f150d8f8e807fanf Previously, this code was part of core, now it's in separate module.
df4a7c143b27b489dd2d865bb3f6668c8420b3a9fanf [Jan Kaluza]
c03566fa0156d3a1500a42e4fe539e3e0fc8a11dgstein *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move
c03566fa0156d3a1500a42e4fe539e3e0fc8a11dgstein syslog support from core to new mod_syslog. [Jan Kaluza]
c03566fa0156d3a1500a42e4fe539e3e0fc8a11dgstein *) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
c03566fa0156d3a1500a42e4fe539e3e0fc8a11dgstein save the socket for reuse by the next worker as if it were an
c03566fa0156d3a1500a42e4fe539e3e0fc8a11dgstein APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]
1e088f9182ba67f39713fcb850e11934be5f6d17gstein *) mod_status, mod_echo: Fix the display of client addresses.
dd4713dc5b186f4d1be7b88f86608fdb84cbe5d5gstein They were truncated to 31 characters which is not enough for IPv6 addresses.
dd4713dc5b186f4d1be7b88f86608fdb84cbe5d5gstein PR 54848 [Bernhard Schmidt <berni birkenwald de>]
0eb7ca6cf812d98c534661ac474e873a32bf6325gstein *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
dd4713dc5b186f4d1be7b88f86608fdb84cbe5d5gstein [Jeff Trawick]
8d07897b52e3b7055874501f8a499e75800db206gstein *) mod_unique_id: Use output of the PRNG rather than IP address and
db3ccce11afac4fc1d4f51a65424412f7480c46cgstein pid, avoiding sleep() call and possible DNS issues at startup,
93c5cba06b623ebe8e4372e886eece12d9a80c3egstein plus improving randomness for IPv6-only hosts.
93c5cba06b623ebe8e4372e886eece12d9a80c3egstein [Jan Kaluza <jkaluza redhat.com>]
93c5cba06b623ebe8e4372e886eece12d9a80c3egstein *) mod_authnz_ldap: Support primitive LDAP servers that do not accept
93c5cba06b623ebe8e4372e886eece12d9a80c3egstein filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
93c5cba06b623ebe8e4372e886eece12d9a80c3egstein filter "none" to be specified in AuthLDAPURL. [Eric Covener]
93c5cba06b623ebe8e4372e886eece12d9a80c3egstein *) mod_file_cache: mod_file_cache should be able to serve files that
be386cf0beed1c3331e47f0736d92b9744a21f3agstein haven't had a Content-Type set via e.g. mod_mime. [Eric Covener]
be386cf0beed1c3331e47f0736d92b9744a21f3agstein *) core: merge AllowEncodedSlashes from the base configuration into
14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein virtual hosts. [Eric Covener]
14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein *) AIX: Install DSO's with "cp" instead of "install" in instdso.sh
14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein [Eric Covener]
14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein *) mod_ldap: Don't keep retrying if a new LDAP connection times out.
eb3def494ba5580320dfe1dd47b4d8b05519cb74gstein [Eric Covener]
eb3def494ba5580320dfe1dd47b4d8b05519cb74gstein *) mod_deflate: permit compilation of mod_deflate against a zlib that has
eb3def494ba5580320dfe1dd47b4d8b05519cb74gstein been configured with -D Z_PREFIX, which redefines the token "deflate".
eb3def494ba5580320dfe1dd47b4d8b05519cb74gstein [Eric Covener]
1e088f9182ba67f39713fcb850e11934be5f6d17gstein *) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
c695093c99519a8509ac85642e35c216e9d9186fgstein previously limited to 64MB. [Jens Låås <jelaas gmail.com>]
c695093c99519a8509ac85642e35c216e9d9186fgstein *) mod_auth_digest: Use the secret when generating nonces in all cases and
8d07897b52e3b7055874501f8a499e75800db206gstein not only when AuthName is used in .htaccess files (this change may cause
6d886ec2d5055dd5da4cbf0e84d55b807ea1058agstein problems if used with round robin load balancers). Don't regenerate the
6d886ec2d5055dd5da4cbf0e84d55b807ea1058agstein secret on graceful restarts. PR 54637 [Stefan Fritsch]
6d886ec2d5055dd5da4cbf0e84d55b807ea1058agstein *) core: Remove apr_brigade_flatten(), buffering and duplicated code
e1c3000228ddea532093e3a5ca1cdaa7353471begstein from the HTTP_IN filter, parse chunks in a single pass with zero copy.
e1c3000228ddea532093e3a5ca1cdaa7353471begstein Reduce memory usage by 48 bytes per request. [Graham Leggett]
e1c3000228ddea532093e3a5ca1cdaa7353471begstein *) core: Stop the HTTP_IN filter from attempting to write error buckets
e1c3000228ddea532093e3a5ca1cdaa7353471begstein to the output filters, which is bogus in the proxy case. Create a
35d13495678fd9f0b29d9b9b6f87a49fb13b8d8agstein clean mapping from APR codes to HTTP status codes, and use it where
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj needed. [Graham Leggett]
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) mod_proxy: Ensure network errors detected by the proxy are returned as
d5defd5a0c5cdbaf74b85939484dc2b6c8317d19manoj 504 Gateway Timout as opposed to 502 Bad Gateway, in order to be
d5defd5a0c5cdbaf74b85939484dc2b6c8317d19manoj compliant with RFC2616 14.9.4 Cache Revalidation and Reload Controls.
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj [Basant Kumar Kukreja <basant.kukreja sun.com>, Alejandro Alvarez
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) core, mod_ssl: Enable the ability for a module to reverse the sense of
0bff2f28ef945280c17099c142126178a78e1e54manoj a poll event from a read to a write or vice versa. This is a step on
0bff2f28ef945280c17099c142126178a78e1e54manoj the way to allow mod_ssl taking full advantage of the event MPM.
0bff2f28ef945280c17099c142126178a78e1e54manoj [Graham Leggett]
09bd86d0db1114ee23eda0a6eb76ca055877a1cftrawick *) mod_ldap: LDAP connections used for authentication were not respecting
09bd86d0db1114ee23eda0a6eb76ca055877a1cftrawick LDAPConnectionPoolTimeout. PR 54587
09bd86d0db1114ee23eda0a6eb76ca055877a1cftrawick *) core: ap_rgetline_core now pulls from r->proto_input_filters.
fb777d35fc4730c312e161b3d803ae32700f6ca7sascha *) mod_proxy_html: process parsed comments immediately.
fb777d35fc4730c312e161b3d803ae32700f6ca7sascha Fixes bug where parsed comments may be lost. [Nick Kew]
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) mod_proxy_html: introduce doctype for HTML 5 [Nick Kew]
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) mod_proxy_html: fix typo-bug processing "strict" vs "transitional"
dbf0c7bef06259486cd2748a2d0e82f27e099d6efielding *) core: Add option to add valgrind support. Use it to reduce false positive
dbf0c7bef06259486cd2748a2d0e82f27e099d6efielding warnings in mod_ssl. [Stefan Fritsch]
bd929c73ef04789b7183b840d8db6e01d03a4d86rbb *) mod_authn_file, mod_authn_dbd, mod_authn_dbm, mod_authn_socache:
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj Cache the result of the most recent password hash verification for every
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj keep-alive connection. This saves some expensive calculations.
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj [Stefan Fritsch]
f6a6245816cd866361da8c576b1f47c7a54b6610fanf *) http: Remove support for Request-Range header sent by Navigator 2-3 and
f6a6245816cd866361da8c576b1f47c7a54b6610fanf MSIE 3. [Stefan Fritsch]
f6a6245816cd866361da8c576b1f47c7a54b6610fanf *) core, http: Extend HttpProtocol with an option to enforce stricter HTTP
f6a6245816cd866361da8c576b1f47c7a54b6610fanf conformance or to only log the found problems. [Stefan Fritsch]
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) core: Correctly parse an IPv6 literal host specification in an absolute
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj URL in the request line. [Stefan Fritsch]
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) EventOpt MPM
d6b3cb141f0667101c1bca883ad15b383402c93bfielding *) core: Add LogLevelOverride directive that allows to override the
d6b3cb141f0667101c1bca883ad15b383402c93bfielding loglevel for clients from certain IPs. This also works for things
d6b3cb141f0667101c1bca883ad15b383402c93bfielding like the SSL handshake where <If> LogLevel ... </If> is evaluated
d6b3cb141f0667101c1bca883ad15b383402c93bfielding too late. [Stefan Fritsch]
1e088f9182ba67f39713fcb850e11934be5f6d17gstein *) core: Add new directive Warning to issue warnings from a configuration
1e088f9182ba67f39713fcb850e11934be5f6d17gstein file. Both Warning and Error now generate a timestamped log message.
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj [Fabien Coelho]
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) ap_expr: Add SERVER_PROTOCOL_VERSION, ..._MAJOR, and ..._MINOR
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj variables. [Stefan Fritsch]
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) core: New directive RegisterHttpMethod for registering non-standard
ae6907470ddf23ab7c6b506e6407cc5372f9c0dftrawick HTTP methods. [Stefan Fritsch]
ae6907470ddf23ab7c6b506e6407cc5372f9c0dftrawick *) core: New directive HttpProtocol which allows to disable HTTP/0.9
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj support. [Stefan Fritsch]
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) mod_allowhandlers: New module to forbid specific handlers for specific
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj directories. [Stefan Fritsch]
2a6c49cfaef5979a5a06098f3ce987cd76769409manoj *) mod_systemd: New module, for integration with systemd on Linux.
d6b3cb141f0667101c1bca883ad15b383402c93bfielding [Jan Kaluza <jkaluza redhat.com>]
d6b3cb141f0667101c1bca883ad15b383402c93bfielding *) WinNT MPM: Store pid and generation for each thread in scoreboard
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
setuid/setgid capability bits rather than a setuid root binary.
[Matthew Steele <mdsteele google.com>]
passing through the server in such a way that connections and/or
Apache 2.4.xx tree as documented below, except as noted.]
Changes with Apache 2.4.x and later:
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later: