CHANGES revision 7bf4eb9638a127fbfbc402d2c0e4ec0085934cf0
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin -*- coding: utf-8 -*-
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrinChanges with Apache 2.3.15
8e8e6d90e74a6646ed697edb7238862f708dd6f7nd *) SECURITY: CVE-2011-3348 (cve.mitre.org)
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin recognized. [Jean-Frederic Clere]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) SECURITY: CVE-2011-3192 (cve.mitre.org)
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin core: Fix handling of byte-range requests to use less memory, to avoid
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin denial of service. If the sum of all ranges in a request is larger than
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin the original file, ignore the ranges and send the complete file.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin <lowprio20 gmail.com>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Add convenience API for apr_random. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Add MaxRangeOverlaps and MaxRangeReversals directives to control
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin the number of overlapping and reversing ranges (respectively) permitted
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin before returning the entire resource, with a default limit of 20.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Jim Jagielski]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ldap: Optional function uldap_ssl_supported(r) always returned false
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin if called from a virtual host with mod_ldap directives in it. Did not
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin affect mod_authnz_ldap's usage of mod_ldap. [Eric Covener]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_filter: Instead of dropping the Accept-Ranges header when a filter
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin registered with AP_FILTER_PROTO_NO_BYTERANGE is present,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin set the header value to "none". [Eric Covener, Ruediger Pluem]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Allow MaxRanges none|unlimited|default and set 'Accept-Ranges: none'
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin in the case Ranges are being ignored with MaxRanges none.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Eric Covener]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl: revamp CRL-based revocation checking when validating
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin certificates of clients or proxied servers. Completely delegate
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin CRL processing to OpenSSL, and add a new [Proxy]CARevocationCheck
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin directive for controlling the revocation checking mode. [Kaspar Brand]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Add MaxRanges directive to control the number of ranges permitted
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin before returning the entire resource, with a default limit of 200.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Eric Covener]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_cache: Ensure that CacheDisable can correctly appear within
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin a LocationMatch. [Graham Leggett]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_cache: Fix the moving of the CACHE filter, which erroneously
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin stood down if the original filter was not added by configuration.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Graham Leggett]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl: improve certificate error logging. PR 47408. [Kaspar Brand]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_authz_groupfile: Increase length limit of lines in the group file to
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin 16MB. PR 43084. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Increase length limit of lines in the configuration file to 16MB.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin PR 45888. PR 50824. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Add API for resizable buffers. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ldap: Enable LDAPConnectionTimeout for LDAP toolkits that have
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin LDAP_OPT_CONNECT_TIMEOUT instead of LDAP_OPT_NETWORK_TIMEOUT, such
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin as Tivoli Directory Server 6.3 and later. [Eric Covener]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ldap: Change default number of retries from 10 to 3, and add
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin an LDAPRetries and LDAPRetryDelay directives. [Eric Covener]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_authnz_ldap: Don't retry during authentication, because this just
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin multiplies the ample retries already being done by mod_ldap. [Eric Covener]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) configure: Allow to explicitly disable modules even with module selection
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin 'reallyall'. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_rewrite: Check validity of each internal (int:) RewriteMap even if the
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin RewriteEngine is disabled in server context, avoiding a crash while
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin referencing the invalid int: map at runtime. PR 50994.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Ben Noordhuis <info noordhuis nl>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl, configure: require OpenSSL 0.9.7 or later. [Kaspar Brand]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl: remove ssl_toolkit_compat layer. [Kaspar Brand]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl, configure, ab: drop support for RSA BSAFE SSL-C toolkit.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Kaspar Brand]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_usertrack: Run mod_usertrack earlier in the fixups hook to ensure the
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin cookie is set when modules such as mod_rewrite trigger a redirect. Also
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin use r->err_headers_out for the cookie, for the same reason. PR29755.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Sami J. Mäkinen <sjm almamedia fi>, Eric Covener]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy_http, mod_proxy_connect: Add 'proxy-status' and
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin 'proxy-source-port' request notes for logging. PR 30195. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) configure: Enable ldap modules in 'all' and 'most' selections if ldap
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin is compiled into apr-util. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Add ap_check_cmd_context()-check if a command is executed in
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin .htaccess file. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_deflate: Fix endless loop if first bucket is metadata. PR 51590.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Torsten Foertsch <torsten foertsch gmx net>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrinChanges with Apache 2.3.14
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy_ajp: Improve trace logging. [Rainer Jung]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy_ajp: Respect "reuse" flag in END_REPONSE packets.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Rainer Jung]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy: enable absolute URLs to be rewritten with ProxyPassReverse,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin e.g. to reverse proxy "Location: https://other-internal-server/login"
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) prefork, worker, event: Make sure crashes are logged to the error log if
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin httpd has already detached from the console. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) prefork, worker, event: Reduce period during startup/restart where a
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin successive signal may be lost. PR 43696. [Arun Bhalla <arun shme net>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_allowmethods: Correct Merging of "reset" and do not allow an
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin empty parameter list for the AllowMethods directive. [Rainer Jung]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) configure: Update selection of modules for 'all' and 'most'. 'all' will
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin now enable all modules except for example and test modules. Make the
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin selection for 'most' more useful (including ssl and proxy). Both 'all'
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin and 'most' will now disable modules if dependencies are missing instead
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin of aborting. If a specific module is requested with --enable-XXX=yes,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin missing dependencies will still cause configure to exit with an error.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ldap: Revert the integration of apr-ldap as ap_ldap which was done
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin in 2.3.13. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: For '*' or '_default_' vhosts, use a wildcard address of any
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin address family, rather than IPv4 only. [Joe Orton]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core, mod_rewrite, mod_ssl, mod_nw_ssl: Make the SERVER_NAME variable
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin include [ ] for literal IPv6 addresses, as mandated by RFC 3875.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin PR 26005. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_negotiation: Fix parsing of Content-Length in type maps. PR 42203.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Nagae Hidetake <nagae eagan jp>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Add more logging to ap_scan_script_header_err* functions. Add
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin ap_scan_script_header_err*_ex functions that take a module index for
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin mod_cgi, mod_cgid, mod_proxy_fcgi, mod_proxy_scgi, mod_isapi: Use the
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin new functions in order to make logging configurable per-module.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_dir: Add DirectoryIndexRedirect to send an external redirect to
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin the proper index. [Eric Covener]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_deflate: Don't try to compress requests with a zero sized body.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin PR 51350. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Fix startup on IP6-only systems. PR 50592. [Joe Orton,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin <root linkage white-void net>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) suexec: Add environment variables CONTEXT_DOCUMENT_ROOT, CONTEXT_PREFIX,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin REDIRECT_ERROR_NOTES, REDIRECT_SCRIPT_FILENAME, REQUEST_SCHEME to the
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin whitelist in suexec. PR 51499. [Graham Laverty <graham reg ca>,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_rewrite: Fix regexp RewriteCond with NoCase. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_log_debug: New module that allows to log custom messages at various
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin phases in the request processing. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl: Add some debug logging when loading server certificates.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin PR 37912. [Nick Burch <nick burch alfresco com>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) configure: Support reallyall option also for --enable-mods-static.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Rainer Jung]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_socache_dc: add --with-distcache to configure for choosing
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin the distcache installation directory. [Rainer Jung]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_socache_dc: use correct build variable MOD_SOCACHE_DC_LDADD
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin instead of MOD_SOCACHE_LDADD in build macro. [Rainer Jung]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_lua, mod_deflate: respect platform specific runpath linker
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin flag. [Rainer Jung]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) configure: Only link the httpd binary against PCRE. No other support
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin binary needs PCRE. [Rainer Jung]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) configure: tolerate dependency checking failures for modules if
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin they have been enabled implicitely. [Rainer Jung]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) configure: Allow to specify module specific custom linker flags via
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin the MOD_XXX_LDADD variables. [Rainer Jung]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrinChanges with Apache 2.3.13
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) ab: Support specifying the local address to use. PR 48930.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Peter Schuller <scode spotify com>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Add support to ErrorLogFormat for logging the system unique
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin thread id under Linux. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) event: New AsyncRequestWorkerFactor directive to influence how many
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin connections will be accepted per process. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) prefork, worker, event: Rename MaxClients to MaxRequestWorkers which
99bfe4427761b6bb735aa1dd6a24e72313da0820jailletc describes more accurately what it does. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) rotatelogs: Add -p argument to specify custom program to invoke
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin after a log rotation. PR 51285. [Sven Ulland <sveniu ifi.uio.no>,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl: Don't do OCSP checks for valid self-issued certs. [Kaspar Brand]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl: Avoid unnecessary renegotiations with SSLVerifyDepth 0.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin PR 48215. [Kaspar Brand]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_status: Display information about asynchronous connections in the
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin server-status. PR 44377. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mpm_event: If the number of connections of a process is very high, or if
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin all workers are busy, don't accept new connections in that process.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mpm_event: Process lingering close asynchronously instead of tying up
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin worker threads. [Jeff Trawick, Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mpm_event: If MaxMemFree is set, limit the number of pools that is kept
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin around. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mpm_event: Fix graceful restart aborting connections. PR 43359.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Takashi Sato <takashi lans-tv com>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl: Disable AECDH ciphers in example config. PR 51363.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Rob Stradling <rob comodo com>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Introduce new function ap_get_conn_socket() to access the socket of
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin a connection. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_data: Introduce a filter to support RFC2397 data URLs. [Graham
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_userdir/mod_alias/mod_vhost_alias: Correctly set DOCUMENT_ROOT,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin CONTEXT_DOCUMENT_ROOT, CONTEXT_PREFIX. PR 26052. PR 46198.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Allow to override document_root on a per-request basis. Introduce
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin new context_document_root and context_prefix which provide information
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin about non-global URI-to-directory mappings (from e.g. mod_userdir or
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin mod_alias) to scripts. PR 49705. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Add <ElseIf> and <Else> to complement <If> sections.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ext_filter: Remove DebugLevel option in favor of per-module loglevel.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_include: Make the "#if expr" element use the new "ap_expr" expression
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin parser. The old parser can still be used by setting the new directive
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin SSILegacyExprParser. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Add some features to ap_expr for use by mod_include: a restricted
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin mode that does not allow to bypass request access restrictions; new
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin variables DOCUMENT_URI (alias for REQUEST_URI), LAST_MODIFIED; -A as an
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin alias for -U; an additional data entry in ap_expr_eval_ctx_t for use by
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin the consumer; an extensible ap_expr_exec_ctx() API that allows to use that
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin data entry. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_include: Merge directory configs instead of one SSI* config directive
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin causing all other per-directory SSI* config directives to be reset.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_charset_lite: Remove DebugLevel option in favour of per-module
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin loglevel. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Add ap_regexec_len() function that works with non-null-terminated
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin strings. PR 51231. [Yehezkel Horowitz <horowity checkpoint com>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_authnz_ldap: If the LDAP server returns constraint violation,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin don't treat this as an error but as "auth denied". [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy_fcgi|scgi: Add support for "best guess" of PATH_INFO
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin for SCGI/FCGI. PR 50880, 50851. [Mark Montague <mark catseye.org>,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin Jim Jagielski]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_cache: When content is served stale, and there is no means to
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin revalidate the content using ETag or Last-Modified, and we have
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin mandated no stale-on-error behaviour, stand down and don't cache.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin Saves a cache write that will never be read.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Graham Leggett]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_reqtimeout: Fix a timed out connection going into the keep-alive
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin state after a timeout when discarding a request body. PR 51103.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Add various file existance test operators to ap_expr.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy_express: New mass reverse-proxy switch extension for
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin mod_proxy. [Jim Jagielski]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) configure: Fix script error when configuring module set "reallyall".
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Rainer Jung]
99bfe4427761b6bb735aa1dd6a24e72313da0820jailletcChanges with Apache 2.3.12
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) configure, core: Provide easier support for APR's hook probe
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin capability. [Jim Jagielski, Jeff Trawick]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) Silence autoconf 2.68 warnings. [Rainer Jung]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_authnz_ldap: Resolve crash when LDAP is used for authorization only
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Scott Hill <shill genscape.com>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) support: Make sure check_forensic works with mod_unique_id loaded
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Joe Schaefer]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) Add child_status hook for tracking creation/termination of MPM child
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin processes. Add end_generation hook for notification when the last
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin MPM child of a generation exits. [Jeff Trawick]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ldap: Make LDAPSharedCacheSize 0 create a non-shared-memory cache per
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin process as opposed to disabling caching completely. This allows to use
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin the non-shared-memory cache as a workaround for the shared memory cache
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin not being available during graceful restarts. PR 48958. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) Add new ap_reserve_module_slots/ap_reserve_module_slots_directive API,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin necessary if a module (like mod_perl) registers additional modules late
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin in the startup phase. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Prevent segfault if DYNAMIC_MODULE_LIMIT is reached. PR 51072.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Torsten Förtsch <torsten foertsch gmx net>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) WinNT MPM: Improve robustness under heavy load. [Jeff Trawick]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) MinGW build improvements. PR 49535. [John Vandenberg
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin <jayvdb gmail.com>, Jeff Trawick]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Support module names with colons in loglevel configuration.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Torsten Förtsch <torsten foertsch gmx net>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Abort if the MPM is changed across restart. [Jeff Trawick]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Peter Pramberger <peter pramberger.at>, Jim Jagielski]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy_fcgi: Add support for 'ProxyErrorOverride on'. PR 50913.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Mark Montague <mark catseye.org>, Jim Jagielski]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Change the APIs of ap_cfg_getline() and ap_cfg_getc() to return an
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin error code. Abort with a nice error message if a config line is too long.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin Partial fix for PR 50824. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_info: Dump config to stdout during startup if -DDUMP_CONFIG is
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin specified. PR 31956. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) Restore visibility of DEFAULT_PIDLOG to core and modules. MPM
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin helper function ap_remove_pid() added. [Jeff Trawick]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) Enable DEFAULT_REL_RUNTIMEDIR on Windows and NetWare. [various]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) Correct C++ incompatibility with http_log.h. [Stefan Fritsch, Jeff
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_log_config: Prevent segfault. PR 50861. [Torsten Förtsch
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin in request URL path info but not decode them. Change behavior of option
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin "On" to decode the encoded slashes as 2.0 and 2.2 do. PR 35256,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin PR 46830. [Dan Poirier]
99bfe4427761b6bb735aa1dd6a24e72313da0820jailletc *) mod_ssl: Check SNI hostname against Host header case-insensitively.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin PR 49491. [Mayank Agrawal <magrawal.08 gmail.com>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ldap: Add LDAPConnectionPoolTTL to give control over lifetime
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin of bound backend LDAP connections. PR47634 [Eric Covener]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_cache: Make CacheEnable and CacheDisable configurable per
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin directory in addition to per server, making them work from within
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin a LocationMatch. [Graham Leggett]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) worker, event, prefork: Correct several issues when built as
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin DSOs; most notably, the scoreboard was reinitialized during graceful
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin restart, such that processes of the previous generation were not
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin observable. [Jeff Trawick]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrinChanges with Apache 2.3.11
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_win32: Added shebang check for '! so that .vbs scripts work as CGI.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin Win32's cscript interpreter can only use a single quote as comment char.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Guenter Knauf]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy: balancer-manager now uses POST instead of GET.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Jim Jagielski]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: new util function: ap_parse_form_data(). Previously,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin this capability was tucked away in mod_request. [Jim Jagielski]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: new hook: ap_run_pre_read_request. [Jim Jagielski]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_cache: When a request other than GET or HEAD arrives, we must
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin invalidate existing cache entities as per RFC2616 13.10. PR 15868.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Graham Leggett]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) modules: Fix many modules that were not correctly initializing if they
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin were not active during server startup but got enabled later during a
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin graceful restart. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Create new ap_state_query function that allows modules to determine
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin if the current configuration run is the initial one at server startup,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin and if the server is started for testing/config dumping only.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy: Runtime configuration of many parameters for existing
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin balancers via the balancer-manager. [Jim Jagielski]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy: Runtime addition of new workers (BalancerMember) for existing
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin balancers via the balancer-manager. [Jim Jagielski]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_cache: When a bad Expires date is present, we need to behave as if
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin the Expires is in the past, not as if the Expires is missing. PR 16521.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Co-Advisor <coad@measurement-factory.com>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_cache: We must ignore quoted-string values that appear in a
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin Cache-Control header. PR 50199. [Graham Leggett]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_dav: Revert change to send 501 error if unknown Content-* header is
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin received for a PUT request. PR 42978. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_cache: Respect s-maxage as described by RFC2616 14.9.3, which must
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin take precedence if present. PR 35247. [Graham Leggett]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl: Fix a possible startup failure if multiple SSL vhosts
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin are configured with the same ServerName and private key file.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Masahiro Matsuya <mmatsuya redhat.com>, Joe Orton]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_socache_dc: Make module compile by fixing some typos.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin PR 50735 [Mark Montague <mark catseye.org>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) prefork: Update MPM state in children during a graceful stop or
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin restart. PR 41743. [Andrew Punch <andrew.punch 247realmedia.com>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_mime: Ignore leading dots when looking for mime extensions.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin PR 50434 [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Add support to set variables with the 'Define' directive. The
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin variables that can then be used in the config using the ${VAR} syntax
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin known from envvar interpolation. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy_http: make adding of X-Forwarded-* headers configurable.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin ProxyAddHeaders defaults to On. [Vincent Deffontaines]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_slotmem_shm: Increase memory alignment for slotmem data.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Rainer Jung]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl: Add config options for OCSP: SSLOCSPResponderTimeout,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin SSLOCSPResponseMaxAge, SSLOCSPResponseTimeSkew.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Kaspar Brand <httpd-dev.2011 velox.ch>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl: Revamp output buffering to reduce network overhead for
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin output fragmented into many buckets, such as chunked HTTP responses.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Joe Orton]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Apply <If> sections to all requests, not only to file base requests.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin Allow to use <If> inside <Directory>, <Location>, and <Files> sections.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin The merging of <If> sections now happens after the merging of <Location>
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin sections, even if an <If> section is embedded inside a <Directory> or
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin <Files> section. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy: Refactor usage of shared data by dropping the scoreboard
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin and using slotmem. Create foundation for dynamic growth/changes of
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin members within a balancer. Remove BalancerNonce in favor of a
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin per-balancer 'nonce' parameter. [Jim Jagielski]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_status: Don't show slots which are disabled by MaxClients as open.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin PR: 47022 [Jordi Prats <jordi prats gmail com>, Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mpm_prefork: Fix ap_mpm_query results for AP_MPMQ_MAX_DAEMONS and
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin AP_MPMQ_MAX_THREADS.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_authz_core: Fix bug in merging logic if user-based and non-user-based
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin authorization directives were mixed. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_authn_socache: change directive name from AuthnCacheProvider
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin to AuthnCacheProvideFor. The term "provider" is overloaded in
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin this module, and we should avoid confusion between the provider
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin of a backend (AuthnCacheSOCache) and the authn provider(s) for
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin which this module provides cacheing (AuthnCacheProvideFor).
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_proxy_http: Allocate the fake backend request from a child pool
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin of the backend connection, instead of misusing the pool of the frontend
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin request. Fixes a thread safety issue where buckets set aside in the
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin backend connection leak into other threads, and then disappear when
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin the frontend request is cleaned up, in turn causing corrupted buckets
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin to make other threads spin. [Graham Leggett]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_ssl: Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin escape other special characters with backslashes. The old format can
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin still be used with the LegacyDNStringFormat argument to SSLOptions.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core, mod_rewrite: Make the REQUEST_SCHEME variable available to
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin scripts and mod_rewrite. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_rewrite: Allow to use arbitrary boolean expressions (ap_expr) in
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin RewriteCond. [Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_rewrite: Allow to unset environment variables using E=!VAR.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin PR 49512. [Mark Drayton <mark markdrayton info>, Stefan Fritsch]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) mod_headers: Restore the 2.3.8 and earlier default for the first
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin argument of the Header directive ("onsuccess"). [Eric Covener]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Disallow the mixing of relative and absolute Options PR 33708.
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Sönke Tesch <st kino-fahrplan.de>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: When exporting request headers to HTTP_* environment variables,
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin drop variables whose names contain invalid characters. Describe in the
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: When selecting an IP-based virtual host, favor an exact match for
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin the port over a wildcard (or omitted) port instead of favoring the one
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin that came first in the configuration file. [Eric Covener]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: Overlapping virtual host address/port combinations now implicitly
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin enable name-based virtual hosting for that address. The NameVirtualHost
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin directive has no effect, and _default_ is interpreted the same as "*".
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin [Eric Covener]
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin *) core: In the absence of any Options directives, the default is now
e81d1e4f661023c964899abcbf2a60c2f8278f4aminfrin "FollowSymlinks" instead of "All". [Igor Galić]
to UserDir directive, leaving enable/disable of userlists unmerged.
[Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
*) SECURITY: CVE-2010-1623 (cve.mitre.org)
*) prefork/worker/event MPMS: default value (when no directive is present)
of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
interfering with authentication/authorization. [Paul Querna,
CacheMinExpire and CacheMaxExpire can be set per directory/location.
CacheReadTime can be set per directory/location. [Graham Leggett]
RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
link of the device/inode of the data file to the matching header
*) core/mod_unique_id: Add generate_log_id hook to allow to use
decision hit/miss/revalidate. Add optional support for an X-Cache
and/or an X-Cache-Detail header to add the cache status to the
<dan listening-station.net; trunk version Nick Kew]
[Daniel Ruggeri <DRuggeri primary.net>]
*) SECURITY: CVE-2010-1452 (cve.mitre.org)
*) core/mod_authz_core: Introduce new access_checker_ex hook that enables
IP address/env var/... [Stefan Fritsch]
PR 49616 [Andrey Chernov <ache nagual.pp.ru>]
*) SECURITY: CVE-2009-3555 (cve.mitre.org)
*) SECURITY: CVE-2009-3555 (cve.mitre.org)
configuration which requires renegotiation for per-directory/location
*) SECURITY: CVE-2010-0408 (cve.mitre.org)
*) SECURITY: CVE-2010-0425 (cve.mitre.org)
[Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
APR Util 1.x crypto. [Rainer Jung]
mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
PR 49369 [Matthew Steele <mdsteele google.com>]
to use the HTTP username/pass instead of an anonymous or hard-coded
[Bryn Dole <dole blekko.com>]
to control/set the nonce used in the balancer-manager application.
code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
PR 48944. [Mark Drayton mark markdrayton.info]
[Dr Stephen Henson <steve openssl.org>, William Rowe]
[Ruediger Pluem, Mark Montague <markmont umich.edu>]
*) support/rotatelogs: Add -L option to create a link to the current
log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
*) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
PR 33112 [Joergen Thomsen <apache jth.net>]
*) support/rotatelogs: Support the simplest log rotation case, log
*) support/htcacheclean: Teach it how to write a pid file (modelled on
[Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
*) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
request. [Christian Folini <christian.folini netnea com>]
[Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
*) SECURITY: CVE-2010-0434 (cve.mitre.org)
[Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
PR 41887 [Jan van den Berg <janvdberg gmail.com>]
PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
(See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
*) SECURITY: CVE-2009-3095 (cve.mitre.org)
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
*) SECURITY: CVE-2009-3094 (cve.mitre.org)
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
[Dr Stephen Henson <shenson oss-institute.org>]
PR 47178. [Philipp Hagemeister <oss phihag.de>]
Brian France <brian brianfrance.com>]
modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
*) mod_logio/core: Report more accurate byte counts in mod_status if
for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
[Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
Log 408 errors in access log as was done in Apache 1.3.x.
PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
Stefan Fritsch <sf fritsch.de>, Dan Poirier]
Brian France <brian brianfrance.com>]
Brian France <brian brianfrance.com>]
[Stefan Fritsch <sf sfritsch.de>]
*) mod_session.c: Prevent a segfault when session is added but not
definition. [Stefan Fritsch sf sfritsch.de]
*) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
PR 46971 [evanc nortel.com]
[Stefan Fritsch <sf sfritsch.de>]
for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
PR 42175 [Jim Radford <radford blackbean.org>]
type. PR 45107. [Michael Ströder <michael stroeder.com>,
PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
PR 46942 [Dan Poirier <poirier pobox.com>]
PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
[Marko Kevac <mkevac gmail.com>]
as A/UX, Next, and Tandem. [Jeff Trawick]
directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
of module state across unload/load. [Jeff Trawick]
[Dan Poirier <poirier pobox.com>]
[Geoff Keating <geoffk apple.com>]
with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
a media type has not been configured via mime.types, AddType,
[Ryan Phillips <ryan-apache trolocsis.com>]
[<tlhackque yahoo.com>]
*) prefork: Fix child process hang during graceful restart/stop in
*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
times out before returning status line/headers.
PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
[Theo Schlossnagle <jesus omniti.com>, Paul Querna]
modules/proxy/balancers [Jim Jagielski]
privileges and Unix user/group IDs [Nick Kew]
logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
*) unixd: turn existing code into a module, and turn the set user/group
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
*) New module mod_sed: filter Request/Response bodies through sed
null value. [David Shane Holden <dpejesh apache.org>]
both inside and outside the location/directory sections, as
form request with the type of application/x-www-form-urlencoded.
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnz_ldap: Add support for nested groups (i.e. the ability
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later: