710N/A[ When backported to
2.2.x, remove entry from this file ]
710N/A *) mod_proxy_ajp: Fix wrongly formatted requests where client
710N/A sets Content-Length header, but doesn't provide a body.
710N/A Servlet container always expects that next packet is
710N/A body whenever C-L is present in the headers. This can lead
710N/A to wrong interpretation of the packets. In this case
710N/A send the empty body packet, so container can deal with
710N/A *) mod_authnz_ldap: don't return NULL-valued environment variables to
710N/A *) Don't adjust case in pathname components that are not of interest
710N/A to mod_mime. Fixes mod_negotiation's use of such components.
1472N/A *) Add new LogFormat parameter, %k, which logs the number of
1472N/A keepalive requests on this connection for this request..
710N/A *) Be tolerant in what you accept - accept slightly broken
1879N/A status lines from a backend provide they include a valid status code.
1879N/A *) mod_auth_form: Make sure that basic authentication is correctly
1879N/A faked directly after login. [Graham Leggett]
710N/A *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
710N/A within the output headers and error output headers, so that the
710N/A session is maintained across redirects. [Graham Leggett]
710N/A *) mod_auth_form: Make sure the logged in user is populated correctly
2204N/A after a form login. Fixes a missing REMOTE_USER variable directly
2204N/A following a login. [Graham Leggett]
710N/A *) mod_session_cookie: Make sure that cookie attributes are correctly
710N/A included in the blank cookie when cookies are removed. This fixes an
710N/A inability to log out when using mod_auth_form. [Graham Leggett]
710N/A *) mod_autoindex: add configuration option to insert string
710N/A in HTML HEAD. [Nick Kew]
1299N/A *) mod_ssl: implement dynamic mutex callbacks for the benefit of
710N/A *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
710N/A *) mod_headers: Prevent Header edit from processing only the first header
1427N/A of possibly multiple headers with the same name and deleting the
3932N/A remaining ones. PR 45333. [Ruediger Pluem]
3932N/A *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
3932N/A *) core, authn/z: Determine registered authn/z providers directly in
3932N/A ap_setup_auth_internal(), which allows optional functions that just
3932N/A wrapped ap_list_provider_names() to be removed from authn/z modules.
710N/A *) authn/z: Convert common provider version strings to macros.
710N/A *) ab: Make
ab.c compile on VC6. PR 45024 [Ruediger Pluem]
3932N/A *) core: When testing for slash-terminated configuration paths in
3932N/A ap_location_walk(), don't look past the start of an empty string
3932N/A such as that created by a <Location ""> directive.
3932N/A *) core, mod_proxy: If a kept_body is present, it becomes safe for
3932N/A subrequests to support message bodies. Make sure that safety
710N/A checks within the core and within the proxy are not triggered
3932N/A when kept_body is present. This makes it possible to embed
3932N/A proxied POST requests within mod_include. [Graham Leggett]
3932N/A *) mod_auth_form: Make sure the input filter stack is properly set
3932N/A up before reading the login form. Make sure the kept body filter
710N/A is correctly inserted to ensure the body can be read a second
3932N/A time safely should the authn be successful. [Graham Leggett,
3932N/A *) mod_request: Insert the KEPT_BODY filter via the insert_filter
3932N/A hook instead of during fixups. Add a safety check to ensure the
1427N/A filters cannot be inserted more than once. [Graham Leggett,
3932N/A *) core: Do not allow Options ALL if not all options are allowed to be
3932N/A overwritten. PR 44262 [Michał Grzędzicki <lazy
iq.pl>]
3932N/A *) ap_cache_cacheable_headers_out() will (now) always
3932N/A merge an error heaeders _before_ clearing them and _before_
3932N/A merging in the actual entity headers and doing normal
3932N/A hop-by-hop cleansing. [Dirk-Willem van Gulik].
3932N/A *) cache: retire ap_cache_cacheable_hdrs_out() which was used
710N/A for both in- and out-put headers; and replace it by a single
3932N/A ap_cache_cacheable_headers() wrapped in a in- and out-put
3932N/A specific ap_cache_cacheable_headers_in()/out(). The latter
3932N/A which will also merge error and ensure content-type. To keep
3932N/A cache modules consistent with ease. This API change bumps
3932N/A up the minor MM by one [Dirk-Willem van Gulik].
3932N/A *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
3932N/A *) Move the KeptBodySize directive, kept_body filters and the
3932N/A ap_parse_request_body function out of the http module and into a
3932N/A new module called mod_request, reducing the size of the core.
3932N/A *) mod_dbd: Handle integer configuration directive parameters with a
3932N/A *) Change the directives within the mod_session* modules to be valid
3932N/A suggested by wrowe. [Graham Leggett]
710N/A *) mod_auth_form: Add a module capable of allowing end users to log
3932N/A in using an HTML form, storing the credentials within mod_session.
3932N/A *) Add a function to the http filters that is able to parse an HTML
3932N/A *) mod_session_crypto: Initialise SSL in the post config hook.
3932N/A [Ruediger Pluem, Graham Leggett]
3932N/A *) mod_session_dbd: Add a session implementation capable of storing
3932N/A session information in a SQL database via the dbd interface. Useful
3932N/A for sites where session privacy is important. [Graham Leggett]
3932N/A *) mod_session_crypto: Add a session encoding implementation capable
3932N/A of encrypting and decrypting sessions wherever they may be stored.
3932N/A Introduces a level of privacy when sessions are stored on the
3932N/A *) mod_session_cookie: Add a session implementation capable of storing
3932N/A session information within cookies on the browser. Useful for high
710N/A volume sites where server bound sessions are too resource intensive.
3932N/A *) mod_session: Add a generic session interface to unify the different
3932N/A attempts at saving persistent sessions across requests.
3932N/A *) core, authn/z: Avoid calling access control hooks for internal requests
3932N/A with configurations which match those of initial request. Revert to
3932N/A original behaviour (call access control hooks for internal requests
3932N/A with URIs different from initial request) if any access control hooks or
3932N/A providers are not registered as permitting this optimization.
3932N/A Introduce wrappers for access control hook and provider registration
710N/A which can accept additional mode and flag data. [Chris Darroch]
3932N/A *) Introduced ap_expr API for expression evaluation.
3932N/A This is adapted from mod_include, which is the first module
3932N/A AuthzDBDRedirectQuery, do not report authorization failure, and use
3932N/A first row returned by database query instead of last row.
3932N/A *) mod_ldap: Correctly return all requested attribute values
3932N/A when some attributes have a null value.
3932N/A *) core: check symlink ownership if both FollowSymlinks and