CHANGES revision 87587593f1a53030e840acc0dec6cc881022ea40
d3ed5b56cb6b58f87ffd125bed48f7668f13de1edirkx -*- coding: utf-8 -*-
842ae4bd224140319ae7feec1872b93dfd491143fieldingChanges with Apache 2.3.3
842ae4bd224140319ae7feec1872b93dfd491143fielding *) SECURITY: CVE-2009-3095 (cve.mitre.org)
842ae4bd224140319ae7feec1872b93dfd491143fielding mod_proxy_ftp: sanity check authn credentials.
842ae4bd224140319ae7feec1872b93dfd491143fielding [Stefan Fritsch <sf fritsch.de>, Joe Orton]
893328ef6ff86d0ca27774778d84410353789fb0fielding *) SECURITY: CVE-2009-3094 (cve.mitre.org)
0202d2114cc6d7042995100519cce45c808c153bnd mod_proxy_ftp: NULL pointer dereference on error paths.
893328ef6ff86d0ca27774778d84410353789fb0fielding [Stefan Fritsch <sf fritsch.de>, Joe Orton]
0202d2114cc6d7042995100519cce45c808c153bnd *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
0202d2114cc6d7042995100519cce45c808c153bnd when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
0202d2114cc6d7042995100519cce45c808c153bnd LDAPReferralHopLimit is explicitly configured.
0202d2114cc6d7042995100519cce45c808c153bnd [Eric Covener]
893328ef6ff86d0ca27774778d84410353789fb0fielding *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
893328ef6ff86d0ca27774778d84410353789fb0fielding [Eric Covener]
0d50a692ff2ac7bdb42e417737ed86ebf0a41671ben *) mod_ssl: Add support for OCSP Stapling. PR 43822.
14eccd0082c748ae3464dc2459430ff0772b5107sf [Dr Stephen Henson <shenson oss-institute.org>]
14eccd0082c748ae3464dc2459430ff0772b5107sf *) mod_socache_shmcb: Allow parens in file name if cache size is given.
14eccd0082c748ae3464dc2459430ff0772b5107sf Fixes SSLSessionCache directive mis-parsing parens in pathname.
14eccd0082c748ae3464dc2459430ff0772b5107sf PR 47945. [Stefan Fritsch]
14eccd0082c748ae3464dc2459430ff0772b5107sf *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
14eccd0082c748ae3464dc2459430ff0772b5107sf *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
14eccd0082c748ae3464dc2459430ff0772b5107sf *) mod_sed: Reduce memory consumption when processing very long lines.
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz *) ab: Fix segfault in case the argument for -n is a very large number.
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz PR 47178. [Philipp Hagemeister <oss phihag.de>]
928f622b54e87afbbaba6add8aef8066ca16a040wrowe *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz [Stefan Fritsch]
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz for worker MPM. [Takashi Sato]
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz Brian France <brian brianfrance.com>]
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz *) Build: Use install instead of cp if available on installing
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz *) mod_cache: correctly consider s-maxage in cacheability
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz decisions. [Dan Poirier]
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz *) mod_logio/core: Report more accurate byte counts in mod_status if
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz mod_logio is loaded. PR 25656. [Stefan Fritsch]
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz some cache entries and log a warning. Also increase the default
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz LDAPSharedCacheSize to 500000. This is a more realistic size suitable
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz PR 46749. [Stefan Fritsch]
893328ef6ff86d0ca27774778d84410353789fb0fielding *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
893328ef6ff86d0ca27774778d84410353789fb0fielding the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
0b7037d0efc1cd510ee12e8a35c982c3f2da0353pquerna Location section, in line with how ProxyPass works. [Graham Leggett]
90b402e944318ae02afd50911eae6da1910f661dpquerna *) mod_reqtimeout: New module to set timeouts and minimum data rates for
a9de7b69548bd69bfc84e9eea6a8215db2640deftakashi receiving requests from the client. [Stefan Fritsch]
90b402e944318ae02afd50911eae6da1910f661dpquerna *) core: Fix potential memory leaks by making sure to not destroy
90b402e944318ae02afd50911eae6da1910f661dpquerna bucket brigades that have been created by earlier filters.
c5694b1d7dca4f561ebce416b5ffacf856f825aawrowe [Stefan Fritsch]
90b402e944318ae02afd50911eae6da1910f661dpquerna *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
90b402e944318ae02afd50911eae6da1910f661dpquerna brigades in several places. [Stefan Fritsch]
90b402e944318ae02afd50911eae6da1910f661dpquerna *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
90b402e944318ae02afd50911eae6da1910f661dpquerna match by scheme, or by a wildcarded hostname. PR 40169
90b402e944318ae02afd50911eae6da1910f661dpquerna [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
893328ef6ff86d0ca27774778d84410353789fb0fielding *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
91ea8a85362a63522578e4d59fc6bfe37bc8df17trawick on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
91ea8a85362a63522578e4d59fc6bfe37bc8df17trawick *) mod_mime: Make RemoveType override the info from TypesConfig.
893328ef6ff86d0ca27774778d84410353789fb0fielding PR 38330. [Stefan Fritsch]
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem *) mod_cache: Introduce the option to run the cache from within the
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem normal request handler, and to allow fine grained control over
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem where in the filter chain content is cached. [Graham Leggett]
90b402e944318ae02afd50911eae6da1910f661dpquerna *) core: Treat timeout reading request as 408 error, not 400.
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem Log 408 errors in access log as was done in Apache 1.3.x.
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem Stefan Fritsch <sf fritsch.de>, Dan Poirier]
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
90b402e944318ae02afd50911eae6da1910f661dpquerna SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem PR15866. [Dan Poirier]
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem *) ab: ab segfaults in verbose mode on https sites
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem PR46393. [Ryan Niebur]
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem *) mod_dav: Allow other modules to become providers and add resource types
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem Brian France <brian brianfrance.com>]
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem *) mod_dav: Allow other modules to add things to the DAV or Allow headers
91ea8a85362a63522578e4d59fc6bfe37bc8df17trawick of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem Brian France <brian brianfrance.com>]
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem *) core: Lower memory usage of core output filter.
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem [Stefan Fritsch <sf sfritsch.de>]
0b7037d0efc1cd510ee12e8a35c982c3f2da0353pquerna *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
0b7037d0efc1cd510ee12e8a35c982c3f2da0353pquerna LocationMatch sections. PR47754. [Dan Poirier]
893328ef6ff86d0ca27774778d84410353789fb0fielding *) mod_request: Make sure the KeptBodySize directive rejects values
893328ef6ff86d0ca27774778d84410353789fb0fielding that aren't valid numbers. [Graham Leggett]
893328ef6ff86d0ca27774778d84410353789fb0fielding *) mod_session_crypto: Sanity check should the potentially encrypted
893328ef6ff86d0ca27774778d84410353789fb0fielding session cookie be too short. [Graham Leggett]
893328ef6ff86d0ca27774778d84410353789fb0fielding *) mod_session.c: Prevent a segfault when session is added but not
623882f55701a4c5a6bded180f60d86a524ac341sascha configured. [Graham Leggett]
e07615ab3b59412d79eebb8d5b12f488e77c14a7jorton *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
c066cdcb75ca262e424345b347b86e7ce2285869jerenkrantz *) mod_auth_digest: Fail server start when nonce count checking
c15906bab97b9b71b6dc08c1aa2f5c0b72b5ca4edreid is configured without shared memory, or md5-sess algorithm is
c15906bab97b9b71b6dc08c1aa2f5c0b72b5ca4edreid configured. [Dan Poirier]
96e6cafca226a8a2a64a7bbdc634b5b2679c9e0csascha *) mod_proxy_connect: The connect method doesn't work if the client is
893328ef6ff86d0ca27774778d84410353789fb0fielding connecting to the apache proxy through an ssl socket. Fixed.
893328ef6ff86d0ca27774778d84410353789fb0fielding PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
893328ef6ff86d0ca27774778d84410353789fb0fielding David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz Kevin Croft, Rudolf Cardinal]
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem *) mod_ssl: The error message when SSLCertificateFile is missing should
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem at least give the name or position of the problematic virtual host
893328ef6ff86d0ca27774778d84410353789fb0fielding definition. [Stefan Fritsch sf sfritsch.de]
893328ef6ff86d0ca27774778d84410353789fb0fielding *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
c5694b1d7dca4f561ebce416b5ffacf856f825aawrowe *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz *) mod_headers: generalise the envclause to support expression
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz evaluation with ap_expr parser [Nick Kew]
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
59b1b6c3fd51c83c3bb9f02a8f08751335f9fb1dminfrin the flood of requests at bay that strike a backend webserver as
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz a cached entity goes stale. [Graham Leggett]
b399779260ac6f6ad2e808df429a496527648323jorton *) mod_auth_digest: Fix usage of shared memory and re-enable it.
b399779260ac6f6ad2e808df429a496527648323jorton PR 16057 [Dan Poirier]
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem *) Preserve Port information over internal redirects
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem rather than BAD_GATEWAY or (especially) NOT_FOUND.
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem PR 46971 [evanc nortel.com]
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem *) Various modules: Do better checking of pollset operations in order to
893328ef6ff86d0ca27774778d84410353789fb0fielding avoid segmentation faults if they fail. PR 46467
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem [Stefan Fritsch <sf sfritsch.de>]
c5694b1d7dca4f561ebce416b5ffacf856f825aawrowe *) mod_autoindex: Correctly create an empty cell if the description
1e5333ef1a0edb888d75c0cdd90b33fa7e89fc31wsanchez for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
99d360dcbb5ac2be27694be74cc6124dbadf3315jerenkrantz *) ab: Fix broken error messages after resolver or connect() failures.
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem [Jeff Trawick]
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem *) SECURITY: CVE-2009-1890 (cve.mitre.org)
eb06d6a7dc2a6609217689ee5e430d87637ef9e6rpluem Fix a potential Denial-of-Service attack against mod_proxy in a
1e5333ef1a0edb888d75c0cdd90b33fa7e89fc31wsanchez reverse proxy configuration, where a remote attacker can force a
1d13cbde60ace1b56ca57b9f0f74168bb1288174trawick proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
80b1e2ff2e3515fdab14675684b2640ceb6ce1c7trawick *) SECURITY: CVE-2009-1191 (cve.mitre.org)
1d13cbde60ace1b56ca57b9f0f74168bb1288174trawick mod_proxy_ajp: Avoid delivering content from a previous request which
9045837071eae7a4b55204a21f31ccee17749af3jerenkrantz failed to send a request body. PR 46949 [Ruediger Pluem]
ab44eb80e084a02a66a58336d6fcfbbe48310439trawick *) htdbm: Fix possible buffer overflow if dbm database has very
9045837071eae7a4b55204a21f31ccee17749af3jerenkrantz long values. PR 30586 [Dan Poirier]
ab44eb80e084a02a66a58336d6fcfbbe48310439trawick *) core: Return APR_EOF if request body is shorter than the length announced
9045837071eae7a4b55204a21f31ccee17749af3jerenkrantz by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
893328ef6ff86d0ca27774778d84410353789fb0fielding *) mod_suexec: correctly set suexec_enabled when httpd is run by a
893328ef6ff86d0ca27774778d84410353789fb0fielding non-root user and may have insufficient permissions.
544c23d79a3a7596a3612224ed3ac9fa8372929djerenkrantz PR 42175 [Jim Radford <radford blackbean.org>]
893328ef6ff86d0ca27774778d84410353789fb0fielding *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
893328ef6ff86d0ca27774778d84410353789fb0fielding type. PR 45107. [Michael Ströder <michael stroeder.com>,
e07615ab3b59412d79eebb8d5b12f488e77c14a7jorton *) mod_proxy_http: fix case sensitivity checking transfer encoding
4cb8bb9049d1643295ebda12c76dad441ddc2228jim *) mod_alias: ensure Redirect issues a valid URL.
4cb8bb9049d1643295ebda12c76dad441ddc2228jim PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
4028d805f3ab215e39bae405d35e001a538bc50eminfrin *) mod_dir: add FallbackResource directive, to enable admin to specify
4028d805f3ab215e39bae405d35e001a538bc50eminfrin an action to happen when a URL maps to no file, without resorting
4028d805f3ab215e39bae405d35e001a538bc50eminfrin to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
4028d805f3ab215e39bae405d35e001a538bc50eminfrin *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
4028d805f3ab215e39bae405d35e001a538bc50eminfrin CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
4028d805f3ab215e39bae405d35e001a538bc50eminfrin *) mod_rewrite: Remove locking for writing to the rewritelog.
4028d805f3ab215e39bae405d35e001a538bc50eminfrin PR 46942 [Dan Poirier <poirier pobox.com>]
4028d805f3ab215e39bae405d35e001a538bc50eminfrin *) mod_alias: check sanity in Redirect arguments.
4028d805f3ab215e39bae405d35e001a538bc50eminfrin PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
4028d805f3ab215e39bae405d35e001a538bc50eminfrin *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
4028d805f3ab215e39bae405d35e001a538bc50eminfrin PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
4028d805f3ab215e39bae405d35e001a538bc50eminfrin *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
4028d805f3ab215e39bae405d35e001a538bc50eminfrin defined session identifiers encoded in the URL when caching.
4028d805f3ab215e39bae405d35e001a538bc50eminfrin [Ruediger Pluem]
f0528865c2e6c22ecc51eeecc496251489029bddjorton *) mod_rewrite: Fix the error string returned by RewriteRule.
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf argument of RewriteRule was not started with "[" or not ended with "]".
3f24a3e2c43302efecc8aa3a6c0cc7ee823481d0rjung PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
3f24a3e2c43302efecc8aa3a6c0cc7ee823481d0rjung *) Windows: Fix usage message.
8fae12696bce44be9ce4c56888690cad8ac7b8f9sf [Rainer Jung]
893328ef6ff86d0ca27774778d84410353789fb0fielding *) apachectl: When passing through arguments to httpd in
[Marko Kevac <mkevac gmail.com>]
as A/UX, Next, and Tandem. [Jeff Trawick]
directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
of module state across unload/load. [Jeff Trawick]
[Dan Poirier <poirier pobox.com>]
[Geoff Keating <geoffk apple.com>]
with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
a media type has not been configured via mime.types, AddType,
[Ryan Phillips <ryan-apache trolocsis.com>]
[<tlhackque yahoo.com>]
*) prefork: Fix child process hang during graceful restart/stop in
*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
times out before returning status line/headers.
PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
[Theo Schlossnagle <jesus omniti.com>, Paul Querna]
modules/proxy/balancers [Jim Jagielski]
privileges and Unix user/group IDs [Nick Kew]
logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
*) unixd: turn existing code into a module, and turn the set user/group
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
*) Export and install the mod_rewrite.h header to ensure the optional
*) New module mod_sed: filter Request/Response bodies through sed
null value. [David Shane Holden <dpejesh apache.org>]
*) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
*) configure: Don't reject libtool 2.x
overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
PR 44799 [Christian Wenz <christian wenz.org>]
both inside and outside the location/directory sections, as
form request with the type of application/x-www-form-urlencoded.
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
can be created with test/make_sni.sh [Dirk-Willem van Gulik].
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
[David Jones <oscaremma gmail.com>]
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Stijn Hoop <stijn sandcat.nl>]
[Niklas Edmundsson <nikke acc.umu.se>]
final name. [Davi Arnaut <davi haxent.com.br>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later:
Changes with Apache 1.3.x and later: