CHANGES revision 89b8bbc89404e7071e573c4f0a17f528996e855d
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff -*- coding: utf-8 -*-
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffChanges with Apache 2.3.3
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) SECURITY: CVE-2009-3095 (cve.mitre.org)
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff mod_proxy_ftp: sanity check authn credentials.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Stefan Fritsch <sf fritsch.de>, Joe Orton]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) SECURITY: CVE-2009-3094 (cve.mitre.org)
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff mod_proxy_ftp: NULL pointer dereference on error paths.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Stefan Fritsch <sf fritsch.de>, Joe Orton]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_ssl: Add support for OCSP Stapling. PR 43822.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Dr Stephen Henson <shenson oss-institute.org>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_socache_shmcb: Allow parens in file name if cache size is given.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Fixes SSLSessionCache directive mis-parsing parens in pathname.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 47945. [Stefan Fritsch]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_sed: Reduce memory consumption when processing very long lines.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) ab: Fix segfault in case the argument for -n is a very large number.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 47178. [Philipp Hagemeister <oss phihag.de>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Stefan Fritsch]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff for worker MPM. [Takashi Sato]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Brian France <brian brianfrance.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) Build: Use install instead of cp if available on installing
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_cache: correctly consider s-maxage in cacheability
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff decisions. [Dan Poirier]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_logio/core: Report more accurate byte counts in mod_status if
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff mod_logio is loaded. PR 25656. [Stefan Fritsch]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff some cache entries and log a warning. Also increase the default
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff LDAPSharedCacheSize to 500000. This is a more realistic size suitable
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 46749. [Stefan Fritsch]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Location section, in line with how ProxyPass works. [Graham Leggett]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_reqtimeout: New module to set timeouts and minimum data rates for
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff receiving requests from the client. [Stefan Fritsch]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) core: Fix potential memory leaks by making sure to not destroy
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff bucket brigades that have been created by earlier filters.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Stefan Fritsch]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff brigades in several places. [Stefan Fritsch]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff match by scheme, or by a wildcarded hostname. PR 40169
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_mime: Make RemoveType override the info from TypesConfig.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 38330. [Stefan Fritsch]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_cache: Introduce the option to run the cache from within the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff normal request handler, and to allow fine grained control over
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff where in the filter chain content is cached. [Graham Leggett]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) core: Treat timeout reading request as 408 error, not 400.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Log 408 errors in access log as was done in Apache 1.3.x.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Stefan Fritsch <sf fritsch.de>, Dan Poirier]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Peter Sylvester <peter.sylvester edelweb.fr>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR15866. [Dan Poirier]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) ab: ab segfaults in verbose mode on https sites
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR46393. [Ryan Niebur]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_dav: Allow other modules to become providers and add resource types
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Brian France <brian brianfrance.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_dav: Allow other modules to add things to the DAV or Allow headers
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Brian France <brian brianfrance.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) core: Lower memory usage of core output filter.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Stefan Fritsch <sf sfritsch.de>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff LocationMatch sections. PR47754. [Dan Poirier]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_request: Make sure the KeptBodySize directive rejects values
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff that aren't valid numbers. [Graham Leggett]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_session_crypto: Sanity check should the potentially encrypted
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff session cookie be too short. [Graham Leggett]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_session.c: Prevent a segfault when session is added but not
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff configured. [Graham Leggett]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_auth_digest: Fail server start when nonce count checking
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff is configured without shared memory, or md5-sess algorithm is
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff configured. [Dan Poirier]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_proxy_connect: The connect method doesn't work if the client is
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff connecting to the apache proxy through an ssl socket. Fixed.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Kevin Croft, Rudolf Cardinal]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_ssl: The error message when SSLCertificateFile is missing should
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff at least give the name or position of the problematic virtual host
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff definition. [Stefan Fritsch sf sfritsch.de]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_headers: generalise the envclause to support expression
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff evaluation with ap_expr parser [Nick Kew]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff the flood of requests at bay that strike a backend webserver as
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff a cached entity goes stale. [Graham Leggett]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_auth_digest: Fix usage of shared memory and re-enable it.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 16057 [Dan Poirier]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) Preserve Port information over internal redirects
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff rather than BAD_GATEWAY or (especially) NOT_FOUND.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 46971 [evanc nortel.com]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) Various modules: Do better checking of pollset operations in order to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff avoid segmentation faults if they fail. PR 46467
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Stefan Fritsch <sf sfritsch.de>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_autoindex: Correctly create an empty cell if the description
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) ab: Fix broken error messages after resolver or connect() failures.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Jeff Trawick]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) SECURITY: CVE-2009-1890 (cve.mitre.org)
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Fix a potential Denial-of-Service attack against mod_proxy in a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff reverse proxy configuration, where a remote attacker can force a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) SECURITY: CVE-2009-1191 (cve.mitre.org)
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff mod_proxy_ajp: Avoid delivering content from a previous request which
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff failed to send a request body. PR 46949 [Ruediger Pluem]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) htdbm: Fix possible buffer overflow if dbm database has very
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff long values. PR 30586 [Dan Poirier]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) core: Return APR_EOF if request body is shorter than the length announced
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_suexec: correctly set suexec_enabled when httpd is run by a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff non-root user and may have insufficient permissions.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 42175 [Jim Radford <radford blackbean.org>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff type. PR 45107. [Michael Ströder <michael stroeder.com>,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_proxy_http: fix case sensitivity checking transfer encoding
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_alias: ensure Redirect issues a valid URL.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_dir: add FallbackResource directive, to enable admin to specify
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff an action to happen when a URL maps to no file, without resorting
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_rewrite: Remove locking for writing to the rewritelog.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 46942 [Dan Poirier <poirier pobox.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_alias: check sanity in Redirect arguments.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff defined session identifiers encoded in the URL when caching.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Ruediger Pluem]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_rewrite: Fix the error string returned by RewriteRule.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff argument of RewriteRule was not started with "[" or not ended with "]".
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) Windows: Fix usage message.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Rainer Jung]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) apachectl: When passing through arguments to httpd in
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff non-SysV mode, use the "$@" syntax to preserve arguments.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Eric Covener]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff be run when a connection is opened. PR 46827
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Marko Kevac <mkevac gmail.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 47037. [Jeff Trawick]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff protocol. [Mladen Turk]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_proxy_ajp: Forward remote port information by default.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Rainer Jung]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) Allow MPMs to be loaded dynamically, as with most other modules. This
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff required changes to the MPM interfaces. Removed: mpm.h, mpm_default.h
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff (as an installed header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff called until after the register-hooks phase. [Jeff Trawick]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff to enable stricter checking of remote server certificates.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Ruediger Pluem]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff returns EINPROGRESS and a subsequent poll() returns only POLLERR.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff Observed on HP-UX. [Eric Covener]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) Remove broken support for BeOS, OS/2, TPF, and even older platforms such
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff as A/UX, Next, and Tandem. [Jeff Trawick]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff globbing characters to be retrieved instead of converted into a
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff of module state across unload/load. [Jeff Trawick]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_substitute: Fix a memory leak. PR 44948
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Dan Poirier <poirier pobox.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael GraffChanges with Apache 2.3.2
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff HTML injections and HTTP response splitting. PR 46837.
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff [Geoff Keating <geoffk apple.com>]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) ab: Fix maintenance of the pollset to resolve EALREADY errors
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff pollset implementations. [Jeff Trawick]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_disk_cache: The module now turns off sendfile support if
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff 'EnableSendfile off' is defined globally. [Lars Eilebrecht]
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff *) mod_deflate: Adjust content metadata before bailing out on 304
599c6d44f4d41aab5d3da98214492eb26e674b65Michael Graff responses so that the metadata does not differ from 200 response.
a media type has not been configured via mime.types, AddType,
[Ryan Phillips <ryan-apache trolocsis.com>]
[<tlhackque yahoo.com>]
*) prefork: Fix child process hang during graceful restart/stop in
*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
times out before returning status line/headers.
PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
[Theo Schlossnagle <jesus omniti.com>, Paul Querna]
modules/proxy/balancers [Jim Jagielski]
privileges and Unix user/group IDs [Nick Kew]
logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
*) unixd: turn existing code into a module, and turn the set user/group
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
*) Export and install the mod_rewrite.h header to ensure the optional
*) New module mod_sed: filter Request/Response bodies through sed
null value. [David Shane Holden <dpejesh apache.org>]
*) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
*) configure: Don't reject libtool 2.x
overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
PR 44799 [Christian Wenz <christian wenz.org>]
both inside and outside the location/directory sections, as
form request with the type of application/x-www-form-urlencoded.
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
can be created with test/make_sni.sh [Dirk-Willem van Gulik].
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
[David Jones <oscaremma gmail.com>]
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Stijn Hoop <stijn sandcat.nl>]
[Niklas Edmundsson <nikke acc.umu.se>]
final name. [Davi Arnaut <davi haxent.com.br>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later:
Changes with Apache 1.3.x and later: