4506N/A mod_proxy_ftp: sanity check authn credentials.
4506N/A mod_proxy_ftp: NULL pointer dereference on error paths.
6033N/A *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
4506N/A and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
4506N/A *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
4506N/A try other providers in the case of an LDAP bind failure.
4506N/A PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
4506N/A *) Build: fix --with-module to work as documented
4506N/A *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
4506N/A *) mod_dav: Include uri when logging a PUT error due to connection abort.
4506N/A *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
4506N/A resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
4506N/A *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
4506N/A (a COPY request where the parent of the destination resource does not
4506N/A exist). PR 39299. [Stefan Fritsch]
4506N/A *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
4506N/A *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
4506N/A old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
6033N/A *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
4506N/A creating files. On systems with inode numbers, this is a format change of
4506N/A the DavLockDB. The old DavLockDB must be deleted on upgrade.
4506N/A *) mod_log_config: Make ${cookie}C correctly match whole cookie names
4506N/A *) vhost: A purely-numeric Host: header should not be treated as a port.
4506N/A *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
4506N/A when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
4506N/A LDAPReferralHopLimit is explicitly configured.
4506N/A *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
4506N/A *) mod_ssl: Add support for OCSP Stapling. PR 43822.
4506N/A *) mod_socache_shmcb: Allow parens in file name if cache size is given.
4506N/A Fixes SSLSessionCache directive mis-parsing parens in pathname.
4506N/A *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
4506N/A *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
4506N/A *) mod_sed: Reduce memory consumption when processing very long lines.
4506N/A *) ab: Fix segfault in case the argument for -n is a very large number.
4506N/A *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
4506N/A *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
4506N/A for worker MPM. [Takashi Sato]
4506N/A *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
6033N/A *) Build: Use install instead of cp if available on installing
4506N/A *) mod_cache: correctly consider s-maxage in cacheability
4506N/A mod_logio is loaded. PR 25656. [Stefan Fritsch]
4506N/A *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
4506N/A some cache entries and log a warning. Also increase the default
4506N/A LDAPSharedCacheSize to 500000. This is a more realistic size suitable
4506N/A *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
4506N/A *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
4506N/A Location section, in line with how ProxyPass works. [Graham Leggett]
4506N/A *) mod_reqtimeout: New module to set timeouts and minimum data rates for
4506N/A receiving requests from the client. [Stefan Fritsch]
4506N/A *) core: Fix potential memory leaks by making sure to not destroy
4506N/A bucket brigades that have been created by earlier filters.
4506N/A *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
4506N/A brigades in several places. [Stefan Fritsch]
4506N/A *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
4506N/A match by scheme, or by a wildcarded hostname. PR 40169
4506N/A *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
4506N/A on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
4506N/A *) mod_mime: Make RemoveType override the info from TypesConfig.
4506N/A *) mod_cache: Introduce the option to run the cache from within the
4506N/A normal request handler, and to allow fine grained control over
4506N/A where in the filter chain content is cached. [Graham Leggett]
4506N/A *) core: Treat timeout reading request as 408 error, not 400.
4506N/A Log 408 errors in access log as was done in Apache
1.3.x. 4506N/A *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
4506N/A SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
4506N/A *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
4506N/A *) ab: ab segfaults in verbose mode on https sites
4506N/A *) mod_dav: Allow other modules to become providers and add resource types
4506N/A *) mod_dav: Allow other modules to add things to the DAV or Allow headers
6033N/A *) core: Lower memory usage of core output filter.
4506N/A *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
4506N/A LocationMatch sections. PR47754. [Dan Poirier]
4506N/A *) mod_request: Make sure the KeptBodySize directive rejects values
4506N/A that aren't valid numbers. [Graham Leggett]
4506N/A *) mod_session_crypto: Sanity check should the potentially encrypted
4506N/A session cookie be too short. [Graham Leggett]
4506N/A configured. [Graham Leggett]
4506N/A *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
4506N/A *) mod_auth_digest: Fail server start when nonce count checking
4506N/A is configured without shared memory, or md5-sess algorithm is
4506N/A *) mod_proxy_connect: The connect method doesn't work if the client is
4506N/A connecting to the apache proxy through an ssl socket. Fixed.
4506N/A PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
4506N/A David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
4506N/A Kevin Croft, Rudolf Cardinal]
4506N/A *) mod_ssl: The error message when SSLCertificateFile is missing should
4506N/A at least give the name or position of the problematic virtual host
4506N/A *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
4506N/A *) mod_headers: generalise the envclause to support expression
4506N/A evaluation with ap_expr parser [Nick Kew]
4506N/A *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
4506N/A the flood of requests at bay that strike a backend webserver as
4506N/A a cached entity goes stale. [Graham Leggett]
4506N/A *) mod_auth_digest: Fix usage of shared memory and re-enable it.
4506N/A *) Preserve Port information over internal redirects
4506N/A *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
4506N/A rather than BAD_GATEWAY or (especially) NOT_FOUND.
4506N/A *) Various modules: Do better checking of pollset operations in order to
4506N/A avoid segmentation faults if they fail. PR 46467
4506N/A *) mod_autoindex: Correctly create an empty cell if the description
4506N/A *) ab: Fix broken error messages after resolver or connect() failures.
4506N/A Fix a potential Denial-of-Service attack against mod_proxy in a
4506N/A reverse proxy configuration, where a remote attacker can force a
4506N/A proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
4506N/A mod_proxy_ajp: Avoid delivering content from a previous request which
4506N/A failed to send a request body. PR 46949 [Ruediger Pluem]
4506N/A *) htdbm: Fix possible buffer overflow if dbm database has very
4506N/A long values. PR 30586 [Dan Poirier]
4506N/A *) core: Return APR_EOF if request body is shorter than the length announced
4506N/A *) mod_suexec: correctly set suexec_enabled when httpd is run by a
4506N/A non-root user and may have insufficient permissions.
4506N/A *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
4506N/A *) mod_proxy_http: fix case sensitivity checking transfer encoding
4506N/A *) mod_alias: ensure Redirect issues a valid URL.
4506N/A *) mod_dir: add FallbackResource directive, to enable admin to specify
4506N/A an action to happen when a URL maps to no file, without resorting
4506N/A to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
4506N/A *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
4506N/A *) mod_rewrite: Remove locking for writing to the rewritelog.
4506N/A *) mod_alias: check sanity in Redirect arguments.
4506N/A *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
4506N/A *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
4506N/A defined session identifiers encoded in the URL when caching.
4506N/A *) mod_rewrite: Fix the error string returned by RewriteRule.
6033N/A RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
4506N/A argument of RewriteRule was not started with "[" or not ended with "]".
4506N/A *) Windows: Fix usage message.
4506N/A *) apachectl: When passing through arguments to httpd in
4506N/A non-SysV mode, use the "$@" syntax to preserve arguments.
4506N/A *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
4506N/A be run when a connection is opened. PR 46827
4506N/A *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
4506N/A *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
4506N/A *) mod_proxy_ajp: Forward remote port information by default.
4506N/A *) Allow MPMs to be loaded dynamically, as with most other modules. Use
4506N/A --enable-mpms-shared={list|"all"} to enable. This required changes to
4506N/A header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
4506N/A ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
4506N/A called until after the register-hooks phase. [Jeff Trawick]
4506N/A *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
4506N/A to enable stricter checking of remote server certificates.
4506N/A *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
4506N/A returns EINPROGRESS and a subsequent poll() returns only POLLERR.
4506N/A Observed on HP-UX. [Eric Covener]
4506N/A *) Remove broken support for BeOS, OS/2, TPF, and even older platforms such
4506N/A *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
4506N/A globbing characters to be retrieved instead of converted into a
4506N/A *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
4506N/A *) mod_substitute: Fix a memory leak. PR 44948
4506N/A *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
4506N/A *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
4506N/A HTML injections and HTTP response splitting. PR 46837.
4506N/A *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
4506N/A development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
4506N/A *) ab: Fix maintenance of the pollset to resolve EALREADY errors
4506N/A with kqueue (
BSD/OS X) and excessive CPU with event ports (Solaris).
4506N/A PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
4506N/A pollset implementations. [Jeff Trawick]
4506N/A *) mod_disk_cache: The module now turns off sendfile support if
4506N/A 'EnableSendfile off' is defined globally. [Lars Eilebrecht]
6033N/A *) mod_deflate: Adjust content metadata before bailing out on 304
6033N/A responses so that the metadata does not differ from 200 response.
6033N/A *) mod_deflate: Fix creation of invalid Etag headers. We now make sure
6033N/A that the Etag value is properly quoted when adding the gzip marker.
6033N/A PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding]
6033N/A *) Added 20x22 icons for ODF, SVG, and XML documents. PR 37185.
4506N/A *) Disabled DefaultType directive and removed ap_default_type()
4506N/A from core. We now exclude Content-Type from responses for which
4506N/A ForceType, or some other mechanism. PR 13986. [Roy T. Fielding]
4506N/A *) mod_rewrite: Add IPV6 variable to RewriteCond
4506N/A *) core: Enhance KeepAliveTimeout to support a value in milliseconds.
4506N/A *) rotatelogs: Allow size units B, K, M, G and combination of
4506N/A time and size based rotation. [Rainer Jung]
6033N/A *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung]
6033N/A *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508
6033N/A *) core: Translate the the status line to ASCII on EBCDIC platforms in
6033N/A ap_send_interim_response() and for locally generated "100 Continue"
6033N/A configurations with multiple listening sockets. PR 42829. [Joe Orton,
6033N/A *) mod_session_crypto: Ensure that SessionCryptoDriver can only be
6033N/A set in the global scope. [Graham Leggett]
6033N/A *) mod_ext_filter: We need to detect failure to startup the filter
4506N/A program (a mangled response is not acceptable). Fix to detect
4506N/A failure, and offer configuration option either to abort or
4506N/A to remove the filter and continue.
4506N/A *) mod_session_crypto: Rewrite the session_crypto module against the
4506N/A apr_crypto API. [Graham Leggett]
4506N/A *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest
4506N/A until the main request is cleaned up. [Graham Leggett]
4506N/A *) ap_slotmem: Add in new slot-based memory access API impl., including
4506N/A 2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski,
4506N/A *) mod_include: support generating non-ASCII characters as entities in SSI
4506N/A *)
core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
4506N/A *) mod_rewrite: fix "B" flag breakage by reverting r5589343
6033N/A *) CGI: return 504 (Gateway timeout) rather than 500 when a script
4506N/A *) mod_cgid: fix segfault problem on solaris.
4506N/A *) mod_proxy_scgi: Added. [André Malo]
4506N/A *) mod_cache: Introduce 'no-cache' per-request environment variable
4506N/A to prevent the saving of an otherwise cacheable response.
4506N/A *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
4506N/A way that per-directory rewrites append the previous notion of PATH_INFO
4506N/A to each substitution before evaluating subsequent rules.
4506N/A *) mod_cgid: Do not add an empty argument when calling the CGI script.
4506N/A *) scoreboard: Remove unused sb_type from process_score.
4506N/A *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
4506N/A size of the buffer used for the request-body where necessary
6033N/A during a per-dir renegotiation. PR 39243. [Joe Orton]
6033N/A *) mod_proxy_fdpass: New module to pass a client connection over to a separate
6033N/A process that is reading from a unix daemon socket.
6033N/A *) mod_ssl: Improve environment variable extraction to be more
6033N/A efficient and to correctly handle DNs with duplicate tags.
6033N/A *) Remove the obsolete serial attribute from the RPM spec file. Compile
6033N/A against the external pcre. Add missing binaries fcgistarter, and
6033N/A mod_socache* and mod_session*. [Graham Leggett]
6033N/A *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
6033N/A *) Remove X-Pad header which was added as a work around to a bug in
6033N/A *) Add DTrace Statically Defined Tracing (SDT) probes.
6033N/A *) mod_proxy_balancer: Move all load balancing implementations
4506N/A as individual, self-contained mod_proxy submodules under
4506N/A *) Rename APIs to include ap_ prefix:
4506N/A find_child_by_pid -> ap_find_child_by_pid
4506N/A suck_in_APR -> ap_suck_in_APR
4506N/A sys_privileges_handlers -> ap_sys_privileges_handlers
4506N/A unixd_accept -> ap_unixd_accept
4506N/A unixd_config -> ap_unixd_config
4506N/A unixd_killpg -> ap_unixd_killpg
4506N/A unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
4506N/A unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
4506N/A unixd_set_rlimit -> ap_unixd_set_rlimit
4506N/A *) core: When the ap_http_header_filter processes an error bucket, cleanup
4506N/A the passed brigade before returning AP_FILTER_ERROR down the filter
4506N/A chain. This unambiguously ensures the same error bucket isn't revisited
4506N/A *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
4506N/A based on heartbeats. [Paul Querna]
4506N/A *) mod_heartmonitor: New module to collect heartbeats, and write out a file
4506N/A so that other modules can load balance traffic as needed. [Paul Querna]
4506N/A *) mod_heartbeat: New module to generate multicast heartbeats to know if a
4506N/A server is online. [Paul Querna]
4506N/A *) core: Error responses set by filters were being coerced into 500 errors,
4506N/A sometimes appended to the original error response. Log entry of:
4506N/A 'Handler for (null) returned invalid result code -3'
4506N/A *) mod_buffer: Honour the flush bucket and flush the buffer in the
4506N/A input filter. Make sure that metadata buckets are written to
4506N/A the buffer, not to the final brigade. [Graham Leggett]
4506N/A *) mod_buffer: Optimise the buffering of heap buckets when the heap
4506N/A buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
4506N/A *) mod_buffer: Optional support for buffering of the input and output
4506N/A filter stacks. Can collapse many small buckets into fewer larger
4506N/A buckets, and prevents excessively small chunks being sent over
4506N/A *) mod_privileges: new module to make httpd on Solaris privileges-aware
4506N/A and to enable different virtualhosts to run with different
4506N/A *) mod_mem_cache: this module has been removed. [William Rowe]
4506N/A *) authn/z: Remove mod_authn_default and mod_authz_default.
4506N/A *) authz: Fix handling of authz configurations, make default authz
4506N/A logic replicate
2.2.x authz logic, and replace <Satisfy*>, Reject,
4506N/A and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
4506N/A directives. [Chris Darroch]
4506N/A *) mod_authn_core: Prevent crash when provider alias created to
4506N/A provider which is not yet registered. [Chris Darroch]
4506N/A *) mod_authn_core: Add AuthType of None to support disabling
4506N/A authentication. [Chris Darroch]
4506N/A *) core: Allow <Limit> and <LimitExcept> directives to nest, and
4506N/A constrain their use to conform with that of other access control
4506N/A and authorization directives. [Chris Darroch]
4506N/A and chroot into a child_init function. [Nick Kew]
4506N/A *) core: Add ap_timeout_parameter_parse to public API. [Ruediger Pluem]
4506N/A *) mod_dir: Support "DirectoryIndex disabled"
4506N/A rewrite_mapfunc_t and ap_register_rewrite_mapfunc functions are
4506N/A available to third party modules. [Graham Leggett]
4506N/A *) mod_authnz_ldap: don't return NULL-valued environment variables to
4506N/A *) Don't adjust case in pathname components that are not of interest
4506N/A to mod_mime. Fixes mod_negotiation's use of such components.
6033N/A *) Be tolerant in what you accept - accept slightly broken
6033N/A status lines from a backend provide they include a valid status code.
6033N/A *) mod_auth_form: Make sure that basic authentication is correctly
6033N/A faked directly after login. [Graham Leggett]
6033N/A *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
6033N/A within the output headers and error output headers, so that the
6033N/A session is maintained across redirects. [Graham Leggett]
6033N/A *) mod_auth_form: Make sure the logged in user is populated correctly
6033N/A after a form login. Fixes a missing REMOTE_USER variable directly
6033N/A following a login. [Graham Leggett]
6033N/A *) mod_session_cookie: Make sure that cookie attributes are correctly
6033N/A included in the blank cookie when cookies are removed. This fixes an
6033N/A inability to log out when using mod_auth_form. [Graham Leggett]
6033N/A *) mod_autoindex: add configuration option to insert string
4506N/A *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
4506N/A *) mod_headers: Prevent Header edit from processing only the first header
4506N/A of possibly multiple headers with the same name and deleting the
4506N/A remaining ones. PR 45333. [Ruediger Pluem]
4506N/A *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
4506N/A *) core, authn/z: Determine registered authn/z providers directly in
4506N/A ap_setup_auth_internal(), which allows optional functions that just
4506N/A wrapped ap_list_provider_names() to be removed from authn/z modules.
4506N/A *) authn/z: Convert common provider version strings to macros.
4506N/A *) ab: Make
ab.c compile on VC6. PR 45024 [Ruediger Pluem]
4506N/A *) core: When testing for slash-terminated configuration paths in
4506N/A ap_location_walk(), don't look past the start of an empty string
4506N/A such as that created by a <Location ""> directive.
4506N/A *) core, mod_proxy: If a kept_body is present, it becomes safe for
4506N/A subrequests to support message bodies. Make sure that safety
4506N/A checks within the core and within the proxy are not triggered
4506N/A when kept_body is present. This makes it possible to embed
4506N/A proxied POST requests within mod_include. [Graham Leggett]
4506N/A *) mod_auth_form: Make sure the input filter stack is properly set
4506N/A up before reading the login form. Make sure the kept body filter
4506N/A is correctly inserted to ensure the body can be read a second
4506N/A time safely should the authn be successful. [Graham Leggett,
4506N/A *) mod_request: Insert the KEPT_BODY filter via the insert_filter
4506N/A hook instead of during fixups. Add a safety check to ensure the
4506N/A filters cannot be inserted more than once. [Graham Leggett,
4506N/A *) core: Do not allow Options ALL if not all options are allowed to be
4506N/A overwritten. PR 44262 [Michał Grzędzicki <lazy
iq.pl>]
4506N/A *) ap_cache_cacheable_headers_out() will (now) always
4506N/A merge an error headers _before_ clearing them and _before_
4506N/A merging in the actual entity headers and doing normal
4506N/A hop-by-hop cleansing. [Dirk-Willem van Gulik].
4506N/A *) cache: retire ap_cache_cacheable_hdrs_out() which was used
4506N/A for both in- and out-put headers; and replace it by a single
4506N/A ap_cache_cacheable_headers() wrapped in a in- and out-put
4506N/A specific ap_cache_cacheable_headers_in()/out(). The latter
4506N/A which will also merge error and ensure content-type. To keep
4506N/A cache modules consistent with ease. This API change bumps
4506N/A up the minor MM by one [Dirk-Willem van Gulik].
4506N/A *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
4506N/A *) Move the KeptBodySize directive, kept_body filters and the
4506N/A ap_parse_request_body function out of the http module and into a
4506N/A new module called mod_request, reducing the size of the core.
4506N/A *) mod_dbd: Handle integer configuration directive parameters with a
4506N/A *) Change the directives within the mod_session* modules to be valid
4506N/A suggested by wrowe. [Graham Leggett]
4506N/A *) mod_auth_form: Add a module capable of allowing end users to log
4506N/A in using an HTML form, storing the credentials within mod_session.
6033N/A *) Add a function to the http filters that is able to parse an HTML
4506N/A *) mod_session_crypto: Initialise SSL in the post config hook.
4506N/A [Ruediger Pluem, Graham Leggett]
4506N/A *) mod_session_dbd: Add a session implementation capable of storing
4506N/A session information in a SQL database via the dbd interface. Useful
4506N/A for sites where session privacy is important. [Graham Leggett]
4506N/A *) mod_session_crypto: Add a session encoding implementation capable
4506N/A of encrypting and decrypting sessions wherever they may be stored.
4506N/A Introduces a level of privacy when sessions are stored on the
4506N/A *) mod_session_cookie: Add a session implementation capable of storing
4506N/A session information within cookies on the browser. Useful for high
4506N/A volume sites where server bound sessions are too resource intensive.
4506N/A *) mod_session: Add a generic session interface to unify the different
4506N/A attempts at saving persistent sessions across requests.
4506N/A *) core, authn/z: Avoid calling access control hooks for internal requests
4506N/A with configurations which match those of initial request. Revert to
4506N/A original behaviour (call access control hooks for internal requests
4506N/A with URIs different from initial request) if any access control hooks or
4506N/A providers are not registered as permitting this optimization.
4506N/A Introduce wrappers for access control hook and provider registration
4506N/A which can accept additional mode and flag data. [Chris Darroch]
4506N/A *) Introduced ap_expr API for expression evaluation.
4506N/A This is adapted from mod_include, which is the first module
6033N/A AuthzDBDRedirectQuery, do not report authorization failure, and use
4506N/A first row returned by database query instead of last row.
6033N/A *) mod_ldap: Correctly return all requested attribute values
6033N/A when some attributes have a null value.
4506N/A *) core: check symlink ownership if both FollowSymlinks and
6033N/A SymlinksIfOwnerMatch are set [Nick Kew]
4506N/A *) core: fix origin checking in SymlinksIfOwnerMatch
6033N/A *) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the
4506N/A 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
4506N/A mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
4506N/A contain public function declarations which are useful for
4506N/A third party module authors. PR 42431 [Dirk-Willem van Gulik].
4506N/A *) mod_dir, mod_negotiation: pass the output filter information
4506N/A to newly created sub requests; as these are later on used
4506N/A as true requests with an internal redirect. This allows for
6033N/A [Dirk-Willem van Gulik, Ruediger Pluem]
6033N/A *) mod_ldap: Add support (taking advantage of the new APR capability)
6033N/A for ldap rebind callback while chasing referrals. This allows direct
6033N/A searches on LDAP servers (in particular MS Active Directory 2003+)
6033N/A using referrals without the use of the global catalog.
6033N/A PRs 26538, 40268, and 42557 [Paul J. Reder]
6033N/A *) mod_ssl: Added server name indication support (SNI, RFC 4366).
6033N/A installer. This will permit the installation tool to remove
6033N/A all running instances before attempting to remove the .exe.
6033N/A *) mod_ssl: Add support for OCSP validation of client certificates.
4506N/A *) mod_serf: New module for Reverse Proxying. [Paul Querna]
4506N/A *) core: Add the option to keep aside a request body up to a certain
4506N/A size that would otherwise be discarded, to be consumed by filters
4506N/A such as mod_include. When enabled for a directory, POST requests
4506N/A to shtml files can be passed through to embedded scripts as POST
4506N/A requests, rather being downgraded to GET requests. [Graham Leggett]
4506N/A *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
6033N/A *) scoreboard: Correctly declare ap_time_process_request.
6033N/A *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
6033N/A from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
6033N/A provide the unusual legacy lookup. [William Rowe]
6033N/A *) mpm winnt: fix null pointer dereference
6033N/A *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
6033N/A parameters to the environment. Improve portability to
6033N/A EBCDIC machines by using apr_toupper(). [Martin Kraemer]
6033N/A *) mod_ldap, mod_authnzldap: Add support for nested groups (
i.e. the ability
6033N/A to authorize an authenticated user via a "require ldap-group X" directive
6033N/A where the user is not in group X, but is in a subgroup contained in X.
6033N/A *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
4506N/A *) mod_ldap: Fix the search limit parameter to ldap_search_ext_s()
4506N/A for SDKs that define LDAP_NO_LIMIT to something other than -1.
4506N/A *) apxs: Enhance -q flag to print all known variables and their values
4506N/A when invoked without variable name(s).
4506N/A [William Rowe, Sander Temme]
4506N/A *) apxs: Eliminate run-time check for mod_so. PR 40653.
4506N/A *) beos MPM: Create pmain pool and run modules' child_init hooks when
4506N/A entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
4506N/A *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
4506N/A cleanups registered in modules' child_init hooks are performed.
4506N/A *) mod_dbd: Stash DBD connections in request_config of initial request
4506N/A only, or else sub-requests and internal redirections may cause
4506N/A entire DBD pool to be stashed in a single HTTP request. [Chris Darroch]
4506N/A *) Fix issue which could cause error messages to be written to access logs
4506N/A *) The LockFile directive, which specifies the location of
4506N/A the accept() mutex lockfile, is deprecated. Instead, the
4506N/A AcceptMutex directive now takes an optional lockfile
4506N/A location parameter, ala SSLMutex. [Jim Jagielski]
4506N/A *) mod_authn_dbd: Export any additional columns queried in the SQL select
4506N/A into the environment with the name AUTHENTICATE_<COLUMN>. This brings
4506N/A mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
4506N/A *) mod_dbd: Key the storage of prepared statements on the hex string
4506N/A value of server_rec, rather than the server name, as the server name
4506N/A may change (eg when the server name is set) at any time, causing
4506N/A weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
4506N/A *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
4506N/A *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
4506N/A the first bucket from the brigade, finds it not to be a FILE
4506N/A bucket and barfs. The fix is to pass a bucket rather than a brigade.
4506N/A *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
4506N/A *) ap_get_server_version() has been removed. Third-party modules must
4506N/A now use ap_get_server_banner() or ap_get_server_description().
4506N/A *) All MPMs: Introduce a check_config phase between pre_config and
4506N/A open_logs, to allow modules to review interdependent configuration
4506N/A directive values and adjust them while messages can still be logged
4506N/A to the console. Handle relevant MPM directives during this phase
4506N/A and format messages for both the console and the error log, as
4506N/A appropriate. [Chris Darroch]
4506N/A *) mod_proxy: don't URLencode tilde in path component
4506N/A *) mpm_winnt: Fix return values from wait_for_many_objects.
4506N/A The return value is index to the signaled thread in the
4506N/A creted_threads array. We can not use WAIT_TIMEOUT because
4506N/A his value is defined as 258, thus limiting the MaxThreads
4506N/A to that value. [Mladen Turk]
4506N/A *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
6033N/A to circumvent the symbolic link checks imposed by FollowSymLinks and
6033N/A SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
6033N/A *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
6033N/A configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
6033N/A The default is none as this is far greater debugging resolution than
6033N/A the typical administrator is prepared to untangle. [William Rowe]
6033N/A *) mod_disk_cache: If possible, check if the size of an object to cache is
4506N/A within the configured boundaries before actually saving data.
4506N/A *) mod_disk_cache: Delete temporary files if they cannot be renamed to their
4506N/A *) Worker and event MPMs: Remove improper scoreboard updates which were
4506N/A performed in the event of a fork() failure. [Chris Darroch]
4506N/A *) Add support for fcgi:// proxies to mod_rewrite.
4506N/A loading of worker_score structure with mod_status, and remove unused
4506N/A definitions relating to old life_status field.
6033N/A *) Remove allocation of memory for unused array of lb_score pointers
4506N/A *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
4506N/A [Garrett Rooney, Jim Jagielski, Paul Querna]
4506N/A *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
4506N/A *) mod_charset_lite: Remove Content-Length when output filter can
4506N/A invalidate it. Warn when input filter can invalidate it.
6033N/A *) Authz: Add the new module mod_authn_core that will provide common
4506N/A authn directives such as 'AuthType', 'AuthName'. Move the directives
4506N/A 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
4506N/A into mod_authn_core. [Brad Nicholes]
4506N/A *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
4506N/A into the new module mod_access_compat which can be loaded to provide
4506N/A support for these directives.
4506N/A *) Authz: Move the 'Require' directive from the core module as well as
4506N/A add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
4506N/A and 'Reject' to mod_authz_core. The new directives introduce '
AND/OR'
4506N/A logic into the authorization processing. [Brad Nicholes]
4506N/A *) Authz: Add the new module mod_authz_core which acts as the
4506N/A authorization provider vector and contains common authz
4506N/A directives. [Brad Nicholes]
4506N/A *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
4506N/A 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
4506N/A *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
4506N/A host-based access control provided by mod_authz_host and invoked
4506N/A through the 'Require' directive. [Brad Nicholes]
6033N/A *) Authz: Convert all of the authz modules from hook based to
6033N/A provider based. [Brad Nicholes]
6033N/A *) mod_cache: Add CacheMinExpire directive to set the minimum time in
6033N/A seconds to cache a document.
6033N/A *) Fix typo in ProxyStatus syntax error message.
6033N/A *) Asynchronous write completion for the Event MPM. [Brian Pane]
6033N/A *) Added an End-Of-Request bucket type. The logging of a request and
6033N/A the freeing of its pool are now done when the EOR bucket is destroyed.
6033N/A This has the effect of delaying the logging until right after the last
6033N/A of the response is sent; ap_core_output_filter() calls the access logger
6033N/A indirectly when it destroys the EOR bucket. [Brian Pane]
6033N/A *) Rewrite of logresolve support utility: IPv6 addresses are now supported
6033N/A and the format of statistical output has changed. [Colm MacCarthaigh]
6033N/A *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
6033N/A *) Added new connection states for handler and write completion
6033N/A *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
6033N/A *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
6033N/A allowing string-valued client certificate attributes to be used for
6033N/A access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
6033N/A [Martin Kraemer, David Reid]
4506N/A [Apache 2.1.0-dev includes those bug fixes and changes with the
4506N/A Apache
2.2.xx tree as documented, and except as noted, below.]