CHANGES revision a44d29a3794110c558c940bd903a1930d717a7d7
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington -*- coding: utf-8 -*-
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark AndrewsChanges with Apache 2.3.7
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater *) core: Introduce note_auth_failure hook to allow modules to add support
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington for additional auth types. This makes ap_note_auth_failure() work with
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington mod_auth_digest again. PR 48807. [Stefan Fritsch]
9016767f4e15191b7c763b8a4ad36a57dc2705a2Mark Andrews *) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_authn_cache: new module [Nick Kew]
9016767f4e15191b7c763b8a4ad36a57dc2705a2Mark Andrews *) core: Try to proceed with authorization even if authentication failed.
9016767f4e15191b7c763b8a4ad36a57dc2705a2Mark Andrews This allows e.g. to authorize by user _or_ ip address. [Stefan Fritsch]
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington *) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_rewrite: Allow to set environment variables without explicitely
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein giving a value. [Rainer Jung]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsChanges with Apache 2.3.6
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) SECURITY: CVE-2009-3555 (cve.mitre.org)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein attack when compiled against OpenSSL version 0.9.8m or later. Introduces
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and offer unsafe legacy renegotiation with clients which do not yet
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater support the new secure renegotiation protocol, RFC 5746.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Joe Orton, and with thanks to the OpenSSL Team]
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater *) SECURITY: CVE-2009-3555 (cve.mitre.org)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by rejecting any client-initiated renegotiations. Forcibly disable
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews keepalive for the connection if there is any buffered data readable. Any
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater configuration which requires renegotiation for per-directory/location
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
ad671240d635376dd8681550eebee799d2e3d1fdAutomatic Updater *) SECURITY: CVE-2010-0408 (cve.mitre.org)
ad671240d635376dd8681550eebee799d2e3d1fdAutomatic Updater mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
ad671240d635376dd8681550eebee799d2e3d1fdAutomatic Updater when request headers indicate a request body is incoming; not a case of
ad671240d635376dd8681550eebee799d2e3d1fdAutomatic Updater HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) SECURITY: CVE-2010-0425 (cve.mitre.org)
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater mod_isapi: Do not unload an isapi .dll module until the request
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein processing is completed, avoiding orphaned callback pointers.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) core: Filter init functions are now run strictly once per request
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater before handler invocation. The init functions are no longer run
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater for connection filters. PR 49328. [Joe Orton]
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater *) core: Adjust the output filter chain correctly in an internal
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater redirect from a subrequest, preserving filters from the main
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater request as necessary. PR 17629. [Joe Orton]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Response if they so choose to do so. Previously an attempt to cache a 206
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater was arbitrarily allowed if the response contained an Expires or
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Cache-Control header, and arbitrarily denied if both headers were missing.
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater [Graham Leggett]
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater *) core: Add microsecond timestamp fractions, process id and thread id
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to the error log. [Rainer Jung]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) configure: The "most" module set gets build by default. [Rainer Jung]
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) configure: Fix broken VPATH build when using included APR.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_session_crypto: Fix configure problem when building
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein with APR 2 and for VPATH builds with included APR.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Rainer Jung]
b272d38cc5d24f64c0647a9afb340c21c4b9aaf7Evan Hunt *) mod_session_crypto: API compatibility with APR 2 crypto and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein APR Util 1.x crypto. [Rainer Jung]
b272d38cc5d24f64c0647a9afb340c21c4b9aaf7Evan Hunt *) ab: Fix memory leak with -v2 and SSL. PR 49383.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Pavel Kankovsky <peak argo troja mff cuni cz>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) core: Add per-module and per-directory loglevel configuration.
b272d38cc5d24f64c0647a9afb340c21c4b9aaf7Evan Hunt Add some more trace logging.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater mod_ssl: Replace LogLevelDebugDump with trace log levels.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater mod_dumpio: Replace DumpIOLogLevel with trace log levels.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater [Stefan Fritsch]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
b272d38cc5d24f64c0647a9afb340c21c4b9aaf7Evan Hunt title page only) when any mod_ldap directives were used in VirtualHost
b272d38cc5d24f64c0647a9afb340c21c4b9aaf7Evan Hunt context. [Eric Covener]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_disk_cache: Decline the opportunity to cache if the response is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a 206 Partial Content. This stops a reverse proxied partial response
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein from becoming cached, and then being served in subsequent responses.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Graham Leggett]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_deflate: avoid the risk of forwarding data before headers are set.
2f8d63983c297c62630044d28a6f66676b4d339dMark Andrews PR 49369 [Matthew Steele <mdsteele google.com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_authnz_ldap: Ensure nested groups are checked when the
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater top-level group doesn't have any direct non-group members
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater of attributes in AuthLDAPGroupAttribute. [Eric Covener]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) mod_authnz_ldap: Search or Comparison during authorization phase
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater can use the credentials from the authentication phase
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater PR 48340 [Domenico Rotiroti, Eric Covener]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) mod_authnz_ldap: Allow the initial DN search during authentication
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater to use the HTTP username/pass instead of an anonymous or hard-coded
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater [Eric Covener]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater when this module is used for authorization. See AuthLDAPAuthorizePrefix.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater PR 45584 [Eric Covener]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) apxs -q: Stop filtering out ':' characters from the reported values.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 45343. [Bill Cole]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) prefork MPM: Run cleanups for final request when process exits gracefully.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 43857. [Tom Donovan]
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater [Bryn Dole <dole blekko.com>]
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater *) Log an error for failures to read a chunk-size, and return 408 instead of
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater 413 when this is due to a read timeout. This change also fixes some cases
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater of two error documents being sent in the response for the same scenario.
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater [Eric Covener] PR49167
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to control/set the nonce used in the balancer-manager application.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Jim Jagielski]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Proxy balancer: support setting error status according to HTTP response
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater *) htcacheclean: Introduce the ability to clean specific URLs from the
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater cache, if provided as an optional parameter on the command line.
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater [Graham Leggett]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) core: Introduce the IncludeStrict directive, which explicitly fails
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein server startup if no files or directories match a wildcard path.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Graham Leggett]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) htcacheclean: Report additional statistics about entries deleted.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 48944. [Mark Drayton mark markdrayton.info]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein build of openssl is required for 'SSLFIPS on'. PR 46270.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Dr Stephen Henson <steve openssl.org>, William Rowe]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) mod_proxy_http: Log the port of the remote server in various messages.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater PR 48812. [Igor Galić <i galic brainsware org>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy_ajp: Really regard the operation a success, when the client
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein aborted the connection. In addition adjust the log message if the client
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein aborted the connection. [Ruediger Pluem]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allows insecure renegotiation with clients which do not yet
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein support the secure renegotiation protocol. [Joe Orton]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is configured for client cert auth. PR 46952. [Joe Orton]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) core: Only log a 408 if it is no keepalive timeout. PR 39785
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Ruediger Pluem, Mark Montague <markmont umich.edu>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) support/rotatelogs: Add -L option to create a link to the current
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein setting only, matching most of the documentation and examples.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 46541 [Paul Reder, Eric Covener]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_negotiation: Preserve query string over multiviews negotiation.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This buglet was fixed for type maps in 2.2.6, but the same issue
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater affected multiviews and was overlooked.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater PR 33112 [Joergen Thomsen <apache jth.net>]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater when some are not password-protected. [Eric Covener]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) Fix startup segfault when the Mutex directive is used but no loaded
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater modules use httpd mutexes. PR 48787. [Jeff Trawick]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) Proxy: get the headers right in a HEAD request with
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater ProxyErrorOverride, by checking for an overridden error
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater before not after going into a catch-all code path.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater PR 41646. [Nick Kew, Stuart Children]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) support/rotatelogs: Support the simplest log rotation case, log
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein truncation. Useful when the log is being processed in real time
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein using a command like tail. [Graham Leggett]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) support/htcacheclean: Teach it how to write a pid file (modelled on
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein httpd's writing of a pid file) so that it becomes possible to run
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein more than one instance of htcacheclean on the same machine.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Graham Leggett]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Log command line on startup, so there's a record of command line
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein arguments like -f. PR 48752. [Dan Poirier]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Introduce mod_reflector, a handler capable of reflecting POSTed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein request bodies back within the response through the output filter
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein stack. Can be used to turn an output filter into a web service.
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater [Graham Leggett]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) mod_proxy_http: Make sure that when an ErrorDocument is served
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater from a reverse proxied URL, that the subrequest respects the status
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater of the original request. This brings the behaviour of proxy_handler
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater in line with default_handler. PR 47106. [Graham Leggett]
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater *) Support wildcards in both the directory and file components of
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater the path specified by the Include directive. [Graham Leggett]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) mod_proxy, mod_proxy_http: Support remote https proxies
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater by using HTTP CONNECT. PR 19188.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater [Philip M. Gollucci]
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater *) worker: Don't report server has reached MaxClients until it has.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater Add message when server gets within MinSpareThreads of MaxClients.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater PR 46996. [Dan Poirier]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) mod_session: Session expiry was being initialised, but not updated
5a24d24c8fba3480d707c0c902379ddb36501e12Automatic Updater on each session save, resulting in timed out sessions when there
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater should not have been. Fixed. [Graham Leggett]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) mod_log_config: Add the R option to log the handler used within the
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater request. [Christian Folini <christian.folini netnea com>]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) mod_include: Allow fine control over the removal of Last-Modified and
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater ETag headers within the INCLUDES filter, making it possible to cache
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater responses if desired. Fix the default value of the SSIAccessEnable
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater directive. [Graham Leggett]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) Add new UnDefine directive to undefine a variable. PR 35350.
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater [Stefan Fritsch]
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater for regex backreferences as mod_rewrite and mod_include: Remove the use
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater of '&' as an alias for '$0' and allow to escape any character with a
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater backslash. PR 48351. [Stefan Fritsch]
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater password to UTF-8. PR 45318.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater *) ab: Fix calculation of requests per second in HTML output. PR 48594.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein password now result in an informational level log entry instead of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein warning level. [Eric Covener]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinChanges with Apache 2.3.5
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) SECURITY: CVE-2010-0434 (cve.mitre.org)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Ensure each subrequest has a shallow copy of headers_in so that the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein parent request headers are not corrupted. Eliminates a problematic
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein optimization in the case of no request body. PR 48359
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Jake Scott, William Rowe, Ruediger Pluem]
8ffa8320abcc17ae593af566cb946a58fe293860Brian Wellington *) Turn static function get_server_name_for_url() into public
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ap_get_server_name_for_url() and use it where appropriate. This
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein fixes mod_rewrite generating invalid URLs for redirects to IPv6
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein literal addresses. [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for LDAP operations like bind and search. [Stefan Fritsch]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mod_proxy_ftp. [Takashi Sato]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein mod_proxy_connect. [Takashi Sato]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_cache: Do an exact match of the keys defined by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein CacheIgnoreURLSessionIdentifiers against the querystring instead of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a partial match. PR 48401.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews *) Core HTTP: disable keepalive when the Client has sent
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews Expect: 100-continue
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein but we respond directly with a non-100 response.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Keepalive here led to data from clients continuing being treated as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a new request.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 47087 [Nick Kew]
d71e2e0c61df16ff37c9934c371a4a60c08974f7Mark Andrews *) Core: reject NULLs in request line or request headers.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 43039 [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Core: (re)-introduce -T commandline option to suppress documentroot
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein check at startup.
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater PR 41887 [Jan van den Berg <janvdberg gmail.com>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ScanHTMLTitles, ReadmeName, HeaderName
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Proxy: Fix ProxyPassReverse with relative URL
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Derived (slightly erroneously) from PR 38864 [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_headers: align Header Edit with Header Set when used on Content-Type
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_headers: Enable multi-match-and-replace edit option
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 47066 [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_filter: enable it to act on non-200 responses.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 48377 [Nick Kew]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinChanges with Apache 2.3.4
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater and WatchdogMutexPath with a single Mutex directive. Add APIs to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein simplify setup and user customization of APR proc and global mutexes.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
c6c78f699b55b3344fb6b17ddc854cbae4610468Automatic Updater respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater *) http_core: KeepAlive no longer accepts other than On|Off.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Takashi Sato]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
8e821eea5f57ac47a94305aa7ab0c3570d92a311Automatic Updater and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [Jeff Trawick]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein try other providers in the case of an LDAP bind failure.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
*) SECURITY: CVE-2009-3095 (cve.mitre.org)
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
*) SECURITY: CVE-2009-3094 (cve.mitre.org)
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
[Dr Stephen Henson <shenson oss-institute.org>]
PR 47178. [Philipp Hagemeister <oss phihag.de>]
Brian France <brian brianfrance.com>]
modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
*) mod_logio/core: Report more accurate byte counts in mod_status if
for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
[Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
Log 408 errors in access log as was done in Apache 1.3.x.
PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
Stefan Fritsch <sf fritsch.de>, Dan Poirier]
Brian France <brian brianfrance.com>]
Brian France <brian brianfrance.com>]
[Stefan Fritsch <sf sfritsch.de>]
*) mod_session.c: Prevent a segfault when session is added but not
definition. [Stefan Fritsch sf sfritsch.de]
*) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
PR 46971 [evanc nortel.com]
[Stefan Fritsch <sf sfritsch.de>]
for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
PR 42175 [Jim Radford <radford blackbean.org>]
type. PR 45107. [Michael Ströder <michael stroeder.com>,
PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
PR 46942 [Dan Poirier <poirier pobox.com>]
PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
[Marko Kevac <mkevac gmail.com>]
as A/UX, Next, and Tandem. [Jeff Trawick]
directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
of module state across unload/load. [Jeff Trawick]
[Dan Poirier <poirier pobox.com>]
[Geoff Keating <geoffk apple.com>]
with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
a media type has not been configured via mime.types, AddType,
[Ryan Phillips <ryan-apache trolocsis.com>]
[<tlhackque yahoo.com>]
*) prefork: Fix child process hang during graceful restart/stop in
*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
times out before returning status line/headers.
PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
[Theo Schlossnagle <jesus omniti.com>, Paul Querna]
modules/proxy/balancers [Jim Jagielski]
privileges and Unix user/group IDs [Nick Kew]
logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
*) unixd: turn existing code into a module, and turn the set user/group
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
*) New module mod_sed: filter Request/Response bodies through sed
null value. [David Shane Holden <dpejesh apache.org>]
both inside and outside the location/directory sections, as
form request with the type of application/x-www-form-urlencoded.
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnz_ldap: Add support for nested groups (i.e. the ability
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later:
Changes with Apache 1.3.x and later: