0N/A -*- coding: utf-8 -*-
0N/AChanges with Apache 2.3.10
0N/A *) mod_cgid: RLimit* directive support for mod_cgid. PR 42135
0N/A *) core: Fail startup when the argument to ServerName looks like a glob
0N/A or a regular expression instead of a hostname (*?[]). PR 39863
0N/A *) mod_userdir: Add merging of enable, disable, and filename arguments
0N/A PR 44076 [Eric Covener]
0N/A *) httpd: When no -k option is provided on the httpd command line, the server
0N/A was starting without checking for an existing pidfile. PR 50350
1472N/A *) mod_proxy: Put the worker in error state if the SSL handshake with the
0N/A *) mod_cache_disk: Fix Windows build which was broken after renaming
1879N/A the module. [Gregg L. Smith]
1879N/A Fix a denial of service attack against mod_reqtimeout.
1879N/A *) mod_include: Add the onerror attribute to the include element,
1879N/A allowing an URL to be specified to include on error. [Graham
1879N/A *) mod_cache_disk: mod_disk_cache renamed to mod_cache_disk, to be
1879N/A consistent with the naming of other modules. [Graham Leggett]
0N/A *) mod_setenvif: Add SetEnvIfExpr directive to set env var depending on
0N/A expression. [Stefan Fritsch]
0N/A *) mod_proxy: Fix ProxyPassInterpolateEnv directive. PR 50292.
0N/A *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
0N/A binary (Suexec Off), or force startup failure if suEXEC is required
0N/A but not supported (Suexec On). Change SuexecUserGroup to fail
0N/A startup instead of just printing a warning if suEXEC is disabled.
0N/A *) core: Add Error directive for aborting startup or htaccess processing
0N/A with a specified error message. [Jeff Trawick]
0N/A *) mod_rewrite: Fix the RewriteEngine directive to work within a
0N/A location. Previously, once RewriteEngine was switched on globally,
0N/A it was impossible to switch off. [Graham Leggett]
0N/A *) core, mod_include, mod_ssl: Move the expression parser derived from
0N/A mod_include back into mod_include. Replace ap_expr with a parser
0N/A derived from mod_ssl's parser. Make mod_ssl use the new parser. Rework
0N/A ap_expr's public interface and provide hooks for modules to add variables
0N/A and functions. [Stefan Fritsch]
0N/A *) core: Do the hook sorting earlier so that the hooks are properly sorted
0N/A for the pre_config hook and during parsing the config. [Stefan Fritsch]
0N/A *) core: In the absence of any AllowOverride directives, the default is now
0N/A "None" instead of "All". PR49823 [Eric Covener]
0N/A *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
0N/A <Directory> or <Files>. PR47765 [Eric Covener]
0N/A to match default configuration and manual. PR47782 [Eric Covener]
0N/A *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
0N/A when the child process is starting to exit. PR50220. [Eric Covener]
0N/A *) mod_autoindex: Fix inheritance of mod_autoindex directives into
0N/A contexts that don't have any mod_autoindex directives. PR47766.
0N/A *) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
0N/A of rewrite processing when a per-directory substitution occurs.
0N/A *) mod_ssl: Make sure to always log an error if loading of CA certificates
0N/A fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
0N/A *) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
0N/A request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
0N/A *) mod_dav: Send 400 error if malformed Content-Range header is received for
0N/A a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
0N/A *) mod_proxy: Release the backend connection as soon as EOS is detected,
0N/A so the backend isn't forced to wait for the client to eventually
0N/A acknowledge the data. [Graham Leggett]
0N/A *) mod_proxy: Optimise ProxyPass within a Location so that it is stored
0N/A per-directory, and chosen during the location walk. Make ProxyPass
0N/A work correctly from within a LocationMatch. [Graham Leggett]
0N/A *) core: Fix segfault if per-module LogLevel is on virtual host
0N/A scope. PR 50117. [Stefan Fritsch]
0N/A *) mod_proxy: Move the ProxyErrorOverride directive to have per
0N/A directory scope. [Graham Leggett]
0N/A *) mod_allowmethods: New module to deny certain HTTP methods without
0N/A Igor Galić, Stefan Fritsch]
0N/A *) mod_ssl: Log certificate information and improve error message if client
0N/A cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
0N/A *) htcacheclean: Teach htcacheclean to limit cache size by number of
0N/A inodes in addition to size of files. Prevents a cache disk from
0N/A running out of space when many small files are cached.
0N/A *) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
0N/A describes more accurately what the directive does. The old name
0N/A still works but logs a warning. [Stefan Fritsch]
304N/A *) mod_cache: Optionally serve stale data when a revalidation returns a
0N/A 5xx response, controlled by the CacheStaleOnError directive.
304N/A *) htcacheclean: Allow the listing of valid URLs within the cache, with
0N/A the option to list entry metadata such as sizes and times. [Graham
0N/A *) mod_cache: correctly parse quoted strings in cache headers.
0N/A *) mod_cache: Allow control over the base URL of reverse proxied requests
0N/A using the CacheKeyBaseURL directive, so that the cache key can be
0N/A calculated from the endpoint URL instead of the server URL. [Graham
0N/A *) mod_cache: CacheLastModifiedFactor, CacheStoreNoStore, CacheStorePrivate,
0N/A CacheStoreExpired, CacheIgnoreNoLastMod, CacheDefaultExpire,
0N/A *) mod_disk_cache: CacheMaxFileSize, CacheMinFileSize, CacheReadSize and
0N/A *) core: Speed up config parsing if using a very large number of config
0N/A files. PR 50002 [andrew cloudaccess net]
0N/A *) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
0N/A *) htcacheclean: Allow the option to round up file sizes to a given
0N/A block size, improving the accuracy of disk usage. [Graham Leggett]
0N/A *) mod_ssl: Add authz providers for use with mod_authz_core and its
0N/A 'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
0N/A 'ssl-require' (expressions with same syntax as SSLRequire).
0N/A *) mod_ssl: Make the ssl expression parser thread-safe. It now requires
0N/A bison instead of yacc. [Stefan Fritsch]
0N/A *) mod_disk_cache: Change on-disk header file format to support the
0N/A file, and to support the option of not writing a data file when
0N/A the data file is empty. [Graham Leggett]
0N/A the ID generated by mod_unique_id as error log ID for requests.
0N/A *) mod_cache: Make sure that we never allow a 304 Not Modified response
0N/A that we asked for to leak to the client should the 304 response be
0N/A uncacheable. PR45341 [Graham Leggett]
0N/A *) mod_cache: Add the cache_status hook to register the final cache
0N/A and/or an X-Cache-Detail header to add the cache status to the
0N/A response. PR48241 [Graham Leggett]
0N/A *) mod_authz_host: Add 'local' provider that matches connections originating
0N/A on the local host. PR 19938. [Stefan Fritsch]
0N/A *) Event MPM: Fix crash accessing pollset on worker thread when child
0N/A process is exiting. [Jeff Trawick]
0N/A *) core: For process invocation (cgi, fcgid, piped loggers and so forth)
0N/A pass the system library path (LD_LIBRARY_PATH or platform-specific
0N/A variables) along with the system PATH, by default. Both should be
0N/A overridden together as desired using PassEnv etc; see mod_env.
0N/A *) mod_cache: Introduce CacheStoreExpired, to allow administrators to
0N/A capture a stale backend response, perform If-Modified-Since requests
0N/A against the backend, and serving from the cache all 304 responses.
0N/A This restores pre-2.2.4 cache behavior. [William Rowe]
0N/A *) mod_rewrite: Introduce <=, >= string comparison operators, and integer
0N/A comparators -lt, -le, -eq, -ge, and -gt. To help bash users and drop
0N/A the ambiguity of the symlink test "-ltest", introduce -h or -L as
0N/A symlink test operators. [William Rowe]
0N/A *) mod_cache: Give the cache provider the opportunity to choose to cache
0N/A or not cache based on the buckets present in the brigade, such as the
0N/A presence of a FILE bucket.
0N/A *) mod_authz_core: Allow authz providers to check args while reading the
0N/A config and allow to cache parsed args. Move 'all' and 'env' authz
0N/A providers from mod_authz_host to mod_authz_core. Add 'method' authz
0N/A provider depending on the HTTP method. [Stefan Fritsch]
304N/A *) mod_include: Move the request_rec within mod_include to be
304N/A exposed within include_ctx_t. [Graham Leggett]
304N/A *) mod_include: Reinstate support for UTF-8 character sets by allowing a
0N/A variable being echoed or set to be decoded and then encoded as separate
304N/A steps. PR47686 [Graham Leggett]
304N/A *) mod_cache: Add a discrete commit_entity() provider function within the
304N/A mod_cache provider interface which is called to indicate to the
304N/A provider that caching is complete, giving the provider the opportunity
304N/A to commit temporary files permanently to the cache in an atomic
0N/A fashion. Replace the inconsistent use of error cleanups with a formal
0N/A set of pool cleanups attached to a subpool, which is destroyed on error.
304N/A *) mod_cache: Change the signature of the store_body() provider function
304N/A within the mod_cache provider interface to support an "in" brigade
304N/A and an "out" brigade instead of just a single input brigade. This
304N/A gives a cache provider the option to consume only part of the brigade
304N/A passed to it, rather than the whole brigade as was required before.
304N/A This fixes an out of memory and a request timeout condition that would
0N/A occur when the original document was a large file. Introduce
0N/A CacheReadSize and CacheReadTime directives to mod_disk_cache to control
304N/A the amount of data to attempt to cache at a time. [Graham Leggett]
0N/A *) core: Add ErrorLogFormat to allow configuring error log format, including
0N/A additional information that is logged once per connection or request. Add
304N/A error log IDs for connections and request to allow correlating error log
304N/A lines and the corresponding access log entry. [Stefan Fritsch]
0N/A *) core: Disable sendfile by default. [Stefan Fritsch]
304N/A *) mod_cache: Check the request to determine whether we are allowed
0N/A to return cached content at all, and respect a "Cache-Control:
0N/A no-cache" header from a client. Previously, "no-cache" would
0N/A behave like "max-age=0". [Graham Leggett]
0N/A *) mod_cache: Use a proper filter context to hold filter data instead
0N/A of misusing the per-request configuration. Fixes a segfault on trunk
0N/A when the normal handler is used. [Graham Leggett]
0N/A *) mod_cgid: Log a warning if the ScriptSock path is truncated because
0N/A it is too long. PR 49388. [Stefan Fritsch]
0N/A *) vhosts: Do not allow _default_ in NameVirtualHost, or mixing *
0N/A and non-* ports on NameVirtualHost, or multiple NameVirtualHost
0N/A directives for the same address:port, or NameVirtualHost
0N/A directives with no matching VirtualHosts, or multiple ip-based
0N/A VirtualHost sections for the same address:port. These were
0N/A previously accepted with a warning, but the behavior was
0N/A undefined. [Dan Poirier]
0N/A *) mod_remoteip: Fix a segfault when using mod_remoteip in conjunction with
0N/A *) core: DirectoryMatch can now match on the end of line character ($),
0N/A and sub-directories of matched directories are no longer implicitly
0N/A matched. PR49809 [Eric Covener]
0N/A *) Regexps: introduce new higher-level regexp utility including parsing
0N/A *) Proxy: support setting source address. PR 29404
0N/A [Multiple contributors iterating through bugzilla,
0N/A *) HTTP protocol: return 400 not 503 if we have to abort due to malformed
0N/A chunked encoding. [Nick Kew]
0N/AChanges with Apache 2.3.8
0N/A *) suexec: Support large log files. PR 45856. [Stefan Fritsch]
0N/A *) core: Abort with sensible error message if no or more than one MPM is
0N/A loaded. [Stefan Fritsch]
0N/A *) mod_proxy: Rename erroronstatus to failonstatus.
0N/A *) mod_dav_fs: Fix broken "creationdate" property.
0N/A Regression in version 2.3.7. [Rainer Jung]
0N/AChanges with Apache 2.3.7
0N/A mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
0N/A segment. PR: 49246 [Mark Drayton, Jeff Trawick]
304N/A *) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
1060N/A *) mod_rewrite: Log errors if rewrite map files cannot be opened. PR 49639.
1060N/A *) mod_proxy_http: Support the 'ping' property for backend HTTP/1.1 servers
0N/A via leveraging 100-Continue as the initial "request".
0N/A mod_authz_core to bypass authentication if access should be allowed by
0N/A *) core: Introduce note_auth_failure hook to allow modules to add support
0N/A for additional auth types. This makes ap_note_auth_failure() work with
0N/A mod_auth_digest again. PR 48807. [Stefan Fritsch]
0N/A *) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
304N/A *) mod_authn_cache: new module [Nick Kew]
304N/A *) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
0N/A *) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]
0N/A *) mod_rewrite: Allow to set environment variables without explicitly
0N/A giving a value. [Rainer Jung]
0N/A *) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]
1909N/A *) CGI vars: allow PATH to be set by SetEnv, consistent with LD_LIBRARY_PATH
0N/A *) Core: Extra robustness: don't try authz and segfault if authn
0N/A fails to set r->user. Log bug and return 500 instead.
0N/A *) HTTP protocol filter: fix handling of longer chunk extensions
0N/A *) Update SSL cipher suite and add example for SSLHonorCipherOrder.
0N/A [Lars Eilebrecht, Rainer Jung]
0N/A *) move AddOutputFilterByType from core to mod_filter. This should
0N/A fix nasty side-effects that happen when content_type is set
0N/A more than once in processing a request, and make it fully
0N/A compatible with dynamic and proxied contents. [Nick Kew]
0N/A *) mod_log_config: Implement logging for sub second timestamps and
0N/A request end time. [Rainer Jung]
0N/AChanges with Apache 2.3.6
0N/A mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
0N/A attack when compiled against OpenSSL version 0.9.8m or later. Introduces
0N/A the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
0N/A and offer unsafe legacy renegotiation with clients which do not yet
0N/A support the new secure renegotiation protocol, RFC 5746.
304N/A [Joe Orton, and with thanks to the OpenSSL Team]
304N/A mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
304N/A by rejecting any client-initiated renegotiations. Forcibly disable
0N/A keepalive for the connection if there is any buffered data readable. Any
0N/A access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
0N/A mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
0N/A when request headers indicate a request body is incoming; not a case of
0N/A mod_isapi: Do not unload an isapi .dll module until the request
0N/A processing is completed, avoiding orphaned callback pointers.
0N/A *) core: Filter init functions are now run strictly once per request
1204N/A before handler invocation. The init functions are no longer run
0N/A for connection filters. PR 49328. [Joe Orton]
0N/A *) core: Adjust the output filter chain correctly in an internal
0N/A redirect from a subrequest, preserving filters from the main
1295N/A request as necessary. PR 17629. [Joe Orton]
1295N/A *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
0N/A Response if they so choose to do so. Previously an attempt to cache a 206
0N/A was arbitrarily allowed if the response contained an Expires or
0N/A Cache-Control header, and arbitrarily denied if both headers were missing.
2168N/A *) core: Add microsecond timestamp fractions, process id and thread id
2168N/A to the error log. [Rainer Jung]
0N/A *) configure: The "most" module set gets build by default. [Rainer Jung]
1204N/A *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
0N/A *) configure: Fix broken VPATH build when using included APR.
1378N/A *) mod_session_crypto: Fix configure problem when building
1378N/A with APR 2 and for VPATH builds with included APR.
1378N/A *) mod_session_crypto: API compatibility with APR 2 crypto and
1378N/A *) ab: Fix memory leak with -v2 and SSL. PR 49383.
1378N/A [Pavel Kankovsky <peak argo troja mff cuni cz>]
1378N/A *) core: Add per-module and per-directory loglevel configuration.
1378N/A Add some more trace logging.
2796N/A mod_ssl: Replace LogLevelDebugDump with trace log levels.
1378N/A mod_dumpio: Replace DumpIOLogLevel with trace log levels.
1378N/A *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
1378N/A title page only) when any mod_ldap directives were used in VirtualHost
1378N/A *) mod_disk_cache: Decline the opportunity to cache if the response is
1378N/A a 206 Partial Content. This stops a reverse proxied partial response
1378N/A from becoming cached, and then being served in subsequent responses.
1378N/A *) mod_deflate: avoid the risk of forwarding data before headers are set.
1378N/A *) mod_authnz_ldap: Ensure nested groups are checked when the
1750N/A top-level group doesn't have any direct non-group members
1750N/A of attributes in AuthLDAPGroupAttribute. [Eric Covener]
1378N/A *) mod_authnz_ldap: Search or Comparison during authorization phase
1378N/A can use the credentials from the authentication phase
1378N/A (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
1378N/A PR 48340 [Domenico Rotiroti, Eric Covener]
1378N/A *) mod_authnz_ldap: Allow the initial DN search during authentication
1378N/A LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
1378N/A *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
1378N/A when this module is used for authorization. See AuthLDAPAuthorizePrefix.
1378N/A *) apxs -q: Stop filtering out ':' characters from the reported values.
1378N/A *) prefork MPM: Work around possible crashes on child exit in APR reslist
1378N/A cleanup code. PR 43857. [Tom Donovan]
1204N/A *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
0N/A *) Log an error for failures to read a chunk-size, and return 408 instead of
0N/A 413 when this is due to a read timeout. This change also fixes some cases
0N/A of two error documents being sent in the response for the same scenario.
0N/A [Eric Covener] PR49167
0N/A *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
0N/A *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
1204N/A *) Proxy balancer: support setting error status according to HTTP response
0N/A code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri
primary.net>]
1295N/A *) htcacheclean: Introduce the ability to clean specific URLs from the
0N/A cache, if provided as an optional parameter on the command line.
0N/A *) core: Introduce the IncludeStrict directive, which explicitly fails
0N/A server startup if no files or directories match a wildcard path.
0N/A *) htcacheclean: Report additional statistics about entries deleted.
0N/A *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
0N/A builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
304N/A build of openssl is required for 'SSLFIPS on'. PR 46270.
0N/A *) mod_proxy_http: Log the port of the remote server in various messages.
1909N/A PR 48812. [Igor Galić <i galic brainsware org>]
3726N/A *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
3726N/A connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
3726N/A *) mod_proxy_ajp: Really regard the operation a success, when the client
3726N/A aborted the connection. In addition adjust the log message if the client
3726N/A aborted the connection. [Ruediger Pluem]
0N/A *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
0N/A allows insecure renegotiation with clients which do not yet
0N/A support the secure renegotiation protocol. [Joe Orton]
3726N/A *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
3726N/A is configured for client cert auth. PR 46952. [Joe Orton]
3726N/A *) core: Only log a 408 if it is no keepalive timeout. PR 39785
0N/A *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
2262N/A setting only, matching most of the documentation and examples.
2262N/A PR 46541 [Paul Reder, Eric Covener]
2262N/A types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
0N/A *) mod_negotiation: Preserve query string over multiviews negotiation.
304N/A This buglet was fixed for type maps in 2.2.6, but the same issue
0N/A affected multiviews and was overlooked.
622N/A *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
622N/A when some are not password-protected. [Eric Covener]
0N/A *) Fix startup segfault when the Mutex directive is used but no loaded
0N/A modules use httpd mutexes. PR 48787. [Jeff Trawick]
0N/A *) Proxy: get the headers right in a HEAD request with
0N/A ProxyErrorOverride, by checking for an overridden error
0N/A before not after going into a catch-all code path.
0N/A PR 41646. [Nick Kew, Stuart Children]
304N/A truncation. Useful when the log is being processed in real time
304N/A using a command like tail. [Graham Leggett]
0N/A httpd's writing of a pid file) so that it becomes possible to run
0N/A more than one instance of htcacheclean on the same machine.
622N/A *) Log command line on startup, so there's a record of command line
622N/A arguments like -f. PR 48752. [Dan Poirier]
0N/A *) Introduce mod_reflector, a handler capable of reflecting POSTed
0N/A request bodies back within the response through the output filter
0N/A stack. Can be used to turn an output filter into a web service.
0N/A *) mod_proxy_http: Make sure that when an ErrorDocument is served
0N/A from a reverse proxied URL, that the subrequest respects the status
304N/A of the original request. This brings the behaviour of proxy_handler
0N/A in line with default_handler. PR 47106. [Graham Leggett]
0N/A *) Support wildcards in both the directory and file components of
0N/A the path specified by the Include directive. [Graham Leggett]
0N/A *) mod_proxy, mod_proxy_http: Support remote https proxies
0N/A by using HTTP CONNECT. PR 19188.
0N/A *) apxs: Fix -A and -a options to ignore whitespace in
httpd.conf 0N/A [Philip M. Gollucci]
0N/A *) worker: Don't report server has reached MaxClients until it has.
0N/A Add message when server gets within MinSpareThreads of MaxClients.
0N/A PR 46996. [Dan Poirier]
0N/A *) mod_session: Session expiry was being initialised, but not updated
0N/A on each session save, resulting in timed out sessions when there
0N/A should not have been. Fixed. [Graham Leggett]
0N/A *) mod_log_config: Add the R option to log the handler used within the
304N/A *) mod_include: Allow fine control over the removal of Last-Modified and
2251N/A ETag headers within the INCLUDES filter, making it possible to cache
2251N/A responses if desired. Fix the default value of the SSIAccessEnable
2251N/A directive. [Graham Leggett]
2251N/A *) Add new UnDefine directive to undefine a variable. PR 35350.
0N/A *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
0N/A for regex backreferences as mod_rewrite and mod_include: Remove the use
0N/A of '&' as an alias for '$0' and allow to escape any character with a
0N/A backslash. PR 48351. [Stefan Fritsch]
0N/A *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
0N/A password to UTF-8. PR 45318.
2251N/A *) ab: Fix calculation of requests per second in HTML output. PR 48594.
0N/A *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
2251N/A password now result in an informational level log entry instead of
0N/A warning level. [Eric Covener]
0N/A Ensure each subrequest has a shallow copy of headers_in so that the
0N/A parent request headers are not corrupted. Eliminates a problematic
0N/A optimization in the case of no request body. PR 48359
0N/A [Jake Scott, William Rowe, Ruediger Pluem]
0N/A *) Turn static function get_server_name_for_url() into public
0N/A ap_get_server_name_for_url() and use it where appropriate. This
0N/A fixes mod_rewrite generating invalid URLs for redirects to IPv6
304N/A literal addresses. [Stefan Fritsch]
0N/A *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
0N/A for LDAP operations like bind and search. [Stefan Fritsch]
0N/A *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
0N/A mod_proxy_ftp. [Takashi Sato]
0N/A *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
0N/A mod_proxy_connect. [Takashi Sato]
1909N/A *) mod_cache: Do an exact match of the keys defined by
1909N/A CacheIgnoreURLSessionIdentifiers against the querystring instead of
1297N/A *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
1909N/A *) Core HTTP: disable keepalive when the Client has sent
0N/A Expect: 100-continue
0N/A but we respond directly with a non-100 response.
0N/A Keepalive here led to data from clients continuing being treated as
304N/A *) Core: reject NULLs in request line or request headers.
304N/A *) Core: (re)-introduce -T commandline option to suppress documentroot
0N/A *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
0N/A ScanHTMLTitles, ReadmeName, HeaderName
0N/A *) Proxy: Fix ProxyPassReverse with relative URL
0N/A Derived (slightly erroneously) from PR 38864 [Nick Kew]
0N/A *) mod_headers: align Header Edit with Header Set when used on Content-Type
0N/A *) mod_headers: Enable multi-match-and-replace edit option
0N/A *) mod_filter: enable it to act on non-200 responses.
0N/AChanges with Apache 2.3.4
0N/A *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
0N/A and WatchdogMutexPath with a single Mutex directive. Add APIs to
0N/A simplify setup and user customization of APR proc and global mutexes.
0N/A respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
0N/A *) http_core: KeepAlive no longer accepts other than On|Off.
0N/A *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
0N/A and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
0N/A *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
0N/A try other providers in the case of an LDAP bind failure.
0N/A PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
0N/A *) Build: fix --with-module to work as documented
0N/AChanges with Apache 2.3.3
0N/A mod_proxy_ftp: sanity check authn credentials.
0N/A mod_proxy_ftp: NULL pointer dereference on error paths.
0N/A *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
0N/A *) mod_dav: Include uri when logging a PUT error due to connection abort.
0N/A PR 38149. [Stefan Fritsch]
0N/A *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
0N/A resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
0N/A *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
0N/A (a COPY request where the parent of the destination resource does not
0N/A exist). PR 39299. [Stefan Fritsch]
0N/A *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
0N/A PR 42896. [Stefan Fritsch]
0N/A *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
0N/A old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
0N/A *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
1909N/A creating files. On systems with inode numbers, this is a format change of
1909N/A the DavLockDB. The old DavLockDB must be deleted on upgrade.
1909N/A *) mod_log_config: Make ${cookie}C correctly match whole cookie names
0N/A *) vhost: A purely-numeric Host: header should not be treated as a port.
0N/A *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
0N/A when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
304N/A LDAPReferralHopLimit is explicitly configured.
304N/A *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
304N/A *) mod_ssl: Add support for OCSP Stapling. PR 43822.
0N/A *) mod_socache_shmcb: Allow parens in file name if cache size is given.
0N/A Fixes SSLSessionCache directive mis-parsing parens in pathname.
0N/A PR 47945. [Stefan Fritsch]
0N/A *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
0N/A *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
0N/A *) mod_sed: Reduce memory consumption when processing very long lines.
0N/A *) ab: Fix segfault in case the argument for -n is a very large number.
0N/A *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
1909N/A *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
1909N/A for worker MPM. [Takashi Sato]
1297N/A *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
0N/A *) Build: Use install instead of cp if available on installing
0N/A modules to avoid segmentation fault. PR 47951. [hirose31
gmail.com]
1909N/A *) mod_cache: correctly consider s-maxage in cacheability
1909N/A mod_logio is loaded. PR 25656. [Stefan Fritsch]
304N/A *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
304N/A some cache entries and log a warning. Also increase the default
304N/A LDAPSharedCacheSize to 500000. This is a more realistic size suitable
1909N/A *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
1909N/A *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
1909N/A Location section, in line with how ProxyPass works. [Graham Leggett]
1909N/A *) mod_reqtimeout: New module to set timeouts and minimum data rates for
1909N/A receiving requests from the client. [Stefan Fritsch]
304N/A *) core: Fix potential memory leaks by making sure to not destroy
1060N/A bucket brigades that have been created by earlier filters.
0N/A *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
0N/A brigades in several places. [Stefan Fritsch]
0N/A *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
304N/A match by scheme, or by a wildcarded hostname. PR 40169
304N/A *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
304N/A on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
304N/A *) mod_mime: Make RemoveType override the info from TypesConfig.
304N/A PR 38330. [Stefan Fritsch]
304N/A *) mod_cache: Introduce the option to run the cache from within the
304N/A normal request handler, and to allow fine grained control over
304N/A where in the filter chain content is cached. [Graham Leggett]
304N/A *) core: Treat timeout reading request as 408 error, not 400.
0N/A Log 408 errors in access log as was done in Apache
1.3.x. 0N/A *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
0N/A SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
0N/A *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
0N/A PR15866. [Dan Poirier]
0N/A *) ab: ab segfaults in verbose mode on https sites
0N/A PR46393. [Ryan Niebur]
0N/A *) mod_dav: Allow other modules to become providers and add resource types
304N/A *) mod_dav: Allow other modules to add things to the DAV or Allow headers
0N/A *) core: Lower memory usage of core output filter.
0N/A *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
0N/A LocationMatch sections. PR47754. [Dan Poirier]
304N/A *) mod_request: Make sure the KeptBodySize directive rejects values
304N/A that aren't valid numbers. [Graham Leggett]
304N/A *) mod_session_crypto: Sanity check should the potentially encrypted
304N/A session cookie be too short. [Graham Leggett]
0N/A configured. [Graham Leggett]
0N/A *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
0N/A *) mod_auth_digest: Fail server start when nonce count checking
0N/A is configured without shared memory, or md5-sess algorithm is
0N/A configured. [Dan Poirier]
304N/A *) mod_proxy_connect: The connect method doesn't work if the client is
304N/A connecting to the apache proxy through an ssl socket. Fixed.
304N/A PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
304N/A David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
304N/A Kevin Croft, Rudolf Cardinal]
304N/A *) mod_ssl: The error message when SSLCertificateFile is missing should
0N/A at least give the name or position of the problematic virtual host
0N/A *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
304N/A *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb
yahoo.com>]
304N/A *) mod_headers: generalise the envclause to support expression
304N/A evaluation with ap_expr parser [Nick Kew]
0N/A *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
0N/A the flood of requests at bay that strike a backend webserver as
304N/A a cached entity goes stale. [Graham Leggett]
0N/A *) mod_auth_digest: Fix usage of shared memory and re-enable it.
0N/A PR 16057 [Dan Poirier]
0N/A *) Preserve Port information over internal redirects
0N/A *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
0N/A rather than BAD_GATEWAY or (especially) NOT_FOUND.
304N/A *) Various modules: Do better checking of pollset operations in order to
0N/A avoid segmentation faults if they fail. PR 46467
0N/A *) mod_autoindex: Correctly create an empty cell if the description
0N/A for a file is missing. PR 47682 [Peter Poeml <poeml
suse.de>]
0N/A *) ab: Fix broken error messages after resolver or connect() failures.
0N/A Fix a potential Denial-of-Service attack against mod_proxy in a
0N/A reverse proxy configuration, where a remote attacker can force a
0N/A proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
0N/A mod_proxy_ajp: Avoid delivering content from a previous request which
0N/A failed to send a request body. PR 46949 [Ruediger Pluem]
0N/A *) htdbm: Fix possible buffer overflow if dbm database has very
0N/A long values. PR 30586 [Dan Poirier]
0N/A *) core: Return APR_EOF if request body is shorter than the length announced
0N/A *) mod_suexec: correctly set suexec_enabled when httpd is run by a
0N/A non-root user and may have insufficient permissions.
0N/A *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
0N/A *) mod_proxy_http: fix case sensitivity checking transfer encoding
0N/A *) mod_alias: ensure Redirect issues a valid URL.
0N/A *) mod_dir: add FallbackResource directive, to enable admin to specify
0N/A an action to happen when a URL maps to no file, without resorting
0N/A to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
304N/A *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
0N/A *) mod_rewrite: Remove locking for writing to the rewritelog.
0N/A *) mod_alias: check sanity in Redirect arguments.
0N/A *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
0N/A *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
0N/A defined session identifiers encoded in the URL when caching.
0N/A *) mod_rewrite: Fix the error string returned by RewriteRule.
0N/A RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
0N/A argument of RewriteRule was not started with "[" or not ended with "]".
0N/A *) Windows: Fix usage message.
0N/A *) apachectl: When passing through arguments to httpd in
0N/A non-SysV mode, use the "$@" syntax to preserve arguments.
0N/A *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
0N/A be run when a connection is opened. PR 46827
0N/A *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
0N/A PR 47037. [Jeff Trawick]
0N/A *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
0N/A *) mod_proxy_ajp: Forward remote port information by default.
0N/A *) Allow MPMs to be loaded dynamically, as with most other modules. Use
0N/A --enable-mpms-shared={list|"all"} to enable. This required changes to
1909N/A header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
1909N/A ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
1909N/A called until after the register-hooks phase. [Jeff Trawick]
1909N/A *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
0N/A to enable stricter checking of remote server certificates.
0N/A *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
304N/A returns EINPROGRESS and a subsequent poll() returns only POLLERR.
304N/A Observed on HP-UX. [Eric Covener]
1909N/A *) Remove broken support for BeOS, TPF, and even older platforms such
0N/A *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
0N/A globbing characters to be retrieved instead of converted into a
0N/A directory listing. PR 46789 [Dan Poirier <poirier
pobox.com>]
0N/A *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
0N/A *) mod_substitute: Fix a memory leak. PR 44948
0N/AChanges with Apache 2.3.2
0N/A *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
0N/A *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
0N/A HTML injections and HTTP response splitting. PR 46837.
0N/A *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
0N/A development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
0N/A *) ab: Fix maintenance of the pollset to resolve EALREADY errors
0N/A with kqueue (
BSD/OS X) and excessive CPU with event ports (Solaris).
0N/A PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
0N/A pollset implementations. [Jeff Trawick]
1909N/A *) mod_disk_cache: The module now turns off sendfile support if
1909N/A 'EnableSendfile off' is defined globally. [Lars Eilebrecht]
1909N/A *) mod_deflate: Adjust content metadata before bailing out on 304
1909N/A responses so that the metadata does not differ from 200 response.
304N/A *) mod_deflate: Fix creation of invalid Etag headers. We now make sure
304N/A that the Etag value is properly quoted when adding the gzip marker.
0N/A PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding]
0N/A *) Added 20x22 icons for ODF, SVG, and XML documents. PR 37185.
0N/A *) Disabled DefaultType directive and removed ap_default_type()
0N/A from core. We now exclude Content-Type from responses for which
304N/A ForceType, or some other mechanism. PR 13986. [Roy T. Fielding]
0N/A *) mod_rewrite: Add IPV6 variable to RewriteCond
0N/A *) core: Enhance KeepAliveTimeout to support a value in milliseconds.
0N/A PR 46275. [Takashi Sato]
0N/A *) rotatelogs: Allow size units B, K, M, G and combination of
0N/A time and size based rotation. [Rainer Jung]
0N/A *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung]
0N/A *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508
0N/A *) core: Translate the the status line to ASCII on EBCDIC platforms in
0N/A ap_send_interim_response() and for locally generated "100 Continue"
0N/A responses. [Eric Covener]
0N/A configurations with multiple listening sockets. PR 42829. [Joe Orton,
0N/A *) mod_session_crypto: Ensure that SessionCryptoDriver can only be
0N/A set in the global scope. [Graham Leggett]
304N/A *) mod_ext_filter: We need to detect failure to startup the filter
0N/A program (a mangled response is not acceptable). Fix to detect
0N/A failure, and offer configuration option either to abort or
0N/A to remove the filter and continue.
0N/A *) mod_session_crypto: Rewrite the session_crypto module against the
0N/A apr_crypto API. [Graham Leggett]
0N/A *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest
0N/A until the main request is cleaned up. [Graham Leggett]
0N/AChanges with Apache 2.3.1
0N/A *) ap_slotmem: Add in new slot-based memory access API impl., including
0N/A 2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski,
0N/A *) mod_include: support generating non-ASCII characters as entities in SSI
1909N/A *)
core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
0N/A *) mod_rewrite: fix "B" flag breakage by reverting r5589343
0N/A *) CGI: return 504 (Gateway timeout) rather than 500 when a script
0N/A *) mod_cgid: fix segfault problem on solaris.
0N/A *) mod_proxy_scgi: Added. [André Malo]
0N/A *) mod_cache: Introduce 'no-cache' per-request environment variable
304N/A to prevent the saving of an otherwise cacheable response.
304N/A *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
0N/A way that per-directory rewrites append the previous notion of PATH_INFO
0N/A to each substitution before evaluating subsequent rules.
0N/A PR 38642 [Eric Covener]
0N/A *) mod_cgid: Do not add an empty argument when calling the CGI script.
304N/A PR 46380 [Ruediger Pluem]
0N/A *) scoreboard: Remove unused sb_type from process_score.
0N/A *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
0N/A size of the buffer used for the request-body where necessary
0N/A during a per-dir renegotiation. PR 39243. [Joe Orton]
0N/A *) mod_proxy_fdpass: New module to pass a client connection over to a separate
0N/A process that is reading from a unix daemon socket.
0N/A *) mod_ssl: Improve environment variable extraction to be more
0N/A efficient and to correctly handle DNs with duplicate tags.
0N/A PR 45975. [Joe Orton]
0N/A *) Remove the obsolete serial attribute from the RPM spec file. Compile
0N/A against the external pcre. Add missing binaries fcgistarter, and
0N/A mod_socache* and mod_session*. [Graham Leggett]
0N/AChanges with Apache 2.3.0
0N/A *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
0N/A *) Remove X-Pad header which was added as a work around to a bug in
0N/A *) Add DTrace Statically Defined Tracing (SDT) probes.
304N/A *) mod_proxy_balancer: Move all load balancing implementations
304N/A as individual, self-contained mod_proxy submodules under
304N/A *) Rename APIs to include ap_ prefix:
304N/A find_child_by_pid -> ap_find_child_by_pid
1060N/A suck_in_APR -> ap_suck_in_APR
1060N/A sys_privileges_handlers -> ap_sys_privileges_handlers
1060N/A unixd_accept -> ap_unixd_accept
1060N/A unixd_config -> ap_unixd_config
1060N/A unixd_killpg -> ap_unixd_killpg
304N/A unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
0N/A unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
0N/A unixd_set_rlimit -> ap_unixd_set_rlimit
304N/A *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
304N/A based on heartbeats. [Paul Querna]
304N/A *) mod_heartmonitor: New module to collect heartbeats, and write out a file
321N/A so that other modules can load balance traffic as needed. [Paul Querna]
0N/A *) mod_heartbeat: New module to generate multicast heartbeats to know if a
304N/A server is online. [Paul Querna]
0N/A *) mod_buffer: Honour the flush bucket and flush the buffer in the
0N/A input filter. Make sure that metadata buckets are written to
0N/A the buffer, not to the final brigade. [Graham Leggett]
0N/A *) mod_buffer: Optimise the buffering of heap buckets when the heap
0N/A buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
0N/A *) mod_buffer: Optional support for buffering of the input and output
0N/A filter stacks. Can collapse many small buckets into fewer larger
0N/A buckets, and prevents excessively small chunks being sent over
0N/A the wire. [Graham Leggett]
0N/A *) mod_privileges: new module to make httpd on Solaris privileges-aware
0N/A and to enable different virtualhosts to run with different
0N/A *) mod_mem_cache: this module has been removed. [William Rowe]
0N/A *) authn/z: Remove mod_authn_default and mod_authz_default.
0N/A *) authz: Fix handling of authz configurations, make default authz
304N/A logic replicate
2.2.x authz logic, and replace <Satisfy*>, Reject,
0N/A and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
0N/A directives. [Chris Darroch]
0N/A *) mod_authn_core: Prevent crash when provider alias created to
0N/A provider which is not yet registered. [Chris Darroch]
0N/A *) mod_authn_core: Add AuthType of None to support disabling
304N/A authentication. [Chris Darroch]
0N/A *) core: Allow <Limit> and <LimitExcept> directives to nest, and
0N/A constrain their use to conform with that of other access control
0N/A and authorization directives. [Chris Darroch]
0N/A *) unixd: turn existing code into a module, and turn the set
user/group 0N/A and chroot into a child_init function. [Nick Kew]
0N/A *) mod_dir: Support "DirectoryIndex disabled"
0N/A *) mod_authnz_ldap: don't return NULL-valued environment variables to
0N/A *) Don't adjust case in pathname components that are not of interest
0N/A to mod_mime. Fixes mod_negotiation's use of such components.
0N/A *) Be tolerant in what you accept - accept slightly broken
0N/A status lines from a backend provided they include a valid status code.
0N/A *) mod_auth_form: Make sure that basic authentication is correctly
0N/A faked directly after login. [Graham Leggett]
1909N/A *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
1909N/A within the output headers and error output headers, so that the
1909N/A session is maintained across redirects. [Graham Leggett]
1909N/A *) mod_auth_form: Make sure the logged in user is populated correctly
1909N/A after a form login. Fixes a missing REMOTE_USER variable directly
1909N/A following a login. [Graham Leggett]
304N/A *) mod_session_cookie: Make sure that cookie attributes are correctly
0N/A included in the blank cookie when cookies are removed. This fixes an
1398N/A inability to log out when using mod_auth_form. [Graham Leggett]
0N/A *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
0N/A *) core, authn/z: Determine registered authn/z providers directly in
304N/A ap_setup_auth_internal(), which allows optional functions that just
304N/A wrapped ap_list_provider_names() to be removed from authn/z modules.
0N/A *) authn/z: Convert common provider version strings to macros.
0N/A *) core: When testing for slash-terminated configuration paths in
0N/A ap_location_walk(), don't look past the start of an empty string
0N/A such as that created by a <Location ""> directive.
0N/A *) core, mod_proxy: If a kept_body is present, it becomes safe for
0N/A subrequests to support message bodies. Make sure that safety
304N/A checks within the core and within the proxy are not triggered
0N/A when kept_body is present. This makes it possible to embed
0N/A proxied POST requests within mod_include. [Graham Leggett]
0N/A *) mod_auth_form: Make sure the input filter stack is properly set
0N/A up before reading the login form. Make sure the kept body filter
0N/A is correctly inserted to ensure the body can be read a second
0N/A time safely should the authn be successful. [Graham Leggett,
0N/A *) mod_request: Insert the KEPT_BODY filter via the insert_filter
0N/A hook instead of during fixups. Add a safety check to ensure the
0N/A filters cannot be inserted more than once. [Graham Leggett,
0N/A *) ap_cache_cacheable_headers_out() will (now) always
0N/A merge an error headers _before_ clearing them and _before_
0N/A merging in the actual entity headers and doing normal
0N/A hop-by-hop cleansing. [Dirk-Willem van Gulik].
0N/A *) cache: retire ap_cache_cacheable_hdrs_out() which was used
0N/A for both in- and out-put headers; and replace it by a single
0N/A ap_cache_cacheable_headers() wrapped in a in- and out-put
304N/A specific ap_cache_cacheable_headers_in()/out(). The latter
0N/A which will also merge error and ensure content-type. To keep
0N/A cache modules consistent with ease. This API change bumps
0N/A up the minor MM by one [Dirk-Willem van Gulik].
0N/A *) Move the KeptBodySize directive, kept_body filters and the
0N/A ap_parse_request_body function out of the http module and into a
0N/A new module called mod_request, reducing the size of the core.
0N/A *) mod_dbd: Handle integer configuration directive parameters with a
0N/A *) Change the directives within the mod_session* modules to be valid
0N/A suggested by wrowe. [Graham Leggett]
0N/A *) mod_auth_form: Add a module capable of allowing end users to log
0N/A in using an HTML form, storing the credentials within mod_session.
0N/A *) Add a function to the http filters that is able to parse an HTML
0N/A *) mod_session_crypto: Initialise SSL in the post config hook.
0N/A [Ruediger Pluem, Graham Leggett]
0N/A *) mod_session_dbd: Add a session implementation capable of storing
0N/A session information in a SQL database via the dbd interface. Useful
0N/A for sites where session privacy is important. [Graham Leggett]
304N/A *) mod_session_crypto: Add a session encoding implementation capable
0N/A of encrypting and decrypting sessions wherever they may be stored.
0N/A Introduces a level of privacy when sessions are stored on the
0N/A browser. [Graham Leggett]
0N/A *) mod_session_cookie: Add a session implementation capable of storing
0N/A session information within cookies on the browser. Useful for high
0N/A volume sites where server bound sessions are too resource intensive.
0N/A *) mod_session: Add a generic session interface to unify the different
0N/A attempts at saving persistent sessions across requests.
0N/A *) core, authn/z: Avoid calling access control hooks for internal requests
0N/A with configurations which match those of initial request. Revert to
0N/A original behaviour (call access control hooks for internal requests
0N/A with URIs different from initial request) if any access control hooks or
1909N/A providers are not registered as permitting this optimization.
1909N/A Introduce wrappers for access control hook and provider registration
1909N/A which can accept additional mode and flag data. [Chris Darroch]
1909N/A *) Introduced ap_expr API for expression evaluation.
0N/A This is adapted from mod_include, which is the first module
0N/A AuthzDBDRedirectQuery, do not report authorization failure, and use
0N/A first row returned by database query instead of last row.
0N/A *) mod_ldap: Correctly return all requested attribute values
0N/A when some attributes have a null value.
0N/A *) core: check symlink ownership if both FollowSymlinks and
0N/A SymlinksIfOwnerMatch are set [Nick Kew]
0N/A *) core: fix origin checking in SymlinksIfOwnerMatch
0N/A *) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the
2326N/A 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
0N/A mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
0N/A contain public function declarations which are useful for
0N/A third party module authors. PR 42431 [Dirk-Willem van Gulik].
0N/A *) mod_dir, mod_negotiation: pass the output filter information
0N/A to newly created sub requests; as these are later on used
0N/A as true requests with an internal redirect. This allows for
0N/A mod_cache
et.al. to trap the results of the redirect.
0N/A [Dirk-Willem van Gulik, Ruediger Pluem]
0N/A *) mod_ldap: Add support (taking advantage of the new APR capability)
0N/A for ldap rebind callback while chasing referrals. This allows direct
0N/A searches on LDAP servers (in particular MS Active Directory 2003+)
0N/A using referrals without the use of the global catalog.
0N/A PRs 26538, 40268, and 42557 [Paul J. Reder]
0N/A installer. This will permit the installation tool to remove
0N/A all running instances before attempting to remove the .exe.
0N/A *) mod_ssl: Add support for OCSP validation of client certificates.
0N/A *) mod_serf: New module for Reverse Proxying. [Paul Querna]
0N/A *) core: Add the option to keep aside a request body up to a certain
0N/A size that would otherwise be discarded, to be consumed by filters
29N/A such as mod_include. When enabled for a directory, POST requests
0N/A to shtml files can be passed through to embedded scripts as POST
0N/A requests, rather being downgraded to GET requests. [Graham Leggett]
0N/A *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
0N/A *) scoreboard: Correctly declare ap_time_process_request.
0N/A *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
0N/A from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
0N/A provide the unusual legacy lookup. [William Rowe]
0N/A *) mpm winnt: fix null pointer dereference
0N/A PR 42572 [Davi Arnaut]
0N/A *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
0N/A parameters to the environment. Improve portability to
0N/A EBCDIC machines by using apr_toupper(). [Martin Kraemer]
0N/A *) mod_ldap, mod_authnz_ldap: Add support for nested groups (
i.e. the ability
0N/A to authorize an authenticated user via a "require ldap-group X" directive
0N/A where the user is not in group X, but is in a subgroup contained in X.
0N/A PR 42891 [Paul J. Reder]
0N/A *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
0N/A *) apxs: Enhance -q flag to print all known variables and their values
0N/A when invoked without variable name(s).
0N/A [William Rowe, Sander Temme]
0N/A *) apxs: Eliminate run-time check for mod_so. PR 40653.
0N/A *) beos MPM: Create pmain pool and run modules' child_init hooks when
0N/A entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
0N/A *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
0N/A cleanups registered in modules' child_init hooks are performed.
0N/A *) Fix issue which could cause error messages to be written to access logs
0N/A *) The LockFile directive, which specifies the location of
0N/A the accept() mutex lockfile, is deprecated. Instead, the
0N/A AcceptMutex directive now takes an optional lockfile
0N/A location parameter, ala SSLMutex. [Jim Jagielski]
0N/A *) mod_authn_dbd: Export any additional columns queried in the SQL select
0N/A into the environment with the name AUTHENTICATE_<COLUMN>. This brings
0N/A mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
0N/A *) mod_dbd: Key the storage of prepared statements on the hex string
0N/A value of server_rec, rather than the server name, as the server name
0N/A may change (eg when the server name is set) at any time, causing
0N/A weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
0N/A *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
0N/A *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
0N/A the first bucket from the brigade, finds it not to be a FILE
0N/A bucket and barfs. The fix is to pass a bucket rather than a brigade.
0N/A *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
0N/A *) ap_get_server_version() has been removed. Third-party modules must
0N/A now use ap_get_server_banner() or ap_get_server_description().
0N/A *) All MPMs: Introduce a check_config phase between pre_config and
0N/A open_logs, to allow modules to review interdependent configuration
304N/A directive values and adjust them while messages can still be logged
304N/A to the console. Handle relevant MPM directives during this phase
304N/A and format messages for both the console and the error log, as
0N/A appropriate. [Chris Darroch]
0N/A *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
304N/A to circumvent the symbolic link checks imposed by FollowSymLinks and
0N/A SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
0N/A *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
3710N/A configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
3710N/A The default is none as this is far greater debugging resolution than
3710N/A the typical administrator is prepared to untangle. [William Rowe]
3710N/A *) mod_disk_cache: If possible, check if the size of an object to cache is
0N/A within the configured boundaries before actually saving data.
0N/A *) Worker and event MPMs: Remove improper scoreboard updates which were
0N/A performed in the event of a fork() failure. [Chris Darroch]
0N/A *) Add support for fcgi:// proxies to mod_rewrite.
0N/A loading of worker_score structure with mod_status, and remove unused
0N/A definitions relating to old life_status field.
0N/A *) Remove allocation of memory for unused array of lb_score pointers
0N/A *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
0N/A [Garrett Rooney, Jim Jagielski, Paul Querna]
0N/A *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
0N/A *) mod_charset_lite: Remove Content-Length when output filter can
0N/A invalidate it. Warn when input filter can invalidate it.
0N/A *) Authz: Add the new module mod_authn_core that will provide common
0N/A authn directives such as 'AuthType', 'AuthName'. Move the directives
0N/A 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
0N/A into mod_authn_core. [Brad Nicholes]
0N/A *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
304N/A into the new module mod_access_compat which can be loaded to provide
0N/A support for these directives.
0N/A *) Authz: Move the 'Require' directive from the core module as well as
0N/A add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
0N/A and 'Reject' to mod_authz_core. The new directives introduce '
AND/OR'
0N/A logic into the authorization processing. [Brad Nicholes]
0N/A *) Authz: Add the new module mod_authz_core which acts as the
0N/A authorization provider vector and contains common authz
0N/A directives. [Brad Nicholes]
304N/A *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
0N/A 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
0N/A *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
0N/A host-based access control provided by mod_authz_host and invoked
0N/A through the 'Require' directive. [Brad Nicholes]
0N/A *) Authz: Convert all of the authz modules from hook based to
0N/A provider based. [Brad Nicholes]
0N/A *) mod_cache: Add CacheMinExpire directive to set the minimum time in
0N/A seconds to cache a document.
0N/A *) Fix typo in ProxyStatus syntax error message.
0N/A *) Asynchronous write completion for the Event MPM. [Brian Pane]
0N/A *) Added an End-Of-Request bucket type. The logging of a request and
0N/A the freeing of its pool are now done when the EOR bucket is destroyed.
304N/A This has the effect of delaying the logging until right after the last
304N/A of the response is sent; ap_core_output_filter() calls the access logger
0N/A indirectly when it destroys the EOR bucket. [Brian Pane]
0N/A *) Rewrite of logresolve support utility: IPv6 addresses are now supported
0N/A and the format of statistical output has changed. [Colm MacCarthaigh]
0N/A *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
0N/A *) Added new connection states for handler and write completion
0N/A *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
0N/A *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
0N/A allowing string-valued client certificate attributes to be used for
0N/A access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
0N/A [Martin Kraemer, David Reid]
0N/A [Apache 2.3.0-dev includes those bug fixes and changes with the
0N/A Apache
2.2.xx tree as documented, and except as noted, below.]