CHANGES revision c1a63b8fad09c419c1a64f75993feb8a343a6801
bcb4e51a409d94ae670de96afb8483a4f7855294Stephan Bosch -*- coding: utf-8 -*-
8734467f39c1d36050380f07a408860404d60996Aki TuomiChanges with Apache 2.5.0
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) core: Ensure that httpd exits with an error status when the MPM fails
8734467f39c1d36050380f07a408860404d60996Aki Tuomi to run. [Yann Ylavic]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_cache_socache: Change average object size hint from 32 bytes to
8734467f39c1d36050380f07a408860404d60996Aki Tuomi 2048 bytes. [Rainer Jung]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_cache_socache: Add cache status to server-status. [Rainer Jung]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_ssl: Move OCSP stapling information from a per-certificate store to
8734467f39c1d36050380f07a408860404d60996Aki Tuomi a per-server hash. PR 54357, PR 56919. [Alex Bligh <alex alex.org.uk>,
8734467f39c1d36050380f07a408860404d60996Aki Tuomi Kaspar Brand]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_substitute: Restrict configuration in .htaccess to
8734467f39c1d36050380f07a408860404d60996Aki Tuomi FileInfo as documented. [Rainer Jung]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_substitute: Make maximum line length configurable. [Rainer Jung]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_substitute: Fix line length limitation in case of regexp plus flatten.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Rainer Jung]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) apreq: Content-Length header should be always interpreted as a decimal.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi Leading 0 could be erroneously considered as an octal value. PR 56598.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Chris Card <ctcard hotmail com>]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy: Now allow for 191 character worker names, with non-fatal
8734467f39c1d36050380f07a408860404d60996Aki Tuomi errors if name is truncated. PR53218. [Jim Jagielski]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_ssl: Add optional function "ssl_get_tls_cb" to allow support
8734467f39c1d36050380f07a408860404d60996Aki Tuomi for channel bindings. [Simo Sorce <simo redhat.com>]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) core: Avoid useless warning message when parsing a section guarded by
8734467f39c1d36050380f07a408860404d60996Aki Tuomi <IfDefine foo> if $(foo) is used within the section.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi PR 56858 [Christophe Jaillet]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy_fcgi: Fix faulty logging of large amounts of stderr from the
8734467f39c1d36050380f07a408860404d60996Aki Tuomi application. PR 56858. [Manuel Mausz <manuel-asf mausz.at>]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_ratelimit: Drop severity of AH01455 and AH01457 (ap_pass_brigade
8734467f39c1d36050380f07a408860404d60996Aki Tuomi failed) messages from ERROR to TRACE1. Other filters do not bother
8734467f39c1d36050380f07a408860404d60996Aki Tuomi re-reporting failures from lower level filters. PR56832. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy_http: Proxy responses with error status and
8734467f39c1d36050380f07a408860404d60996Aki Tuomi "ProxyErrorOverride On" hang until proxy timeout.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi PR53420 [Rainer Jung]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy_wstunnel: Concurrent websockets messages could be
8734467f39c1d36050380f07a408860404d60996Aki Tuomi lost or delayed with ProxyWebsocketAsync enabled.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Edward Lu <Chaosed0 gmail.com>]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) core, mod_info: Add compiled and loaded PCRE versions to version
8734467f39c1d36050380f07a408860404d60996Aki Tuomi number display. [Rainer Jung]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
8734467f39c1d36050380f07a408860404d60996Aki Tuomi internationalization. [William Rowe]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mpm_winnt: Normalize the error and status messages emitted by service.c,
8734467f39c1d36050380f07a408860404d60996Aki Tuomi the service control interface for Windows. [William Rowe]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) http_protocol: fix logic in ap_method_list_(add|remove) in order:
8734467f39c1d36050380f07a408860404d60996Aki Tuomi - to correctly reset bits
8734467f39c1d36050380f07a408860404d60996Aki Tuomi - not to modify the 'method_mask' bitfield unnecessarily
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_authnz_ldap: Return LDAP connections to the pool before the handler
8734467f39c1d36050380f07a408860404d60996Aki Tuomi is run, instead of waiting until the end of the request. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_ldap: Be more conservative with the last-used time for
8734467f39c1d36050380f07a408860404d60996Aki Tuomi LDAPConnectionPoolTTL. PR54587 [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_deflate: Don't fail when flushing inflated data to the user-agent
8734467f39c1d36050380f07a408860404d60996Aki Tuomi and that coincides with the end of stream ("Zlib error flushing inflate
8734467f39c1d36050380f07a408860404d60996Aki Tuomi buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy: Don't limit the size of the connectable Unix Domain Socket
8734467f39c1d36050380f07a408860404d60996Aki Tuomi paths. [Christophe Jaillet, Yann Ylavic]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_ssl: dump SSL IO/state for the write side of the connection(s),
8734467f39c1d36050380f07a408860404d60996Aki Tuomi like reads (level TRACE4). [Yann Ylavic]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy: Shutdown (eg. close notify) the backend connection before
8734467f39c1d36050380f07a408860404d60996Aki Tuomi closing. [Yann Ylavic]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeout
8734467f39c1d36050380f07a408860404d60996Aki Tuomi expires. PR54998. [Yann Ylavic]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_ssl: Ensure that the SSL close notify alert is flushed to the client.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi PR54998. [Tim Kosse <tim.kosse filezilla-project.org>, Yann Ylavic]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_log_config: Add GlobalLog to allow a globally defined log to
8734467f39c1d36050380f07a408860404d60996Aki Tuomi be inherited by virtual hosts that define a CustomLog.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Edward Lu <Chaosed0 gmail.com>]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
8734467f39c1d36050380f07a408860404d60996Aki Tuomi records for scalability. [Yingqi Lu <yingqi.lu@intel.com>,
8734467f39c1d36050380f07a408860404d60996Aki Tuomi Jeff Trawick, Jim Jagielski]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy_html: support automatic detection of doctype and processing
8734467f39c1d36050380f07a408860404d60996Aki Tuomi of FPIs. PR56285 [Micha Lenk <micha lenk info>, Nick Kew]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy_html: skip documents shorter than 4 bytes
8734467f39c1d36050380f07a408860404d60996Aki Tuomi PR 56286 [Micha Lenk <micha lenk info>]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy_fdpass: Fix computation of the size of 'struct sockaddr_un'
8734467f39c1d36050380f07a408860404d60996Aki Tuomi when passed to 'connect()'.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Graham Dumpleton <grahamd apache org>]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) core: Add ap_mpm_resume_suspended() API to allow a suspended connection
8734467f39c1d36050380f07a408860404d60996Aki Tuomi to resume. PR56333
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Artem <artemciy gmail.com>, Edward Lu <Chaosed0 gmail.com>]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) core: Add ap_mpm_register_socket_callback_timeout() API. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy_wstunnel: Honor ProxyWebsocketIdleTimeout in asynchronous
8734467f39c1d36050380f07a408860404d60996Aki Tuomi processing mode. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_authnz_ldap: Fail explicitly when the filter is too long. Remove
8734467f39c1d36050380f07a408860404d60996Aki Tuomi unnecessary apr_pstrdup() and strlen(). [Graham Leggett]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) Add the ldap-search option to mod_authnz_ldap, allowing authorization
8734467f39c1d36050380f07a408860404d60996Aki Tuomi to be based on arbitrary expressions that do not include the username.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Graham Leggett]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) Add the ldap function to the expression API, allowing LDAP filters and
8734467f39c1d36050380f07a408860404d60996Aki Tuomi distinguished names based on expressions to be escaped correctly to
8734467f39c1d36050380f07a408860404d60996Aki Tuomi guard against LDAP injection. [Graham Leggett]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) Add module mod_ssl_ct, which provides an implementation of Certificate
8734467f39c1d36050380f07a408860404d60996Aki Tuomi Transparency (RFC 6962) for httpd. [Jeff Trawick]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy: Preserve original request headers even if they differ
8734467f39c1d36050380f07a408860404d60996Aki Tuomi from the ones to be forwarded to the backend. PR 45387.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Yann Ylavic]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_remoteip: Prevent an external proxy from presenting an internal
8734467f39c1d36050380f07a408860404d60996Aki Tuomi proxy. PR 55962. [Mike Rumph]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_ssl: Add hooks to allow other modules to perform processing at
8734467f39c1d36050380f07a408860404d60996Aki Tuomi several stages of initialization and connection handling. See
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy_wstunnel: Avoid sending error responses down an upgraded
8734467f39c1d36050380f07a408860404d60996Aki Tuomi websockets connection as it is being close down. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy_wstunnel: Allow the administrator to cap the amount
8734467f39c1d36050380f07a408860404d60996Aki Tuomi of time a synchronous websockets connection stays idle with
8734467f39c1d36050380f07a408860404d60996Aki Tuomi ProxyWebsocketIdleTimeout. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy_wstunnel: Change to opt-in for asynchronous support, adding
8734467f39c1d36050380f07a408860404d60996Aki Tuomi directives ProxyWebsocketAsync and ProxyWebsocketAsyncDelay.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy_wstunnel: Stop leaking websockets backend connections under
8734467f39c1d36050380f07a408860404d60996Aki Tuomi event MPM (trunk-only). [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy_http: Add detach_backend hook (potentially usable
8734467f39c1d36050380f07a408860404d60996Aki Tuomi in other proxy scheme handlers). [Jeff Trawick]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_deflate: Add DeflateAlterETag to control how the ETag
8734467f39c1d36050380f07a408860404d60996Aki Tuomi is modified. The 'NoChange' parameter mimics 2.2.x behavior.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi PR 45023, PR 39727. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to
8734467f39c1d36050380f07a408860404d60996Aki Tuomi allow spaces in backreferences to be encoded as %20 instead of '+'.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_rewrite: Support an optional list of characters to escape in the
8734467f39c1d36050380f07a408860404d60996Aki Tuomi argument for the 'B' (escape backreferences) flag. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
8734467f39c1d36050380f07a408860404d60996Aki Tuomi OCSP requests should use a nonce to be checked against the responder's
8734467f39c1d36050380f07a408860404d60996Aki Tuomi one. PR 56233. [ Yann Ylavic ]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_dir: Default to 2.2-like behavior and skip execution when method is
8734467f39c1d36050380f07a408860404d60996Aki Tuomi neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_rewrite: Rename the handler that does per-directory internal
ac72c147af759373f5de771937ae0a99ee673152Timo Sirainen redirects to "rewrite-redirect-handler" from "redirect-handler" so
8734467f39c1d36050380f07a408860404d60996Aki Tuomi it is less ambiguous and less likely to be reused. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_rewrite: Protect against looping with the [N] flag by enforcing a
8734467f39c1d36050380f07a408860404d60996Aki Tuomi default limit of 10000 iterations, and allowing each rule to change its
8734467f39c1d36050380f07a408860404d60996Aki Tuomi limit. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Jeff Trawick]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
8734467f39c1d36050380f07a408860404d60996Aki Tuomi configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Jan Kaluza]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl
8734467f39c1d36050380f07a408860404d60996Aki Tuomi to support write completion. [Graham Leggett]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) core: Add parse_errorlog_arg callback to ap_errorlog_provider
8734467f39c1d36050380f07a408860404d60996Aki Tuomi to allow providers to check the ErrorLog argument. [Jan Kaluza]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_cgid: Use the servers Timeout for each read from a CGI script,
8734467f39c1d36050380f07a408860404d60996Aki Tuomi allow override with new CGIDRequestTimeout directive. PR43494
6b98c595aec0ab438e0e3c6faf220260f710f126Aki Tuomi [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) core: ensure any abnormal exit is reported to stderr if it's a tty.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi PR 55670 [Nick Kew]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_lua: Let the Inter-VM get/set functions work with a global
8734467f39c1d36050380f07a408860404d60996Aki Tuomi shared memory pool instead of a per-process pool. [Daniel Gruno]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) ldap: Support ldaps when using the Microsoft LDAP SDK.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi PR 54626. [Jean-Frederic Clere]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_proxy: Add ap_connection_reusable() for checking if a connection
8734467f39c1d36050380f07a408860404d60996Aki Tuomi is reusable as of this point in processing. [Jeff Trawick]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0
8734467f39c1d36050380f07a408860404d60996Aki Tuomi to avoid performance problems when subgroups aren't in use. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_syslog: New module implementing syslog ap_error_log provider.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi Previously, this code was part of core, now it's in separate module.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Jan Kaluza]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move
8734467f39c1d36050380f07a408860404d60996Aki Tuomi syslog support from core to new mod_syslog. [Jan Kaluza]
673ee24d152b1f061d544d957670f34373aef7dfTimo Sirainen *) mod_status, mod_echo: Fix the display of client addresses.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi They were truncated to 31 characters which is not enough for IPv6 addresses.
673ee24d152b1f061d544d957670f34373aef7dfTimo Sirainen PR 54848 [Bernhard Schmidt <berni birkenwald de>]
673ee24d152b1f061d544d957670f34373aef7dfTimo Sirainen *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
673ee24d152b1f061d544d957670f34373aef7dfTimo Sirainen [Jeff Trawick]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_unique_id: Use output of the PRNG rather than IP address and
8734467f39c1d36050380f07a408860404d60996Aki Tuomi pid, avoiding sleep() call and possible DNS issues at startup,
8734467f39c1d36050380f07a408860404d60996Aki Tuomi plus improving randomness for IPv6-only hosts.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Jan Kaluza <jkaluza redhat.com>]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_authnz_ldap: Support primitive LDAP servers that do not accept
8734467f39c1d36050380f07a408860404d60996Aki Tuomi filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
8734467f39c1d36050380f07a408860404d60996Aki Tuomi filter "none" to be specified in AuthLDAPURL. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_file_cache: mod_file_cache should be able to serve files that
8734467f39c1d36050380f07a408860404d60996Aki Tuomi haven't had a Content-Type set via e.g. mod_mime. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) core: merge AllowEncodedSlashes from the base configuration into
8734467f39c1d36050380f07a408860404d60996Aki Tuomi virtual hosts. [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) AIX: Install DSO's with "cp" instead of "install" in instdso.sh
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Eric Covener]
8734467f39c1d36050380f07a408860404d60996Aki Tuomi *) mod_ldap: Don't keep retrying if a new LDAP connection times out.
8734467f39c1d36050380f07a408860404d60996Aki Tuomi [Eric Covener]
HTML/XHTML [Nick Kew]
[Jan Kaluza <jkaluza redhat.com>]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
setuid/setgid capability bits rather than a setuid root binary.
[Matthew Steele <mdsteele google.com>]
passing through the server in such a way that connections and/or
Apache 2.4.xx tree as documented below, except as noted.]
Changes with Apache 2.4.x and later:
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later: