825N/AChanges with Apache 2.5.0
825N/A *) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
825N/A instead of an explicit cn=* filter. [David Hawes <dhawes
vt.edu>]
825N/A *) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
825N/A allowing custom parameters to be configured via SSLCertificateFile,
825N/A and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
825N/A Unless custom parameters are configured, the standardized parameters
825N/A *) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]
825N/A *) mod_lua: Let the Inter-VM
get/set functions work with a global
825N/A shared memory pool instead of a per-process pool. [Daniel Gruno]
825N/A *) WinNT MPM: Exit the child if the parent process crashes or is terminated.
1058N/A *) ldap: Support ldaps when using the Microsoft LDAP SDK.
825N/A PR 54626. [Jean-Frederic Clere]
825N/A *) worker MPM: Don't forcibly kill worker threads if the child process is
825N/A exiting gracefully. [Oracle Corporation]
825N/A *) mod_proxy: Add ap_connection_reusable() for checking if a connection
850N/A is reusable as of this point in processing. [Jeff Trawick]
825N/A *) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
850N/A keys, and unconditionally disable aNULL, eNULL and EXP ciphers
825N/A (not overridable via SSLCipherSuite). [Kaspar Brand]
825N/A *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0
825N/A to avoid performance problems when subgroups aren't in use. [Eric Covener]
850N/A *) mod_syslog: New module implementing syslog ap_error_log provider.
825N/A Previously, this code was part of core, now it's in separate module.
825N/A *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move
1020N/A syslog support from core to new mod_syslog. [Jan Kaluza]
1020N/A *) mod_proxy_fcgi: Handle reading protocol data that is split between
825N/A *) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
825N/A An individual envvar with an encoded length of more than 16K will be
936N/A omitted. [Jeff Trawick]
825N/A *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
825N/A *) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
825N/A 30 seconds timeout. [Jan Kaluza]
825N/A *) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
825N/A save the socket for reuse by the next worker as if it were an
1074N/A APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]
825N/A *) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
825N/A *) mod_lua: Add rudimentary support for WebSocket interaction. This is
1013N/A currently request-bound and only supports the WS protocol. [Daniel Gruno]
943N/A *) WinNT MPM: Don't crash during child process initialization if the
1469N/A Listen protocol is unrecognized. [Jeff Trawick]
1013N/A *) mod_status, mod_echo: Fix the display of client addresses.
1013N/A They were truncated to 31 characters which is not enough for IPv6 addresses.
1013N/A PR 54848 [Bernhard Schmidt <berni birkenwald de>]
1013N/A *) mod_lua: If the first yield() of a LuaOutputFilter returns a string, it should
1013N/A be prefixed to the response as documented. [Eric Covener]
1013N/A *) mod_lua: Remove ETAG, Content-Length, and Content-MD5 when a LuaOutputFilter
825N/A is configured without mod_filter. [Eric Covener]
974N/A *) mod_lua: Register LuaOutputFilter scripts as changing the content and
825N/A content-length by default, when run my mod_filter. Previously,
1013N/A growing or shrinking a response that started with Content-Length set
825N/A would require mod_filter and FilterProtocol change=yes. [Eric Covnener]
1370N/A *) mod_lua: Return a 500 error if a LuaHook* script doesn't return a
1370N/A numeric return code. [Eric Covener]
825N/A *) Add experimental cmake-based build system for Windows. [Jeff Trawick,
1370N/A *) mod_authnz_fcgi: New module to enable FastCGI authorizer
974N/A applications to authenticate
and/or authorize clients.
825N/A *) mod_auth_basic: Add AuthBasicUseDigestAlgorithm directive to
825N/A allow migration of passwords from digest to basic authentication.
1370N/A routines for FastCGI, based largely on mod_proxy_fcgi.
825N/A *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
825N/A *) mod_unique_id: Use output of the PRNG rather than IP address and
825N/A pid, avoiding sleep() call and possible DNS issues at startup,
1370N/A plus improving randomness for IPv6-only hosts.
825N/A *) mod_authnz_ldap: Support primitive LDAP servers that do not accept
825N/A filters, such as "SDBM-backed LDAP" on
z/OS, by allowing a special
974N/A filter "none" to be specified in AuthLDAPURL. [Eric Covener]
974N/A *) mod_file_cache: mod_file_cache should be able to serve files that
1370N/A haven't had a Content-Type set via
e.g. mod_mime. [Eric Covener]
1013N/A *) core: merge AllowEncodedSlashes from the base configuration into
974N/A virtual hosts. [Eric Covener]
825N/A *) mod_ldap: Don't keep retrying if a new LDAP connection times out.
974N/A *) mod_deflate: permit compilation of mod_deflate against a zlib that has
1020N/A been configured with -D Z_PREFIX, which redefines the token "deflate".
825N/A *) mod_auth_digest: Use the secret when generating nonces in all cases and
825N/A not only when AuthName is used in .htaccess files (this change may cause
974N/A problems if used with round robin load balancers). Don't regenerate the
825N/A secret on graceful restarts. PR 54637 [Stefan Fritsch]
974N/A *) mod_logio: new format-specifier %C (combined) which is the sum of received
974N/A PR54015 [Christophe Jaillet]
1013N/A *) core: Remove apr_brigade_flatten(), buffering and duplicated code
825N/A from the HTTP_IN filter, parse chunks in a single pass with zero copy.
825N/A Reduce memory usage by 48 bytes per request. [Graham Leggett]
1013N/A *) core: Stop the HTTP_IN filter from attempting to write error buckets
974N/A to the output filters, which is bogus in the proxy case. Create a
1472N/A clean mapping from APR codes to HTTP status codes, and use it where
825N/A *) mod_proxy: Ensure network errors detected by the proxy are returned as
974N/A 504 Gateway Timout as opposed to 502 Bad Gateway, in order to be
1122N/A compliant with RFC2616 14.9.4 Cache Revalidation and Reload Controls.
825N/A *) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981
*) core, mod_ssl: Enable the ability for a module to reverse the sense of
a poll event from a read to a write or vice versa. This is a step on
the way to allow mod_ssl taking full advantage of the event MPM.
*) mod_ldap: LDAP connections used for authentication were not respecting
LDAPConnectionPoolTimeout. PR 54587
*) core: ap_rgetline_core now pulls from r->proto_input_filters.
*) mod_proxy_html: process parsed comments immediately.
Fixes bug where parsed comments may be lost. [Nick Kew]
*) mod_proxy_html: introduce doctype for HTML 5 [Nick Kew]
*) mod_proxy_html: fix typo-bug processing "strict" vs "transitional"
*) core: Add option to add valgrind support. Use it to reduce false positive
warnings in mod_ssl. [Stefan Fritsch]
*) mod_authn_file, mod_authn_dbd, mod_authn_dbm, mod_authn_socache:
Cache the result of the most recent password hash verification for every
keep-alive connection. This saves some expensive calculations.
*) http: Remove support for Request-Range header sent by Navigator 2-3 and
*) core, http: Extend HttpProtocol with an option to enforce stricter HTTP
conformance or to only log the found problems. [Stefan Fritsch]
*) core: Correctly parse an IPv6 literal host specification in an absolute
URL in the request line. [Stefan Fritsch]
*) mod_ssl: Add support for OpenSSL configuration commands [Stephen Henson]
*) core: Add LogLevelOverride directive that allows to override the
loglevel for clients from certain IPs. This also works for things
like the SSL handshake where <If> LogLevel ... </If> is evaluated
too late. [Stefan Fritsch]
*) core: Add new directive Warning to issue warnings from a configuration
file. Both Warning and Error now generate a timestamped log message.
*) ap_expr: Add SERVER_PROTOCOL_VERSION, ..._MAJOR, and ..._MINOR
variables. [Stefan Fritsch]
*) core: New directive RegisterHttpMethod for registering non-standard
HTTP methods. [Stefan Fritsch]
*) core: New directive HttpProtocol which allows to disable HTTP/0.9
support. [Stefan Fritsch]
*) mod_allowhandlers: New module to forbid specific handlers for specific
directories. [Stefan Fritsch]
*) mod_systemd: New module, for integration with systemd on Linux.
*) WinNT MPM: Store pid and generation for each thread in scoreboard
to allow tracking of threads from exiting children via mod_status
or other such mechanisms. [Jeff Trawick]
- APIs: ap_log_pid(), ap_remove_pid, ap_read_pid()
- core: the scoreboard (ScoreBoardFile), pid file (PidFile), and
- mod_cache: thundering herd lock directory
- mod_lbmethod_heartbeat, mod_heartmonitor: heartbeat storage file
- mod_ldap: shared memory cache
- mod_socache_shmcb, mod_socache_dbm: shared memory or dbm for cache
*) suexec: Add --enable-suexec-capabilites support on Linux, to use
*) suexec: Add support for logging to syslog as an alternative to logging
to a file; configure --without-suexec-logfile --with-suexec-syslog.
*) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210.
*) cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will
be compiled by the build compiler instead of the host compiler.
Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected.
PR 51257. [Guenter Knauf]
*) core: In maintainer mode, replace apr_palloc with a version that
initializes the allocated memory with non-zero values, except if
AP_DEBUG_NO_ALLOC_POISON is defined. [Stefan Fritsch]
*) mod_policy: Add a new testing module to help server administrators
enforce a configurable level of protocol compliance on their
servers and application servers behind theirs. [Graham Leggett]
*) mod_firehose: Add a new debugging module able to record traffic
passing through the server in such a way that connections
and/or requests be reconstructed and replayed. [Graham Leggett]
[Apache 2.5.0-dev includes those bug fixes and changes with the
Apache
2.4.xx tree as documented below, except as noted.]
Changes with Apache
2.4.x and later:
Changes with Apache
2.2.x and later:
Changes with Apache
2.0.x and later: