0N/A -*- coding: utf-8 -*-
0N/A *) mod_proxy: Don't put non balancer-member workers in error state by
0N/A default for connection or 500/503 errors, and honor status=+I for
0N/A any error. PR 48388. [Yann Ylavic]
0N/A *) mod_include: the 'env' function was incorrectly handled as 'getenv' if the
2362N/A leading 'e' was written in upper case in <!--#if expr="..." -->
0N/A statements. [Christophe Jaillet]
0N/A *) mod_socache_memcache: Pass expiration time through to memcached. PR 55445.
0N/A *) split-logfile: Fix perl error: 'Can't use string ("
example.org:80")
0N/A as a symbol ref while "strict refs"'. PR 56329.
0N/A *) mod_proxy: Prevent ProxyPassReverse from doing a substitution when
0N/A the URL parameter interpolates to an empty string. PR 56603.
2362N/A *) core: Configuration files with long lines and continuation characters
0N/A are not read properly. PR 55910. [Manuel Mausz <manuel-as
mausz.at>]
0N/A *) mod_proxy_fcgi: Provide some basic alternate options for specifying
2080N/A how PATH_INFO is passed to FastCGI backends by adding significance to
0N/A the value of proxy-fcgi-pathinfo. PR 55329. [Eric Covener]
0N/A to opt-in to connection reuse and other Proxy options via explicitly
0N/A declared "proxy workers" (<Proxy unix:... enablereuse=on max=...)
460N/A *) mod_proxy: Add "enablereuse" option as the inverse of "disablereuse".
0N/A *) mod_proxy_fcgi: Enable opt-in to TCP connection reuse by explicitly
0N/A setting proxy option disablereuse=off. [Eric Covener] PR 57378.
0N/A *) mod_proxy_fcgi: Remove proxy:balancer:// prefix from SCRIPT_FILENAME
0N/A passed to fastcgi backends. [Eric Covener]
0N/A *) mod_http: Fix incorrect If-Match handling. PR 57358.
0N/A *) mod_proxy_ajp: Fix handling of the default port (8009) in the
0N/A ProxyPass and <Proxy> configurations. PR 57259. [Yann Ylavic].
0N/A *) mod_ssl: Fix renegotiation failures redirected to an ErrorDocument.
886N/A PR 57334. [Yann Ylavic].
0N/A *) core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
0N/A *) mod_proxy_ajp: Fix client connection errors handling and logged status
0N/A when it occurs. PR 56823. [Yann Ylavic]
0N/A *) ap_expr: Add filemod function for checking file modification dates
0N/A *) core: Add CGIPassAuth directive to control whether HTTP authorization
0N/A headers are passed to scripts as CGI variables. PR 56855. [Jeff
0N/A context for directories found by mod_userdir and mod_alias. These no
0N/A longer require RewriteBase to be specified. [Eric Covener]
0N/A *) mod_authnz_ldap: Resolve crashes with LDAP authz and non-LDAP authn since
0N/A r1608202. [Eric Covener]
0N/A *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
0N/A *) mod_proxy_connect: Don't issue AH02447 on sockets hangups, let the read
0N/A determine whether it is a normal close or a real error. PR 57168. [Yann
0N/A *) mod_buffer: Forward flushed input data immediatly and avoid (unlikely)
0N/A access to freed memory. [Yann Ylavic, Christophe Jaillet]
0N/A *) mod_proxy: Use the correct server name for SNI in case the backend
0N/A SSL connection itself is established via a proxy server.
0N/A *) mod_ssl: Do not crash when looking up SSL related variables during
0N/A expression evaluation on non SSL connections. PR 57070 [Ruediger Pluem]
0N/A *) core: Ensure that httpd exits with an error status when the MPM fails
0N/A to run. [Yann Ylavic]
0N/A *) apreq: Content-Length header should be always interpreted as a decimal.
0N/A Leading 0 could be erroneously considered as an octal value. PR 56598.
0N/A [Chris Card <ctcard hotmail com>]
0N/A *) mod_proxy: Now allow for 191 character worker names, with non-fatal
0N/A errors if name is truncated. PR53218. [Jim Jagielski]
0N/A *) mod_ssl: Add optional function "ssl_get_tls_cb" to allow support
0N/A *) mod_proxy_wstunnel: Concurrent websockets messages could be
0N/A lost or delayed with ProxyWebsocketAsync enabled.
0N/A *) core, mod_info: Add compiled and loaded PCRE versions to version
0N/A number display. [Rainer Jung]
0N/A *) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
0N/A internationalization. [William Rowe]
0N/A *) mpm_winnt: Normalize the error and status messages emitted by
service.c,
0N/A the service control interface for Windows. [William Rowe]
0N/A *) mod_authnz_ldap: Return LDAP connections to the pool before the handler
0N/A is run, instead of waiting until the end of the request. [Eric Covener]
0N/A *) mod_ldap: Be more conservative with the last-used time for
0N/A LDAPConnectionPoolTTL. PR54587 [Eric Covener]
0N/A *) mod_deflate: Don't fail when flushing inflated data to the user-agent
0N/A and that coincides with the end of stream ("Zlib error flushing inflate
0N/A *) mod_proxy: Don't limit the size of the connectable Unix Domain Socket
0N/A paths. [Christophe Jaillet, Yann Ylavic]
0N/A *) mod_ssl: dump SSL
IO/state for the write side of the connection(s),
0N/A like reads (level TRACE4). [Yann Ylavic]
0N/A *) mod_proxy: Shutdown (eg. close notify) the backend connection before
0N/A closing. [Yann Ylavic]
0N/A *) mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeout
0N/A expires. PR54998. [Yann Ylavic]
0N/A *) mod_ssl: Ensure that the SSL close notify alert is flushed to the client.
0N/A *) mod_log_config: Add GlobalLog to allow a globally defined log to
0N/A be inherited by virtual hosts that define a CustomLog.
0N/A *) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
0N/A records for scalability. [Yingqi Lu <yingqi.lu@intel.com>,
0N/A Jeff Trawick, Jim Jagielski]
0N/A *) mod_proxy_html: support automatic detection of doctype and processing
0N/A of FPIs. PR56285 [Micha Lenk <micha lenk info>, Nick Kew]
0N/A *) mod_proxy_html: skip documents shorter than 4 bytes
0N/A PR 56286 [Micha Lenk <micha lenk info>]
0N/A *) mod_proxy_fdpass: Fix computation of the size of 'struct sockaddr_un'
0N/A when passed to 'connect()'.
0N/A [Graham Dumpleton <grahamd apache org>]
0N/A *) core: Add ap_mpm_resume_suspended() API to allow a suspended connection
0N/A *) core: Add ap_mpm_register_socket_callback_timeout() API. [Eric Covener]
0N/A *) mod_proxy_wstunnel: Honor ProxyWebsocketIdleTimeout in asynchronous
0N/A processing mode. [Eric Covener]
0N/A *) mod_authnz_ldap: Fail explicitly when the filter is too long. Remove
0N/A unnecessary apr_pstrdup() and strlen(). [Graham Leggett]
0N/A *) Add the ldap-search option to mod_authnz_ldap, allowing authorization
0N/A to be based on arbitrary expressions that do not include the username.
0N/A *) Add the ldap function to the expression API, allowing LDAP filters and
0N/A distinguished names based on expressions to be escaped correctly to
0N/A guard against LDAP injection. [Graham Leggett]
3297N/A *) Add module mod_ssl_ct, which provides an implementation of Certificate
3297N/A Transparency (RFC 6962) for httpd. [Jeff Trawick]
0N/A *) mod_proxy: Preserve original request headers even if they differ
0N/A from the ones to be forwarded to the backend. PR 45387.
0N/A *) mod_remoteip: Prevent an external proxy from presenting an internal
0N/A proxy. PR 55962. [Mike Rumph]
0N/A *) mod_ssl: Add hooks to allow other modules to perform processing at
0N/A several stages of initialization and connection handling. See
0N/A *) mod_proxy_wstunnel: Avoid sending error responses down an upgraded
0N/A websockets connection as it is being close down. [Eric Covener]
0N/A *) mod_proxy_wstunnel: Allow the administrator to cap the amount
0N/A of time a synchronous websockets connection stays idle with
0N/A ProxyWebsocketIdleTimeout. [Eric Covener]
0N/A *) mod_proxy_wstunnel: Change to opt-in for asynchronous support, adding
0N/A directives ProxyWebsocketAsync and ProxyWebsocketAsyncDelay.
0N/A *) mod_proxy_wstunnel: Stop leaking websockets backend connections under
0N/A event MPM (trunk-only). [Eric Covener]
0N/A *) mod_proxy_http: Add detach_backend hook (potentially usable
0N/A in other proxy scheme handlers). [Jeff Trawick]
0N/A *) mod_deflate: Add DeflateAlterETag to control how the ETag
0N/A is modified. The 'NoChange' parameter mimics
2.2.x behavior.
0N/A PR 45023, PR 39727. [Eric Covener]
0N/A *) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to
0N/A allow spaces in backreferences to be encoded as %20 instead of '+'.
0N/A *) mod_rewrite: Support an optional list of characters to escape in the
0N/A argument for the 'B' (escape backreferences) flag. [Eric Covener]
0N/A *) mod_dir: Default to 2.2-like behavior and skip execution when method is
0N/A neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch]
0N/A *) mod_rewrite: Rename the handler that does per-directory internal
0N/A redirects to "rewrite-redirect-handler" from "redirect-handler" so
0N/A it is less ambiguous and less likely to be reused. [Eric Covener]
0N/A *) mod_rewrite: Protect against looping with the [N] flag by enforcing a
0N/A default limit of 10000 iterations, and allowing each rule to change its
0N/A limit. [Eric Covener]
0N/A *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
0N/A *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
0N/A [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
0N/A *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
0N/A configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
0N/A *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl
0N/A to support write completion. [Graham Leggett]
0N/A *) core: Add parse_errorlog_arg callback to ap_errorlog_provider
0N/A to allow providers to check the ErrorLog argument. [Jan Kaluza]
0N/A *) mod_cgid: Use the servers Timeout for each read from a CGI script,
0N/A allow override with new CGIDRequestTimeout directive. PR43494
0N/A [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>]
0N/A *) core: ensure any abnormal exit is reported to stderr if it's a tty.
0N/A *) mod_lua: Let the Inter-VM
get/set functions work with a global
862N/A shared memory pool instead of a per-process pool. [Daniel Gruno]
2129N/A *) ldap: Support ldaps when using the Microsoft LDAP SDK.
862N/A PR 54626. [Jean-Frederic Clere]
862N/A *) mod_proxy: Add ap_connection_reusable() for checking if a connection
862N/A is reusable as of this point in processing. [Jeff Trawick]
2129N/A *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0
0N/A to avoid performance problems when subgroups aren't in use. [Eric Covener]
0N/A *) mod_syslog: New module implementing syslog ap_error_log provider.
0N/A Previously, this code was part of core, now it's in separate module.
0N/A *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move
0N/A syslog support from core to new mod_syslog. [Jan Kaluza]
0N/A *) mod_status, mod_echo: Fix the display of client addresses.
0N/A They were truncated to 31 characters which is not enough for IPv6 addresses.
0N/A PR 54848 [Bernhard Schmidt <berni birkenwald de>]
0N/A *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
0N/A *) mod_unique_id: Use output of the PRNG rather than IP address and
0N/A pid, avoiding sleep() call and possible DNS issues at startup,
0N/A plus improving randomness for IPv6-only hosts.
0N/A *) mod_authnz_ldap: Support primitive LDAP servers that do not accept
0N/A filters, such as "SDBM-backed LDAP" on
z/OS, by allowing a special
0N/A filter "none" to be specified in AuthLDAPURL. [Eric Covener]
0N/A *) mod_file_cache: mod_file_cache should be able to serve files that
0N/A haven't had a Content-Type set via
e.g. mod_mime. [Eric Covener]
0N/A *) core: merge AllowEncodedSlashes from the base configuration into
0N/A virtual hosts. [Eric Covener]
0N/A *) AIX: Install DSO's with "cp" instead of "install" in
instdso.sh 0N/A *) mod_ldap: Don't keep retrying if a new LDAP connection times out.
0N/A *) mod_deflate: permit compilation of mod_deflate against a zlib that has
0N/A been configured with -D Z_PREFIX, which redefines the token "deflate".
0N/A *) mod_auth_digest: Use the secret when generating nonces in all cases and
0N/A not only when AuthName is used in .htaccess files (this change may cause
0N/A problems if used with round robin load balancers). Don't regenerate the
0N/A secret on graceful restarts. PR 54637 [Stefan Fritsch]
0N/A *) core: Remove apr_brigade_flatten(), buffering and duplicated code
0N/A from the HTTP_IN filter, parse chunks in a single pass with zero copy.
0N/A Reduce memory usage by 48 bytes per request. [Graham Leggett]
0N/A *) core: Stop the HTTP_IN filter from attempting to write error buckets
0N/A to the output filters, which is bogus in the proxy case. Create a
0N/A clean mapping from APR codes to HTTP status codes, and use it where
0N/A needed. [Graham Leggett]
0N/A *) mod_proxy: Ensure network errors detected by the proxy are returned as
2080N/A 504 Gateway Timout as opposed to 502 Bad Gateway, in order to be
0N/A compliant with RFC2616 14.9.4 Cache Revalidation and Reload Controls.
0N/A *) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981
0N/A *) mod_ldap: LDAP connections used for authentication were not respecting
2080N/A LDAPConnectionPoolTimeout. PR 54587
0N/A *) core: ap_rgetline_core now pulls from r->proto_input_filters.
0N/A *) mod_proxy_html: process parsed comments immediately.
0N/A Fixes bug where parsed comments may be lost. [Nick Kew]
0N/A *) mod_proxy_html: introduce doctype for HTML 5 [Nick Kew]
0N/A *) mod_proxy_html: fix typo-bug processing "strict" vs "transitional"
0N/A *) core: Add option to add valgrind support. Use it to reduce false positive
0N/A warnings in mod_ssl. [Stefan Fritsch]
0N/A *) mod_authn_file, mod_authn_dbd, mod_authn_dbm, mod_authn_socache:
0N/A Cache the result of the most recent password hash verification for every
0N/A keep-alive connection. This saves some expensive calculations.
978N/A *) http: Remove support for Request-Range header sent by Navigator 2-3 and
0N/A MSIE 3. [Stefan Fritsch]
0N/A *) core, http: Extend HttpProtocol with an option to enforce stricter HTTP
0N/A conformance or to only log the found problems. [Stefan Fritsch]
0N/A *) core: Correctly parse an IPv6 literal host specification in an absolute
0N/A URL in the request line. [Stefan Fritsch]
0N/A *) core: Add LogLevelOverride directive that allows to override the
0N/A loglevel for clients from certain IPs. This also works for things
0N/A like the SSL handshake where <If> LogLevel ... </If> is evaluated
0N/A too late. [Stefan Fritsch]
0N/A *) core: Add new directive Warning to issue warnings from a configuration
0N/A file. Both Warning and Error now generate a timestamped log message.
0N/A *) ap_expr: Add SERVER_PROTOCOL_VERSION, ..._MAJOR, and ..._MINOR
0N/A variables. [Stefan Fritsch]
0N/A *) core: New directive RegisterHttpMethod for registering non-standard
3192N/A HTTP methods. [Stefan Fritsch]
0N/A *) core: New directive HttpProtocol which allows to disable HTTP/0.9
0N/A support. [Stefan Fritsch]
3192N/A *) mod_allowhandlers: New module to forbid specific handlers for specific
0N/A directories. [Stefan Fritsch]
0N/A *) mod_systemd: New module, for integration with systemd on Linux.
0N/A *) WinNT MPM: Store pid and generation for each thread in scoreboard
0N/A to allow tracking of threads from exiting children via mod_status
0N/A or other such mechanisms. [Jeff Trawick]
0N/A - APIs: ap_log_pid(), ap_remove_pid, ap_read_pid()
0N/A - core: the scoreboard (ScoreBoardFile), pid file (PidFile), and
0N/A - mod_cache: thundering herd lock directory
0N/A - mod_lbmethod_heartbeat, mod_heartmonitor: heartbeat storage file
0N/A - mod_ldap: shared memory cache
0N/A - mod_socache_shmcb, mod_socache_dbm: shared memory or dbm for cache
0N/A *) suexec: Add --enable-suexec-capabilites support on Linux, to use
0N/A *) suexec: Add support for logging to syslog as an alternative to logging
0N/A to a file; configure --without-suexec-logfile --with-suexec-syslog.
0N/A *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210.
0N/A *) cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will
0N/A be compiled by the build compiler instead of the host compiler.
0N/A Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected.
0N/A PR 51257. [Guenter Knauf]
2080N/A *) core: In maintainer mode, replace apr_palloc with a version that
2080N/A initializes the allocated memory with non-zero values, except if
0N/A AP_DEBUG_NO_ALLOC_POISON is defined. [Stefan Fritsch]
0N/A *) mod_policy: Add a new testing module to help server administrators
0N/A enforce a configurable level of protocol compliance on their
0N/A servers and application servers behind theirs. [Graham Leggett]
0N/A *) mod_firehose: Add a new debugging module able to record traffic
0N/A passing through the server in such a way that connections
and/or 0N/A requests be reconstructed and replayed. [Graham Leggett]
0N/A [Apache 2.5.0-dev includes those bug fixes and changes with the
0N/A Apache
2.4.xx tree as documented below, except as noted.]