CHANGES revision e7cbd6f034687712e67ec2c6720dbb9a2affb073
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt -*- coding: utf-8 -*-
9336f01769f16a8eda79340094d663db0f8537c7Evan HuntChanges with Apache 2.5.0
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy_ajp: Forward local IP address as a custom request attribute
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt like we already do for the remote port. [Rainer Jung]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) core: Include any error notes set by modules in the canned error
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt response for 403 errors. [Jeff Trawick]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_ssl: Set an error note for requests rejected due to
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt SSLStrictSNIVHostCheck. [Jeff Trawick]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_ssl: Fix issue with redirects to error documents when handling
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt SNI errors. [Jeff Trawick]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_authnz_ldap: Return LDAP connections to the pool before the handler
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt is run, instead of waiting until the end of the request. [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_ldap: Be more conservative with the last-used time for
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt LDAPConnectionPoolTTL. PR54587 [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_deflate: Don't fail when flushing inflated data to the user-agent
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt and that coincides with the end of stream ("Zlib error flushing inflate
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy: Don't limit the size of the connectable Unix Domain Socket
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt paths. [Christophe Jaillet, Yann Ylavic]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_ssl: dump SSL IO/state for the write side of the connection(s),
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt like reads (level TRACE4). [Yann Ylavic]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy: Shutdown (eg. close notify) the backend connection before
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt closing. [Yann Ylavic]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeout
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt expires. PR54998. [Yann Ylavic]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_ssl: Ensure that the SSL close notify alert is flushed to the client.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt PR54998. [Tim Kosse <tim.kosse filezilla-project.org>, Yann Ylavic]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_log_config: Add GlobalLog to allow a globally defined log to
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt be inherited by virtual hosts that define a CustomLog.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt [Edward Lu <Chaosed0 gmail.com>]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt records for scalability. [Yingqi Lu <yingqi.lu@intel.com>,
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt Jeff Trawick, Jim Jagielski]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy_html: support automatic detection of doctype and processing
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt of FPIs. PR56285 [Micha Lenk <micha lenk info>, Nick Kew]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy_html: skip documents shorter than 4 bytes
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt PR 56286 [Micha Lenk <micha lenk info>]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy_fdpass: Fix computation of the size of 'struct sockaddr_un'
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt when passed to 'connect()'.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt [Graham Dumpleton <grahamd apache org>]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) core: Add ap_mpm_resume_suspended() API to allow a suspended connection
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt to resume. PR56333
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt [Artem <artemciy gmail.com>, Edward Lu <Chaosed0 gmail.com>]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) core: Add ap_mpm_register_socket_callback_timeout() API. [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy_wstunnel: Honor ProxyWebsocketIdleTimeout in asynchronous
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt processing mode. [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_authnz_ldap: Fail explicitly when the filter is too long. Remove
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt unnecessary apr_pstrdup() and strlen(). [Graham Leggett]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) Add the ldap-search option to mod_authnz_ldap, allowing authorization
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt to be based on arbitrary expressions that do not include the username.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt [Graham Leggett]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) Add the ldap function to the expression API, allowing LDAP filters and
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt distinguished names based on expressions to be escaped correctly to
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt guard against LDAP injection. [Graham Leggett]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) Add module mod_ssl_ct, which provides an implementation of Certificate
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt Transparency (RFC 6962) for httpd. [Jeff Trawick]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy: Preserve original request headers even if they differ
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt from the ones to be forwarded to the backend. PR 45387.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt [Yann Ylavic]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_remoteip: Prevent an external proxy from presenting an internal
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt proxy. PR 55962. [Mike Rumph]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_ssl: Add hooks to allow other modules to perform processing at
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt several stages of initialization and connection handling. See
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy_wstunnel: Avoid sending error responses down an upgraded
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt websockets connection as it is being close down. [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy_wstunnel: Allow the administrator to cap the amount
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt of time a synchronous websockets connection stays idle with
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt ProxyWebsocketIdleTimeout. [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy_wstunnel: Change to opt-in for asynchronous support, adding
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt directives ProxyWebsocketAsync and ProxyWebsocketAsyncDelay.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy_wstunnel: Stop leaking websockets backend connections under
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt event MPM (trunk-only). [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy_http: Add detach_backend hook (potentially usable
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt in other proxy scheme handlers). [Jeff Trawick]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_deflate: Add DeflateAlterETag to control how the ETag
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt is modified. The 'NoChange' parameter mimics 2.2.x behavior.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt PR 45023, PR 39727. [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt allow spaces in backreferences to be encoded as %20 instead of '+'.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_rewrite: Support an optional list of characters to escape in the
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt argument for the 'B' (escape backreferences) flag. [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt OCSP requests should use a nonce to be checked against the responder's
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt one. PR 56233. [ Yann Ylavic ]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_dir: Default to 2.2-like behavior and skip execution when method is
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_rewrite: Rename the handler that does per-directory internal
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt redirects to "rewrite-redirect-handler" from "redirect-handler" so
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt it is less ambiguous and less likely to be reused. [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_rewrite: Protect against looping with the [N] flag by enforcing a
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt default limit of 10000 iterations, and allowing each rule to change its
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt limit. [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt [Jeff Trawick]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt [Jan Kaluza]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt to support write completion. [Graham Leggett]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) core: Add parse_errorlog_arg callback to ap_errorlog_provider
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt to allow providers to check the ErrorLog argument. [Jan Kaluza]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_cgid: Use the servers Timeout for each read from a CGI script,
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt allow override with new CGIDRequestTimeout directive. PR43494
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) core: ensure any abnormal exit is reported to stderr if it's a tty.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt PR 55670 [Nick Kew]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_lua: Let the Inter-VM get/set functions work with a global
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt shared memory pool instead of a per-process pool. [Daniel Gruno]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) ldap: Support ldaps when using the Microsoft LDAP SDK.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt PR 54626. [Jean-Frederic Clere]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_proxy: Add ap_connection_reusable() for checking if a connection
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt is reusable as of this point in processing. [Jeff Trawick]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt to avoid performance problems when subgroups aren't in use. [Eric Covener]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_syslog: New module implementing syslog ap_error_log provider.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt Previously, this code was part of core, now it's in separate module.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt [Jan Kaluza]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt syslog support from core to new mod_syslog. [Jan Kaluza]
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt *) mod_status, mod_echo: Fix the display of client addresses.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt They were truncated to 31 characters which is not enough for IPv6 addresses.
9336f01769f16a8eda79340094d663db0f8537c7Evan Hunt PR 54848 [Bernhard Schmidt <berni birkenwald de>]
[Jan Kaluza <jkaluza redhat.com>]
filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
haven't had a Content-Type set via e.g. mod_mime. [Eric Covener]
*) AIX: Install DSO's with "cp" instead of "install" in instdso.sh
HTML/XHTML [Nick Kew]
[Jan Kaluza <jkaluza redhat.com>]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
setuid/setgid capability bits rather than a setuid root binary.
[Matthew Steele <mdsteele google.com>]
passing through the server in such a way that connections and/or
Apache 2.4.xx tree as documented below, except as noted.]
Changes with Apache 2.4.x and later:
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later: