CHANGES revision fc42512879dd0504532f52fe5d0d0383dda96a1e
97a9a944b5887e91042b019776c41d5dd74557aferikabele -*- coding: utf-8 -*-
97a9a944b5887e91042b019776c41d5dd74557aferikabeleChanges with Apache 2.5.0
a945f35eff8b6a88009ce73de6d4c862ce58de3cslive *) mod_proxy_html: support automatic detection of doctype and processing
a945f35eff8b6a88009ce73de6d4c862ce58de3cslive of FPIs. PR56285 [Micha Lenk <micha lenk info>, Nick Kew]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_proxy_html: skip documents shorter than 4 bytes
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd PR 56286 [Micha Lenk <micha lenk info>]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_proxy_fdpass: Fix computation of the size of 'struct sockaddr_un'
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd when passed to 'connec()'.
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd [Graham Dumpleton <grahamd apache org>]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_socache_shmcb: Correct counting of expirations for status display.
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd Expirations happening during retrieval were not counted. [Rainer Jung]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_proxy_balancer: Correctly encode user provided data in management
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd interface. PR 56532 [Maksymilian, <max cert.cx>]
4b5981e276e93df97c34e4da05ca5cf8bbd937dand *) mod_proxy_wstunnel: Fix the use of SSL connections with the "wss:"
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd *) core: Add ap_mpm_resume_suspended() API to allow a suspended connection
ad74a0524a06bfe11b7de9e3b4ce7233ab3bd3f7nd to resume. PR56333
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd [Artem <artemciy gmail.com>, Edward Lu <Chaosed0 gmail.com>]
3a6531f1fd50efd78381e5800802a1449096781eslive *) core: Add ap_mpm_register_socket_callback_timeout() API. [Eric Covener]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_proxy_wstunnel: Honor ProxyWebsocketIdleTimeout in asynchronous
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd processing mode. [Eric Covener]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_proxy_fcgi: Fix occasional high CPU when handling request bodies.
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd [Jeff Trawick]
0d7cadfab793cd88b98342b4d34410ab6e773883rbowen *) mod_proxy_fcgi: Support iobuffersize parameter. [Jeff Trawick]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_cache: Preserve non-cacheable headers forwarded from an origin 304
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd response. PR 55547. [Yann Ylavic]
117c1f888a14e73cdd821dc6c23eb0411144a41cnd *) mod_cache: Don't add cached/revalidated entity headers to a 304 response.
117c1f888a14e73cdd821dc6c23eb0411144a41cnd PR 55547. [Yann Ylavic]
117c1f888a14e73cdd821dc6c23eb0411144a41cnd *) mod_cache: Retry unconditional request with the full URL (including the
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd query-string) when the origin server's 304 response does not match the
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd conditions used to revalidate the stale entry. [Yann Ylavic].
53bae66d3dc14a667e14a451f7bc65a893dd450fnd *) mod_authnz_ldap: Fail explicitly when the filter is too long. Remove
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd unnecessary apr_pstrdup() and strlen(). [Graham Leggett]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) Add the ldap-search option to mod_authnz_ldap, allowing authorization
53bae66d3dc14a667e14a451f7bc65a893dd450fnd to be based on arbitrary expressions that do not include the username.
06ba4a61654b3763ad65f52283832ebf058fdf1cslive [Graham Leggett]
0d7cadfab793cd88b98342b4d34410ab6e773883rbowen *) Add the ldap function to the expression API, allowing LDAP filters and
0d7cadfab793cd88b98342b4d34410ab6e773883rbowen distinguished names based on expressions to be escaped correctly to
0d7cadfab793cd88b98342b4d34410ab6e773883rbowen guard against LDAP injection. [Graham Leggett]
0d7cadfab793cd88b98342b4d34410ab6e773883rbowen *) Add module mod_ssl_ct, which provides an implementation of Certificate
0d7cadfab793cd88b98342b4d34410ab6e773883rbowen Transparency (RFC 6962) for httpd. [Jeff Trawick]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) mod_proxy: Preserve original request headers even if they differ
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd from the ones to be forwarded to the backend. PR 45387.
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd [Yann Ylavic]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_proxy: When ping/pong is configured for a worker, don't send or
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd forward "100 Continue" (interim) response to the client if it does
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd not expect one. [Yann Ylavic]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_remoteip: Prevent an external proxy from presenting an internal
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd proxy. PR 55962. [Mike Rumph]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_ssl: Add hooks to allow other modules to perform processing at
06ba4a61654b3763ad65f52283832ebf058fdf1cslive several stages of initialization and connection handling. See
06ba4a61654b3763ad65f52283832ebf058fdf1cslive mod_ssl_openssl.h. [Jeff Trawick]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) mod_proxy_wstunnel: Avoid sending error responses down an upgraded
06ba4a61654b3763ad65f52283832ebf058fdf1cslive websockets connection as it is being close down. [Eric Covener]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) mod_proxy_wstunnel: Allow the administrator to cap the amount
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf of time a synchronous websockets connection stays idle with
ea52f92bf226f48638d3e0e0b0e03568c8e7c5a9noirin ProxyWebsocketIdleTimeout. [Eric Covener]
ea52f92bf226f48638d3e0e0b0e03568c8e7c5a9noirin *) mod_proxy_wstunnel: Change to opt-in for asynchronous support, adding
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf directives ProxyWebsocketAsync and ProxyWebsocketAsyncDelay.
ea52f92bf226f48638d3e0e0b0e03568c8e7c5a9noirin [Eric Covener]
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf *) mod_proxy_wstunnel: Stop leaking websockets backend connections under
ea52f92bf226f48638d3e0e0b0e03568c8e7c5a9noirin event MPM (trunk-only). [Eric Covener]
ea52f92bf226f48638d3e0e0b0e03568c8e7c5a9noirin *) mod_proxy_wstunnel: Don't issue AH02447 and log a 500 on routine
ea52f92bf226f48638d3e0e0b0e03568c8e7c5a9noirin hangups from websockets origin servers. PR 56299
0d7cadfab793cd88b98342b4d34410ab6e773883rbowen [Yann Ylavic, Edward Lu <Chaosed0 gmail com>, Eric Covener]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_proxy_wstunnel: Don't pool backend websockets connections,
82489978ef71322bce18e6f92d2a938b87fd434erbowen because we need to handshake every time. PR 55890.
82489978ef71322bce18e6f92d2a938b87fd434erbowen [Eric Covener]
82489978ef71322bce18e6f92d2a938b87fd434erbowen *) mod_proxy_http: Add detach_backend hook (potentially usable
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd in other proxy scheme handlers). [Jeff Trawick]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_deflate: Add DeflateAlterETag to control how the ETag
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd is modified. The 'NoChange' parameter mimics 2.2.x behavior.
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd PR 45023, PR 39727. [Eric Covener]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd allow spaces in backreferences to be encoded as %20 instead of '+'.
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd [Eric Covener]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_rewrite: Support an optional list of characters to escape in the
06ba4a61654b3763ad65f52283832ebf058fdf1cslive argument for the 'B' (escape backreferences) flag. [Eric Covener]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
06ba4a61654b3763ad65f52283832ebf058fdf1cslive OCSP requests should use a nonce to be checked against the responder's
3e989ed8d4cf8733a743921e078f21021f4001a0kess one. PR 56233. [ Yann Ylavic ]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) mod_dir: Default to 2.2-like behavior and skip execution when method is
06ba4a61654b3763ad65f52283832ebf058fdf1cslive neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) mod_rewrite: Rename the handler that does per-directory internal
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd redirects to "rewrite-redirect-handler" from "redirect-handler" so
82489978ef71322bce18e6f92d2a938b87fd434erbowen it is less ambiguous and less likely to be reused. [Eric Covener]
82489978ef71322bce18e6f92d2a938b87fd434erbowen *) mod_rewrite: Protect against looping with the [N] flag by enforcing a
82489978ef71322bce18e6f92d2a938b87fd434erbowen default limit of 10000 iterations, and allowing each rule to change its
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd limit. [Eric Covener]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd [Jeff Trawick]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd 5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_auth_form: Add a debug message when the fields on a form are not
06ba4a61654b3763ad65f52283832ebf058fdf1cslive recognised. [Graham Leggett]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
06ba4a61654b3763ad65f52283832ebf058fdf1cslive configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
06ba4a61654b3763ad65f52283832ebf058fdf1cslive [Jan Kaluza]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd to support write completion. [Graham Leggett]
82489978ef71322bce18e6f92d2a938b87fd434erbowen *) core: Add parse_errorlog_arg callback to ap_errorlog_provider
82489978ef71322bce18e6f92d2a938b87fd434erbowen to allow providers to check the ErrorLog argument. [Jan Kaluza]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_cgid: Use the servers Timeout for each read from a CGI script,
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd allow override with new CGIDRequestTimeout directive. PR43494
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) core: Add missing Reason-Phrase in HTTP response headers.
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd PR 54946. [Rainer Jung]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) core: ensure any abnormal exit is reported to stderr if it's a tty.
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd PR 55670 [Nick Kew]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_lua: Let the Inter-VM get/set functions work with a global
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd shared memory pool instead of a per-process pool. [Daniel Gruno]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) ldap: Support ldaps when using the Microsoft LDAP SDK.
06ba4a61654b3763ad65f52283832ebf058fdf1cslive PR 54626. [Jean-Frederic Clere]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) mod_proxy: Add ap_connection_reusable() for checking if a connection
06ba4a61654b3763ad65f52283832ebf058fdf1cslive is reusable as of this point in processing. [Jeff Trawick]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0
06ba4a61654b3763ad65f52283832ebf058fdf1cslive to avoid performance problems when subgroups aren't in use. [Eric Covener]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) mod_syslog: New module implementing syslog ap_error_log provider.
06ba4a61654b3763ad65f52283832ebf058fdf1cslive Previously, this code was part of core, now it's in separate module.
06ba4a61654b3763ad65f52283832ebf058fdf1cslive [Jan Kaluza]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move
06ba4a61654b3763ad65f52283832ebf058fdf1cslive syslog support from core to new mod_syslog. [Jan Kaluza]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
0d7cadfab793cd88b98342b4d34410ab6e773883rbowen save the socket for reuse by the next worker as if it were an
0d7cadfab793cd88b98342b4d34410ab6e773883rbowen APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_status, mod_echo: Fix the display of client addresses.
82489978ef71322bce18e6f92d2a938b87fd434erbowen They were truncated to 31 characters which is not enough for IPv6 addresses.
82489978ef71322bce18e6f92d2a938b87fd434erbowen PR 54848 [Bernhard Schmidt <berni birkenwald de>]
82489978ef71322bce18e6f92d2a938b87fd434erbowen *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd [Jeff Trawick]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_unique_id: Use output of the PRNG rather than IP address and
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd pid, avoiding sleep() call and possible DNS issues at startup,
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd plus improving randomness for IPv6-only hosts.
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd [Jan Kaluza <jkaluza redhat.com>]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_authnz_ldap: Support primitive LDAP servers that do not accept
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd filter "none" to be specified in AuthLDAPURL. [Eric Covener]
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd *) mod_file_cache: mod_file_cache should be able to serve files that
ea52f92bf226f48638d3e0e0b0e03568c8e7c5a9noirin haven't had a Content-Type set via e.g. mod_mime. [Eric Covener]
06ba4a61654b3763ad65f52283832ebf058fdf1cslive *) core: merge AllowEncodedSlashes from the base configuration into
06ba4a61654b3763ad65f52283832ebf058fdf1cslive virtual hosts. [Eric Covener]
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf *) AIX: Install DSO's with "cp" instead of "install" in instdso.sh
ea52f92bf226f48638d3e0e0b0e03568c8e7c5a9noirin [Eric Covener]
82489978ef71322bce18e6f92d2a938b87fd434erbowen *) mod_ldap: Don't keep retrying if a new LDAP connection times out.
82489978ef71322bce18e6f92d2a938b87fd434erbowen [Eric Covener]
82489978ef71322bce18e6f92d2a938b87fd434erbowen *) mod_deflate: permit compilation of mod_deflate against a zlib that has
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd been configured with -D Z_PREFIX, which redefines the token "deflate".
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd [Eric Covener]
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd *) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
ad74a0524a06bfe11b7de9e3b4ce7233ab3bd3f7nd previously limited to 64MB. [Jens Låås <jelaas gmail.com>]
9c1260efa52c82c2a58e5b5f20cd6902563d95f5rbowen *) mod_auth_digest: Use the secret when generating nonces in all cases and
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd not only when AuthName is used in .htaccess files (this change may cause
0c4abc32c00611fe1d52c9661f5cc79a3f74c6d4nd problems if used with round robin load balancers). Don't regenerate the
HTML/XHTML [Nick Kew]
[Jan Kaluza <jkaluza redhat.com>]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
setuid/setgid capability bits rather than a setuid root binary.
[Matthew Steele <mdsteele google.com>]
passing through the server in such a way that connections and/or
Apache 2.4.xx tree as documented below, except as noted.]
Changes with Apache 2.4.x and later:
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later: