CHANGES revision fd80868005a61e747bc45b39df83cae7abb3d151
1a38107941725211e7c3f051f7a8f5e12199f03acmaeder -*- coding: utf-8 -*-
e9458b1a7a19a63aa4c179f9ab20f4d50681c168Jens ElknerChanges with Apache 2.3.7
431571057e88a650a974adec93ea4bb5173b6213Felix Gabriel Mance *) SECURITY: CVE-2009-3555 (cve.mitre.org)
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu attack when compiled against OpenSSL version 0.9.8m or later. Introduces
431571057e88a650a974adec93ea4bb5173b6213Felix Gabriel Mance the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu and offer unsafe legacy renegotiation with clients which do not yet
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu support the new secure renegotiation protocol, RFC 5746.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Joe Orton, and with thanks to the OpenSSL Team]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) SECURITY: CVE-2009-3555 (cve.mitre.org)
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
19e01e1a7e319063434bd86c8ecbc5f241ef9993Felix Gabriel Mance by rejecting any client-initiated renegotiations. Forcibly disable
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu keepalive for the connection if there is any buffered data readable. Any
80875f917d741946a39d0ec0b5721e46ba609823Till Mossakowski configuration which requires renegotiation for per-directory/location
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
a604cbad8e2202147b5c6bb9f2e06ae61162d654Felix Gabriel Mance [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
be2439588008221e691321fdf4f75432cfb72878Felix Gabriel Mance *) SECURITY: CVE-2010-0408 (cve.mitre.org)
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
fc05327b875b5723b6c17849b83477f29ec12c90Felix Gabriel Mance when request headers indicate a request body is incoming; not a case of
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) SECURITY: CVE-2010-0425 (cve.mitre.org)
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu mod_isapi: Do not unload an isapi .dll module until the request
0dd6e7830de0887c9a12356447975a826b3b3db2Christian Maeder processing is completed, avoiding orphaned callback pointers.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
424860079d47bf490fa98d5d7498096a0447c569mcodescu *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Bryn Dole <dole blekko.com>]
1a38107941725211e7c3f051f7a8f5e12199f03acmaeder *) Log an error for failures to read a chunk-size, and return 408 instead of
1a38107941725211e7c3f051f7a8f5e12199f03acmaeder 413 when this is due to a read timeout. This change also fixes some cases
32bbac77828be0233953f8fe476edb0a9585408dChristian Maeder of two error documents being sent in the response for the same scenario.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Eric Covener] PR49167
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu to control/set the nonce used in the balancer-manager application.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Jim Jagielski]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
27fdf879983dd28e211b41f3be6c0e930b7c816bFelix Gabriel Mance [Stefan Fritsch]
1a38107941725211e7c3f051f7a8f5e12199f03acmaeder *) Proxy balancer: support setting error status according to HTTP response
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) htcacheclean: Introduce the ability to clean specific URLs from the
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu cache, if provided as an optional parameter on the command line.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Graham Leggett]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) core: Introduce the IncludeStrict directive, which explicitly fails
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu server startup if no files or directories match a wildcard path.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Graham Leggett]
be00381168b3f10192afabbba136fb06d3a9f358Christian Maeder *) htcacheclean: Report additional statistics about entries deleted.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu PR 48944. [Mark Drayton mark markdrayton.info]
7852de3551fc797566ee71165bafe05b6d81728cnotanartist *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
27fdf879983dd28e211b41f3be6c0e930b7c816bFelix Gabriel Mance build of openssl is required for 'SSLFIPS on'. PR 46270.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Dr Stephen Henson <steve openssl.org>, William Rowe]
27fdf879983dd28e211b41f3be6c0e930b7c816bFelix Gabriel Mance *) mod_proxy_http: Log the port of the remote server in various messages.
d0f58d27c2536eba454d8f77de8617bc6a2c99cdFelix Gabriel Mance PR 48812. [Igor Galić <i galic brainsware org>]
d0f58d27c2536eba454d8f77de8617bc6a2c99cdFelix Gabriel Mance *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
d0f58d27c2536eba454d8f77de8617bc6a2c99cdFelix Gabriel Mance connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) mod_proxy_ajp: Really regard the operation a success, when the client
27fdf879983dd28e211b41f3be6c0e930b7c816bFelix Gabriel Mance aborted the connection. In addition adjust the log message if the client
424860079d47bf490fa98d5d7498096a0447c569mcodescu aborted the connection. [Ruediger Pluem]
60f30f0eeeacdfc1e0dfe39664373ddf5a0675adFelix Gabriel Mance *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
0dd6e7830de0887c9a12356447975a826b3b3db2Christian Maeder allows insecure renegotiation with clients which do not yet
424860079d47bf490fa98d5d7498096a0447c569mcodescu support the secure renegotiation protocol. [Joe Orton]
424860079d47bf490fa98d5d7498096a0447c569mcodescu *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
60f30f0eeeacdfc1e0dfe39664373ddf5a0675adFelix Gabriel Mance is configured for client cert auth. PR 46952. [Joe Orton]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) core: Only log a 408 if it is no keepalive timeout. PR 39785
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Ruediger Pluem, Mark Montague <markmont umich.edu>]
60f30f0eeeacdfc1e0dfe39664373ddf5a0675adFelix Gabriel Mance *) support/rotatelogs: Add -L option to create a link to the current
7852de3551fc797566ee71165bafe05b6d81728cnotanartist log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
60f30f0eeeacdfc1e0dfe39664373ddf5a0675adFelix Gabriel Mance *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
9475501a6acf48434052d9e6f4a05ed6681eaaabFrancisc Nicolae Bungiu setting only, matching most of the documentation and examples.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu PR 46541 [Paul Reder, Eric Covener]
80875f917d741946a39d0ec0b5721e46ba609823Till Mossakowski *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
80875f917d741946a39d0ec0b5721e46ba609823Till Mossakowski types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
0dd6e7830de0887c9a12356447975a826b3b3db2Christian Maeder *) mod_negotiation: Preserve query string over multiviews negotiation.
0dd6e7830de0887c9a12356447975a826b3b3db2Christian Maeder This buglet was fixed for type maps in 2.2.6, but the same issue
424860079d47bf490fa98d5d7498096a0447c569mcodescu affected multiviews and was overlooked.
0dd6e7830de0887c9a12356447975a826b3b3db2Christian Maeder PR 33112 [Joergen Thomsen <apache jth.net>]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu when some are not password-protected. [Eric Covener]
60f30f0eeeacdfc1e0dfe39664373ddf5a0675adFelix Gabriel Mance *) Fix startup segfault when the Mutex directive is used but no loaded
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu modules use httpd mutexes. PR 48787. [Jeff Trawick]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) Proxy: get the headers right in a HEAD request with
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu ProxyErrorOverride, by checking for an overridden error
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu before not after going into a catch-all code path.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu PR 41646. [Nick Kew, Stuart Children]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) support/rotatelogs: Support the simplest log rotation case, log
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu truncation. Useful when the log is being processed in real time
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu using a command like tail. [Graham Leggett]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) support/htcacheclean: Teach it how to write a pid file (modelled on
3d3889e0cefcdce9b3f43c53aaa201943ac2e895Jonathan von Schroeder httpd's writing of a pid file) so that it becomes possible to run
3d3889e0cefcdce9b3f43c53aaa201943ac2e895Jonathan von Schroeder more than one instance of htcacheclean on the same machine.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Graham Leggett]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) Log command line on startup, so there's a record of command line
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu arguments like -f. PR 48752. [Dan Poirier]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) Introduce mod_reflector, a handler capable of reflecting POSTed
31e9d2a02e15b7dbc157e0d3fb3b84f6c8666482Christian Maeder request bodies back within the response through the output filter
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu stack. Can be used to turn an output filter into a web service.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Graham Leggett]
d3cb3401882f6956de016f8eecbec1cd3b868acbFelix Gabriel Mance *) mod_proxy_http: Make sure that when an ErrorDocument is served
d3cb3401882f6956de016f8eecbec1cd3b868acbFelix Gabriel Mance from a reverse proxied URL, that the subrequest respects the status
d3cb3401882f6956de016f8eecbec1cd3b868acbFelix Gabriel Mance of the original request. This brings the behaviour of proxy_handler
d3cb3401882f6956de016f8eecbec1cd3b868acbFelix Gabriel Mance in line with default_handler. PR 47106. [Graham Leggett]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) Support wildcards in both the directory and file components of
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu the path specified by the Include directive. [Graham Leggett]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) mod_proxy, mod_proxy_http: Support remote https proxies
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu by using HTTP CONNECT. PR 19188.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu [Philip M. Gollucci]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae BungiuChanges with Apache 2.3.6
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) worker: Don't report server has reached MaxClients until it has.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu Add message when server gets within MinSpareThreads of MaxClients.
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu PR 46996. [Dan Poirier]
06acd8a23b2f06e7b2373d53f738cf56c7f03223Francisc Nicolae Bungiu *) mod_session: Session expiry was being initialised, but not updated
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu on each session save, resulting in timed out sessions when there
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu should not have been. Fixed. [Graham Leggett]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) mod_log_config: Add the R option to log the handler used within the
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu request. [Christian Folini <christian.folini netnea com>]
32bbac77828be0233953f8fe476edb0a9585408dChristian Maeder *) mod_include: Allow fine control over the removal of Last-Modified and
80875f917d741946a39d0ec0b5721e46ba609823Till Mossakowski ETag headers within the INCLUDES filter, making it possible to cache
80875f917d741946a39d0ec0b5721e46ba609823Till Mossakowski responses if desired. Fix the default value of the SSIAccessEnable
80875f917d741946a39d0ec0b5721e46ba609823Till Mossakowski directive. [Graham Leggett]
32bbac77828be0233953f8fe476edb0a9585408dChristian Maeder *) Add new UnDefine directive to undefine a variable. PR 35350.
80875f917d741946a39d0ec0b5721e46ba609823Till Mossakowski [Stefan Fritsch]
cf0439f74f1d55a9840d38a88f9b0f4fc00d5547Christian Maeder *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
cf0439f74f1d55a9840d38a88f9b0f4fc00d5547Christian Maeder for regex backreferences as mod_rewrite and mod_include: Remove the use
cf0439f74f1d55a9840d38a88f9b0f4fc00d5547Christian Maeder of '&' as an alias for '$0' and allow to escape any character with a
cf0439f74f1d55a9840d38a88f9b0f4fc00d5547Christian Maeder backslash. PR 48351. [Stefan Fritsch]
7852de3551fc797566ee71165bafe05b6d81728cnotanartist *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
80875f917d741946a39d0ec0b5721e46ba609823Till Mossakowski password to UTF-8. PR 45318.
cf0439f74f1d55a9840d38a88f9b0f4fc00d5547Christian Maeder [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
cf0439f74f1d55a9840d38a88f9b0f4fc00d5547Christian Maeder *) ab: Fix calculation of requests per second in HTML output. PR 48594.
cf0439f74f1d55a9840d38a88f9b0f4fc00d5547Christian Maeder [Stefan Fritsch]
cf0439f74f1d55a9840d38a88f9b0f4fc00d5547Christian Maeder *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
cf0439f74f1d55a9840d38a88f9b0f4fc00d5547Christian Maeder password now result in an informational level log entry instead of
cf0439f74f1d55a9840d38a88f9b0f4fc00d5547Christian Maeder warning level. [Eric Covener]
cf0439f74f1d55a9840d38a88f9b0f4fc00d5547Christian MaederChanges with Apache 2.3.5
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) SECURITY: CVE-2010-0434 (cve.mitre.org)
7852de3551fc797566ee71165bafe05b6d81728cnotanartist Ensure each subrequest has a shallow copy of headers_in so that the
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu parent request headers are not corrupted. Eliminates a problematic
7852de3551fc797566ee71165bafe05b6d81728cnotanartist optimization in the case of no request body. PR 48359
80875f917d741946a39d0ec0b5721e46ba609823Till Mossakowski [Jake Scott, William Rowe, Ruediger Pluem]
80875f917d741946a39d0ec0b5721e46ba609823Till Mossakowski *) Turn static function get_server_name_for_url() into public
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu ap_get_server_name_for_url() and use it where appropriate. This
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu fixes mod_rewrite generating invalid URLs for redirects to IPv6
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu literal addresses. [Stefan Fritsch]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu for LDAP operations like bind and search. [Stefan Fritsch]
b84c87f199dc287d235d7dad6ea344f6912ef531Christian Maeder *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
624f8c31bd8d6746b93f4b5966aa6fc7680fefc5Felix Gabriel Mance mod_proxy_ftp. [Takashi Sato]
624f8c31bd8d6746b93f4b5966aa6fc7680fefc5Felix Gabriel Mance *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
1a38107941725211e7c3f051f7a8f5e12199f03acmaeder mod_proxy_connect. [Takashi Sato]
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu *) mod_cache: Do an exact match of the keys defined by
ee93ea764a2b8189253e912c8447f9419033f6d4Francisc Nicolae Bungiu CacheIgnoreURLSessionIdentifiers against the querystring instead of
d0f58d27c2536eba454d8f77de8617bc6a2c99cdFelix Gabriel Mance a partial match. PR 48401.
431571057e88a650a974adec93ea4bb5173b6213Felix Gabriel Mance [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu *) Core HTTP: disable keepalive when the Client has sent
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu Expect: 100-continue
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu but we respond directly with a non-100 response.
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu Keepalive here led to data from clients continuing being treated as
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu a new request.
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu PR 47087 [Nick Kew]
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu *) Core: reject NULLs in request line or request headers.
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu PR 43039 [Nick Kew]
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu *) Core: (re)-introduce -T commandline option to suppress documentroot
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu check at startup.
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu PR 41887 [Jan van den Berg <janvdberg gmail.com>]
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu ScanHTMLTitles, ReadmeName, HeaderName
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu *) Proxy: Fix ProxyPassReverse with relative URL
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu Derived (slightly erroneously) from PR 38864 [Nick Kew]
b90f0b7fd6ccfbdd7e5adb65b1f6c02c7758ff5cmcodescu *) mod_headers: align Header Edit with Header Set when used on Content-Type
(See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
*) SECURITY: CVE-2009-3095 (cve.mitre.org)
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
*) SECURITY: CVE-2009-3094 (cve.mitre.org)
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
[Dr Stephen Henson <shenson oss-institute.org>]
PR 47178. [Philipp Hagemeister <oss phihag.de>]
Brian France <brian brianfrance.com>]
modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
*) mod_logio/core: Report more accurate byte counts in mod_status if
for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
[Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
Log 408 errors in access log as was done in Apache 1.3.x.
PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
Stefan Fritsch <sf fritsch.de>, Dan Poirier]
Brian France <brian brianfrance.com>]
Brian France <brian brianfrance.com>]
[Stefan Fritsch <sf sfritsch.de>]
*) mod_session.c: Prevent a segfault when session is added but not
definition. [Stefan Fritsch sf sfritsch.de]
*) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
PR 46971 [evanc nortel.com]
[Stefan Fritsch <sf sfritsch.de>]
for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
*) SECURITY: CVE-2009-1890 (cve.mitre.org)
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
PR 42175 [Jim Radford <radford blackbean.org>]
type. PR 45107. [Michael Ströder <michael stroeder.com>,
PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
PR 46942 [Dan Poirier <poirier pobox.com>]
PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
[Marko Kevac <mkevac gmail.com>]
as A/UX, Next, and Tandem. [Jeff Trawick]
directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
of module state across unload/load. [Jeff Trawick]
[Dan Poirier <poirier pobox.com>]
[Geoff Keating <geoffk apple.com>]
with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
a media type has not been configured via mime.types, AddType,
[Ryan Phillips <ryan-apache trolocsis.com>]
[<tlhackque yahoo.com>]
*) prefork: Fix child process hang during graceful restart/stop in
*) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
times out before returning status line/headers.
PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
[Theo Schlossnagle <jesus omniti.com>, Paul Querna]
modules/proxy/balancers [Jim Jagielski]
privileges and Unix user/group IDs [Nick Kew]
logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
*) unixd: turn existing code into a module, and turn the set user/group
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
*) Export and install the mod_rewrite.h header to ensure the optional
*) New module mod_sed: filter Request/Response bodies through sed
null value. [David Shane Holden <dpejesh apache.org>]
*) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
*) configure: Don't reject libtool 2.x
overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
PR 44799 [Christian Wenz <christian wenz.org>]
both inside and outside the location/directory sections, as
form request with the type of application/x-www-form-urlencoded.
*) mod_authz_dbd: When redirecting after successful login/logout per
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
mod_cache et.al. to trap the results of the redirect.
PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
can be created with test/make_sni.sh [Dirk-Willem van Gulik].
*) ApacheMonitor.exe: Introduce --kill argument for use by the
*) mod_ldap, mod_authnzldap: Add support for nested groups (i.e. the ability
[David Jones <oscaremma gmail.com>]
[David M. Lee <dmlee crossroads.com>]
[Niklas Edmundsson <nikke acc.umu.se>]
[Stijn Hoop <stijn sandcat.nl>]
[Niklas Edmundsson <nikke acc.umu.se>]
final name. [Davi Arnaut <davi haxent.com.br>]
[Markus Schiegl <ms schiegl.com>]
*) Remove incorrect comments from scoreboard.h regarding conditional
[Chris Darroch <chrisd pearsoncmg.com>]
in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
[Chris Darroch <chrisd pearsoncmg.com>]
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
Apache 2.2.xx tree as documented, and except as noted, below.]
Changes with Apache 2.2.x and later:
Changes with Apache 2.0.x and later:
Changes with Apache 1.3.x and later: