1516N/AAPACHE 2.0 STATUS: -*-text-*-
19N/ALast modified at [$Date: 2002/04/01 21:19:41 $]
19N/A 2.0.34 : tagged March 26, 2002.
19N/A 2.0.33 : tagged March 6, 2002. not released.
19N/A 2.0.32 : released Feburary 16, 2002 as beta.
19N/A 2.0.31 : rolled Feburary 1, 2002. not released.
19N/A 2.0.30 : tagged January 8, 2002. not rolled.
19N/A 2.0.29 : tagged November 27, 2001. not rolled.
19N/A 2.0.28 : released November 13, 2001 as beta.
19N/A 2.0.27 : rolled November 6, 2001
19N/A 2.0.26 : tagged October 16, 2001. not rolled.
19N/A 2.0.25 : rolled August 29, 2001
19N/A 2.0.24 : rolled August 18, 2001
19N/A 2.0.23 : rolled August 9, 2001
19N/A 2.0.22 : rolled July 29, 2001
19N/A 2.0.21 : rolled July 20, 2001
19N/A 2.0.20 : rolled July 8, 2001
19N/A 2.0.19 : rolled June 27, 2001
19N/A 2.0.18 : rolled May 18, 2001
926N/A 2.0.17 : rolled April 17, 2001
3158N/A 2.0.16 : rolled April 4, 2001
926N/A 2.0.15 : rolled March 21, 2001
19N/A 2.0.14 : rolled March 7, 2001
2339N/A 2.0a9 : released December 12, 2000
1771N/A 2.0a8 : released November 20, 2000
2452N/A 2.0a7 : released October 8, 2000
2453N/A 2.0a6 : released August 18, 2000
2219N/A 2.0a5 : released August 4, 2000
1549N/A 2.0a4 : released June 7, 2000
161N/A 2.0a3 : released April 28, 2000
2962N/A 2.0a2 : released March 31, 2000
26N/A 2.0a1 : released March 10, 2000
838N/APlease consult the following STATUS files for information
1431N/A * 34 status: Let's get all API changes and showstoppers in this one.
2135N/A * We do not properly substitute the prefix-variables in the configuration
1191N/A scripts or generated-configs. (
i.e. if sysconfdir is etc,
1191N/A Aaron says: This is not a showstopper, these problems have existed
2339N/A for as long as I can remember. It would be nice to fix
1191N/A Not a showstopper: Jeff, Aaron, BillS, gregames
2026N/A * Should we always build [support*] binaries statically unless otherwise
2097N/A Message-ID: <20020129210006.B23512@Lithium.MeepZor.Com>
307N/A +1: Ken, *wrowe [they are PITAs on OSX]
2453N/A * If the parent process dies, should the remaining child processes
1191N/A "gracefully" self-terminate. Or maybe we should make it a runtime
2028N/A option, or have a concept of 2 parent processes (one being a
1191N/A See: Message-ID: <3C58232C.FE91F19F@Golux.Com>
539N/A Not self-destruct: BrianP, Ian, Cliff, BillS
104N/A Make it runtime configurable: Aaron, Jim, Justin
926N/A -1: Justin, wrowe [for 2.0]
2753N/A +0: Martin (while standing by, could it do
26N/A * Make the worker MPM the default MPM for threaded Unix boxes.
30N/A +1: Justin, Ian, Cliff
26N/A -0: Aaron (premature decision, needs more discussion), Lars
419N/ARELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
19N/A * If any request gets through ap_process_request_internal() and is
19N/A scheduled to be served by the core handler, without a flag that this
19N/A end of the ap_process_request_internal() processing so sub_req-esters
19N/A know this request cannot be run. This provides authors of older
19N/A modules better compatibility, while still improving the security and
19N/A Status: still need to decide where this goes, OtherBill comments...
19N/A Message-ID: <065701c14526$495203b0$96c0b0d0@roweclan.net>
19N/A [Deleted comments regarding the ap_run_handler phase, as irrelevant
19N/A as BillS points out that "common case will be caught in
19N/A and the issue is detecting this -before- we try to run the req.]
19N/A gregames says: can this happen somehow without a broken module
19N/A being involved? If not, why waste cycles trying to defend against
19N/A potential broken modules? It seems futile.
19N/A wrowe counters: no, it shouldn't happen unless the module is broken.
26N/A But the right answer is to fail the request up-front in
dir/file 26N/A walk if the path was entirely invalid; and we can't do that either
26N/A or we break modules that are unwilling to hook map_to_storage.
2144N/A * Rewrite core_output_filter. It is nearly impossible to support
2144N/A it with predictable results as it is implemented now.
1352N/A * Convert all instances of the old apr_lock_t type to the new
1352N/A Status: Aaron has converted all but the perchild MPM to
1352N/A use the new lock API. Since perchild has been put
1352N/A on the back burner, this is no longer a showstopper.
2768N/A Aaron will patch perchild as soon as it becomes
2092N/A * With AP_MODE_EXHAUSTIVE in the core, it is finally clear to me
2158N/A how the Perchild MPM should be re-written. It hasn't worked
2690N/A correctly since filters were added because it wasn't possible to
2339N/A get the content that had already been written and the socket at
1370N/A the same time. This mode lets us do that, so the MPM can be
1370N/A * htpasswd blindly processes the file you give it, and does no
1370N/A sanity checking before totally corrupting whatever file it was
2144N/A you thought you had. It should check the input file and bail
2219N/A if it finds non-comment lines that do not contain exactly 1
2219N/A Message-ID: <20020217150457.A31632@clove.org>
2219N/A * Can a static httpd be built reliably?
2219N/A Message-ID: <20020207142751.T31582@clove.org>
2339N/A * [Ken] Test suite failures:
2339N/A o worker is also failing some of the 'cgi' subtests
2339N/A Justin says: "Worker should be fine and passes httpd-test here.
2339N/A If you can provide evidence that it can be reproduced
2339N/A outside of httpd-test, then it's a showstopper. I
2339N/A think it's a perl or a httpd-test problem."
2339N/A * Usage of APR_BRIGADE_NORMALIZE in core_input_filter should be
2339N/A Message-ID: <Pine.LNX.4.33.0201202232430.318-100000@deepthought.cs.virginia.edu>
2339N/A * There is a bug in how we sort some hooks, at least the pre-config
2339N/A hook. The first time we call the hooks, they are in the correct
2339N/A order, but the second time, we don't sort them correctly. Currently,
2339N/A back when this is fixed. rbb
2339N/A Justin says: "Is this really a showstopper? This has been here
2144N/A forever. What's wrong? Does this have to do with
2144N/A Not a showstopper: Justin, BrianP, trawick, gregames
2144N/A administrator to order filters, beyond the order of filename (mime)
2488N/A filename extensions. At minimum, some sort of +-[0-10] syntax seems
2488N/A like the quickest fix for a 2.0 gold release.
2488N/A Justin says: "Could we delay this for a point release or 2.1?"
1710N/A Not a showstopper: justin, wrowe, trawick, stoddard, Jim, Ian, Aaron,
2339N/A * Get perchild to work on platforms other than Linux. This
1352N/A descriptors between vhost child groups. An API was proposed
2144N/A Message-ID: <20020111115006.K1529@clove.org>
2073N/A * Try to get libtool inter-library dependency code working on AIX.
2144N/A Message-ID: <cm3n10lx555.fsf@rdu163-40-092.nc.rr.com>
2073N/A Justin says: If we get it working on AIX, we can enable this
2073N/A on all platforms and clean up our build system
2073N/A Jeff says: I thought I tested a patch for you sometime in
2073N/A January that you were going to commit within a few
2148N/A * Handling of %2f in URIs. Currently both 1.3 and 2.0
2148N/A completely disallow %2f in the request URI path (see
2043N/A through in the query string, however. Roy says the
2026N/A original reason for disallowing it, from five years ago,
2026N/A was to protect CGI scripts that applied PATH_INFO to
2610N/A a filesystem location and which might be tricked by
1370N/A ..%2f..%2f(...). We *should* allow path-info of the
2105N/A Since we've revamped a lot of our processing of path
2105N/A segments, it would be nice to allow this, or at least
2003N/A allow it conditionally with a directive.
2003N/A * FreeBSD, threads, and worker MPM. All seems to work fine
2003N/A if you only have one worker process with many threads. Add
2003N/A a second worker process and the accept lock seems to be
2003N/A lost. This might be an APR issue with how it deals with
2003N/A the child_init hook (
i.e. the fcntl lock needs to be resynced).
2003N/A More examination and analysis is required.
2228N/A Status: This has also been reported on Cygwin.
2228N/A Message-ID: <3C2CC514.8EF3BED1@wapme-systems.de> (cygnus)
2228N/A Justin says: So, FreeBSD-CURRENT and Cywin have the same
2228N/A problem. Yum. If another platform has this
2228N/A with worker, this becomes a showstopper.
2228N/A Aaron says: I spent some time disecting this and have come to
2228N/A the conclusion that it is not a problem in the worker MPM
2608N/A (or at least, it is not isolated to a problem in worker).
2608N/A I'll list some of the problems I'm seeing in case someone
2608N/A else wants to pick up where I've left off:
2608N/A - Delivery of just about any signal to one of the child
2310N/A processes will send it into an infinite loop as well.
2310N/A - Even though the parent is spinning out of control,
1370N/A at first the child or children will appear to work
1974N/A properly. At times it is possible to get it into a state,
1974N/A however, where a request will hang until another concurrent
1370N/A request "kicks" the first, at which point the second will
2339N/A hang. My theory is that this has to do with the
2339N/A pthread_cond_*() implementation in FreeBSD, but it's still
1370N/A possible that it is in APR.
1370N/A Justin adds: Oh, FreeBSD threads are implemented entirely with
1370N/A select()/poll()/longjmp(). Welcome to the nightmare.
1370N/A So, that means a ktrace output also has the thread
2073N/A scheduling internals in it (since it is all the same to
2373N/A the kernel). Which makes it hard to distinguish between
2373N/A our select() calls and their select() calls.
2373N/A *bangs head on wall repeatedly* But, some of the libc_r
2373N/A files have a DBG_MSG #define. This is moderately helpful
2373N/A when used with -DNO_DETACH. The kernel scheduler isn't
2373N/A waking up the threads on a select(). Yum. And, I bet
2373N/A those decrementing select calls have to do with the
2373N/A scheduler. Time to brush up on our OS fundamentals.
1370N/A * There is increasing demand from module writers for an API
2097N/A that will allow them to control the server � la apachectl.
429N/A Reasons include sole-function servers that need to die if
674N/A an external dependency (
e.g., a database) fails, et cetera.
674N/A Perhaps something in the (ever more abused) scoreboard?
926N/A rbb: I don't believe the scoreboard is the correct mechanism
674N/A for this. We already have a pipe that goes between parent
674N/A and child for graceful shutdown events, along with an API that
2092N/A can be used to send a message down that pipe. In threaded MPMs,
2092N/A it is easy enough to make that one pipe be used for graceful
1431N/A and graceless events, and it is also easy to open that pipe
1431N/A to both parent and child for writing. Then we just need to
1431N/A figure out how to do graceless on non-threaded MPMs.
1431N/A * Allow the DocumentRoot directive within <Location > scopes? This
1463N/A and in-your-face.) DocumentRoot unset would be accepted [and would
1463N/A not permit content to be served, only virtual resources such as
1463N/A server-info or server-status.
2144N/A This proposed change would _not_ depricate Alias.
2144N/A * Win32: Rotatelogs sometimes is not terminated when Apache
2144N/A goes down hard. FirstBill was looking at possibly tracking the
2144N/A child's-child processes in the parent process.
1463N/A OtherBill asks, wasn't this fixed?
1463N/A stoddard: Not fixed. Shared scoreboard might offer a good
2219N/A way for the parent to keep track of 'other child' processes
1463N/A and whack them if the child goes down.
2488N/A Other thoughts on walking the process chain using the NT kernel
2488N/A have also been proposed on APR.
2488N/A * Win32: Add a simple hold console open patch (wait for close or
2488N/A the ESC key, with a nice message) if the server died a bad
2488N/A death (non-zero exit code) in console mode.
2488N/A Resolution: bring forward same ugly hacks from 1.3.13-.20
2488N/A * Port of mod_ssl to Apache 2.0:
2488N/A (2) Enabling SSL extentions
2488N/A (3) Trying to seperate the https filter logic from mod_ssl -
2488N/A This is to facilitate other modules that wish to use the https
2488N/A filter or the mod_ssl logic or both as required.
2488N/A * Eliminate unnecessary creation of pipes in mod_cgid
2026N/A * Platforms that do not support fork (primarily Win32 and AS/400)
2026N/A Architect start-up code that avoids initializing all the modules
2097N/A in the parent process on platforms that do not support fork.
2026N/A would eliminate some code in the Win32 branch that essentially
2026N/A * There are still a number of places in the code where we are
2026N/A losing error status (
i.e. throwing away the error returned by a
2488N/A system call and replacing it with a generic error code)
2488N/A * Mass vhosting version of suEXEC.
2026N/A the dbmmanage employs the first-matched dbm format. This is not
2026N/A necessarily the library that Apache was built with. Aught to
2144N/A rewrite dbmmanage upon installation to bin/ with the proper library
2092N/A for predictable mod_auth_dbm administration.
2097N/A Questions; htdbm exists, time to kill dbmmanage, or does it remain
2092N/A useful as a perl dbm management example? If we keep it,
2092N/A do we address the issue above?
2092N/A Some additional items remaining:
2092N/A - case_preserved_filename stuff
2092N/A (use the new canonical name stuff?)
2158N/A - find a new home for ap_text(_header)
2339N/A - is it possible to remove the DAV: namespace stuff from util_xml?
2073N/A * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
2092N/A are a bit wonky. The function should probably be exposed as a utility
3158N/A function (such as ap_translate_url2fs() or ap_validate_fs_url() or
2026N/A something). Another approach would be a new hook phase after
3158N/A "translate" which would allow the module to munge what the
2026N/A translation has decided to do.
2092N/A Status: Greg +1 (volunteers), Ryan +1
2092N/A calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
2092N/A ap_sort_hooks() [to reduce the logic in main()]
2610N/A * read the config tree just once, and process N times (as necessary)
2610N/A * (possibly) use UUIDs in mod_unique_id
and/or mod_usertrack
2610N/A * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
2610N/A into a VirtualHost container) to 2.0.
2610N/A * callers of ap_run_create_request() should check the return value
2610N/A for failure (Doug volunteers)
2610N/A * Win32: Get Apache working on Windows 95/98. The following work
2092N/A (at least) needs to be done:
2092N/A - Document warning that OSR2 is required (for Crypt functions, in
2092N/A rand.c, at least.) This could be resolved with an SSL library, or
2026N/A randomization in APR itself.
2026N/A actually works) and add in a splash of Win9x service code.
2610N/A * In order to use a DSO version of mod_ssl we have to link with
2610N/A -lssl and -lcrypto. A workaround is in place right now where the
2610N/A entire EXTRA_LIBS macro is being appended to the objects list, but
3158N/A this is a hack. We should either revamp the APACHE_CHECK_SSL_TOOLKIT
3158N/A autoconf function or come up with some other autoconf checks to
3158N/A search for libssl and libcrypto and properly add them to mod_ssl's
2610N/A * Fix the worker MPM to use POD to kill child processes instead
2610N/A of ap_os_killpg, regardless of how they should die. (Ryan Bloom)
2488N/A * mod_cache: handle cache_control: no_cache "field_name" to enable
2610N/A cacheing the response w/o header "field_name"
2488N/A * Scoreboard structures could be changed in the future such that
2488N/A proper alignment is not maintained, leading to segfaults on
1710N/A some systems. Cliff posted a patch to deal with this issue but
1710N/A later recanted. See this message to dev@apr.apache.org:
2154N/APRs that have been suspended forever waiting for someone to
2154N/Aput them into 'the next release':
1710N/A missing call to "setlocale();"
2154N/A Additional status for XBitHack directive
1710N/A Mod_proxy doesn't allow change of error pages
2141N/A Modified PATH environemnt variable is not passed, instead
1710N/A Proxy doesn't deliver documents if not connected
1710N/A proxy converts ~name to %7Ename when name starts with a dot (.)
2043N/A mod_access syntax allows hosts that should be restricted
1710N/A ~UserHome directories are not honored in absolute pathname
1710N/A Proxy FTP Authentication Fails
1710N/A A smarter "Last Modified" value for SSI documents (see PR number 600)
1710N/A Request of "Options SymLinksIfGroupMatch"
1710N/A Proxy doesn't do links right for OpenVMS files through ftp:
2073N/A imap should read <MAP><AREA>*</MAP> too!
2043N/A RLimitCPU and RLimitMEM don't apply to all children like they should
2043N/A Uses cwd before filling it in, doesn't use syslog
2073N/A it is useful to allow specifiction that root-owned symlinks
2043N/A Controlling Access to Remote Proxies would be nice...
1710N/A Adding authentication "on the fly" through the proxy module
1710N/A request_config field in request_rec is moderately bogus
2028N/A DoS attacks involving memory consumption
2028N/A Logging of virtual server to error_log as well
582N/A ProxyRemote make a dead cycle.
2144N/A suexec does not parse arguments to #exec cmd
2144N/A Allow for Last-Modified: without resorting to XBitHack
2144N/A improvements to child spawning API
2144N/A ``nph-'' not honored (no buffering) for ProxyRemote mapping
2144N/A Apache cannot handle continuation line in headers
2144N/A setlogin() is not called, causing problems with
e.g. identd
926N/A regerror() exists, use it
561N/A there is no way to keep per-connection per-module state
289N/A * PR#1263: mod_autoexec
289N/A Add frame-safe anchor attribute to mod_autoindex links
582N/A CGI scripts running as Apache user: security (suexec etc.)
289N/A Need to know "hit-rate" on proxy cache
289N/A Selective url-encode of log fields (or maybe a pseudo
596N/A I make mod_headers to modify request headers as well as
104N/A No HTTP_X_FORWARDED_FOR set...
2144N/A ProxyRemote proxy requests fail authentication by firewall
2144N/A mod_rewrite forms REQUEST_URI different than mod_cgi does
2144N/A mod_headers should allow mod_log_config-style formats in
2310N/A mod_proxy to support persistent conns?
2310N/A patches to mod_include to allow for file tests
2433N/A Suggestion for improving authentication modules and core source
2433N/A code, problem with 401 and ErrorDocument
2433N/A listing of proxy cache content
2433N/A Allow modules to set user:group for execution.
2433N/A adding auth_why to conn_rec
2433N/A pipelined connections are not logged correctly
2433N/A mod_rewrite doesn't pass Proxy Throughput on internal subrequests
2433N/A HTTP Server Rebuild Line Needs Changing for the better
2433N/A mod_status always displays 256 possible connection slots
2433N/A Make online documentation search link back to my installation
2433N/A Can not POST to ErrorDocument - Apache/1.3b6
2433N/A Status module averages are for entire uptime
2433N/A suexec for general access of user content?
2433N/A Proposal for TimeZone directive
2433N/A /server-info doesn't check for the virtual host to list the info
2433N/A problem specifying ndbm library for build ?with autoconfigure
2433N/A AllowOverride FileInfo is too coarse
2433N/A TimeOut applies to output of CGI scripts
2433N/A <IfDenied> directive wanted
2433N/A CGI's for general use still have to be run as another user
2433N/A Cache file names in Proxy module
551N/A mailto tags and bundling bug report script
2433N/A Support for System Resource Controller
2433N/A When will Apache support P3P? Any Plans?
2335N/A Propose that Apache recommend $UNIQUE_ID for all "session id"
2330N/A suggestion: power up your Include directive :)
2144N/A cannot limit some HTTP methods
2144N/A No module specific data hook for per-connection data
2144N/A no way to set global quality-of-source (qs) coneg values
2144N/A Accessing URL through proxy server corrupts data.
2144N/A Some anonymous FTP URLs ask for authentication
2144N/A New ErrorDocumentMatch directive
2144N/A Need to be able to override shebang line to make CGI scripts
1352N/A "Files" and "FilesMatch" regexp does not recognize bang as
2144N/A Please allow CGI env variables (QUERY_STRING, ...) to be logged
2339N/A Suggestion for better handling of Last-modified headers
3158N/A mod_cgi prevents handling of OPTIONS requests
22N/A [PATCH] install as win32 service with domain account
271N/A Status: Cannot accept password-as-arg, we should prompt the
22N/A user when -k install/-k config with a user argument.
2330N/A AllowOverride should have a 'CheckNone' and 'AllowNone' argument
2339N/AOther bugs that need fixing:
2488N/A * MaxRequestsPerChild measures connections, not requests.
2488N/A Until someone has a better way, we'll probably just rename it
2488N/A * Regex containers don't work in an intutive way
2488N/A Status: No one has come up with an efficient way to fix this
2488N/A behavior. Dean has suggested getting rid of regex containers
2488N/A OtherBill suggests: We at least seem to agree on eliminating
2488N/A the <Container ~ foo> forms, and using only
2488N/A <ContainerMatch foo> semantics.
2488N/A * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
2488N/A sigwaiting thread. We need to work around this, perhaps unless
2488N/A there is hope soon for a fixed glibc.
1710N/A needed. Apache 1.3 just never stashed "multipart" into
1710N/A r->content_type. We should probably follow suit since the
2028N/A byterange stuff doesn't want the rest of the code to see the
1710N/A multipart content-type; the other code should still think it is
1710N/A dealing with the <orig_ct> stuff.
1710N/A Status: Greg volunteers to investigate (esp. since he was most
2073N/A likely the one to break it :-)
2073N/AOther features that need writing:
2144N/A * Finish infrastructure in core for async MPMs
2144N/A * TODO in source -- just do an egrep on "TODO" and see what's there
2144N/A * Jon Travis's <jtravis@covalent.net> patch to deal with thread-safe
2144N/A issues with inet_ntoa. See message <20001201163220.A12827@covalent.net>
2144N/A Status: This is being set aside until the IPv6 work is finished
2178N/A so that we know exactly what is required.
2178N/A * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
2178N/A htpasswd actions due to a full /tmp volume (other programs may have
2144N/A * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
2144N/A Status: These were written for 1.3, and are awaiting a port to
2144N/A * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
2144N/A other small mod_usertrack features
2144N/A * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
2144N/A of SSI's to be modified in the config file. Patch is available in
2144N/A * Which MPMs will be included with Apache 2.0?