409N/AAPACHE 2.0 STATUS: -*-text-*-
1N/ALast modified at [$Date: 2002/04/08 08:24:52 $]
1N/A 2.0.34 : tagged March 26, 2002.
1N/A 2.0.33 : tagged March 6, 2002. not released.
1N/A 2.0.32 : released Feburary 16, 2002 as beta.
1N/A 2.0.31 : rolled Feburary 1, 2002. not released.
1N/A 2.0.30 : tagged January 8, 2002. not rolled.
1N/A 2.0.29 : tagged November 27, 2001. not rolled.
1N/A 2.0.28 : released November 13, 2001 as beta.
1N/A 2.0.27 : rolled November 6, 2001
1N/A 2.0.26 : tagged October 16, 2001. not rolled.
1N/A 2.0.25 : rolled August 29, 2001
1N/A 2.0.24 : rolled August 18, 2001
1N/A 2.0.23 : rolled August 9, 2001
1N/A 2.0.22 : rolled July 29, 2001
1N/A 2.0.21 : rolled July 20, 2001
1N/A 2.0.20 : rolled July 8, 2001
1N/A 2.0.19 : rolled June 27, 2001
835N/A 2.0.18 : rolled May 18, 2001
1N/A 2.0.17 : rolled April 17, 2001
1N/A 2.0.16 : rolled April 4, 2001
22N/A 2.0.15 : rolled March 21, 2001
22N/A 2.0.14 : rolled March 7, 2001
0N/A 2.0a9 : released December 12, 2000
0N/A 2.0a8 : released November 20, 2000
221N/A 2.0a7 : released October 8, 2000
539N/A 2.0a6 : released August 18, 2000
539N/A 2.0a5 : released August 4, 2000
221N/A 2.0a4 : released June 7, 2000
14N/A 2.0a3 : released April 28, 2000
14N/A 2.0a2 : released March 31, 2000
221N/A 2.0a1 : released March 10, 2000
14N/APlease consult the following STATUS files for information
22N/Aon related projects:
926N/A * 34 status: Let's get all API changes and showstoppers in this one.
926N/AFINAL RELEASE SHOWSTOPPERS:
0N/A * We do not properly substitute the prefix-variables in the configuration
391N/A scripts or generated-configs. (
i.e. if sysconfdir is etc,
926N/A Aaron says: This is not a showstopper, these problems have existed
192N/A for as long as I can remember. It would be nice to fix
0N/A them but they are not new.
0N/A Not a showstopper: Jeff, Aaron, BillS, gregames, Jim
565N/A * Should we always build [support*] binaries statically unless otherwise
926N/A Message-ID: <20020129210006.B23512@Lithium.MeepZor.Com>
926N/A +1: Ken, *wrowe [they are PITAs on OSX]
926N/A * If the parent process dies, should the remaining child processes
296N/A "gracefully" self-terminate. Or maybe we should make it a runtime
327N/A option, or have a concept of 2 parent processes (one being a
926N/A See: Message-ID: <3C58232C.FE91F19F@Golux.Com>
926N/A Self-destruct: Ken, Martin
1035N/A Not self-destruct: BrianP, Ian, Cliff, BillS
1035N/A Make it runtime configurable: Aaron, Jim, Justin
621N/A Have 2 parents: +1: Jim
926N/A -1: Justin, wrowe [for 2.0]
926N/A +0: Martin (while standing by, could it do
1087N/A * Make the worker MPM the default MPM for threaded Unix boxes.
565N/A -0: Aaron (premature decision, needs more discussion), Lars
429N/ARELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
384N/A * ap_cache_hex2msec() and ap_cache_msec2hex() are completely
1086N/A hosed. They do not handle apr_time_t (64 bit ints) properly.
1086N/A * If any request gets through ap_process_request_internal() and is
1086N/A scheduled to be served by the core handler, without a flag that this
1086N/A end of the ap_process_request_internal() processing so sub_req-esters
1086N/A know this request cannot be run. This provides authors of older
497N/A modules better compatibility, while still improving the security and
497N/A Status: still need to decide where this goes, OtherBill comments...
497N/A Message-ID: <065701c14526$495203b0$96c0b0d0@roweclan.net>
384N/A [Deleted comments regarding the ap_run_handler phase, as irrelevant
384N/A as BillS points out that "common case will be caught in
384N/A and the issue is detecting this -before- we try to run the req.]
429N/A gregames says: can this happen somehow without a broken module
301N/A being involved? If not, why waste cycles trying to defend against
301N/A potential broken modules? It seems futile.
301N/A wrowe counters: no, it shouldn't happen unless the module is broken.
301N/A walk if the path was entirely invalid; and we can't do that either
384N/A or we break modules that are unwilling to hook map_to_storage.
0N/A * Rewrite core_output_filter. It is nearly impossible to support
0N/A it with predictable results as it is implemented now.
662N/A * Convert all instances of the old apr_lock_t type to the new
996N/A Status: Aaron has converted all but the perchild MPM to
884N/A use the new lock API. Since perchild has been put
926N/A on the back burner, this is no longer a showstopper.
362N/A Aaron will patch perchild as soon as it becomes
342N/A * With AP_MODE_EXHAUSTIVE in the core, it is finally clear to me
987N/A how the Perchild MPM should be re-written. It hasn't worked
662N/A correctly since filters were added because it wasn't possible to
583N/A get the content that had already been written and the socket at
607N/A the same time. This mode lets us do that, so the MPM can be
838N/A * htpasswd blindly processes the file you give it, and does no
938N/A sanity checking before totally corrupting whatever file it was
938N/A you thought you had. It should check the input file and bail
310N/A if it finds non-comment lines that do not contain exactly 1
551N/A Message-ID: <20020217150457.A31632@clove.org>
551N/A * Can a static httpd be built reliably?
938N/A Message-ID: <20020207142751.T31582@clove.org>
662N/A * [Ken] Test suite failures:
938N/A o worker is also failing some of the 'cgi' subtests
926N/A Justin says: "Worker should be fine and passes httpd-test here.
539N/A If you can provide evidence that it can be reproduced
539N/A outside of httpd-test, then it's a showstopper. I
429N/A think it's a perl or a httpd-test problem."
26N/A Not a showstopper: Justin
362N/A * Usage of APR_BRIGADE_NORMALIZE in core_input_filter should be
0N/A Message-ID: <Pine.LNX.4.33.0201202232430.318-100000@deepthought.cs.virginia.edu>
384N/A * There is a bug in how we sort some hooks, at least the pre-config
1086N/A hook. The first time we call the hooks, they are in the correct
0N/A order, but the second time, we don't sort them correctly. Currently,
104N/A back when this is fixed. rbb
104N/A Justin says: "Is this really a showstopper? This has been here
104N/A forever. What's wrong? Does this have to do with
429N/A Not a showstopper: Justin, BrianP, trawick, gregames
693N/A administrator to order filters, beyond the order of filename (mime)
526N/A filename extensions. At minimum, some sort of +-[0-10] syntax seems
526N/A like the quickest fix for a 2.0 gold release.
526N/A Justin says: "Could we delay this for a point release or 2.1?"
526N/A Not a showstopper: justin, wrowe, trawick, stoddard, Jim, Ian, Aaron,
526N/A * Get perchild to work on platforms other than Linux. This
526N/A descriptors between vhost child groups. An API was proposed
526N/A Message-ID: <20020111115006.K1529@clove.org>
526N/A * Try to get libtool inter-library dependency code working on AIX.
526N/A Message-ID: <cm3n10lx555.fsf@rdu163-40-092.nc.rr.com>
301N/A Justin says: If we get it working on AIX, we can enable this
996N/A on all platforms and clean up our build system
219N/A Jeff says: I thought I tested a patch for you sometime in
996N/A January that you were going to commit within a few
996N/A * Handling of %2f in URIs. Currently both 1.3 and 2.0
219N/A completely disallow %2f in the request URI path (see
221N/A ap_unescape_url() in
util.c). It's permitted and passed
221N/A through in the query string, however. Roy says the
996N/A original reason for disallowing it, from five years ago,
219N/A was to protect CGI scripts that applied PATH_INFO to
219N/A a filesystem location and which might be tricked by
219N/A ..%2f..%2f(...). We *should* allow path-info of the
221N/A Since we've revamped a lot of our processing of path
221N/A segments, it would be nice to allow this, or at least
301N/A allow it conditionally with a directive.
219N/A * FreeBSD, threads, and worker MPM. All seems to work fine
219N/A if you only have one worker process with many threads. Add
219N/A a second worker process and the accept lock seems to be
219N/A lost. This might be an APR issue with how it deals with
575N/A the child_init hook (
i.e. the fcntl lock needs to be resynced).
575N/A More examination and analysis is required.
996N/A Status: This has also been reported on Cygwin.
996N/A Message-ID: <3C2CC514.8EF3BED1@wapme-systems.de> (cygnus)
301N/A Justin says: So, FreeBSD-CURRENT and Cywin have the same
429N/A problem. Yum. If another platform has this
301N/A with worker, this becomes a showstopper.
219N/A Aaron says: I spent some time disecting this and have come to
301N/A the conclusion that it is not a problem in the worker MPM
301N/A (or at least, it is not isolated to a problem in worker).
301N/A I'll list some of the problems I'm seeing in case someone
219N/A else wants to pick up where I've left off:
307N/A - Delivery of just about any signal to one of the child
219N/A processes will send it into an infinite loop as well.
526N/A - Even though the parent is spinning out of control,
526N/A at first the child or children will appear to work
526N/A properly. At times it is possible to get it into a state,
556N/A however, where a request will hang until another concurrent
301N/A request "kicks" the first, at which point the second will
219N/A hang. My theory is that this has to do with the
526N/A pthread_cond_*() implementation in FreeBSD, but it's still
526N/A possible that it is in APR.
996N/A Justin adds: Oh, FreeBSD threads are implemented entirely with
996N/A select()/poll()/longjmp(). Welcome to the nightmare.
996N/A So, that means a ktrace output also has the thread
996N/A scheduling internals in it (since it is all the same to
996N/A the kernel). Which makes it hard to distinguish between
996N/A our select() calls and their select() calls.
996N/A *bangs head on wall repeatedly* But, some of the libc_r
996N/A files have a DBG_MSG #define. This is moderately helpful
996N/A when used with -DNO_DETACH. The kernel scheduler isn't
1102N/A waking up the threads on a select(). Yum. And, I bet
1102N/A those decrementing select calls have to do with the
1102N/A scheduler. Time to brush up on our OS fundamentals.
996N/A * There is increasing demand from module writers for an API
996N/A that will allow them to control the server � la apachectl.
996N/A Reasons include sole-function servers that need to die if
789N/A an external dependency (
e.g., a database) fails, et cetera.
770N/A Perhaps something in the (ever more abused) scoreboard?
575N/A rbb: I don't believe the scoreboard is the correct mechanism
575N/A for this. We already have a pipe that goes between parent
575N/A and child for graceful shutdown events, along with an API that
575N/A can be used to send a message down that pipe. In threaded MPMs,
575N/A it is easy enough to make that one pipe be used for graceful
575N/A and graceless events, and it is also easy to open that pipe
575N/A to both parent and child for writing. Then we just need to
575N/A figure out how to do graceless on non-threaded MPMs.
526N/A * Allow the DocumentRoot directive within <Location > scopes? This
219N/A and in-your-face.) DocumentRoot unset would be accepted [and would
221N/A not permit content to be served, only virtual resources such as
301N/A server-info or server-status.
384N/A This proposed change would _not_ depricate Alias.
301N/A * Win32: Rotatelogs sometimes is not terminated when Apache
384N/A goes down hard. FirstBill was looking at possibly tracking the
926N/A child's-child processes in the parent process.
384N/A OtherBill asks, wasn't this fixed?
301N/A stoddard: Not fixed. Shared scoreboard might offer a good
384N/A way for the parent to keep track of 'other child' processes
926N/A and whack them if the child goes down.
565N/A Other thoughts on walking the process chain using the NT kernel
221N/A have also been proposed on APR.
301N/A * Win32: Add a simple hold console open patch (wait for close or
301N/A the ESC key, with a nice message) if the server died a bad
301N/A death (non-zero exit code) in console mode.
301N/A Resolution: bring forward same ugly hacks from 1.3.13-.20
926N/A * Port of mod_ssl to Apache 2.0:
926N/A remaining work includes:
301N/A (2) Enabling SSL extentions
926N/A (3) Trying to seperate the https filter logic from mod_ssl -
926N/A This is to facilitate other modules that wish to use the https
384N/A filter or the mod_ssl logic or both as required.
301N/A * Eliminate unnecessary creation of pipes in mod_cgid
301N/A * Document mod_file_cache.
926N/A * Platforms that do not support fork (primarily Win32 and AS/400)
539N/A Architect start-up code that avoids initializing all the modules
384N/A in the parent process on platforms that do not support fork.
526N/A would eliminate some code in the Win32 branch that essentially
526N/A duplicates what is in APR.
556N/A * There are still a number of places in the code where we are
526N/A losing error status (
i.e. throwing away the error returned by a
526N/A system call and replacing it with a generic error code)
526N/A * Mass vhosting version of suEXEC.
361N/A the dbmmanage employs the first-matched dbm format. This is not
526N/A necessarily the library that Apache was built with. Aught to
526N/A rewrite dbmmanage upon installation to bin/ with the proper library
556N/A for predictable mod_auth_dbm administration.
556N/A Questions; htdbm exists, time to kill dbmmanage, or does it remain
526N/A useful as a perl dbm management example? If we keep it,
556N/A do we address the issue above?
221N/A Some additional items remaining:
556N/A - case_preserved_filename stuff
556N/A (use the new canonical name stuff?)
219N/A - find a new home for ap_text(_header)
301N/A - is it possible to remove the DAV: namespace stuff from util_xml?
526N/A * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
526N/A are a bit wonky. The function should probably be exposed as a utility
526N/A function (such as ap_translate_url2fs() or ap_validate_fs_url() or
556N/A something). Another approach would be a new hook phase after
556N/A "translate" which would allow the module to munge what the
219N/A translation has decided to do.
219N/A Status: Greg +1 (volunteers), Ryan +1
526N/A calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
526N/A ap_sort_hooks() [to reduce the logic in main()]
1063N/A * read the config tree just once, and process N times (as necessary)
1063N/A * (possibly) use UUIDs in mod_unique_id
and/or mod_usertrack
219N/A * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
301N/A into a VirtualHost container) to 2.0.
235N/A * callers of ap_run_create_request() should check the return value
235N/A for failure (Doug volunteers)
251N/A * Win32: Get Apache working on Windows 95/98. The following work
236N/A (at least) needs to be done:
235N/A - Document warning that OSR2 is required (for Crypt functions, in
235N/A rand.c, at least.) This could be resolved with an SSL library, or
222N/A randomization in APR itself.
583N/A actually works) and add in a splash of Win9x service code.
583N/A * In order to use a DSO version of mod_ssl we have to link with
583N/A -lssl and -lcrypto. A workaround is in place right now where the
583N/A entire EXTRA_LIBS macro is being appended to the objects list, but
583N/A this is a hack. We should either revamp the APACHE_CHECK_SSL_TOOLKIT
583N/A autoconf function or come up with some other autoconf checks to
583N/A search for libssl and libcrypto and properly add them to mod_ssl's
583N/A * Fix the worker MPM to use POD to kill child processes instead
789N/A of ap_os_killpg, regardless of how they should die. (Ryan Bloom)
583N/A * mod_cache: handle cache_control: no_cache "field_name" to enable
583N/A cacheing the response w/o header "field_name"
583N/A See RFC2616 section 14.9.1
583N/A * Scoreboard structures could be changed in the future such that
583N/A proper alignment is not maintained, leading to segfaults on
583N/A some systems. Cliff posted a patch to deal with this issue but
583N/A later recanted. See this message to dev@apr.apache.org:
583N/APRs that have been suspended forever waiting for someone to
583N/Aput them into 'the next release':
834N/A missing call to "setlocale();"
583N/A Additional status for XBitHack directive
583N/A Mod_proxy doesn't allow change of error pages
235N/A Modified PATH environemnt variable is not passed, instead
227N/A Proxy doesn't deliver documents if not connected
227N/A proxy converts ~name to %7Ename when name starts with a dot (.)
235N/A mod_access syntax allows hosts that should be restricted
301N/A ~UserHome directories are not honored in absolute pathname
526N/A Proxy FTP Authentication Fails
565N/A A smarter "Last Modified" value for SSI documents (see PR number 600)
526N/A Request of "Options SymLinksIfGroupMatch"
222N/A Proxy doesn't do links right for OpenVMS files through ftp:
301N/A imap should read <MAP><AREA>*</MAP> too!
235N/A RLimitCPU and RLimitMEM don't apply to all children like they should
565N/A Uses cwd before filling it in, doesn't use syslog
391N/A it is useful to allow specifiction that root-owned symlinks
391N/A should always be followed
583N/A Controlling Access to Remote Proxies would be nice...
235N/A Adding authentication "on the fly" through the proxy module
222N/A request_config field in request_rec is moderately bogus
419N/A DoS attacks involving memory consumption
419N/A Logging of virtual server to error_log as well
419N/A ProxyRemote make a dead cycle.
419N/A * PR#1117: mod_auth-any
419N/A suexec does not parse arguments to #exec cmd
227N/A Allow for Last-Modified: without resorting to XBitHack
172N/A improvements to child spawning API
172N/A ``nph-'' not honored (no buffering) for ProxyRemote mapping
884N/A Apache cannot handle continuation line in headers
884N/A setlogin() is not called, causing problems with
e.g. identd
172N/A regerror() exists, use it
442N/A there is no way to keep per-connection per-module state
537N/A * PR#1263: mod_autoexec
598N/A Add frame-safe anchor attribute to mod_autoindex links
172N/A CGI scripts running as Apache user: security (suexec etc.)
565N/A Need to know "hit-rate" on proxy cache
361N/A Selective url-encode of log fields (or maybe a pseudo
565N/A I make mod_headers to modify request headers as well as
565N/A No HTTP_X_FORWARDED_FOR set...
565N/A ProxyRemote proxy requests fail authentication by firewall
565N/A mod_rewrite forms REQUEST_URI different than mod_cgi does
884N/A mod_headers should allow mod_log_config-style formats in
594N/A mod_proxy to support persistent conns?
565N/A patches to mod_include to allow for file tests
565N/A * PR#1809: mod_auth-any
565N/A Suggestion for improving authentication modules and core source
565N/A code, problem with 401 and ErrorDocument
565N/A listing of proxy cache content
789N/A Allow modules to set user:group for execution.
565N/A adding auth_why to conn_rec
576N/A pipelined connections are not logged correctly
717N/A mod_rewrite doesn't pass Proxy Throughput on internal subrequests
717N/A HTTP Server Rebuild Line Needs Changing for the better
565N/A mod_status always displays 256 possible connection slots
565N/A * PR#2221: documentation
172N/A Make online documentation search link back to my installation
565N/A Can not POST to ErrorDocument - Apache/1.3b6
429N/A patterns in ProxyRemote
717N/A Status module averages are for entire uptime
717N/A suexec for general access of user content?
884N/A Proposal for TimeZone directive
576N/A /server-info doesn't check for the virtual host to list the info
329N/A problem specifying ndbm library for build ?with autoconfigure
648N/A AllowOverride FileInfo is too coarse
172N/A TimeOut applies to output of CGI scripts
648N/A <IfDenied> directive wanted
926N/A CGI's for general use still have to be run as another user
32N/A Cache file names in Proxy module
242N/A in global and <Virtual>.
242N/A mailto tags and bundling bug report script
111N/A Support for System Resource Controller
537N/A When will Apache support P3P? Any Plans?
36N/A Propose that Apache recommend $UNIQUE_ID for all "session id"
172N/A suggestion: power up your Include directive :)
565N/A cannot limit some HTTP methods
329N/A No module specific data hook for per-connection data
594N/A * PR#3191: mod_negotiation
594N/A no way to set global quality-of-source (qs) coneg values
594N/A Accessing URL through proxy server corrupts data.
565N/A Some anonymous FTP URLs ask for authentication
594N/A New ErrorDocumentMatch directive
926N/A Need to be able to override shebang line to make CGI scripts
594N/A "Files" and "FilesMatch" regexp does not recognize bang as
596N/A Please allow CGI env variables (QUERY_STRING, ...) to be logged
329N/A Suggestion for better handling of Last-modified headers
576N/A mod_cgi prevents handling of OPTIONS requests
565N/A [PATCH] install as win32 service with domain account
576N/A Status: Cannot accept password-as-arg, we should prompt the
576N/A user when -k install/-k config with a user argument.
576N/A AllowOverride should have a 'CheckNone' and 'AllowNone' argument
717N/AOther bugs that need fixing:
717N/A * MaxRequestsPerChild measures connections, not requests.
576N/A Until someone has a better way, we'll probably just rename it
565N/A "MaxConnectionsPerChild".
417N/A * Regex containers don't work in an intutive way
417N/A Status: No one has come up with an efficient way to fix this
565N/A behavior. Dean has suggested getting rid of regex containers
329N/A OtherBill suggests: We at least seem to agree on eliminating
565N/A the <Container ~ foo> forms, and using only
329N/A <ContainerMatch foo> semantics.
251N/A * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
565N/A sigwaiting thread. We need to work around this, perhaps unless
429N/A there is hope soon for a fixed glibc.
429N/A needed. Apache 1.3 just never stashed "multipart" into
429N/A r->content_type. We should probably follow suit since the
717N/A byterange stuff doesn't want the rest of the code to see the
717N/A multipart content-type; the other code should still think it is
717N/A dealing with the <orig_ct> stuff.
717N/A Status: Greg volunteers to investigate (esp. since he was most
717N/A likely the one to break it :-)
576N/A Platform Avail. Volunteer
576N/A ------------------------------------------------------------------
329N/A OS X 10.1.3/Darwin 5.3 no Jim Jagielski
391N/A RedHat 7.2 no Jim Jagielski
271N/A i686-pc-linux-gnu no Aaron Bannert
648N/A powerpc-unknown-linux-gnu no Graham Leggett
648N/AOther features that need writing:
0N/A * Finish infrastructure in core for async MPMs
14N/A * TODO in source -- just do an egrep on "TODO" and see what's there
235N/A * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
598N/A htpasswd actions due to a full /tmp volume (other programs may have
67N/A * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
66N/A Status: These were written for 1.3, and are awaiting a port to
598N/A * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
598N/A other small mod_usertrack features
361N/A * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
344N/A of SSI's to be modified in the config file. Patch is available in
235N/A * Which MPMs will be included with Apache 2.0?