1 APACHE 2.4 STATUS: -*- mode: text; coding: utf-8 -*-
2 Last modified at [$Date$]
4 The current version of this file can be found at:
6 * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS
8 Documentation status is maintained separately and can be found at:
10 * docs/STATUS in this source tree, or
11 * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/docs/STATUS
13 The current development branch of this software can be found at:
15 * http://svn.apache.org/repos/asf/httpd/httpd/trunk
17 Consult the following STATUS files for information on related projects:
19 * http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS
20 * http://svn.apache.org/repos/asf/apr/apr/branches/1.4.x/STATUS
21 * http://svn.apache.org/repos/asf/apr/apr-util/branches/1.4.x/STATUS
22 * http://svn.apache.org/repos/asf/apr/apr/branches/1.5.x/STATUS
23 * http://svn.apache.org/repos/asf/apr/apr-util/branches/1.5.x/STATUS
25 Patches considered for backport are noted in their branches' STATUS:
27 * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS
28 * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS
29 * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS
34 [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
35 while x.{even}.z versions are Stable/GA releases.]
37 2.4.13 : In development.
38 2.4.12 : Tagged on January 22, 2015.
39 2.4.11 : Tagged on January 15, 2015. Not released.
40 2.4.10 : Tagged on July 15, 2014. Released July 21, 2014
41 2.4.9 : Tagged on March 13, 2014. Released on March 17, 2014
42 2.4.8 : Tagged on March 11, 2014. Not released.
43 2.4.7 : Tagged on November 19, 2013. Released on Nov 25, 2013
44 2.4.6 : Tagged on July 15, 2013. Released July, 22, 2013
45 2.4.5 : Tagged on July 11, 2013, not released.
46 2.4.4 : Tagged on February 18, 2013. Released Feb 25, 2013
47 2.4.3 : Tagged on August 17, 2012. Released Aug 18, 2012
48 2.4.2 : Tagged on April 5, 2012. Released Apr 17, 2012.
49 2.4.1 : Tagged on February 13, 2012. Released Feb 21, 2012.
50 2.4.0 : Tagged on January 16, 2012, not released.
51 2.3.16 : Tagged on December 15, 2011.
52 2.3.15 : Tagged on November 8, 2011. Released Nov. 15, 2011.
53 2.3.14 : Tagged on August 1, 2011. Released Aug. 9, 2011.
54 2.3.13 : Tagged on June 28, 2011, not released.
55 2.3.12 : Tagged on May 11, 2011. Released May 23, 2011.
56 2.3.11 : Released as Beta on March 7, 2011.
57 2.3.10 : Tagged on December 13, 2010. Released Dec 21, 2010.
58 2.3.9 : Tagged on November 23, 2010, not released.
59 2.3.8 : Tagged on August 24, 2010.
60 2.3.7 : Tagged on August 19, 2010, not released.
61 2.3.6 : Released on June 21, 2010.
62 2.3.5 : Released on January 26, 2010.
63 2.3.4 : Released on December 8, 2009.
64 2.3.3 : Tagged on November 11, 2009, not released.
65 2.3.2 : Tagged on March 23, 2009, not released.
66 2.3.1 : Tagged on January 2, 2009, not released.
67 2.3.0 : Tagged on December 6, 2008, not released.
69 Contributors looking for a mission:
71 * Just do an egrep on "TODO" or "XXX" in the source.
73 * Review the bug database at: http://issues.apache.org/bugzilla/
75 * Review the "PatchAvailable" bugs in the bug database:
77 https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&keywords=PatchAvailable
79 After testing, you can append a comment saying "Reviewed and tested".
81 * Open bugs in the bug database.
83 * See also the STATUS file in the docs/ directory, which lists documentation-specific TODO items.
86 CURRENT RELEASE NOTES:
88 * Forward binary compatibility is expected of Apache 2.4.x releases, such
89 that no MMN major number changes will occur after 2.4.1. Such changes can
90 only be made in the trunk.
92 * All commits to branches/2.4.x must be reflected in SVN trunk,
93 as well, if they apply. Logical progression is commit to trunk
94 then merge into branches/2.4.x, as applicable.
96 * Current exceptions for RTC for this branch:
100 . non-Unix, single-platform code
102 RELEASE SHOWSTOPPERS:
105 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
106 [ start all new proposals below, under PATCHES PROPOSED. ]
108 *) mod_status: Improve server-status output when called with "?auto"
109 (machine readable form).
110 trunk patch: http://svn.apache.org/r1671396
111 http://svn.apache.org/r1672289
112 http://svn.apache.org/r1672453
113 2.4.x patch: http://people.apache.org/~rjung/patches/enhance-server-status-auto.patch
114 (same as trunk but combined into one)
115 +1: rjung, covener, jim
117 *) mod_ssl, mod_proxy, mod_cache_socache, mod_socache_*: Add plain text
118 output to status hook (server-status) when called with "?auto"
119 (machine readable form).
120 trunk patch: http://svn.apache.org/r1671397
121 http://svn.apache.org/r1672466
122 http://svn.apache.org/r1672564
123 2.4.x patch: http://people.apache.org/~rjung/patches/enhance-socache-status-auto.patch
124 (same as trunk but combined into one)
125 +1: rjung, covener, jim
127 *) mod_proxy_wstunnel: Bypass the handler while the connection is not
128 upgraded to WebSocket, so that other modules can possibly take over
129 the leading HTTP requests.
130 trunk patch: http://svn.apache.org/r1674632
131 2.4.x patch: trunk works (modulo CHANGES, docs/log-message-tags)
132 +1: ylavic, covener, jim
134 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
135 [ New proposals should be added at the end of the list ]
137 * mod_proxy: Add ap_proxy_define_match_worker() and use it for ProxyPassMatch
138 and ProxyMatch section to distinguish between normal workers and workers
139 with regex substitutions in the name. Implement handling of such workers
140 in ap_proxy_get_worker(). Fixes the bug when regex workers were not
141 matched and used for request. PR 43513.
142 trunk patch: http://svn.apache.org/r1609680
143 http://svn.apache.org/r1609688
144 http://svn.apache.org/r1641381
145 ylavic: Merge patch provided (reusing new->real to avoid double de_socketfy() call).
146 Also added missing r1609688 to the patchset.
147 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-ap_proxy_define_match_worker.patch
149 -0: covener tried to review this one in Austin with Jeff. Does the added match function
150 really cover a very narrow set of parameters with the way it skips over backreferences?
151 Also, why a new API vs. just setting the field inline?
153 * mod_proxy_ajp: Fix client connection errors handling and logged status
154 when it occurs. PR 56823.
155 trunk patch: http://svn.apache.org/r1643537
156 http://svn.apache.org/r1643543
157 http://svn.apache.org/r1674056
158 2.4.x patch: trunk works (module CHANGES, docs/log-message-tags)
159 http://people.apache.org/~ylavic/httpd-2.4.x-mod_proxy_ajp-client_failed.patch
160 (for convenience/readability)
162 trawick: Eric and I were working through this and I (at least) ran into this
163 particular roadblock: output_failed sometimes means that we couldn't
164 write to the client and sometimes means that we couldn't read from
165 the client; later, output_fails triggers setting the status to 400.
166 HTTP status shouldn't be 400 for a problem writing to the client.
167 (Maybe I missed some guarantee that 400 is only for an error reading
168 enough request body??) I think it would be good to separate output_failed
169 from input_failed so that the code is more clear and we can more
170 easily tell that the status code is appropriate. (And unfortunately
171 I don't volunteer to make the simple changes and test them :( )
172 ylavic: I think the confusion comes from the (original) name output_failed itself,
173 since it really means client_failed (i.e. "dialog with [client] %pI failed"),
174 as opposed to backend_failed (i.e. "dialog with backend %pI failed").
175 When an error occurs on any side (connection), the first flag used regarding
176 4xx/5xx vs DONE is data_sent (i.e. to the client), otherwise {4xx,5xx} are
177 returned according to {output,backend}_failed. So the clarification is
178 possibly as simple as renaming output_failed => client_failed (r1674056 added
180 (Note that ap_map_http_request_error-v2.patch proposed below, which collides as
181 explained in the comment there, shows the full/expected result wrt mod_proxy_ajp
182 returned status/error/AP_FILTER_ERROR, and is maybe a more general (though bigger)
183 backport that could include this one).
185 * core: Add ap_errorlog_provider to make ErrorLog logging modular. This
186 backport keeps syslog logging as part of httpd core and only adds
187 API to allow other modules to be used for error logging.
188 trunk patch: http://svn.apache.org/r1525597
189 http://svn.apache.org/r1525664
190 http://svn.apache.org/r1525845
191 http://svn.apache.org/r1527003
192 http://svn.apache.org/r1527005
193 http://svn.apache.org/r1532344
194 http://svn.apache.org/r1539988
195 http://svn.apache.org/r1541029
196 http://svn.apache.org/r1543979
197 http://svn.apache.org/r1544156
198 http://svn.apache.org/r1626978
199 2.4.x patch: http://people.apache.org/~jkaluza/patches/httpd-2.4.x-errorlog_provider.patch
201 +1: covener w/ doc or code to fix syntax (providername:providerarg not supported like syslog or socacheproviders,
202 needs 2 args which is not valid in ErrorLog manual)
203 trawick: nit: fix "writing" in "/* NULL if we are writting to syslog */"
204 (sorry, haven't finished reviewing completely)
206 * mod_journald: Add new module mod_journald to log error logs into journald.
207 This patch needs changes done in mod_systemd patch (already
209 trunk patch: http://svn.apache.org/r1610339
210 http://svn.apache.org/r1621806
211 2.4.x patch: http://people.apache.org/~jkaluza/patches/httpd-2.4.x-mod_journald.patch
214 * MPMs: Support SO_REUSEPORT to create multiple duplicated listener
215 records for scalability (full log in 2.4.x patch).
216 trunk patch: http://svn.apache.org/r1599531
217 http://svn.apache.org/r1599593
218 http://svn.apache.org/r1599601
219 http://svn.apache.org/r1599603
220 http://svn.apache.org/r1601558
221 http://svn.apache.org/r1629909
222 http://svn.apache.org/r1629918
223 http://svn.apache.org/r1629990
224 http://svn.apache.org/r1635521
225 http://svn.apache.org/r1635859
226 http://svn.apache.org/r1640145
227 http://svn.apache.org/r1640161
228 http://svn.apache.org/r1640184
229 http://svn.apache.org/r1640763
230 http://svn.apache.org/r1643179
231 http://svn.apache.org/r1656368
232 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-ap_listeners_buckets.patch
235 * mod_ssl: Add support for extracting subjectAltName entries of type
236 rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n
237 variables. (also covers PR57207)
238 trunk patch: https://svn.apache.org/r1650047
239 2.4.x patch: trunk patch works (modulo CHANGES)
242 * mod_proxy_http: Don't establish or reuse a backend connection before pre-
243 fetching the request body, so to minimize the delay between it is supposed
244 to be alive and the first bytes sent: this is a best effort to prevent the
245 backend from closing because of idle or keepalive timeout in the meantime.
246 Also, handle a new "proxy-flushall" environment variable which allows to
247 flush any forwarded body data immediately. PR 56541+37920.
248 trunk patch: http://svn.apache.org/r1656259
249 http://svn.apache.org/r1656359 (CHANGES entry)
250 2.4.x patch: trunk works (modulo CHANGES, docs/log-message-tags)
253 *) http: Make ap_die() robust against any HTTP error code and not modify
254 response status (finally logged) when nothing is to be done. PR 56035.
255 trunk patch: http://svn.apache.org/r1657881
256 http://svn.apache.org/r1665643
257 2.4.x patch: trunk works (modulo CHANGES)
260 *) core, modules: Avoid error response/document handling by the core if some
261 handler or input filter already did it while reading the request (causing
262 a double response body).
263 trunk patch: http://svn.apache.org/r1482522 (partial, ap_map_http_request_error() things only!)
264 http://svn.apache.org/r1529988
265 http://svn.apache.org/r1529991
266 http://svn.apache.org/r1643537
267 http://svn.apache.org/r1643543
268 http://svn.apache.org/r1657897
269 http://svn.apache.org/r1665625
270 http://svn.apache.org/r1665721
271 http://svn.apache.org/r1674056
272 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-ap_map_http_request_error-v2.patch
274 ylavic: depends on r1657881 above, and also r1643537+r1643543+r1674056 already
275 proposed separately (if the latter proposal is accepted before
276 this one, I'll take it easily into account with a v3 of the
277 2.4.x patch, but currently the code from r1657897+r1665625
278 collides, this patch shows the final result on mod_proxy_ajp
281 *) core: Cleanup the request soon/even if some output filter fails to
282 handle the EOR bucket.
283 trunk patch: http://svn.apache.org/r1666998
284 2.4.x patch: trunk works (modulo CHANGES)
287 *) mpm_event: Allow for timer events duplicates.
288 trunk patch: http://svn.apache.org/r1666468
289 http://svn.apache.org/r1666618
290 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-event_timers_duplicates.patch
292 covener: what's the background here? What's currently broken?
293 ylavic: I expected to find a common compare function for both MPMs event
294 and motorz, but I now think that won't be the case (not the same
295 constraints for both since event does not apr_skiplist_remove(),
296 see http://marc.info/?l=apache-httpd-dev&m=142714857911558&w=2 for
297 details). Hence I'm moving this backport back to proposals, it is
298 IMO the right fix to not lose timers registered in the same micro-
299 second (in MPM event).
301 *) mod_authz_core: Allow "Require expr" to work when the expression is quoted,
302 as in an example in the doc. PR 56235
303 trunk patch: http://svn.apache.org/r1585609
304 2.4.x patch: trunk works (modulo CHANGES)
310 * A list of further possible backports can be found at:
311 http://people.apache.org/~rjung/patches/possible-backports-httpd-trunk-2_4.txt
312 If you want to propose one of those, please add them above.
315 PATCHES/ISSUES THAT ARE BEING WORKED
318 PATCHES/ISSUES THAT ARE STALLED
320 * mod_systemd: New module, for integration with systemd on Linux.
321 trunk patch: http://svn.apache.org/r1393976
322 http://svn.apache.org/r1393997
323 http://svn.apache.org/r1484554
324 http://svn.apache.org/r1528032
325 http://svn.apache.org/r1528034
326 http://svn.apache.org/r1614821
327 http://svn.apache.org/r1618579
328 http://svn.apache.org/r1618588
329 2.4.x patch: http://people.apache.org/~jkaluza/patches/mod_systemd/httpd-2.4.x-mod_systemd.patch
332 * core: Add support for systemd socket activation.
333 trunk patch: http://svn.apache.org/r1511033
334 http://svn.apache.org/r1608686
335 http://svn.apache.org/r1608694
336 http://svn.apache.org/r1608703
337 http://svn.apache.org/r1608721
338 http://svn.apache.org/r1608744
339 2.4.x patch: http://people.apache.org/~jkaluza/patches/mod_systemd/httpd-2.4.x-socket-activation.patch
342 * core: Stop the HTTP_IN filter from attempting to write error buckets
343 to the output filters
344 trunk patch: https://svn.apache.org/viewvc?view=revision&revision=1482522
345 https://svn.apache.org/viewvc?view=revision&revision=1482918
346 2.4.x patch: /* working on it */
349 * mod_proxy: Ensure network errors detected by the proxy are returned as
350 504 Gateway Timout as opposed to 502 Bad Gateway
351 trunk patch: https://svn.apache.org/viewvc?view=revision&revision=1480058
352 2.4.x patch: trunk patch works modulo CHANGES
354 -1: rpluem: This change is still disputed. See
355 http://mail-archives.apache.org/mod_mbox/httpd-dev/201305.mbox/%3C1B16B9E3-87BA-4EEF-939C-7C7313B54714%40gbiv.com%3E
357 * cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will be
358 compiled by the build compiler instead of the host compiler.
359 Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected.
360 Trunk patches: http://svn.apache.org/viewvc?view=revision&revision=1327907
361 http://svn.apache.org/viewvc?view=revision&revision=1328390
362 http://svn.apache.org/viewvc?view=revision&revision=1328714
363 2.4 patch: http://people.apache.org/~fuankg/diffs/httpd-2.4.x-cross_compile.diff
364 fuankg: on hold until we agree for a better and more simple solution ...
366 * mod_ssl: Add support for Next Protocol Negotiation.
368 http://svn.apache.org/viewvc?view=revision&revision=1332643
372 sf says: Needs r1345599, too.
373 And wrowe's comment about the 2.2 patch is also valid for 2.4:
374 http://svn.apache.org/viewvc?view=revision&revision=1354823
376 * Makefile.win: Added copying of .vbs / .wsf CGIs to Windows install target.
377 Moved fixing of shebang to separate target so that it is
378 no longer executed by default and all CGIs remain inactive.
379 trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1387984
380 http://svn.apache.org/viewvc?view=revision&revision=1421203
381 http://svn.apache.org/viewvc?view=revision&revision=1421591
382 2.4.x patch: http://people.apache.org/~fuankg/diffs/httpd-2.4.x-Makefile.win.diff
385 This commit is essentially deciding that an httpd install on
386 Windows now has printenv/testcgi written in 2 more languages.
387 To the extent that the usefulness is that it shows how to make scripts
388 of these types executable by httpd, I believe that the documentation
389 is the proper place to solve that. To the extent that the usefullness
390 is to show how to implement a CGI in these particular languages, I believe
391 that the httpd distribution and documentation in general is not the
392 place for that. Historically these types of scripts have caused problems
393 for downstream vendorsas well as newbies (and sometimes the intersection
394 of those two groups) who don't understand that these are information leaks
395 once they are enabled, and the subtlety of the way they are disabled ("Apache
396 messed up the first line; let me fix that") contributes to that.
397 fuankg notes: I've just added a big warning to all CGI scripts which should now
398 make absolutely clear that these CGIs are for testing purpose only - so those
399 who enable those scripts with inserting the right shebang should be 100% aware
400 of any risks (this should cover your last point).
401 jim: trawick, does the above address your concerns?
402 trawick: to some extent (somebody reading the script gets an idea)
403 Why isn't the configuration requirement documented instead
404 of described indirectly in a sample?
405 Why are these new samples added to the install without three
406 votes? (I didn't veto it; put your name next to the two
407 existing ones and I'll be satisified that enough people
408 considered this addition as an appropriate solution for a
409 real httpd usability problem.)
410 wrowe: I'd agree with trawick, and suggest that these scripts can begin
411 their life somewhere in the manual/ tree. This really seems like
412 the place where /usr/share/httpd/examples/ would be useful, but
413 there isn't an ordinary directory for that. Since we want none
414 of the scripts to function 'out of the box', what about a new
415 cgi-examples/ dir alongside cgi-bin/? Otherwise manual/cgi/examples