1 APACHE 2.4 STATUS: -*- mode: text; coding: utf-8 -*-
2 Last modified at [$Date$]
4 The current version of this file can be found at:
6 * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS
8 Documentation status is maintained separately and can be found at:
10 * docs/STATUS in this source tree, or
11 * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/docs/STATUS
13 The current development branch of this software can be found at:
15 * http://svn.apache.org/repos/asf/httpd/httpd/trunk
17 Consult the following STATUS files for information on related projects:
19 * http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS
20 * http://svn.apache.org/repos/asf/apr/apr/branches/1.4.x/STATUS
21 * http://svn.apache.org/repos/asf/apr/apr-util/branches/1.4.x/STATUS
23 Patches considered for backport are noted in their branches' STATUS:
25 * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS
26 * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS
27 * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS
32 [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
33 while x.{even}.z versions are Stable/GA releases.]
35 2.4.7 : In development.
36 2.4.6 : Tagged on July 15, 2013. Released July, 22, 2013
37 2.4.5 : Tagged on July 11, 2013, not released.
38 2.4.4 : Tagged on February 18, 2013. Released Feb 25, 2013
39 2.4.3 : Tagged on August 17, 2012. Released Aug 18, 2012
40 2.4.2 : Tagged on April 5, 2012. Released Apr 17, 2012.
41 2.4.1 : Tagged on February 13, 2012. Released Feb 21, 2012.
42 2.4.0 : Tagged on January 16, 2012, not released.
43 2.3.16 : Tagged on December 15, 2011.
44 2.3.15 : Tagged on November 8, 2011. Released Nov. 15, 2011.
45 2.3.14 : Tagged on August 1, 2011. Released Aug. 9, 2011.
46 2.3.13 : Tagged on June 28, 2011, not released.
47 2.3.12 : Tagged on May 11, 2011. Released May 23, 2011.
48 2.3.11 : Released as Beta on March 7, 2011.
49 2.3.10 : Tagged on December 13, 2010. Released Dec 21, 2010.
50 2.3.9 : Tagged on November 23, 2010, not released.
51 2.3.8 : Tagged on August 24, 2010.
52 2.3.7 : Tagged on August 19, 2010, not released.
53 2.3.6 : Released on June 21, 2010.
54 2.3.5 : Released on January 26, 2010.
55 2.3.4 : Released on December 8, 2009.
56 2.3.3 : Tagged on November 11, 2009, not released.
57 2.3.2 : Tagged on March 23, 2009, not released.
58 2.3.1 : Tagged on January 2, 2009, not released.
59 2.3.0 : Tagged on December 6, 2008, not released.
61 Contributors looking for a mission:
63 * Just do an egrep on "TODO" or "XXX" in the source.
65 * Review the bug database at: http://issues.apache.org/bugzilla/
67 * Review the "PatchAvailable" bugs in the bug database:
69 https://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&keywords=PatchAvailable
71 After testing, you can append a comment saying "Reviewed and tested".
73 * Open bugs in the bug database.
75 * See also the STATUS file in the docs/ directory, which lists documentation-specific TODO items.
78 CURRENT RELEASE NOTES:
80 * Forward binary compatibility is expected of Apache 2.4.x releases, such
81 that no MMN major number changes will occur after 2.4.1. Such changes can
82 only be made in the trunk.
84 * All commits to branches/2.4.x must be reflected in SVN trunk,
85 as well, if they apply. Logical progression is commit to trunk
86 then merge into branches/2.4.x, as applicable.
88 * Current exceptions for RTC for this branch:
92 . non-Unix, single-platform code
97 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
98 [ start all new proposals below, under PATCHES PROPOSED. ]
101 * WinNT MPM: Exit the child if the parent process crashes or is terminated.
102 trunk: https://svn.apache.org/r1526666 and r1527220
103 2.4.x: trunk patches work if CHANGES are massaged and log-message-tag change
104 is ignored; alternately:
105 http://people.apache.org/~trawick/winnt-child-exits-if-no-parent.txt
106 +1: trawick, covener, jim
109 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
110 [ New proposals should be added at the end of the list ]
112 * core: Stop the HTTP_IN filter from attempting to write error buckets
113 to the output filters
114 trunk patch: https://svn.apache.org/viewvc?view=revision&revision=1482522
115 2.4.x patch: trunk patch works modulo CHANGES and ap_mmn
117 rjung: it seems to me from dev list discussion, that r1482918 and r1484832
120 * mod_proxy: support Unix domain sockets /* ON HOLD */
121 trunk patch: https://svn.apache.org/viewvc?view=revision&revision=1451633
122 https://svn.apache.org/viewvc?view=revision&revision=1451905
123 https://svn.apache.org/viewvc?view=revision&revision=1451921
124 https://svn.apache.org/viewvc?view=revision&revision=1452259
125 https://svn.apache.org/viewvc?view=revision&revision=1453981
126 https://svn.apache.org/viewvc?view=revision&revision=1501913
127 https://svn.apache.org/viewvc?view=revision&revision=1513508
128 2.4.x patch: trunk patch works modulo CHANGES, ap_mmn, and doc note to
132 * mod_proxy: Ensure network errors detected by the proxy are returned as
133 504 Gateway Timout as opposed to 502 Bad Gateway
134 trunk patch: https://svn.apache.org/viewvc?view=revision&revision=1480058
135 2.4.x patch: trunk patch works modulo CHANGES
137 -1: rpluem: This change is still disputed. See
138 http://mail-archives.apache.org/mod_mbox/httpd-dev/201305.mbox/%3C1B16B9E3-87BA-4EEF-939C-7C7313B54714%40gbiv.com%3E
140 * mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
141 previously limited to 64MB.
142 trunk patch: http://svn.apache.org/r1493921
143 http://svn.apache.org/r1493925
144 2.4.x patch: trunk patch works modulo CHANGES
146 sf notes: I think a number of variables need to be changed from int to
147 apr_size_t, including subcache_size, subcache_data_offset,
148 subcache_data_size, total, cache_total.
149 AIUI, especially cache_total starts to go wrong if the cache
150 gets larger than 4GB (UINT_MAX). Maybe set the limit at
151 MIN(APR_SIZE_MAX,UINT_MAX) until this is fixed?
152 minfrin: Surely we should just fix these unsigned ints? Not sure what value
153 there would be in trying to bake in an arbitrary limit in the mean
154 time when we can just fix the underlying problem instead.
155 jim: Agree w/ minfrin
156 sf: This would require someone to do the work. Until someone has the
157 necessary free cycles, I propose to include
158 http://svn.apache.org/r1515162
160 * mpm_unix: Add ap_mpm_podx_* implementation to avoid code duplication
162 trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1409214
163 http://svn.apache.org/viewvc?view=revision&revision=1410004
164 2.4.x patch: http://people.apache.org/~jim/patches/httpd-2.4-podx-v2.patch
167 * event: Use skiplist and fold in performance tweeks from trunk
168 trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1451706
169 http://svn.apache.org/viewvc?view=revision&revision=1517365
170 http://svn.apache.org/viewvc?view=revision&revision=1529442
171 2.4.x patch: http://people.apache.org/~jim/patches/httpd-2.4-event-v3.patch
173 trawick: needs something like r1529442 to disable event if APR 1.4.x is being used;
174 (since eventopt skiplist changes aren't proposed, r1529442 would need to
176 jj: Done in v3 of patch
178 * ab: Check if malloc succeeded
180 trunk: http://svn.apache.org/viewvc?view=revision&revision=1488492
181 2.4.x: trunk patch works
183 trawick: what happens if malloc() fails? same msg error over and over?
184 (doubtful it gets better for more than a very short while, until
185 the leak or fragmentation overtakes temporary freeing of memory)
186 is the state of that connection messed up from leaving
187 ssl_proceed_handshake() early?
189 * mod_ssl: improve ephemeral key handling - in particular, support DH params
190 with more than 1024 bits, and allow custom configuration. For a detailed
191 list of the changes, see the text at the beginning of the 2.4.x patch.
192 trunk patches: https://svn.apache.org/r1526168
193 https://svn.apache.org/r1527291
194 https://svn.apache.org/r1527294
195 https://svn.apache.org/r1527295
196 https://svn.apache.org/r1527926
197 2.4.x patch: https://people.apache.org/~kbrand/mod_ssl-2.4.x-ekh.diff
200 * mod_dav: Fix 55306. Don't require lock tokens for COPY source.
201 trunk patches: https://svn.apache.org/r1528718
202 2.4.x: trunk works, CHANGES needs to be written when merging
205 A list of further possible backports can be found at:
206 http://people.apache.org/~rjung/patches/possible-backports-httpd-trunk-2_4.txt
207 If you want to propose one of those, please still add them here.
212 * opinion on more complete DefaultRuntimeDir use in 2.4.x?
213 o If a module has a config directive for the run-time file that
214 treats the configured path as relative to server root, preserve
215 that behavior but change the location when not configured to
216 respect DefaultRuntimeDir. With these changes, users with no
217 per-runtime-file configuration directives can control
218 everything with DefaultRuntimeDir.
219 BUT: Existing users of DefaultRuntimeDir might get a short-term scare
220 when some unconfigured run-time file starts respecting their
221 DefaultRuntimeDir directive after an upgrade.
222 +1: trawick, jim, rjung
223 rjung: applicable trunk revisions WITHOUT the compatibility tweaks
226 core/pid file r1369808
228 mod_socache_XXX r1370225, r1407385
231 mod_slotmem_plain r1370763
232 igalic: We have three votes, what's the status here?
233 Independently, backport any doc tweaks to 2.4 API migration page.
235 PATCHES/ISSUES THAT ARE STALLED
237 * cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will be
238 compiled by the build compiler instead of the host compiler.
239 Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected.
240 Trunk patches: http://svn.apache.org/viewvc?view=revision&revision=1327907
241 http://svn.apache.org/viewvc?view=revision&revision=1328390
242 http://svn.apache.org/viewvc?view=revision&revision=1328714
243 2.4 patch: http://people.apache.org/~fuankg/diffs/httpd-2.4.x-cross_compile.diff
244 fuankg: on hold until we agree for a better and more simple solution ...
246 * mod_ssl: Add support for Next Protocol Negotiation.
248 http://svn.apache.org/viewvc?view=revision&revision=1332643
252 sf says: Needs r1345599, too.
253 And wrowe's comment about the 2.2 patch is also valid for 2.4:
254 http://svn.apache.org/viewvc?view=revision&revision=1354823
256 * mod_ssl: Add RFC 5878 support. This allows support of mechansisms
257 such as Certificate Transparency. Note that new
258 mechanisms are supported without software updates.
259 trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1352596
260 2.4.x patch: http://people.apache.org/~ben/httpd-2.4-rfc5878.patch
263 druggeri note: Needs docs for new directive
264 kbrand: depends on an unreleased OpenSSL version (1.0.2), and
265 RFC 5878 is of "Category: Experimental".
266 The API in the OpenSSL implementation from May 2012
267 (http://cvs.openssl.org/chngview?cn=22601) only covers the
268 privately-defined TLSEXT_AUTHZDATAFORMAT_audit_proof, there's
269 no support for x509_attr_cert (section 3.3.1 in RFC 5878) or
270 saml_assertion (3.3.2). SSL_CTX_use_authz_file doesn't have
271 any docs in OpenSSL, either, and there's no "openssl foo ..."
272 command or similar to create/manage such files.
273 Additionally, httpd-2.4-rfc5878.patch includes a build-system
274 change which is unrelated to this feature.
275 Note: as of 2013-04-15, r1352596 has been reverted in trunk
276 (with r1468131), for the reasons explained in the message with id
277 <515FED7C.5010009@velox.ch> sent to the dev list on 2013-04-06.
278 ben: not correct that it depends on OpenSSL 1.0.2, it builds with
279 any version. Also, if you read my note to dev@ you will see
280 why it is not premature.
281 minfrin: once this gets docs, +1.
283 * Makefile.win: Added copying of .vbs / .wsf CGIs to Windows install target.
284 Moved fixing of shebang to separate target so that it is
285 no longer executed by default and all CGIs remain inactive.
286 trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1387984
287 http://svn.apache.org/viewvc?view=revision&revision=1421203
288 http://svn.apache.org/viewvc?view=revision&revision=1421591
289 2.4.x patch: http://people.apache.org/~fuankg/diffs/httpd-2.4.x-Makefile.win.diff
292 This commit is essentially deciding that an httpd install on
293 Windows now has printenv/testcgi written in 2 more languages.
294 To the extent that the usefulness is that it shows how to make scripts
295 of these types executable by httpd, I believe that the documentation
296 is the proper place to solve that. To the extent that the usefullness
297 is to show how to implement a CGI in these particular languages, I believe
298 that the httpd distribution and documentation in general is not the
299 place for that. Historically these types of scripts have caused problems
300 for downstream vendorsas well as newbies (and sometimes the intersection
301 of those two groups) who don't understand that these are information leaks
302 once they are enabled, and the subtlety of the way they are disabled ("Apache
303 messed up the first line; let me fix that") contributes to that.
304 fuankg notes: I've just added a big warning to all CGI scripts which should now
305 make absolutely clear that these CGIs are for testing purpose only - so those
306 who enable those scripts with inserting the right shebang should be 100% aware
307 of any risks (this should cover your last point).
308 jim: trawick, does the above address your concerns?
309 trawick: to some extent (somebody reading the script gets an idea)
310 Why isn't the configuration requirement documented instead
311 of described indirectly in a sample?
312 Why are these new samples added to the install without three
313 votes? (I didn't veto it; put your name next to the two
314 existing ones and I'll be satisified that enough people
315 considered this addition as an appropriate solution for a
316 real httpd usability problem.)
317 wrowe: I'd agree with trawick, and suggest that these scripts can begin
318 their life somewhere in the manual/ tree. This really seems like
319 the place where /usr/share/httpd/examples/ would be useful, but
320 there isn't an ordinary directory for that. Since we want none
321 of the scripts to function 'out of the box', what about a new
322 cgi-examples/ dir alongside cgi-bin/? Otherwise manual/cgi/examples