1 APACHE 2.0 STATUS: -*-text-*-
2 Last modified at [$Date: 2001/08/21 23:41:35 $]
6 2.0.23 : rolled August 9, 2001
7 2.0.22 : rolled July 29, 2001
8 2.0.21 : rolled July 20, 2001
9 2.0.20 : rolled July 8, 2001
10 2.0.19 : rolled June 27, 2001
11 2.0.18 : rolled May 18, 2001
12 2.0.17 : rolled April 17, 2001
13 2.0.16 : rolled April 4, 2001
14 2.0.15 : rolled March 21, 2001
15 2.0.14 : rolled March 7, 2001
16 2.0a9 : released December 12, 2000
17 2.0a8 : released November 20, 2000
18 2.0a7 : released October 8, 2000
19 2.0a6 : released August 18, 2000
20 2.0a5 : released August 4, 2000
21 2.0a4 : released June 7, 2000
22 2.0a3 : released April 28, 2000
23 2.0a2 : released March 31, 2000
24 2.0a1 : released March 10, 2000
26 Please consult the following STATUS files for information
30 * srclib/apr-util/STATUS
35 * There is a bug in how we sort some hooks, at least the pre-config
36 hook. The first time we call the hooks, they are in the correct
37 order, but the second time, we don't sort them correctly. Currently,
38 the modules/http/config.m4 file has been renamed to
39 modules/http/config2.m4 to work around this problem, it should moved
40 back when this is fixed. rbb
42 * The AddInputFilter and AddOutputFilter directives do not allow the
43 administrator to remove or reorder filters. Once a filter is added
44 in a container, it is present in any subcontainers. It can only be
45 added to the filter chain after any filters specified in enclosing
48 * mod_dir should normally redirect ALL directory requests which do
49 not include a trailing slash on the URI. However, if a "notes"
50 flag is set (say, via BrowserMatch), this behavior will be
51 disabled for non-GET requests.
52 Status: Greg volunteers
53 MsgId: <20010227104646.E2297@lyra.org>
54 MsgId: <3A9C0097.9C83F07C@Golux.Com>
56 * mod_negotiation will not serve a request when an early extention
57 is understood, but a later extention is not. e.g. if the request
58 index.html.bak is recieved, and negotition could find the file
59 index.html.bak.en, it still won't be served because the
60 ap-mime-exception-list will contain "index" and "bak", and the
61 string "index.bak" doesn't match "index.html.bak". Need to
62 review the ap-mime-exception-list component by component to be
63 allow these cases. [This could be part of a patch to allow the
64 name index.bak in the case above to match index.html.bak.en]
66 * mod_negotiation needs a new option or directive, something like
67 ForceLanguagePriority, to fall back to the LanguagePriority
68 directive instead of returning a "no acceptable variant" error.
70 * Usability: Sanitize the MPM config directives. MaxClients in
71 the threaded MPM is totally misleading now as it has little to
72 do with limiting the number of clients (it limits the number
73 of child processes). Bill proposed nomenclature change to
74 something like "StartWorkers, MaxWorkers, etc." that could
75 apply to most all the MPMs (with some notable exceptions).
76 Bill would be happy with changing MaxClients to MaxServers
77 to make it agree with the operation of the StartServers
80 RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
82 * daedalus: mod_cgid and suexec have a problem co-existing. suexec
83 sees a null command string sometimes. The problem happens when
84 you access bugs.apache.org, then click on the "search the bug db"
87 * Win32: Rotatelogs sometimes is not terminated when Apache
88 goes down hard. FirstBill was looking at possibly tracking the
89 child's-child processes in the parent process.
91 * Win32: Add a simple hold console open patch (wait for close or
92 the ESC key, with a nice message) if the server died a bad
93 death (non-zero exit code) in console mode.
94 Resolution: bring forward same ugly hacks from 1.3.13-.20
96 * Port of mod_ssl to Apache 2.0:
98 The current porting state is summarized in modules/ssl/README. The next
99 step is to figure out how the old three configuration contexts (global,
100 per-server, per-directory) can be ported to Apache 2.0 (especially the
101 global context which has to survive server restarts RSE still does not
102 know how to port). Then the remaining source files (which depend on the
103 configuration contexts) which are still tagged with "-" in
104 modules/ssl/README can be ported.
106 One more thing to figure out is how and when mod_ssl can provide the
107 interactive pass phrase dialog (in Apache 1.3 it used the first init
108 round [where tty was still not detached] and skipped the second init
109 round [where it was already detached]). Apache 2.0 requires (or already
110 has?) an official hook where such tty-dialogs can be performed.
112 RSE is on holiday until June 11th, 2001. After this he starts
113 working on mod_ssl again and tries to make mod_ssl running inside
114 Apache 2.0 by end of June. If anyone wants to help making mod_ssl
115 running in the meantime, feel free to make your hands dirty inside
116 modules/ssl/. Do whatever you think is appropriate to get it
117 running. I've no objections of any kind, except: just do not
118 remove any old functionality. Keep everything, even if it needs
119 #if 0...endif wrapped to not make trouble for you.
121 * Performance: Get the SINGLE_LISTEN_UNSERIALIZED_ACCEPT
122 optimization working in threaded. prefork's new design for how
123 to notice data on the pod should be sufficient.
125 * mod_tls is very specific to OpenSSL. Make the API calls
126 more generic to support other encryption libraries.
128 * Performance & Debug: Eliminate most (and perhaps all) of the
129 malloc/free calls in the bucket brigade code. Need some
130 light weight memory management functions that allow freeing
131 memory (putting it back into a memory pool) when it is no
132 longer needed. Enabling simple debugging features like guard
133 bands, double free detection, etc. would be cool but certainly
134 not a hard requirement.
135 Status: Cliff, David, et al have discussed using the blocks SMS
136 for this. First step is to s/malloc/apr_sms_malloc/g, etc.
137 We could then have a thread-private SMS that is pointed
138 to by the conn_rec's or something so that all calls to
139 the bucket create functions can pass in that SMS. No locks
140 required. Should be fast...
142 * Eliminate unnecessary creation of pipes in mod_cgid
144 * the autoconf setup should be fixed to default to using the
145 "Apache" layout from config.layout, and each variable settable
146 in a layout should be overridable on the command line. Plus,
147 what we do right now just doesn't seem to fully fit into how autoconf
148 works, eg. AC_PREFIX_DEFAULT issues.
149 Message-ID: <Pine.BSF.4.20.0104031557420.20876-100000@alive.znep.com>
151 * Combine log_child and piped_log_spawn. Clean up http_log.c.
154 * Document mod_file_cache.
156 * OS/2: Make mod_status work for spmt_os2 MPM.
158 * Platforms that do not support fork (primarily Win32 and AS/400)
159 Architect start-up code that avoids initializing all the modules
160 in the parent process on platforms that do not support fork.
162 * Win32: Migrate the MPM over to use APR thread/process calls. This
163 would eliminate some code in the Win32 branch that essentially
164 duplicates what is in APR.
166 * There are still a number of places in the code where we are
167 losing error status (i.e. throwing away the error returned by a
168 system call and replacing it with a generic error code)
170 * Mass vhosting version of suEXEC.
172 * All DBMs suffer from confusion in support/dbmmanage (perl script) since
173 the dbmmanage employs the first-matched dbm format. This is not
174 necessarily the library that Apache was built with. Aught to
175 rewrite dbmmanage upon installation to bin/ with the proper library
176 for predictable mod_auth_db/dbm administration.
178 * use apu_dbm in mod_auth_dbm
179 Status: Greg +1 (low-priority volunteer)
180 Justin says: "Seems like this is already there, so should we just
181 remove the other DBM code in that file? If you want
182 to use gdbm, or dbm, etc, you should tell apr-util."
185 Some additional items remaining:
186 - case_preserved_filename stuff
187 (use the new canonical name stuff?)
188 - find a new home for ap_text(_header)
189 - is it possible to remove the DAV: namespace stuff from util_xml?
191 * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
192 are a bit wonky. The function should probably be exposed as a utility
193 function (such as ap_translate_url2fs() or ap_validate_fs_url() or
194 something). Another approach would be a new hook phase after
195 "translate" which would allow the module to munge what the
196 translation has decided to do.
197 Status: Greg +1 (volunteers), Ryan +1
199 * Explore use of a post-config hook for the code in http_main.c which
200 calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
201 ap_sort_hooks() [to reduce the logic in main()]
203 * read the config tree just once, and process N times (as necessary)
205 * (possibly) use UUIDs in mod_unique_id and/or mod_usertrack
207 * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
208 into a VirtualHost container) to 2.0.
210 * shift stuff to mod_core.h
212 * APR-ize resolver stuff in mod_unique_id (Jeff volunteers)
214 * callers of ap_run_create_request() should check the return value
215 for failure (Doug volunteers)
217 * when prefork bails out due to an initialization error in the detached
218 process (e.g., mutex init failure), other children (cgid, at least)
219 are left hanging around
221 * Win32: Get Apache working on Windows 95/98. The following work
222 (at least) needs to be done:
223 - winnt MPM: Fix 95/98 code paths in the winnt MPM. There is some NT
224 specific code that is still not in NT only code paths
225 - IOL binds to APR sendfile, implemented with TransmitFile, which
226 is not available on 95/98.
227 - Document warning that OSR2 is required (for Crypt functions, in
228 rand.c, at least.) This could be resolved with an SSL library, or
229 randomization in APR itself.
230 - Bring the Win9xConHook.dll from 1.3 into 2.0 (no sense till it
231 actually works) and add in a splash of Win9x service code.
233 PRs that have been suspended forever waiting for someone to
234 put them into 'the next release':
237 missing call to "setlocale();"
241 Additional status for XBitHack directive
245 Mod_proxy doesn't allow change of error pages
249 Modified PATH environemnt variable is not passed, instead
254 Proxy doesn't deliver documents if not connected
258 proxy converts ~name to %7Ename when name starts with a dot (.)
262 mod_access syntax allows hosts that should be restricted
265 * PR#557: mod_auth-any
266 ~UserHome directories are not honored in absolute pathname
271 Proxy FTP Authentication Fails
274 * PR#623: mod_include
275 A smarter "Last Modified" value for SSI documents (see PR number 600)
279 Request of "Options SymLinksIfGroupMatch"
283 Proxy doesn't do links right for OpenVMS files through ftp:
287 imap should read <MAP><AREA>*</MAP> too!
291 RLimitCPU and RLimitMEM don't apply to all children like they should
295 Uses cwd before filling it in, doesn't use syslog
299 it is useful to allow specifiction that root-owned symlinks
300 should always be followed
304 Controlling Access to Remote Proxies would be nice...
308 Adding authentication "on the fly" through the proxy module
311 * PR#1004: apache-api
312 request_config field in request_rec is moderately bogus
316 DoS attacks involving memory consumption
319 * PR#1050: mod_log-any
320 Logging of virtual server to error_log as well
324 ProxyRemote make a dead cycle.
327 * PR#1117: mod_auth-any
328 Using NIS passwd.byname dbm files with AuthDBMUserFile
332 suexec does not parse arguments to #exec cmd
335 * PR#1145: mod_include
336 Allow for Last-Modified: without resorting to XBitHack
339 * PR#1158: apache-api
340 improvements to child spawning API
344 ``nph-'' not honored (no buffering) for ProxyRemote mapping
348 Apache cannot handle continuation line in headers
352 setlogin() is not called, causing problems with e.g. identd
356 regerror() exists, use it
359 * PR#1233: apache-api
360 there is no way to keep per-connection per-module state
363 * PR#1263: mod_autoexec
364 Add frame-safe anchor attribute to mod_autoindex links
368 CGI scripts running as Apache user: security (suexec etc.)
372 Error messages could be easier to spot in cgi.log file for suexec.c
375 * PR#1287: mod_access
376 add allow,deny/deny,allow warning to mod_access
380 Need to know "hit-rate" on proxy cache
383 * PR#1358: mod_log-any
384 Selective url-encode of log fields (or maybe a pseudo
388 * PR#1383: mod_headers
389 I make mod_headers to modify request headers as well as
394 Proxy transfer logging
398 No HTTP_X_FORWARDED_FOR set...
402 ProxyRemote proxy requests fail authentication by firewall
405 * PR#1582: mod_rewrite
406 mod_rewrite forms REQUEST_URI different than mod_cgi does
409 * PR#1677: mod_headers
410 mod_headers should allow mod_log_config-style formats in
415 mod_proxy to support persistent conns?
418 * PR#1803: mod_include
419 patches to mod_include to allow for file tests
422 * PR#1809: mod_auth-any
423 Suggestion for improving authentication modules and core source
424 code, problem with 401 and ErrorDocument
428 listing of proxy cache content
432 Allow modules to set user:group for execution.
435 * PR#2024: apache-api
436 adding auth_why to conn_rec
439 * PR#2073: mod_log-any
440 pipelined connections are not logged correctly
443 * PR#2074: mod_rewrite
444 mod_rewrite doesn't pass Proxy Throughput on internal subrequests
448 HTTP Server Rebuild Line Needs Changing for the better
451 * PR#2138: mod_status
452 mod_status always displays 256 possible connection slots
455 * PR#2221: documentation
456 Make online documentation search link back to my installation
460 Can not POST to ErrorDocument - Apache/1.3b6
464 patterns in ProxyRemote
467 * PR#2343: mod_status
468 Status module averages are for entire uptime
472 suexec for general access of user content?
476 Proposal for TimeZone directive
480 /server-info doesn't check for the virtual host to list the info
484 problem specifying ndbm library for build ?with autoconfigure
488 A small addition to rotatelogs.c to improve program functionality.
492 AllowOverride FileInfo is too coarse
496 TimeOut applies to output of CGI scripts
499 * PR#2512: mod_access
500 <IfDenied> directive wanted
504 CGI's for general use still have to be run as another user
509 Cache file names in Proxy module
513 [PATCH] User/Group for <Directory> and <Location> i.e. not only
514 in global and <Virtual>.
518 mailto tags and bundling bug report script
522 Support for System Resource Controller
526 When will Apache support P3P? Any Plans?
530 Feedback/Comment on APACI
534 Inclusion of RPM spec file in CVS/distributions
538 Propose that Apache recommend $UNIQUE_ID for all "session id"
543 suggestion: power up your Include directive :)
547 cannot limit some HTTP methods
550 * PR#3143: apache-api
551 No module specific data hook for per-connection data
554 * PR#3191: mod_negotiation
555 no way to set global quality-of-source (qs) coneg values
560 Accessing URL through proxy server corrupts data.
564 Some anonymous FTP URLs ask for authentication
568 New ErrorDocumentMatch directive
572 Need to be able to override shebang line to make CGI scripts
577 "Files" and "FilesMatch" regexp does not recognize bang as
581 * PR#4448: mod_log-any
582 Please allow CGI env variables (QUERY_STRING, ...) to be logged
586 * PR#4459: mod_include
587 Suggestion for better handling of Last-modified headers
591 mod_cgi prevents handling of OPTIONS requests
594 * PR#5713: os-windows
595 [PATCH] install as win32 service with domain account
599 AllowOverride should have a 'CheckNone' and 'AllowNone' argument
600 instead of only 'None'
603 Other bugs that need fixing:
605 * MaxRequestsPerChild measures connections, not requests.
606 Until someone has a better way, we'll probably just rename it
607 "MaxConnectionsPerChild".
609 * Regex containers don't work in an intutive way
610 Status: No one has come up with an efficient way to fix this
611 behavior. Dean has suggested getting rid of regex containers
614 * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
615 sigwaiting thread. We need to work around this, perhaps unless
616 there is hope soon for a fixed glibc.
618 * orig_ct in the byterange/multipart handling may not be
619 needed. Apache 1.3 just never stashed "multipart" into
620 r->content_type. We should probably follow suit since the
621 byterange stuff doesn't want the rest of the code to see the
622 multipart content-type; the other code should still think it is
623 dealing with the <orig_ct> stuff.
624 Status: Greg volunteers to investigate (esp. since he was most
625 likely the one to break it :-)
627 Other features that need writing:
629 * Finish infrastructure in core for async MPMs
632 * TODO in source -- just do an egrep on "TODO" and see what's there
636 * Jon Travis's <jtravis@covalent.net> patch to deal with thread-safe
637 issues with inet_ntoa. See message <20001201163220.A12827@covalent.net>
638 Status: This is being set aside until the IPv6 work is finished
639 so that we know exactly what is required.
641 * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
642 htpasswd actions due to a full /tmp volume (other programs may have
647 * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
649 Status: These were written for 1.3, and are awaiting a port to
652 * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
653 other small mod_usertrack features
655 * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
656 of SSI's to be modified in the config file. Patch is available in
661 * What do we do about mod_proxy?
663 * Which MPMs will be included with Apache 2.0?