1 APACHE 2.0 STATUS: -*-text-*-
2 Last modified at [$Date: 2001/01/19 03:01:14 $]
6 2.0b1 : Scheduled to release December 26, 2000
7 rbb volunteers to be RM
8 2.0a9 : released December 12, 2000
9 2.0a8 : released November 20, 2000
10 2.0a7 : released October 8, 2000
11 2.0a6 : released August 18, 2000
12 2.0a5 : released August 4, 2000
13 2.0a4 : released June 7, 2000
14 2.0a3 : released April 28, 2000
15 2.0a2 : released March 31, 2000
16 2.0a1 : released March 10, 2000
20 WARNING: ALWAYS check srclib/apr/STATUS and srclib/apr-util/STATUS
22 * Generic Hooks are absolutely wrong in linkage, they are declared as
23 exported from APU, but actually exported from modules. This needs
24 heavy fixup, which Bill will do on the plane tommorow. The actual
25 'Apache' declaration is in Apache's files, with the 'explicit linkage'
26 flavor in apr-util. (Unless you folks will finally buckle and accept
27 the linkspec in hook declarations. I'm not holding my breath.)
29 * Root all file systems with <Directory /> for WIN32/OS2/NW permissions
30 Status: patch brought forward from 1.3.14
31 WIN32 and OS2 need review [William Rowe, Brian Harvard]
33 * Error messages are filtered according to the needs of the original
34 URI. Nothing ensures that they are translated on EBCDIC machines
35 and *not* translated on ASCII machines.
37 * Win32: Enable the Windows MPM to honor max_requests_per_child
38 Status: FirstBill will fix this?
40 * Win32: Get Apache working on Windows 95/98. The following work
41 (at least) needs to be done:
42 - winnt MPM: Fix 95/98 code paths in the winnt MPM. There is some NT
43 specific code that is still not in NT only code paths
44 - IOL binds to APR sendfile, implemented with TransmitFile, which
45 is not available on 95/98.
46 - Document warning that OSR2 is required (for Crypt functions, in
49 * Win32: Test access logging with multiple threads. Will the
50 native file I/O calls serialize automagically like the
51 CRT calls or do we need to add region locking each time
55 * Win32: Complete the revamp the service environment and relocation
56 into the WinNT MPM. Changes ServerRoot service registry
57 parameter into ConfigArgs for multiple service startup parameters.
58 Problems to fix in the revamp: -k shutdown/restart are broken,
59 signals are not being acknowledged. Close window and shutdown
60 also seem out of sorts.
61 OtherBill is working on this and will finish over the weekend.
63 * We need a thread-safe resolver, at least on Unix.
64 Status: The best known candidate would be something from
66 Status: Greg asks, "why? doesn't gethostbyname_r() handle this?"
68 * The AddInputFilter and AddOutputFilter directives do not allow the
69 administrator to remove or reorder filters. Once a filter is added
70 in a container, it is present in any subcontainers. It can only be
71 added to the filter chain after any filters specified in enclosing
74 * remove the --disable-shared from the subdir config of APR(UTIL)
75 before the final release. (in fact, it might even be nice to
76 allow for Apache config/build against an already-installed
78 Note: we need to do a "make install" for APR(UTIL) so the shared
79 libraries can be installed properly. We could also use that
80 point to install include files (rather than have Apache
81 know everything that needs to be installed from the
82 sub-packages). The original impetus for doing the
83 disable-shared was because the shared lib wasn't getting
84 installed and a "make clean" in aprutil would make Apache
87 * users who want to install third-party modules into the Apache
88 source tree (for static linking) need to have autoconf and
89 libtool installed. This is because the module needs to have its
90 config.m4 incorporated into ./configure, which means "buildconf"
92 Note: This is in part because we have removed the "extra" directory.
93 In the Apache-2.0 repository, this directory had a config.m4
94 file that allowed people to add external modules by
95 specifying --with-module on the configure line.
97 RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
99 * Mod_autoindex is still causing too many buckets and too many bucket
100 brigades to be created. We need to improve the way the old ap_r*
101 functions interact with buckets. This is being tabled until after
103 See MSG: <Pine.LNX.4.21.0101111403150.1557-100000@koj>
105 * The directives to setup output filters need to be re-visited. These
106 directives aren't consistent with what we already have, and they don't
107 always make good sense.
108 Status: rbb volunteers.
110 * Combine log_child and piped_log_spawn. Clean up http_log.c.
113 * Create unified scoreboard API and implementation shared across
116 * Document mod_file_cache.
118 * OS/2: Get loadable modules working again. Requires shared core support
119 which doesn't appear to be catered for in the current build system.
121 * OS/2: Make mod_status work for spmt_os2 MPM.
123 * Win32: Enable the winnt MPM to use the new scoreboard API
125 * Win32: Win9x console window still won't play nice with the
126 close window, logoff and shutdown scenarios.
127 Status: OtherBill will move the patch forward from 1.3.15, once we
128 get our other Win9x issues solved.
130 * Win32: Add a simple hold console open patch (wait for close or
131 the ESC key, with a nice message) if the server died a bad
132 death (non-zero exit code) in console mode.
133 Status: OtherBill is bringing forward same ugly hack from 1.3.13
135 * Platforms that do not support fork (primarily Win32 and AS/400)
136 Architect start-up code that avoids initializing all the modules
137 in the parent process on platforms that do not support fork.
139 * Win32: Migrate the MPM over to use APR thread/process calls. This
140 would eliminate some code in the Win32 branch that essentially
141 duplicates what is in APR.
143 * There are still a number of places in the code where we are
144 losing error status (i.e. throwing away the error returned by a
145 system call and replacing it with a generic error code)
147 * Win32: Implement reliable piped logs on Windows
149 * The connection status table is not very efficient. Also, very few stats
150 are exported to the connection status table (easy to fix), and mod_status
153 * Mass vhosting version of suEXEC.
155 * All DBMs suffer from confusion in support/dbmmanage (perl script) since
156 the dbmmanage employs the first-matched dbm format. This is not
157 necessarily the library that Apache was built with. Aught to
158 rewrite dbmmanage upon installation to bin/ with the proper library
159 for predictable mod_auth_db/dbm administration.
161 * use apu_dbm in mod_auth_dbm
162 Status: Greg +1 (low-priority volunteer)
165 Some additional items remaining:
166 - case_preserved_filename stuff
167 (use the new canonical name stuff?)
168 - find a new home for ap_text(_header)
169 - is it possible to remove the DAV: namespace stuff from util_xml?
171 * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
172 are a bit wonky. The function should probably be exposed as a utility
173 function (such as ap_translate_url2fs() or ap_validate_fs_url() or
174 something). Another approach would be a new hook phase after
175 "translate" which would allow the module to munge what the
176 translation has decided to do.
177 Status: Greg +1 (volunteers), Ryan +1
179 * Explore use of a post-config hook for the code in http_main.c which
180 calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
181 ap_sort_hooks() [to reduce the logic in main()]
183 * read the config tree just once, and process N times (as necessary)
185 * (possibly) use UUIDs in mod_unique_id and/or mod_usertrack
187 * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
188 into a VirtualHost container) to 2.0.
190 * the LTFLAGS = -export-dynamic in the config.m4 is wrong. it is getting
191 added multiple times during the config process. The -export-dynamic
192 should probably move into build/special.mk (the make file used for
193 building Apache modules).
195 * toss the AddModule directive. we add all prelinked modules
196 automatically, and the LoadModule directive now implies
197 AddModule. so... there is no point to it any more.
200 PRs that have been suspended forever waiting for someone to
201 put them into 'the next release':
204 missing call to "setlocale();"
208 Additional status for XBitHack directive
212 Questionable performace of mod_dir() with negotiation
216 Mod_proxy doesn't allow change of error pages
220 Modified PATH environemnt variable is not passed, instead
225 Proxy doesn't deliver documents if not connected
229 proxy converts ~name to %7Ename when name starts with a dot (.)
233 mod_access syntax allows hosts that should be restricted
236 * PR#557: mod_auth-any
237 ~UserHome directories are not honored in absolute pathname
241 * PR#573: mod_log-any
242 More LogFormat directives
246 Proxy FTP Authentication Fails
249 * PR#623: mod_include
250 A smarter "Last Modified" value for SSI documents (see PR number 600)
254 Request of "Options SymLinksIfGroupMatch"
257 * PR#697: mod_include
258 A security tweak I've been using for a few years for SSI
262 Proxy doesn't do links right for OpenVMS files through ftp:
266 imap should read <MAP><AREA>*</MAP> too!
270 RLimitCPU and RLimitMEM don't apply to all children like they should
274 Uses cwd before filling it in, doesn't use syslog
278 it is useful to allow specifiction that root-owned symlinks
279 should always be followed
283 Controlling Access to Remote Proxies would be nice...
287 Adding authentication "on the fly" through the proxy module
290 * PR#1004: apache-api
291 request_config field in request_rec is moderately bogus
295 DoS attacks involving memory consumption
298 * PR#1050: mod_log-any
299 Logging of virtual server to error_log as well
303 ProxyRemote make a dead cycle.
306 * PR#1117: mod_auth-any
307 Using NIS passwd.byname dbm files with AuthDBMUserFile
311 suexec does not parse arguments to #exec cmd
314 * PR#1145: mod_include
315 Allow for Last-Modified: without resorting to XBitHack
319 insufficent AllowOverrides granularity for autoindexing
322 * PR#1158: apache-api
323 improvements to child spawning API
327 ``nph-'' not honored (no buffering) for ProxyRemote mapping
331 Apache cannot handle continuation line in headers
335 setlogin() is not called, causing problems with e.g. identd
339 regerror() exists, use it
342 * PR#1233: apache-api
343 there is no way to keep per-connection per-module state
347 Add frame-safe anchor attribute to mod_autoindex links
351 CGI scripts running as Apache user: security (suexec etc.)
355 Error messages could be easier to spot in cgi.log file for suexec.c
358 * PR#1287: mod_access
359 add allow,deny/deny,allow warning to mod_access
363 Need to know "hit-rate" on proxy cache
366 * PR#1358: mod_log-any
367 Selective url-encode of log fields (or maybe a pseudo
371 * PR#1383: mod_headers
372 I make mod_headers to modify request headers as well as
377 Proxy transfer logging
381 No HTTP_X_FORWARDED_FOR set...
385 ProxyRemote proxy requests fail authentication by firewall
388 * PR#1574: mod_autoindex
389 ReadmeName and HeaderName don't allow for server-parsed html.
392 * PR#1582: mod_rewrite
393 mod_rewrite forms REQUEST_URI different than mod_cgi does
396 * PR#1677: mod_headers
397 mod_headers should allow mod_log_config-style formats in
402 mod_proxy to support persistent conns?
405 * PR#1803: mod_include
406 patches to mod_include to allow for file tests
409 * PR#1809: mod_auth-any
410 Suggestion for improving authentication modules and core source
411 code, problem with 401 and ErrorDocument
414 * PR#1855: mod_autoindex
415 More Control over autoindex layout
419 listing of proxy cache content
423 Allow modules to set user:group for execution.
426 * PR#2024: apache-api
427 adding auth_why to conn_rec
430 * PR#2073: mod_log-any
431 pipelined connections are not logged correctly
434 * PR#2074: mod_rewrite
435 mod_rewrite doesn't pass Proxy Throughput on internal subrequests
439 HTTP Server Rebuild Line Needs Changing for the better
442 * PR#2138: mod_status
443 mod_status always displays 256 possible connection slots
446 * PR#2221: documentation
447 Make online documentation search link back to my installation
451 Can not POST to ErrorDocument - Apache/1.3b6
455 patterns in ProxyRemote
458 * PR#2343: mod_status
459 Status module averages are for entire uptime
463 suexec for general access of user content?
467 Proposal for TimeZone directive
471 /server-info doesn't check for the virtual host to list the info
475 problem specifying ndbm library for build ?with autoconfigure
479 A small addition to rotatelogs.c to improve program functionality.
483 AllowOverride FileInfo is too coarse
487 TimeOut applies to output of CGI scripts
490 * PR#2512: mod_access
491 <IfDenied> directive wanted
495 CGI's for general use still have to be run as another user
500 Cache file names in Proxy module
504 [PATCH] User/Group for <Directory> and <Location> i.e. not only
505 in global and <Virtual>.
509 mailto tags and bundling bug report script
512 * PR#2772: mod_log-any
517 Support for System Resource Controller
521 When will Apache support P3P? Any Plans?
525 Feedback/Comment on APACI
529 Inclusion of RPM spec file in CVS/distributions
533 Propose that Apache recommend $UNIQUE_ID for all "session id"
538 suggestion: power up your Include directive :)
542 cannot limit some HTTP methods
545 * PR#3026: mod_autoindex
546 No way to change ReadmeName/HeaderName suffixes.
549 * PR#3143: apache-api
550 No module specific data hook for per-connection data
554 Configuration file in Japanese
557 * PR#3191: mod_negotiation
558 no way to set global quality-of-source (qs) coneg values
562 * PR#3430: mod_negotiation
563 Enhancement: MultiViews, Multi-Language Documents
567 Accessing URL through proxy server corrupts data.
570 * PR#3594: os-windows
571 Please add an Apache icon to the systray instead of a DOS window
575 Some anonymous FTP URLs ask for authentication
578 * PR#3654: mod_autoindex
579 BORDER=0 makes Icons look nicer (FancyIndexing)
583 New ErrorDocumentMatch directive
586 * PR#4180: os-windows
587 Alternative for win95 users
591 Need to be able to override shebang line to make CGI scripts
596 "Files" and "FilesMatch" regexp does not recognize bang as
600 * PR#4448: mod_log-any
601 Please allow CGI env variables (QUERY_STRING, ...) to be logged
605 * PR#4459: mod_include
606 Suggestion for better handling of Last-modified headers
610 mod_cgi prevents handling of OPTIONS requests
613 * PR#4520: mod_autoindex
614 mod_autoindex does not generate Last-Modified response headers
617 * PR#4658: os-windows
618 The output of CGI scripts appears in the window that apache
622 * PR#5713: os-windows
623 [PATCH] install as service with domain account
627 AllowOverride should have a 'CheckNone' and 'AllowNone' argument
628 instead of only 'None'
632 MIME types for MNG and JNG files need adding to mime.types and
633 the mime.types and magic files
634 Status: Waiting for IANA types to be defined
636 Other bugs that need fixing:
638 * MaxRequestsPerChild measures connections, not requests.
639 Until someone has a better way, we'll probably just rename it
640 "MaxConnectionsPerChild".
642 * Regex containers don't work in an intutive way
643 Status: No one has come up with an efficient way to fix this
644 behavior. Dean has suggested getting rid of regex containers
647 * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
648 sigwaiting thread. We need to work around this, perhaps unless
649 there is hope soon for a fixed glibc.
651 Other features that need writing:
653 * Finish infrastructure in core for async MPMs
656 * TODO in source -- just do an egrep on "TODO" and see what's there
658 Documentation that needs writing:
659 * Mod_status docs are needed.
661 * The concept of MPMs, especially if we ship more than one MPM for a
664 * New directives in the various MPMs and appropriate links from
665 obsolete directives in core.html to the MPM documentation.
667 * Revise manual/stopping.html and the last part of
668 manual/misc/perf-tuning.html to take account of the MPMs.
671 Status: Ben Laurie has written some hooks documentation
672 (apache-2.0/htdocs/hooks.html)
674 * Changes since 1.3.9 can be more easily seen in the commitlog file
675 dev.apache.org:/home/cvs/CVSROOT/commitlogs/apache-2.0
676 which includes some of Roy's comments when the changes were
677 committed in rough change-sets by purpose. Note that the commitlog
678 does not show the contents of new files until later.
682 * Jon Travis's <jtravis@covalent.net> patch to deal with thread-safe
683 issues with inet_ntoa. See message <20001201163220.A12827@covalent.net>
684 Status: This is being set aside until the IPv6 work is finished
685 so that we know exactly what is required.
687 * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
688 htpasswd actions due to a full /tmp volume (other programs may have
693 * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
695 Status: These were written for 1.3, and are awaiting a port to
698 * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
699 other small mod_usertrack features
701 * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
702 of SSI's to be modified in the config file. Patch is available in
707 * What do we do about mod_proxy?
709 * Which MPMs will be included with Apache 2.0?
711 * Is conf/highperformance.conf-dist obsolete? It looks obsolete.