1 APACHE 2.0 STATUS: -*-text-*-
2 Last modified at [$Date: 2001/11/11 01:26:27 $]
6 2.0.28 : tagged November 8, 2001
7 2.0.27 : rolled November 6, 2001
8 2.0.26 : tagged October 16, 2001. not rolled.
9 2.0.25 : rolled August 29, 2001
10 2.0.24 : rolled August 18, 2001
11 2.0.23 : rolled August 9, 2001
12 2.0.22 : rolled July 29, 2001
13 2.0.21 : rolled July 20, 2001
14 2.0.20 : rolled July 8, 2001
15 2.0.19 : rolled June 27, 2001
16 2.0.18 : rolled May 18, 2001
17 2.0.17 : rolled April 17, 2001
18 2.0.16 : rolled April 4, 2001
19 2.0.15 : rolled March 21, 2001
20 2.0.14 : rolled March 7, 2001
21 2.0a9 : released December 12, 2000
22 2.0a8 : released November 20, 2000
23 2.0a7 : released October 8, 2000
24 2.0a6 : released August 18, 2000
25 2.0a5 : released August 4, 2000
26 2.0a4 : released June 7, 2000
27 2.0a3 : released April 28, 2000
28 2.0a2 : released March 31, 2000
29 2.0a1 : released March 10, 2000
31 Please consult the following STATUS files for information
35 * srclib/apr-util/STATUS
40 * If any request gets to the core handler, without a flag that this
41 r->filename was tested by dir/file_walk, we need to 500 at the very
42 end of the ap_process_request_internal() processing. This provides
43 authors of older modules better compatibility, while still improving
44 the security and robustness of 2.0.
45 Status: still need to decide where this goes, OtherBill comments...
46 Message-ID: <065701c14526$495203b0$96c0b0d0@roweclan.net>
47 we need to look at halting this in the 'default handler' case,
48 and that implies pushing the 'handler election' into the request
49 internal processing phase from the run request phase.
51 * There is a bug in how we sort some hooks, at least the pre-config
52 hook. The first time we call the hooks, they are in the correct
53 order, but the second time, we don't sort them correctly. Currently,
54 the modules/http/config.m4 file has been renamed to
55 modules/http/config2.m4 to work around this problem, it should moved
56 back when this is fixed. rbb
58 * The Add...Filter and Set...Filter directives do not allow the
59 administrator to order filters, beyond the order of filename (mime)
60 extensions. It isn't clear if Set...Filter(s) should be inserted
61 before or after the Add...Filter(s) which are ordered by sequence of
62 filename extensions. Add...FilterByType will add to this quandry.
63 Some sort of resolution needs to be proposed,
65 * mod_dir should normally redirect ALL directory requests which do
66 not include a trailing slash on the URI. However, if a "notes"
67 flag is set (say, via BrowserMatch), this behavior will be
68 disabled for non-GET requests.
69 Status: Greg volunteers
70 MsgId: <20010227104646.E2297@lyra.org>
71 MsgId: <3A9C0097.9C83F07C@Golux.Com>
73 * mod_negotiation needs a new option or directive, something like
74 ForceLanguagePriority, to fall back to the LanguagePriority
75 directive instead of returning a "no acceptable variant" error.
76 Status: Bill has some code in his tree that accomplishes
77 this, and will commit it Friday after it's tested.
79 * Usability: Sanitize the MPM config directives. MaxClients in
80 the threaded MPM is totally misleading now as it has little to
81 do with limiting the number of clients (it limits the number
82 of child processes). Bill proposed nomenclature change to
83 something like "StartWorkers, MaxWorkers, etc." that could
84 apply to most all the MPMs (with some notable exceptions).
85 Bill would be happy with changing MaxClients to MaxServers
86 to make it agree with the operation of the StartServers
89 * revamp the input filter semantics, per discussions since
90 February (and especially at the hackathon last
91 April). Specifically, ap_get_brigade will return a brigade with
92 *up to* a specific number of bytes, or a "line" of data. The
93 read may be blocking or nonblocking. ap_getline() will be
94 refactored into apr_brigade_getline(), and then DECHUNK can use
95 f->next (ap_getline will always read "top of input stack"). Also
96 fix the bug where request body content will end up closing the
97 connection (buggering up persistent conns).
98 Status: Justin is working on this as fast as he can.
99 The core input filters, HTTP-related filters, mod_ssl, and
100 mod_proxy are switched to the new logic.
101 However, ap_getline() still needs to be refactored out. But,
102 there's a problem there: ap_getline() peeks ahead for MIME
103 continuation (first character on line is space or \t) and
104 stores unused data in core_request_config which violates the
105 abstraction. That's cheating. So, we may not be able to
106 implement this without setting some data aside (yuck!).
107 I believe this is OtherBill's main complaint with the current
109 AIUI (correct me if I'm wrong!), OtherBill believes we
110 should have a pushback option so that we can return unread
111 data - this would solve this case. However, my question to
112 him is how do we handle stuff like mod_ssl - we can't "unread"
113 data. So, do we have two brigades for each filter? An in
114 brigade and a returned brigade? That seems messy. To
115 everyone else, can we refactor ap_getline() without pushback
118 - socket bucket and core input filter changes. see end of
119 message ID (Feb 27): <20010227075326.S2297@lyra.org>
121 - fix up ap_get_brigade() semantics, fix bug in DECHUNK /
122 ap_getline. many messages (plus their threads) (Apr/May):
123 Message-ID: <20010402101207.J27539@lyra.org>
124 Message-ID: <3AF7F921.D2EEC41A@algroup.co.uk>
125 Message-ID: <20010508190029.E18404@lyra.org>
127 - further work with combining/tweaking the builtin filters:
128 Message-ID: <20010509115445.D1374@lyra.org>
130 - thoughts on filter modes:
131 Message-ID: <021b01c14dee$09782af0$93c0b0d0@roweclan.net>
133 * Fold mod_auth_db features back into mod_auth_dbm, and depricate it.
134 This can't wait until we have a 2.0-gold release, if folks need
135 to move over to auth_dbm, we can't do that to them after 2.0 gold.
137 * Source code should follow style guidelines.
138 This can't wait until we have a 2.0-gold release because then
139 style corrections will conflict with bug fixes found after
140 release which is not nice.
142 RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
144 * Allow the DocumentRoot directive within <Location > scopes? This
145 allows the beloved (crusty) Alias /foo/ /somepath/foo/ followed
146 by a <Directory /somepath/foo> to become simply
147 <Location /foo/> DocumentRoot /somefile/foo (IMHO a bit more legible
148 and in-your-face.) DocumentRoot unset would be accepted [and would
149 not permit content to be served, only virtual resources such as
150 server-info or server-status.
151 This proposed change would _not_ depricate Alias.
153 * add mod_gz to httpd-2.0 (in modules/experimental/)
154 +1: Greg, Justin, ben, Ken, Jeff, Bill, Ian
155 0: Cliff (there's now another candidate to be evaluated)
156 0: Jim (premature decision at present, IMO)
159 * daedalus: mod_cgid and suexec have a problem co-existing. suexec
160 sees a null command string sometimes. The problem happens when
161 you access bugs.apache.org, then click on the "search the bug db"
164 * Win32: Rotatelogs sometimes is not terminated when Apache
165 goes down hard. FirstBill was looking at possibly tracking the
166 child's-child processes in the parent process.
167 OtherBill asks, wasn't this fixed?
169 * Win32: Add a simple hold console open patch (wait for close or
170 the ESC key, with a nice message) if the server died a bad
171 death (non-zero exit code) in console mode.
172 Resolution: bring forward same ugly hacks from 1.3.13-.20
174 * Port of mod_ssl to Apache 2.0:
176 The current porting state is summarized in modules/ssl/README. The
177 remaining work includes:
178 (1) stablizing/optimizing the SSL filter logic
179 (2) Enabling the various SSL caching mechanisms (shmcb, shmht)
180 (3) Enabling SSL extentions
181 (4) Trying to seperate the https filter logic from mod_ssl -
182 This is to facilitate other modules that wish to use the https
183 filter or the mod_ssl logic or both as required.
185 * Performance: Get the SINGLE_LISTEN_UNSERIALIZED_ACCEPT
186 optimization working in threaded. prefork's new design for how
187 to notice data on the pod should be sufficient.
189 * Performance & Debug: Eliminate most (and perhaps all) of the
190 malloc/free calls in the bucket brigade code. Need some
191 light weight memory management functions that allow freeing
192 memory (putting it back into a memory pool) when it is no
193 longer needed. Enabling simple debugging features like guard
194 bands, double free detection, etc. would be cool but certainly
195 not a hard requirement.
197 Status: Cliff started to implement this using SMS as has
198 been discussed at length for months, but since
199 SMS is not being used anywhere else in the server,
200 several people expressed the opinion that we should
201 get rid of it entirely, meaning that the buckets
202 need their own memory management (free list) functions.
203 Cliff will implement that this weekend so we at least
204 have something to look at/compare with.
206 * Eliminate unnecessary creation of pipes in mod_cgid
208 * the autoconf setup should be fixed to default to using the
209 "Apache" layout from config.layout, and each variable settable
210 in a layout should be overridable on the command line. Plus,
211 what we do right now just doesn't seem to fully fit into how autoconf
212 works, eg. AC_PREFIX_DEFAULT issues.
213 Message-ID: <Pine.BSF.4.20.0104031557420.20876-100000@alive.znep.com>
215 * Combine log_child and piped_log_spawn. Clean up http_log.c.
218 * Document mod_file_cache.
220 * OS/2: Make mod_status work for spmt_os2 MPM.
222 * Platforms that do not support fork (primarily Win32 and AS/400)
223 Architect start-up code that avoids initializing all the modules
224 in the parent process on platforms that do not support fork.
226 * Win32: Migrate the MPM over to use APR thread/process calls. This
227 would eliminate some code in the Win32 branch that essentially
228 duplicates what is in APR.
230 * There are still a number of places in the code where we are
231 losing error status (i.e. throwing away the error returned by a
232 system call and replacing it with a generic error code)
234 * Mass vhosting version of suEXEC.
236 * All DBMs suffer from confusion in support/dbmmanage (perl script) since
237 the dbmmanage employs the first-matched dbm format. This is not
238 necessarily the library that Apache was built with. Aught to
239 rewrite dbmmanage upon installation to bin/ with the proper library
240 for predictable mod_auth_db/dbm administration.
241 Status: Mladen Turk has posted several patches and ideas.
242 Key question, part of htpasswd, or a seperate utility?
244 prefer seperate: OtherBill
247 * use apu_dbm in mod_auth_dbm
248 Status: Greg +1 (low-priority volunteer)
249 Justin says: "Seems like this is already there, so should we just
250 remove the other DBM code in that file? If you want
251 to use gdbm, or dbm, etc, you should tell apr-util."
252 Will says: "bs - I may choose the fastest - most efficient native
253 dbm implementation, for shared proc caches, ssl session
254 caching, etc, but that has nothing to do with maintaining
255 a userlist via dbm, which has to remain readable between
256 builds/machines, etc. The use-multiple database schema
257 for apr-util would let us do this with just apr, though."
260 Some additional items remaining:
261 - case_preserved_filename stuff
262 (use the new canonical name stuff?)
263 - find a new home for ap_text(_header)
264 - is it possible to remove the DAV: namespace stuff from util_xml?
266 * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
267 are a bit wonky. The function should probably be exposed as a utility
268 function (such as ap_translate_url2fs() or ap_validate_fs_url() or
269 something). Another approach would be a new hook phase after
270 "translate" which would allow the module to munge what the
271 translation has decided to do.
272 Status: Greg +1 (volunteers), Ryan +1
274 * Explore use of a post-config hook for the code in http_main.c which
275 calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
276 ap_sort_hooks() [to reduce the logic in main()]
278 * read the config tree just once, and process N times (as necessary)
280 * (possibly) use UUIDs in mod_unique_id and/or mod_usertrack
282 * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
283 into a VirtualHost container) to 2.0.
285 * shift stuff to mod_core.h
287 * APR-ize resolver stuff in mod_unique_id (Jeff volunteers)
289 * callers of ap_run_create_request() should check the return value
290 for failure (Doug volunteers)
292 * when prefork bails out due to an initialization error in the detached
293 process (e.g., mutex init failure), other children (cgid, at least)
294 are left hanging around
296 * Win32: Get Apache working on Windows 95/98. The following work
297 (at least) needs to be done:
298 - winnt MPM: Fix 95/98 code paths in the winnt MPM. There is some NT
299 specific code that is still not in NT only code paths
300 - IOL binds to APR sendfile, implemented with TransmitFile, which
301 is not available on 95/98.
302 - Document warning that OSR2 is required (for Crypt functions, in
303 rand.c, at least.) This could be resolved with an SSL library, or
304 randomization in APR itself.
305 - Bring the Win9xConHook.dll from 1.3 into 2.0 (no sense till it
306 actually works) and add in a splash of Win9x service code.
308 * When --enable-modules=most or --enable-mods-shared=most is passed
309 to the configure script it is still possible to enable many of the
310 modules while mod_so itself is not buildable (for whatever reason,
311 like not having APR_HAS_DSO). We need to emit an error message
312 and fail the configure script at this point.
314 PRs that have been suspended forever waiting for someone to
315 put them into 'the next release':
318 missing call to "setlocale();"
322 Additional status for XBitHack directive
326 Mod_proxy doesn't allow change of error pages
330 Modified PATH environemnt variable is not passed, instead
335 Proxy doesn't deliver documents if not connected
339 proxy converts ~name to %7Ename when name starts with a dot (.)
343 mod_access syntax allows hosts that should be restricted
346 * PR#557: mod_auth-any
347 ~UserHome directories are not honored in absolute pathname
352 Proxy FTP Authentication Fails
355 * PR#623: mod_include
356 A smarter "Last Modified" value for SSI documents (see PR number 600)
360 Request of "Options SymLinksIfGroupMatch"
364 Proxy doesn't do links right for OpenVMS files through ftp:
368 imap should read <MAP><AREA>*</MAP> too!
372 RLimitCPU and RLimitMEM don't apply to all children like they should
376 Uses cwd before filling it in, doesn't use syslog
380 it is useful to allow specifiction that root-owned symlinks
381 should always be followed
385 Controlling Access to Remote Proxies would be nice...
389 Adding authentication "on the fly" through the proxy module
392 * PR#1004: apache-api
393 request_config field in request_rec is moderately bogus
397 DoS attacks involving memory consumption
400 * PR#1050: mod_log-any
401 Logging of virtual server to error_log as well
405 ProxyRemote make a dead cycle.
408 * PR#1117: mod_auth-any
409 Using NIS passwd.byname dbm files with AuthDBMUserFile
413 suexec does not parse arguments to #exec cmd
416 * PR#1145: mod_include
417 Allow for Last-Modified: without resorting to XBitHack
420 * PR#1158: apache-api
421 improvements to child spawning API
425 ``nph-'' not honored (no buffering) for ProxyRemote mapping
429 Apache cannot handle continuation line in headers
433 setlogin() is not called, causing problems with e.g. identd
437 regerror() exists, use it
440 * PR#1233: apache-api
441 there is no way to keep per-connection per-module state
444 * PR#1263: mod_autoexec
445 Add frame-safe anchor attribute to mod_autoindex links
449 CGI scripts running as Apache user: security (suexec etc.)
453 Error messages could be easier to spot in cgi.log file for suexec.c
456 * PR#1287: mod_access
457 add allow,deny/deny,allow warning to mod_access
461 Need to know "hit-rate" on proxy cache
464 * PR#1358: mod_log-any
465 Selective url-encode of log fields (or maybe a pseudo
469 * PR#1383: mod_headers
470 I make mod_headers to modify request headers as well as
475 Proxy transfer logging
479 No HTTP_X_FORWARDED_FOR set...
483 ProxyRemote proxy requests fail authentication by firewall
486 * PR#1582: mod_rewrite
487 mod_rewrite forms REQUEST_URI different than mod_cgi does
490 * PR#1677: mod_headers
491 mod_headers should allow mod_log_config-style formats in
496 mod_proxy to support persistent conns?
499 * PR#1803: mod_include
500 patches to mod_include to allow for file tests
503 * PR#1809: mod_auth-any
504 Suggestion for improving authentication modules and core source
505 code, problem with 401 and ErrorDocument
509 listing of proxy cache content
513 Allow modules to set user:group for execution.
516 * PR#2024: apache-api
517 adding auth_why to conn_rec
520 * PR#2073: mod_log-any
521 pipelined connections are not logged correctly
524 * PR#2074: mod_rewrite
525 mod_rewrite doesn't pass Proxy Throughput on internal subrequests
529 HTTP Server Rebuild Line Needs Changing for the better
532 * PR#2138: mod_status
533 mod_status always displays 256 possible connection slots
536 * PR#2221: documentation
537 Make online documentation search link back to my installation
541 Can not POST to ErrorDocument - Apache/1.3b6
545 patterns in ProxyRemote
548 * PR#2343: mod_status
549 Status module averages are for entire uptime
553 suexec for general access of user content?
557 Proposal for TimeZone directive
561 /server-info doesn't check for the virtual host to list the info
565 problem specifying ndbm library for build ?with autoconfigure
569 A small addition to rotatelogs.c to improve program functionality.
573 AllowOverride FileInfo is too coarse
577 TimeOut applies to output of CGI scripts
580 * PR#2512: mod_access
581 <IfDenied> directive wanted
585 CGI's for general use still have to be run as another user
590 Cache file names in Proxy module
594 [PATCH] User/Group for <Directory> and <Location> i.e. not only
595 in global and <Virtual>.
599 mailto tags and bundling bug report script
603 Support for System Resource Controller
607 When will Apache support P3P? Any Plans?
611 Feedback/Comment on APACI
615 Inclusion of RPM spec file in CVS/distributions
619 Propose that Apache recommend $UNIQUE_ID for all "session id"
624 suggestion: power up your Include directive :)
628 cannot limit some HTTP methods
631 * PR#3143: apache-api
632 No module specific data hook for per-connection data
635 * PR#3191: mod_negotiation
636 no way to set global quality-of-source (qs) coneg values
641 Accessing URL through proxy server corrupts data.
645 Some anonymous FTP URLs ask for authentication
649 New ErrorDocumentMatch directive
653 Need to be able to override shebang line to make CGI scripts
658 "Files" and "FilesMatch" regexp does not recognize bang as
662 * PR#4448: mod_log-any
663 Please allow CGI env variables (QUERY_STRING, ...) to be logged
667 * PR#4459: mod_include
668 Suggestion for better handling of Last-modified headers
672 mod_cgi prevents handling of OPTIONS requests
675 * PR#5713: os-windows
676 [PATCH] install as win32 service with domain account
680 AllowOverride should have a 'CheckNone' and 'AllowNone' argument
681 instead of only 'None'
684 Other bugs that need fixing:
686 * MaxRequestsPerChild measures connections, not requests.
687 Until someone has a better way, we'll probably just rename it
688 "MaxConnectionsPerChild".
690 * Regex containers don't work in an intutive way
691 Status: No one has come up with an efficient way to fix this
692 behavior. Dean has suggested getting rid of regex containers
695 * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
696 sigwaiting thread. We need to work around this, perhaps unless
697 there is hope soon for a fixed glibc.
699 * orig_ct in the byterange/multipart handling may not be
700 needed. Apache 1.3 just never stashed "multipart" into
701 r->content_type. We should probably follow suit since the
702 byterange stuff doesn't want the rest of the code to see the
703 multipart content-type; the other code should still think it is
704 dealing with the <orig_ct> stuff.
705 Status: Greg volunteers to investigate (esp. since he was most
706 likely the one to break it :-)
708 Other features that need writing:
710 * Finish infrastructure in core for async MPMs
713 * TODO in source -- just do an egrep on "TODO" and see what's there
717 * Jon Travis's <jtravis@covalent.net> patch to deal with thread-safe
718 issues with inet_ntoa. See message <20001201163220.A12827@covalent.net>
719 Status: This is being set aside until the IPv6 work is finished
720 so that we know exactly what is required.
722 * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
723 htpasswd actions due to a full /tmp volume (other programs may have
728 * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
730 Status: These were written for 1.3, and are awaiting a port to
733 * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
734 other small mod_usertrack features
736 * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
737 of SSI's to be modified in the config file. Patch is available in
742 * Which MPMs will be included with Apache 2.0?