1 APACHE 2.0 STATUS: -*-text-*-
2 Last modified at [$Date: 2001/11/17 14:02:25 $]
7 2.0.28 : rolled November 12, 2001
8 2.0.27 : rolled November 6, 2001
9 2.0.26 : tagged October 16, 2001. not rolled.
10 2.0.25 : rolled August 29, 2001
11 2.0.24 : rolled August 18, 2001
12 2.0.23 : rolled August 9, 2001
13 2.0.22 : rolled July 29, 2001
14 2.0.21 : rolled July 20, 2001
15 2.0.20 : rolled July 8, 2001
16 2.0.19 : rolled June 27, 2001
17 2.0.18 : rolled May 18, 2001
18 2.0.17 : rolled April 17, 2001
19 2.0.16 : rolled April 4, 2001
20 2.0.15 : rolled March 21, 2001
21 2.0.14 : rolled March 7, 2001
22 2.0a9 : released December 12, 2000
23 2.0a8 : released November 20, 2000
24 2.0a7 : released October 8, 2000
25 2.0a6 : released August 18, 2000
26 2.0a5 : released August 4, 2000
27 2.0a4 : released June 7, 2000
28 2.0a3 : released April 28, 2000
29 2.0a2 : released March 31, 2000
30 2.0a1 : released March 10, 2000
32 Please consult the following STATUS files for information
36 * srclib/apr-util/STATUS
41 * If any request gets to the core handler, without a flag that this
42 r->filename was tested by dir/file_walk, we need to 500 at the very
43 end of the ap_process_request_internal() processing. This provides
44 authors of older modules better compatibility, while still improving
45 the security and robustness of 2.0.
46 Status: still need to decide where this goes, OtherBill comments...
47 Message-ID: <065701c14526$495203b0$96c0b0d0@roweclan.net>
48 we need to look at halting this in the 'default handler' case,
49 and that implies pushing the 'handler election' into the request
50 internal processing phase from the run request phase.
52 * There is a bug in how we sort some hooks, at least the pre-config
53 hook. The first time we call the hooks, they are in the correct
54 order, but the second time, we don't sort them correctly. Currently,
55 the modules/http/config.m4 file has been renamed to
56 modules/http/config2.m4 to work around this problem, it should moved
57 back when this is fixed. rbb
59 * The Add...Filter and Set...Filter directives do not allow the
60 administrator to order filters, beyond the order of filename (mime)
61 extensions. It isn't clear if Set...Filter(s) should be inserted
62 before or after the Add...Filter(s) which are ordered by sequence of
63 filename extensions. Add...FilterByType will add to this quandry.
64 Some sort of resolution needs to be proposed,
66 * mod_negotiation needs a new option or directive, something like
67 ForceLanguagePriority, to fall back to the LanguagePriority
68 directive instead of returning a "no acceptable variant" error.
69 Status: Bill has some code in his tree that accomplishes
70 this, and will commit it Friday after it's tested.
72 * Usability: Sanitize the MPM config directives. MaxClients in
73 the threaded MPM is totally misleading now as it has little to
74 do with limiting the number of clients (it limits the number
75 of child processes). Bill proposed nomenclature change to
76 something like "StartWorkers, MaxWorkers, etc." that could
77 apply to most all the MPMs (with some notable exceptions).
78 Bill would be happy with changing MaxClients to MaxServers
79 to make it agree with the operation of the StartServers
82 * revamp the input filter semantics, per discussions since
83 February (and especially at the hackathon last
84 April). Specifically, ap_get_brigade will return a brigade with
85 *up to* a specific number of bytes, or a "line" of data. The
86 read may be blocking or nonblocking. ap_getline() will be
87 refactored into apr_brigade_getline(), and then DECHUNK can use
88 f->next (ap_getline will always read "top of input stack"). Also
89 fix the bug where request body content will end up closing the
90 connection (buggering up persistent conns).
91 Status: Justin is working on this as fast as he can.
92 The core input filters, HTTP-related filters, mod_ssl, and
93 mod_proxy are switched to the new logic.
94 However, ap_getline() still needs to be refactored out. But,
95 there's a problem there: ap_getline() peeks ahead for MIME
96 continuation (first character on line is space or \t) and
97 stores unused data in core_request_config which violates the
98 abstraction. That's cheating. So, we may not be able to
99 implement this without setting some data aside (yuck!).
100 I believe this is OtherBill's main complaint with the current
102 AIUI (correct me if I'm wrong!), OtherBill believes we
103 should have a pushback option so that we can return unread
104 data - this would solve this case. However, my question to
105 him is how do we handle stuff like mod_ssl - we can't "unread"
106 data. So, do we have two brigades for each filter? An in
107 brigade and a returned brigade? That seems messy. To
108 everyone else, can we refactor ap_getline() without pushback
111 - socket bucket and core input filter changes. see end of
112 message ID (Feb 27): <20010227075326.S2297@lyra.org>
114 - fix up ap_get_brigade() semantics, fix bug in DECHUNK /
115 ap_getline. many messages (plus their threads) (Apr/May):
116 Message-ID: <20010402101207.J27539@lyra.org>
117 Message-ID: <3AF7F921.D2EEC41A@algroup.co.uk>
118 Message-ID: <20010508190029.E18404@lyra.org>
120 - further work with combining/tweaking the builtin filters:
121 Message-ID: <20010509115445.D1374@lyra.org>
123 - thoughts on filter modes:
124 Message-ID: <021b01c14dee$09782af0$93c0b0d0@roweclan.net>
126 * Fold mod_auth_db features back into mod_auth_dbm, and depricate it.
127 This can't wait until we have a 2.0-gold release, if folks need
128 to move over to auth_dbm, we can't do that to them after 2.0 gold.
130 * Convert all instances of the old apr_lock_t type to the new
131 types (once they are fully supported in APR).
132 Status: Aaron is working on converting INTRAPROCESS
133 to apr_thread_mutex_t types. Full replacements for
134 LOCKALL and CROSS_PROCESS are not yet complete on all
135 platforms, and should only be used in MPMs like worker
136 with limited OS exposure.
138 RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
140 * Source code should follow style guidelines.
141 This shouldn't wait until we have a 2.0-gold release because
142 then style corrections will conflict with bug fixes found after
143 release which is not nice.
145 * Allow the DocumentRoot directive within <Location > scopes? This
146 allows the beloved (crusty) Alias /foo/ /somepath/foo/ followed
147 by a <Directory /somepath/foo> to become simply
148 <Location /foo/> DocumentRoot /somefile/foo (IMHO a bit more legible
149 and in-your-face.) DocumentRoot unset would be accepted [and would
150 not permit content to be served, only virtual resources such as
151 server-info or server-status.
152 This proposed change would _not_ depricate Alias.
154 * add mod_gz to httpd-2.0 (in modules/experimental/)
155 +1: Greg, Justin, ben, Ken, Jeff, Bill, Ian
156 0: Cliff (there's now another candidate to be evaluated)
157 0: Jim, Aaron (premature decision at present, IMO)
160 * daedalus: mod_cgid and suexec have a problem co-existing. suexec
161 sees a null command string sometimes. The problem happens when
162 you access bugs.apache.org, then click on the "search the bug db"
165 * Win32: Rotatelogs sometimes is not terminated when Apache
166 goes down hard. FirstBill was looking at possibly tracking the
167 child's-child processes in the parent process.
168 OtherBill asks, wasn't this fixed?
170 * Win32: Add a simple hold console open patch (wait for close or
171 the ESC key, with a nice message) if the server died a bad
172 death (non-zero exit code) in console mode.
173 Resolution: bring forward same ugly hacks from 1.3.13-.20
175 * Port of mod_ssl to Apache 2.0:
177 The current porting state is summarized in modules/ssl/README. The
178 remaining work includes:
179 (1) stablizing/optimizing the SSL filter logic
180 (2) Enabling the various SSL caching mechanisms (shmcb, shmht)
181 (3) Enabling SSL extentions
182 (4) Trying to seperate the https filter logic from mod_ssl -
183 This is to facilitate other modules that wish to use the https
184 filter or the mod_ssl logic or both as required.
185 Justin: mod_ssl filter logic is redone, so that should be fine.
186 Madhu has submitted a patch for SSL caching - however, I
187 am -0 on that patch as I *think* we could implement the
188 shared memory another way that is much cleaner (i.e.
189 treat shmem directly as a dbm via APR routines). Justin
190 also thinks that the https filter logic may be sufficiently
191 decoupled now, but isn't really sure.
193 * Performance: Get the SINGLE_LISTEN_UNSERIALIZED_ACCEPT
194 optimization working in threaded. prefork's new design for how
195 to notice data on the pod should be sufficient.
197 * Performance & Debug: Eliminate most (and perhaps all) of the
198 malloc/free calls in the bucket brigade code. Need some
199 light weight memory management functions that allow freeing
200 memory (putting it back into a memory pool) when it is no
201 longer needed. Enabling simple debugging features like guard
202 bands, double free detection, etc. would be cool but certainly
203 not a hard requirement.
205 Status: Cliff started to implement this using SMS as has
206 been discussed at length for months, but since
207 SMS is not being used anywhere else in the server,
208 several people expressed the opinion that we should
209 get rid of it entirely, meaning that the buckets
210 need their own memory management (free list) functions.
211 Cliff will implement that this weekend so we at least
212 have something to look at/compare with.
214 * Eliminate unnecessary creation of pipes in mod_cgid
216 * the autoconf setup should be fixed to default to using the
217 "Apache" layout from config.layout, and each variable settable
218 in a layout should be overridable on the command line. Plus,
219 what we do right now just doesn't seem to fully fit into how autoconf
220 works, eg. AC_PREFIX_DEFAULT issues.
221 Message-ID: <Pine.BSF.4.20.0104031557420.20876-100000@alive.znep.com>
223 * Combine log_child and piped_log_spawn. Clean up http_log.c.
226 * Document mod_file_cache.
228 * OS/2: Make mod_status work for spmt_os2 MPM.
230 * Platforms that do not support fork (primarily Win32 and AS/400)
231 Architect start-up code that avoids initializing all the modules
232 in the parent process on platforms that do not support fork.
234 * Win32: Migrate the MPM over to use APR thread/process calls. This
235 would eliminate some code in the Win32 branch that essentially
236 duplicates what is in APR.
238 * There are still a number of places in the code where we are
239 losing error status (i.e. throwing away the error returned by a
240 system call and replacing it with a generic error code)
242 * Mass vhosting version of suEXEC.
244 * All DBMs suffer from confusion in support/dbmmanage (perl script) since
245 the dbmmanage employs the first-matched dbm format. This is not
246 necessarily the library that Apache was built with. Aught to
247 rewrite dbmmanage upon installation to bin/ with the proper library
248 for predictable mod_auth_db/dbm administration.
249 Status: Mladen Turk has posted several patches and ideas.
250 Key question, part of htpasswd, or a seperate utility?
252 prefer seperate: OtherBill
255 * use apu_dbm in mod_auth_dbm
256 Status: Greg +1 (low-priority volunteer)
257 Justin says: "Seems like this is already there, so should we just
258 remove the other DBM code in that file? If you want
259 to use gdbm, or dbm, etc, you should tell apr-util."
260 Will says: "bs - I may choose the fastest - most efficient native
261 dbm implementation, for shared proc caches, ssl session
262 caching, etc, but that has nothing to do with maintaining
263 a userlist via dbm, which has to remain readable between
264 builds/machines, etc. The use-multiple database schema
265 for apr-util would let us do this with just apr, though."
268 Some additional items remaining:
269 - case_preserved_filename stuff
270 (use the new canonical name stuff?)
271 - find a new home for ap_text(_header)
272 - is it possible to remove the DAV: namespace stuff from util_xml?
274 * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
275 are a bit wonky. The function should probably be exposed as a utility
276 function (such as ap_translate_url2fs() or ap_validate_fs_url() or
277 something). Another approach would be a new hook phase after
278 "translate" which would allow the module to munge what the
279 translation has decided to do.
280 Status: Greg +1 (volunteers), Ryan +1
282 * Explore use of a post-config hook for the code in http_main.c which
283 calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
284 ap_sort_hooks() [to reduce the logic in main()]
286 * read the config tree just once, and process N times (as necessary)
288 * (possibly) use UUIDs in mod_unique_id and/or mod_usertrack
290 * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
291 into a VirtualHost container) to 2.0.
293 * shift stuff to mod_core.h
295 * APR-ize resolver stuff in mod_unique_id (Jeff volunteers)
297 * callers of ap_run_create_request() should check the return value
298 for failure (Doug volunteers)
300 * Win32: Get Apache working on Windows 95/98. The following work
301 (at least) needs to be done:
302 - winnt MPM: Fix 95/98 code paths in the winnt MPM. There is some NT
303 specific code that is still not in NT only code paths
304 - IOL binds to APR sendfile, implemented with TransmitFile, which
305 is not available on 95/98.
306 - Document warning that OSR2 is required (for Crypt functions, in
307 rand.c, at least.) This could be resolved with an SSL library, or
308 randomization in APR itself.
309 - Bring the Win9xConHook.dll from 1.3 into 2.0 (no sense till it
310 actually works) and add in a splash of Win9x service code.
312 * In order to use a DSO version of mod_ssl we have to link with
313 -lssl and -lcrypto. A workaround is in place right now where the
314 entire EXTRA_LIBS macro is being appended to the objects list, but
315 this is a hack. We should either revamp the APACHE_CHECK_SSL_TOOLKIT
316 autoconf function or come up with some other autoconf checks to
317 search for libssl and libcrypto and properly add them to mod_ssl's
320 * Remove the threaded MPM.
321 +1: Ryan, Justin, Jeff, Ian, Aaron, Cliff, Greg Ames
325 * Make the worker MPM the default MPM for threaded Unix boxes.
326 +1: Justin, Jeff, Ian
327 -0: Aaron (premature decision, needs more discussion)
328 -0: Cliff (I think the default config should be the safest possible)
330 PRs that have been suspended forever waiting for someone to
331 put them into 'the next release':
334 missing call to "setlocale();"
338 Additional status for XBitHack directive
342 Mod_proxy doesn't allow change of error pages
346 Modified PATH environemnt variable is not passed, instead
351 Proxy doesn't deliver documents if not connected
355 proxy converts ~name to %7Ename when name starts with a dot (.)
359 mod_access syntax allows hosts that should be restricted
362 * PR#557: mod_auth-any
363 ~UserHome directories are not honored in absolute pathname
368 Proxy FTP Authentication Fails
371 * PR#623: mod_include
372 A smarter "Last Modified" value for SSI documents (see PR number 600)
376 Request of "Options SymLinksIfGroupMatch"
380 Proxy doesn't do links right for OpenVMS files through ftp:
384 imap should read <MAP><AREA>*</MAP> too!
388 RLimitCPU and RLimitMEM don't apply to all children like they should
392 Uses cwd before filling it in, doesn't use syslog
396 it is useful to allow specifiction that root-owned symlinks
397 should always be followed
401 Controlling Access to Remote Proxies would be nice...
405 Adding authentication "on the fly" through the proxy module
408 * PR#1004: apache-api
409 request_config field in request_rec is moderately bogus
413 DoS attacks involving memory consumption
416 * PR#1050: mod_log-any
417 Logging of virtual server to error_log as well
421 ProxyRemote make a dead cycle.
424 * PR#1117: mod_auth-any
425 Using NIS passwd.byname dbm files with AuthDBMUserFile
429 suexec does not parse arguments to #exec cmd
432 * PR#1145: mod_include
433 Allow for Last-Modified: without resorting to XBitHack
436 * PR#1158: apache-api
437 improvements to child spawning API
441 ``nph-'' not honored (no buffering) for ProxyRemote mapping
445 Apache cannot handle continuation line in headers
449 setlogin() is not called, causing problems with e.g. identd
453 regerror() exists, use it
456 * PR#1233: apache-api
457 there is no way to keep per-connection per-module state
460 * PR#1263: mod_autoexec
461 Add frame-safe anchor attribute to mod_autoindex links
465 CGI scripts running as Apache user: security (suexec etc.)
469 Error messages could be easier to spot in cgi.log file for suexec.c
472 * PR#1287: mod_access
473 add allow,deny/deny,allow warning to mod_access
477 Need to know "hit-rate" on proxy cache
480 * PR#1358: mod_log-any
481 Selective url-encode of log fields (or maybe a pseudo
485 * PR#1383: mod_headers
486 I make mod_headers to modify request headers as well as
491 Proxy transfer logging
495 No HTTP_X_FORWARDED_FOR set...
499 ProxyRemote proxy requests fail authentication by firewall
502 * PR#1582: mod_rewrite
503 mod_rewrite forms REQUEST_URI different than mod_cgi does
506 * PR#1677: mod_headers
507 mod_headers should allow mod_log_config-style formats in
512 mod_proxy to support persistent conns?
515 * PR#1803: mod_include
516 patches to mod_include to allow for file tests
519 * PR#1809: mod_auth-any
520 Suggestion for improving authentication modules and core source
521 code, problem with 401 and ErrorDocument
525 listing of proxy cache content
529 Allow modules to set user:group for execution.
532 * PR#2024: apache-api
533 adding auth_why to conn_rec
536 * PR#2073: mod_log-any
537 pipelined connections are not logged correctly
540 * PR#2074: mod_rewrite
541 mod_rewrite doesn't pass Proxy Throughput on internal subrequests
545 HTTP Server Rebuild Line Needs Changing for the better
548 * PR#2138: mod_status
549 mod_status always displays 256 possible connection slots
552 * PR#2221: documentation
553 Make online documentation search link back to my installation
557 Can not POST to ErrorDocument - Apache/1.3b6
561 patterns in ProxyRemote
564 * PR#2343: mod_status
565 Status module averages are for entire uptime
569 suexec for general access of user content?
573 Proposal for TimeZone directive
577 /server-info doesn't check for the virtual host to list the info
581 problem specifying ndbm library for build ?with autoconfigure
585 A small addition to rotatelogs.c to improve program functionality.
589 AllowOverride FileInfo is too coarse
593 TimeOut applies to output of CGI scripts
596 * PR#2512: mod_access
597 <IfDenied> directive wanted
601 CGI's for general use still have to be run as another user
606 Cache file names in Proxy module
610 [PATCH] User/Group for <Directory> and <Location> i.e. not only
611 in global and <Virtual>.
615 mailto tags and bundling bug report script
619 Support for System Resource Controller
623 When will Apache support P3P? Any Plans?
627 Feedback/Comment on APACI
631 Inclusion of RPM spec file in CVS/distributions
635 Propose that Apache recommend $UNIQUE_ID for all "session id"
640 suggestion: power up your Include directive :)
644 cannot limit some HTTP methods
647 * PR#3143: apache-api
648 No module specific data hook for per-connection data
651 * PR#3191: mod_negotiation
652 no way to set global quality-of-source (qs) coneg values
657 Accessing URL through proxy server corrupts data.
661 Some anonymous FTP URLs ask for authentication
665 New ErrorDocumentMatch directive
669 Need to be able to override shebang line to make CGI scripts
674 "Files" and "FilesMatch" regexp does not recognize bang as
678 * PR#4448: mod_log-any
679 Please allow CGI env variables (QUERY_STRING, ...) to be logged
683 * PR#4459: mod_include
684 Suggestion for better handling of Last-modified headers
688 mod_cgi prevents handling of OPTIONS requests
691 * PR#5713: os-windows
692 [PATCH] install as win32 service with domain account
696 AllowOverride should have a 'CheckNone' and 'AllowNone' argument
697 instead of only 'None'
700 Other bugs that need fixing:
702 * MaxRequestsPerChild measures connections, not requests.
703 Until someone has a better way, we'll probably just rename it
704 "MaxConnectionsPerChild".
706 * Regex containers don't work in an intutive way
707 Status: No one has come up with an efficient way to fix this
708 behavior. Dean has suggested getting rid of regex containers
711 * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
712 sigwaiting thread. We need to work around this, perhaps unless
713 there is hope soon for a fixed glibc.
715 * orig_ct in the byterange/multipart handling may not be
716 needed. Apache 1.3 just never stashed "multipart" into
717 r->content_type. We should probably follow suit since the
718 byterange stuff doesn't want the rest of the code to see the
719 multipart content-type; the other code should still think it is
720 dealing with the <orig_ct> stuff.
721 Status: Greg volunteers to investigate (esp. since he was most
722 likely the one to break it :-)
724 Other features that need writing:
726 * Finish infrastructure in core for async MPMs
729 * TODO in source -- just do an egrep on "TODO" and see what's there
733 * Jon Travis's <jtravis@covalent.net> patch to deal with thread-safe
734 issues with inet_ntoa. See message <20001201163220.A12827@covalent.net>
735 Status: This is being set aside until the IPv6 work is finished
736 so that we know exactly what is required.
738 * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
739 htpasswd actions due to a full /tmp volume (other programs may have
744 * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
746 Status: These were written for 1.3, and are awaiting a port to
749 * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
750 other small mod_usertrack features
752 * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
753 of SSI's to be modified in the config file. Patch is available in
758 * Which MPMs will be included with Apache 2.0?