1 APACHE 2.0 STATUS: -*-text-*-
2 Last modified at [$Date: 2001/08/16 05:01:43 $]
6 2.0.23 : rolled August 9, 2001
7 2.0.22 : rolled July 29, 2001
8 2.0.21 : rolled July 20, 2001
9 2.0.20 : rolled July 8, 2001
10 2.0.19 : rolled June 27, 2001
11 2.0.18 : rolled May 18, 2001
12 2.0.17 : rolled April 17, 2001
13 2.0.16 : rolled April 4, 2001
14 2.0.15 : rolled March 21, 2001
15 2.0.14 : rolled March 7, 2001
16 2.0a9 : released December 12, 2000
17 2.0a8 : released November 20, 2000
18 2.0a7 : released October 8, 2000
19 2.0a6 : released August 18, 2000
20 2.0a5 : released August 4, 2000
21 2.0a4 : released June 7, 2000
22 2.0a3 : released April 28, 2000
23 2.0a2 : released March 31, 2000
24 2.0a1 : released March 10, 2000
26 Please consult the following STATUS files for information
30 * srclib/apr-util/STATUS
35 * There is a bug in how we sort some hooks, at least the pre-config
36 hook. The first time we call the hooks, they are in the correct
37 order, but the second time, we don't sort them correctly. Currently,
38 the modules/http/config.m4 file has been renamed to
39 modules/http/config2.m4 to work around this problem, it should moved
40 back when this is fixed. rbb
42 * The AddInputFilter and AddOutputFilter directives do not allow the
43 administrator to remove or reorder filters. Once a filter is added
44 in a container, it is present in any subcontainers. It can only be
45 added to the filter chain after any filters specified in enclosing
48 * remove the --disable-shared from the subdir config of APR(UTIL)
49 before the final release. (in fact, it might even be nice to
50 allow for Apache config/build against an already-installed
52 Note: we need to do a "make install" for APR(UTIL) so the shared
53 libraries can be installed properly. We could also use that
54 point to install include files (rather than have Apache
55 know everything that needs to be installed from the
56 sub-packages). The original impetus for doing the
57 disable-shared was because the shared lib wasn't getting
58 installed and a "make clean" in aprutil would make Apache
61 * ap_vrprintf() needs to handle more than 4K
62 Status: Greg volunteers
64 * mod_dir should normally redirect ALL directory requests which do
65 not include a trailing slash on the URI. However, if a "notes"
66 flag is set (say, via BrowserMatch), this behavior will be
67 disabled for non-GET requests.
68 Status: Greg volunteers
69 MsgId: <20010227104646.E2297@lyra.org>
70 MsgId: <3A9C0097.9C83F07C@Golux.Com>
72 * mod_negotiation will not serve a request when an early extention
73 is understood, but a later extention is not. e.g. if the request
74 index.html.bak is recieved, and negotition could find the file
75 index.html.bak.en, it still won't be served because the
76 ap-mime-exception-list will contain "index" and "bak", and the
77 string "index.bak" doesn't match "index.html.bak". Need to
78 review the ap-mime-exception-list component by component to be
79 allow these cases. [This could be part of a patch to allow the
80 name index.bak in the case above to match index.html.bak.en]
82 * mod_negotiation needs a new option or directive, something like
83 ForceLanguagePriority, to fall back to the LanguagePriority
84 directive instead of returning a "no acceptable variant" error.
86 * Usability: Sanitize the MPM config directives. MaxClients in
87 the threaded MPM is totally misleading now as it has little to
88 do with limiting the number of clients (it limits the number
89 of child processes). Bill proposed nomenclature change to
90 something like "StartWorkers, MaxWorkers, etc." that could
91 apply to most all the MPMs (with some notable exceptions).
92 Bill would be happy with changing MaxClients to MaxServers
93 to make it agree with the operation of the StartServers
96 RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
98 * daedalus: mod_cgid and suexec have a problem co-existing. suexec
99 sees a null command string sometimes. The problem happens when
100 you access bugs.apache.org, then click on the "search the bug db"
103 * Win32: Rotatelogs sometimes is not terminated when Apache
104 goes down hard. FirstBill was looking at possibly tracking the
105 child's-child processes in the parent process.
107 * Win32: Add a simple hold console open patch (wait for close or
108 the ESC key, with a nice message) if the server died a bad
109 death (non-zero exit code) in console mode.
110 Resolution: bring forward same ugly hacks from 1.3.13-.20
112 * Port of mod_ssl to Apache 2.0:
114 The current porting state is summarized in modules/ssl/README. The next
115 step is to figure out how the old three configuration contexts (global,
116 per-server, per-directory) can be ported to Apache 2.0 (especially the
117 global context which has to survive server restarts RSE still does not
118 know how to port). Then the remaining source files (which depend on the
119 configuration contexts) which are still tagged with "-" in
120 modules/ssl/README can be ported.
122 One more thing to figure out is how and when mod_ssl can provide the
123 interactive pass phrase dialog (in Apache 1.3 it used the first init
124 round [where tty was still not detached] and skipped the second init
125 round [where it was already detached]). Apache 2.0 requires (or already
126 has?) an official hook where such tty-dialogs can be performed.
128 RSE is on holiday until June 11th, 2001. After this he starts
129 working on mod_ssl again and tries to make mod_ssl running inside
130 Apache 2.0 by end of June. If anyone wants to help making mod_ssl
131 running in the meantime, feel free to make your hands dirty inside
132 modules/ssl/. Do whatever you think is appropriate to get it
133 running. I've no objections of any kind, except: just do not
134 remove any old functionality. Keep everything, even if it needs
135 #if 0...endif wrapped to not make trouble for you.
137 * Performance: Get the SINGLE_LISTEN_UNSERIALIZED_ACCEPT
138 optimization working in threaded. prefork's new design for how
139 to notice data on the pod should be sufficient.
141 * mod_tls is very specific to OpenSSL. Make the API calls
142 more generic to support other encryption libraries.
144 * Performance & Debug: Eliminate most (and perhaps all) of the
145 malloc/free calls in the bucket brigade code. Need some
146 light weight memory management functions that allow freeing
147 memory (putting it back into a memory pool) when it is no
148 longer needed. Enabling simple debugging features like guard
149 bands, double free detection, etc. would be cool but certainly
150 not a hard requirement.
151 Status: Cliff, David, et al have discussed using the blocks SMS
152 for this. First step is to s/malloc/apr_sms_malloc/g, etc.
153 We could then have a thread-private SMS that is pointed
154 to by the conn_rec's or something so that all calls to
155 the bucket create functions can pass in that SMS. No locks
156 required. Should be fast...
158 * Eliminate unnecessary creation of pipes in mod_cgid
160 * the autoconf setup should be fixed to default to using the
161 "Apache" layout from config.layout, and each variable settable
162 in a layout should be overridable on the command line. Plus,
163 what we do right now just doesn't seem to fully fit into how autoconf
164 works, eg. AC_PREFIX_DEFAULT issues.
165 Message-ID: <Pine.BSF.4.20.0104031557420.20876-100000@alive.znep.com>
167 * Combine log_child and piped_log_spawn. Clean up http_log.c.
170 * Document mod_file_cache.
172 * OS/2: Make mod_status work for spmt_os2 MPM.
174 * Platforms that do not support fork (primarily Win32 and AS/400)
175 Architect start-up code that avoids initializing all the modules
176 in the parent process on platforms that do not support fork.
178 * Win32: Migrate the MPM over to use APR thread/process calls. This
179 would eliminate some code in the Win32 branch that essentially
180 duplicates what is in APR.
182 * There are still a number of places in the code where we are
183 losing error status (i.e. throwing away the error returned by a
184 system call and replacing it with a generic error code)
186 * Mass vhosting version of suEXEC.
188 * All DBMs suffer from confusion in support/dbmmanage (perl script) since
189 the dbmmanage employs the first-matched dbm format. This is not
190 necessarily the library that Apache was built with. Aught to
191 rewrite dbmmanage upon installation to bin/ with the proper library
192 for predictable mod_auth_db/dbm administration.
194 * use apu_dbm in mod_auth_dbm
195 Status: Greg +1 (low-priority volunteer)
198 Some additional items remaining:
199 - case_preserved_filename stuff
200 (use the new canonical name stuff?)
201 - find a new home for ap_text(_header)
202 - is it possible to remove the DAV: namespace stuff from util_xml?
204 * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
205 are a bit wonky. The function should probably be exposed as a utility
206 function (such as ap_translate_url2fs() or ap_validate_fs_url() or
207 something). Another approach would be a new hook phase after
208 "translate" which would allow the module to munge what the
209 translation has decided to do.
210 Status: Greg +1 (volunteers), Ryan +1
212 * Explore use of a post-config hook for the code in http_main.c which
213 calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
214 ap_sort_hooks() [to reduce the logic in main()]
216 * read the config tree just once, and process N times (as necessary)
218 * (possibly) use UUIDs in mod_unique_id and/or mod_usertrack
220 * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
221 into a VirtualHost container) to 2.0.
223 * shift stuff to mod_core.h
225 * APR-ize resolver stuff in mod_unique_id (Jeff volunteers)
227 * callers of ap_run_create_request() should check the return value
228 for failure (Doug volunteers)
230 * when prefork bails out due to an initialization error in the detached
231 process (e.g., mutex init failure), other children (cgid, at least)
232 are left hanging around
234 * Win32 should grow version info on all .dll/.so/.exe binaries. Pretty
235 simple with the right script (awk or perl), we just don't need to grow
236 dozens of new files in the repository to do so.
237 Suggested by: Jerker Back <info.jelmar@telia.com> PR 7388
239 * Win32: Get Apache working on Windows 95/98. The following work
240 (at least) needs to be done:
241 - winnt MPM: Fix 95/98 code paths in the winnt MPM. There is some NT
242 specific code that is still not in NT only code paths
243 - IOL binds to APR sendfile, implemented with TransmitFile, which
244 is not available on 95/98.
245 - Document warning that OSR2 is required (for Crypt functions, in
246 rand.c, at least.) This could be resolved with an SSL library, or
247 randomization in APR itself.
248 - Bring the Win9xConHook.dll from 1.3 into 2.0 (no sense till it
249 actually works) and add in a splash of Win9x service code.
251 PRs that have been suspended forever waiting for someone to
252 put them into 'the next release':
255 missing call to "setlocale();"
259 Additional status for XBitHack directive
263 Mod_proxy doesn't allow change of error pages
267 Modified PATH environemnt variable is not passed, instead
272 Proxy doesn't deliver documents if not connected
276 proxy converts ~name to %7Ename when name starts with a dot (.)
280 mod_access syntax allows hosts that should be restricted
283 * PR#557: mod_auth-any
284 ~UserHome directories are not honored in absolute pathname
289 Proxy FTP Authentication Fails
292 * PR#623: mod_include
293 A smarter "Last Modified" value for SSI documents (see PR number 600)
297 Request of "Options SymLinksIfGroupMatch"
301 Proxy doesn't do links right for OpenVMS files through ftp:
305 imap should read <MAP><AREA>*</MAP> too!
309 RLimitCPU and RLimitMEM don't apply to all children like they should
313 Uses cwd before filling it in, doesn't use syslog
317 it is useful to allow specifiction that root-owned symlinks
318 should always be followed
322 Controlling Access to Remote Proxies would be nice...
326 Adding authentication "on the fly" through the proxy module
329 * PR#1004: apache-api
330 request_config field in request_rec is moderately bogus
334 DoS attacks involving memory consumption
337 * PR#1050: mod_log-any
338 Logging of virtual server to error_log as well
342 ProxyRemote make a dead cycle.
345 * PR#1117: mod_auth-any
346 Using NIS passwd.byname dbm files with AuthDBMUserFile
350 suexec does not parse arguments to #exec cmd
353 * PR#1145: mod_include
354 Allow for Last-Modified: without resorting to XBitHack
357 * PR#1158: apache-api
358 improvements to child spawning API
362 ``nph-'' not honored (no buffering) for ProxyRemote mapping
366 Apache cannot handle continuation line in headers
370 setlogin() is not called, causing problems with e.g. identd
374 regerror() exists, use it
377 * PR#1233: apache-api
378 there is no way to keep per-connection per-module state
381 * PR#1263: mod_autoexec
382 Add frame-safe anchor attribute to mod_autoindex links
386 CGI scripts running as Apache user: security (suexec etc.)
390 Error messages could be easier to spot in cgi.log file for suexec.c
393 * PR#1287: mod_access
394 add allow,deny/deny,allow warning to mod_access
398 Need to know "hit-rate" on proxy cache
401 * PR#1358: mod_log-any
402 Selective url-encode of log fields (or maybe a pseudo
406 * PR#1383: mod_headers
407 I make mod_headers to modify request headers as well as
412 Proxy transfer logging
416 No HTTP_X_FORWARDED_FOR set...
420 ProxyRemote proxy requests fail authentication by firewall
423 * PR#1582: mod_rewrite
424 mod_rewrite forms REQUEST_URI different than mod_cgi does
427 * PR#1677: mod_headers
428 mod_headers should allow mod_log_config-style formats in
433 mod_proxy to support persistent conns?
436 * PR#1803: mod_include
437 patches to mod_include to allow for file tests
440 * PR#1809: mod_auth-any
441 Suggestion for improving authentication modules and core source
442 code, problem with 401 and ErrorDocument
446 listing of proxy cache content
450 Allow modules to set user:group for execution.
453 * PR#2024: apache-api
454 adding auth_why to conn_rec
457 * PR#2073: mod_log-any
458 pipelined connections are not logged correctly
461 * PR#2074: mod_rewrite
462 mod_rewrite doesn't pass Proxy Throughput on internal subrequests
466 HTTP Server Rebuild Line Needs Changing for the better
469 * PR#2138: mod_status
470 mod_status always displays 256 possible connection slots
473 * PR#2221: documentation
474 Make online documentation search link back to my installation
478 Can not POST to ErrorDocument - Apache/1.3b6
482 patterns in ProxyRemote
485 * PR#2343: mod_status
486 Status module averages are for entire uptime
490 suexec for general access of user content?
494 Proposal for TimeZone directive
498 /server-info doesn't check for the virtual host to list the info
502 problem specifying ndbm library for build ?with autoconfigure
506 A small addition to rotatelogs.c to improve program functionality.
510 AllowOverride FileInfo is too coarse
514 TimeOut applies to output of CGI scripts
517 * PR#2512: mod_access
518 <IfDenied> directive wanted
522 CGI's for general use still have to be run as another user
527 Cache file names in Proxy module
531 [PATCH] User/Group for <Directory> and <Location> i.e. not only
532 in global and <Virtual>.
536 mailto tags and bundling bug report script
540 Support for System Resource Controller
544 When will Apache support P3P? Any Plans?
548 Feedback/Comment on APACI
552 Inclusion of RPM spec file in CVS/distributions
556 Propose that Apache recommend $UNIQUE_ID for all "session id"
561 suggestion: power up your Include directive :)
565 cannot limit some HTTP methods
568 * PR#3143: apache-api
569 No module specific data hook for per-connection data
572 * PR#3191: mod_negotiation
573 no way to set global quality-of-source (qs) coneg values
578 Accessing URL through proxy server corrupts data.
581 * PR#3594: os-windows
582 Please add an Apache icon to the win32 systray instead of a DOS window
586 Some anonymous FTP URLs ask for authentication
590 New ErrorDocumentMatch directive
594 Need to be able to override shebang line to make CGI scripts
599 "Files" and "FilesMatch" regexp does not recognize bang as
603 * PR#4448: mod_log-any
604 Please allow CGI env variables (QUERY_STRING, ...) to be logged
608 * PR#4459: mod_include
609 Suggestion for better handling of Last-modified headers
613 mod_cgi prevents handling of OPTIONS requests
616 * PR#5713: os-windows
617 [PATCH] install as win32 service with domain account
621 AllowOverride should have a 'CheckNone' and 'AllowNone' argument
622 instead of only 'None'
625 Other bugs that need fixing:
627 * MaxRequestsPerChild measures connections, not requests.
628 Until someone has a better way, we'll probably just rename it
629 "MaxConnectionsPerChild".
631 * Regex containers don't work in an intutive way
632 Status: No one has come up with an efficient way to fix this
633 behavior. Dean has suggested getting rid of regex containers
636 * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
637 sigwaiting thread. We need to work around this, perhaps unless
638 there is hope soon for a fixed glibc.
640 * orig_ct in the byterange/multipart handling may not be
641 needed. Apache 1.3 just never stashed "multipart" into
642 r->content_type. We should probably follow suit since the
643 byterange stuff doesn't want the rest of the code to see the
644 multipart content-type; the other code should still think it is
645 dealing with the <orig_ct> stuff.
646 Status: Greg volunteers to investigate (esp. since he was most
647 likely the one to break it :-)
649 Other features that need writing:
651 * Finish infrastructure in core for async MPMs
654 * TODO in source -- just do an egrep on "TODO" and see what's there
658 * Jon Travis's <jtravis@covalent.net> patch to deal with thread-safe
659 issues with inet_ntoa. See message <20001201163220.A12827@covalent.net>
660 Status: This is being set aside until the IPv6 work is finished
661 so that we know exactly what is required.
663 * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
664 htpasswd actions due to a full /tmp volume (other programs may have
669 * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
671 Status: These were written for 1.3, and are awaiting a port to
674 * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
675 other small mod_usertrack features
677 * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
678 of SSI's to be modified in the config file. Patch is available in
683 * What do we do about mod_proxy?
685 * Which MPMs will be included with Apache 2.0?