1 APACHE 2.0 STATUS: -*-text-*-
2 Last modified at [$Date: 2001/11/20 03:14:05 $]
7 2.0.28 : released November 13, 2001
8 2.0.27 : rolled November 6, 2001
9 2.0.26 : tagged October 16, 2001. not rolled.
10 2.0.25 : rolled August 29, 2001
11 2.0.24 : rolled August 18, 2001
12 2.0.23 : rolled August 9, 2001
13 2.0.22 : rolled July 29, 2001
14 2.0.21 : rolled July 20, 2001
15 2.0.20 : rolled July 8, 2001
16 2.0.19 : rolled June 27, 2001
17 2.0.18 : rolled May 18, 2001
18 2.0.17 : rolled April 17, 2001
19 2.0.16 : rolled April 4, 2001
20 2.0.15 : rolled March 21, 2001
21 2.0.14 : rolled March 7, 2001
22 2.0a9 : released December 12, 2000
23 2.0a8 : released November 20, 2000
24 2.0a7 : released October 8, 2000
25 2.0a6 : released August 18, 2000
26 2.0a5 : released August 4, 2000
27 2.0a4 : released June 7, 2000
28 2.0a3 : released April 28, 2000
29 2.0a2 : released March 31, 2000
30 2.0a1 : released March 10, 2000
32 Please consult the following STATUS files for information
36 * srclib/apr-util/STATUS
41 * If any request gets to the core handler, without a flag that this
42 r->filename was tested by dir/file_walk, we need to 500 at the very
43 end of the ap_process_request_internal() processing. This provides
44 authors of older modules better compatibility, while still improving
45 the security and robustness of 2.0.
46 Status: still need to decide where this goes, OtherBill comments...
47 Message-ID: <065701c14526$495203b0$96c0b0d0@roweclan.net>
48 we need to look at halting this in the 'default handler' case,
49 and that implies pushing the 'handler election' into the request
50 internal processing phase from the run request phase.
52 * There is a bug in how we sort some hooks, at least the pre-config
53 hook. The first time we call the hooks, they are in the correct
54 order, but the second time, we don't sort them correctly. Currently,
55 the modules/http/config.m4 file has been renamed to
56 modules/http/config2.m4 to work around this problem, it should moved
57 back when this is fixed. rbb
59 * The Add...Filter and Set...Filter directives do not allow the
60 administrator to order filters, beyond the order of filename (mime)
61 extensions. It isn't clear if Set...Filter(s) should be inserted
62 before or after the Add...Filter(s) which are ordered by sequence of
63 filename extensions. Add...FilterByType will add to this quandry.
64 Some sort of resolution needs to be proposed,
66 * mod_negotiation needs a new option or directive, something like
67 ForceLanguagePriority, to fall back to the LanguagePriority
68 directive instead of returning a "no acceptable variant" error.
69 Status: Bill has some code in his tree that accomplishes
70 this, and will commit it Friday after it's tested.
72 * Usability: Sanitize the MPM config directives. MaxClients in
73 the threaded MPM is totally misleading now as it has little to
74 do with limiting the number of clients (it limits the number
75 of child processes). Bill proposed nomenclature change to
76 something like "StartWorkers, MaxWorkers, etc." that could
77 apply to most all the MPMs (with some notable exceptions).
78 Bill would be happy with changing MaxClients to MaxServers
79 to make it agree with the operation of the StartServers
82 * revamp the input filter semantics, per discussions since
83 February (and especially at the hackathon last
84 April). Specifically, ap_get_brigade will return a brigade with
85 *up to* a specific number of bytes, or a "line" of data. The
86 read may be blocking or nonblocking. ap_getline() will be
87 refactored into apr_brigade_getline(), and then DECHUNK can use
88 f->next (ap_getline will always read "top of input stack"). Also
89 fix the bug where request body content will end up closing the
90 connection (buggering up persistent conns).
91 Status: Justin is working on this as fast as he can.
92 The core input filters, HTTP-related filters, mod_ssl, and
93 mod_proxy are switched to the new logic.
94 However, ap_getline() still needs to be refactored out. But,
95 there's a problem there: ap_getline() peeks ahead for MIME
96 continuation (first character on line is space or \t) and
97 stores unused data in core_request_config which violates the
98 abstraction. That's cheating. So, we may not be able to
99 implement this without setting some data aside (yuck!).
100 I believe this is OtherBill's main complaint with the current
102 AIUI (correct me if I'm wrong!), OtherBill believes we
103 should have a pushback option so that we can return unread
104 data - this would solve this case. However, my question to
105 him is how do we handle stuff like mod_ssl - we can't "unread"
106 data. So, do we have two brigades for each filter? An in
107 brigade and a returned brigade? That seems messy. To
108 everyone else, can we refactor ap_getline() without pushback
111 - socket bucket and core input filter changes. see end of
112 message ID (Feb 27): <20010227075326.S2297@lyra.org>
114 - fix up ap_get_brigade() semantics, fix bug in DECHUNK /
115 ap_getline. many messages (plus their threads) (Apr/May):
116 Message-ID: <20010402101207.J27539@lyra.org>
117 Message-ID: <3AF7F921.D2EEC41A@algroup.co.uk>
118 Message-ID: <20010508190029.E18404@lyra.org>
120 - further work with combining/tweaking the builtin filters:
121 Message-ID: <20010509115445.D1374@lyra.org>
123 - thoughts on filter modes:
124 Message-ID: <021b01c14dee$09782af0$93c0b0d0@roweclan.net>
126 * Fold mod_auth_db features back into mod_auth_dbm, and depricate it.
127 This can't wait until we have a 2.0-gold release, if folks need
128 to move over to auth_dbm, we can't do that to them after 2.0 gold.
130 * Convert all instances of the old apr_lock_t type to the new
131 types (once they are fully supported in APR).
132 Status: Aaron is working on converting INTRAPROCESS
133 to apr_thread_mutex_t types. Full replacements for
134 LOCKALL and CROSS_PROCESS are not yet complete on all
135 platforms, and should only be used in MPMs like worker
136 with limited OS exposure.
138 RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
140 * Source code should follow style guidelines.
141 This shouldn't wait until we have a 2.0-gold release because
142 then style corrections will conflict with bug fixes found after
143 release which is not nice.
145 * Allow the DocumentRoot directive within <Location > scopes? This
146 allows the beloved (crusty) Alias /foo/ /somepath/foo/ followed
147 by a <Directory /somepath/foo> to become simply
148 <Location /foo/> DocumentRoot /somefile/foo (IMHO a bit more legible
149 and in-your-face.) DocumentRoot unset would be accepted [and would
150 not permit content to be served, only virtual resources such as
151 server-info or server-status.
152 This proposed change would _not_ depricate Alias.
154 * add mod_gz to httpd-2.0 (in modules/experimental/)
155 +1: Greg, Justin, ben, Ken, Jeff, Bill, Ian
156 0: Cliff (there's now another candidate to be evaluated)
157 0: Jim, Aaron (premature decision at present, IMO)
160 * daedalus: mod_cgid and suexec have a problem co-existing. suexec
161 sees a null command string sometimes. The problem happens when
162 you access bugs.apache.org, then click on the "search the bug db"
165 * Win32: Rotatelogs sometimes is not terminated when Apache
166 goes down hard. FirstBill was looking at possibly tracking the
167 child's-child processes in the parent process.
168 OtherBill asks, wasn't this fixed?
170 * Win32: Add a simple hold console open patch (wait for close or
171 the ESC key, with a nice message) if the server died a bad
172 death (non-zero exit code) in console mode.
173 Resolution: bring forward same ugly hacks from 1.3.13-.20
175 * Port of mod_ssl to Apache 2.0:
177 The current porting state is summarized in modules/ssl/README. The
178 remaining work includes:
179 (1) stablizing/optimizing the SSL filter logic
180 (2) Enabling the various SSL caching mechanisms (shmcb, shmht)
181 (3) Enabling SSL extentions
182 (4) Trying to seperate the https filter logic from mod_ssl -
183 This is to facilitate other modules that wish to use the https
184 filter or the mod_ssl logic or both as required.
185 Justin: mod_ssl filter logic is redone, so that should be fine.
186 Madhu has submitted a patch for SSL caching - however, I
187 am -0 on that patch as I *think* we could implement the
188 shared memory another way that is much cleaner (i.e.
189 treat shmem directly as a dbm via APR routines). Justin
190 also thinks that the https filter logic may be sufficiently
191 decoupled now, but isn't really sure.
193 * Performance: Get the SINGLE_LISTEN_UNSERIALIZED_ACCEPT
194 optimization working in worker. prefork's new design for how
195 to notice data on the pod should be sufficient.
197 * Performance & Debug: Eliminate most (and perhaps all) of the
198 malloc/free calls in the bucket brigade code. Need some
199 light weight memory management functions that allow freeing
200 memory (putting it back into a memory pool) when it is no
201 longer needed. Enabling simple debugging features like guard
202 bands, double free detection, etc. would be cool but certainly
203 not a hard requirement.
205 Status: Cliff started to implement this using SMS as has
206 been discussed at length for months, but since
207 SMS is not being used anywhere else in the server,
208 several people expressed the opinion that we should
209 get rid of it entirely, meaning that the buckets
210 need their own memory management (free list) functions.
211 Cliff will implement that this weekend so we at least
212 have something to look at/compare with.
214 * Eliminate unnecessary creation of pipes in mod_cgid
216 * the autoconf setup should be fixed to default to using the
217 "Apache" layout from config.layout, and each variable settable
218 in a layout should be overridable on the command line. Plus,
219 what we do right now just doesn't seem to fully fit into how autoconf
220 works, eg. AC_PREFIX_DEFAULT issues.
221 Message-ID: <Pine.BSF.4.20.0104031557420.20876-100000@alive.znep.com>
223 * Combine log_child and piped_log_spawn. Clean up http_log.c.
226 * Document mod_file_cache.
228 * OS/2: Make mod_status work for spmt_os2 MPM.
230 * Platforms that do not support fork (primarily Win32 and AS/400)
231 Architect start-up code that avoids initializing all the modules
232 in the parent process on platforms that do not support fork.
234 * Win32: Migrate the MPM over to use APR thread/process calls. This
235 would eliminate some code in the Win32 branch that essentially
236 duplicates what is in APR.
238 * There are still a number of places in the code where we are
239 losing error status (i.e. throwing away the error returned by a
240 system call and replacing it with a generic error code)
242 * Mass vhosting version of suEXEC.
244 * All DBMs suffer from confusion in support/dbmmanage (perl script) since
245 the dbmmanage employs the first-matched dbm format. This is not
246 necessarily the library that Apache was built with. Aught to
247 rewrite dbmmanage upon installation to bin/ with the proper library
248 for predictable mod_auth_db/dbm administration.
249 Status: Mladen Turk has posted several patches and ideas.
250 Key question, part of htpasswd, or a seperate utility?
252 prefer seperate: OtherBill
254 * use apu_dbm in mod_auth_dbm
255 Status: Greg +1 (low-priority volunteer)
256 Justin says: "Seems like this is already there, so should we just
257 remove the other DBM code in that file? If you want
258 to use gdbm, or dbm, etc, you should tell apr-util."
259 Will says: "bs - I may choose the fastest - most efficient native
260 dbm implementation, for shared proc caches, ssl session
261 caching, etc, but that has nothing to do with maintaining
262 a userlist via dbm, which has to remain readable between
263 builds/machines, etc. The use-multiple database schema
264 for apr-util would let us do this with just apr, though."
267 Some additional items remaining:
268 - case_preserved_filename stuff
269 (use the new canonical name stuff?)
270 - find a new home for ap_text(_header)
271 - is it possible to remove the DAV: namespace stuff from util_xml?
273 * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
274 are a bit wonky. The function should probably be exposed as a utility
275 function (such as ap_translate_url2fs() or ap_validate_fs_url() or
276 something). Another approach would be a new hook phase after
277 "translate" which would allow the module to munge what the
278 translation has decided to do.
279 Status: Greg +1 (volunteers), Ryan +1
281 * Explore use of a post-config hook for the code in http_main.c which
282 calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
283 ap_sort_hooks() [to reduce the logic in main()]
285 * read the config tree just once, and process N times (as necessary)
287 * (possibly) use UUIDs in mod_unique_id and/or mod_usertrack
289 * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
290 into a VirtualHost container) to 2.0.
292 * shift stuff to mod_core.h
294 * callers of ap_run_create_request() should check the return value
295 for failure (Doug volunteers)
297 * Win32: Get Apache working on Windows 95/98. The following work
298 (at least) needs to be done:
299 - winnt MPM: Fix 95/98 code paths in the winnt MPM. There is some NT
300 specific code that is still not in NT only code paths
301 - IOL binds to APR sendfile, implemented with TransmitFile, which
302 is not available on 95/98.
303 - Document warning that OSR2 is required (for Crypt functions, in
304 rand.c, at least.) This could be resolved with an SSL library, or
305 randomization in APR itself.
306 - Bring the Win9xConHook.dll from 1.3 into 2.0 (no sense till it
307 actually works) and add in a splash of Win9x service code.
309 * In order to use a DSO version of mod_ssl we have to link with
310 -lssl and -lcrypto. A workaround is in place right now where the
311 entire EXTRA_LIBS macro is being appended to the objects list, but
312 this is a hack. We should either revamp the APACHE_CHECK_SSL_TOOLKIT
313 autoconf function or come up with some other autoconf checks to
314 search for libssl and libcrypto and properly add them to mod_ssl's
317 * Make the worker MPM the default MPM for threaded Unix boxes.
318 +1: Justin, Jeff, Ian
319 -0: Aaron (premature decision, needs more discussion)
320 -0: Cliff (I think the default config should be the safest possible)
322 PRs that have been suspended forever waiting for someone to
323 put them into 'the next release':
326 missing call to "setlocale();"
330 Additional status for XBitHack directive
334 Mod_proxy doesn't allow change of error pages
338 Modified PATH environemnt variable is not passed, instead
343 Proxy doesn't deliver documents if not connected
347 proxy converts ~name to %7Ename when name starts with a dot (.)
351 mod_access syntax allows hosts that should be restricted
354 * PR#557: mod_auth-any
355 ~UserHome directories are not honored in absolute pathname
360 Proxy FTP Authentication Fails
363 * PR#623: mod_include
364 A smarter "Last Modified" value for SSI documents (see PR number 600)
368 Request of "Options SymLinksIfGroupMatch"
372 Proxy doesn't do links right for OpenVMS files through ftp:
376 imap should read <MAP><AREA>*</MAP> too!
380 RLimitCPU and RLimitMEM don't apply to all children like they should
384 Uses cwd before filling it in, doesn't use syslog
388 it is useful to allow specifiction that root-owned symlinks
389 should always be followed
393 Controlling Access to Remote Proxies would be nice...
397 Adding authentication "on the fly" through the proxy module
400 * PR#1004: apache-api
401 request_config field in request_rec is moderately bogus
405 DoS attacks involving memory consumption
408 * PR#1050: mod_log-any
409 Logging of virtual server to error_log as well
413 ProxyRemote make a dead cycle.
416 * PR#1117: mod_auth-any
417 Using NIS passwd.byname dbm files with AuthDBMUserFile
421 suexec does not parse arguments to #exec cmd
424 * PR#1145: mod_include
425 Allow for Last-Modified: without resorting to XBitHack
428 * PR#1158: apache-api
429 improvements to child spawning API
433 ``nph-'' not honored (no buffering) for ProxyRemote mapping
437 Apache cannot handle continuation line in headers
441 setlogin() is not called, causing problems with e.g. identd
445 regerror() exists, use it
448 * PR#1233: apache-api
449 there is no way to keep per-connection per-module state
452 * PR#1263: mod_autoexec
453 Add frame-safe anchor attribute to mod_autoindex links
457 CGI scripts running as Apache user: security (suexec etc.)
461 Error messages could be easier to spot in cgi.log file for suexec.c
464 * PR#1287: mod_access
465 add allow,deny/deny,allow warning to mod_access
469 Need to know "hit-rate" on proxy cache
472 * PR#1358: mod_log-any
473 Selective url-encode of log fields (or maybe a pseudo
477 * PR#1383: mod_headers
478 I make mod_headers to modify request headers as well as
483 Proxy transfer logging
487 No HTTP_X_FORWARDED_FOR set...
491 ProxyRemote proxy requests fail authentication by firewall
494 * PR#1582: mod_rewrite
495 mod_rewrite forms REQUEST_URI different than mod_cgi does
498 * PR#1677: mod_headers
499 mod_headers should allow mod_log_config-style formats in
504 mod_proxy to support persistent conns?
507 * PR#1803: mod_include
508 patches to mod_include to allow for file tests
511 * PR#1809: mod_auth-any
512 Suggestion for improving authentication modules and core source
513 code, problem with 401 and ErrorDocument
517 listing of proxy cache content
521 Allow modules to set user:group for execution.
524 * PR#2024: apache-api
525 adding auth_why to conn_rec
528 * PR#2073: mod_log-any
529 pipelined connections are not logged correctly
532 * PR#2074: mod_rewrite
533 mod_rewrite doesn't pass Proxy Throughput on internal subrequests
537 HTTP Server Rebuild Line Needs Changing for the better
540 * PR#2138: mod_status
541 mod_status always displays 256 possible connection slots
544 * PR#2221: documentation
545 Make online documentation search link back to my installation
549 Can not POST to ErrorDocument - Apache/1.3b6
553 patterns in ProxyRemote
556 * PR#2343: mod_status
557 Status module averages are for entire uptime
561 suexec for general access of user content?
565 Proposal for TimeZone directive
569 /server-info doesn't check for the virtual host to list the info
573 problem specifying ndbm library for build ?with autoconfigure
577 A small addition to rotatelogs.c to improve program functionality.
581 AllowOverride FileInfo is too coarse
585 TimeOut applies to output of CGI scripts
588 * PR#2512: mod_access
589 <IfDenied> directive wanted
593 CGI's for general use still have to be run as another user
598 Cache file names in Proxy module
602 [PATCH] User/Group for <Directory> and <Location> i.e. not only
603 in global and <Virtual>.
607 mailto tags and bundling bug report script
611 Support for System Resource Controller
615 When will Apache support P3P? Any Plans?
619 Feedback/Comment on APACI
623 Inclusion of RPM spec file in CVS/distributions
627 Propose that Apache recommend $UNIQUE_ID for all "session id"
632 suggestion: power up your Include directive :)
636 cannot limit some HTTP methods
639 * PR#3143: apache-api
640 No module specific data hook for per-connection data
643 * PR#3191: mod_negotiation
644 no way to set global quality-of-source (qs) coneg values
649 Accessing URL through proxy server corrupts data.
653 Some anonymous FTP URLs ask for authentication
657 New ErrorDocumentMatch directive
661 Need to be able to override shebang line to make CGI scripts
666 "Files" and "FilesMatch" regexp does not recognize bang as
670 * PR#4448: mod_log-any
671 Please allow CGI env variables (QUERY_STRING, ...) to be logged
675 * PR#4459: mod_include
676 Suggestion for better handling of Last-modified headers
680 mod_cgi prevents handling of OPTIONS requests
683 * PR#5713: os-windows
684 [PATCH] install as win32 service with domain account
688 AllowOverride should have a 'CheckNone' and 'AllowNone' argument
689 instead of only 'None'
692 Other bugs that need fixing:
694 * MaxRequestsPerChild measures connections, not requests.
695 Until someone has a better way, we'll probably just rename it
696 "MaxConnectionsPerChild".
698 * Regex containers don't work in an intutive way
699 Status: No one has come up with an efficient way to fix this
700 behavior. Dean has suggested getting rid of regex containers
703 * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
704 sigwaiting thread. We need to work around this, perhaps unless
705 there is hope soon for a fixed glibc.
707 * orig_ct in the byterange/multipart handling may not be
708 needed. Apache 1.3 just never stashed "multipart" into
709 r->content_type. We should probably follow suit since the
710 byterange stuff doesn't want the rest of the code to see the
711 multipart content-type; the other code should still think it is
712 dealing with the <orig_ct> stuff.
713 Status: Greg volunteers to investigate (esp. since he was most
714 likely the one to break it :-)
716 Other features that need writing:
718 * Finish infrastructure in core for async MPMs
721 * TODO in source -- just do an egrep on "TODO" and see what's there
725 * Jon Travis's <jtravis@covalent.net> patch to deal with thread-safe
726 issues with inet_ntoa. See message <20001201163220.A12827@covalent.net>
727 Status: This is being set aside until the IPv6 work is finished
728 so that we know exactly what is required.
730 * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
731 htpasswd actions due to a full /tmp volume (other programs may have
736 * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
738 Status: These were written for 1.3, and are awaiting a port to
741 * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
742 other small mod_usertrack features
744 * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
745 of SSI's to be modified in the config file. Patch is available in
750 * Which MPMs will be included with Apache 2.0?