1 APACHE 2.0 STATUS: -*-text-*-
2 Last modified at [$Date: 2001/10/11 01:49:21 $]
6 2.0.25 : rolled August 29, 2001
7 2.0.24 : rolled August 18, 2001
8 2.0.23 : rolled August 9, 2001
9 2.0.22 : rolled July 29, 2001
10 2.0.21 : rolled July 20, 2001
11 2.0.20 : rolled July 8, 2001
12 2.0.19 : rolled June 27, 2001
13 2.0.18 : rolled May 18, 2001
14 2.0.17 : rolled April 17, 2001
15 2.0.16 : rolled April 4, 2001
16 2.0.15 : rolled March 21, 2001
17 2.0.14 : rolled March 7, 2001
18 2.0a9 : released December 12, 2000
19 2.0a8 : released November 20, 2000
20 2.0a7 : released October 8, 2000
21 2.0a6 : released August 18, 2000
22 2.0a5 : released August 4, 2000
23 2.0a4 : released June 7, 2000
24 2.0a3 : released April 28, 2000
25 2.0a2 : released March 31, 2000
26 2.0a1 : released March 10, 2000
28 Please consult the following STATUS files for information
32 * srclib/apr-util/STATUS
37 * If any request gets to the core handler, without a flag that this
38 r->filename was tested by dir/file_walk, we need to 500 at the very
39 end of the ap_process_request_internal() processing. This provides
40 authors of older modules better compatibility, while still improving
41 the security and robustness of 2.0.
42 Status: still need to decide where this goes, OtherBill comments...
43 Message-ID: <065701c14526$495203b0$96c0b0d0@roweclan.net>
44 we need to look at halting this in the 'default handler' case,
45 and that implies pushing the 'handler election' into the request
46 internal processing phase from the run request phase.
48 * There is a bug in how we sort some hooks, at least the pre-config
49 hook. The first time we call the hooks, they are in the correct
50 order, but the second time, we don't sort them correctly. Currently,
51 the modules/http/config.m4 file has been renamed to
52 modules/http/config2.m4 to work around this problem, it should moved
53 back when this is fixed. rbb
55 * The Add...Filter and Set...Filter directives do not allow the
56 administrator to order filters, beyond the order of filename (mime)
57 extensions. It isn't clear if Set...Filter(s) should be inserted
58 before or after the Add...Filter(s) which are ordered by sequence of
59 filename extensions. Add...FilterByType will add to this quandry.
60 Some sort of resolution needs to be proposed,
62 * mod_dir should normally redirect ALL directory requests which do
63 not include a trailing slash on the URI. However, if a "notes"
64 flag is set (say, via BrowserMatch), this behavior will be
65 disabled for non-GET requests.
66 Status: Greg volunteers
67 MsgId: <20010227104646.E2297@lyra.org>
68 MsgId: <3A9C0097.9C83F07C@Golux.Com>
70 * mod_negotiation needs a new option or directive, something like
71 ForceLanguagePriority, to fall back to the LanguagePriority
72 directive instead of returning a "no acceptable variant" error.
73 Status: Bill has some code in his tree that accomplishes
74 this, and will commit it Friday after it's tested.
76 * Usability: Sanitize the MPM config directives. MaxClients in
77 the threaded MPM is totally misleading now as it has little to
78 do with limiting the number of clients (it limits the number
79 of child processes). Bill proposed nomenclature change to
80 something like "StartWorkers, MaxWorkers, etc." that could
81 apply to most all the MPMs (with some notable exceptions).
82 Bill would be happy with changing MaxClients to MaxServers
83 to make it agree with the operation of the StartServers
86 * Fix the configure script to add a LoadModule directive to
87 the default httpd.conf for any module that was compiled
90 * revamp the input filter semantics, per discussions since
91 February (and especially at the hackathon last
92 April). Specifically, ap_get_brigade will return a brigade with
93 *up to* a specific number of bytes, or a "line" of data. The
94 read may be blocking or nonblocking. ap_getline() will be
95 refactored into apr_brigade_getline(), and then DECHUNK can use
96 f->next (ap_getline will always read "top of input stack"). Also
97 fix the bug where request body content will end up closing the
98 connection (buggering up persistent conns).
99 Status: Justin is working on this as fast as he can.
100 The core input filters, HTTP-related filters, and mod_ssl
101 are switched to the new logic. At this point, proxy may be
102 broken (Ian says it works, but dechunking is a bit shaky).
104 - socket bucket and core input filter changes. see end of
105 message ID (Feb 27): <20010227075326.S2297@lyra.org>
107 - fix up ap_get_brigade() semantics, fix bug in DECHUNK /
108 ap_getline. many messages (plus their threads) (Apr/May):
109 Message-ID: <20010402101207.J27539@lyra.org>
110 Message-ID: <3AF7F921.D2EEC41A@algroup.co.uk>
111 Message-ID: <20010508190029.E18404@lyra.org>
113 - further work with combining/tweaking the builtin filters:
114 Message-ID: <20010509115445.D1374@lyra.org>
116 - thoughts on filter modes:
117 Message-ID: <021b01c14dee$09782af0$93c0b0d0@roweclan.net>
119 * Fold mod_auth_db features back into mod_auth_dbm, and depricate it.
120 This can't wait until we have a 2.0-gold release, if folks need
121 to move over to auth_dbm, we can't do that to them after 2.0 gold.
123 RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
125 * Allow the DocumentRoot directive within <Location > scopes? This
126 allows the beloved (crusty) Alias /foo/ /somepath/foo/ followed
127 by a <Directory /somepath/foo> to become simply
128 <Location /foo/> DocumentRoot /somefile/foo (IMHO a bit more legible
129 and in-your-face.) DocumentRoot unset would be accepted [and would
130 not permit content to be served, only virtual resources such as
131 server-info or server-status.
132 This proposed change would _not_ depricate Alias.
134 * add mod_gz to httpd-2.0 (in modules/experimental/)
135 +1: Greg, Justin, ben, Ken, Jeff, Bill
136 0: Cliff (there's now another candidate to be evaluated)
137 0: Jim (premature decision at present, IMO)
140 non-binding: Ian (+1)
142 * daedalus: mod_cgid and suexec have a problem co-existing. suexec
143 sees a null command string sometimes. The problem happens when
144 you access bugs.apache.org, then click on the "search the bug db"
147 * Win32: Rotatelogs sometimes is not terminated when Apache
148 goes down hard. FirstBill was looking at possibly tracking the
149 child's-child processes in the parent process.
150 OtherBill asks, wasn't this fixed?
152 * Win32: Add a simple hold console open patch (wait for close or
153 the ESC key, with a nice message) if the server died a bad
154 death (non-zero exit code) in console mode.
155 Resolution: bring forward same ugly hacks from 1.3.13-.20
157 * Port of mod_ssl to Apache 2.0:
159 The current porting state is summarized in modules/ssl/README. The
160 remaining work includes:
161 (1) stablizing/optimizing the SSL filter logic
162 (2) Enabling the various SSL caching mechanisms (shmcb, shmht)
163 (3) Enabling SSL extentions
164 (4) Trying to seperate the https filter logic from mod_ssl -
165 This is to facilitate other modules that wish to use the https
166 filter or the mod_ssl logic or both as required.
168 * Performance: Get the SINGLE_LISTEN_UNSERIALIZED_ACCEPT
169 optimization working in threaded. prefork's new design for how
170 to notice data on the pod should be sufficient.
172 * Performance & Debug: Eliminate most (and perhaps all) of the
173 malloc/free calls in the bucket brigade code. Need some
174 light weight memory management functions that allow freeing
175 memory (putting it back into a memory pool) when it is no
176 longer needed. Enabling simple debugging features like guard
177 bands, double free detection, etc. would be cool but certainly
178 not a hard requirement.
180 Status: Cliff started to implement this using SMS as has
181 been discussed at length for months, but since
182 SMS is not being used anywhere else in the server,
183 several people expressed the opinion that we should
184 get rid of it entirely, meaning that the buckets
185 need their own memory management (free list) functions.
186 Cliff will implement that this weekend so we at least
187 have something to look at/compare with.
189 * Eliminate unnecessary creation of pipes in mod_cgid
191 * the autoconf setup should be fixed to default to using the
192 "Apache" layout from config.layout, and each variable settable
193 in a layout should be overridable on the command line. Plus,
194 what we do right now just doesn't seem to fully fit into how autoconf
195 works, eg. AC_PREFIX_DEFAULT issues.
196 Message-ID: <Pine.BSF.4.20.0104031557420.20876-100000@alive.znep.com>
198 * Combine log_child and piped_log_spawn. Clean up http_log.c.
201 * Document mod_file_cache.
203 * OS/2: Make mod_status work for spmt_os2 MPM.
205 * Platforms that do not support fork (primarily Win32 and AS/400)
206 Architect start-up code that avoids initializing all the modules
207 in the parent process on platforms that do not support fork.
209 * Win32: Migrate the MPM over to use APR thread/process calls. This
210 would eliminate some code in the Win32 branch that essentially
211 duplicates what is in APR.
213 * There are still a number of places in the code where we are
214 losing error status (i.e. throwing away the error returned by a
215 system call and replacing it with a generic error code)
217 * Mass vhosting version of suEXEC.
219 * All DBMs suffer from confusion in support/dbmmanage (perl script) since
220 the dbmmanage employs the first-matched dbm format. This is not
221 necessarily the library that Apache was built with. Aught to
222 rewrite dbmmanage upon installation to bin/ with the proper library
223 for predictable mod_auth_db/dbm administration.
224 Status: Mladen Turk has posted several patches and ideas.
225 Key question, part of htpasswd, or a seperate utility?
227 prefer seperate: OtherBill
230 * use apu_dbm in mod_auth_dbm
231 Status: Greg +1 (low-priority volunteer)
232 Justin says: "Seems like this is already there, so should we just
233 remove the other DBM code in that file? If you want
234 to use gdbm, or dbm, etc, you should tell apr-util."
235 Will says: "bs - I may choose the fastest - most efficient native
236 dbm implementation, for shared proc caches, ssl session
237 caching, etc, but that has nothing to do with maintaining
238 a userlist via dbm, which has to remain readable between
239 builds/machines, etc. The use-multiple database schema
240 for apr-util would let us do this with just apr, though."
243 Some additional items remaining:
244 - case_preserved_filename stuff
245 (use the new canonical name stuff?)
246 - find a new home for ap_text(_header)
247 - is it possible to remove the DAV: namespace stuff from util_xml?
249 * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
250 are a bit wonky. The function should probably be exposed as a utility
251 function (such as ap_translate_url2fs() or ap_validate_fs_url() or
252 something). Another approach would be a new hook phase after
253 "translate" which would allow the module to munge what the
254 translation has decided to do.
255 Status: Greg +1 (volunteers), Ryan +1
257 * Explore use of a post-config hook for the code in http_main.c which
258 calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
259 ap_sort_hooks() [to reduce the logic in main()]
261 * read the config tree just once, and process N times (as necessary)
263 * (possibly) use UUIDs in mod_unique_id and/or mod_usertrack
265 * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
266 into a VirtualHost container) to 2.0.
268 * shift stuff to mod_core.h
270 * APR-ize resolver stuff in mod_unique_id (Jeff volunteers)
272 * callers of ap_run_create_request() should check the return value
273 for failure (Doug volunteers)
275 * when prefork bails out due to an initialization error in the detached
276 process (e.g., mutex init failure), other children (cgid, at least)
277 are left hanging around
279 * Win32: Get Apache working on Windows 95/98. The following work
280 (at least) needs to be done:
281 - winnt MPM: Fix 95/98 code paths in the winnt MPM. There is some NT
282 specific code that is still not in NT only code paths
283 - IOL binds to APR sendfile, implemented with TransmitFile, which
284 is not available on 95/98.
285 - Document warning that OSR2 is required (for Crypt functions, in
286 rand.c, at least.) This could be resolved with an SSL library, or
287 randomization in APR itself.
288 - Bring the Win9xConHook.dll from 1.3 into 2.0 (no sense till it
289 actually works) and add in a splash of Win9x service code.
291 PRs that have been suspended forever waiting for someone to
292 put them into 'the next release':
295 missing call to "setlocale();"
299 Additional status for XBitHack directive
303 Mod_proxy doesn't allow change of error pages
307 Modified PATH environemnt variable is not passed, instead
312 Proxy doesn't deliver documents if not connected
316 proxy converts ~name to %7Ename when name starts with a dot (.)
320 mod_access syntax allows hosts that should be restricted
323 * PR#557: mod_auth-any
324 ~UserHome directories are not honored in absolute pathname
329 Proxy FTP Authentication Fails
332 * PR#623: mod_include
333 A smarter "Last Modified" value for SSI documents (see PR number 600)
337 Request of "Options SymLinksIfGroupMatch"
341 Proxy doesn't do links right for OpenVMS files through ftp:
345 imap should read <MAP><AREA>*</MAP> too!
349 RLimitCPU and RLimitMEM don't apply to all children like they should
353 Uses cwd before filling it in, doesn't use syslog
357 it is useful to allow specifiction that root-owned symlinks
358 should always be followed
362 Controlling Access to Remote Proxies would be nice...
366 Adding authentication "on the fly" through the proxy module
369 * PR#1004: apache-api
370 request_config field in request_rec is moderately bogus
374 DoS attacks involving memory consumption
377 * PR#1050: mod_log-any
378 Logging of virtual server to error_log as well
382 ProxyRemote make a dead cycle.
385 * PR#1117: mod_auth-any
386 Using NIS passwd.byname dbm files with AuthDBMUserFile
390 suexec does not parse arguments to #exec cmd
393 * PR#1145: mod_include
394 Allow for Last-Modified: without resorting to XBitHack
397 * PR#1158: apache-api
398 improvements to child spawning API
402 ``nph-'' not honored (no buffering) for ProxyRemote mapping
406 Apache cannot handle continuation line in headers
410 setlogin() is not called, causing problems with e.g. identd
414 regerror() exists, use it
417 * PR#1233: apache-api
418 there is no way to keep per-connection per-module state
421 * PR#1263: mod_autoexec
422 Add frame-safe anchor attribute to mod_autoindex links
426 CGI scripts running as Apache user: security (suexec etc.)
430 Error messages could be easier to spot in cgi.log file for suexec.c
433 * PR#1287: mod_access
434 add allow,deny/deny,allow warning to mod_access
438 Need to know "hit-rate" on proxy cache
441 * PR#1358: mod_log-any
442 Selective url-encode of log fields (or maybe a pseudo
446 * PR#1383: mod_headers
447 I make mod_headers to modify request headers as well as
452 Proxy transfer logging
456 No HTTP_X_FORWARDED_FOR set...
460 ProxyRemote proxy requests fail authentication by firewall
463 * PR#1582: mod_rewrite
464 mod_rewrite forms REQUEST_URI different than mod_cgi does
467 * PR#1677: mod_headers
468 mod_headers should allow mod_log_config-style formats in
473 mod_proxy to support persistent conns?
476 * PR#1803: mod_include
477 patches to mod_include to allow for file tests
480 * PR#1809: mod_auth-any
481 Suggestion for improving authentication modules and core source
482 code, problem with 401 and ErrorDocument
486 listing of proxy cache content
490 Allow modules to set user:group for execution.
493 * PR#2024: apache-api
494 adding auth_why to conn_rec
497 * PR#2073: mod_log-any
498 pipelined connections are not logged correctly
501 * PR#2074: mod_rewrite
502 mod_rewrite doesn't pass Proxy Throughput on internal subrequests
506 HTTP Server Rebuild Line Needs Changing for the better
509 * PR#2138: mod_status
510 mod_status always displays 256 possible connection slots
513 * PR#2221: documentation
514 Make online documentation search link back to my installation
518 Can not POST to ErrorDocument - Apache/1.3b6
522 patterns in ProxyRemote
525 * PR#2343: mod_status
526 Status module averages are for entire uptime
530 suexec for general access of user content?
534 Proposal for TimeZone directive
538 /server-info doesn't check for the virtual host to list the info
542 problem specifying ndbm library for build ?with autoconfigure
546 A small addition to rotatelogs.c to improve program functionality.
550 AllowOverride FileInfo is too coarse
554 TimeOut applies to output of CGI scripts
557 * PR#2512: mod_access
558 <IfDenied> directive wanted
562 CGI's for general use still have to be run as another user
567 Cache file names in Proxy module
571 [PATCH] User/Group for <Directory> and <Location> i.e. not only
572 in global and <Virtual>.
576 mailto tags and bundling bug report script
580 Support for System Resource Controller
584 When will Apache support P3P? Any Plans?
588 Feedback/Comment on APACI
592 Inclusion of RPM spec file in CVS/distributions
596 Propose that Apache recommend $UNIQUE_ID for all "session id"
601 suggestion: power up your Include directive :)
605 cannot limit some HTTP methods
608 * PR#3143: apache-api
609 No module specific data hook for per-connection data
612 * PR#3191: mod_negotiation
613 no way to set global quality-of-source (qs) coneg values
618 Accessing URL through proxy server corrupts data.
622 Some anonymous FTP URLs ask for authentication
626 New ErrorDocumentMatch directive
630 Need to be able to override shebang line to make CGI scripts
635 "Files" and "FilesMatch" regexp does not recognize bang as
639 * PR#4448: mod_log-any
640 Please allow CGI env variables (QUERY_STRING, ...) to be logged
644 * PR#4459: mod_include
645 Suggestion for better handling of Last-modified headers
649 mod_cgi prevents handling of OPTIONS requests
652 * PR#5713: os-windows
653 [PATCH] install as win32 service with domain account
657 AllowOverride should have a 'CheckNone' and 'AllowNone' argument
658 instead of only 'None'
661 Other bugs that need fixing:
663 * MaxRequestsPerChild measures connections, not requests.
664 Until someone has a better way, we'll probably just rename it
665 "MaxConnectionsPerChild".
667 * Regex containers don't work in an intutive way
668 Status: No one has come up with an efficient way to fix this
669 behavior. Dean has suggested getting rid of regex containers
672 * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
673 sigwaiting thread. We need to work around this, perhaps unless
674 there is hope soon for a fixed glibc.
676 * orig_ct in the byterange/multipart handling may not be
677 needed. Apache 1.3 just never stashed "multipart" into
678 r->content_type. We should probably follow suit since the
679 byterange stuff doesn't want the rest of the code to see the
680 multipart content-type; the other code should still think it is
681 dealing with the <orig_ct> stuff.
682 Status: Greg volunteers to investigate (esp. since he was most
683 likely the one to break it :-)
685 Other features that need writing:
687 * Finish infrastructure in core for async MPMs
690 * TODO in source -- just do an egrep on "TODO" and see what's there
694 * Jon Travis's <jtravis@covalent.net> patch to deal with thread-safe
695 issues with inet_ntoa. See message <20001201163220.A12827@covalent.net>
696 Status: This is being set aside until the IPv6 work is finished
697 so that we know exactly what is required.
699 * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
700 htpasswd actions due to a full /tmp volume (other programs may have
705 * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
707 Status: These were written for 1.3, and are awaiting a port to
710 * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
711 other small mod_usertrack features
713 * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
714 of SSI's to be modified in the config file. Patch is available in
719 * Which MPMs will be included with Apache 2.0?
projects / apache / blob