1 APACHE 2.0 STATUS: -*-text-*-
2 Last modified at [$Date: 2001/09/17 11:22:52 $]
6 2.0.25 : rolled August 29, 2001
7 2.0.24 : rolled August 18, 2001
8 2.0.23 : rolled August 9, 2001
9 2.0.22 : rolled July 29, 2001
10 2.0.21 : rolled July 20, 2001
11 2.0.20 : rolled July 8, 2001
12 2.0.19 : rolled June 27, 2001
13 2.0.18 : rolled May 18, 2001
14 2.0.17 : rolled April 17, 2001
15 2.0.16 : rolled April 4, 2001
16 2.0.15 : rolled March 21, 2001
17 2.0.14 : rolled March 7, 2001
18 2.0a9 : released December 12, 2000
19 2.0a8 : released November 20, 2000
20 2.0a7 : released October 8, 2000
21 2.0a6 : released August 18, 2000
22 2.0a5 : released August 4, 2000
23 2.0a4 : released June 7, 2000
24 2.0a3 : released April 28, 2000
25 2.0a2 : released March 31, 2000
26 2.0a1 : released March 10, 2000
28 Please consult the following STATUS files for information
32 * srclib/apr-util/STATUS
37 * Revert to a 1.3 behavior and allow a non-file request to travel
38 through the request cycle. If any request gets to the core handler,
39 without a flag that this r->filename was tested by dir/file_walk,
40 then we 500 at the very end of the request cycle. This provides
41 authors of older modules better compatibility, while still improving
42 the security and robustness of 2.0. This does not remove the new
43 map_to_storage hook itself, but makes it optional for some cases.
45 * There is an observation that svn + ssl has a significant interaction
46 in dir_merge sections with the new location_walk optimization. This
47 could reflect a bug in retrieving the cached location_walk, or some
48 other nasty mis-config. Core dump post to httpd-dev;
49 Message-ID: <JLEGKKNELMHCJPNMOKHOIENKEIAA.striker@apache.org>
51 * There is an interesting problem with directory_walk, now that it is
52 optional (may be overridden by a map_to_storage hook.) The change
53 of per_dir_default for a vhost switch doesn't happen until dir_walk.
54 This switch needs to be pushed out of directory_walk, perhaps the
55 burden is put on the 'switcher' of the ->server entry, such as
56 mod_vhost_alias itself.
58 * There is a bug in how we sort some hooks, at least the pre-config
59 hook. The first time we call the hooks, they are in the correct
60 order, but the second time, we don't sort them correctly. Currently,
61 the modules/http/config.m4 file has been renamed to
62 modules/http/config2.m4 to work around this problem, it should moved
63 back when this is fixed. rbb
65 * The Add...Filter and Set...Filter directives do not allow the
66 administrator to order filters, beyond the order of filename (mime)
67 extensions. It isn't clear if Set...Filter(s) should be inserted
68 before or after the Add...Filter(s) which are ordered by sequence of
69 filename extensions. Add...FilterByType will add to this quandry.
70 Some sort of resolution needs to be proposed,
72 * mod_dir should normally redirect ALL directory requests which do
73 not include a trailing slash on the URI. However, if a "notes"
74 flag is set (say, via BrowserMatch), this behavior will be
75 disabled for non-GET requests.
76 Status: Greg volunteers
77 MsgId: <20010227104646.E2297@lyra.org>
78 MsgId: <3A9C0097.9C83F07C@Golux.Com>
80 * mod_negotiation will not serve a request when an early extention
81 is understood, but a later extention is not. e.g. if the request
82 index.html.bak is recieved, and negotition could find the file
83 index.html.bak.en, it still won't be served because the
84 ap-mime-exception-list will contain "index" and "bak", and the
85 string "index.bak" doesn't match "index.html.bak". Need to
86 review the ap-mime-exception-list component by component to be
87 allow these cases. [This could be part of a patch to allow the
88 name index.bak in the case above to match index.html.bak.en]
90 * mod_negotiation needs a new option or directive, something like
91 ForceLanguagePriority, to fall back to the LanguagePriority
92 directive instead of returning a "no acceptable variant" error.
94 * Usability: Sanitize the MPM config directives. MaxClients in
95 the threaded MPM is totally misleading now as it has little to
96 do with limiting the number of clients (it limits the number
97 of child processes). Bill proposed nomenclature change to
98 something like "StartWorkers, MaxWorkers, etc." that could
99 apply to most all the MPMs (with some notable exceptions).
100 Bill would be happy with changing MaxClients to MaxServers
101 to make it agree with the operation of the StartServers
104 * configure --enable-mods-shared=most option has issues. Example:
106 ./configure --enable-mods-shared=most
108 This builds mod_headers as a DSO (good) but builds mod_mime
109 as a compiled-in module (bad).
111 * revamp the input filter semantics, per discussions since
112 February (and especially at the hackathon last
113 April). Specifically, ap_get_brigade will return a brigade with
114 *up to* a specific number of bytes, or a "line" of data. The
115 read may be blocking or nonblocking. ap_getline() will be
116 refactored into apr_brigade_getline(), and then DECHUNK can use
117 f->next (ap_getline will always read "top of input stack"). Also
118 fix the bug where request body content will end up closing the
119 connection (buggering up persistent conns).
121 - socket bucket and core input filter changes. see end of
122 message ID (Feb 27): <20010227075326.S2297@lyra.org>
124 - fix up ap_get_brigade() semantics, fix bug in DECHUNK /
125 ap_getline. many messages (plus their threads) (Apr/May):
126 Message-ID: <20010402101207.J27539@lyra.org>
127 Message-ID: <3AF7F921.D2EEC41A@algroup.co.uk>
128 Message-ID: <20010508190029.E18404@lyra.org>
130 - further work with combining/tweaking the builtin filters:
131 Message-ID: <20010509115445.D1374@lyra.org>
134 RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
136 * Allow the DocumentRoot directive within <Location > scopes? This
137 allows the beloved (crusty) Alias /foo/ /somepath/foo/ followed
138 by a <Directory /somepath/foo> to become simply
139 <Location /foo/> DocumentRoot /somefile/foo (IMHO a bit more legible
140 and in-your-face.) This proposed change would not depricate Alias.
142 * add mod_gz to httpd-2.0 (in modules/experimental/)
143 +1: Greg, Justin, ben, Ken, Jeff
144 0: Cliff (there's now another candidate to be evaluated)
145 0: Jim (premature decision at present, IMO)
148 non-binding: Ian (+1)
150 * daedalus: mod_cgid and suexec have a problem co-existing. suexec
151 sees a null command string sometimes. The problem happens when
152 you access bugs.apache.org, then click on the "search the bug db"
155 * Win32: Rotatelogs sometimes is not terminated when Apache
156 goes down hard. FirstBill was looking at possibly tracking the
157 child's-child processes in the parent process.
159 * Win32: Add a simple hold console open patch (wait for close or
160 the ESC key, with a nice message) if the server died a bad
161 death (non-zero exit code) in console mode.
162 Resolution: bring forward same ugly hacks from 1.3.13-.20
164 * Port of mod_ssl to Apache 2.0:
166 The current porting state is summarized in modules/ssl/README. The
167 remaining work includes:
168 (1) stablizing/optimizing the SSL filter logic
169 (2) Enabling the various SSL caching mechanisms (shmcb, shmht)
170 (3) Enabling SSL extentions
171 (4) Trying to seperate the https filter logic from mod_ssl -
172 This is to facilitate other modules that wish to use the https
173 filter or the mod_ssl logic or both as required.
175 * Performance: Get the SINGLE_LISTEN_UNSERIALIZED_ACCEPT
176 optimization working in threaded. prefork's new design for how
177 to notice data on the pod should be sufficient.
179 * mod_tls is very specific to OpenSSL. Make the API calls
180 more generic to support other encryption libraries.
182 * Performance & Debug: Eliminate most (and perhaps all) of the
183 malloc/free calls in the bucket brigade code. Need some
184 light weight memory management functions that allow freeing
185 memory (putting it back into a memory pool) when it is no
186 longer needed. Enabling simple debugging features like guard
187 bands, double free detection, etc. would be cool but certainly
188 not a hard requirement.
190 Status: Cliff started to implement this using SMS as has
191 been discussed at length for months, but since
192 SMS is not being used anywhere else in the server,
193 several people expressed the opinion that we should
194 get rid of it entirely, meaning that the buckets
195 need their own memory management (free list) functions.
196 Cliff will implement that this weekend so we at least
197 have something to look at/compare with.
199 * Eliminate unnecessary creation of pipes in mod_cgid
201 * the autoconf setup should be fixed to default to using the
202 "Apache" layout from config.layout, and each variable settable
203 in a layout should be overridable on the command line. Plus,
204 what we do right now just doesn't seem to fully fit into how autoconf
205 works, eg. AC_PREFIX_DEFAULT issues.
206 Message-ID: <Pine.BSF.4.20.0104031557420.20876-100000@alive.znep.com>
208 * Combine log_child and piped_log_spawn. Clean up http_log.c.
211 * Document mod_file_cache.
213 * OS/2: Make mod_status work for spmt_os2 MPM.
215 * Platforms that do not support fork (primarily Win32 and AS/400)
216 Architect start-up code that avoids initializing all the modules
217 in the parent process on platforms that do not support fork.
219 * Win32: Migrate the MPM over to use APR thread/process calls. This
220 would eliminate some code in the Win32 branch that essentially
221 duplicates what is in APR.
223 * There are still a number of places in the code where we are
224 losing error status (i.e. throwing away the error returned by a
225 system call and replacing it with a generic error code)
227 * Mass vhosting version of suEXEC.
229 * All DBMs suffer from confusion in support/dbmmanage (perl script) since
230 the dbmmanage employs the first-matched dbm format. This is not
231 necessarily the library that Apache was built with. Aught to
232 rewrite dbmmanage upon installation to bin/ with the proper library
233 for predictable mod_auth_db/dbm administration.
235 * use apu_dbm in mod_auth_dbm
236 Status: Greg +1 (low-priority volunteer)
237 Justin says: "Seems like this is already there, so should we just
238 remove the other DBM code in that file? If you want
239 to use gdbm, or dbm, etc, you should tell apr-util."
240 Will says: "bs - I may choose the fastest - most efficient native
241 dbm implementation, for shared proc caches, ssl session
242 caching, etc, but that has nothing to do with maintaining
243 a userlist via dbm, which has to remain readable between
244 builds/machines, etc. The use-multiple database schema
245 for apr-util would let us do this with just apr, though."
247 * Fold mod_auth_db features back into mod_auth_dbm, and depricate it.
250 Some additional items remaining:
251 - case_preserved_filename stuff
252 (use the new canonical name stuff?)
253 - find a new home for ap_text(_header)
254 - is it possible to remove the DAV: namespace stuff from util_xml?
256 * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
257 are a bit wonky. The function should probably be exposed as a utility
258 function (such as ap_translate_url2fs() or ap_validate_fs_url() or
259 something). Another approach would be a new hook phase after
260 "translate" which would allow the module to munge what the
261 translation has decided to do.
262 Status: Greg +1 (volunteers), Ryan +1
264 * Explore use of a post-config hook for the code in http_main.c which
265 calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
266 ap_sort_hooks() [to reduce the logic in main()]
268 * read the config tree just once, and process N times (as necessary)
270 * (possibly) use UUIDs in mod_unique_id and/or mod_usertrack
272 * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
273 into a VirtualHost container) to 2.0.
275 * shift stuff to mod_core.h
277 * APR-ize resolver stuff in mod_unique_id (Jeff volunteers)
279 * callers of ap_run_create_request() should check the return value
280 for failure (Doug volunteers)
282 * when prefork bails out due to an initialization error in the detached
283 process (e.g., mutex init failure), other children (cgid, at least)
284 are left hanging around
286 * Win32: Get Apache working on Windows 95/98. The following work
287 (at least) needs to be done:
288 - winnt MPM: Fix 95/98 code paths in the winnt MPM. There is some NT
289 specific code that is still not in NT only code paths
290 - IOL binds to APR sendfile, implemented with TransmitFile, which
291 is not available on 95/98.
292 - Document warning that OSR2 is required (for Crypt functions, in
293 rand.c, at least.) This could be resolved with an SSL library, or
294 randomization in APR itself.
295 - Bring the Win9xConHook.dll from 1.3 into 2.0 (no sense till it
296 actually works) and add in a splash of Win9x service code.
298 PRs that have been suspended forever waiting for someone to
299 put them into 'the next release':
302 missing call to "setlocale();"
306 Additional status for XBitHack directive
310 Mod_proxy doesn't allow change of error pages
314 Modified PATH environemnt variable is not passed, instead
319 Proxy doesn't deliver documents if not connected
323 proxy converts ~name to %7Ename when name starts with a dot (.)
327 mod_access syntax allows hosts that should be restricted
330 * PR#557: mod_auth-any
331 ~UserHome directories are not honored in absolute pathname
336 Proxy FTP Authentication Fails
339 * PR#623: mod_include
340 A smarter "Last Modified" value for SSI documents (see PR number 600)
344 Request of "Options SymLinksIfGroupMatch"
348 Proxy doesn't do links right for OpenVMS files through ftp:
352 imap should read <MAP><AREA>*</MAP> too!
356 RLimitCPU and RLimitMEM don't apply to all children like they should
360 Uses cwd before filling it in, doesn't use syslog
364 it is useful to allow specifiction that root-owned symlinks
365 should always be followed
369 Controlling Access to Remote Proxies would be nice...
373 Adding authentication "on the fly" through the proxy module
376 * PR#1004: apache-api
377 request_config field in request_rec is moderately bogus
381 DoS attacks involving memory consumption
384 * PR#1050: mod_log-any
385 Logging of virtual server to error_log as well
389 ProxyRemote make a dead cycle.
392 * PR#1117: mod_auth-any
393 Using NIS passwd.byname dbm files with AuthDBMUserFile
397 suexec does not parse arguments to #exec cmd
400 * PR#1145: mod_include
401 Allow for Last-Modified: without resorting to XBitHack
404 * PR#1158: apache-api
405 improvements to child spawning API
409 ``nph-'' not honored (no buffering) for ProxyRemote mapping
413 Apache cannot handle continuation line in headers
417 setlogin() is not called, causing problems with e.g. identd
421 regerror() exists, use it
424 * PR#1233: apache-api
425 there is no way to keep per-connection per-module state
428 * PR#1263: mod_autoexec
429 Add frame-safe anchor attribute to mod_autoindex links
433 CGI scripts running as Apache user: security (suexec etc.)
437 Error messages could be easier to spot in cgi.log file for suexec.c
440 * PR#1287: mod_access
441 add allow,deny/deny,allow warning to mod_access
445 Need to know "hit-rate" on proxy cache
448 * PR#1358: mod_log-any
449 Selective url-encode of log fields (or maybe a pseudo
453 * PR#1383: mod_headers
454 I make mod_headers to modify request headers as well as
459 Proxy transfer logging
463 No HTTP_X_FORWARDED_FOR set...
467 ProxyRemote proxy requests fail authentication by firewall
470 * PR#1582: mod_rewrite
471 mod_rewrite forms REQUEST_URI different than mod_cgi does
474 * PR#1677: mod_headers
475 mod_headers should allow mod_log_config-style formats in
480 mod_proxy to support persistent conns?
483 * PR#1803: mod_include
484 patches to mod_include to allow for file tests
487 * PR#1809: mod_auth-any
488 Suggestion for improving authentication modules and core source
489 code, problem with 401 and ErrorDocument
493 listing of proxy cache content
497 Allow modules to set user:group for execution.
500 * PR#2024: apache-api
501 adding auth_why to conn_rec
504 * PR#2073: mod_log-any
505 pipelined connections are not logged correctly
508 * PR#2074: mod_rewrite
509 mod_rewrite doesn't pass Proxy Throughput on internal subrequests
513 HTTP Server Rebuild Line Needs Changing for the better
516 * PR#2138: mod_status
517 mod_status always displays 256 possible connection slots
520 * PR#2221: documentation
521 Make online documentation search link back to my installation
525 Can not POST to ErrorDocument - Apache/1.3b6
529 patterns in ProxyRemote
532 * PR#2343: mod_status
533 Status module averages are for entire uptime
537 suexec for general access of user content?
541 Proposal for TimeZone directive
545 /server-info doesn't check for the virtual host to list the info
549 problem specifying ndbm library for build ?with autoconfigure
553 A small addition to rotatelogs.c to improve program functionality.
557 AllowOverride FileInfo is too coarse
561 TimeOut applies to output of CGI scripts
564 * PR#2512: mod_access
565 <IfDenied> directive wanted
569 CGI's for general use still have to be run as another user
574 Cache file names in Proxy module
578 [PATCH] User/Group for <Directory> and <Location> i.e. not only
579 in global and <Virtual>.
583 mailto tags and bundling bug report script
587 Support for System Resource Controller
591 When will Apache support P3P? Any Plans?
595 Feedback/Comment on APACI
599 Inclusion of RPM spec file in CVS/distributions
603 Propose that Apache recommend $UNIQUE_ID for all "session id"
608 suggestion: power up your Include directive :)
612 cannot limit some HTTP methods
615 * PR#3143: apache-api
616 No module specific data hook for per-connection data
619 * PR#3191: mod_negotiation
620 no way to set global quality-of-source (qs) coneg values
625 Accessing URL through proxy server corrupts data.
629 Some anonymous FTP URLs ask for authentication
633 New ErrorDocumentMatch directive
637 Need to be able to override shebang line to make CGI scripts
642 "Files" and "FilesMatch" regexp does not recognize bang as
646 * PR#4448: mod_log-any
647 Please allow CGI env variables (QUERY_STRING, ...) to be logged
651 * PR#4459: mod_include
652 Suggestion for better handling of Last-modified headers
656 mod_cgi prevents handling of OPTIONS requests
659 * PR#5713: os-windows
660 [PATCH] install as win32 service with domain account
664 AllowOverride should have a 'CheckNone' and 'AllowNone' argument
665 instead of only 'None'
668 Other bugs that need fixing:
670 * MaxRequestsPerChild measures connections, not requests.
671 Until someone has a better way, we'll probably just rename it
672 "MaxConnectionsPerChild".
674 * Regex containers don't work in an intutive way
675 Status: No one has come up with an efficient way to fix this
676 behavior. Dean has suggested getting rid of regex containers
679 * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
680 sigwaiting thread. We need to work around this, perhaps unless
681 there is hope soon for a fixed glibc.
683 * orig_ct in the byterange/multipart handling may not be
684 needed. Apache 1.3 just never stashed "multipart" into
685 r->content_type. We should probably follow suit since the
686 byterange stuff doesn't want the rest of the code to see the
687 multipart content-type; the other code should still think it is
688 dealing with the <orig_ct> stuff.
689 Status: Greg volunteers to investigate (esp. since he was most
690 likely the one to break it :-)
692 Other features that need writing:
694 * Finish infrastructure in core for async MPMs
697 * TODO in source -- just do an egrep on "TODO" and see what's there
701 * Jon Travis's <jtravis@covalent.net> patch to deal with thread-safe
702 issues with inet_ntoa. See message <20001201163220.A12827@covalent.net>
703 Status: This is being set aside until the IPv6 work is finished
704 so that we know exactly what is required.
706 * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
707 htpasswd actions due to a full /tmp volume (other programs may have
712 * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
714 Status: These were written for 1.3, and are awaiting a port to
717 * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
718 other small mod_usertrack features
720 * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
721 of SSI's to be modified in the config file. Patch is available in
726 * What do we do about mod_proxy?
728 * Which MPMs will be included with Apache 2.0?