-*- coding: utf-8 -*- Changes with Apache 2.5.0 *) Be more correct about rejecting directives that cannot work in sections. [Stefan Fritsch] *) core: Fix directives like LogLevel that need to know if they are invoked at virtual host context or in Directory/Files/Location/If sections to work properly in If sections that are not in a Directory/Files/Location. [Stefan Fritsch] *) mod_cache_disk: Resolve errors while revalidating disk-cached files on Windows ("...rename tempfile to datafile failed..."). PR 38827 [Eric Covener] *) mod_proxy: Add ability to configure the sticky session separator. PR 53893. [, Jim Jagielski] *) mod_proxy_ftp: Fix segfaults on IPv4 requests to hosts with DNS AAAA records. PR 40841. [Andrew Rucker Jones , , Jim Jagielski] *) ap_expr: Add req_novary function that allows HTTP header lookups without adding the name to the Vary header. [Stefan Fritsch] *) mod_ssl: Change default for SSLCompression to off, as compression causes security issues in most setups. (The so called "CRIME" attack). [Stefan Fritsch] *) syslog logging: Remove stray ", referer" at the end of some messages. [Jeff Trawick] *) configure: Fix processing of --disable-FEATURE for various features. [Jeff Trawick] *) "Iterate" directives: Report an error if no arguments are provided. [Jeff Trawick] *) htpasswd, htdbm: Optionally read passwords from stdin, as more secure alternative to -b. PR 40243. [Adomas Paltanavicius , Stefan Fritsch] *) htpasswd, htdbm: Add support for bcrypt algorithm (requires apr-util 1.5 or higher). PR 49288. [Stefan Fritsch] *) htpasswd, htdbm: Put full 48bit of entropy into salt, improve error handling. Add some of htpasswd's improvements to htdbm, e.g. warn if password is truncated by crypt(). [Stefan Fritsch] *) ab: add TLS1.1/TLS1.2 options to -f switch, and adapt output to more accurately report the negotiated protocol. PR 53916. [Nicolás Pernas Maradei , Kaspar Brand] *) mod_systemd: New module, for integration with systemd on Linux. [Jan Kaluza ] *) core: ErrorDocument now works for requests without a Host header. PR 48357. [Jeff Trawick] *) --with-module: Fix failure to integrate them into some existing module directories. PR 40097. [Jeff Trawick] *) mod_headers: New params: %l for load averages, %i for an idle percentage rating of httpd, and %b for a busy percentage rating. [Jim Jagielski] *) core: New functions to obtain load parameters: ap_get_sload() and ap_get_loadavg(). [Jim Jagielski] *) mod_cache_socache: New cache implementation backed by mod_socache that replaces mod_mem_cache removed from httpd v2.2. [Graham Leggett] *) mod_auth_form: Support the expr parser in the AuthFormLoginRequiredLocation, AuthFormLoginSuccessLocation and AuthFormLogoutLocation directives. [Graham Leggett] *) core: Add dirwalk_stat and pre_htaccess hooks, allowing mpm-itk to be used without patches to httpd core. [Jeff Trawick] *) mod_proxy: Allow for persistence of local changes (via the balancer-manager) between graceful and normal restarts. [Jim Jagielski] *) mod_slotmem: New provider function, fgrab(), which forces an allocation of a slot. [Jim Jagielski] *) mod_proxy_balancer: The nonce is only derived from the UUID iff not set via the 'nonce' balancer param. [Jim Jagielski] *) mod_lua: Add LuaInputFilter/LuaOutputFilter for creating content filters in Lua [Daniel Gruno] *) core: Apply length limit when logging Status header values. [Jeff Trawick, Chris Darroch] *) mod_ssl: Match wildcard SSL certificate names in proxy mode. PR 53006. [Joe Orton] *) WinNT MPM: Store pid and generation for each thread in scoreboard to allow tracking of threads from exiting children via mod_status or other such mechanisms. [Jeff Trawick] *) mod_ssl: Catch missing or mismatched client cert/key pairs with SSLProxyMachineCertificateFile/Path directives. PR 52212. [Keith Burdis , Joe Orton] *) mod_lua: Allow scripts handled by the lua-script handler to return a status code to the client (such as a 302 or a 500) [Daniel Gruno] *) mod_proxy_ajp: Fix crash in packet dump code when logging with LogLevel trace7 or trace8. PR 53730. [Rainer Jung] *) mod_cache: Wrong content type and character set when mod_cache serves stale content because of a proxy error. PR 53539. [Rainer Jung, Ruediger Pluem] *) mod_lua: Decline handling 'lua-script' if the file doesn't exist, rather than throwing an internal server error. [Daniel Gruno] *) mod_lua: Add functions r:flush and r:sendfile as well as additional request information to the request_rec structure. [Daniel Gruno] *) mod_lua: Add a server scope for Lua states, which creates a pool of states with managable minimum and maximum size. [Daniel Gruno] *) core: Add post_perdir_config hook. [Steinar Gunderson ] *) mod_lua: Add new directive, LuaMapHandler, for dynamically mapping URIs to Lua scripts and functions using regular expressions. [Daniel Gruno] *) mod_lua: Add new directive LuaCodeCache for controlling in-memory caching of lua scripts. [Daniel Gruno] *) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR: - APIs: ap_log_pid(), ap_remove_pid, ap_read_pid() - core: the scoreboard (ScoreBoardFile), pid file (PidFile), and mutexes (Mutex) - mod_lbmethod_heartbeat, mod_heartmonitor: heartbeat storage file - mod_ldap: shared memory cache - mod_socache_shmcb, mod_socache_dbm: shared memory or dbm for cache [Jeff Trawick] *) mod_ssl: Add RFC 5878 support. [Ben Laurie] *) mod_ssl: Add support for TLS-SRP (Secure Remote Password key exchange for TLS, RFC 5054). PR 51075. [Quinn Slack , Christophe Renou, Peter Sylvester] *) core: Make ap_regcomp() return AP_REG_ESPACE if out of memory. Make ap_pregcomp() abort if out of memory. This raises the minimum PCRE requirement to version 6.0. PR 53284. [Stefan Fritsch] *) suexec: Add --enable-suexec-capabilites support on Linux, to use setuid/setgid capability bits rather than a setuid root binary. [Joe Orton] *) suexec: Add support for logging to syslog as an alternative to logging to a file; configure --without-suexec-logfile --with-suexec-syslog. [Joe Orton] *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210. [Matthew Steele ] *) various modules, rotatelogs: Replace use of apr_file_write() with apr_file_write_full() to prevent incomplete writes. PR 53131. [Nicolas Viennot , Stefan Fritsch] *) cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will be compiled by the build compiler instead of the host compiler. Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected. PR 51257. [Guenter Knauf] *) core: In maintainer mode, replace apr_palloc with a version that initializes the allocated memory with non-zero values, except if AP_DEBUG_NO_ALLOC_POISON is defined. [Stefan Fritsch] *) mod_policy: Add a new testing module to help server administrators enforce a configurable level of protocol compliance on their servers and application servers behind theirs. [Graham Leggett] *) mod_firehose: Add a new debugging module able to record traffic passing through the server in such a way that connections and/or requests be reconstructed and replayed. [Graham Leggett] *) mod_noloris *) APREQ *) Simple MPM *) mod_serf [Apache 2.5.0-dev includes those bug fixes and changes with the Apache 2.4.xx tree as documented below, except as noted.] Changes with Apache 2.4.x and later: *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup Changes with Apache 2.2.x and later: *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup Changes with Apache 2.0.x and later: *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup