-*- coding: utf-8 -*- Changes with Apache 2.5.0 *) mod_cache: When serving from cache, only the last header of a multivalued header was taken into account. Fixed. [Graham Leggett] *) mod_cache: Ignore response headers specified by no-cache=header and private=header as specified by RFC2616 14.9.1 What is Cacheable. Ensure that these headers are still processed when multiple Cache-Control headers are present in the response. PR 54706 [Graham Leggett, Yann Ylavic ] *) mod_cache: Invalidate cached entities in response to RFC2616 Section 13.10 Invalidation After Updates or Deletions. PR 15868 [Graham Leggett] *) mod_dav: mod_dav overrides dav_fs response on PUT failure. PR 35981 [Basant Kumar Kukreja , Alejandro Alvarez ] *) mod_dav: Do not segfault on PROPFIND with a zero length DBM. PR 52559 [Diego Santa Cruz ] *) mod_dav: Do not fail PROPPATCH when prop namespace is not known. PR 52559 [Diego Santa Cruz ] *) mod_dav: When a PROPPATCH attempts to remove a non-existent dead property on a resource for which there is no dead property in the same namespace httpd segfaults. PR 52559 [Diego Santa Cruz ] *) mod_dav: PROPPATCH delete (svn propdel) silently discards errors. PR 53525 [Arwin Arni ] *) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611 [Timothy Wood ] *) mod_dav: Sending a If or If-Match header with an invalid ETag doesn't result in a 412 Precondition Failed. PR 54610 [Timothy Wood ] *) mod_dav: Make sure that when we prepare an If URL for Etag comparison, we compare unencoded paths. PR 53910 [Timothy Wood ] *) core, mod_ssl: Lift the restriction that prevents mod_ssl taking full advantage of the event MPM. Enable the ability for a module to reverse the sense of a poll event from a read to a write or vice versa. [Graham Leggett] *) htpasswd: Add -v option to verify a password. [Stefan Fritsch] *) htpasswd, htdbm: Fix password generation. PR 54735. [Stefan Fritsch] *) mod_dav: Improve error handling in dav_method_put(), add new dav_join_error() function. PR 54145. [Ben Reser ] *) mod_auth_digest: Fix crashes if shm initialization failed. [Stefan Fritsch] *) mod_ldap: LDAP connections used for authentication were not respecting LDAPConnectionPoolTimeout. PR 54587 *) core: ap_rgetline_core now pulls from r->proto_input_filters. *) mod_proxy_html: process parsed comments immediately. Fixes bug where parsed comments may be lost. [Nick Kew] *) mod_proxy_html: introduce doctype for HTML 5 [Nick Kew] *) mod_proxy_html: fix typo-bug processing "strict" vs "transitional" HTML/XHTML [Nick Kew] *) core: Add option to add valgrind support. Use it to reduce false positive warnings in mod_ssl. [Stefan Fritsch] *) mod_lua: Add bindings for apr_dbd/mod_dbd database access [Daniel Gruno] *) mod_authn_file, mod_authn_dbd, mod_authn_dbm, mod_authn_socache: Cache the result of the most recent password hash verification for every keep-alive connection. This saves some expensive calculations. [Stefan Fritsch] *) http: Remove support for Request-Range header sent by Navigator 2-3 and MSIE 3. [Stefan Fritsch] *) core, http: Extend HttpProtocol with an option to enforce stricter HTTP conformance or to only log the found problems. [Stefan Fritsch] *) core: Correctly parse an IPv6 literal host specification in an absolute URL in the request line. [Stefan Fritsch] *) mod_ssl: add support for subjectAltName-based host name checking in proxy mode. PR 54030. [Kaspar Brand] *) mpm_event: Check that AsyncRequestWorkerFactor is not negative. PR 54254. [Jackie Zhang ] *) mod_ssl: Add support for OpenSSL configuration commands [Stephen Henson] *) EventOpt MPM *) core: Add LogLevelOverride directive that allows to override the loglevel for clients from certain IPs. This also works for things like the SSL handshake where LogLevel ... is evaluated too late. [Stefan Fritsch] *) core: Add new directive Warning to issue warnings from a configuration file. Both Warning and Error now generate a timestamped log message. [Fabien Coelho] *) ap_expr: Add SERVER_PROTOCOL_VERSION, ..._MAJOR, and ..._MINOR variables. [Stefan Fritsch] *) core: New directive RegisterHttpMethod for registering non-standard HTTP methods. [Stefan Fritsch] *) core: New directive HttpProtocol which allows to disable HTTP/0.9 support. [Stefan Fritsch] *) mod_allowhandlers: New module to forbid specific handlers for specific directories. [Stefan Fritsch] *) configure: Fix processing of --disable-FEATURE for various features. [Jeff Trawick] *) mod_systemd: New module, for integration with systemd on Linux. [Jan Kaluza ] *) mod_cache_socache: New cache implementation backed by mod_socache that replaces mod_mem_cache removed from httpd v2.2. [Graham Leggett] *) core: Add dirwalk_stat and pre_htaccess hooks, allowing mpm-itk to be used without patches to httpd core. [Jeff Trawick] *) mod_lua: Add LuaInputFilter/LuaOutputFilter for creating content filters in Lua [Daniel Gruno] *) WinNT MPM: Store pid and generation for each thread in scoreboard to allow tracking of threads from exiting children via mod_status or other such mechanisms. [Jeff Trawick] *) mod_ssl: Catch missing or mismatched client cert/key pairs with SSLProxyMachineCertificateFile/Path directives. PR 52212. [Keith Burdis , Joe Orton] *) mod_lua: Allow scripts handled by the lua-script handler to return a status code to the client (such as a 302 or a 500) [Daniel Gruno] *) mod_lua: Decline handling 'lua-script' if the file doesn't exist, rather than throwing an internal server error. [Daniel Gruno] *) mod_lua: Add functions r:flush and r:sendfile as well as additional request information to the request_rec structure. [Daniel Gruno] *) mod_lua: Add a server scope for Lua states, which creates a pool of states with managable minimum and maximum size. [Daniel Gruno] *) core: Add post_perdir_config hook. [Steinar Gunderson ] *) mod_lua: Add new directive, LuaMapHandler, for dynamically mapping URIs to Lua scripts and functions using regular expressions. [Daniel Gruno] *) mod_lua: Add new directive LuaCodeCache for controlling in-memory caching of lua scripts. [Daniel Gruno] *) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR: - APIs: ap_log_pid(), ap_remove_pid, ap_read_pid() - core: the scoreboard (ScoreBoardFile), pid file (PidFile), and mutexes (Mutex) - mod_cache: thundering herd lock directory - mod_lbmethod_heartbeat, mod_heartmonitor: heartbeat storage file - mod_ldap: shared memory cache - mod_socache_shmcb, mod_socache_dbm: shared memory or dbm for cache [Jeff Trawick] *) suexec: Add --enable-suexec-capabilites support on Linux, to use setuid/setgid capability bits rather than a setuid root binary. [Joe Orton] *) suexec: Add support for logging to syslog as an alternative to logging to a file; configure --without-suexec-logfile --with-suexec-syslog. [Joe Orton] *) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210. [Matthew Steele ] *) cross-compile: allow to provide CC_FOR_BUILD so that gen_test_char will be compiled by the build compiler instead of the host compiler. Also set CC_FOR_BUILD to 'cc' when cross-compilation is detected. PR 51257. [Guenter Knauf] *) core: In maintainer mode, replace apr_palloc with a version that initializes the allocated memory with non-zero values, except if AP_DEBUG_NO_ALLOC_POISON is defined. [Stefan Fritsch] *) mod_policy: Add a new testing module to help server administrators enforce a configurable level of protocol compliance on their servers and application servers behind theirs. [Graham Leggett] *) mod_firehose: Add a new debugging module able to record traffic passing through the server in such a way that connections and/or requests be reconstructed and replayed. [Graham Leggett] *) mod_noloris *) APREQ *) Simple MPM *) mod_serf [Apache 2.5.0-dev includes those bug fixes and changes with the Apache 2.4.xx tree as documented below, except as noted.] Changes with Apache 2.4.x and later: *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup Changes with Apache 2.2.x and later: *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup Changes with Apache 2.0.x and later: *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup