+ *) mod_md: Explicitly setting file permissions to break out of umasks. We want our
+ non-privilegded apache user to be able to read them. See github issue
+ <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]
+
+ *) Merge consecutive slashes in URL's. Opt-out with `MergeSlashes OFF`.
+ [Eric Covener]
+
+ *) mod_proxy/ssl: Cleanup per-request SSL configuration anytime a backend
+ connection is recycled/reused to avoid a possible crash with some SSLProxy
+ configurations in <Location> or <Proxy> context. PR 63256. [Yann Ylavic]
+
+ *) mod_mime: Add `MimeOptions` directive to allow Content-Type or all metadata
+ detection to use only the last (right-most) file extension or to be
+ disabled per-dir. [Eric Covener]
+
+ *) MPMs unix: bind the bucket number of each child to its slot number, for a
+ more efficient per bucket maintenance. [Yann Ylavic]
+
+ *) http: Fix possible empty response with mod_ratelimit for HEAD requests.
+ PR 63192. [Yann Ylavic]
+
+ *) mod_cache_socache: Avoid reallocations and be safe with outgoing data
+ lifetime. [Yann Ylavic]
+
+ *) mod_reqtimeout: Allow to configure (TLS-)handshake timeouts.
+ PR 61310. [Yann Ylavic]
+
+ *) mod_auth_digest: Fix a race condition. Authentication with valid credentials could be
+ refused in case of concurrent accesses from different users.
+ PR 63124 [Simon Kappel <simon.kappel axis.com>]
+
+ *) mod_ssl: Don't unset FIPS mode on restart unless it's forced by
+ configuration (SSLFIPS on) and not active by default in OpenSSL.
+ PR 63136. [Yann Ylavic]
+
+ *) mod_ssl: give mod_md the chance to override certificate after ALPN protocol
+ negotiation. [Stefan Eissing]
+
+ *) mod_proxy_wstunnel: Fix websocket proxy over UDS.
+ PR 62932 <pavel dcmsys.com>
+
+ *) mod_negociation: LanguagePriority should be case-insensitive in order to
+ match AddLanguage behavior. PR 39730 [Christophe Jaillet]
+
+ *) mod_session: Always decode session attributes early. [Hank Ibell]
+
+ *) core: Incorrect values for environment variables are substituted when
+ multiple environment variables are specified in a directive. [Hank Ibell]
+
+ *) core: Split out the ability to parse wildcard files and directories
+ from the Include/IncludeOptional directives into a generic set of
+ functions ap_dir_nofnmatch() and ap_dir_fnmatch(). [Graham Leggett]
+
+ *) mod_dav: Fix an unlikely time-window where some incorrect data could be returned
+ from a PROPFIND request [Ruediger Pluem]
+
+ *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly
+ on HTTP/2 connections. Fixes PR 62654. [Stefan Eissing]
+
+ *) mod_ssl: clear *SSL errors before loading certificates and checking
+ afterwards. Otherwise errors are reported when other SSL using modules
+ are in play. Fixes PR 62880. [Michael Kaufmann]
+
+ *) mod_ssl: Correctly merge configurations that have client certificates set
+ by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
+
+ *) core: Ensure that aborted connections are logged as such. PR 62823
+ [Arnaud Grandville <contact@grandville.net>]
+
+ *) mpm_event: Stop issuing AH00484 "server reached MaxRequestWorkers..." when
+ there are still idle threads available. When there are less idle threads than
+ MinSpareThreads, issue new one-time message AH10159. Matches worker MPM.
+ [Eric Covener]
+
+ *) mod_proxy_scgi, mod_proxy_uwsgi: improve error handling when sending the
+ body of the response. [Jim Jagielski]
+
+ *) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
+ [Emmanuel Dreyfus <manu@netbsd.org>, Luca Toscano]
+
+ *) mod_dav_fs: Set a default DAVLockDB within the state directory.
+ [Joe Orton]
+
+ *) core: Add DefaultStateDir and layout-specific state directory
+ created at "make install". [Joe Orton]
+
+ *) mod_ssl: Fix a regression that the configuration settings for verify mode
+ and verify depth were taken from the frontend connection in case of
+ connections by the proxy to the backend. PR 62769. [Ruediger Pluem]
+
+ *) ab: Add client certificate support. [Graham Leggett]
+
+ *) mod_proxy_hcheck: Fix issues with TCP health checks. PR 61499
+ [Dominik Stillhard <dominik.stillhard united-security-providers.ch>]
+
+ *) MPMs: Initialize all runtime/asynchronous objects on a dedicated pool and
+ before signals handling to avoid lifetime issues on restart or shutdown.
+ PR 62658. [Yann Ylavic]
+
+ *) core: Add StrictHostCheck to allow ucnonfigured hostnames to be
+ rejected. [Eric Covener]
+
+ *) mod_status: Cumulate CPU time of exited child processes in the
+ "cu" and "cs" values. Add CPU time of the parent process to the
+ "c" and "s" values.
+ [Rainer Jung]
+
+ *) mod_status: Add cumulated response duration time in milliseconds.
+ [Rainer Jung]
+
+ *) mod_status: Complete the data shown for async MPMs in "auto" mode.
+ Added number of processes, number of stopping processes and number
+ of busy and idle workers. [Rainer Jung]
+
+ *) mod_proxy: Improve the balancer member data shown in mod_status when
+ "ProxyStatus" is "On": add "busy" count and show byte counts in auto
+ mode always in units of kilobytes. [Rainer Jung]
+
+ *) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
+ redirects, subsequent ProxyPassReverse statements, whether they are
+ relative or absolute, may fail. PR 60408. [Peter Haworth <pmh1wheel gmail.com>]
+
+ *) mod_ratelimit: Don't interfere with "chunked" encoding, fixing regression
+ introduced in 2.4.34. PR 62568. [Yann Ylavic]
+
+ *) mod_proxy_http: forward 100-continue, and minimize race conditions when
+ reusing backend connections. PR 60330. [Yann Ylavic, Jean-Frederic Clere]
+
+ *) mod_proxy: Remove load order and link dependency between mod_lbmethod_*
+ modules and mod_proxy. PR 62557. [Ruediger Pluem, William Rowe]
+
+ *) mod_md: more robust handling of http-01 challenges and hands-off when module
+ should not be involved, e.g. challenge setup by another ACME client. [Stefan Eissing]
+
+ *) ru, zh-cn and zh-tw translations of errordocs have been added.
+ Contributed by Alexander Gaganashvili and CodeingBoy
+
+ *) mod_userdir: If several directories are given in a UserDir directive, only files
+ in the first existing one are checked. If the file is not found there, the
+ other possible directories are not checked. The doc clearly states that they
+ will be checked one by one, until a match is found or an external redirect is
+ performed. PR 59636.
+ [Christophe Jaillet]
+
+ *) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
+ this type of map is present in the configuration. PR62311.
+ [Hank Ibell <hwibell gmail.com>]
+
+ *) mod_ldap: Abort on LDAP locking errors. [Eric Covener]
+
+ *) mod_ssl: Support loading certificates and private keys from the
+ PKCS#11 OpenSSL engine. [Anderson Sasaki <ansasaki redhat.com>,
+ Joe Orton]
+
+ *) http: LimitRequestBody applies to proxied requests. [Yann Ylavic]