-*- coding: utf-8 -*-
Changes with Apache 2.5.1
- *) mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.
- PR 62220. [Chritophe Jaillet, Yann Ylavic]
+ *) mod_reqtimeout: Allow to configure (TLS-)handshake timeouts.
+ PR 61310. [Yann Ylavic]
+ *) mod_auth_digest: Fix a race condition. Authentication with valid credentials could be
+ refused in case of concurrent accesses from different users.
+ PR 63124 [Simon Kappel <simon.kappel axis.com>]
+
+ *) mod_ssl: Don't unset FIPS mode on restart unless it's forced by
+ configuration (SSLFIPS on) and not active by default in OpenSSL.
+ PR 63136. [Yann Ylavic]
+
+ *) mod_http2: Configuration directoves H2Push and H2Upgrade can now be specified per
+ Location/Directory, e.g. disabling PUSH for a specific set of resources. [Stefan Eissing]
+
+ *) mod_http2: HEAD requests to some module such as mod_cgid caused the stream to
+ terminate improperly and cause a HTTP/2 PROTOCOL_ERROR.
+ Fixes <https://github.com/icing/mod_h2/issues/167>. [Michael Kaufmann]
+
+ *) mod_ssl: give mod_md the chance to override certificate after ALPN protocol
+ negotiation. [Stefan Eissing]
+
+ *) mod_http2: enable re-use of slave connections again. Fixed slave connection
+ keepalives counter. [Stefan Eissing]
+
+ *) mod_proxy_wstunnel: Fix websocket proxy over UDS.
+ PR 62932 <pavel dcmsys.com>
+
+ *) mod_negociation: LanguagePriority should be case-insensitive in order to
+ match AddLanguage behavior. PR 39730 [Christophe Jaillet]
+
+ *) mod_session: Always decode session attributes early. [Hank Ibell]
+
+ *) core: Incorrect values for environment variables are substituted when
+ multiple environment variables are specified in a directive. [Hank Ibell]
+
+ *) core: Split out the ability to parse wildcard files and directories
+ from the Include/IncludeOptional directives into a generic set of
+ functions ap_dir_nofnmatch() and ap_dir_fnmatch(). [Graham Leggett]
+
+ *) mod_dav: Fix an unlikely time-window where some incorrect data could be returned
+ from a PROPFIND request [Ruediger Pluem]
+
+ *) mod_ssl: Fix mod_authz provider for "require ssl" directive to check correctly
+ on HTTP/2 connections. Fixes PR 62654. [Stefan Eissing]
+
+ *) mod_ssl: clear *SSL errors before loading certificates and checking
+ afterwards. Otherwise errors are reported when other SSL using modules
+ are in play. Fixes PR 62880. [Michael Kaufmann]
+
+ *) mod_ssl: Correctly merge configurations that have client certificates set
+ by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
+
+ *) core: Ensure that aborted connections are logged as such. PR 62823
+ [Arnaud Grandville <contact@grandville.net>]
+
+ *) mpm_event: Stop issuing AH00484 "server reached MaxRequestWorkers..." when
+ there are still idle threads available. When there are less idle threads than
+ MinSpareThreads, issue new one-time message AH10159. Matches worker MPM.
+ [Eric Covener]
+
+ *) mod_http2: adding defensive code for stream EOS handling, in case the request handler
+ missed to signal it the normal way (eos buckets). Addresses github issues
+ https://github.com/icing/mod_h2/issues/164, https://github.com/icing/mod_h2/issues/167
+ and https://github.com/icing/mod_h2/issues/170. [Stefan Eissing]
+
+ *) mod_proxy_scgi, mod_proxy_uwsgi: improve error handling when sending the
+ body of the response. [Jim Jagielski]
+
+ *) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
+ [Emmanuel Dreyfus <manu@netbsd.org>, Luca Toscano]
+
+ *) mod_dav_fs: Set a default DAVLockDB within the state directory.
+ [Joe Orton]
+
+ *) core: Add DefaultStateDir and layout-specific state directory
+ created at "make install". [Joe Orton]
+
+ *) mod_ssl: Fix a regression that the configuration settings for verify mode
+ and verify depth were taken from the frontend connection in case of
+ connections by the proxy to the backend. PR 62769. [Ruediger Pluem]
+
+ *) ab: Add client certificate support. [Graham Leggett]
+
+ *) mod_proxy_hcheck: Fix issues with TCP health checks. PR 61499
+ [Dominik Stillhard <dominik.stillhard united-security-providers.ch>]
+
+ *) mod_http2: connection IO event handling reworked. Instead of reacting on
+ incoming bytes, the state machine now acts on incoming frames that are
+ affecting it. This reduces state transitions. [Stefan Eissing]
+
+ *) MPMs: Initialize all runtime/asynchronous objects on a dedicated pool and
+ before signals handling to avoid lifetime issues on restart or shutdown.
+ PR 62658. [Yann Ylavic]
+
+ *) core: Add StrictHostCheck to allow ucnonfigured hostnames to be
+ rejected. [Eric Covener]
+
+ *) mod_status: Cumulate CPU time of exited child processes in the
+ "cu" and "cs" values. Add CPU time of the parent process to the
+ "c" and "s" values.
+ [Rainer Jung]
+
+ *) mod_status: Add cumulated response duration time in milliseconds.
+ [Rainer Jung]
+
+ *) mod_status: Complete the data shown for async MPMs in "auto" mode.
+ Added number of processes, number of stopping processes and number
+ of busy and idle workers. [Rainer Jung]
+
+ *) mod_proxy: Improve the balancer member data shown in mod_status when
+ "ProxyStatus" is "On": add "busy" count and show byte counts in auto
+ mode always in units of kilobytes. [Rainer Jung]
+
+ *) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
+ redirects, subsequent ProxyPassReverse statements, whether they are
+ relative or absolute, may fail. PR 60408. [Peter Haworth <pmh1wheel gmail.com>]
+
+ *) mod_ratelimit: Don't interfere with "chunked" encoding, fixing regression
+ introduced in 2.4.34. PR 62568. [Yann Ylavic]
+
+ *) mod_proxy_http: forward 100-continue, and minimize race conditions when
+ reusing backend connections. PR 60330. [Yann Ylavic, Jean-Frederic Clere]
+
+ *) mod_proxy: Remove load order and link dependency between mod_lbmethod_*
+ modules and mod_proxy. PR 62557. [Ruediger Pluem, William Rowe]
+
+ *) mod_md: more robust handling of http-01 challenges and hands-off when module
+ should not be involved, e.g. challenge setup by another ACME client. [Stefan Eissing]
+
+ *) ru, zh-cn and zh-tw translations of errordocs have been added.
+ Contributed by Alexander Gaganashvili and CodeingBoy
+
*) mod_userdir: If several directories are given in a UserDir directive, only files
in the first existing one are checked. If the file is not found there, the
other possible directories are not checked. The doc clearly states that they
performed. PR 59636.
[Christophe Jaillet]
- *) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
- ProxyPassReverseCookiePath directive could fail to update correctly
- 'domain=' or 'path=' in the 'Set-Cookie' header. PR 61560.
- [Christophe Jaillet]
-
- *) mod_slotmem_shm: Add generation number to shm filename to fix races
- with graceful restarts. PRs 62044 and 62308. [Jim Jagielski, Yann Ylavic]
-
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration. PR62311.
[Hank Ibell <hwibell gmail.com>]
PKCS#11 OpenSSL engine. [Anderson Sasaki <ansasaki redhat.com>,
Joe Orton]
- *) mod_proxy_html: Fix variable interpolation and memory allocation failure
- in ProxyHTMLURLMap. [Ewald Dieterich <ewald mailbox.org>]
-
- *) core: In ONE_PROCESS/debug mode, cleanup everything when exiting.
- [Yann Ylavic]
-
- *) mod_http2: restoring the v1.10.16 keepalive timeout behavioud of mod_http2 (to be verified).
- [Stefan Eissing]
-
*) mod_http2: adding an abort function to slave connections' pools, so out-of-memory
events lead to a control process abort, as on HTTP/1.x connections. [Stefan Eissing]
*) http: LimitRequestBody applies to proxied requests. [Yann Ylavic]
- *) mod_proxy_http: Fix response header thrown away after the previous one
- was considered too large and truncated. PR 62196. [Yann Ylavic]
-
- *) core: Add and handle AP_GETLINE_NOSPC_EOL flag for ap_getline() family
- of functions to consume the end of line when the buffer is exhausted.
- PR 62198. [Yann Ylavic]
-
- *) mod_xml2enc: Fix forwarding of error metadata/responses. PR 62180.
- [Micha Lenk <micha lenk.info>, Yann Ylavic]
-
- *) mod_proxy_http: Add new worker parameter 'responsefieldsize' to
- allow maximum HTTP response header size to be increased past 8192
- bytes. PR62199. [Hank Ibell <hwibell gmail.com>]
-
- *) mod_proxy_balancer: Add hot spare member type and corresponding flag (R). Hot spare members are
- used as drop-in replacements for unusable workers in the same load balancer set. This differs
- from hot standbys which are only used when all workers in a set are unusable. PR 61140. [Jim
- Riggs]
-
*) mod_logio: Add LogIOTrackTTFU and %^FU logformat to log the time
difference between request start and last request body byte read (finished upload).
[Rainer Jung]
TLSv1.2 or lower ciphers are not relevant, as cipher suites are completely separate.
This means there is a bit if a world split when simultaneously having TLSv1.2 and TLSv1.3
connections to the same server.
- [Stefan Eissing]
+ [Yann Ylavic, Stefan Eissing]
*) mod_ssl: proper checks for libressl 2.07/8 and its TLSv1_3 support, see PR 62236.
[Bernard Spil <brnrd@freebsd.org>]
associated with an active connection in the "ACC" field. Previously
zero was always reported with this MPM. PR60647. [Eric Covener]
- *) mod_remoteip: When overriding the useragent address from X-Forwarded-For,
- zero out what had been initialized as the connection-level port. PR59931.
- [Hank Ibell <hwibell gmail.com>]
-
*) mod_proxy_wstunnel: Reliably run before mod_proxy_http.
[Eric Covener]
*) mod_status, mod_echo: Fix the display of client addresses.
They were truncated to 31 characters which is not enough for IPv6 addresses.
- PR 54848 [Bernhard Schmidt <berni birkenwald de>]
+ This is done by deprecating the use of the 'client' field and using
+ the new 'client64' field in worker_score.
+ PR 54848 [Bernhard Schmidt <berni birkenwald de>, Jim Jagielski]
*) core: merge AllowEncodedSlashes from the base configuration into
virtual hosts. [Eric Covener]
- mod_socache_shmcb, mod_socache_dbm: shared memory or dbm for cache
[Jeff Trawick]
- *) suexec: Add --enable-suexec-capabilites support on Linux, to use
- setuid/setgid capability bits rather than a setuid root binary.
- [Joe Orton]
-
- *) suexec: Add support for logging to syslog as an alternative to logging
- to a file; configure --without-suexec-logfile --with-suexec-syslog.
- [Joe Orton]
-
*) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210.
[Matthew Steele <mdsteele google.com>]
projects / apache / blobdiff