-*- coding: utf-8 -*-
Changes with Apache 2.5.0
- *) mod_auth_basic: Add AuthBasicUseDigestAlgorithm directive to
- allow migration of passwords from digest to basic authentication.
- [Chris Darroch]
+ *) mod_rewrite: Rename the handler that does per-directory internal
+ redirects to "rewrite-redirect-handler" from "redirect-handler" so
+ it is less ambiguous and less likely to be reused. [Eric Covener]
- *) core: Add util_fcgi.h and associated definitions and support
- routines for FastCGI, based largely on mod_proxy_fcgi.
+ *) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
+ that was just rewritten by mod_rewrite. PR53929. [Eric Covener]
+
+ *) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping
+ execution when a handler is already set. PR53929. [Eric Covener]
+
+ *) mod_rewrite: Protect against looping with the [N] flag by enforcing a
+ default limit of 10000 iterations, and allowing each rule to change its
+ limit. [Eric Covener]
+
+ *) mod_ssl: Fix config merging of SSLOCSPEnable and SSLOCSPOverrideResponder.
[Jeff Trawick]
- *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
+ *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
+ [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
+
+ *) core: Support named groups and backreferences within the LocationMatch,
+ DirectoryMatch, FilesMatch and ProxyMatch directives. [Graham Leggett]
+
+ *) mod_ssl: Remove the hardcoded algorithm-type dependency for the
+ SSLCertificateFile and SSLCertificateKeyFile directives, to enable
+ future algorithm agility, and deprecate the SSLCertificateChainFile
+ directive (obsoleted by SSLCertificateFile). [Kaspar Brand]
+
+ *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
+ 5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]
+
+ *) mod_auth_form: Add a debug message when the fields on a form are not
+ recognised. [Graham Leggett]
+
+ *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
+ configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
+ [Jan Kaluza]
+
+ *) mod_headers: Allow the "value" parameter of Header and RequestHeader to
+ contain an ap_expr expression if prefixed with "expr=". [Eric Covener]
+
+ *) Add suspend_connection and resume_connection hooks to notify modules
+ when the thread/connection relationship changes. (Currently implemented
+ only for the Event MPM; should be implemented for all async MPMs.)
+ [Jeff Trawick]
+
+ *) mod_ssl: Don't flush when an EOS is received. Prepares mod_ssl
+ to support write completion. [Graham Leggett]
+
+ *) prefork: Fix long delays when doing a graceful restart.
+ PR 54852 [Jim Jagielski, Arkadiusz Miskiewicz <arekm maven pl>]
+
+ *) core: Add parse_errorlog_arg callback to ap_errorlog_provider
+ to allow providers to check the ErrorLog argument. [Jan Kaluza]
+
+ *) core: Detect incomplete body in HTTP input filter and return
+ APR_INCOMPLETE. PR 55475 [Yann Ylavic <ylavic dev gmail com>]
+
+ *) mod_cgid: Use the servers Timeout for each read from a CGI script,
+ allow override with new CGIDRequestTimeout directive. PR43494
+ [Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>]
+
+ *) core: Add missing Reason-Phrase in HTTP response headers.
+ PR 54946. [Rainer Jung]
+
+ *) core: ensure any abnormal exit is reported to stderr if it's a tty.
+ PR 55670 [Nick Kew]
+
+ *) mod_proxy: Added support for unix domain sockets as the
+ backend server endpoint [Jim Jagielski, Blaise Tarr
+ <blaise tarr gmail com>]
+
+ *) mod_auth_form: Make sure the optional functions are loaded even when
+ the AuthFormProvider isn't specified. [Graham Leggett]
+
+ *) mod_lua: Let the Inter-VM get/set functions work with a global
+ shared memory pool instead of a per-process pool. [Daniel Gruno]
+
+ *) ldap: Support ldaps when using the Microsoft LDAP SDK.
+ PR 54626. [Jean-Frederic Clere]
+
+ *) mod_proxy: Add ap_connection_reusable() for checking if a connection
+ is reusable as of this point in processing. [Jeff Trawick]
+
+ *) mod_authnz_ldap: Change default value of AuthLDAPMaxSubGroupDepth to 0
+ to avoid performance problems when subgroups aren't in use. [Eric Covener]
+
+ *) mod_syslog: New module implementing syslog ap_error_log provider.
+ Previously, this code was part of core, now it's in separate module.
+ [Jan Kaluza]
+
+ *) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move
+ syslog support from core to new mod_syslog. [Jan Kaluza]
+
+ *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
+ TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]
+
+ *) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
+ 30 seconds timeout. [Jan Kaluza]
+
+ *) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
+ save the socket for reuse by the next worker as if it were an
+ APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]
+
+ *) mod_lua: Add a logging hook for modifying/skipping logs. [Daniel Gruno]
+
+ *) mod_status, mod_echo: Fix the display of client addresses.
+ They were truncated to 31 characters which is not enough for IPv6 addresses.
+ PR 54848 [Bernhard Schmidt <berni birkenwald de>]
+
+ *) mod_lua: If the first yield() of a LuaOutputFilter returns a string, it should
+ be prefixed to the response as documented. [Eric Covener]
+
+ *) mod_lua: Remove ETAG, Content-Length, and Content-MD5 when a LuaOutputFilter
+ is configured without mod_filter. [Eric Covener]
+
+ *) mod_lua: Register LuaOutputFilter scripts as changing the content and
+ content-length by default, when run my mod_filter. Previously,
+ growing or shrinking a response that started with Content-Length set
+ would require mod_filter and FilterProtocol change=yes. [Eric Covener]
+
+ *) mod_lua: Return a 500 error if a LuaHook* script doesn't return a
+ numeric return code. [Eric Covener]
+
+ *) mod_authnz_fcgi: New module to enable FastCGI authorizer
+ applications to authenticate and/or authorize clients.
[Jeff Trawick]
- *) ab: Fix potential buffer overflows when processing the T and X
- command-line options. PR 55360.
- [Mike Rumph <mike.rumph oracle.com>]
+ *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
+ [Jeff Trawick]
*) mod_unique_id: Use output of the PRNG rather than IP address and
pid, avoiding sleep() call and possible DNS issues at startup,
plus improving randomness for IPv6-only hosts.
[Jan Kaluza <jkaluza redhat.com>]
- *) core: Log a message at TRACE1 when the client aborts a connection.
- [Eric Covener]
-
*) mod_authnz_ldap: Support primitive LDAP servers that do not accept
filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
filter "none" to be specified in AuthLDAPURL. [Eric Covener]
*) core: merge AllowEncodedSlashes from the base configuration into
virtual hosts. [Eric Covener]
- *) mod_headers: Add 'setifempty' command to Header and RequestHeader.
- [Eric Covener]
-
*) AIX: Install DSO's with "cp" instead of "install" in instdso.sh
[Eric Covener]
- *) mod_ldap: Retry transient LDAP connection errors when they occur
- during the authorization stage.
- [Eric Covener]
-
*) mod_ldap: Don't keep retrying if a new LDAP connection times out.
[Eric Covener]
problems if used with round robin load balancers). Don't regenerate the
secret on graceful restarts. PR 54637 [Stefan Fritsch]
- *) ab: Add a new -l parameter in order not to check the length of the responses.
- This can be usefull with dynamic pages.
- PR9945, PR27888, PR42040 [<ccikrs1 cranbrook edu>]
-
- *) mod_logio: new format-specifier %C (combined) which is the sum of received
- and sent byte counts.
- PR54015 [Christophe Jaillet]
-
*) core: Remove apr_brigade_flatten(), buffering and duplicated code
from the HTTP_IN filter, parse chunks in a single pass with zero copy.
Reduce memory usage by 48 bytes per request. [Graham Leggett]
*) core: Correctly parse an IPv6 literal host specification in an absolute
URL in the request line. [Stefan Fritsch]
- *) mod_ssl: Add support for OpenSSL configuration commands [Stephen Henson]
-
*) EventOpt MPM
*) core: Add LogLevelOverride directive that allows to override the
*) mod_systemd: New module, for integration with systemd on Linux.
[Jan Kaluza <jkaluza redhat.com>]
- *) core: Add pre_htaccess hook, allowing mpm-itk
- to be used without patches to httpd core. [Jeff Trawick]
-
*) WinNT MPM: Store pid and generation for each thread in scoreboard
to allow tracking of threads from exiting children via mod_status
or other such mechanisms. [Jeff Trawick]
- *) mod_ssl: Catch missing or mismatched client cert/key pairs with
- SSLProxyMachineCertificateFile/Path directives. PR 52212.
- [Keith Burdis <keith burdis.org>, Joe Orton]
-
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
- APIs: ap_log_pid(), ap_remove_pid, ap_read_pid()
- core: the scoreboard (ScoreBoardFile), pid file (PidFile), and