Changes with Apache 2.3.0
[ When backported to 2.2.x, remove entry from this file ]
+ *) Allow for smax to be 0 for balancer members so that all idle
+ connections are able to be dropped should they exceed ttl.
+ PR 43371 [Phil Endecott <spam_from_apache_bugzilla chezphil.org>,
+ Jim Jagielski]
+
+ *) mod_proxy_ajp: Fix wrongly formatted requests where client
+ sets Content-Length header, but doesn't provide a body.
+ Servlet container always expects that next packet is
+ body whenever C-L is present in the headers. This can lead
+ to wrong interpretation of the packets. In this case
+ send the empty body packet, so container can deal with
+ that. [Mladen Turk]
+
+ *) mod_authnz_ldap: don't return NULL-valued environment variables to
+ other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
+
+ *) Don't adjust case in pathname components that are not of interest
+ to mod_mime. Fixes mod_negotiation's use of such components.
+ PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
+
+ *) Add new LogFormat parameter, %k, which logs the number of
+ keepalive requests on this connection for this request..
+ [Dan Poirier <poirier pobox.com>]
+
+ *) Be tolerant in what you accept - accept slightly broken
+ status lines from a backend provide they include a valid status code.
+ PR 44995 [Rainer Jung <rainer.jung kippdata.de>]
+
+ *) New module mod_sed: filter Request/Response bodies through sed
+ [Basant Kumar Kukreja <basant.kukreja sun.com>]
+
+ *) mod_auth_form: Make sure that basic authentication is correctly
+ faked directly after login. [Graham Leggett]
+
+ *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
+ within the output headers and error output headers, so that the
+ session is maintained across redirects. [Graham Leggett]
+
+ *) mod_auth_form: Make sure the logged in user is populated correctly
+ after a form login. Fixes a missing REMOTE_USER variable directly
+ following a login. [Graham Leggett]
+
+ *) mod_session_cookie: Make sure that cookie attributes are correctly
+ included in the blank cookie when cookies are removed. This fixes an
+ inability to log out when using mod_auth_form. [Graham Leggett]
+
+ *) mod_autoindex: add configuration option to insert string
+ in HTML HEAD. [Nick Kew]
+
+ *) mod_ssl: implement dynamic mutex callbacks for the benefit of
+ OpenSSL. [Sander Temme]
+
+ *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
+ null value. [David Shane Holden <dpejesh apache.org>]
+
+ *) mod_headers: Prevent Header edit from processing only the first header
+ of possibly multiple headers with the same name and deleting the
+ remaining ones. PR 45333. [Ruediger Pluem]
+
+ *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
+ [Tom Donovan]
+
+ *) core, authn/z: Determine registered authn/z providers directly in
+ ap_setup_auth_internal(), which allows optional functions that just
+ wrapped ap_list_provider_names() to be removed from authn/z modules.
+ [Chris Darroch]
+
+ *) authn/z: Convert common provider version strings to macros.
+ [Chris Darroch]
+
+ *) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
+
+ *) configure: Don't reject libtool 2.x
+ PR 44817 [Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA gmail.com>]
+
+ *) core: When testing for slash-terminated configuration paths in
+ ap_location_walk(), don't look past the start of an empty string
+ such as that created by a <Location ""> directive.
+ [Chris Darroch]
+
+ *) core, mod_proxy: If a kept_body is present, it becomes safe for
+ subrequests to support message bodies. Make sure that safety
+ checks within the core and within the proxy are not triggered
+ when kept_body is present. This makes it possible to embed
+ proxied POST requests within mod_include. [Graham Leggett]
+
*) mod_auth_form: Make sure the input filter stack is properly set
up before reading the login form. Make sure the kept body filter
is correctly inserted to ensure the body can be read a second
time safely should the authn be successful. [Graham Leggett,
- Rüdiger Pluem]
+ Ruediger Pluem]
*) mod_request: Insert the KEPT_BODY filter via the insert_filter
hook instead of during fixups. Add a safety check to ensure the
filters cannot be inserted more than once. [Graham Leggett,
- Rüdiger Pluem]
+ Ruediger Pluem]
*) core: Do not allow Options ALL if not all options are allowed to be
overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
Introduce wrappers for access control hook and provider registration
which can accept additional mode and flag data. [Chris Darroch]
- *) mod_dav: Return "method not allowed" if the destination URI of a WebDAV
- copy / move operation is no DAV resource. PR 44734 [Ruediger Pluem]
-
*) Introduced ap_expr API for expression evaluation.
This is adapted from mod_include, which is the first module
to use the new API.
first row returned by database query instead of last row.
[Chris Darroch]
- *) mod_rewrite: Initialize hash needed by ap_register_rewrite_mapfunc early
- enough. PR 44641 [Daniel Lescohier <daniel.lescohier cnet.com>]
-
- *) mod_cache: Handle If-Range correctly if the cached resource was stale.
- PR 44579 [Ruediger Pluem]
-
*) mod_ldap: Correctly return all requested attribute values
when some attributes have a null value.
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
*) core: fix origin checking in SymlinksIfOwnerMatch
PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
- *) mod_proxy: Do not try a direct connection if the connection via a
- remote proxy failed before and the request has a request body.
- [Ruediger Pluem]
-
- *) Added 'disablereuse' option for ProxyPass which, essentially,
- disables connection pooling for the backend servers.
- [Jim Jagielski]
-
*) Activate mod_cache, mod_file_cache and mod_disc_cache as part of the
'most' set for '--enable-modules' and '--enable-shared-mods'. Include
mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
mod_cache et.al. to trap the results of the redirect.
[Dirk-Willem van Gulik, Ruediger Pluem]
- *) mod_proxy_ajp: Do not retry request in the case that we either failed to
- sent a part of the request body or if the request is not idempotent.
- PR 44334 [Ruediger Pluem]
-
*) mod_ldap: Add support (taking advantage of the new APR capability)
for ldap rebind callback while chasing referrals. This allows direct
searches on LDAP servers (in particular MS Active Directory 2003+)
using referrals without the use of the global catalog.
PRs 26538, 40268, and 42557 [Paul J. Reder]
- *) Support chroot on Unix-family platforms
- PR 43596 [Dimitar Pashev <mitko banksoft-bg.com>]
-
*) mod_ssl: Added server name indication support (SNI, RFC 4366).
PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
can be created with test/make_sni.sh [Dirk-Willem van Gulik].
all running instances before attempting to remove the .exe.
[William Rowe]
- *) mod_proxy: Lower memory consumption for short lived connections.
- PR 44026. [Ruediger Pluem]
-
- *) mod_proxy: Keep connections to the backend persistent in the HTTPS case.
- [Ruediger Pluem]
-
*) mod_ssl: Add support for OCSP validation of client certificates.
PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton]
- *) mod_unique_id: Fix timestamp value in UNIQUE_ID.
- PR 37064 [Kobayashi <kobayashi firstserver.co.jp>]
-
*) mod_serf: New module for Reverse Proxying. [Paul Querna]
*) core: Add the option to keep aside a request body up to a certain
*) mpm winnt: fix null pointer dereference
PR 42572 [Davi Arnaut]
- *) core: reinstate location walk to fix config for subrequests
- PR 41960 [Jose Kahan <jose w3.org>]
-
*) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
parameters to the environment. Improve portability to
EBCDIC machines by using apr_toupper(). [Martin Kraemer]
*) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
- *) ab: Add -r option to continue after socket receive errors.
- [Filip Hanik <devlist hanik.com>]
-
*) mod_ldap: Fix the search limit parameter to ldap_search_ext_s()
for SDKs that define LDAP_NO_LIMIT to something other than -1.
[David Jones <oscaremma gmail.com>]
to circumvent the symbolic link checks imposed by FollowSymLinks and
SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
- *) mod_proxy: Support environment variable interpolation in reverse
- proxying directives. [Nick Kew]
-
- *) core: Add the filename of the configuration file to the warning message
- about the useless use of AllowOverride. PR 39992.
- [Darryl Miles <darryl darrylmiles.org>]
-
*) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
The default is none as this is far greater debugging resolution than
projects / apache / blobdiff