Changes with Apache 2.3.0
[ When backported to 2.2.x, remove entry from this file ]
- *) Introduced ap_expr API for expression evaluation.
+ *) Allow for smax to be 0 for balancer members so that all idle
+ connections are able to be dropped should they exceed ttl.
+ PR 43371 [Phil Endecott <spam_from_apache_bugzilla chezphil.org>,
+ Jim Jagielski]
- *) mod_authz_dbd: When redirecting after successful login/logout per
- AuthzDBDRedirectQuery, do not report authorization failure, and use
- first row returned by database query instead of last row.
+ *) mod_proxy_ajp: Fix wrongly formatted requests where client
+ sets Content-Length header, but doesn't provide a body.
+ Servlet container always expects that next packet is
+ body whenever C-L is present in the headers. This can lead
+ to wrong interpretation of the packets. In this case
+ send the empty body packet, so container can deal with
+ that. [Mladen Turk]
+
+ *) mod_authnz_ldap: don't return NULL-valued environment variables to
+ other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
+
+ *) Don't adjust case in pathname components that are not of interest
+ to mod_mime. Fixes mod_negotiation's use of such components.
+ PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
+
+ *) Add new LogFormat parameter, %k, which logs the number of
+ keepalive requests on this connection for this request..
+ [Dan Poirier <poirier pobox.com>]
+
+ *) Be tolerant in what you accept - accept slightly broken
+ status lines from a backend provide they include a valid status code.
+ PR 44995 [Rainer Jung <rainer.jung kippdata.de>]
+
+ *) New module mod_sed: filter Request/Response bodies through sed
+ [Basant Kumar Kukreja <basant.kukreja sun.com>]
+
+ *) mod_auth_form: Make sure that basic authentication is correctly
+ faked directly after login. [Graham Leggett]
+
+ *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
+ within the output headers and error output headers, so that the
+ session is maintained across redirects. [Graham Leggett]
+
+ *) mod_auth_form: Make sure the logged in user is populated correctly
+ after a form login. Fixes a missing REMOTE_USER variable directly
+ following a login. [Graham Leggett]
+
+ *) mod_session_cookie: Make sure that cookie attributes are correctly
+ included in the blank cookie when cookies are removed. This fixes an
+ inability to log out when using mod_auth_form. [Graham Leggett]
+
+ *) mod_autoindex: add configuration option to insert string
+ in HTML HEAD. [Nick Kew]
+
+ *) mod_ssl: implement dynamic mutex callbacks for the benefit of
+ OpenSSL. [Sander Temme]
+
+ *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
+ null value. [David Shane Holden <dpejesh apache.org>]
+
+ *) mod_headers: Prevent Header edit from processing only the first header
+ of possibly multiple headers with the same name and deleting the
+ remaining ones. PR 45333. [Ruediger Pluem]
+
+ *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
+ [Tom Donovan]
+
+ *) core, authn/z: Determine registered authn/z providers directly in
+ ap_setup_auth_internal(), which allows optional functions that just
+ wrapped ap_list_provider_names() to be removed from authn/z modules.
[Chris Darroch]
- *) mod_rewrite: Initialize hash needed by ap_register_rewrite_mapfunc early
- enough. PR 44641 [Daniel Lescohier <daniel.lescohier cnet.com>]
+ *) authn/z: Convert common provider version strings to macros.
+ [Chris Darroch]
+
+ *) ab: Make ab.c compile on VC6. PR 45024 [Ruediger Pluem]
+
+ *) configure: Don't reject libtool 2.x
+ PR 44817 [Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA gmail.com>]
- *) mod_authn_dbd: Disambiguate and tidy database authentication
- error messages. PR 43210. [Chris Darroch, Phil Endecott
- <spam_from_apache_bugzilla chezphil.org>]
+ *) core: When testing for slash-terminated configuration paths in
+ ap_location_walk(), don't look past the start of an empty string
+ such as that created by a <Location ""> directive.
+ [Chris Darroch]
- *) mod_cache: Handle If-Range correctly if the cached resource was stale.
- PR 44579 [Ruediger Pluem]
+ *) core, mod_proxy: If a kept_body is present, it becomes safe for
+ subrequests to support message bodies. Make sure that safety
+ checks within the core and within the proxy are not triggered
+ when kept_body is present. This makes it possible to embed
+ proxied POST requests within mod_include. [Graham Leggett]
+
+ *) mod_auth_form: Make sure the input filter stack is properly set
+ up before reading the login form. Make sure the kept body filter
+ is correctly inserted to ensure the body can be read a second
+ time safely should the authn be successful. [Graham Leggett,
+ Ruediger Pluem]
+
+ *) mod_request: Insert the KEPT_BODY filter via the insert_filter
+ hook instead of during fixups. Add a safety check to ensure the
+ filters cannot be inserted more than once. [Graham Leggett,
+ Ruediger Pluem]
+
+ *) core: Do not allow Options ALL if not all options are allowed to be
+ overwritten. PR 44262 [Michał Grzędzicki <lazy iq.pl>]
+
+ *) ap_cache_cacheable_headers_out() will (now) always
+ merge an error heaeders _before_ clearing them and _before_
+ merging in the actual entity headers and doing normal
+ hop-by-hop cleansing. [Dirk-Willem van Gulik].
+
+ *) cache: retire ap_cache_cacheable_hdrs_out() which was used
+ for both in- and out-put headers; and replace it by a single
+ ap_cache_cacheable_headers() wrapped in a in- and out-put
+ specific ap_cache_cacheable_headers_in()/out(). The latter
+ which will also merge error and ensure content-type. To keep
+ cache modules consistent with ease. This API change bumps
+ up the minor MM by one [Dirk-Willem van Gulik].
+
+ *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
+ PR 44799 [Christian Wenz <christian wenz.org>]
+
+ *) Move the KeptBodySize directive, kept_body filters and the
+ ap_parse_request_body function out of the http module and into a
+ new module called mod_request, reducing the size of the core.
+ [Graham Leggett]
+
+ *) mod_dbd: Handle integer configuration directive parameters with a
+ dedicated function.
+
+ *) Change the directives within the mod_session* modules to be valid
+ both inside and outside the location/directory sections, as
+ suggested by wrowe. [Graham Leggett]
+
+ *) mod_auth_form: Add a module capable of allowing end users to log
+ in using an HTML form, storing the credentials within mod_session.
+ [Graham Leggett]
+
+ *) Add a function to the http filters that is able to parse an HTML
+ form request with the type of application/x-www-form-urlencoded.
+ [Graham Leggett]
+
+ *) mod_session_crypto: Initialise SSL in the post config hook.
+ [Ruediger Pluem, Graham Leggett]
+
+ *) mod_session_dbd: Add a session implementation capable of storing
+ session information in a SQL database via the dbd interface. Useful
+ for sites where session privacy is important. [Graham Leggett]
+
+ *) mod_session_crypto: Add a session encoding implementation capable
+ of encrypting and decrypting sessions wherever they may be stored.
+ Introduces a level of privacy when sessions are stored on the
+ browser. [Graham Leggett]
+
+ *) mod_session_cookie: Add a session implementation capable of storing
+ session information within cookies on the browser. Useful for high
+ volume sites where server bound sessions are too resource intensive.
+ [Graham Leggett]
+
+ *) mod_session: Add a generic session interface to unify the different
+ attempts at saving persistent sessions across requests.
+ [Graham Leggett]
+
+ *) core, authn/z: Avoid calling access control hooks for internal requests
+ with configurations which match those of initial request. Revert to
+ original behaviour (call access control hooks for internal requests
+ with URIs different from initial request) if any access control hooks or
+ providers are not registered as permitting this optimization.
+ Introduce wrappers for access control hook and provider registration
+ which can accept additional mode and flag data. [Chris Darroch]
- *) mod_speling: remove regression from 1.3/2.0 behavior and
- drop dependency between mod_speling and AcceptPathInfo.
- PR 43562 [Jose Kahan <jose w3.org>]
+ *) Introduced ap_expr API for expression evaluation.
+ This is adapted from mod_include, which is the first module
+ to use the new API.
+ [Nick Kew]
+
+ *) mod_authz_dbd: When redirecting after successful login/logout per
+ AuthzDBDRedirectQuery, do not report authorization failure, and use
+ first row returned by database query instead of last row.
+ [Chris Darroch]
*) mod_ldap: Correctly return all requested attribute values
when some attributes have a null value.
*) core: fix origin checking in SymlinksIfOwnerMatch
PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
- *) rotatelogs: Added '-f' option to force rotatelogs to create the
- logfile as soon as started, and not wait until it reads the
- first entry. [Jim Jagielski]
-
- *) mod_proxy: Do not try a direct connection if the connection via a
- remote proxy failed before and the request has a request body.
- [Ruediger Pluem]
-
- *) mod_substitute: The default is now flattening the buckets after
- each substitution. This was mostly done to abide by the
- Principle Of Least Astonishment. The newly added 'q' flag allows for
- the quicker, more efficient bucket-splitting if the user so
- desires. [Jim Jagielski]
-
- *) Added 'disablereuse' option for ProxyPass which, essentially,
- disables connection pooling for the backend servers.
- [Jim Jagielski]
-
*) Activate mod_cache, mod_file_cache and mod_disc_cache as part of the
'most' set for '--enable-modules' and '--enable-shared-mods'. Include
mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
mod_cache et.al. to trap the results of the redirect.
[Dirk-Willem van Gulik, Ruediger Pluem]
- *) ab: Use a 64 bit unsigned int instead of a signed long to count the
- bytes transferred to avoid integer overflows. PR 44346 [Ruediger Pluem]
-
- *) mod_proxy_ajp: Do not retry request in the case that we either failed to
- sent a part of the request body or if the request is not idempotent.
- PR 44334 [Ruediger Pluem]
-
- *) ProxyPassReverse is now balancer aware. [Jim Jagielski]
-
- *) rotatelogs: Don't leak memory when reopening the logfile.
- PR 40183 [Ruediger Pluem, Takashi Sato <serai lans-tv.com>]
-
*) mod_ldap: Add support (taking advantage of the new APR capability)
for ldap rebind callback while chasing referrals. This allows direct
searches on LDAP servers (in particular MS Active Directory 2003+)
using referrals without the use of the global catalog.
PRs 26538, 40268, and 42557 [Paul J. Reder]
- *) ab: Do not try to read non existing response bodies of HEAD requests.
- PR 34275 [Takashi Sato <serai lans-tv.com>]
-
- *) Support chroot on Unix-family platforms
- PR 43596 [Dimitar Pashev <mitko banksoft-bg.com>]
-
- *) mod_proxy_http: Return HTTP status codes instead of apr_status_t
- values for errors encountered while forwarding the request body
- PR 44165 [Eric Covener]
-
*) mod_ssl: Added server name indication support (SNI, RFC 4366).
PR 34607. [Kaspar Brand <asfbugz velox.ch>]. A test configuration
can be created with test/make_sni.sh [Dirk-Willem van Gulik].
all running instances before attempting to remove the .exe.
[William Rowe]
- *) mod_proxy: Lower memory consumption for short lived connections.
- PR 44026. [Ruediger Pluem]
-
- *) mod_proxy: Keep connections to the backend persistent in the HTTPS case.
- [Ruediger Pluem]
-
- *) rotatelogs: Improve atomicity when using -l and cleaup code.
- PR 44004 [Rainer Jung]
-
*) mod_ssl: Add support for OCSP validation of client certificates.
PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton]
- *) mod_unique_id: Fix timestamp value in UNIQUE_ID.
- PR 37064 [Kobayashi <kobayashi firstserver.co.jp>]
-
*) mod_serf: New module for Reverse Proxying. [Paul Querna]
*) core: Add the option to keep aside a request body up to a certain
*) mpm winnt: fix null pointer dereference
PR 42572 [Davi Arnaut]
- *) core: reinstate location walk to fix config for subrequests
- PR 41960 [Jose Kahan <jose w3.org>]
-
- *) mod_log_config: Add format options for %p so that the actual local
- or remote port can be logged. PR 43415. [Adam Hasselbalch Hansen
- <ahh@one.com>, Ruediger Pluem, Jeff Trawick]
-
*) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
parameters to the environment. Improve portability to
EBCDIC machines by using apr_toupper(). [Martin Kraemer]
*) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
- *) ab: Add -r option to continue after socket receive errors.
- [Filip Hanik <devlist hanik.com>]
-
*) mod_ldap: Fix the search limit parameter to ldap_search_ext_s()
for SDKs that define LDAP_NO_LIMIT to something other than -1.
[David Jones <oscaremma gmail.com>]
to circumvent the symbolic link checks imposed by FollowSymLinks and
SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
- *) mod_proxy: Support environment variable interpolation in reverse
- proxying directives. [Nick Kew]
-
- *) core: Add the filename of the configuration file to the warning message
- about the useless use of AllowOverride. PR 39992.
- [Darryl Miles <darryl darrylmiles.org>]
-
*) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
The default is none as this is far greater debugging resolution than
projects / apache / blobdiff