-*- coding: utf-8 -*-
Changes with Apache 2.5.0
- *) mod_http2: incrementing keepalives on each request started so that logging
- %k gives increasing numbers per master http2 connection.
- New documented variables in env, usable in custom log formats: H2_PUSH,
- H2_PUSHED, H2_PUSHED_ON, H2_STREAM_ID and H2_STREAM_TAG.
- [Stefan Eissing]
+ *) mod_reqtimeout: Fix body timeout disabling for CONNECT requests to avoid
+ triggering mod_proxy_connect's AH01018 once the tunnel is established.
+ [Yann Ylavic]
- *) core: Do not read .htaccess if AllowOverride and AllowOverrideList
- are "None". PR 58528.
- [Michael Schlenker <msc contact.de, Ruediger Pluem, Daniel Ruggeri]
+ *) mod_proxy_balancer: Prevent redirect loops between workers within a
+ balancer by limiting the number of redirects to the number balancer
+ members. PR 59864 [Ruediger Pluem]
- *) mod_proxy_express: Fix possible use of DB handle after close. PR 59230.
- [Petr <pgajdos suse.cz>]
+ *) mod_proxy: Correctly consider error response codes by the backend when
+ processing failonstatus. PR 59869 [Ruediger Pluem]
- *) mod_http2: more efficient passing of response bodies with less contention
- and file bucket forwarding. [Stefan Eissing]
+ *) mod_proxy_fcgi: avoid loops when ProxyErrorOverride is enabled
+ and the error documents are proxied. PR 55415. [Luca Toscano]
- *) mod_proxy_http2: using HTTP/2 flow control for backend streams by
- observing data actually send out on the frontend h2 connection.
- [Stefan Eissing]
+ *) mod_proxy_fcgi: read the whole FCGI response even when the content has
+ not been modified (HTTP 304) to avoid subsequent bogus reads and
+ confusing error messages logged. [Luca Toscano]
- *) mpm: Generalise the ap_mpm_register_socket functions to accept pipes
- or sockets. [Graham Leggett]
+ *) mod_crypto: Add the all purpose crypto filters with support for HLS.
+ [Graham Leggett]
- *) mod_rewrite: Don't implicitly URL-escape the original query string
- when no substitution has changed it (like PR50447 but server context)
- [Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
+ *) ab: Add option -I to use the Server Name Indication (SNI) extension on
+ outgoing TLS connections, according to the Host header (if any) or the
+ requested URL's hostname otherwise. [Yann Ylavic]
- *) core: New CGIVar directive can configure REQUEST_URI to represent the
- current URI being processed instead of always the original request.
- [Jeff Trawick]
+ *) mod_ssl: reset client-verify state of ssl when aborting renegotiations.
+ [Erki Aring <erki@example.ee>, Stefan Eissing]
+
+ *) mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data
+ available before the request is sent. PR 57832. [Yann Ylavic]
+
+ *) mod_sed: Fix 'x' command processing. [Christophe Jaillet]
+
+ *) core: Drop an invalid Last-Modified header value coming
+ from a FCGI/CGI script instead of replacing it with Unix epoch.
+ Warn the users about Last-Modified header value replacements and
+ improved handling of non-GMT datestr.
+ [Yann Ylavic, Luca Toscano]
+
+ *) mod_dav: Allow other modules to become providers and add ACLs
+ to the DAV response.
+ [Jari Urpalainen <jari.urpalainen nokia.com>, Graham Leggett]
+
+ *) mod_dav: Add dav_begin_multistatus, dav_send_one_response,
+ dav_finish_multistatus, dav_send_multistatus, dav_handle_err,
+ dav_failed_proppatch, dav_success_proppatch to mod_dav.h.
+ [Jari Urpalainen <jari.urpalainen nokia.com>, Graham Leggett]
+
+ *) core: Add -DDUMP_INCLUDES configtest option to show the tree
+ of Included configuration files. [Jacob Champion <champion.pxi gmail.com>]
+
+ *) mod_dav: Add support for childtags to dav_error.
+ [Jari Urpalainen <jari.urpalainen nokia.com>]
+
+ *) mod_proxy, mod_ssl: Handle SSLProxy* directives in <Proxy> sections,
+ allowing per backend TLS configuration. [Yann Ylavic]
+
+ *) core: explicitly exclude 'h2' from protocols announced via an Upgrade:
+ header as commanded by http-wg. [Stefan Eissing]
+
+ *) http: Respond with "408 Request Timeout" when a timeout occurs while
+ reading the request body. [Yann Ylavic]
+
+ *) scoreboard/status: Keep workers' previous Client, VHost and Request values
+ when idle, like in 2.4.18 and earlier. [Yann Ylavic]
+
+ *) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy
+ AJP13 authentication. PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>]
+
+ *) mpm_event: Don't take over scoreboard slots from gracefully finishing
+ threads. [Stefan Fritsch]
- *) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the
- request for the SSI document. [Jeff Trawick]
+ *) mod_status: Display the process slot number in the async connection
+ overview. [Stefan Fritsch]
+
+ *) mpm_event, mpm_worker: Fix computation of MinSpareThreads' lower bound
+ according the number of listeners buckets. [Yann Ylavic]
+
+ *) mpm: Generalise the ap_mpm_register_socket functions to accept pipes
+ or sockets. [Graham Leggett]
*) core: Extend support for setting aside data from the network input filter
to any connection or request input filter. [Graham Leggett]
to opt-in previous behaviour (2.2) with CRLs verification when checking
certificate(s) with no corresponding CRL. [Yann Ylavic]
- *) mod_proxy_http2: rescheduling of requests that have not been processed
- by the backend when receiving a GOAWAY frame before done.
- [Stefan Eissing]
-
*) core: Split ap_create_request() from ap_read_request(). [Graham Leggett]
- *) mod_ssl: Don't lose track of the SSL context if the ssl_run_pre_handshake()
- hook returns an error. [Graham Leggett]
-
*) ab: Use caseless matching for HTTP tokens (e.g. content-length). PR 59111.
[Yann Ylavic]
- *) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params.
- [Jan Kaluza, Yann Ylavic]
-
*) mod_auth_digest: Fix compatibility with expression-based Authname. PR59039.
[Eric Covener]
to leave the WRITE_COMPLETION phase. Move filter code out of the MPMs.
[Graham Leggett]
- *) mod_proxy_http2: using single connection for several requests *if*
- master connection uses HTTP/2 itself. Not yet hardened under load.
- [Stefan Eissing]
-
*) core: Added support for HTTP code 451. PR58985.
[Yehuda Katz <yehuda ymkatz.net>, Jim Jagielski]
*) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung]
-
- *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
- urls. Uses, so far, one connection per request, reuses connections.
- [Stefan Eissing]
-
+
*) mod_filter: Fix AddOutputFilterByType with non-content-level filters.
PR58856 [Micha Lenk <micha lenk.info>]
in the past that also has Cache-Control: max-age or s-maxage.
PR55156. [Eric Covener]
- *) ap_expr: expression support for variable HTTP2=on|off
- [Stefan Eissing]
-
- *) mod_proxy_hcheck: Provide for dynamic background health
- checks on reverse proxies associated with BalancerMember
- workers. [Jim Jagielski]
-
*) Added many log numbers to log statements that had none.
- *) core: Add expression support to SetHandler.
- [Eric Covener]
-
*) mod_session: Introduce SessionExpiryUpdateInterval which allows to
configure the session/cookie expiry's update interval. PR 57300.
[Paul Spangler <paul.spangler ni.com>]
*) mpm_event: Free memory earlier when shutting down processes.
[Stefan Fritsch]
- *) core/util_script: relax alphanumeric filter of environment variable names
- on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al.
- unadulterated in 64 bit versions of Windows. PR 46751.
- [John <john leineweb de>]
-
*) mod_auth_digest: remove AuthDigestEnableQueryStringHack which is no
more documented since dec 2012 (r1415960). [Christophe Jaillet]
*) mod_dir: Responses that go through "FallbackResource" might appear to
hang due to unterminated chunked encoding. PR58292. [Eric Covener]
- *) mod_substitute: Fix configuraton merge order.
- PR 57641 [<Marc.Stern approach.be>]
-
- *) mod_ssl: When SSLVerify is disabled (NONE), don't force a renegotiation if
- the SSLVerifyDepth applied with the default/handshaken vhost differs from
- the one applicable with the finally selected vhost. [Yann Ylavic]
-
*) http: Don't remove the Content-Length of zero from a HEAD response if
it comes from an origin server, module or script. [Yann Ylavic]
*) Add module mod_ssl_ct, which provides an implementation of Certificate
Transparency (RFC 6962) for httpd. [Jeff Trawick]
- *) mod_remoteip: Prevent an external proxy from presenting an internal
- proxy. PR 55962. [Mike Rumph]
-
- *) mod_ssl: Add hooks to allow other modules to perform processing at
- several stages of initialization and connection handling. See
- mod_ssl_openssl.h. [Jeff Trawick]
-
*) mod_proxy_wstunnel: Avoid sending error responses down an upgraded
websockets connection as it is being close down. [Eric Covener]