-*- coding: utf-8 -*-
Changes with Apache 2.5.0
- *) mod_proxy_http2: using single connection for several requests *if*
- master connection uses HTTP/2 itself. Not yet hardened under load.
- [Stefan Eissing]
+ *) core: Drop an invalid Last-Modified header value coming
+ from a FCGI/CGI script instead of replacing it with Unix epoch.
+ [Luca Toscano]
- *) core: Added support for HTTP code 451. PR58985.
- [Yehuda Katz <yehuda ymkatz.net>, Jim Jagielski]
+ *) mod_dav: Allow other modules to become providers and add ACLs
+ to the DAV response.
+ [Jari Urpalainen <jari.urpalainen nokia.com>, Graham Leggett]
- *) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung]
-
- *) hostname: Test and log useragent_host per-request across various modules,
- including the scoreboard, expression and rewrite engines, setenvif,
- authz_host, access_compat, custom logging, ssl and REMOTE_HOST variables.
- PR55348 [William Rowe]
-
- *) core: Track the useragent_host per-request when mod_remoteip or similar
- modules track a per-request useragent_ip. Modules should be updated
- to inquire for ap_get_useragent_host() in place of ap_get_remote_host().
- [William Rowe]
-
- *) mod_proxy: Play/restore the TLS-SNI on new backend connections which
- had to be issued because the remote closed the previous/reusable one
- during idle (keep-alive) time. [Yann Ylavic]
-
- *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
- urls. Uses, so far, one connection per request, reuses connections.
- [Stefan Eissing]
-
- *) event: use pre_connection hook to properly initialize connection state for
- slave connections. use protocol_switch hook to initialize server config
- early based on SNI selected vhost.
- [Stefan Eissing]
-
- *) mod_http2: allowing link header to specify multiple "rel" values,
- space-separated inside a quoted string. Prohibiting push when Link parameter
- "nopush" is present.
- [Stefan Eissing]
-
- *) core: Prevent a server crash in case of an invalid CONNECT request with
- a custom error page for status code 400 that uses server side includes.
- PR 58929 [Ruediger Pluem]
-
- *) mod_ssl: Add SSLOCSPProxyURL to add the possibility to do all queries
- to OCSP responders through a HTTP proxy. [Ruediger Pluem]
-
- *) mod_http2: idle connections are returned to async mpms. new hook
- "pre_close_connection" used to send GOAWAY frame when not already done.
- Setting event mpm server config "by hand" for the main connection to
- the correct negotiated server.
- [Stefan Eissing]
-
- *) core: new hook "pre_close_connection" which is run before the lingering
- close of connections is started. This gives protocol handlers one last
- chance to use a connection before it goes down.
- [Stefan Eissing]
+ *) mod_dav: Add dav_begin_multistatus, dav_send_one_response,
+ dav_finish_multistatus, dav_send_multistatus, dav_handle_err,
+ dav_failed_proppatch, dav_success_proppatch to mod_dav.h.
+ [Jari Urpalainen <jari.urpalainen nokia.com>, Graham Leggett]
- *) mod_filter: Fix AddOutputFilterByType with non-content-level filters.
- PR58856 [Micha Lenk <micha lenk.info>]
+ *) core: Add -DDUMP_INCLUDES configtest option to show the tree
+ of Included configuration files. [Jacob Champion <champion.pxi gmail.com>]
- *) mod_cache: Consider Cache-Control: s-maxage in expiration
- calculations. [Eric Covener]
+ *) mod_dav: Add support for childtags to dav_error.
+ [Jari Urpalainen <jari.urpalainen nokia.com>]
- *) mod_cache: Allow caching of responses with an Expires header
- in the past that also has Cache-Control: max-age or s-maxage.
- PR55156. [Eric Covener]
+ *) abs: include OpenSSL_Applink when compiling on Visual Studio 2015
+ and up. PR59630 [Jan Ehrhardt <phpdev ehrhardt.nl>]
- *) ap_expr: expression support for variable HTTP2=on|off
- [Stefan Eissing]
+ *) mod_proxy, mod_ssl: Handle SSLProxy* directives in <Proxy> sections,
+ allowing per backend TLS configuration. [Yann Ylavic]
- *) mod_status/scoreboard: showing connection protocol in new column, new
- ap_update_child_status methods for updating server/description. mod_ssl
- sets vhost negotiated by servername directly.
- [Stefan Eissing]
+ *) core: explicitly exclude 'h2' from protocols announced via an Upgrade:
+ header as commanded by http-wg. [Stefan Eissing]
+
+ *) http: Respond with "408 Request Timeout" when a timeout occurs while
+ reading the request body. [Yann Ylavic]
- *) mod_http2: keep-alive blocking reads are done with 1 second timeouts to
- check for MPM stopping. Will announce early GOAWAY and finish processing
- open streams, then close.
- [Stefan Eissing]
+ *) scoreboard/status: Keep workers' previous Client, VHost and Request values
+ when idle, like in 2.4.18 and earlier. [Yann Ylavic]
- *) mod_proxy_hcheck: Provide for dynamic background health
- checks on reverse proxies associated with BalancerMember
- workers. [Jim Jagielski]
+ *) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy
+ AJP13 authentication. PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>]
- *) mod_ssl: handle TIMEOUT on empty SSL input as non-fatal, returning
- APR_TIMEUP and preserving connection state for later retry.
- [Stefan Eissing]
+ *) mpm_event: Don't take over scoreboard slots from gracefully finishing
+ threads. [Stefan Fritsch]
- *) mod_http2: bytes read/written on slave connections are reported via the
- optional mod_logio functions. Fixes PR 58871.
+ *) mod_status: Display the process slot number in the async connection
+ overview. [Stefan Fritsch]
- *) Added many log numbers to log statements that had none.
+ *) mpm_event, mpm_worker: Fix computation of MinSpareThreads' lower bound
+ according the number of listeners buckets. [Yann Ylavic]
- *) core: Add expression support to SetHandler.
- [Eric Covener]
+ *) mpm: Generalise the ap_mpm_register_socket functions to accept pipes
+ or sockets. [Graham Leggett]
+
+ *) core: Extend support for setting aside data from the network input filter
+ to any connection or request input filter. [Graham Leggett]
+
+ *) mod_ssl: Add "no_crl_for_cert_ok" flag to SSLCARevocationCheck directive
+ to opt-in previous behaviour (2.2) with CRLs verification when checking
+ certificate(s) with no corresponding CRL. [Yann Ylavic]
- *) mod_proxy_fcgi: Suppress HTTP error 503 and message 01075,
- "Error dispatching request", when the cause appears to be
- due to the client closing the connection.
- PR58118. [Tobias Adolph <adolph lrz.de>]
+ *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett]
- *) mod_cgid: Message 02550, failure to flush a response to the client,
- is now logged at TRACE1 level to match the underlying core output filter
- severity. [Eric Covener]
+ *) ab: Use caseless matching for HTTP tokens (e.g. content-length). PR 59111.
+ [Yann Ylavic]
- *) mod_rewrite: Avoid looping on relative substitutions that
- result in the same filename we started with. PR 58854.
+ *) mod_auth_digest: Fix compatibility with expression-based Authname. PR59039.
[Eric Covener]
- *) mime.types: add common extension "m4a" for MPEG 4 Audio.
- PR 57895 [Dylan Millikin <dylan.millikin gmail.com>]
+ *) mpm: Add a complete_connection hook that confirms whether an MPM is allowed
+ to leave the WRITE_COMPLETION phase. Move filter code out of the MPMs.
+ [Graham Leggett]
- *) mod_ssl: Save some TLS record (application data) fragmentations by
- including the last and subsequent suitable buckets when coalescing.
- [Yann Ylavic]
+ *) core: Added support for HTTP code 451. PR58985.
+ [Yehuda Katz <yehuda ymkatz.net>, Jim Jagielski]
- *) mod_cache_socache: Fix a possible cached entity body corruption when it
- is received from an origin server in multiple batches and forwarded by
- mod_proxy. [Yann Ylavic]
+ *) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung]
+
+ *) mod_filter: Fix AddOutputFilterByType with non-content-level filters.
+ PR58856 [Micha Lenk <micha lenk.info>]
- *) mod_proxy_fdpass: Fix AH01153 error when using the default configuration.
- In earlier version of httpd, you can explicitelly set the 'flusher' parameter
- to 'flush' as a workaround. (i.e. flusher=flush)
- Add documentation for the 'flusher' parameter when defining a proxy worker.
- [Christophe Jaillet]
+ *) mod_cache: Consider Cache-Control: s-maxage in expiration
+ calculations. [Eric Covener]
- *) mod_ssl: For the "SSLStaplingReturnResponderErrors off" case, make sure
- to only staple responses with certificate status "good". [Kaspar Brand]
+ *) mod_cache: Allow caching of responses with an Expires header
+ in the past that also has Cache-Control: max-age or s-maxage.
+ PR55156. [Eric Covener]
- *) core: Limit to ten the number of tolerated empty lines between request,
- and consume them before the pipelining check to avoid possible response
- delay when reading the next request without flushing. [Yann Ylavic]
+ *) Added many log numbers to log statements that had none.
*) mod_session: Introduce SessionExpiryUpdateInterval which allows to
configure the session/cookie expiry's update interval. PR 57300.
*) mpm_event: Free memory earlier when shutting down processes.
[Stefan Fritsch]
- *) mod_ssl: Make the output filter more friendly with deferred write and
- response pipelining. [Yann Ylavic, Joe Orton]
-
- *) core/util_script: relax alphanumeric filter of environment variable names
- on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al.
- unadulterated in 64 bit versions of Windows. PR 46751.
- [John <john leineweb de>]
-
*) mod_auth_digest: remove AuthDigestEnableQueryStringHack which is no
more documented since dec 2012 (r1415960). [Christophe Jaillet]
*) mod_dir: Responses that go through "FallbackResource" might appear to
hang due to unterminated chunked encoding. PR58292. [Eric Covener]
- *) mod_alias: Limit Redirect expressions to directory (Location) context
- and redirect statuses (implicit or explicit).
- [Yann Ylavic, Ruediger Pluem]
-
- *) mod_substitute: Fix configuraton merge order.
- PR 57641 [<Marc.Stern approach.be>]
-
- *) mod_ssl: When SSLVerify is disabled (NONE), don't force a renegotiation if
- the SSLVerifyDepth applied with the default/handshaken vhost differs from
- the one applicable with the finally selected vhost. [Yann Ylavic]
-
*) http: Don't remove the Content-Length of zero from a HEAD response if
it comes from an origin server, module or script. [Yann Ylavic]
*) mod_authnz_ldap: Resolve crashes with LDAP authz and non-LDAP authn since
r1608202. [Eric Covener]
- *) core: Ensure that httpd exits with an error status when the MPM fails
- to run. [Yann Ylavic]
-
*) apreq: Content-Length header should be always interpreted as a decimal.
Leading 0 could be erroneously considered as an octal value. PR 56598.
[Chris Card <ctcard hotmail com>]
*) mod_authnz_ldap: Return LDAP connections to the pool before the handler
is run, instead of waiting until the end of the request. [Eric Covener]
- *) mod_log_config: Add GlobalLog to allow a globally defined log to
- be inherited by virtual hosts that define a CustomLog.
- [Edward Lu <Chaosed0 gmail.com>]
-
*) mod_proxy_html: support automatic detection of doctype and processing
of FPIs. PR56285 [Micha Lenk <micha lenk info>, Nick Kew]
*) Add module mod_ssl_ct, which provides an implementation of Certificate
Transparency (RFC 6962) for httpd. [Jeff Trawick]
- *) mod_remoteip: Prevent an external proxy from presenting an internal
- proxy. PR 55962. [Mike Rumph]
-
- *) mod_ssl: Add hooks to allow other modules to perform processing at
- several stages of initialization and connection handling. See
- mod_ssl_openssl.h. [Jeff Trawick]
-
*) mod_proxy_wstunnel: Avoid sending error responses down an upgraded
websockets connection as it is being close down. [Eric Covener]
projects / apache / blobdiff