-*- coding: utf-8 -*-
+Changes with Apache 2.5.0
+
+ *) mod_ssl: drop support for the SSLv2 protocol. [Kaspar Brand]
+
+ *) mod_lua: Stop losing track of all but the most specific LuaHook* directives
+ when multiple per-directory config sections are used. Adds LuaInherit
+ directive to control how parent sections are merged. [Eric Covener]
+
+ *) mod_cache: Make sure we merge headers correctly when we handle a
+ non cacheable conditional response. PR52120. [Graham Leggett]
+
+ *) core: Set MaxMemFree 2048 by default. [Stefan Fritsch]
+
+ *) mpm_event: Fix assertion failure during very high load. [Stefan Fritsch]
+
+ *) configure: Only load the really imporant modules (i.e. those enabled by
+ the 'few' selection) by default. Don't handle modules enabled with
+ --enable-foo specially. [Stefan Fritsch]
+
+ *) end-generation hook: Fix false notification of end-of-generation for
+ temporary intervals with no active MPM children. [Jeff Trawick]
+
+ *) mod_ssl: Add support for RFC 5077 TLS Session tickets.
+ [Paul Querna]
+
+ *) mod_usertrack: Use random value instead of remote IP address.
+ [Stefan Fritsch]
+
+Changes with Apache 2.3.15
+
+ *) SECURITY: CVE-2011-3348 (cve.mitre.org)
+ mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
+ recognized. [Jean-Frederic Clere]
+
+ *) SECURITY: CVE-2011-3192 (cve.mitre.org)
+ core: Fix handling of byte-range requests to use less memory, to avoid
+ denial of service. If the sum of all ranges in a request is larger than
+ the original file, ignore the ranges and send the complete file.
+ PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener,
+ <lowprio20 gmail.com>]
+
+ *) SECURITY: CVE-2011-3607 (cve.mitre.org)
+ core: Fix integer overflow in ap_pregsub. This can be triggered e.g.
+ with mod_setenvif via a malicious .htaccess. [Stefan Fritsch]
+
+ *) configure: Load all modules in the generated default configuration
+ when using --enable-load-all-modules. [Rainer Jung]
+
+ *) mod_reqtimeout: Change the default to set some reasonable timeout
+ values. [Stefan Fritsch]
+
+ *) core, mod_dav_fs: Change default ETag to be "size mtime", i.e. remove
+ the inode. PR 49623. [Stefan Fritsch]
+
+ *) mod_lua: Expose SSL variables via r:ssl_var_lookup(). [Eric Covener]
+
+ *) mod_lua: LuaHook{AccessChecker,AuthChecker,CheckUserID,TranslateName}
+ can now additionally be run as "early" or "late" relative to other modules.
+ [Eric Covener]
+
+ *) configure: By default, only load those modules that are either required
+ or explicitly selected by a configure --enable-foo argument. The
+ LoadModule statements for modules enabled by --enable-mods-shared=most
+ and friends will be commented out. [Stefan Fritsch]
+
+ *) mod_lua: Prevent early Lua hooks (LuaHookTranslateName and
+ LuaHookQuickHandler) from being configured in <Directory>, <Files>,
+ and htaccess where the configuration would have been ignored.
+ [Eric Covener]
+
+ *) mod_lua: Resolve "attempt to index local 'r' (a userdata value)" errors
+ in LuaMapHandler scripts [Eric Covener]
+
+ *) mod_log_debug: Rename optional argument from if= to expr=, to be more
+ in line with other config directives. [Stefan Fritsch]
+
+ *) mod_headers: Require an expression to be specified with expr=, to be more
+ in line with other config directives. [Stefan Fritsch]
+
+ *) mod_substitute: To prevent overboarding memory usage, limit line length
+ to 1MB. [Stefan Fritsch]
+
+ *) mod_lua: Make the query string (r.args) writable. [Eric Covener]
+
+ *) mod_include: Add support for application/x-www-form-urlencoded encoding
+ and decoding. [Graham Leggett]
+
+ *) rotatelogs: Add -c option to force logfile creation in every rotation
+ interval, even if empty. [Jan Kaluža <jkaluza redhat.com>]
+
+ *) core: Limit ap_pregsub() to 64K, add ap_pregsub_ex() for longer strings.
+ [Stefan Fritsch]
+
+ *) mod_session_crypto: Refactor to support the new apr_crypto API.
+ [Graham Leggett]
+
+ *) http: Add missing Location header if local URL-path is used as
+ ErrorDocument for 30x. [Stefan Fritsch]
+
+ *) mod_buffer: Make sure we step down for subrequests, but not for internal
+ redirects triggered by mod_rewrite. [Graham Leggett]
+
+ *) mod_lua: add r:construct_url as a wrapper for ap_construct_url.
+ [Eric Covener]
+
+ *) mod_remote_ip: Fix configuration of internal proxies. PR 49272.
+ [Jim Riggs <jim riggs me>]
+
+ *) mpm_winnt: Handle AcceptFilter 'none' mode correctly; resolve specific
+ server IP endpoint and remote client IP upon connection. [William Rowe]
+
+ *) mod_setenvif: Remove OID match which is obsoleted by SetEnvIfExpr with
+ PeerExtList(). [Stefan Fritsch]
+
+ *) mpm_prefork, mpm_worker, mpm_event: If a child is created just before
+ graceful restart and then exits because of a missing lock file, don't
+ shutdown the whole server. PR 39311. [Shawn Michael
+ <smichael rightnow com>]
+
+ *) mpm_event: Check the return value from ap_run_create_connection.
+ PR: 41194. [Davi Arnaut]
+
+ *) mod_mime_magic: Add signatures for PNG and SWF to the example config.
+ PR: 48352. [Jeremy Wagner-Kaiser <jwagner-kaiser adknowledge com>]
+
+ *) core, unixd: Add -D DUMP_RUN_CFG option to dump some configuration items
+ from the parsed (or default) config. This is useful for init scripts that
+ need to setup temporary directories and permissions. [Stefan Fritsch]
+
+ *) core, mod_actions, mod_asis: Downgrade error log messages which accompany
+ a 404 request status from loglevel error to info. PR: 35768. [Stefan
+ Fritsch]
+
+ *) core: Fix hook sorting with Perl modules. PR: 45076. [Torsten Foertsch
+ <torsten foertsch gmx net>]
+
+ *) core: Enforce LimitRequestFieldSize after multiple headers with the same
+ name have been merged. [Stefan Fritsch]
+
+ *) mod_ssl: If MaxMemFree is set, ask OpenSSL >= 1.0.0 to reduce memory
+ usage. PR 51618. [Cristian Rodríguez <crrodriguez opensuse org>,
+ Stefan Fritsch]
+
+ *) mod_ssl: At startup, when checking a server certificate whether it
+ matches the configured ServerName, also take dNSName entries in the
+ subjectAltName extension into account. PR 32652, PR 47051. [Kaspar Brand]
+
+ *) mod_substitute: Reduce memory usage and copying of data. PR 50559.
+ [Stefan Fritsch]
+
+ *) mod_ssl/proxy: enable the SNI extension for backend TLS connections
+ [Kaspar Brand]
+
+ *) Add wrappers for malloc, calloc, realloc that check for out of memory
+ situations and use them in many places. PR 51568, PR 51569, PR 51571.
+ [Stefan Fritsch]
+
+ *) Fix cross-compilation of mod_cgi/mod_cgid when APR_HAVE_STRUCT_RLIMIT is
+ false but RLIMIT_* are defined. PR51371. [Eric Covener]
+
+ *) core: Correctly obey ServerName / ServerAlias if the Host header from the
+ request matches the VirtualHost address.
+ PR 51709. [Micha Lenk <micha lenk.info>]
+
+ *) mod_unique_id: Use random number generator to initialize counter.
+ PR 45110. [Stefan Fritsch]
+
+ *) core: Add convenience API for apr_random. [Stefan Fritsch]
+
+ *) core: Add MaxRangeOverlaps and MaxRangeReversals directives to control
+ the number of overlapping and reversing ranges (respectively) permitted
+ before returning the entire resource, with a default limit of 20.
+ [Jim Jagielski]
+
+ *) mod_ldap: Optional function uldap_ssl_supported(r) always returned false
+ if called from a virtual host with mod_ldap directives in it. Did not
+ affect mod_authnz_ldap's usage of mod_ldap. [Eric Covener]
+
+ *) mod_filter: Instead of dropping the Accept-Ranges header when a filter
+ registered with AP_FILTER_PROTO_NO_BYTERANGE is present,
+ set the header value to "none". [Eric Covener, Ruediger Pluem]
+
+ *) core: Allow MaxRanges none|unlimited|default and set 'Accept-Ranges: none'
+ in the case Ranges are being ignored with MaxRanges none.
+ [Eric Covener]
+
+ *) mod_ssl: revamp CRL-based revocation checking when validating
+ certificates of clients or proxied servers. Completely delegate
+ CRL processing to OpenSSL, and add a new [Proxy]CARevocationCheck
+ directive for controlling the revocation checking mode. [Kaspar Brand]
+
+ *) core: Add MaxRanges directive to control the number of ranges permitted
+ before returning the entire resource, with a default limit of 200.
+ [Eric Covener]
+
+ *) mod_cache: Ensure that CacheDisable can correctly appear within
+ a LocationMatch. [Graham Leggett]
+
+ *) mod_cache: Fix the moving of the CACHE filter, which erroneously
+ stood down if the original filter was not added by configuration.
+ [Graham Leggett]
+
+ *) mod_ssl: improve certificate error logging. PR 47408. [Kaspar Brand]
+
+ *) mod_authz_groupfile: Increase length limit of lines in the group file to
+ 16MB. PR 43084. [Stefan Fritsch]
+
+ *) core: Increase length limit of lines in the configuration file to 16MB.
+ PR 45888. PR 50824. [Stefan Fritsch]
+
+ *) core: Add API for resizable buffers. [Stefan Fritsch]
+
+ *) mod_ldap: Enable LDAPConnectionTimeout for LDAP toolkits that have
+ LDAP_OPT_CONNECT_TIMEOUT instead of LDAP_OPT_NETWORK_TIMEOUT, such
+ as Tivoli Directory Server 6.3 and later. [Eric Covener]
+
+ *) mod_ldap: Change default number of retries from 10 to 3, and add
+ an LDAPRetries and LDAPRetryDelay directives. [Eric Covener]
+
+ *) mod_authnz_ldap: Don't retry during authentication, because this just
+ multiplies the ample retries already being done by mod_ldap. [Eric Covener]
+
+ *) configure: Allow to explicitly disable modules even with module selection
+ 'reallyall'. [Stefan Fritsch]
+
+ *) mod_rewrite: Check validity of each internal (int:) RewriteMap even if the
+ RewriteEngine is disabled in server context, avoiding a crash while
+ referencing the invalid int: map at runtime. PR 50994.
+ [Ben Noordhuis <info noordhuis nl>]
+
+ *) mod_ssl, configure: require OpenSSL 0.9.7 or later. [Kaspar Brand]
+
+ *) mod_ssl: remove ssl_toolkit_compat layer. [Kaspar Brand]
+
+ *) mod_ssl, configure, ab: drop support for RSA BSAFE SSL-C toolkit.
+ [Kaspar Brand]
+
+ *) mod_usertrack: Run mod_usertrack earlier in the fixups hook to ensure the
+ cookie is set when modules such as mod_rewrite trigger a redirect. Also
+ use r->err_headers_out for the cookie, for the same reason. PR29755.
+ [Sami J. Mäkinen <sjm almamedia fi>, Eric Covener]
+
+ *) mod_proxy_http, mod_proxy_connect: Add 'proxy-status' and
+ 'proxy-source-port' request notes for logging. PR 30195. [Stefan Fritsch]
+
+ *) configure: Enable ldap modules in 'all' and 'most' selections if ldap
+ is compiled into apr-util. [Stefan Fritsch]
+
+ *) core: Add ap_check_cmd_context()-check if a command is executed in
+ .htaccess file. [Stefan Fritsch]
+
+ *) mod_deflate: Fix endless loop if first bucket is metadata. PR 51590.
+ [Torsten Foertsch <torsten foertsch gmx net>]
+
+ *) mod_authn_socache: Fix to work in .htaccess if not configured anywhere
+ in httpd.conf, and introduce an AuthnCacheEnable directive.
+ PR 51991 [Nick Kew]
+
+ *) mod_xml2enc: new (formerly third-party) module supporting
+ internationalisation for filters via smart charset sniffing
+ and conversion. [Nick Kew]
+
+ *) mod_proxy_html: new (formerly third-party) module to fix up
+ HTML links in a reverse proxy situation, where a backend
+ generates URLs that are not resolvable by Clients. [Nick Kew]
Changes with Apache 2.3.14
+ *) mod_proxy_ajp: Improve trace logging. [Rainer Jung]
+
+ *) mod_proxy_ajp: Respect "reuse" flag in END_REPONSE packets.
+ [Rainer Jung]
+
+ *) mod_proxy: enable absolute URLs to be rewritten with ProxyPassReverse,
+ e.g. to reverse proxy "Location: https://other-internal-server/login"
+ [Nick Kew]
+
+ *) prefork, worker, event: Make sure crashes are logged to the error log if
+ httpd has already detached from the console. [Stefan Fritsch]
+
+ *) prefork, worker, event: Reduce period during startup/restart where a
+ successive signal may be lost. PR 43696. [Arun Bhalla <arun shme net>]
+
+ *) mod_allowmethods: Correct Merging of "reset" and do not allow an
+ empty parameter list for the AllowMethods directive. [Rainer Jung]
+
+ *) configure: Update selection of modules for 'all' and 'most'. 'all' will
+ now enable all modules except for example and test modules. Make the
+ selection for 'most' more useful (including ssl and proxy). Both 'all'
+ and 'most' will now disable modules if dependencies are missing instead
+ of aborting. If a specific module is requested with --enable-XXX=yes,
+ missing dependencies will still cause configure to exit with an error.
+ [Stefan Fritsch]
+
+ *) mod_ldap: Revert the integration of apr-ldap as ap_ldap which was done
+ in 2.3.13. [Stefan Fritsch]
+
+ *) core: For '*' or '_default_' vhosts, use a wildcard address of any
+ address family, rather than IPv4 only. [Joe Orton]
+
+ *) core, mod_rewrite, mod_ssl, mod_nw_ssl: Make the SERVER_NAME variable
+ include [ ] for literal IPv6 addresses, as mandated by RFC 3875.
+ PR 26005. [Stefan Fritsch]
+
+ *) mod_negotiation: Fix parsing of Content-Length in type maps. PR 42203.
+ [Nagae Hidetake <nagae eagan jp>]
+
+ *) core: Add more logging to ap_scan_script_header_err* functions. Add
+ ap_scan_script_header_err*_ex functions that take a module index for
+ logging.
+ mod_cgi, mod_cgid, mod_proxy_fcgi, mod_proxy_scgi, mod_isapi: Use the
+ new functions in order to make logging configurable per-module.
+ [Stefan Fritsch]
+
+ *) mod_dir: Add DirectoryIndexRedirect to send an external redirect to
+ the proper index. [Eric Covener]
+
*) mod_deflate: Don't try to compress requests with a zero sized body.
PR 51350. [Stefan Fritsch]
- *) core: Fix startup on IP6-only systems. PR 50592. [Joe Orton,
+ *) core: Fix startup on IPv6-only systems. PR 50592. [Joe Orton,
<root linkage white-void net>]
*) suexec: Add environment variables CONTEXT_DOCUMENT_ROOT, CONTEXT_PREFIX,
describes more accurately what it does. [Stefan Fritsch]
*) rotatelogs: Add -p argument to specify custom program to invoke
- after a log rotation. PR 51285. [Sven Ulland <sveniu ifi.uio.no>,
+ after a log rotation. PR 51285. [Sven Ulland <sveniu ifi.uio.no>,
Joe Orton]
*) mod_ssl: Don't do OCSP checks for valid self-issued certs. [Kaspar Brand]
*) WinNT MPM: Improve robustness under heavy load. [Jeff Trawick]
- *) MinGW build improvements. PR 49535. [John Vandenberg
+ *) MinGW build improvements. PR 49535. [John Vandenberg
<jayvdb gmail.com>, Jeff Trawick]
*) core: Support module names with colons in loglevel configuration.
*) mod_info: Dump config to stdout during startup if -DDUMP_CONFIG is
specified. PR 31956. [Stefan Fritsch]
- *) Restore visibility of DEFAULT_PIDLOG to core and modules. MPM
+ *) Restore visibility of DEFAULT_PIDLOG to core and modules. MPM
helper function ap_remove_pid() added. [Jeff Trawick]
*) Enable DEFAULT_REL_RUNTIMEDIR on Windows and NetWare. [various]
*) mod_ldap: Add LDAPConnectionPoolTTL to give control over lifetime
of bound backend LDAP connections. PR47634 [Eric Covener]
-
+
*) mod_cache: Make CacheEnable and CacheDisable configurable per
directory in addition to per server, making them work from within
a LocationMatch. [Graham Leggett]
[Rainer Jung]
*) mod_ssl: Add config options for OCSP: SSLOCSPResponderTimeout,
- SSLOCSPResponseMaxAge, SSLOCSPResponseTimeSkew.
+ SSLOCSPResponseMaxAge, SSLOCSPResponseTimeSkew.
[Kaspar Brand <httpd-dev.2011 velox.ch>]
*) mod_ssl: Revamp output buffering to reduce network overhead for
output fragmented into many buckets, such as chunked HTTP responses.
- [Joe Orton]
+ [Joe Orton]
*) core: Apply <If> sections to all requests, not only to file base requests.
Allow to use <If> inside <Directory>, <Location>, and <Files> sections.
to make other threads spin. [Graham Leggett]
*) mod_ssl: Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
- to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
+ to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
escape other special characters with backslashes. The old format can
still be used with the LegacyDNStringFormat argument to SSLOptions.
*) mod_rewrite: Allow to unset environment variables using E=!VAR.
PR 49512. [Mark Drayton <mark markdrayton info>, Stefan Fritsch]
- *) mod_headers: Restore the 2.3.8 and earlier default for the first
+ *) mod_headers: Restore the 2.3.8 and earlier default for the first
argument of the Header directive ("onsuccess"). [Eric Covener]
*) core: Disallow the mixing of relative and absolute Options PR 33708.
the port over a wildcard (or omitted) port instead of favoring the one
that came first in the configuration file. [Eric Covener]
- *) core: Overlapping virtual host address/port combinations now implicitly
+ *) core: Overlapping virtual host address/port combinations now implicitly
enable name-based virtual hosting for that address. The NameVirtualHost
- directive has no effect, and _default_ is interpreted the same as "*".
+ directive has no effect, and _default_ is interpreted the same as "*".
[Eric Covener]
*) core: In the absence of any Options directives, the default is now
such as per-directory mod_rewrite substitutions. PR 50349.
[Eric Covener]
- *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base
+ *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base
rules/conditions before the overridden rules/conditions. PR 39313.
[Jérôme Grandjanny <jerome.grandjanny cea.fr>]
[Eric Covener]
*) core: Fail startup when the argument to ServerName looks like a glob
- or a regular expression instead of a hostname (*?[]). PR 39863
+ or a regular expression instead of a hostname (*?[]). PR 39863
[Rahul Nair <rahul.g.nair gmail.com>]
- *) mod_userdir: Add merging of enable, disable, and filename arguments
- to UserDir directive, leaving enable/disable of userlists unmerged.
+ *) mod_userdir: Add merging of enable, disable, and filename arguments
+ to UserDir directive, leaving enable/disable of userlists unmerged.
PR 44076 [Eric Covener]
*) httpd: When no -k option is provided on the httpd command line, the server
- was starting without checking for an existing pidfile. PR 50350
- [Eric Covener]
-
+ was starting without checking for an existing pidfile. PR 50350
+ [Eric Covener]
+
*) mod_proxy: Put the worker in error state if the SSL handshake with the
backend fails. PR 50332.
[Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
*) suEXEC: Add Suexec directive to disable suEXEC without renaming the
binary (Suexec Off), or force startup failure if suEXEC is required
- but not supported (Suexec On). Change SuexecUserGroup to fail
+ but not supported (Suexec On). Change SuexecUserGroup to fail
startup instead of just printing a warning if suEXEC is disabled.
[Jeff Trawick]
and functions. [Stefan Fritsch]
*) core: Do the hook sorting earlier so that the hooks are properly sorted
- for the pre_config hook and during parsing the config. [Stefan Fritsch]
+ for the pre_config hook and during parsing the config. [Stefan Fritsch]
*) core: In the absence of any AllowOverride directives, the default is now
"None" instead of "All". PR49823 [Eric Covener]
<Directory> or <Files>. PR47765 [Eric Covener]
*) prefork/worker/event MPMS: default value (when no directive is present)
- of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
+ of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
to match default configuration and manual. PR47782 [Eric Covener]
*) proxy_connect: Don't give up in the middle of a CONNECT tunnel
when the child process is starting to exit. PR50220. [Eric Covener]
- *) mod_autoindex: Fix inheritance of mod_autoindex directives into
+ *) mod_autoindex: Fix inheritance of mod_autoindex directives into
contexts that don't have any mod_autoindex directives. PR47766.
[Eric Covener]
*) core: For process invocation (cgi, fcgid, piped loggers and so forth)
pass the system library path (LD_LIBRARY_PATH or platform-specific
- variables) along with the system PATH, by default. Both should be
+ variables) along with the system PATH, by default. Both should be
overridden together as desired using PassEnv etc; see mod_env.
[William Rowe]
Changes with Apache 2.3.7
*) SECURITY: CVE-2010-1452 (cve.mitre.org)
- mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
+ mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
segment. PR: 49246 [Mark Drayton, Jeff Trawick]
*) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
*) core/mod_authz_core: Introduce new access_checker_ex hook that enables
mod_authz_core to bypass authentication if access should be allowed by
IP address/env var/... [Stefan Fritsch]
-
+
*) core: Introduce note_auth_failure hook to allow modules to add support
for additional auth types. This makes ap_note_auth_failure() work with
mod_auth_digest again. PR 48807. [Stefan Fritsch]
mod_dumpio: Replace DumpIOLogLevel with trace log levels.
[Stefan Fritsch]
- *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
- title page only) when any mod_ldap directives were used in VirtualHost
+ *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
+ title page only) when any mod_ldap directives were used in VirtualHost
context. [Eric Covener]
*) mod_disk_cache: Decline the opportunity to cache if the response is
*) mod_deflate: avoid the risk of forwarding data before headers are set.
PR 49369 [Matthew Steele <mdsteele google.com>]
- *) mod_authnz_ldap: Ensure nested groups are checked when the
+ *) mod_authnz_ldap: Ensure nested groups are checked when the
top-level group doesn't have any direct non-group members
of attributes in AuthLDAPGroupAttribute. [Eric Covener]
*) mod_authnz_ldap: Allow the initial DN search during authentication
to use the HTTP username/pass instead of an anonymous or hard-coded
- LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
+ LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
[Eric Covener]
*) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
[Bryn Dole <dole blekko.com>]
*) Log an error for failures to read a chunk-size, and return 408 instead of
- 413 when this is due to a read timeout. This change also fixes some cases
- of two error documents being sent in the response for the same scenario.
+ 413 when this is due to a read timeout. This change also fixes some cases
+ of two error documents being sent in the response for the same scenario.
[Eric Covener] PR49167
*) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
[Dr Stephen Henson <steve openssl.org>, William Rowe]
*) mod_proxy_http: Log the port of the remote server in various messages.
- PR 48812. [Igor Galić <i galic brainsware org>]
+ PR 48812. [Igor Galić <i galic brainsware org>]
*) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
*) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
- setting only, matching most of the documentation and examples.
- PR 46541 [Paul Reder, Eric Covener]
+ setting only, matching most of the documentation and examples.
+ PR 46541 [Paul Reder, Eric Covener]
- *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
+ *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
*) mod_negotiation: Preserve query string over multiviews negotiation.
*) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
when some are not password-protected. [Eric Covener]
- *) Fix startup segfault when the Mutex directive is used but no loaded
+ *) Fix startup segfault when the Mutex directive is used but no loaded
modules use httpd mutexes. PR 48787. [Jeff Trawick]
*) Proxy: get the headers right in a HEAD request with
the path specified by the Include directive. [Graham Leggett]
*) mod_proxy, mod_proxy_http: Support remote https proxies
- by using HTTP CONNECT. PR 19188.
+ by using HTTP CONNECT. PR 19188.
[Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
*) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
[Stefan Fritsch]
*) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
- password now result in an informational level log entry instead of
+ password now result in an informational level log entry instead of
warning level. [Eric Covener]
Changes with Apache 2.3.5
*) SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted. Eliminates a problematic
- optimization in the case of no request body. PR 48359
+ optimization in the case of no request body. PR 48359
[Jake Scott, William Rowe, Ruediger Pluem]
*) Turn static function get_server_name_for_url() into public
*) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
and WatchdogMutexPath with a single Mutex directive. Add APIs to
- simplify setup and user customization of APR proc and global mutexes.
+ simplify setup and user customization of APR proc and global mutexes.
(See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
*) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
[Eric Covener]
- *) mod_ssl: Add support for OCSP Stapling. PR 43822.
+ *) mod_ssl: Add support for OCSP Stapling. PR 43822.
[Dr Stephen Henson <shenson oss-institute.org>]
*) mod_socache_shmcb: Allow parens in file name if cache size is given.
*) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
[Stefan Fritsch]
- *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
+ *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
for worker MPM. [Takashi Sato]
*) mod_dav: Provide a mechanism to obtain the request_rec and pathname
*) core: Treat timeout reading request as 408 error, not 400.
Log 408 errors in access log as was done in Apache 1.3.x.
- PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
+ PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
Stefan Fritsch <sf fritsch.de>, Dan Poirier]
*) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
*) ab: Fix broken error messages after resolver or connect() failures.
[Jeff Trawick]
- *) SECURITY: CVE-2009-1890 (cve.mitre.org)
+ *) SECURITY: CVE-2009-1890 (cve.mitre.org)
Fix a potential Denial-of-Service attack against mod_proxy in a
reverse proxy configuration, where a remote attacker can force a
proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
be run when a connection is opened. PR 46827
[Marko Kevac <mkevac gmail.com>]
- *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
+ *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
PR 47037. [Jeff Trawick]
*) mod_proxy_ajp: Check more strictly that the backend follows the AJP
*) Allow MPMs to be loaded dynamically, as with most other modules. Use
--enable-mpms-shared={list|"all"} to enable. This required changes to
- the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed
+ the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed
header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
called until after the register-hooks phase. [Jeff Trawick]
as A/UX, Next, and Tandem. [Jeff Trawick]
*) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
- globbing characters to be retrieved instead of converted into a
+ globbing characters to be retrieved instead of converted into a
directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
*) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
*) mod_ssl: add support for type-safe STACK constructs in OpenSSL
development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
- *) ab: Fix maintenance of the pollset to resolve EALREADY errors
+ *) ab: Fix maintenance of the pollset to resolve EALREADY errors
with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
pollset implementations. [Jeff Trawick]
*) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
way that per-directory rewrites append the previous notion of PATH_INFO
- to each substitution before evaluating subsequent rules.
+ to each substitution before evaluating subsequent rules.
PR 38642 [Eric Covener]
*) mod_cgid: Do not add an empty argument when calling the CGI script.
*) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
- *) Remove X-Pad header which was added as a work around to a bug in
+ *) Remove X-Pad header which was added as a work around to a bug in
Netscape 2.x to 4.0b2. [Takashi Sato <takashi lans-tv.com>]
*) Add DTrace Statically Defined Tracing (SDT) probes.
*) mod_heartmonitor: New module to collect heartbeats, and write out a file
so that other modules can load balance traffic as needed. [Paul Querna]
- *) mod_heartbeat: New module to generate multicast heartbeats to know if a
+ *) mod_heartbeat: New module to generate multicast heartbeats to know if a
server is online. [Paul Querna]
*) mod_buffer: Honour the flush bucket and flush the buffer in the
*) unixd: turn existing code into a module, and turn the set user/group
and chroot into a child_init function. [Nick Kew]
- *) mod_dir: Support "DirectoryIndex disabled"
+ *) mod_dir: Support "DirectoryIndex disabled"
Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
*) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
[Chris Darroch]
*) mod_ldap: Correctly return all requested attribute values
- when some attributes have a null value.
+ when some attributes have a null value.
PR 44560 [Anders Kaseorg <anders kaseorg.com>]
*) core: check symlink ownership if both FollowSymlinks and
PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
*) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the
- 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
+ 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
*) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these
*) mod_dir, mod_negotiation: pass the output filter information
to newly created sub requests; as these are later on used
as true requests with an internal redirect. This allows for
- mod_cache et.al. to trap the results of the redirect.
+ mod_cache et.al. to trap the results of the redirect.
[Dirk-Willem van Gulik, Ruediger Pluem]
*) mod_ldap: Add support (taking advantage of the new APR capability)
*) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
*) apxs: Enhance -q flag to print all known variables and their values
- when invoked without variable name(s).
+ when invoked without variable name(s).
[William Rowe, Sander Temme]
*) apxs: Eliminate run-time check for mod_so. PR 40653.
*) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
- *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
+ *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
the first bucket from the brigade, finds it not to be a FILE
bucket and barfs. The fix is to pass a bucket rather than a brigade.
[Niklas Edmundsson <nikke acc.umu.se>]
*) mod_rewrite: support rewritemap by SQL query [Nick Kew]
- *) ap_get_server_version() has been removed. Third-party modules must
+ *) ap_get_server_version() has been removed. Third-party modules must
now use ap_get_server_banner() or ap_get_server_description().
[Jeff Trawick]
*) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
- The default is none as this is far greater debugging resolution than
+ The default is none as this is far greater debugging resolution than
the typical administrator is prepared to untangle. [William Rowe]
*) mod_disk_cache: If possible, check if the size of an object to cache is
*) Event MPM: Fill in the scoreboard's tid field. PR 38736.
[Chris Darroch <chrisd pearsoncmg.com>]
- *) mod_charset_lite: Remove Content-Length when output filter can
+ *) mod_charset_lite: Remove Content-Length when output filter can
invalidate it. Warn when input filter can invalidate it.
[Jeff Trawick]
*) Authz: Add the new module mod_authn_core that will provide common
authn directives such as 'AuthType', 'AuthName'. Move the directives
- 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
+ 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
into mod_authn_core. [Brad Nicholes]
- *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
- into the new module mod_access_compat which can be loaded to provide
+ *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
+ into the new module mod_access_compat which can be loaded to provide
support for these directives.
[Brad Nicholes]
- *) Authz: Move the 'Require' directive from the core module as well as
- add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
- and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
+ *) Authz: Move the 'Require' directive from the core module as well as
+ add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
+ and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
logic into the authorization processing. [Brad Nicholes]
- *) Authz: Add the new module mod_authz_core which acts as the
- authorization provider vector and contains common authz
+ *) Authz: Add the new module mod_authz_core which acts as the
+ authorization provider vector and contains common authz
directives. [Brad Nicholes]
- *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
+ *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
*) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
- host-based access control provided by mod_authz_host and invoked
+ host-based access control provided by mod_authz_host and invoked
through the 'Require' directive. [Brad Nicholes]
- *) Authz: Convert all of the authz modules from hook based to
+ *) Authz: Convert all of the authz modules from hook based to
provider based. [Brad Nicholes]
*) mod_cache: Add CacheMinExpire directive to set the minimum time in
projects / apache / blobdiff