- -*- coding: utf-8 -*-
+ -*- coding: utf-8 -*-
+
+Changes with Apache 2.3.11
+
+ *) core: new hook: ap_run_pre_read_request. [Jim Jagielski]
+
+ *) mod_cache: When a request other than GET or HEAD arrives, we must
+ invalidate existing cache entities as per RFC2616 13.10. PR 15868.
+ [Graham Leggett]
+
+ *) modules: Fix many modules that were not correctly initializing if they
+ were not active during server startup but got enabled later during a
+ graceful restart. [Stefan Fritsch]
+
+ *) core: Create new ap_state_query function that allows modules to determine
+ if the current configuration run is the initial one at server startup,
+ and if the server is started for testing/config dumping only.
+ [Stefan Fritsch]
+
+ *) mod_cache: When a bad Expires date is present, we need to behave as if
+ the Expires is in the past, not as if the Expires is missing. PR 16521.
+ [Co-Advisor <coad@measurement-factory.com>]
+
+ *) mod_cache: We must ignore quoted-string values that appear in a
+ Cache-Control header. PR 50199. [Graham Leggett]
+
+ *) mod_dav: Revert change to send 501 error if unknown Content-* header is
+ received for a PUT request. PR 42978. [Stefan Fritsch]
+
+ *) mod_cache: Respect s-maxage as described by RFC2616 14.9.3, which must
+ take precedence if present. PR 35247. [Graham Leggett]
+
+ *) mod_ssl: Fix a possible startup failure if multiple SSL vhosts
+ are configured with the same ServerName and private key file.
+ [Masahiro Matsuya <mmatsuya redhat.com>, Joe Orton]
+
+ *) mod_socache_dc: Make module compile by fixing some typos.
+ PR 50735 [Mark Montague <mark catseye.org>]
+
+ *) prefork: Update MPM state in children during a graceful stop or
+ restart. PR 41743. [Andrew Punch <andrew.punch 247realmedia.com>]
+
+ *) mod_mime: Ignore leading dots when looking for mime extensions.
+ PR 50434 [Stefan Fritsch]
+
+ *) core: Add support to set variables with the 'Define' directive. The
+ variables that can then be used in the config using the ${VAR} syntax
+ known from envvar interpolation. [Stefan Fritsch]
+
+ *) mod_proxy_http: make adding of X-Forwarded-* headers configurable.
+ ProxyAddHeaders defaults to On. [Vincent Deffontaines]
+
+ *) mod_slotmem_shm: Increase memory alignment for slotmem data.
+ [Rainer Jung]
+
+ *) mod_ssl: Add config options for OCSP: SSLOCSPResponderTimeout,
+ SSLOCSPResponseMaxAge, SSLOCSPResponseTimeSkew.
+ [Kaspar Brand <httpd-dev.2011 velox.ch>]
+
+ *) mod_ssl: Revamp output buffering to reduce network overhead for
+ output fragmented into many buckets, such as chunked HTTP responses.
+ [Joe Orton]
+
+ *) core: Apply <If> sections to all requests, not only to file base requests.
+ Allow to use <If> inside <Directory>, <Location>, and <Files> sections.
+ The merging of <If> sections now happens after the merging of <Location>
+ sections, even if an <If> section is embedded inside a <Directory> or
+ <Files> section. [Stefan Fritsch]
+
+ *) mod_proxy: Refactor usage of shared data by dropping the scoreboard
+ and using slotmem. Create foundation for dynamic growth/changes of
+ members within a balancer. Remove BalancerNonce in favor of a
+ per-balancer 'nonce' parameter. [Jim Jagielski]
+
+ *) mod_status: Don't show slots which are disabled by MaxClients as open.
+ PR: 47022 [Jordi Prats <jordi prats gmail com>, Stefan Fritsch]
+
+ *) mpm_prefork: Fix ap_mpm_query results for AP_MPMQ_MAX_DAEMONS and
+ AP_MPMQ_MAX_THREADS.
+
+ *) mod_authz_core: Fix bug in merging logic if user-based and non-user-based
+ authorization directives were mixed. [Stefan Fritsch]
+
+ *) mod_authn_socache: change directive name from AuthnCacheProvider
+ to AuthnCacheProvideFor. The term "provider" is overloaded in
+ this module, and we should avoid confusion between the provider
+ of a backend (AuthnCacheSOCache) and the authn provider(s) for
+ which this module provides cacheing (AuthnCacheProvideFor).
+ [Nick Kew]
+
+ *) mod_proxy_http: Allocate the fake backend request from a child pool
+ of the backend connection, instead of misusing the pool of the frontend
+ request. Fixes a thread safety issue where buckets set aside in the
+ backend connection leak into other threads, and then disappear when
+ the frontend request is cleaned up, in turn causing corrupted buckets
+ to make other threads spin. [Graham Leggett]
+
+ *) mod_ssl: Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
+ to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
+ escape other special characters with backslashes. The old format can
+ still be used with the LegacyDNStringFormat argument to SSLOptions.
+
+ *) core, mod_rewrite: Make the REQUEST_SCHEME variable available to
+ scripts and mod_rewrite. [Stefan Fritsch]
+
+ *) mod_rewrite: Allow to use arbitrary boolean expressions (ap_expr) in
+ RewriteCond. [Stefan Fritsch]
+
+ *) mod_rewrite: Allow to unset environment variables using E=!VAR.
+ PR 49512. [Mark Drayton <mark markdrayton info>, Stefan Fritsch]
+
+ *) mod_headers: Restore the 2.3.8 and earlier default for the first
+ argument of the Header directive ("onsuccess"). [Eric Covener]
+
+ *) core: Disallow the mixing of relative and absolute Options PR 33708.
+ [Sönke Tesch <st kino-fahrplan.de>]
+
+ *) core: When exporting request headers to HTTP_* environment variables,
+ drop variables whose names contain invalid characters. Describe in the
+ docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
+
+ *) core: When selecting an IP-based virtual host, favor an exact match for
+ the port over a wildcard (or omitted) port instead of favoring the one
+ that came first in the configuration file. [Eric Covener]
+
+ *) core: Overlapping virtual host address/port combinations now implicitly
+ enable name-based virtual hosting for that address. The NameVirtualHost
+ directive has no effect, and _default_ is interpreted the same as "*".
+ [Eric Covener]
+
+ *) core: In the absence of any Options directives, the default is now
+ "FollowSymlinks" instead of "All". [Igor Galić]
+
+ *) rotatelogs: Add -e option to write logs through to stdout for optional
+ further processing. [Graham Leggett]
+
+ *) mod_ssl: Correctly read full lines in input filter when the line is
+ incomplete during first read. PR 50481. [Ruediger Pluem]
+
+ *) mod_authz_core: Add AuthzSendForbiddenOnFailure directive to allow
+ sending '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authorization
+ fails for an authenticated user. PR 40721. [Stefan Fritsch]
+
+Changes with Apache 2.3.10
+
+ *) mod_rewrite: Don't implicitly URL-escape the original query string
+ when no substitution has changed it. PR 50447. [Eric Covener]
+
+ *) core: Honor 'AcceptPathInfo OFF' during internal redirects,
+ such as per-directory mod_rewrite substitutions. PR 50349.
+ [Eric Covener]
+
+ *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base
+ rules/conditions before the overridden rules/conditions. PR 39313.
+ [Jérôme Grandjanny <jerome.grandjanny cea.fr>]
+
+ *) mod_autoindex: add IndexIgnoreReset to reset the list of IndexIgnored
+ filenames in higher precedence configuration sections. PR 24243.
+ [Eric Covener]
+
+ *) mod_cgid: RLimit* directive support for mod_cgid. PR 42135
+ [Eric Covener]
+
+ *) core: Fail startup when the argument to ServerName looks like a glob
+ or a regular expression instead of a hostname (*?[]). PR 39863
+ [Rahul Nair <rahul.g.nair gmail.com>]
+
+ *) mod_userdir: Add merging of enable, disable, and filename arguments
+ to UserDir directive, leaving enable/disable of userlists unmerged.
+ PR 44076 [Eric Covener]
+
+ *) httpd: When no -k option is provided on the httpd command line, the server
+ was starting without checking for an existing pidfile. PR 50350
+ [Eric Covener]
+
+ *) mod_proxy: Put the worker in error state if the SSL handshake with the
+ backend fails. PR 50332.
+ [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
+
+ *) mod_cache_disk: Fix Windows build which was broken after renaming
+ the module. [Gregg L. Smith]
Changes with Apache 2.3.9
Fix a denial of service attack against mod_reqtimeout.
[Stefan Fritsch]
- *) core: Log a warning if <Limit> or <LimitExcept> are used. They are
- deprecated and may go away in 2.4. [Stefan Fritsch]
+ *) mod_headers: Change default first argument of Header directive
+ from "onsuccess" to "always". [Eric Covener]
+
+ *) mod_include: Add the onerror attribute to the include element,
+ allowing an URL to be specified to include on error. [Graham
+ Leggett]
+
+ *) mod_cache_disk: mod_disk_cache renamed to mod_cache_disk, to be
+ consistent with the naming of other modules. [Graham Leggett]
+
+ *) mod_setenvif: Add SetEnvIfExpr directive to set env var depending on
+ expression. [Stefan Fritsch]
+
+ *) mod_proxy: Fix ProxyPassInterpolateEnv directive. PR 50292.
+ [Stefan Fritsch]
+
+ *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
+ binary (Suexec Off), or force startup failure if suEXEC is required
+ but not supported (Suexec On). Change SuexecUserGroup to fail
+ startup instead of just printing a warning if suEXEC is disabled.
+ [Jeff Trawick]
+
+ *) core: Add Error directive for aborting startup or htaccess processing
+ with a specified error message. [Jeff Trawick]
+
+ *) mod_rewrite: Fix the RewriteEngine directive to work within a
+ location. Previously, once RewriteEngine was switched on globally,
+ it was impossible to switch off. [Graham Leggett]
- *) mod_ssl: Log certificate information if client cert verification
- fails. PR 50094. [Lassi Tuura <lat cern ch>, Stefan Fritsch]
+ *) core, mod_include, mod_ssl: Move the expression parser derived from
+ mod_include back into mod_include. Replace ap_expr with a parser
+ derived from mod_ssl's parser. Make mod_ssl use the new parser. Rework
+ ap_expr's public interface and provide hooks for modules to add variables
+ and functions. [Stefan Fritsch]
+
+ *) core: Do the hook sorting earlier so that the hooks are properly sorted
+ for the pre_config hook and during parsing the config. [Stefan Fritsch]
+
+ *) core: In the absence of any AllowOverride directives, the default is now
+ "None" instead of "All". PR49823 [Eric Covener]
+
+ *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
+ <Directory> or <Files>. PR47765 [Eric Covener]
+
+ *) prefork/worker/event MPMS: default value (when no directive is present)
+ of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
+ to match default configuration and manual. PR47782 [Eric Covener]
+
+ *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
+ when the child process is starting to exit. PR50220. [Eric Covener]
+
+ *) mod_autoindex: Fix inheritance of mod_autoindex directives into
+ contexts that don't have any mod_autoindex directives. PR47766.
+ [Eric Covener]
+
+ *) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
+ of rewrite processing when a per-directory substitution occurs.
+ [Eric Covener]
+
+ *) mod_ssl: Make sure to always log an error if loading of CA certificates
+ fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
+
+ *) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
+ request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
+
+ *) mod_dav: Send 400 error if malformed Content-Range header is received for
+ a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
+
+ *) mod_proxy: Release the backend connection as soon as EOS is detected,
+ so the backend isn't forced to wait for the client to eventually
+ acknowledge the data. [Graham Leggett]
+
+ *) mod_proxy: Optimise ProxyPass within a Location so that it is stored
+ per-directory, and chosen during the location walk. Make ProxyPass
+ work correctly from within a LocationMatch. [Graham Leggett]
+
+ *) core: Fix segfault if per-module LogLevel is on virtual host
+ scope. PR 50117. [Stefan Fritsch]
+
+ *) mod_proxy: Move the ProxyErrorOverride directive to have per
+ directory scope. [Graham Leggett]
+
+ *) mod_allowmethods: New module to deny certain HTTP methods without
+ interfering with authentication/authorization. [Paul Querna,
+ Igor Galić, Stefan Fritsch]
+
+ *) mod_ssl: Log certificate information and improve error message if client
+ cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
+ Stefan Fritsch]
*) htcacheclean: Teach htcacheclean to limit cache size by number of
inodes in addition to size of files. Prevents a cache disk from
the option to list entry metadata such as sizes and times. [Graham
Leggett]
+ *) mod_cache: correctly parse quoted strings in cache headers.
+ PR 50199 [Nick Kew]
+
*) mod_cache: Allow control over the base URL of reverse proxied requests
using the CacheKeyBaseURL directive, so that the cache key can be
calculated from the endpoint URL instead of the server URL. [Graham
and executing perl-style regexp ops (e.g s/foo/bar/i) and regexp memory
[Nick Kew]
+ *) Proxy: support setting source address. PR 29404
+ [Multiple contributors iterating through bugzilla,
+ Aron Ujvari <xanco nikhok.hu>, Aleksey Midenkov <asm uezku.kemsu.ru>,
+ <dan listening-station.net; trunk version Nick Kew]
+
+ *) HTTP protocol: return 400 not 503 if we have to abort due to malformed
+ chunked encoding. [Nick Kew]
+
Changes with Apache 2.3.8
*) suexec: Support large log files. PR 45856. [Stefan Fritsch]
*) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
- *) mod_authn_cache: new module [Nick Kew]
+ *) mod_authn_socache: new module [Nick Kew]
*) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
projects / apache / blobdiff