-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+
+ *) SECURITY: CVE-2014-8109 (cve.mitre.org)
+ mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
+ used in multiple Require directives with different arguments.
+ PR57204 [Edward Lu <Chaosed0 gmail.com>]
+
+ *) mod_rewrite: Improve relative substitutions in per-directory/htaccess
+ context for directories found by mod_userdir and mod_alias. These no
+ loner require RewriteBase to be specified. [Eric Covener]
+
+ *) mod_ssl: Fix recognition of OCSP stapling responses that are encoded
+ improperly or too large. [Jeff Trawick]
+
+ *) mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an
+ error when parsing or forwarding the response fails. [Yann Ylavic]
+
+ *) mod_authnz_ldap: Resolve crashes with LDAP authz and non-LDAP authn since
+ r1608202. [Eric Covener]
+
+ *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
+ PR 57167 [Edward Lu <Chaosed0 gmail.com>]
+
+ *) mod_proxy_connect: Don't issue AH02447 on sockets hangups, let the read
+ determine whether it is a normal close or a real error. PR 57168. [Yann
+ Ylavic]
+
+ *) mod_proxy_wstunnel: abort backend connection on polling error to avoid
+ further processing. [Yann Ylavic]
+
+ *) mod_buffer: Forward flushed input data immediatly and avoid (unlikely)
+ access to freed memory. [Yann Ylavic, Christophe Jaillet]
+
+ *) mod_proxy: Use the correct server name for SNI in case the backend
+ SSL connection itself is established via a proxy server.
+ PR 57139 [Szabolcs Gyurko <szabolcs gyurko.org>]
+
+ *) mod_ssl: Do not crash when looking up SSL related variables during
+ expression evaluation on non SSL connections. PR 57070 [Ruediger Pluem]
+
+ *) core: Ensure that httpd exits with an error status when the MPM fails
+ to run. [Yann Ylavic]
+
+ *) apreq: Content-Length header should be always interpreted as a decimal.
+ Leading 0 could be erroneously considered as an octal value. PR 56598.
+ [Chris Card <ctcard hotmail com>]
+
+ *) mod_proxy: Now allow for 191 character worker names, with non-fatal
+ errors if name is truncated. PR53218. [Jim Jagielski]
+
+ *) mod_ssl: Add optional function "ssl_get_tls_cb" to allow support
+ for channel bindings. [Simo Sorce <simo redhat.com>]
+
+ *) mod_proxy_wstunnel: Concurrent websockets messages could be
+ lost or delayed with ProxyWebsocketAsync enabled.
+ [Edward Lu <Chaosed0 gmail.com>]
+
+ *) core, mod_info: Add compiled and loaded PCRE versions to version
+ number display. [Rainer Jung]
+
+ *) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
+ internationalization. [William Rowe]
+
+ *) mpm_winnt: Normalize the error and status messages emitted by service.c,
+ the service control interface for Windows. [William Rowe]
+
+ *) mod_authnz_ldap: Return LDAP connections to the pool before the handler
+ is run, instead of waiting until the end of the request. [Eric Covener]
+
+ *) mod_ldap: Be more conservative with the last-used time for
+ LDAPConnectionPoolTTL. PR54587 [Eric Covener]
+
+ *) mod_deflate: Don't fail when flushing inflated data to the user-agent
+ and that coincides with the end of stream ("Zlib error flushing inflate
+ buffer"). PR 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
+
+ *) mod_proxy: Don't limit the size of the connectable Unix Domain Socket
+ paths. [Christophe Jaillet, Yann Ylavic]
+
+ *) mod_ssl: dump SSL IO/state for the write side of the connection(s),
+ like reads (level TRACE4). [Yann Ylavic]
+
+ *) mod_proxy: Shutdown (eg. close notify) the backend connection before
+ closing. [Yann Ylavic]
*) mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeout
expires. PR54998. [Yann Ylavic]
PR 56286 [Micha Lenk <micha lenk info>]
*) mod_proxy_fdpass: Fix computation of the size of 'struct sockaddr_un'
- when passed to 'connec()'.
+ when passed to 'connect()'.
[Graham Dumpleton <grahamd apache org>]
- *) mod_socache_shmcb: Correct counting of expirations for status display.
- Expirations happening during retrieval were not counted. [Rainer Jung]
-
- *) mod_proxy_balancer: Correctly encode user provided data in management
- interface. PR 56532 [Maksymilian, <max cert.cx>]
-
*) core: Add ap_mpm_resume_suspended() API to allow a suspended connection
to resume. PR56333
[Artem <artemciy gmail.com>, Edward Lu <Chaosed0 gmail.com>]
*) mod_proxy_wstunnel: Honor ProxyWebsocketIdleTimeout in asynchronous
processing mode. [Eric Covener]
- *) mod_proxy_fcgi: Fix occasional high CPU when handling request bodies.
- [Jeff Trawick]
-
- *) mod_proxy_fcgi: Support iobuffersize parameter. [Jeff Trawick]
-
- *) mod_cache: Preserve non-cacheable headers forwarded from an origin 304
- response. PR 55547. [Yann Ylavic]
-
- *) mod_cache: Don't add cached/revalidated entity headers to a 304 response.
- PR 55547. [Yann Ylavic]
-
*) mod_authnz_ldap: Fail explicitly when the filter is too long. Remove
unnecessary apr_pstrdup() and strlen(). [Graham Leggett]
from the ones to be forwarded to the backend. PR 45387.
[Yann Ylavic]
- *) mod_proxy: When ping/pong is configured for a worker, don't send or
- forward "100 Continue" (interim) response to the client if it does
- not expect one. [Yann Ylavic]
-
*) mod_remoteip: Prevent an external proxy from presenting an internal
proxy. PR 55962. [Mike Rumph]
*) mod_rewrite: Support an optional list of characters to escape in the
argument for the 'B' (escape backreferences) flag. [Eric Covener]
- *) mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
- OCSP requests should use a nonce to be checked against the responder's
- one. PR 56233. [ Yann Ylavic ]
-
*) mod_dir: Default to 2.2-like behavior and skip execution when method is
neither GET nor POST, such as for DAV requests. PR 54914. [Chris Darroch]
*) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
[Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
- *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
- 5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]
-
- *) mod_auth_form: Add a debug message when the fields on a form are not
- recognised. [Graham Leggett]
-
*) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
[Jan Kaluza]
allow override with new CGIDRequestTimeout directive. PR43494
[Eric Covener, Toshikuni Fukaya <toshikuni-fukaya cybozu co jp>]
- *) core: Add missing Reason-Phrase in HTTP response headers.
- PR 54946. [Rainer Jung]
-
*) core: ensure any abnormal exit is reported to stderr if it's a tty.
PR 55670 [Nick Kew]
*) core: Add ap_errorlog_provider to make ErrorLog logging modular. Move
syslog support from core to new mod_syslog. [Jan Kaluza]
- *) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
- save the socket for reuse by the next worker as if it were an
- APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]
-
*) mod_status, mod_echo: Fix the display of client addresses.
They were truncated to 31 characters which is not enough for IPv6 addresses.
PR 54848 [Bernhard Schmidt <berni birkenwald de>]
been configured with -D Z_PREFIX, which redefines the token "deflate".
[Eric Covener]
- *) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
- previously limited to 64MB. [Jens Låås <jelaas gmail.com>]
-
*) mod_auth_digest: Use the secret when generating nonces in all cases and
not only when AuthName is used in .htaccess files (this change may cause
problems if used with round robin load balancers). Don't regenerate the
[Basant Kumar Kukreja <basant.kukreja sun.com>, Alejandro Alvarez
<alejandro.alvarez.ayllon cern.ch>]
- *) core, mod_ssl: Enable the ability for a module to reverse the sense of
- a poll event from a read to a write or vice versa. This is a step on
- the way to allow mod_ssl taking full advantage of the event MPM.
- [Graham Leggett]
-
*) mod_ldap: LDAP connections used for authentication were not respecting
LDAPConnectionPoolTimeout. PR 54587
projects / apache / blobdiff