-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure.
+ [Michael Kaufmann <mail michael-kaufmann.ch>]
+
+ *) mod_md: Explicitly setting file permissions to break out of umasks. We want our
+ non-privilegded apache user to be able to read them. See github issue
+ <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]
+
+ *) Merge consecutive slashes in URL's. Opt-out with `MergeSlashes OFF`.
+ [Eric Covener]
+
+ *) mod_proxy/ssl: Cleanup per-request SSL configuration anytime a backend
+ connection is recycled/reused to avoid a possible crash with some SSLProxy
+ configurations in <Location> or <Proxy> context. PR 63256. [Yann Ylavic]
+
+ *) mod_mime: Add `MimeOptions` directive to allow Content-Type or all metadata
+ detection to use only the last (right-most) file extension or to be
+ disabled per-dir. [Eric Covener]
+
+ *) MPMs unix: bind the bucket number of each child to its slot number, for a
+ more efficient per bucket maintenance. [Yann Ylavic]
+
+ *) http: Fix possible empty response with mod_ratelimit for HEAD requests.
+ PR 63192. [Yann Ylavic]
+
+ *) mod_cache_socache: Avoid reallocations and be safe with outgoing data
+ lifetime. [Yann Ylavic]
+
+ *) mod_reqtimeout: Allow to configure (TLS-)handshake timeouts.
+ PR 61310. [Yann Ylavic]
+
+ *) mod_auth_digest: Fix a race condition. Authentication with valid credentials could be
+ refused in case of concurrent accesses from different users.
+ PR 63124 [Simon Kappel <simon.kappel axis.com>]
+
+ *) mod_ssl: Don't unset FIPS mode on restart unless it's forced by
+ configuration (SSLFIPS on) and not active by default in OpenSSL.
+ PR 63136. [Yann Ylavic]
+
+ *) mod_ssl: give mod_md the chance to override certificate after ALPN protocol
+ negotiation. [Stefan Eissing]
+
+ *) mod_proxy_wstunnel: Fix websocket proxy over UDS.
+ PR 62932 <pavel dcmsys.com>
+
+ *) mod_negociation: LanguagePriority should be case-insensitive in order to
+ match AddLanguage behavior. PR 39730 [Christophe Jaillet]
+
*) mod_session: Always decode session attributes early. [Hank Ibell]
*) core: Incorrect values for environment variables are substituted when
MinSpareThreads, issue new one-time message AH10159. Matches worker MPM.
[Eric Covener]
- *) mod_http2: adding defensive code for stream EOS handling, in case the request handler
- missed to signal it the normal way (eos buckets). Addresses github issues
- https://github.com/icing/mod_h2/issues/164, https://github.com/icing/mod_h2/issues/167
- and https://github.com/icing/mod_h2/issues/170. [Stefan Eissing]
-
*) mod_proxy_scgi, mod_proxy_uwsgi: improve error handling when sending the
body of the response. [Jim Jagielski]
*) mod_proxy_hcheck: Fix issues with TCP health checks. PR 61499
[Dominik Stillhard <dominik.stillhard united-security-providers.ch>]
- *) mod_http2: connection IO event handling reworked. Instead of reacting on
- incoming bytes, the state machine now acts on incoming frames that are
- affecting it. This reduces state transitions. [Stefan Eissing]
-
*) MPMs: Initialize all runtime/asynchronous objects on a dedicated pool and
before signals handling to avoid lifetime issues on restart or shutdown.
PR 62658. [Yann Ylavic]
PKCS#11 OpenSSL engine. [Anderson Sasaki <ansasaki redhat.com>,
Joe Orton]
- *) mod_http2: adding an abort function to slave connections' pools, so out-of-memory
- events lead to a control process abort, as on HTTP/1.x connections. [Stefan Eissing]
-
- *) mod_http2: adding regular memory cleanup when transferring large response bodies. This
- reduces memory footprint and avoids memory exhaustion when transferring large files
- on 32-bit architectures. Fixes PR 62325. [Stefan Eissing]
-
*) http: LimitRequestBody applies to proxied requests. [Yann Ylavic]
*) mod_logio: Add LogIOTrackTTFU and %^FU logformat to log the time
*) mod_ssl: proper checks for libressl 2.07/8 and its TLSv1_3 support, see PR 62236.
[Bernard Spil <brnrd@freebsd.org>]
- *) mod_http2: on level trace2, log any unsuccessful HTTP/2 direct connection upgrade
- with base64 encoding to unify its appearance in possible bug reports. [Stefan Eissing]
-
*) mod_cgi: Add CGIScriptTimeout to make mod_cgi's timeout per-directory and
independent of the core Timeout directive. PR 62229.
[Hank Ibell <hwibell gmail.com>]
*) core: adding AP_DECLARE for ap_parse_vhost_addrs() and minor bumb mmn. Resolves
building mod_ssl on Windows. [Stefan Eissing, Gregg Smith]
- *) mod_http2: discourage gzip/brotli content encoding on http2-status responses as
- they are inserted into the reponse when filters are already done. [Stefan Eissing]
-
*) core: adding defines to allow interworking with honggfuzz without
further patches. [Stefan Eissing, Robert Swiecki]
should be accepted after the authorization scheme. \t are also tolerated.
[Christophe Jaillet]
- *) mod_http2: fixed unfair scheduling when number of active connections
- exceeded the scheduling fifo capacity. [Stefan Eissing]
-
*) core: Support zone/scope in IPv6 link-local addresses in Listen and
VirtualHost directives (requires APR 1.7.x or later). PR 59396. [Joe Orton]