-*- coding: utf-8 -*-
+Changes with Apache 2.3.10
+
+ *) core: Honor 'AcceptPathInfo OFF' during internal redirects,
+ such as per-directory mod_rewrite substitutions. PR 50349.
+ [Eric Covener]
+
+ *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base
+ rules/conditions before the overridden rules/conditions. PR 39313.
+ [Jérôme Grandjanny <jerome.grandjanny cea.fr>]
+
+ *) mod_autoindex: add IndexIgnoreReset to reset the list of IndexIgnored
+ filenames in higher precedence configuration sections. PR 24243.
+ [Eric Covener]
+
+ *) mod_cgid: RLimit* directive support for mod_cgid. PR 42135
+ [Eric Covener]
+
+ *) core: Fail startup when the argument to ServerName looks like a glob
+ or a regular expression instead of a hostname (*?[]). PR 39863
+ [Rahul Nair <rahul.g.nair gmail.com>]
+
+ *) mod_userdir: Add merging of enable, disable, and filename arguments
+ to UserDir directive, leaving enable/disable of userlists unmerged.
+ PR 44076 [Eric Covener]
+
+ *) httpd: When no -k option is provided on the httpd command line, the server
+ was starting without checking for an existing pidfile. PR 50350
+ [Eric Covener]
+
+ *) mod_proxy: Put the worker in error state if the SSL handshake with the
+ backend fails. PR 50332.
+ [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
+
+ *) mod_cache_disk: Fix Windows build which was broken after renaming
+ the module. [Gregg L. Smith]
+
+Changes with Apache 2.3.9
+
+ *) SECURITY: CVE-2010-1623 (cve.mitre.org)
+ Fix a denial of service attack against mod_reqtimeout.
+ [Stefan Fritsch]
+
+ *) mod_include: Add the onerror attribute to the include element,
+ allowing an URL to be specified to include on error. [Graham
+ Leggett]
+
+ *) mod_cache_disk: mod_disk_cache renamed to mod_cache_disk, to be
+ consistent with the naming of other modules. [Graham Leggett]
+
+ *) mod_setenvif: Add SetEnvIfExpr directive to set env var depending on
+ expression. [Stefan Fritsch]
+
+ *) mod_proxy: Fix ProxyPassInterpolateEnv directive. PR 50292.
+ [Stefan Fritsch]
+
+ *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
+ binary (Suexec Off), or force startup failure if suEXEC is required
+ but not supported (Suexec On). Change SuexecUserGroup to fail
+ startup instead of just printing a warning if suEXEC is disabled.
+ [Jeff Trawick]
+
+ *) core: Add Error directive for aborting startup or htaccess processing
+ with a specified error message. [Jeff Trawick]
+
+ *) mod_rewrite: Fix the RewriteEngine directive to work within a
+ location. Previously, once RewriteEngine was switched on globally,
+ it was impossible to switch off. [Graham Leggett]
+
+ *) core, mod_include, mod_ssl: Move the expression parser derived from
+ mod_include back into mod_include. Replace ap_expr with a parser
+ derived from mod_ssl's parser. Make mod_ssl use the new parser. Rework
+ ap_expr's public interface and provide hooks for modules to add variables
+ and functions. [Stefan Fritsch]
+
+ *) core: Do the hook sorting earlier so that the hooks are properly sorted
+ for the pre_config hook and during parsing the config. [Stefan Fritsch]
+
+ *) core: In the absence of any AllowOverride directives, the default is now
+ "None" instead of "All". PR49823 [Eric Covener]
+
+ *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
+ <Directory> or <Files>. PR47765 [Eric Covener]
+
+ *) prefork/worker/event MPMS: default value (when no directive is present)
+ of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
+ to match default configuration and manual. PR47782 [Eric Covener]
+
+ *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
+ when the child process is starting to exit. PR50220. [Eric Covener]
+
+ *) mod_autoindex: Fix inheritance of mod_autoindex directives into
+ contexts that don't have any mod_autoindex directives. PR47766.
+ [Eric Covener]
+
+ *) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
+ of rewrite processing when a per-directory substitution occurs.
+ [Eric Covener]
+
+ *) mod_ssl: Make sure to always log an error if loading of CA certificates
+ fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
+
+ *) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
+ request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
+
+ *) mod_dav: Send 400 error if malformed Content-Range header is received for
+ a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
+
+ *) mod_proxy: Release the backend connection as soon as EOS is detected,
+ so the backend isn't forced to wait for the client to eventually
+ acknowledge the data. [Graham Leggett]
+
+ *) mod_proxy: Optimise ProxyPass within a Location so that it is stored
+ per-directory, and chosen during the location walk. Make ProxyPass
+ work correctly from within a LocationMatch. [Graham Leggett]
+
+ *) core: Fix segfault if per-module LogLevel is on virtual host
+ scope. PR 50117. [Stefan Fritsch]
+
+ *) mod_proxy: Move the ProxyErrorOverride directive to have per
+ directory scope. [Graham Leggett]
+
+ *) mod_allowmethods: New module to deny certain HTTP methods without
+ interfering with authentication/authorization. [Paul Querna,
+ Igor Galić, Stefan Fritsch]
+
+ *) mod_ssl: Log certificate information and improve error message if client
+ cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
+ Stefan Fritsch]
+
+ *) htcacheclean: Teach htcacheclean to limit cache size by number of
+ inodes in addition to size of files. Prevents a cache disk from
+ running out of space when many small files are cached.
+ [Graham Leggett]
+
+ *) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
+ describes more accurately what the directive does. The old name
+ still works but logs a warning. [Stefan Fritsch]
+
+ *) mod_cache: Optionally serve stale data when a revalidation returns a
+ 5xx response, controlled by the CacheStaleOnError directive.
+ [Graham Leggett]
+
+ *) htcacheclean: Allow the listing of valid URLs within the cache, with
+ the option to list entry metadata such as sizes and times. [Graham
+ Leggett]
+
+ *) mod_cache: correctly parse quoted strings in cache headers.
+ PR 50199 [Nick Kew]
+
+ *) mod_cache: Allow control over the base URL of reverse proxied requests
+ using the CacheKeyBaseURL directive, so that the cache key can be
+ calculated from the endpoint URL instead of the server URL. [Graham
+ Leggett]
+
+ *) mod_cache: CacheLastModifiedFactor, CacheStoreNoStore, CacheStorePrivate,
+ CacheStoreExpired, CacheIgnoreNoLastMod, CacheDefaultExpire,
+ CacheMinExpire and CacheMaxExpire can be set per directory/location.
+ [Graham Leggett]
+
+ *) mod_disk_cache: CacheMaxFileSize, CacheMinFileSize, CacheReadSize and
+ CacheReadTime can be set per directory/location. [Graham Leggett]
+
+ *) core: Speed up config parsing if using a very large number of config
+ files. PR 50002 [andrew cloudaccess net]
+
+ *) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
+
+ *) htcacheclean: Allow the option to round up file sizes to a given
+ block size, improving the accuracy of disk usage. [Graham Leggett]
+
+ *) mod_ssl: Add authz providers for use with mod_authz_core and its
+ RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
+ 'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
+ 'ssl-require' (expressions with same syntax as SSLRequire).
+ [Stefan Fritsch]
+
+ *) mod_ssl: Make the ssl expression parser thread-safe. It now requires
+ bison instead of yacc. [Stefan Fritsch]
+
+ *) mod_disk_cache: Change on-disk header file format to support the
+ link of the device/inode of the data file to the matching header
+ file, and to support the option of not writing a data file when
+ the data file is empty. [Graham Leggett]
+
+ *) core/mod_unique_id: Add generate_log_id hook to allow to use
+ the ID generated by mod_unique_id as error log ID for requests.
+ [Stefan Fritsch]
+
+ *) mod_cache: Make sure that we never allow a 304 Not Modified response
+ that we asked for to leak to the client should the 304 response be
+ uncacheable. PR45341 [Graham Leggett]
+
+ *) mod_cache: Add the cache_status hook to register the final cache
+ decision hit/miss/revalidate. Add optional support for an X-Cache
+ and/or an X-Cache-Detail header to add the cache status to the
+ response. PR48241 [Graham Leggett]
+
+ *) mod_authz_host: Add 'local' provider that matches connections originating
+ on the local host. PR 19938. [Stefan Fritsch]
+
+ *) Event MPM: Fix crash accessing pollset on worker thread when child
+ process is exiting. [Jeff Trawick]
+
+ *) core: For process invocation (cgi, fcgid, piped loggers and so forth)
+ pass the system library path (LD_LIBRARY_PATH or platform-specific
+ variables) along with the system PATH, by default. Both should be
+ overridden together as desired using PassEnv etc; see mod_env.
+ [William Rowe]
+
+ *) mod_cache: Introduce CacheStoreExpired, to allow administrators to
+ capture a stale backend response, perform If-Modified-Since requests
+ against the backend, and serving from the cache all 304 responses.
+ This restores pre-2.2.4 cache behavior. [William Rowe]
+
+ *) mod_rewrite: Introduce <=, >= string comparison operators, and integer
+ comparators -lt, -le, -eq, -ge, and -gt. To help bash users and drop
+ the ambiguity of the symlink test "-ltest", introduce -h or -L as
+ symlink test operators. [William Rowe]
+
+ *) mod_cache: Give the cache provider the opportunity to choose to cache
+ or not cache based on the buckets present in the brigade, such as the
+ presence of a FILE bucket.
+ [Graham Leggett]
+
+ *) mod_authz_core: Allow authz providers to check args while reading the
+ config and allow to cache parsed args. Move 'all' and 'env' authz
+ providers from mod_authz_host to mod_authz_core. Add 'method' authz
+ provider depending on the HTTP method. [Stefan Fritsch]
+
+ *) mod_include: Move the request_rec within mod_include to be
+ exposed within include_ctx_t. [Graham Leggett]
+
+ *) mod_include: Reinstate support for UTF-8 character sets by allowing a
+ variable being echoed or set to be decoded and then encoded as separate
+ steps. PR47686 [Graham Leggett]
+
+ *) mod_cache: Add a discrete commit_entity() provider function within the
+ mod_cache provider interface which is called to indicate to the
+ provider that caching is complete, giving the provider the opportunity
+ to commit temporary files permanently to the cache in an atomic
+ fashion. Replace the inconsistent use of error cleanups with a formal
+ set of pool cleanups attached to a subpool, which is destroyed on error.
+ [Graham Leggett]
+
+ *) mod_cache: Change the signature of the store_body() provider function
+ within the mod_cache provider interface to support an "in" brigade
+ and an "out" brigade instead of just a single input brigade. This
+ gives a cache provider the option to consume only part of the brigade
+ passed to it, rather than the whole brigade as was required before.
+ This fixes an out of memory and a request timeout condition that would
+ occur when the original document was a large file. Introduce
+ CacheReadSize and CacheReadTime directives to mod_disk_cache to control
+ the amount of data to attempt to cache at a time. [Graham Leggett]
+
+ *) core: Add ErrorLogFormat to allow configuring error log format, including
+ additional information that is logged once per connection or request. Add
+ error log IDs for connections and request to allow correlating error log
+ lines and the corresponding access log entry. [Stefan Fritsch]
+
+ *) core: Disable sendfile by default. [Stefan Fritsch]
+
+ *) mod_cache: Check the request to determine whether we are allowed
+ to return cached content at all, and respect a "Cache-Control:
+ no-cache" header from a client. Previously, "no-cache" would
+ behave like "max-age=0". [Graham Leggett]
+
+ *) mod_cache: Use a proper filter context to hold filter data instead
+ of misusing the per-request configuration. Fixes a segfault on trunk
+ when the normal handler is used. [Graham Leggett]
+
+ *) mod_cgid: Log a warning if the ScriptSock path is truncated because
+ it is too long. PR 49388. [Stefan Fritsch]
+
+ *) vhosts: Do not allow _default_ in NameVirtualHost, or mixing *
+ and non-* ports on NameVirtualHost, or multiple NameVirtualHost
+ directives for the same address:port, or NameVirtualHost
+ directives with no matching VirtualHosts, or multiple ip-based
+ VirtualHost sections for the same address:port. These were
+ previously accepted with a warning, but the behavior was
+ undefined. [Dan Poirier]
+
+ *) mod_remoteip: Fix a segfault when using mod_remoteip in conjunction with
+ Allow/Deny. PR 49838. [Andrew Skalski <voltara gmail.com>]
+
+ *) core: DirectoryMatch can now match on the end of line character ($),
+ and sub-directories of matched directories are no longer implicitly
+ matched. PR49809 [Eric Covener]
+
+ *) Regexps: introduce new higher-level regexp utility including parsing
+ and executing perl-style regexp ops (e.g s/foo/bar/i) and regexp memory
+ [Nick Kew]
+
+ *) Proxy: support setting source address. PR 29404
+ [Multiple contributors iterating through bugzilla,
+ Aron Ujvari <xanco nikhok.hu>, Aleksey Midenkov <asm uezku.kemsu.ru>,
+ <dan listening-station.net; trunk version Nick Kew]
+
+ *) HTTP protocol: return 400 not 503 if we have to abort due to malformed
+ chunked encoding. [Nick Kew]
+
+Changes with Apache 2.3.8
+
+ *) suexec: Support large log files. PR 45856. [Stefan Fritsch]
+
+ *) core: Abort with sensible error message if no or more than one MPM is
+ loaded. [Stefan Fritsch]
+
+ *) mod_proxy: Rename erroronstatus to failonstatus.
+ [Daniel Ruggeri <DRuggeri primary.net>]
+
+ *) mod_dav_fs: Fix broken "creationdate" property.
+ Regression in version 2.3.7. [Rainer Jung]
+
Changes with Apache 2.3.7
*) SECURITY: CVE-2010-1452 (cve.mitre.org)
mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
segment. PR: 49246 [Mark Drayton, Jeff Trawick]
+ *) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
+ [Stefan Fritsch]
+
*) mod_rewrite: Log errors if rewrite map files cannot be opened. PR 49639.
[Stefan Fritsch]
*) apxs -q: Stop filtering out ':' characters from the reported values.
PR 45343. [Bill Cole]
- *) prefork MPM: Run cleanups for final request when process exits gracefully.
- PR 43857. [Tom Donovan]
+ *) prefork MPM: Work around possible crashes on child exit in APR reslist
+ cleanup code. PR 43857. [Tom Donovan]
*) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
[Bryn Dole <dole blekko.com>]
PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
*) mod_headers: Enable multi-match-and-replace edit option
- PR 47066 [Nick Kew]
+ PR 46594 [Nick Kew]
*) mod_filter: enable it to act on non-200 responses.
PR 48377 [Nick Kew]