[Remove entries to the current 2.0 section below, when backported]
- *) mod_expires: Don't report an Internal Server error if ExpiresDefault
- is used and has not been set in the httpd.conf file. PR: 23748, 24459
- [Liam Quinn <liam htmlhelp.com>]
+ *) mod_ssl: Send the Close Alert message to the peer before closing
+ the SSL session. [Madhusudan Mathihalli, Joe Orton]
- *) mod_logio: Account for some bytes handed to the network layer prior to
- dropped connections. [Jeff Trawick]
+ *) mod_setenvif: Remove "support" for Remote_User variable which
+ never worked at all. PR 25725. [André Malo]
- *) Fix a problem with the display of empty variables ("SetEnv foo") in
- mod_include. PR 24734 [Markus Julen <mj zermatt.net>]
+ *) minor mod_auth_basic and mod_auth_digest sync. mod_auth_basic
+ now populates r->user with the (possibly unauthenticated) user,
+ and mod_auth_digest returns 500 when a provider returns
+ AUTH_GENERAL_ERROR.
+ [Geoffrey Young]
- *) Win32 MPM: The bucket brigades subsystem now honors the MaxMemFree setting.
- [Bill Stoddard]
+ *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
+ argumentless containers.
+ ["Philippe M. Chiasson" <gozer cpan.org>]
- *) mod_autoindex: new directive IndexStyleSheet
- [Tyler Riddle <triddle_1999 yahoo.com>, Paul Querna <chip force-elite.com>]
+ *) mod_isapi: GetServerVariable returned improperly terminated header
+ fields given "ALL_HTTP" or "ALL_RAW". PR 20656.
+ [Jesse Pelton <jsp pkc.com>]
- *) Fix a long delay with CGI requests and keepalive connections on
- AIX. [Jeff Trawick]
+ *) mod_isapi: send_response_header() failed to copy status string's
+ last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
- *) Fix uninitialized gprof directory name in prefork MPM. PR 24450.
- [Chris Knight <Christopher.D.Knight nasa.gov>]
+ *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
+ size. PR 20617. [Jesse Pelton <jsp pkc.com>]
- *) mod_auth_ldap: Fix some segfaults in the cache logic. PR 18756.
- [Matthieu Estrade <apache moresecurity.org>]
+ *) The whole codebase was relicensed and is now available under
+ the Apache License, Version 2.0 (http://www.apache.org/licenses).
+ [Apache Software Foundation]
- *) mod_autoindex: Restore the ability to add a description for
- directories that don't contain an index file. [André Malo]
+ *) FreeBSD: Use the httpready accept filter instead of dataready on
+ newer levels of the OS. [Paul Querna <chip force-elite.com>]
- *) mod_autoindex: Add 'XHTML' option in order to allow switching between
- HTML 3.2 and XHTML 1.0 output. PR 23747. [André Malo]
+ *) Delete some make-generated files in the server directory during
+ "make clean" processing. PR 26552. [Jeff Trawick]
- *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
+ *) Fixed file extensions for real media files and removed rpm extension
+ from mime.types. PR 26079. [Allan Sandfeld <kde carewolf.com>]
+
+ *) Unix MPMs: Stop dropping connections when the file descriptor
+ is at least FD_SETSIZE. [Jeff Trawick]
+
+ *) Add core version query function (ap_get_server_revision) and
+ accompanying ap_version_t structure (minor MMN bump).
[André Malo]
- *) mod_setenvif: Fix the regex optimizer, which under circumstances
- treated the supplied regex as literal string. PR 24219.
+ *) mod_rewrite: EOLs sent by external rewritemaps are now consumed
+ as whole. That way, on systems with more than one EOL character
+ rewritemap programs no longer need to switch stdout to binary
+ mode. PR 25635. [André Malo]
+
+ *) mod_rewrite: Introduce the ability to force a content handler via
+ the [handler=...] flag. [André Malo]
+
+ *) mod_rewrite: Introduce the RewriteCond -x check, which returns
+ true if the pattern is a file with execution permissions.
[André Malo]
- *) mod_autoindex / core: Don't fail to show filenames containing
- special characters like '%'. PR 13598. [André Malo]
+ *) mod_log_config: Fix corruption of buffered logs with threaded
+ MPMs. PR 25520. [Jeff Trawick]
- *) mod_info: HTML escape configuration information so it displays
- correctly. PR 24232. [Thom May]
-
- *) mod_status: Report total CPU time accurately when using a threaded
- MPM. PR 23795. [Jeff Trawick]
+ *) Allow proxying of resources that are invoked via DirectoryIndex.
+ PR 14648. [André Malo]
- *) mod_ssl: Fix segfault on a non-SSL request if the the 'c' log
- format code is used. PR 22741. [Gary E. Miller <gem rellim.com>]
+ *) mod_rewrite: Allow proxying and RewriteRules in directory context
+ for subrequests. PR 14648, 15114. [André Malo]
- *) Log an error when requests for URIs which fail to map to a valid
- filesystem name are rejected with 403. [Jeff Trawick]
+ *) mod_rewrite: Allow setting of any valid HTTP response code.
+ PR 25917. [André Malo]
- *) Fix a couple of AIX xlc_r compiler issues in the code I just
- committed. [Paul J. Reder]
+ *) mod_rewrite: Cookie creation now works locale independent.
+ [André Malo]
- *) Modified the cache code to be header-location agnostic. Also
- fixed a number of other cache code bugs related to PR 15852.
- Includes a patch submitted by Sushma Rai <rsushma novell.com>.
- This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
- closing the PR since that is what they are using. [Paul J. Reder]
+ *) mod_ssl: Add support for distributed session cache using 'distcache'.
+ [Geoff Thorpe <geoff geoffthorpe.net>]
- *) Switch to APR 1.0 API.
+ *) mod_dav: Disallow requests with an unescaped hash character in
+ the Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
- *) Fix mod_include's expression parser to recognize strings correctly
- even if they start with an escaped token. [André Malo]
+ *) Add forensic logging module (mod_log_forensic).
+ [Ben Laurie]
+
+ *) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration attaches
+ a body to the 302 response and a wrong Content-Length header.
+ PR: 22951 [Ermanno Scaglione scaglione ..at.. starnetone.de]
+
+ *) Bring ErrorHeader concept forward from 1.3, so that response
+ header fields can be set for return even on errors or external
+ redirects. [Ken Coar]
+
+ *) Fix some piped log problems: bogus "piped log program '(null)'
+ failed" messages during restart and problem with the logger
+ respawning again after Apache is stopped. PR 21648, PR 24805.
+ [Jeff Trawick]
+
+ *) Fix <Limit> and <LimitExcept> parsing to require a closing '>'
+ in the initial container. PR 25414.
+ [Geoffrey Young <geoff apache.org>]
+
+ *) Clean up httpd -V output: Instead of displaying the MPM source
+ directory, display the MPM name and some MPM properties.
+ [Geoffrey Young <geoff apache.org>]
+
+ *) mod_ssl/mod_status: Re-enable support for output of SSL session
+ cache information in server-status page. [Joe Orton]
+
+ *) mod_ssl: Remove the shmht session cache, shmcb should be used
+ instead. [Joe Orton]
+
+ *) mod_logio: Account for some bytes handed to the network layer prior to
+ dropped connections. [Jeff Trawick]
+
+ *) mod_autoindex: new directive IndexStyleSheet
+ [Tyler Riddle <triddle_1999 yahoo.com>, Paul Querna <chip force-elite.com>]
+
+ *) Fix uninitialized gprof directory name in prefork MPM. PR 24450.
+ [Chris Knight <Christopher.D.Knight nasa.gov>]
+
+ *) Log an error when requests for URIs which fail to map to a valid
+ filesystem name are rejected with 403. [Jeff Trawick]
+
+ *) Switch to APR 1.0 API.
*) Major overhaul of mod_include's filter parser. The new parser code
is expected to be more robust and should catch all of the edge cases
*) mod_rewrite: Allow forced mimetypes [T=...] to get expanded.
PR 14223. [André Malo]
- *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
- could lead to a 400 (Bad Request) response. [André Malo]
-
*) mod_rewrite: Fix LA-U and LA-F lookups in directory context. Previously
the current rewrite state was just used as lookup path, which lead to
strange and often useless results. Related to PR 8493. [André Malo]
the ENGINE functions but the engine header files are missing.
[Cliff Woolley]
- *) mod_dav: Use bucket brigades when reading PUT data. This avoids
- problems if the data stream is modified by an input filter. PR 22104.
- [Tim Robbins <tim robbins.dropbear.id.au>, André Malo]
-
*) mod_rewrite: RewriteRules in server context using the force
type feature [T=...] no longer disable MultiViews. [André Malo]
- *) mod_rewrite: In external rewrite maps lookup keys containing
- a newline now cause a lookup failure. PR 14453.
- [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]
-
*) mod_rewrite: Allow piped rewrite logs to be relative to ServerRoot.
[André Malo]
*) Fix some broken log messages in WinNT MPM.
[Juan Rivera <Juan.Rivera citrix.com>]
- *) Add support for IMT minor-type wildcards (e.g., text/*) to
- ExpiresByType. PR#7991 [Ken Coar]
-
- *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
- if any property values were set which defined namespaces these
- came out mangled in the PROPFIND response. PR 11637.
- [Amit Athavale <amit_athavale persistent.co.in>]
-
*) prefork MPM: Use the right permissions for the directory created
for gprof support. [Jim Carlson <jcarlson jnous.com>]
the current locale. level values are now really parsed as integers.
PR 17564. [André Malo]
- *) Added the WindowsSocketsWorkaround directive for Windows NT/2000/XP
- to work around problems with certain VPN and Firewall products that
- have buggy AcceptEx implementations.
- [Allan Edwards w/ suggestions from Bill Stoddard & Bill Rowe]
-
*) Extend mod_negotiation to evaluate the environment variables
no-gzip and gzip-only-text/html the same way as mod_deflate does.
[André Malo]
Changes with Apache 2.0.49
+ *) Fix mod_include's expression parser to recognize strings correctly
+ even if they start with an escaped token. [André Malo]
+
+ *) Add fatal exception hook for use by diagnostic modules. The hook
+ is only available if the --enable-exception-hook configure parm
+ is used and the EnableExceptionHook directive has been set to
+ "on". [Jeff Trawick]
+
+ *) Allow mod_auth_digest to work with sub-requests with different
+ methods than the original request. PR 25040.
+ [Josh Dady <jpd indecisive.com>]
+
+ *) mod_auth_ldap: Fix some segfaults in the cache logic. PR 18756.
+ [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]
+
+ *) The whole codebase was relicensed and is now available under
+ the Apache License, Version 2.0 (http://www.apache.org/licenses).
+ [Apache Software Foundation]
+
+ *) Fixed cache-removal order in mod_mem_cache.
+ [Jean-Jacques Clar, Cliff Woolley]
+
+ *) mod_setenvif: Fix the regex optimizer, which under circumstances
+ treated the supplied regex as literal string. PR 24219.
+ [André Malo]
+
+ *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
+ instead of mmn. [André Malo]
+
+ *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
+ could lead to a 400 (Bad Request) response. [André Malo]
+
+ *) Keep focus of ITERATE and ITERATE2 on the current module when
+ the module chooses to return DECLINE_CMD for the directive.
+ PR 22299. [Geoffrey Young <geoff apache.org>]
+
+ *) Add support for IMT minor-type wildcards (e.g., text/*) to
+ ExpiresByType. PR#7991 [Ken Coar]
+
+ *) Fix segfault in mod_mem_cache cache_insert() due to cache size
+ becoming negative. PR: 21285, 21287
+ [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]
+
+ *) core.c: If large file support is enabled, allow any file that is
+ greater than AP_MAX_SENDFILE to be split into multiple buckets.
+ This allows Apache to send files that are greater than 2gig.
+ Otherwise we run into 32/64 bit type mismatches in the file size.
+ [Brad Nicholes]
+
+ *) proxy_http fix: mod_proxy hangs when both KeepAlive and
+ ProxyErrorOverride are enabled, and a non-200 response without a
+ body is generated by the backend server. (e.g.: a client makes a
+ request containing the "If-Modified-Since" and "If-None-Match"
+ headers, to which the backend server respond with status 304.)
+ [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner]
+
+ *) mod_dav: Reject requests which include an unescaped fragment in the
+ Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
+
+ *) Build array of allowed methods with proper dimensions, fixing
+ possible memory corruption. [Jeff Trawick]
+
+ *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID.
+ PR 15057. [Otmar Lendl <lendl nic.at>]
+
+ *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944
+ [Joe Orton]
+
+ *) mod_usertrack no longer inspects the Cookie2 header for
+ the cookie name. PR 11475. [Chris Darrochi <chrisd pearsoncmg.com>]
+
+ *) mod_usertrack no longer overwrites other cookies.
+ PR 26002. [Scott Moore <apache nopdesign.com>]
+
+ *) worker MPM: fix stack overlay bug that could cause the parent
+ process to crash. [Jeff Trawick]
+
+ *) Win32: Add Win32DisableAcceptEx directive. This Windows
+ NT/2000/CP directive is useful to work around bugs in some
+ third party layered service providers like virus scanners,
+ VPN and firewall products, that do not properly handle
+ WinSock 2 APIs. Use this directive if your server is issuing
+ AcceptEx failed messages.
+ [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick]
+
+ *) Make REMOTE_PORT variable available in mod_rewrite.
+ PR 25772. [André Malo]
+
+ *) Fix a long delay with CGI requests and keepalive connections on
+ AIX. [Jeff Trawick]
+
+ *) mod_autoindex: Add 'XHTML' option in order to allow switching between
+ HTML 3.2 and XHTML 1.0 output. PR 23747. [André Malo]
+
+ *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
+ [André Malo]
+
+ *) mod_ssl: Advertise SSL library version as determined at run-time rather
+ than at compile-time. PR 23956. [Eric Seidel <seidel apple.com>]
+
+ *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log
+ format code is used. PR 22741. [Gary E. Miller <gem rellim.com>]
+
+ *) Fix build with parallel make. PR 24643. [Joe Orton]
+
+ *) mod_rewrite: In external rewrite maps lookup keys containing
+ a newline now cause a lookup failure. PR 14453.
+ [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]
+
+ *) Backport major overhaul of mod_include's filter parser from 2.1.
+ The new parser code is expected to be more robust and should
+ catch all of the edge cases that were not handled by the previous one.
+ The 2.1 external API changes were hidden by a wrapper which is
+ expected to keep the API backwards compatible. [André Malo]
+
+ *) Add a hook (insert_error_filter) to allow filters to re-insert
+ themselves during processing of error responses. Enable mod_expires
+ to use the new hook to include Expires headers in valid error
+ responses. This addresses an RFC violation. It fixes PRs 19794,
+ 24884, and 25123. [Paul J. Reder]
+
+ *) Add Polish translation of error messages. PR 25101.
+ [Tomasz Kepczynski <tomek jot23.org>]
+
+ *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
+ supported for BeOS or OS/2 MPMs.) [Jeff Trawick, Brad Nicholes,
+ Bill Stoddard]
+
+ *) Add mod_status hook to allow modules to add to the mod_status
+ report. [Joe Orton]
+
+ *) Fix htdbm to generate comment fields in DBM files correctly.
+ [Justin Erenkrantz]
+
+ *) mod_dav: Use bucket brigades when reading PUT data. This avoids
+ problems if the data stream is modified by an input filter. PR 22104.
+ [Tim Robbins <tim robbins.dropbear.id.au>, André Malo]
+
+ *) Fix RewriteBase directive to not add double slashes. [André Malo]
+
+ *) Improve 'configure --help' output for some modules. [Astrid Keßler]
+
+ *) Correct UseCanonicalName Off to properly check incoming port number.
+ [Jim Jagielski]
+
+ *) Fix slow graceful restarts with prefork MPM. [Joe Orton]
+
+ *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
+ if any property values were set which defined namespaces these
+ came out mangled in the PROPFIND response. PR 11637.
+ [Amit Athavale <amit_athavale persistent.co.in>]
+
+ *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
+ the destination resource gives a 401. PR 15571. [Joe Orton]
+
+ *) SECURITY: CAN-2003-0020 (cve.mitre.org)
+ Escape arbitrary data before writing into the errorlog. Unescaped
+ errorlogs are still possible using the compile time switch
+ "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, André Malo]
+
+ *) mod_autoindex / core: Don't fail to show filenames containing
+ special characters like '%'. PR 13598. [André Malo]
+
+ *) mod_status: Report total CPU time accurately when using a threaded
+ MPM. PR 23795. [Jeff Trawick]
+
+ *) Fix memory leak in handling of request bodies during reverse
+ proxy operations. PR 24991. [Larry Toppi <larry.toppi citrix.com>]
+
+ *) Win32 MPM: Implement MaxMemFree to enable setting an upper
+ limit on the amount of storage used by the bucket brigades
+ in each server thread. [Bill Stoddard]
+
+ *) Modified the cache code to be header-location agnostic. Also
+ fixed a number of other cache code bugs related to PR 15852.
+ Includes a patch submitted by Sushma Rai <rsushma novell.com>.
+ This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
+ closing the PR since that is what they are using. [Paul J. Reder]
+
+ *) complain via error_log when mod_include's INCLUDES filter is
+ enabled, but the relevant Options flag allowing the filter to run
+ for the specific resource wasn't set, so that the filter won't
+ silently get skipped. next remove itself, so the warning will be
+ logged only once [Stas Bekman, Jeff Trawick, Bill Rowe]
+
+ *) mod_info: HTML escape configuration information so it displays
+ correctly. PR 24232. [Thom May]
+
+ *) Restore the ability to add a description for directories that
+ don't contain an index file. (Broken in 2.0.48) [André Malo]
+
+ *) Fix a problem with the display of empty variables ("SetEnv foo") in
+ mod_include. PR 24734 [Markus Julen <mj zermatt.net>]
+
+ *) mod_log_config: Log the minutes component of the timezone correctly.
+ PR 23642. [Hong-Gunn Chew <hgbug gunnet.org>]
+
+ *) mod_proxy: Fix cases where an invalid status-line could be sent
+ to the client. PR 23998. [Joe Orton]
+
+ *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL
+ are also loaded. [Joe Orton]
+
+ *) mod_ssl: Use human-readable OpenSSL error strings in logs; use
+ thread-safe interface for retrieving error strings. [Joe Orton]
+
+ *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to
+ avoid reporting an Internal Server error if it is used without
+ having been set in the httpd.conf file. PR: 23748, 24459
+ [Andre Malo, Liam Quinn <liam htmlhelp.com>]
+
*) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon
option is set. PR 21668. [Jesse Tie-Ten-Quee <highos highos.com>]
*) Win32: During a graceful restart, threads in the new process
were accessing scoreboard slots still in use by active threads in
- the the old process. [Bill Stoddard]
+ the old process. [Bill Stoddard]
Changes with Apache 2.0.36
Changes with Apache 2.0.17
- *) If a higher-level filter handles the the byterange aspects of a
+ *) If a higher-level filter handles the byterange aspects of a
request, then the byterange filter should not try to redo the
work. The most common case of this happening, is a byterange
request going through the proxy, and the origin server handles
[jun-ichiro hagino <itojun iijlab.net>]
*) The ap_f* functions should flush data to the filter that is passed
- in, not the the filter after the one passed in.
+ in, not the filter after the one passed in.
[Ryan Morgan <rmorgan covalent.net>]
*) Make ab work again by changing its native types to apr types and formats.
*) Add a hook, create_request. This hook allows modules to modify
a request while it is being created. This hook is called for all
request_rec's, main request, sub request, and internal redirect.
- When this hook is called, the the r->main, r->prev, r->next
+ When this hook is called, the r->main, r->prev, r->next
pointers have been set, so modules can determine what kind of
request this is. [Ryan Bloom]
*) Expand APR for WinNT to fully accept and return utf-8 encoded
Unicode file names and paths for Win32, and tag the Content-Type
- from mod_autoindex to reflect that charset if the the feature
+ from mod_autoindex to reflect that charset if the feature
macro APR_HAS_UNICODE_FS is true. [William Rowe]
*) Compute the content length (and add appropriate header field) for
*) SECURITY: Numerous changes to mod_imap in a general cleanup
including fixing a possible buffer overflow. This cleanup also
- was done with 1.3 code as a basis, see the the previous note
+ was done with 1.3 code as a basis, see the previous note
about mod_include. [Dean Gaudet]
*) SECURITY: If a htaccess file can not be read due to bad