-*- coding: utf-8 -*-
+Changes with Apache 2.3.5
+
+ *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
+ mod_proxy_connect. [Takashi Sato]
+
+ *) mod_cache: Do an exact match of the keys defined by
+ CacheIgnoreURLSessionIdentifiers against the querystring instead of
+ a partial match. PR 48401.i
+ [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
+
+ *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
+
+ *) mod_headers: Ensure that changes to the main request remain valid when
+ the subrequest is destroyed. PR 48359 [Nick Kew, Ruediger Pluem]
+
+ *) Core HTTP: disable keepalive when the Client has sent
+ Expect: 100-continue
+ but we respond directly with a non-100 response.
+ Keepalive here led to data from clients continuing being treated as
+ a new request.
+ PR 47087 [Nick Kew]
+
+ *) Core: reject NULLs in request line or request headers.
+ PR 43039 [Nick Kew]
+
+ *) Core: (re)-introduce -T commandline option to suppress documentroot
+ check at startup.
+ PR 41887 [Jan van den Berg <janvdberg gmail.com>]
+
+ *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
+ ScanHTMLTitles, ReadmeName, HeaderName
+ PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
+
+ *) Proxy: Fix ProxyPassReverse with relative URL
+ Derived (slightly erroneously) from PR 38864 [Nick Kew]
+
+ *) mod_headers: align Header Edit with Header Set when used on Content-Type
+ PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
+
+ *) mod_headers: Enable multi-match-and-replace edit option
+ PR 47066 [Nick Kew]
+
+ *) mod_filter: enable it to act on non-200 responses.
+ PR 48377 [Nick Kew]
+
+Changes with Apache 2.3.4
+
+ *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
+ and WatchdogMutexPath with a single Mutex directive. Add APIs to
+ simplify setup and user customization of APR proc and global mutexes.
+ (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
+ respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
+
+ *) http_core: KeepAlive no longer accepts other than On|Off.
+ [Takashi Sato]
+
+ *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
+ and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
+ [Jeff Trawick]
+
+ *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
+ try other providers in the case of an LDAP bind failure.
+ PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
+
+ *) Build: fix --with-module to work as documented
+ PR 43881 [Gez Saunders <gez.saunders virgin.net>]
+
Changes with Apache 2.3.3
*) SECURITY: CVE-2009-3095 (cve.mitre.org)
*) SECURITY: CVE-2009-3094 (cve.mitre.org)
mod_proxy_ftp: NULL pointer dereference on error paths.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
+ *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
+ OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
+
+ *) mod_dav: Include uri when logging a PUT error due to connection abort.
+ PR 38149. [Stefan Fritsch]
+
+ *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
+ resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
+
+ *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
+ (a COPY request where the parent of the destination resource does not
+ exist). PR 39299. [Stefan Fritsch]
+
+ *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
+ PR 42896. [Stefan Fritsch]
+
+ *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
+ old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
+
+ *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
+ creating files. On systems with inode numbers, this is a format change of
+ the DavLockDB. The old DavLockDB must be deleted on upgrade.
+ [Stefan Fritsch]
*) mod_log_config: Make ${cookie}C correctly match whole cookie names
instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
projects / apache / blobdiff