-*- coding: utf-8 -*-
Changes with Apache 2.5.0
- *) core: add ap_get_protocol_upgrades() to retrieve the list of protocols
- that a client could possibly upgrade to. Use in first request on a
- connection to announce protocol choices.
- [Stefan Eissing]
-
- *) mod_http2: reworked deallocation on connection shutdown and worker
- abort. Separate parent pool for all workers. worker threads are joined
- on planned worker shutdown.
- [Yann Ylavic, Stefan Eissing]
-
- *) mod_ssl: when receiving requests for other virtual hosts than the handshake
- server, the SSL parameters are checked for equality. With equal
- configuration, requests are passed for processing. Any change will trigger
- the old behaviour of "421 Misdirected Request".
- SSL now remembers the cipher suite that was used for the last handshake.
- This is compared against for any vhost/directory cipher specification.
- Detailed examination of renegotiation is only done when these do not
- match.
- Renegotiation is 403ed when a master connection is present. Exact reason
- is given additionally in a request note.
- [Stefan Eissing]
+ *) core: Drop an invalid Last-Modified header value coming
+ from a FCGI/CGI script instead of replacing it with Unix epoch.
+ [Luca Toscano]
+
+ *) mod_dav: Allow other modules to become providers and add ACLs
+ to the DAV response.
+ [Jari Urpalainen <jari.urpalainen nokia.com>, Graham Leggett]
+
+ *) mod_dav: Add dav_begin_multistatus, dav_send_one_response,
+ dav_finish_multistatus, dav_send_multistatus, dav_handle_err,
+ dav_failed_proppatch, dav_success_proppatch to mod_dav.h.
+ [Jari Urpalainen <jari.urpalainen nokia.com>, Graham Leggett]
+
+ *) core: Add -DDUMP_INCLUDES configtest option to show the tree
+ of Included configuration files. [Jacob Champion <champion.pxi gmail.com>]
+
+ *) mod_dav: Add support for childtags to dav_error.
+ [Jari Urpalainen <jari.urpalainen nokia.com>]
+
+ *) abs: include OpenSSL_Applink when compiling on Visual Studio 2015
+ and up. PR59630 [Jan Ehrhardt <phpdev ehrhardt.nl>]
+
+ *) mod_proxy, mod_ssl: Handle SSLProxy* directives in <Proxy> sections,
+ allowing per backend TLS configuration. [Yann Ylavic]
+
+ *) core: explicitly exclude 'h2' from protocols announced via an Upgrade:
+ header as commanded by http-wg. [Stefan Eissing]
- *) core: Limit to ten the number of tolerated empty lines between request,
- and consume them before the pipelining check to avoid possible response
- delay when reading the next request without flushing. [Yann Ylavic]
+ *) http: Respond with "408 Request Timeout" when a timeout occurs while
+ reading the request body. [Yann Ylavic]
- *) mod_session: Introduce SessionExpiryUpdateInterval which allows to
- configure the session/cookie expiry's update interval. PR 57300.
- [Paul Spangler <paul.spangler ni.com>]
+ *) scoreboard/status: Keep workers' previous Client, VHost and Request values
+ when idle, like in 2.4.18 and earlier. [Yann Ylavic]
- *) mod_ssl: Extend expression parser registration to support ssl variables
- in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function
- syntax "ssl(VARIABLE)". [Rainer Jung]
+ *) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy
+ AJP13 authentication. PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>]
- *) core: Extend support for asynchronous write completion from the
- network filter to any connection or request filter. [Graham Leggett]
+ *) mpm_event: Don't take over scoreboard slots from gracefully finishing
+ threads. [Stefan Fritsch]
- *) mpm_event: Free memory earlier when shutting down processes.
- [Stefan Fritsch]
+ *) mod_status: Display the process slot number in the async connection
+ overview. [Stefan Fritsch]
- *) mod_ssl: Make the output filter more friendly with deferred write and
- response pipelining. [Yann Ylavic, Joe Orton]
+ *) mpm_event, mpm_worker: Fix computation of MinSpareThreads' lower bound
+ according the number of listeners buckets. [Yann Ylavic]
- *) core/util_script: relax alphanumeric filter of environment variable names
- on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al.
- unadulterated in 64 bit versions of Windows. PR 46751.
- [John <john leineweb de>]
+ *) mpm: Generalise the ap_mpm_register_socket functions to accept pipes
+ or sockets. [Graham Leggett]
- *) mod_logio: Fix logging of %^FB (time to first byte) on the first request on
- an SSL connection. PR 58454.
- [Konstantin J. Chernov <k.j.chernov gmail.com>]
+ *) core: Extend support for setting aside data from the network input filter
+ to any connection or request input filter. [Graham Leggett]
- *) mod_proxy: Fix ProxySourceAddress binding failure with AH00938.
- PR 56687. [Arne de Bruijn <apache arbruijn.dds.nl>
+ *) mod_ssl: Add "no_crl_for_cert_ok" flag to SSLCARevocationCheck directive
+ to opt-in previous behaviour (2.2) with CRLs verification when checking
+ certificate(s) with no corresponding CRL. [Yann Ylavic]
- *) mod_proxy: don't recyle backend announced "Connection: close" connections
- to avoid reusing it should the close be effective after some new request
- is ready to be sent. [Yann Ylavic]
+ *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett]
- *) mod_auth_digest: remove AuthDigestEnableQueryStringHack which is no
- more documented since dec 2012 (r1415960). [Christophe Jaillet]
+ *) ab: Use caseless matching for HTTP tokens (e.g. content-length). PR 59111.
+ [Yann Ylavic]
- *) mod_slotmem_shm: Fix slots/SHM files names on restart for systems that
- can't create new (clear) slots while previous children gracefully stopping
- still use the old ones (e.g. Windows, OS2). mod_proxy_balancer failed to
- restart whenever the number of configured balancers/members changed during
- restart. PR 58024. [Yann Ylavic]
+ *) mod_auth_digest: Fix compatibility with expression-based Authname. PR59039.
+ [Eric Covener]
- *) mod_autoindex: Allow autoindexes when neither mod_dir nor mod_mime are
- loaded. [Eric Covener]
+ *) mpm: Add a complete_connection hook that confirms whether an MPM is allowed
+ to leave the WRITE_COMPLETION phase. Move filter code out of the MPMs.
+ [Graham Leggett]
- *) mod_charset_lite: On EBCDIC platforms, make sure mod_charset_lite runs
- after other resource-level filters. [Eric Covener]
+ *) core: Added support for HTTP code 451. PR58985.
+ [Yehuda Katz <yehuda ymkatz.net>, Jim Jagielski]
- *) mod_dir: Responses that go through "FallbackResource" might appear to
- hang due to unterminated chunked encoding. PR58292. [Eric Covener]
+ *) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung]
+
+ *) mod_filter: Fix AddOutputFilterByType with non-content-level filters.
+ PR58856 [Micha Lenk <micha lenk.info>]
- *) mod_socache_memcache: Add the 'MemcacheConnTTL' directive to control how
- long to keep idle connections with the memcache server(s).
- Change default value from 600 usec (!) to 15 sec. PR 58091
- [Christophe Jaillet]
+ *) mod_cache: Consider Cache-Control: s-maxage in expiration
+ calculations. [Eric Covener]
- *) mod_rewrite: Allow cookies set by mod_rewrite to contain ':' by accepting
- ';' as an alternate separator. PR47241.
- [<bugzilla schermesser com>, Eric Covener]
+ *) mod_cache: Allow caching of responses with an Expires header
+ in the past that also has Cache-Control: max-age or s-maxage.
+ PR55156. [Eric Covener]
- *) apxs: Add HTTPD_VERSION and HTTPD_MMN to the variables available with
- apxs -q. PR58202. [Daniel Shahaf <danielsh apache.org>]
+ *) Added many log numbers to log statements that had none.
- *) mod_h2: added donated http/2 implementation to build system. Similar
- configuration options to mod_ssl. [Stefan Eissing]
+ *) mod_session: Introduce SessionExpiryUpdateInterval which allows to
+ configure the session/cookie expiry's update interval. PR 57300.
+ [Paul Spangler <paul.spangler ni.com>]
- *) mod_authz_dbd: Avoid a crash when lacking correct DB access permissions.
- PR 57868. [Jose Kahan <jose w3.org>, Yann Ylavic]
+ *) core: Extend support for asynchronous write completion from the
+ network filter to any connection or request filter. [Graham Leggett]
- *) mod_alias: Limit Redirect expressions to directory (Location) context
- and redirect statuses (implicit or explicit).
- [Yann Ylavic, Ruediger Pluem]
+ *) mpm_event: Free memory earlier when shutting down processes.
+ [Stefan Fritsch]
- *) mod_substitute: Fix configuraton merge order.
- PR 57641 [<Marc.Stern approach.be>]
+ *) mod_auth_digest: remove AuthDigestEnableQueryStringHack which is no
+ more documented since dec 2012 (r1415960). [Christophe Jaillet]
- *) mod_ssl: When SSLVerify is disabled (NONE), don't force a renegotiation if
- the SSLVerifyDepth applied with the default/handshaken vhost differs from
- the one applicable with the finally selected vhost. [Yann Ylavic]
-
- *) mod_ssl: add ALPN support by allowing other modules to register callbacks
- for negotiation of the application layer protocol. PR 52210.
- [Matthew Steele <mdsteele google com>, Joe Orton, Jim Jagielski,
- Stefan Eissing <stefan eissing org>, Rainer Jung, Ruediger Pluem,
- Kaspar Brand]
+ *) mod_charset_lite: On EBCDIC platforms, make sure mod_charset_lite runs
+ after other resource-level filters. [Eric Covener]
+
+ *) mod_dir: Responses that go through "FallbackResource" might appear to
+ hang due to unterminated chunked encoding. PR58292. [Eric Covener]
*) http: Don't remove the Content-Length of zero from a HEAD response if
it comes from an origin server, module or script. [Yann Ylavic]
- *) core/util_script: make REDIRECT_URL a full URL. PR 57785. [Nick Kew]
-
*) http: Add support for RFC2324/RFC7168. [Graham Leggett]
- *) mod_proxy: Fix a race condition that caused a failed worker to be retried
- before the retry period is over. [Ruediger Pluem]
-
*) mod_rewrite: Add support for starting External Rewriting Programs
as non-root user on UNIX systems by specifying username and group name
as third argument of RewriteMap directive. [Jan Kaluza]
*) ap_expr: Add filemod function for checking file modification dates
[Daniel Gruno]
-
+
*) mod_authnz_ldap: Resolve crashes with LDAP authz and non-LDAP authn since
r1608202. [Eric Covener]
-
- *) core: Ensure that httpd exits with an error status when the MPM fails
- to run. [Yann Ylavic]
*) apreq: Content-Length header should be always interpreted as a decimal.
Leading 0 could be erroneously considered as an octal value. PR 56598.
[Chris Card <ctcard hotmail com>]
-
+
*) mod_proxy: Now allow for 191 character worker names, with non-fatal
errors if name is truncated. PR53218. [Jim Jagielski]
*) core, mod_info: Add compiled and loaded PCRE versions to version
number display. [Rainer Jung]
- *) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
- internationalization. [William Rowe]
-
- *) mpm_winnt: Normalize the error and status messages emitted by service.c,
- the service control interface for Windows. [William Rowe]
-
*) mod_authnz_ldap: Return LDAP connections to the pool before the handler
is run, instead of waiting until the end of the request. [Eric Covener]
- *) mod_log_config: Add GlobalLog to allow a globally defined log to
- be inherited by virtual hosts that define a CustomLog.
- [Edward Lu <Chaosed0 gmail.com>]
-
- *) MPMs: Support SO_REUSEPORT to create multiple duplicated listener
- records for scalability. [Yingqi Lu <yingqi.lu@intel.com>,
- Jeff Trawick, Jim Jagielski]
-
*) mod_proxy_html: support automatic detection of doctype and processing
of FPIs. PR56285 [Micha Lenk <micha lenk info>, Nick Kew]
*) Add module mod_ssl_ct, which provides an implementation of Certificate
Transparency (RFC 6962) for httpd. [Jeff Trawick]
- *) mod_remoteip: Prevent an external proxy from presenting an internal
- proxy. PR 55962. [Mike Rumph]
-
- *) mod_ssl: Add hooks to allow other modules to perform processing at
- several stages of initialization and connection handling. See
- mod_ssl_openssl.h. [Jeff Trawick]
-
*) mod_proxy_wstunnel: Avoid sending error responses down an upgraded
websockets connection as it is being close down. [Eric Covener]
-
+
*) mod_proxy_wstunnel: Allow the administrator to cap the amount
of time a synchronous websockets connection stays idle with
ProxyWebsocketIdleTimeout. [Eric Covener]
*) mod_rewrite: Add 'BNF' (backreferences-no-plus) flag to RewriteRule to
allow spaces in backreferences to be encoded as %20 instead of '+'.
[Eric Covener]
-
+
*) mod_rewrite: Support an optional list of characters to escape in the
argument for the 'B' (escape backreferences) flag. [Eric Covener]
They were truncated to 31 characters which is not enough for IPv6 addresses.
PR 54848 [Bernhard Schmidt <berni birkenwald de>]
- *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
- [Jeff Trawick]
-
*) mod_unique_id: Use output of the PRNG rather than IP address and
pid, avoiding sleep() call and possible DNS issues at startup,
plus improving randomness for IPv6-only hosts.
[Jan Kaluza <jkaluza redhat.com>]
- *) mod_authnz_ldap: Support primitive LDAP servers that do not accept
- filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
- filter "none" to be specified in AuthLDAPURL. [Eric Covener]
-
*) mod_file_cache: mod_file_cache should be able to serve files that
haven't had a Content-Type set via e.g. mod_mime. [Eric Covener]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
- APIs: ap_log_pid(), ap_remove_pid, ap_read_pid()
- - core: the scoreboard (ScoreBoardFile), pid file (PidFile), and
- mutexes (Mutex)
- mod_cache: thundering herd lock directory
- mod_lbmethod_heartbeat, mod_heartmonitor: heartbeat storage file
- mod_ldap: shared memory cache