[Remove entries to the current 2.0 section below, when backported]
- *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
- argumentless containers.
- ["Philippe M. Chiasson" <gozer cpan.org>]
+ *) mod_deflate: New option for DEFLATE output file (force-gzip),
+ new output filter 'INFLATE' for uncompressing responses.
+ [Nick Kew <Nick at WebThing dot com>, Ian Holsman]
+
+ *) Added new module mod_version, which provides version dependent
+ configuration containers. [André Malo]
+
+ *) Accept URLs for the ServerAdmin directive. If the supplied
+ argument is not recognized as an URL, assume it's a mail address.
+ PR 28174. [André Malo]
+
+ *) mod_rewrite no longer confuses the RewriteMap caches if
+ different maps defined in different virtual hosts use the
+ same map name. PR 26462. [André Malo]
+
+ *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
+ format is used. PR 27787. [André Malo]
+
+ *) Fix a bunch of cases where the return code of the regex compiler
+ was not checked properly. This affects: mod_setenvif, mod_usertrack,
+ mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
+
+ *) mod_usertrack: Escape the cookie name before pasting into the
+ regexp. [André Malo]
+
+ *) Enable special ErrorDocument value 'default' which restores the
+ canned server response for the scope of the directive.
+ [Geoffrey Young]
+
+ *) Allow Digest providers to return AUTH_DENIED to propagate a 401
+ status and terminate the provider chain prior to checking the password.
+ [Geoffrey Young]
+
+ *) Allow RequestHeader directives to be conditional. PR 27951.
+ [Vincent Deffontaines <vincent gryzor.com>, André Malo]
+
+ *) Fix segfault in mod_expires, which occured under certain
+ circumstances. PR 28047. [André Malo]
+
+ *) mod_logio no longer removes the EOS bucket. PR 27928.
+ [Bojan Smojver <bojan rexursive.com>]
+
+ *) mod_rewrite no longer turns forward proxy requests into reverse proxy
+ requests. PR 28125 [ast domdv.de, André Malo]
+
+ *) mod_rewrite now officially supports RewriteRules in <Proxy> sections.
+ PR 27985. [André Malo]
+
+ *) mod_cgid: Don't allow Scriptsock to be specified inside VirtualHost;
+ Don't place script socket inside default server root instead of
+ actual server root. PR 27886. [Jeff Trawick]
+
+ *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
+ is set in r->subprocess_env allow mismatched query strings to pass.
+ PR 27758. [Paul Querna <chip force-elite.com>, Geoffrey Young]
+
+ *) mod_dav: Fix a problem that could cause crashes when manipulating
+ locks on some platforms. [Jeff Trawick]
+
+ *) Satisfy directives now can be influenced by a surrounding <Limit>
+ container. PR 14726. [André Malo]
+
+ *) htpasswd: use apr_temp_dir_get() and general cleanup
+ [Guenter Knauf <eflash gmx.net>, Thom May]
+
+ *) mod_proxy: Fix handling of non-200 success status codes when
+ "ProxyErrorOverride On" is configured. PR 20183.
+ [Marcus Janson <marcus.janson tre.se>, Joe Orton]
+
+ *) Threaded MPMs for Unix and Win32: Add support for ThreadStackSize
+ directive (previously NetWare-only) to override default thread
+ stack size for threads which handle client connections. Required
+ for some third-party modules on platforms with small default
+ thread stack size. [Jeff Trawick]
+
+ *) mod_rewrite: Support for recognizing SSL variables in RewriteCond
+ using the new "SSL:" format. [Joe Orton, Madhusudan Mathihalli]
+
+ *) mod_setenvif: Remove "support" for Remote_User variable which
+ never worked at all. PR 25725. [André Malo]
+
+ *) minor mod_auth_basic and mod_auth_digest sync. mod_auth_basic
+ now populates r->user with the (possibly unauthenticated) user,
+ and mod_auth_digest returns 500 when a provider returns
+ AUTH_GENERAL_ERROR.
+ [Geoffrey Young]
*) mod_isapi: GetServerVariable returned improperly terminated header
fields given "ALL_HTTP" or "ALL_RAW". PR 20656.
*) Delete some make-generated files in the server directory during
"make clean" processing. PR 26552. [Jeff Trawick]
- *) Allow mod_auth_digest to work with sub-requests with different
- methods than the original request. PR 25040.
- [Josh Dady <jpd indecisive.com>]
-
- *) Fixed file extensions for real media files and removed rpm extension
- from mime.types. PR 26079. [Allan Sandfeld <kde carewolf.com>]
-
*) Unix MPMs: Stop dropping connections when the file descriptor
is at least FD_SETSIZE. [Jeff Trawick]
true if the pattern is a file with execution permissions.
[André Malo]
- *) mod_log_config: Fix corruption of buffered logs with threaded
- MPMs. PR 25520. [Jeff Trawick]
-
*) Allow proxying of resources that are invoked via DirectoryIndex.
PR 14648. [André Malo]
*) mod_dav: Disallow requests with an unescaped hash character in
the Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
- *) Add forensic logging module (mod_log_forensic).
- [Ben Laurie]
-
*) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration attaches
a body to the 302 response and a wrong Content-Length header.
PR: 22951 [Ermanno Scaglione scaglione ..at.. starnetone.de]
header fields can be set for return even on errors or external
redirects. [Ken Coar]
- *) Fix some piped log problems: bogus "piped log program '(null)'
- failed" messages during restart and problem with the logger
- respawning again after Apache is stopped. PR 21648, PR 24805.
- [Jeff Trawick]
-
*) Fix <Limit> and <LimitExcept> parsing to require a closing '>'
in the initial container. PR 25414.
[Geoffrey Young <geoff apache.org>]
directory, display the MPM name and some MPM properties.
[Geoffrey Young <geoff apache.org>]
- *) Add fatal exception hook for use by debug modules. The hook is only
- available if the --enable-exception-hook configure parm is used.
- [Jeff Trawick]
-
*) mod_ssl/mod_status: Re-enable support for output of SSL session
cache information in server-status page. [Joe Orton]
*) Switch to APR 1.0 API.
- *) Fix mod_include's expression parser to recognize strings correctly
- even if they start with an escaped token. [André Malo]
-
*) Major overhaul of mod_include's filter parser. The new parser code
is expected to be more robust and should catch all of the edge cases
that were not handled by the previous one. This includes a binary
*) mod_ext_filter: Add the ability to filter request bodies.
[Philipp Reisner <philipp.reisner linbit.com>]
- *) mod_cgid: Restart the cgid daemon if it crashes. PR 19849
- [Glenn Nielsen <glenn apache.org>]
-
*) Fix some broken log messages in WinNT MPM.
[Juan Rivera <Juan.Rivera citrix.com>]
[Apache 2.1.0-dev includes those bug fixes and changes with the
Apache 2.0.xx tree as documented, and except as noted, below.]
+Changes with Apache 2.0.50
+
+ *) mod_ssl: Fix memory leak in session cache handling. PR 26562
+ [Madhusudan Mathihalli]
+
+ *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
+ a pool cleanup. PR 27945. [Joe Orton]
+
+ *) Add forensic logging module (mod_log_forensic).
+ [Ben Laurie]
+
+ *) logresolve: Allow size of log line buffer to be overridden at
+ build time (MAXLINE). PR 27793. [Jeff Trawick]
+
+ *) Fix the comment delimiter in htdbm so that it correctly parses the
+ username comment. Also add a terminate function to allow NetWare
+ to pause the output before the screen is destroyed.
+ [Guenter Knauf <eflash gmx.net>, Brad Nicholes]
+
+ *) Fix crash when Apache was started with no Listen directives.
+ [Michael Corcoran <mcorcoran warpsolutions.com>]
+
+ *) core_output_filter: Fix bug that could result in sending
+ garbage over the network when module handlers construct
+ bucket brigades containing multiple file buckets all referencing
+ the same open file descriptor. [Bojan Smojver]
+
+ *) Fix memory corruption problem with ap_custom_response() function.
+ The core per-dir config would later point to request pool data
+ that would be reused for different purposes on different requests.
+ [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
+
+ *) Win32: Tweak worker thread accounting routines to eliminate
+ server hang when number of Listen directives in httpd.conf
+ is greater than or equal to the setting of ThreadsPerChild.
+ [Bill Stoddard]
+
Changes with Apache 2.0.49
+ *) SECURITY: CAN-2004-0174 (cve.mitre.org)
+ Fix starvation issue on listening sockets where a short-lived
+ connection on a rarely-accessed listening socket will cause a
+ child to hold the accept mutex and block out new connections until
+ another connection arrives on that rarely-accessed listening socket.
+ With Apache 2.x there is no performance concern about enabling the
+ logic for platforms which don't need it, so it is enabled everywhere
+ except for Win32. [Jeff Trawick]
+
+ *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
+ [Jeff Trawick]
+
+ *) Win32: find_read_listeners was not correctly handling multiple
+ listeners on the Win32DisableAcceptEx path. [Bill Stoddard]
+
+ *) Fix bug in mod_usertrack when no CookieName is set. PR 24483.
+ [Manni Wood <manniwood planet-save.com>]
+
+ *) Fix some piped log problems: bogus "piped log program '(null)'
+ failed" messages during restart and problem with the logger
+ respawning again after Apache is stopped. PR 21648, PR 24805.
+ [Jeff Trawick]
+
+ *) Fixed file extensions for real media files and removed rpm extension
+ from mime.types. PR 26079. [Allan Sandfeld <kde carewolf.com>]
+
+ *) Remove compile-time length limit on request strings. Length is
+ now enforced solely with the LimitRequestLine config directive.
+ [Paul J. Reder]
+
+ *) mod_ssl: Send the Close Alert message to the peer before closing
+ the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
+
+ *) SECURITY: CAN-2004-0113 (cve.mitre.org)
+ mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
+ PR 27106. [Joe Orton]
+
+ *) mod_ssl: Fix bug in passphrase handling which could cause spurious
+ failures in SSL functions later. PR 21160. [Joe Orton]
+
+ *) mod_log_config: Fix corruption of buffered logs with threaded
+ MPMs. PR 25520. [Jeff Trawick]
+
+ *) Fix mod_include's expression parser to recognize strings correctly
+ even if they start with an escaped token. [André Malo]
+
+ *) Add fatal exception hook for use by diagnostic modules. The hook
+ is only available if the --enable-exception-hook configure parm
+ is used and the EnableExceptionHook directive has been set to
+ "on". [Jeff Trawick]
+
+ *) Allow mod_auth_digest to work with sub-requests with different
+ methods than the original request. PR 25040.
+ [Josh Dady <jpd indecisive.com>]
+
+ *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
+ argumentless containers.
+ ["Philippe M. Chiasson" <gozer cpan.org>]
+
*) mod_auth_ldap: Fix some segfaults in the cache logic. PR 18756.
[Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]
+ *) mod_cgid: Restart the cgid daemon if it crashes. PR 19849
+ [Glenn Nielsen <glenn apache.org>]
+
*) The whole codebase was relicensed and is now available under
the Apache License, Version 2.0 (http://www.apache.org/licenses).
[Apache Software Foundation]
[Tomasz Kepczynski <tomek jot23.org>]
*) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
- supported for BeOS, OS/2, or Win32 MPMs.) [Jeff Trawick,
- Brad Nicholes]
+ supported for BeOS or OS/2 MPMs.) [Jeff Trawick, Brad Nicholes,
+ Bill Stoddard]
*) Add mod_status hook to allow modules to add to the mod_status
report. [Joe Orton]
projects / apache / blobdiff