[Remove entries to the current 2.0 section below, when backported]
+ *) mod_deflate: New option for DEFLATE output file (force-gzip),
+ new output filter 'INFLATE' for uncompressing responses.
+ [Nick Kew <Nick at WebThing dot com>, Ian Holsman]
+
+ *) Added new module mod_version, which provides version dependent
+ configuration containers. [André Malo]
+
+ *) Accept URLs for the ServerAdmin directive. If the supplied
+ argument is not recognized as an URL, assume it's a mail address.
+ PR 28174. [André Malo]
+
+ *) mod_rewrite no longer confuses the RewriteMap caches if
+ different maps defined in different virtual hosts use the
+ same map name. PR 26462. [André Malo]
+
+ *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
+ format is used. PR 27787. [André Malo]
+
+ *) Fix a bunch of cases where the return code of the regex compiler
+ was not checked properly. This affects: mod_setenvif, mod_usertrack,
+ mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
+
+ *) mod_usertrack: Escape the cookie name before pasting into the
+ regexp. [André Malo]
+
+ *) Enable special ErrorDocument value 'default' which restores the
+ canned server response for the scope of the directive.
+ [Geoffrey Young]
+
+ *) Allow Digest providers to return AUTH_DENIED to propagate a 401
+ status and terminate the provider chain prior to checking the password.
+ [Geoffrey Young]
+
*) Allow RequestHeader directives to be conditional. PR 27951.
[Vincent Deffontaines <vincent gryzor.com>, André Malo]
Don't place script socket inside default server root instead of
actual server root. PR 27886. [Jeff Trawick]
- *) mod_ssl: Disable the extra session caching in OpenSSL to prevent memory
- leak. PR 26562. [Madhusudan Mathihalli]
-
*) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
is set in r->subprocess_env allow mismatched query strings to pass.
PR 27758. [Paul Querna <chip force-elite.com>, Geoffrey Young]
*) mod_dav: Disallow requests with an unescaped hash character in
the Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
- *) Add forensic logging module (mod_log_forensic).
- [Ben Laurie]
-
*) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration attaches
a body to the 302 response and a wrong Content-Length header.
PR: 22951 [Ermanno Scaglione scaglione ..at.. starnetone.de]
Changes with Apache 2.0.50
+ *) mod_ssl: Fix memory leak in session cache handling. PR 26562
+ [Madhusudan Mathihalli]
+
+ *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
+ a pool cleanup. PR 27945. [Joe Orton]
+
+ *) Add forensic logging module (mod_log_forensic).
+ [Ben Laurie]
+
*) logresolve: Allow size of log line buffer to be overridden at
build time (MAXLINE). PR 27793. [Jeff Trawick]
[Paul J. Reder]
*) mod_ssl: Send the Close Alert message to the peer before closing
- the SSL session. [Madhusudan Mathihalli, Joe Orton]
+ the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
*) SECURITY: CAN-2004-0113 (cve.mitre.org)
mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.