[Remove entries to the current 2.0 section below, when backported]
- *) Fix memory corruption problem with ap_custom_response() function.
- The core per-dir config would later point to request pool data
- that would be reused for different purposes on different requests.
- [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
+ *) mod_deflate: New option for DEFLATE output file (force-gzip),
+ new output filter 'INFLATE' for uncompressing responses.
+ [Nick Kew <Nick at WebThing dot com>, Ian Holsman]
+
+ *) Added new module mod_version, which provides version dependent
+ configuration containers. [André Malo]
+
+ *) Accept URLs for the ServerAdmin directive. If the supplied
+ argument is not recognized as an URL, assume it's a mail address.
+ PR 28174. [André Malo]
+
+ *) mod_rewrite no longer confuses the RewriteMap caches if
+ different maps defined in different virtual hosts use the
+ same map name. PR 26462. [André Malo]
+
+ *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
+ format is used. PR 27787. [André Malo]
+
+ *) Fix a bunch of cases where the return code of the regex compiler
+ was not checked properly. This affects: mod_setenvif, mod_usertrack,
+ mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
+
+ *) mod_usertrack: Escape the cookie name before pasting into the
+ regexp. [André Malo]
+
+ *) Enable special ErrorDocument value 'default' which restores the
+ canned server response for the scope of the directive.
+ [Geoffrey Young]
+
+ *) Allow Digest providers to return AUTH_DENIED to propagate a 401
+ status and terminate the provider chain prior to checking the password.
+ [Geoffrey Young]
+
+ *) Allow RequestHeader directives to be conditional. PR 27951.
+ [Vincent Deffontaines <vincent gryzor.com>, André Malo]
+
+ *) Fix segfault in mod_expires, which occured under certain
+ circumstances. PR 28047. [André Malo]
+
+ *) mod_logio no longer removes the EOS bucket. PR 27928.
+ [Bojan Smojver <bojan rexursive.com>]
+
+ *) mod_rewrite no longer turns forward proxy requests into reverse proxy
+ requests. PR 28125 [ast domdv.de, André Malo]
+
+ *) mod_rewrite now officially supports RewriteRules in <Proxy> sections.
+ PR 27985. [André Malo]
+
+ *) mod_cgid: Don't allow Scriptsock to be specified inside VirtualHost;
+ Don't place script socket inside default server root instead of
+ actual server root. PR 27886. [Jeff Trawick]
*) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
is set in r->subprocess_env allow mismatched query strings to pass.
PR 27758. [Paul Querna <chip force-elite.com>, Geoffrey Young]
- *) logresolve: Allow size of log line buffer to be overridden at
- build time (MAXLINE). PR 27793. [Jeff Trawick]
-
- *) Fix crash when Apache was started with no Listen directives.
- [Michael Corcoran <mcorcoran warpsolutions.com>]
-
*) mod_dav: Fix a problem that could cause crashes when manipulating
locks on some platforms. [Jeff Trawick]
for some third-party modules on platforms with small default
thread stack size. [Jeff Trawick]
- *) Win32: Tweak worker thread accounting routines to eliminate
- server hang when number of Listen directives in httpd.conf
- is greater than or equal to the setting of ThreadsPerChild.
- [Bill Stoddard]
-
*) mod_rewrite: Support for recognizing SSL variables in RewriteCond
using the new "SSL:" format. [Joe Orton, Madhusudan Mathihalli]
*) mod_dav: Disallow requests with an unescaped hash character in
the Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
- *) Add forensic logging module (mod_log_forensic).
- [Ben Laurie]
-
*) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration attaches
a body to the 302 response and a wrong Content-Length header.
PR: 22951 [Ermanno Scaglione scaglione ..at.. starnetone.de]
[Apache 2.1.0-dev includes those bug fixes and changes with the
Apache 2.0.xx tree as documented, and except as noted, below.]
+Changes with Apache 2.0.50
+
+ *) mod_ssl: Fix memory leak in session cache handling. PR 26562
+ [Madhusudan Mathihalli]
+
+ *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
+ a pool cleanup. PR 27945. [Joe Orton]
+
+ *) Add forensic logging module (mod_log_forensic).
+ [Ben Laurie]
+
+ *) logresolve: Allow size of log line buffer to be overridden at
+ build time (MAXLINE). PR 27793. [Jeff Trawick]
+
+ *) Fix the comment delimiter in htdbm so that it correctly parses the
+ username comment. Also add a terminate function to allow NetWare
+ to pause the output before the screen is destroyed.
+ [Guenter Knauf <eflash gmx.net>, Brad Nicholes]
+
+ *) Fix crash when Apache was started with no Listen directives.
+ [Michael Corcoran <mcorcoran warpsolutions.com>]
+
+ *) core_output_filter: Fix bug that could result in sending
+ garbage over the network when module handlers construct
+ bucket brigades containing multiple file buckets all referencing
+ the same open file descriptor. [Bojan Smojver]
+
+ *) Fix memory corruption problem with ap_custom_response() function.
+ The core per-dir config would later point to request pool data
+ that would be reused for different purposes on different requests.
+ [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
+
+ *) Win32: Tweak worker thread accounting routines to eliminate
+ server hang when number of Listen directives in httpd.conf
+ is greater than or equal to the setting of ThreadsPerChild.
+ [Bill Stoddard]
+
Changes with Apache 2.0.49
*) SECURITY: CAN-2004-0174 (cve.mitre.org)
[Paul J. Reder]
*) mod_ssl: Send the Close Alert message to the peer before closing
- the SSL session. [Madhusudan Mathihalli, Joe Orton]
+ the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
*) SECURITY: CAN-2004-0113 (cve.mitre.org)
mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.