[Remove entries to the current 2.0 section below, when backported]
- *) Throw an error message if an attempt is made to use the LDAPTrustedCA
- or LDAPTrustedCAType directives in a VirtualHost. PR 26390
- [Brad Nicholes]
+ *) initialize server arrays prior to calling ap_setup_prelinked_modules
+ so that static modules can push Defines values when registering
+ hooks just like DSO modules can ["Philippe M. Chiasson" <gozer cpan.org>]
+
+ *) Add -l option to rotatelogs to let it use local time rather than
+ UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
+
+ *) Drop the ErrorHeader directive which turned out to be a misnomer.
+ Instead there's a new optional flag for the Header directive
+ ('always'), which keeps the former ErrorHeader functionality.
+ [André Malo]
+
+ *) mod_deflate: Don't deflate responses with zero length
+ e.g. proxied 304's [Allan Edwards]
+
+ *) <IfModule> now recognizes the module identifier in addition to the
+ file name. PR 29003. [Edward Rudd <eddie omegaware.com>, André Malo]
+
+ *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
+ chosen SSL environment variable. PR 20957.
+ [Martin v. Loewis <martin v.loewis.de>]
+
+ *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
+ OpenSSL 0.9.7 flag which uses the server's cipher order rather
+ than the client's. PR 28665.
+ [Jim Schneider <jschneid netilla.com>]
+
+ *) mod_ssl: Drop support for the CompatEnvVars argument to
+ SSLOptions, which was never actually implemented in 2.0.
+ [Joe Orton]
+
+ *) Fix bug in mod_deflate that unconditionally sent deflate'd output
+ even when Accept-Encoding is not present. [Justin Erenkrantz]
+
+ *) Pass environment variables through to piped loggers, resolving
+ a regression since 1.3. [Ken Coar, Jeff Trawick]
+
+ *) Enable the option to support anonymous shared memory in mod_ldap.
+ This makes the cache work on Linux again. [Graham Leggett]
*) Small fix to allow reverse proxying to an ftp server. Previously
an attempt to do this would try and connect to 0.0.0.0, regardless
instead of db3. Fixed complaints about unpackaged files.
[Graham Leggett]
- *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick]
-
*) External rewrite map responses are no longer limited to 2048
bytes. [André Malo]
- *) Fix a potential SEGV in the 'shmcb' session cache when session data
- size is greater than the size of the cache. PR 27751
- [Geoff Thorpe <geoff geoffthorpe.net>]
-
*) Proxy server was deleting cookies that Apache had already
assigned if the origin server had set any cookies. PR 27023.
[Jim Jagielski]
ap_add_module, ap_add_loaded_module, ap_setup_prelinked_modules,
and ap_process_resource_config. [André Malo]
- *) htpasswd no longer refuses to process files that contain empty
- lines. [André Malo]
-
- *) Restore the ability to disable the use of AcceptEx on Win9x systems
- automatically. PR 28529. [André Malo]
-
- *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
- exported on Win32 as well. PR 28523.
- [Edward Rudd <eddie omegaware.com>, André Malo]
-
*) Include directives no longer refuse to process symlinks on
directories. Instead there's now a maximum nesting level
of included directories (128 as distributed). This is configurable
*) mod_cgi: Handle output on stderr during script execution on Unix
platforms; preventing deadlock when stderr output fills pipe buffer.
- PR 22030. [Joe Orton, Jeff Trawick]
+ Also fixes case where stderr from nph- scripts could be lost.
+ PR 22030, 18348. [Joe Orton, Jeff Trawick]
*) mod_deflate: New option for DEFLATE output file (force-gzip),
new output filter 'INFLATE' for uncompressing responses.
*) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
format is used. PR 27787. [André Malo]
- *) Fix a bunch of cases where the return code of the regex compiler
- was not checked properly. This affects: mod_setenvif, mod_usertrack,
- mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
-
*) mod_usertrack: Escape the cookie name before pasting into the
regexp. [André Malo]
status and terminate the provider chain prior to checking the password.
[Geoffrey Young]
- *) Allow RequestHeader directives to be conditional. PR 27951.
- [Vincent Deffontaines <vincent gryzor.com>, André Malo]
-
- *) mod_logio no longer removes the EOS bucket. PR 27928.
- [Bojan Smojver <bojan rexursive.com>]
-
- *) mod_rewrite no longer turns forward proxy requests into reverse proxy
- requests. PR 28125 [ast domdv.de, André Malo]
-
*) mod_rewrite now officially supports RewriteRules in <Proxy> sections.
PR 27985. [André Malo]
AUTH_GENERAL_ERROR.
[Geoffrey Young]
- *) mod_isapi: send_response_header() failed to copy status string's
- last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
-
*) The whole codebase was relicensed and is now available under
the Apache License, Version 2.0 (http://www.apache.org/licenses).
[Apache Software Foundation]
*) Delete some make-generated files in the server directory during
"make clean" processing. PR 26552. [Jeff Trawick]
- *) Unix MPMs: Stop dropping connections when the file descriptor
- is at least FD_SETSIZE. [Jeff Trawick]
-
*) Add core version query function (ap_get_server_revision) and
accompanying ap_version_t structure (minor MMN bump).
[André Malo]
*) mod_dav: Disallow requests with an unescaped hash character in
the Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
- *) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration attaches
- a body to the 302 response and a wrong Content-Length header.
+ *) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration
+ attaches a body to the 302 response and a wrong Content-Length header.
PR: 22951 [Ermanno Scaglione scaglione ..at.. starnetone.de]
*) Bring ErrorHeader concept forward from 1.3, so that response
Changes with Apache 2.0.50
+ *) mod_alias now emits a warning if it detects overlapping *Alias*
+ directives. [André Malo]
+
+ *) mod_rewrite no longer turns forward proxy requests into reverse proxy
+ requests. PR 28125 [ast domdv.de, André Malo]
+
+ *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
+ exported on Win32 and Netware as well (minor MMN bump). PR 28523.
+ [Edward Rudd <eddie omegaware.com>, André Malo]
+
+ *) Restore the ability to disable the use of AcceptEx on Win9x systems
+ automatically (broken in2.0.49). PR 28529. [André Malo]
+
+ *) <VirtualHost myhost> now applies to all IP addresses for myhost
+ instead of just the first one reported by the resolver. This
+ corrects a regression since 1.3. [Jeff Trawick]
+
+ *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
+ against ServerRoot PR#26602 [Brad Nicholes]
+
+ *) SECURITY: CAN-2004-0488 (cve.mitre.org)
+ mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
+ (trusted) client certificate subject DN which exceeds 6K in length.
+ [Joe Orton]
+
+ *) mod_dav_fs: Fix MKCOL response for missing parent collections, which
+ caused issues for the Eclipse WebDAV extension.
+ PR 29034. [Joe Orton]
+
+ *) mod_deflate: Fix memory consumption (which was proportional to the
+ response size). PR 29318. [Joe Orton]
+
+ *) mod_ssl: Log the errors returned on failure to load or initialize
+ a crypto accelerator engine. [Joe Orton]
+
+ *) Allow RequestHeader directives to be conditional. PR 27951.
+ [Vincent Deffontaines <vincent gryzor.com>, André Malo]
+
+ *) Allow LimitRequestBody to be reset to unlimited. PR 29106
+ [André Malo]
+
+ *) Fix a bunch of cases where the return code of the regex compiler
+ was not checked properly. This affects: mod_setenvif, mod_usertrack,
+ mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
+
+ *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
+ small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>]
+
+ *) Remove 2Gb log file size restriction on some 32-bit platforms.
+ PR 13511. [Joe Orton]
+
+ *) mod_logio no longer removes the EOS bucket. PR 27928.
+ [Bojan Smojver <bojan rexursive.com>]
+
+ *) htpasswd no longer refuses to process files that contain empty
+ lines. [André Malo]
+
+ *) Regression from 1.3: At startup, suexec now will be checked for
+ availability, the setuid bit and user root. The works only if
+ httpd is compiled with the shipped APR version (0.9.5).
+ PR 28287. [André Malo]
+
+ *) Unix MPMs: Stop dropping connections when the file descriptor
+ is at least FD_SETSIZE. [Jeff Trawick]
+
+ *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick]
+
+ *) mod_isapi: send_response_header() failed to copy status string's
+ last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
+
+ *) Fix a segfault when requests for shared memory fails and returns
+ NULL. Fix a segfault caused by a lack of bounds checking on the
+ cache. PR 24801. [Graham Leggett]
+
+ *) Throw an error message if an attempt is made to use the LDAPTrustedCA
+ or LDAPTrustedCAType directives in a VirtualHost. PR 26390
+ [Brad Nicholes]
+
*) Fix a potential segfault if the bind password in the LDAP cache
- is NULL. PR 26686 [Jari Ahonen <jah@progress.com>]
+ is NULL. PR 28250. [Jari Ahonen <jah progress.com>]
*) Quotes cannot be used around require group and require dn
directives, update the documentation to reflect this. Also add
quotes around the dn and group within debug messages, to make it
more obvious why authentication is failing if quotes are used in
- error. PR 19304 [Graham Leggett]
+ error. PR 19304. [Graham Leggett]
*) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
from escaping filters twice when the backslash character is used.
- PR 24437 [Jess Holle <jessh@ptc.com>]
+ PR 24437. [Jess Holle <jessh ptc.com>]
*) Overhaul handling of LDAP error conditions, so that the util_ldap_*
functions leave the connections in a sane state after errors have
occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
27271 [Graham Leggett]
-
+
*) mod_ldap calls ldap_simple_bind_s() to validate the user
credentials. If the bind fails, the connection is left
in an unbound state. Make sure that the ldap connection
record is updated to show that the connection is no longer
bound. [Brad Nicholes]
-
+
*) Ensure that lines in the request which are too long are
properly terminated before logging.
[Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]