[Remove entries to the current 2.0 section below, when backported]
+ *) initialize server arrays prior to calling ap_setup_prelinked_modules
+ so that static modules can push Defines values when registering
+ hooks just like DSO modules can ["Philippe M. Chiasson" <gozer cpan.org>]
+
+ *) Add -l option to rotatelogs to let it use local time rather than
+ UTC. PR 24417. [Ken Coar, Uli Zappe <uli ritual.org>]
+
+ *) Drop the ErrorHeader directive which turned out to be a misnomer.
+ Instead there's a new optional flag for the Header directive
+ ('always'), which keeps the former ErrorHeader functionality.
+ [André Malo]
+
+ *) mod_deflate: Don't deflate responses with zero length
+ e.g. proxied 304's [Allan Edwards]
+
+ *) <IfModule> now recognizes the module identifier in addition to the
+ file name. PR 29003. [Edward Rudd <eddie omegaware.com>, André Malo]
+
+ *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
+ chosen SSL environment variable. PR 20957.
+ [Martin v. Loewis <martin v.loewis.de>]
+
+ *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
+ OpenSSL 0.9.7 flag which uses the server's cipher order rather
+ than the client's. PR 28665.
+ [Jim Schneider <jschneid netilla.com>]
+
+ *) mod_ssl: Drop support for the CompatEnvVars argument to
+ SSLOptions, which was never actually implemented in 2.0.
+ [Joe Orton]
+
+ *) Fix bug in mod_deflate that unconditionally sent deflate'd output
+ even when Accept-Encoding is not present. [Justin Erenkrantz]
+
+ *) Pass environment variables through to piped loggers, resolving
+ a regression since 1.3. [Ken Coar, Jeff Trawick]
+
+ *) Enable the option to support anonymous shared memory in mod_ldap.
+ This makes the cache work on Linux again. [Graham Leggett]
+
+ *) Small fix to allow reverse proxying to an ftp server. Previously
+ an attempt to do this would try and connect to 0.0.0.0, regardless
+ of the server specified. PR 24922
+ [Pascal Terjan <pterjan@linuxfr.org>]
+
+ *) RPM spec file changes: changed default dependancy to link to db4
+ instead of db3. Fixed complaints about unpackaged files.
+ [Graham Leggett]
+
+ *) External rewrite map responses are no longer limited to 2048
+ bytes. [André Malo]
+
+ *) Proxy server was deleting cookies that Apache had already
+ assigned if the origin server had set any cookies. PR 27023.
+ [Jim Jagielski]
+
+ *) Prevent Win32 pool corruption at startup [Allan Edwards]
+
+ *) Removed old and unmaintained ap_add_named_module API and changed
+ the following APIs to return an error instead of hard exiting:
+ ap_add_module, ap_add_loaded_module, ap_setup_prelinked_modules,
+ and ap_process_resource_config. [André Malo]
+
+ *) Include directives no longer refuse to process symlinks on
+ directories. Instead there's now a maximum nesting level
+ of included directories (128 as distributed). This is configurable
+ at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch.
+ PR 28492. [André Malo]
+
+ *) Recursive Include directives no longer crash. The server stops
+ including configuration files after a certain nesting level (128
+ as distributed). This is configurable at compile time using the
+ -DAP_MAX_INCLUDE_DEPTH switch. PR 28370. [André Malo]
+
+ *) mod_headers: Allow %% in header values to represent a literal %.
+ [André Malo]
+
+ *) mod_headers: Allow env clauses also for 'echo' and 'unset' actions.
+ [André Malo]
+
+ *) mod_headers: Allow 'echo' also for ErrorHeaders. [André Malo]
+
+ *) mod_cgi: Handle output on stderr during script execution on Unix
+ platforms; preventing deadlock when stderr output fills pipe buffer.
+ Also fixes case where stderr from nph- scripts could be lost.
+ PR 22030, 18348. [Joe Orton, Jeff Trawick]
+
+ *) mod_deflate: New option for DEFLATE output file (force-gzip),
+ new output filter 'INFLATE' for uncompressing responses.
+ [Nick Kew <Nick at WebThing dot com>, Ian Holsman]
+
+ *) Added new module mod_version, which provides version dependent
+ configuration containers. [André Malo]
+
+ *) Accept URLs for the ServerAdmin directive. If the supplied
+ argument is not recognized as an URL, assume it's a mail address.
+ PR 28174. [André Malo]
+
+ *) mod_rewrite no longer confuses the RewriteMap caches if
+ different maps defined in different virtual hosts use the
+ same map name. PR 26462. [André Malo]
+
+ *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
+ format is used. PR 27787. [André Malo]
+
+ *) mod_usertrack: Escape the cookie name before pasting into the
+ regexp. [André Malo]
+
*) Enable special ErrorDocument value 'default' which restores the
canned server response for the scope of the directive.
[Geoffrey Young]
status and terminate the provider chain prior to checking the password.
[Geoffrey Young]
- *) Allow RequestHeader directives to be conditional. PR 27951.
- [Vincent Deffontaines <vincent gryzor.com>, André Malo]
-
- *) Fix segfault in mod_expires, which occured under certain
- circumstances. PR 28047. [André Malo]
-
- *) mod_logio no longer removes the EOS bucket. PR 27928.
- [Bojan Smojver <bojan rexursive.com>]
-
- *) mod_rewrite no longer turns forward proxy requests into reverse proxy
- requests. PR 28125 [ast domdv.de, André Malo]
-
*) mod_rewrite now officially supports RewriteRules in <Proxy> sections.
PR 27985. [André Malo]
Don't place script socket inside default server root instead of
actual server root. PR 27886. [Jeff Trawick]
- *) mod_ssl: Disable the extra session caching in OpenSSL to prevent memory
- leak. PR 26562. [Madhusudan Mathihalli]
-
*) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
is set in r->subprocess_env allow mismatched query strings to pass.
PR 27758. [Paul Querna <chip force-elite.com>, Geoffrey Young]
- *) mod_dav: Fix a problem that could cause crashes when manipulating
- locks on some platforms. [Jeff Trawick]
-
*) Satisfy directives now can be influenced by a surrounding <Limit>
container. PR 14726. [André Malo]
- *) htpasswd: use apr_temp_dir_get() and general cleanup
- [Guenter Knauf <eflash gmx.net>, Thom May]
-
*) mod_proxy: Fix handling of non-200 success status codes when
"ProxyErrorOverride On" is configured. PR 20183.
[Marcus Janson <marcus.janson tre.se>, Joe Orton]
AUTH_GENERAL_ERROR.
[Geoffrey Young]
- *) mod_isapi: GetServerVariable returned improperly terminated header
- fields given "ALL_HTTP" or "ALL_RAW". PR 20656.
- [Jesse Pelton <jsp pkc.com>]
-
- *) mod_isapi: send_response_header() failed to copy status string's
- last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
-
- *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
- size. PR 20617. [Jesse Pelton <jsp pkc.com>]
-
*) The whole codebase was relicensed and is now available under
the Apache License, Version 2.0 (http://www.apache.org/licenses).
[Apache Software Foundation]
*) Delete some make-generated files in the server directory during
"make clean" processing. PR 26552. [Jeff Trawick]
- *) Unix MPMs: Stop dropping connections when the file descriptor
- is at least FD_SETSIZE. [Jeff Trawick]
-
*) Add core version query function (ap_get_server_revision) and
accompanying ap_version_t structure (minor MMN bump).
[André Malo]
*) mod_dav: Disallow requests with an unescaped hash character in
the Request-URI. PR 21779. [Amit Athavale <amit_athavale lycos.com>]
- *) Add forensic logging module (mod_log_forensic).
- [Ben Laurie]
-
- *) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration attaches
- a body to the 302 response and a wrong Content-Length header.
+ *) mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration
+ attaches a body to the 302 response and a wrong Content-Length header.
PR: 22951 [Ermanno Scaglione scaglione ..at.. starnetone.de]
*) Bring ErrorHeader concept forward from 1.3, so that response
Changes with Apache 2.0.50
+ *) mod_alias now emits a warning if it detects overlapping *Alias*
+ directives. [André Malo]
+
+ *) mod_rewrite no longer turns forward proxy requests into reverse proxy
+ requests. PR 28125 [ast domdv.de, André Malo]
+
+ *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
+ exported on Win32 and Netware as well (minor MMN bump). PR 28523.
+ [Edward Rudd <eddie omegaware.com>, André Malo]
+
+ *) Restore the ability to disable the use of AcceptEx on Win9x systems
+ automatically (broken in2.0.49). PR 28529. [André Malo]
+
+ *) <VirtualHost myhost> now applies to all IP addresses for myhost
+ instead of just the first one reported by the resolver. This
+ corrects a regression since 1.3. [Jeff Trawick]
+
+ *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
+ against ServerRoot PR#26602 [Brad Nicholes]
+
+ *) SECURITY: CAN-2004-0488 (cve.mitre.org)
+ mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
+ (trusted) client certificate subject DN which exceeds 6K in length.
+ [Joe Orton]
+
+ *) mod_dav_fs: Fix MKCOL response for missing parent collections, which
+ caused issues for the Eclipse WebDAV extension.
+ PR 29034. [Joe Orton]
+
+ *) mod_deflate: Fix memory consumption (which was proportional to the
+ response size). PR 29318. [Joe Orton]
+
+ *) mod_ssl: Log the errors returned on failure to load or initialize
+ a crypto accelerator engine. [Joe Orton]
+
+ *) Allow RequestHeader directives to be conditional. PR 27951.
+ [Vincent Deffontaines <vincent gryzor.com>, André Malo]
+
+ *) Allow LimitRequestBody to be reset to unlimited. PR 29106
+ [André Malo]
+
+ *) Fix a bunch of cases where the return code of the regex compiler
+ was not checked properly. This affects: mod_setenvif, mod_usertrack,
+ mod_proxy, mod_proxy_ftp and core. PR 28218. [André Malo]
+
+ *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
+ small cache sizes. PR 27751. [Geoff Thorpe <geoff geoffthorpe.net>]
+
+ *) Remove 2Gb log file size restriction on some 32-bit platforms.
+ PR 13511. [Joe Orton]
+
+ *) mod_logio no longer removes the EOS bucket. PR 27928.
+ [Bojan Smojver <bojan rexursive.com>]
+
+ *) htpasswd no longer refuses to process files that contain empty
+ lines. [André Malo]
+
+ *) Regression from 1.3: At startup, suexec now will be checked for
+ availability, the setuid bit and user root. The works only if
+ httpd is compiled with the shipped APR version (0.9.5).
+ PR 28287. [André Malo]
+
+ *) Unix MPMs: Stop dropping connections when the file descriptor
+ is at least FD_SETSIZE. [Jeff Trawick]
+
+ *) Fix handling of IPv6 numeric strings in mod_proxy. [Jeff Trawick]
+
+ *) mod_isapi: send_response_header() failed to copy status string's
+ last character. PR 20619. [Jesse Pelton <jsp pkc.com>]
+
+ *) Fix a segfault when requests for shared memory fails and returns
+ NULL. Fix a segfault caused by a lack of bounds checking on the
+ cache. PR 24801. [Graham Leggett]
+
+ *) Throw an error message if an attempt is made to use the LDAPTrustedCA
+ or LDAPTrustedCAType directives in a VirtualHost. PR 26390
+ [Brad Nicholes]
+
+ *) Fix a potential segfault if the bind password in the LDAP cache
+ is NULL. PR 28250. [Jari Ahonen <jah progress.com>]
+
+ *) Quotes cannot be used around require group and require dn
+ directives, update the documentation to reflect this. Also add
+ quotes around the dn and group within debug messages, to make it
+ more obvious why authentication is failing if quotes are used in
+ error. PR 19304. [Graham Leggett]
+
+ *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
+ from escaping filters twice when the backslash character is used.
+ PR 24437. [Jess Holle <jessh ptc.com>]
+
+ *) Overhaul handling of LDAP error conditions, so that the util_ldap_*
+ functions leave the connections in a sane state after errors have
+ occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
+ 27271 [Graham Leggett]
+
+ *) mod_ldap calls ldap_simple_bind_s() to validate the user
+ credentials. If the bind fails, the connection is left
+ in an unbound state. Make sure that the ldap connection
+ record is updated to show that the connection is no longer
+ bound. [Brad Nicholes]
+
+ *) Ensure that lines in the request which are too long are
+ properly terminated before logging.
+ [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
+
+ *) Update the bind credentials for the cached LDAP connection to
+ reflect the last bind. This prevents util_ldap from creating
+ unnecessary connections rather than reusing cached connections.
+ [Brad Nicholes]
+
+ *) mod_isapi: GetServerVariable returned improperly terminated header
+ fields given "ALL_HTTP" or "ALL_RAW". PR 20656.
+ [Jesse Pelton <jsp pkc.com>]
+
+ *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
+ size. PR 20617. [Jesse Pelton <jsp pkc.com>]
+
+ *) mod_dav: Fix a problem that could cause crashes when manipulating
+ locks on some platforms. [Jeff Trawick]
+
+ *) mod_headers no longer crashes if an empty header value should
+ be added. [André Malo]
+
+ *) Fix segfault in mod_expires, which occured under certain
+ circumstances. PR 28047. [André Malo]
+
+ *) htpasswd: use apr_temp_dir_get() and general cleanup
+ [Guenter Knauf <eflash gmx.net>, Thom May]
+
+ *) mod_ssl: Fix memory leak in session cache handling. PR 26562
+ [Madhusudan Mathihalli]
+
+ *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
+ a pool cleanup. PR 27945. [Joe Orton]
+
+ *) Add forensic logging module (mod_log_forensic).
+ [Ben Laurie]
+
*) logresolve: Allow size of log line buffer to be overridden at
build time (MAXLINE). PR 27793. [Jeff Trawick]
[Paul J. Reder]
*) mod_ssl: Send the Close Alert message to the peer before closing
- the SSL session. [Madhusudan Mathihalli, Joe Orton]
+ the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
*) SECURITY: CAN-2004-0113 (cve.mitre.org)
mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.