-APACHE 2.3 STATUS: -*-text-*-
+APACHE 2.5 STATUS: -*-text-*-
Last modified at [$Date$]
The current version of this file can be found at:
* http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS
-Documentation status is maintained seperately and can be found at:
+Documentation status is maintained separately and can be found at:
* docs/STATUS in this source tree, or
* http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/STATUS
Consult the following STATUS files for information on related projects:
* http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS
- * http://svn.apache.org/repos/asf/apr/apr-util/trunk/STATUS
Patches considered for backport are noted in their branches' STATUS:
- * http://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x/STATUS
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS
+ * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS
+
Release history:
[NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
while x.{even}.z versions are Stable/GA releases.]
- 2.3.2 : in development
- 2.3.2 : Tagged on March 23, 2009.
- 2.3.1 : Tagged on January 2, 2009.
- 2.3.0 : Tagged on December 6, 2008, not released.
+-8s 2.5.0 : In Development.
Contributors looking for a mission:
* Open bugs in the bug database.
+ * See also the STATUS file in the docs/ directory, which lists documentation-specific TODO items.
+
CURRENT RELEASE NOTES:
RELEASE SHOWSTOPPERS:
- * Not all MPMs are updated to set conn_rec::current_thread correctly.
- (Prefork, Worker, Event, Simple are updated).
+
+CURRENT VOTES:
+
+
+THINGS THAT SHOULD BE CONSIDERED EARLY IN THE 2.6/3.0 DEVELOPMENT CYCLE:
+
+ * Seriously ramp up/replace test framework and cases to have better
+ coverage of existing special cases and behaviours users rely on.
+
+ * Add performance testing to the test framework.
+
+ * Competely untangle core filesystem behavior where a filesystem htdocs/
+ resource wasn't indicated by the request URI.
+
+ * Refactor r->uri into a %escaped raw form presented by the client, and
+ a distinct decoded field used only for local filesystem access.
+
+ * Change default prefix from /usr/local/apache2 to something corresponding
+ to the project name. Rename apachectl to httpdctl.
+
+ * Change merge order of <Location> to be most specific match last. This
+ is more consistent with <Directory> and allows some optimizations for the
+ location merge code.
+
+ * Detect Lua 5.2.0 during configure and add LUA_COMPAT_ALL to CPPFLAGS.
+ Maybe it even suffices to add LUA_COMPAT_MODULE and individually
+ care about the two remaining incompatible code lines (one with lua_strlen,
+ one with lua_objlen).
+
+ * Event's timeout_mutex to enter keepalive state probably needs some
+ analysis/attention.
+
+ * Better H2 integration?
+ - adding handling of slave connections to mpm, no extra H2 workers,
+ triggering "events" read/write/timer from main/slave
+ - add slave writes/done/abort to events that wake up master connection
+ - disentangle core filters to server one purpose only, so that H2
+ versions can reuse them properly.
+
+ * Remove mod_access_compat?
+
+ * Ditch platforms/89/old prereqs or anything else?
+
+ * Leverage libmill? Drop serf?
+
+ * Better abstraction of slave connections and "requests".
+ - add abstraction for "response" as something that can be passed
+ through filters. To be serialized into the correct HTTP bytes on
+ the main connection.
+ - solve multi-threaded access to master connection props/module conf
+ (e.g. ssl vars)
+
+ * make mod_ssl more "core"?
+
+ * add high-level server configuration directives that can steer/influence
+ module defaults/warn/rejects related to security
+
+ * Ditch HTTP/0.9? At least, make HttpProtocolOptions Require1.0 the default.
+
+ * Restructure merge fn table/indexes to ignore modules with no directives,
+ and permit modules with dozens upon dozens of merge values to split these
+ into multiple functional config groups to avoid excessive merging.
+ Retitle from 'per-dir' to 'per-location' to better reflect the always-run
+ sections (location, ifexpr etc), while we phase out the file-oriented
+ bias from httpd.
+
+ * New versioning or release cadence.
+
+ * Ditch old APIs when we have the chance with 3.x. Consolidate current
+ functionality into APIs with stronger guarantees. (Specific examples TBD.)
+
+ * Remove as many undesirable-but-kept-for-backwards-compatibility behaviors
+ as possible from current config directives. (Specific examples TBD.)
+
+ * True event-loop/asynchronous support in the server core.
+
+ * Modify configuration syntax to separate meta-directives from runtime
+ directives (e.g. If vs. IfVersion). Allow as much static analysis of the
+ configuration as possible without needing to start the server to figure out
+ what's going on.
+
+ * Support JSON-like configuration files
+
+ * Opaque data structures w/ getters/setters
+
+ * Generic interface to enable runtime changes (adjusting log level, modifying
+ balancer information, toggling flags on/off). Perhaps modules can register
+ callbacks for making these changes?
+
+ * REST-based administration for existing (balancer/etc) and new dynamic
+ runtime changes (see above)
+
+ * Improve the look of generated pages (status, load-balancer...) with dynamic
+ update of the values. Generate HTML5 pages, instead of 3.2, Get rid of XHTML
+ in the generated pages.
+
+ * Add performance monitoring of the server, of each module (?), in order to help
+ understanding what worth looking at in order to improve overall performance.
+ (https://cdn.wp.nginx.com/wp-content/uploads/2016/12/Amplify-Dashboards-page-base-for-filters.png)
+
+ * Drop CGI-1.1-incompatible behaviors kept for compatibility reasons with
+ "broken" server implementations (PR 51517). (Note that many of them are
+ "broken" *because* of our behaviors.)
+
+
+OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.4 BUT OBVIOUSLY WEREN'T:
* Handling of non-trailing / config by non-default handler is broken
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105451701628081&w=2
* the edge connection filter cannot be removed
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105366252619530&w=2
-
+ http://mail-archives.apache.org/mod_mbox/httpd-dev/200501.mbox/%3C41E30B42.4060202@stason.org%3E
jerenkrantz asks: Why should this block a release?
-
stas replies: because it requires a rewrite of the filters stack
implementation (you have suggested that) and once 2.2 is
released you can't do that anymore.
-
pgollucci: this affects mod_perl I'm pretty sure.
-CURRENT VOTES:
- * If the parent process dies, should the remaining child processes
- "gracefully" self-terminate. Or maybe we should make it a runtime
- option, or have a concept of 2 parent processes (one being a
- "hot spare").
- See: Message-ID: <3C58232C.FE91F19F@Golux.Com>
-
- Self-destruct: Ken, Martin, Lars
- Not self-destruct: BrianP, Ian, Cliff, BillS
- Make it runtime configurable: Aaron, jim, Justin, wrowe, rederpj, nd
-
- /* The below was a concept on *how* to handle the problem */
- Have 2 parents: +1: jim
- -1: Justin, wrowe, rederpj, nd, pgollucci
- +0: Lars, Martin (while standing by, could it do
- something useful?)
+RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
- * Make the worker MPM the default MPM for threaded Unix boxes.
- +1: Justin, Ian, Cliff, BillS, striker, wrowe, nd, pgollucci
- +0: BrianP, Aaron (mutex contention is looking better with the
- latest code, let's continue tuning and testing), rederpj, jim
- -0: Lars
+ * Clean up all the kruft and *extremely* outdated stuff below...
- pquerna: Do we want to change this for *2.4*?
- wrowe: Replies "yes"
-
-RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
+ * Maybe remove Limit/LimitExcept or at least make it log warnings when
+ mis-used.
* Patches submitted to the bug database:
http://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&keywords=PatchAvailable
it, so that the server won't be slow down too much.
* RFC 2616 violations.
- Closed PRs: 15857.
- Open PRs: 15852, 15859, 15861, 15864, 15865, 15866, 15868, 15869,
- 15870, 16120, 16125, 16126, 16133, 16135, 16136, 16137,
- 16138, 16139, 16140, 16142, 16518, 16520, 16521,
+ Closed PRs: 15852, 15857, 15859, 15861, 15864, 15869, 15870, 16120,
+ 16125, 16135, 16136, 16137, 16138, 16139, 16140, 16518,
+ 16520, 49825
+ Open PRs: 15865, 15866, 15868, 16126, 16133, 16142, 16521, 42978
jerenkrantz says: need to decide how many we need to backport and/or
if these rise to showstopper status.
wrowe suggests: it would be nice to see "MUST" v.s. "SHOULD" v.s. "MAY"
out of this list, without reviewing them individually.
-
- * There is a bug in how we sort some hooks, at least the pre-config
- hook. The first time we call the hooks, they are in the correct
- order, but the second time, we don't sort them correctly. Currently,
- the modules/http/config.m4 file has been renamed to
- modules/http/config2.m4 to work around this problem, it should moved
- back when this is fixed.
-
- OtherBill offers that this is a SERIOUS problem. We do not sort
- correctly by the ordering arguments passed to the register hook
- functions. This was proven when I reordered the open_logs hook
- to attempt to open the error logs prior to the access logs. Possibly
- the entire sorting code needs to be refactored.
+ wrowe asks: what is lingering after 2.4.25 release? Offhand, only
+ URI conformance
* pipes deadlock on all platforms with limited pipe buffers (e.g. both
Linux and Win32, as opposed to only Win32 on 1.3). The right solution
chrisd: Has this been fixed by the changes for PR 38737?
- * --enable-mods-shared="foo1 foo2" is busted on Darwin. Pier
- posted a patch (Message-ID: <B8DBBE8D.575A%pier@betaversion.org>).
-
* We do not properly substitute the prefix-variables in the configuration
scripts or generated-configs. (i.e. if sysconfdir is etc,
httpd-std.conf points to conf.)
walk if the path was entirely invalid; and we can't do that either
UNTIL 2.1 or we break modules that haven't hooked map_to_storage.
- * With AP_MODE_EXHAUSTIVE in the core, it is finally clear to me
- how the Perchild MPM should be re-written. It hasn't worked
- correctly since filters were added because it wasn't possible to
- get the content that had already been written and the socket at
- the same time. This mode lets us do that, so the MPM can be
- fixed.
-
* Can a static httpd be built reliably?
Message-ID: <20020207142751.T31582@clove.org>
Jeff wonders if we still care about this. It is no longer an
API issue but simply an extra trip through the brigade.
- * Get perchild to work on platforms other than Linux. This
- will require a portable mechanism to pass data and file/socket
- descriptors between vhost child groups. An API was proposed
- on dev@apr:
- Message-ID: <20020111115006.K1529@clove.org>
-
* Try to get libtool inter-library dependency code working on AIX.
Message-ID: <cm3n10lx555.fsf@rdu163-40-092.nc.rr.com>
the ja-jis encoding.
* There is increasing demand from module writers for an API
- that will allow them to control the server à la apachectl.
+ that will allow them to control the server à la apachectl.
Reasons include sole-function servers that need to die if
an external dependency (e.g., a database) fails, et cetera.
Perhaps something in the (ever more abused) scoreboard?
TODO ISSUES REMAINING IN MOD_SSL:
- * Do we need SSL_set_read_ahead()?
-
- * the ssl_expr api is NOT THREAD SAFE. race conditions exist:
- -in ssl_expr_comp() if SSLRequire is used in .htaccess
- (ssl_expr_info is global)
- -is ssl_expr_eval() if there is an error
- (ssl_expr_error is global)
-
* SSLRequire directive (parsing of) leaks memory
- * Diffie-Hellman-Parameters for temporary keys are hardcoded in
- ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says:
- "it is suggested that keys be changed daily or every 500
- transactions, and more often if possible."
-
* ssl_var_lookup could be rewritten to be MUCH faster
- * CRL callback should be pluggable
-
- * session cache store should be pluggable
-
- * init functions should return status code rather than ssl_die()
-
- * ssl_engine_pphrase.c needs to be reworked so it is generic enough
- to also decrypt proxy keys
-
- * output warning when allowing SSL v2.0 ? its so old
-
WISH LIST
* mod_proxy: Ability to run SSL over proxy gateway connections,
encrypting (or reencrypting) at the proxy.
* mod_cache: Handle ESI tags.
- * mod_cache: Resolve issue of how to cache page fragements (or perhaps
- -if- we want to cache page fragements). Today, mod_cache/mod_mem_cache
+ * mod_cache: Resolve issue of how to cache page fragments (or perhaps
+ -if- we want to cache page fragments). Today, mod_cache/mod_mem_cache
will cache #include 'virtual' requests (but not #include 'file'
requests). This was accomplished by making CACHE_IN a
CONTENT_SET-1 filter to force it to run before the SUBREQ_CORE
line server hooks (Ryan really hated this. It is great for
performance, but bad because of the complications listed above).
- mod_cache/mod_mem_cache/mod_disk_cache:
+ mod_cache/mod_mem_cache/mod_cache_disk:
* mod_mem_cache: Consider adding a RevalidateTimeout directive to
specify time at which local cached content is to be revalidated
(ie, underlying file stat'ed to see if it has changed).
- * mod_cache: CacheEnable/CacheDisable should accept regular expressions.
- jerenkrantz says: Too slow. Get regexs away from speedy caches by
- default. Introduce a new CacheEnableRegex if you want.
-
- * mod_mem_cache/mod_disk_cache: Need to be able to query cache
+ * mod_mem_cache/mod_cache_disk: Need to be able to query cache
status (num of entries, cache object properties, etc.).
mod_status could be extended to query optional hooks defined
by modules for the purpose of reporting module status.
HTTP or SNMP?
jerenkrantz says: Yawn. Who cares.
- * MaxRequestsPerChild measures connections, not requests.
- Until someone has a better way, we'll probably just rename it
- "MaxConnectionsPerChild".
-
* Regex containers don't work in an intutive way
Status: No one has come up with an efficient way to fix this
behavior. Dean has suggested getting rid of regex containers
'experiment' failed). This section tracks what needs to happen to
get the modules promoted to fully supported status.
+
projects / apache / blobdiff