-APACHE 2.3 STATUS: -*-text-*-
+APACHE 2.5 STATUS: -*-text-*-
Last modified at [$Date$]
The current version of this file can be found at:
* http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS
-Documentation status is maintained seperately and can be found at:
+Documentation status is maintained separately and can be found at:
* docs/STATUS in this source tree, or
* http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/STATUS
Consult the following STATUS files for information on related projects:
* http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS
- * http://svn.apache.org/repos/asf/apr/apr-util/trunk/STATUS
Patches considered for backport are noted in their branches' STATUS:
- * http://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x/STATUS
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS
+ * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS
+
Release history:
[NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
while x.{even}.z versions are Stable/GA releases.]
- 2.3.9 : In Development.
- 2.3.8 : Tagged on August 24, 2010.
- 2.3.7 : Tagged on August 19, 2010, not released.
- 2.3.6 : Released on June 21, 2010.
- 2.3.5 : Released on January 26, 2010.
- 2.3.4 : Released on December 8, 2009.
- 2.3.3 : Tagged on November 11, 2009, not released.
- 2.3.2 : Tagged on March 23, 2009, not released.
- 2.3.1 : Tagged on January 2, 2009, not released.
- 2.3.0 : Tagged on December 6, 2008, not released.
+ 2.5.1 : In development
+ 2.5.0 : Tagged on November 8, 2017. Not released.
Contributors looking for a mission:
* Open bugs in the bug database.
+ * See also the STATUS file in the docs/ directory, which lists documentation-specific TODO items.
+
CURRENT RELEASE NOTES:
RELEASE SHOWSTOPPERS:
- FOR GA:
- * Modules that are not ready for production use should be marked as
- experimental. Candidates:
- - MPM simple
- - mod_serf
+CURRENT VOTES:
+
+
+THINGS THAT SHOULD BE CONSIDERED EARLY IN THE 2.6/3.0 DEVELOPMENT CYCLE:
+
+ * Seriously ramp up/replace test framework and cases to have better
+ coverage of existing special cases and behaviours users rely on.
+
+ * Add performance testing to the test framework.
+
+ * Competely untangle core filesystem behavior where a filesystem htdocs/
+ resource wasn't indicated by the request URI.
+
+ * Refactor r->uri into a %escaped raw form presented by the client, and
+ a distinct decoded field used only for local filesystem access.
+
+ * Change default prefix from /usr/local/apache2 to something corresponding
+ to the project name. Rename apachectl to httpdctl.
+
+ * Change merge order of <Location> to be most specific match last. This
+ is more consistent with <Directory> and allows some optimizations for the
+ location merge code.
+
+ * Detect Lua 5.2.0 during configure and add LUA_COMPAT_ALL to CPPFLAGS.
+ Maybe it even suffices to add LUA_COMPAT_MODULE and individually
+ care about the two remaining incompatible code lines (one with lua_strlen,
+ one with lua_objlen).
+
+ * Event's timeout_mutex to enter keepalive state probably needs some
+ analysis/attention.
+
+ * Better H2 integration?
+ - adding handling of slave connections to mpm, no extra H2 workers,
+ triggering "events" read/write/timer from main/slave
+ - add slave writes/done/abort to events that wake up master connection
+ - disentangle core filters to server one purpose only, so that H2
+ versions can reuse them properly.
+
+ * Remove mod_access_compat?
+
+ * Ditch platforms/89/old prereqs or anything else?
+
+ * Leverage libmill? Drop serf?
+
+ * Better abstraction of slave connections and "requests".
+ - add abstraction for "response" as something that can be passed
+ through filters. To be serialized into the correct HTTP bytes on
+ the main connection.
+ - solve multi-threaded access to master connection props/module conf
+ (e.g. ssl vars)
+
+ * make mod_ssl more "core"?
+
+ * add high-level server configuration directives that can steer/influence
+ module defaults/warn/rejects related to security
+
+ * Ditch HTTP/0.9? At least, make HttpProtocolOptions Require1.0 the default.
+
+ * Restructure merge fn table/indexes to ignore modules with no directives,
+ and permit modules with dozens upon dozens of merge values to split these
+ into multiple functional config groups to avoid excessive merging.
+ Retitle from 'per-dir' to 'per-location' to better reflect the always-run
+ sections (location, ifexpr etc), while we phase out the file-oriented
+ bias from httpd.
+
+ * New versioning or release cadence.
+
+ * Ditch old APIs when we have the chance with 3.x. Consolidate current
+ functionality into APIs with stronger guarantees. (Specific examples TBD.)
+
+ * Remove as many undesirable-but-kept-for-backwards-compatibility behaviors
+ as possible from current config directives. (Specific examples TBD.)
- * Review the example configuration. It should be based on current best
- practices and not use deprecated features.
+ * True event-loop/asynchronous support in the server core.
- FOR BETA:
+ * Modify configuration syntax to separate meta-directives from runtime
+ directives (e.g. If vs. IfVersion). Allow as much static analysis of the
+ configuration as possible without needing to start the server to figure out
+ what's going on.
- * Modules without documentation need to be moved to experimental or be
- removed.
+ * Support JSON-like configuration files
- * Not all MPMs are updated to set conn_rec::current_thread correctly.
- (Prefork, Worker, Event, Simple are updated).
- jim sez: Then we just ship with those... mark any others as
- experimental
+ * Opaque data structures w/ getters/setters
- FOR NEXT ALPHA:
+ * Generic interface to enable runtime changes (adjusting log level, modifying
+ balancer information, toggling flags on/off). Perhaps modules can register
+ callbacks for making these changes?
- * The mod_session* modules need to be checked that their hooks respect
- the returning of int (HTTP status codes) and apr_status_t as appropriate,
- and any anomolies fixed.
+ * REST-based administration for existing (balancer/etc) and new dynamic
+ runtime changes (see above)
+ * Improve the look of generated pages (status, load-balancer...) with dynamic
+ update of the values. Generate HTML5 pages, instead of 3.2, Get rid of XHTML
+ in the generated pages.
- OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.2 BUT OBVIOUSLY WEREN'T:
+ * Add performance monitoring of the server, of each module (?), in order to help
+ understanding what worth looking at in order to improve overall performance.
+ (https://cdn.wp.nginx.com/wp-content/uploads/2016/12/Amplify-Dashboards-page-base-for-filters.png)
+
+ * Drop CGI-1.1-incompatible behaviors kept for compatibility reasons with
+ "broken" server implementations (PR 51517). (Note that many of them are
+ "broken" *because* of our behaviors.)
+
+ * Add a "normalized" list of headers for a HTTP response, rather then relying
+ on r->headers_out and r->err_headers_out, since mod_headers' behavior is
+ not really user friendly in some scenarios (example in PR 62380).
+
+
+OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.4 BUT OBVIOUSLY WEREN'T:
* Handling of non-trailing / config by non-default handler is broken
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105451701628081&w=2
* the edge connection filter cannot be removed
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105366252619530&w=2
-
+ http://mail-archives.apache.org/mod_mbox/httpd-dev/200501.mbox/%3C41E30B42.4060202@stason.org%3E
jerenkrantz asks: Why should this block a release?
-
stas replies: because it requires a rewrite of the filters stack
implementation (you have suggested that) and once 2.2 is
released you can't do that anymore.
-
pgollucci: this affects mod_perl I'm pretty sure.
-CURRENT VOTES:
-
- * Name the Server (version 2.4 or 3.0, depending on the final call)
- Recent discussion indicates we should designate a (short name).
- This is not yet a [Vote] - Your nominations please:
- * Apache HTTP Server (httpd)
- +1: sctemme (why mess with it?)
RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
- * Add mod_allow_method or some other (usable) functionality to replace
- Limit/LimitExcept.
-
- * Sort out modules selections for most/all/reallyall. Maybe rename
- all -> most, reallyall -> all, and remove the old 'most'.
+ * Clean up all the kruft and *extremely* outdated stuff below...
- * Add mod_define.
+ * Maybe remove Limit/LimitExcept or at least make it log warnings when
+ mis-used.
* Patches submitted to the bug database:
http://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&keywords=PatchAvailable
* RFC 2616 violations.
Closed PRs: 15852, 15857, 15859, 15861, 15864, 15869, 15870, 16120,
16125, 16135, 16136, 16137, 16138, 16139, 16140, 16518,
- 16520
- Open PRs: 15865, 15866, 15868, 16126, 16133, 16142, 16521
+ 16520, 49825
+ Open PRs: 15865, 15866, 15868, 16126, 16133, 16142, 16521, 42978
jerenkrantz says: need to decide how many we need to backport and/or
if these rise to showstopper status.
wrowe suggests: it would be nice to see "MUST" v.s. "SHOULD" v.s. "MAY"
out of this list, without reviewing them individually.
-
- * There is a bug in how we sort some hooks, at least the pre-config
- hook. The first time we call the hooks, they are in the correct
- order, but the second time, we don't sort them correctly. Currently,
- the modules/http/config.m4 file has been renamed to
- modules/http/config2.m4 to work around this problem, it should moved
- back when this is fixed.
-
- OtherBill offers that this is a SERIOUS problem. We do not sort
- correctly by the ordering arguments passed to the register hook
- functions. This was proven when I reordered the open_logs hook
- to attempt to open the error logs prior to the access logs. Possibly
- the entire sorting code needs to be refactored.
+ wrowe asks: what is lingering after 2.4.25 release? Offhand, only
+ URI conformance
* pipes deadlock on all platforms with limited pipe buffers (e.g. both
Linux and Win32, as opposed to only Win32 on 1.3). The right solution
TODO ISSUES REMAINING IN MOD_SSL:
- * Do we need SSL_set_read_ahead()?
-
* SSLRequire directive (parsing of) leaks memory
- * Diffie-Hellman-Parameters for temporary keys are hardcoded in
- ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says:
- "it is suggested that keys be changed daily or every 500
- transactions, and more often if possible."
-
* ssl_var_lookup could be rewritten to be MUCH faster
- * CRL callback should be pluggable
-
- * session cache store should be pluggable
-
- * init functions should return status code rather than ssl_die()
-
- * ssl_engine_pphrase.c needs to be reworked so it is generic enough
- to also decrypt proxy keys
-
- * output warning when allowing SSL v2.0 ? its so old
-
WISH LIST
* mod_proxy: Ability to run SSL over proxy gateway connections,
encrypting (or reencrypting) at the proxy.
line server hooks (Ryan really hated this. It is great for
performance, but bad because of the complications listed above).
- mod_cache/mod_mem_cache/mod_disk_cache:
+ mod_cache/mod_mem_cache/mod_cache_disk:
* mod_mem_cache: Consider adding a RevalidateTimeout directive to
specify time at which local cached content is to be revalidated
(ie, underlying file stat'ed to see if it has changed).
- * mod_cache: CacheEnable/CacheDisable should accept regular expressions.
- jerenkrantz says: Too slow. Get regexs away from speedy caches by
- default. Introduce a new CacheEnableRegex if you want.
-
- * mod_mem_cache/mod_disk_cache: Need to be able to query cache
+ * mod_mem_cache/mod_cache_disk: Need to be able to query cache
status (num of entries, cache object properties, etc.).
mod_status could be extended to query optional hooks defined
by modules for the purpose of reporting module status.