-APACHE 2.3 STATUS: -*-text-*-
+APACHE 2.5 STATUS: -*-text-*-
Last modified at [$Date$]
The current version of this file can be found at:
* http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS
-Documentation status is maintained seperately and can be found at:
+Documentation status is maintained separately and can be found at:
* docs/STATUS in this source tree, or
* http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/STATUS
Consult the following STATUS files for information on related projects:
* http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS
- * http://svn.apache.org/repos/asf/apr/apr-util/trunk/STATUS
Patches considered for backport are noted in their branches' STATUS:
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS
+ * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS
[NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
while x.{even}.z versions are Stable/GA releases.]
- 2.3.14 : In development.
- 2.3.13 : Tagged on June 28, 2011.
- 2.3.12 : Tagged on May 11, 2011. Released May 23, 2011.
- 2.3.11 : Released as Beta on March 7, 2011.
- 2.3.10 : Tagged on December 13, 2010. Released Dec 21, 2010.
- 2.3.9 : Tagged on November 23, 2010, not released.
- 2.3.8 : Tagged on August 24, 2010.
- 2.3.7 : Tagged on August 19, 2010, not released.
- 2.3.6 : Released on June 21, 2010.
- 2.3.5 : Released on January 26, 2010.
- 2.3.4 : Released on December 8, 2009.
- 2.3.3 : Tagged on November 11, 2009, not released.
- 2.3.2 : Tagged on March 23, 2009, not released.
- 2.3.1 : Tagged on January 2, 2009, not released.
- 2.3.0 : Tagged on December 6, 2008, not released.
+ 2.5.1 : In development
+ 2.5.0 : Tagged on November 8, 2017. Not released.
Contributors looking for a mission:
CURRENT RELEASE NOTES:
-GA PLAN:
+RELEASE SHOWSTOPPERS:
- Jim proposes another beta release the end of March, another in
- April with a goal towards GA in May (at the latest). Jim volunteers
- to RM these.
-RELEASE SHOWSTOPPERS:
+CURRENT VOTES:
+
+
+THINGS THAT SHOULD BE CONSIDERED EARLY IN THE 2.6/3.0 DEVELOPMENT CYCLE:
+
+ * Seriously ramp up/replace test framework and cases to have better
+ coverage of existing special cases and behaviours users rely on.
+
+ * Add performance testing to the test framework.
+
+ * Competely untangle core filesystem behavior where a filesystem htdocs/
+ resource wasn't indicated by the request URI.
+
+ * Refactor r->uri into a %escaped raw form presented by the client, and
+ a distinct decoded field used only for local filesystem access.
+
+ * Change default prefix from /usr/local/apache2 to something corresponding
+ to the project name. Rename apachectl to httpdctl.
- FOR GA:
-
- * Modules that are not ready for production use must be removed.
- The same for modules without documentation.
- Candidates:
- - MPM simple
- - mod_serf (which is optimal for async httpd anyways)
-
- * The mod_session* modules need to be checked that their hooks respect
- the returning of int (HTTP status codes) and apr_status_t as appropriate,
- and any anomolies fixed.
- jim sez: from what I can see, mod_session* is no worse that other
- modules that mix these 2 types... clean up is
- forthcoming but should not be considered a blocker, imo
- pgollucci: +1 jim
- wrowe asks: what's the API change required?
- wrowe asks; why are we shipping this if it requires apr_ssl
+ * Change merge order of <Location> to be most specific match last. This
+ is more consistent with <Directory> and allows some optimizations for the
+ location merge code.
+
+ * Detect Lua 5.2.0 during configure and add LUA_COMPAT_ALL to CPPFLAGS.
+ Maybe it even suffices to add LUA_COMPAT_MODULE and individually
+ care about the two remaining incompatible code lines (one with lua_strlen,
+ one with lua_objlen).
+
+ * Event's timeout_mutex to enter keepalive state probably needs some
+ analysis/attention.
+
+ * Better H2 integration?
+ - adding handling of slave connections to mpm, no extra H2 workers,
+ triggering "events" read/write/timer from main/slave
+ - add slave writes/done/abort to events that wake up master connection
+ - disentangle core filters to server one purpose only, so that H2
+ versions can reuse them properly.
- * mod_ssl's proxy support only allows one proxy client certificate per
- frontend virtual host. Lift this restriction.
- jim sez: Why a blocker?, pgollucci +1 jim
- wrowe asks: what's the API change required?
+ * Remove mod_access_compat?
+
+ * Ditch platforms/89/old prereqs or anything else?
+
+ * Leverage libmill? Drop serf?
+
+ * Better abstraction of slave connections and "requests".
+ - add abstraction for "response" as something that can be passed
+ through filters. To be serialized into the correct HTTP bytes on
+ the main connection.
+ - solve multi-threaded access to master connection props/module conf
+ (e.g. ssl vars)
+
+ * make mod_ssl more "core"?
+
+ * add high-level server configuration directives that can steer/influence
+ module defaults/warn/rejects related to security
+
+ * Ditch HTTP/0.9? At least, make HttpProtocolOptions Require1.0 the default.
+
+ * Restructure merge fn table/indexes to ignore modules with no directives,
+ and permit modules with dozens upon dozens of merge values to split these
+ into multiple functional config groups to avoid excessive merging.
+ Retitle from 'per-dir' to 'per-location' to better reflect the always-run
+ sections (location, ifexpr etc), while we phase out the file-oriented
+ bias from httpd.
+
+ * New versioning or release cadence.
+
+ * Ditch old APIs when we have the chance with 3.x. Consolidate current
+ functionality into APIs with stronger guarantees. (Specific examples TBD.)
+
+ * Remove as many undesirable-but-kept-for-backwards-compatibility behaviors
+ as possible from current config directives. (Specific examples TBD.)
+
+ * True event-loop/asynchronous support in the server core.
- * Clarify/potentially change the meaning of MaxConnections for Event MPM
- with respect to accepting new connections and keep alive requests for
- the docs and example config. This shouldn't change after users and
- vendors have set up their stock config for event. This will end up
- as a per-process thing for efficiency.
+ * Modify configuration syntax to separate meta-directives from runtime
+ directives (e.g. If vs. IfVersion). Allow as much static analysis of the
+ configuration as possible without needing to start the server to figure out
+ what's going on.
- * INCLUDE mod_fcgid with 2.4.0, esp to help php users etc to enjoy
- a painless event mpm experience.
+ * Support JSON-like configuration files
- * Decouple from apr_ldap to ease the transition to apr-2.0
+ * Opaque data structures w/ getters/setters
- FOR BETA:
+ * Generic interface to enable runtime changes (adjusting log level, modifying
+ balancer information, toggling flags on/off). Perhaps modules can register
+ callbacks for making these changes?
+ * REST-based administration for existing (balancer/etc) and new dynamic
+ runtime changes (see above)
- OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.2 BUT OBVIOUSLY WEREN'T:
+ * Improve the look of generated pages (status, load-balancer...) with dynamic
+ update of the values. Generate HTML5 pages, instead of 3.2, Get rid of XHTML
+ in the generated pages.
+
+ * Add performance monitoring of the server, of each module (?), in order to help
+ understanding what worth looking at in order to improve overall performance.
+ (https://cdn.wp.nginx.com/wp-content/uploads/2016/12/Amplify-Dashboards-page-base-for-filters.png)
+
+ * Drop CGI-1.1-incompatible behaviors kept for compatibility reasons with
+ "broken" server implementations (PR 51517). (Note that many of them are
+ "broken" *because* of our behaviors.)
+
+ * Add a "normalized" list of headers for a HTTP response, rather then relying
+ on r->headers_out and r->err_headers_out, since mod_headers' behavior is
+ not really user friendly in some scenarios (example in PR 62380).
+
+
+OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.4 BUT OBVIOUSLY WEREN'T:
* Handling of non-trailing / config by non-default handler is broken
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105451701628081&w=2
* the edge connection filter cannot be removed
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105366252619530&w=2
-
+ http://mail-archives.apache.org/mod_mbox/httpd-dev/200501.mbox/%3C41E30B42.4060202@stason.org%3E
jerenkrantz asks: Why should this block a release?
-
stas replies: because it requires a rewrite of the filters stack
implementation (you have suggested that) and once 2.2 is
released you can't do that anymore.
-
pgollucci: this affects mod_perl I'm pretty sure.
-CURRENT VOTES:
-
- * Name the Server (version 2.4 or 3.0, depending on the final call)
- Recent discussion indicates we should designate a (short name).
- This is not yet a [Vote] - Your nominations please:
- * Apache HTTP Server (httpd)
- +1: sctemme (why mess with it?), pgollucci
RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
* Maybe remove Limit/LimitExcept or at least make it log warnings when
mis-used.
- * Sort out modules selections for most/all/reallyall. Maybe rename
- all -> most, reallyall -> all, and remove the old 'most'.
-
* Patches submitted to the bug database:
http://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&keywords=PatchAvailable
if these rise to showstopper status.
wrowe suggests: it would be nice to see "MUST" v.s. "SHOULD" v.s. "MAY"
out of this list, without reviewing them individually.
+ wrowe asks: what is lingering after 2.4.25 release? Offhand, only
+ URI conformance
* pipes deadlock on all platforms with limited pipe buffers (e.g. both
Linux and Win32, as opposed to only Win32 on 1.3). The right solution
TODO ISSUES REMAINING IN MOD_SSL:
- * Do we need SSL_set_read_ahead()?
-
* SSLRequire directive (parsing of) leaks memory
- * Diffie-Hellman-Parameters for temporary keys are hardcoded in
- ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says:
- "it is suggested that keys be changed daily or every 500
- transactions, and more often if possible."
-
* ssl_var_lookup could be rewritten to be MUCH faster
- * CRL callback should be pluggable
-
- * session cache store should be pluggable
-
- * init functions should return status code rather than ssl_die()
-
- * ssl_engine_pphrase.c needs to be reworked so it is generic enough
- to also decrypt proxy keys
-
- * output warning when allowing SSL v2.0 ? its so old
-
WISH LIST
* mod_proxy: Ability to run SSL over proxy gateway connections,
encrypting (or reencrypting) at the proxy.
specify time at which local cached content is to be revalidated
(ie, underlying file stat'ed to see if it has changed).
- * mod_cache: CacheEnable/CacheDisable should accept regular expressions.
- jerenkrantz says: Too slow. Get regexs away from speedy caches by
- default. Introduce a new CacheEnableRegex if you want.
-
* mod_mem_cache/mod_cache_disk: Need to be able to query cache
status (num of entries, cache object properties, etc.).
mod_status could be extended to query optional hooks defined