-APACHE 2.3 STATUS: -*-text-*-
+APACHE 2.5 STATUS: -*-text-*-
Last modified at [$Date$]
The current version of this file can be found at:
* http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS
-Documentation status is maintained seperately and can be found at:
+Documentation status is maintained separately and can be found at:
* docs/STATUS in this source tree, or
* http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/STATUS
Consult the following STATUS files for information on related projects:
* http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS
- * http://svn.apache.org/repos/asf/apr/apr-util/trunk/STATUS
Patches considered for backport are noted in their branches' STATUS:
- * http://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x/STATUS
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS
* http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS
+ * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS
+
Release history:
[NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
while x.{even}.z versions are Stable/GA releases.]
- 2.3.7 : In development.
- 2.3.6 : Tagged June 11, 2010.
- 2.3.5 : Released on January 26, 2010.
- 2.3.4 : Released on December 8, 2009.
- 2.3.3 : Tagged on November 11, 2009, not released.
- 2.3.2 : Tagged on March 23, 2009, not released.
- 2.3.1 : Tagged on January 2, 2009, not released.
- 2.3.0 : Tagged on December 6, 2008, not released.
+ 2.5.1 : In development
+ 2.5.0 : Tagged on November 8, 2017. Not released.
Contributors looking for a mission:
* Open bugs in the bug database.
+ * See also the STATUS file in the docs/ directory, which lists documentation-specific TODO items.
+
CURRENT RELEASE NOTES:
RELEASE SHOWSTOPPERS:
- FOR GA:
- FOR BETA:
+CURRENT VOTES:
+
+
+THINGS THAT SHOULD BE CONSIDERED EARLY IN THE 2.6/3.0 DEVELOPMENT CYCLE:
+
+ * Seriously ramp up/replace test framework and cases to have better
+ coverage of existing special cases and behaviours users rely on.
+
+ * Add performance testing to the test framework.
+
+ * Competely untangle core filesystem behavior where a filesystem htdocs/
+ resource wasn't indicated by the request URI.
+
+ * Refactor r->uri into a %escaped raw form presented by the client, and
+ a distinct decoded field used only for local filesystem access.
+
+ * Change default prefix from /usr/local/apache2 to something corresponding
+ to the project name. Rename apachectl to httpdctl.
+
+ * Change merge order of <Location> to be most specific match last. This
+ is more consistent with <Directory> and allows some optimizations for the
+ location merge code.
+
+ * Detect Lua 5.2.0 during configure and add LUA_COMPAT_ALL to CPPFLAGS.
+ Maybe it even suffices to add LUA_COMPAT_MODULE and individually
+ care about the two remaining incompatible code lines (one with lua_strlen,
+ one with lua_objlen).
+
+ * Event's timeout_mutex to enter keepalive state probably needs some
+ analysis/attention.
+
+ * Better H2 integration?
+ - adding handling of slave connections to mpm, no extra H2 workers,
+ triggering "events" read/write/timer from main/slave
+ - add slave writes/done/abort to events that wake up master connection
+ - disentangle core filters to server one purpose only, so that H2
+ versions can reuse them properly.
+
+ * Remove mod_access_compat?
+
+ * Ditch platforms/89/old prereqs or anything else?
+
+ * Leverage libmill? Drop serf?
+
+ * Better abstraction of slave connections and "requests".
+ - add abstraction for "response" as something that can be passed
+ through filters. To be serialized into the correct HTTP bytes on
+ the main connection.
+ - solve multi-threaded access to master connection props/module conf
+ (e.g. ssl vars)
+
+ * make mod_ssl more "core"?
+
+ * add high-level server configuration directives that can steer/influence
+ module defaults/warn/rejects related to security
+
+ * Ditch HTTP/0.9? At least, make HttpProtocolOptions Require1.0 the default.
+
+ * Restructure merge fn table/indexes to ignore modules with no directives,
+ and permit modules with dozens upon dozens of merge values to split these
+ into multiple functional config groups to avoid excessive merging.
+ Retitle from 'per-dir' to 'per-location' to better reflect the always-run
+ sections (location, ifexpr etc), while we phase out the file-oriented
+ bias from httpd.
+
+ * New versioning or release cadence.
+
+ * Ditch old APIs when we have the chance with 3.x. Consolidate current
+ functionality into APIs with stronger guarantees. (Specific examples TBD.)
+
+ * Remove as many undesirable-but-kept-for-backwards-compatibility behaviors
+ as possible from current config directives. (Specific examples TBD.)
+
+ * True event-loop/asynchronous support in the server core.
- * Modules without documentation need to be moved to experimental or be
- removed.
+ * Modify configuration syntax to separate meta-directives from runtime
+ directives (e.g. If vs. IfVersion). Allow as much static analysis of the
+ configuration as possible without needing to start the server to figure out
+ what's going on.
- * There is no working equivalent to 'Satisfy any' to authorize by
- user _or_ IP address:
- http://mail-archives.apache.org/mod_mbox/httpd-dev/200912.mbox/<4B28E73C.4050209%40kippdata.de>
+ * Support JSON-like configuration files
- * Not all MPMs are updated to set conn_rec::current_thread correctly.
- (Prefork, Worker, Event, Simple are updated).
- jim sez: Then we just ship with those... mark any others as
- experimental
+ * Opaque data structures w/ getters/setters
- * Running the log_transaction hook from pool cleanup is fubar:
+ * Generic interface to enable runtime changes (adjusting log level, modifying
+ balancer information, toggling flags on/off). Perhaps modules can register
+ callbacks for making these changes?
- http://marc.info/?l=apache-httpd-dev&m=123910381908293&w=1
+ * REST-based administration for existing (balancer/etc) and new dynamic
+ runtime changes (see above)
- * MPM event (maybe others, too) closes open files only after the
- connection has been closed. This could be fixed in apr-util or httpd:
- http://mail-archives.apache.org/mod_mbox/httpd-dev/201005.mbox/<201005172311.39558.sf@sfritsch.de>
+ * Improve the look of generated pages (status, load-balancer...) with dynamic
+ update of the values. Generate HTML5 pages, instead of 3.2, Get rid of XHTML
+ in the generated pages.
- FOR NEXT ALPHA:
+ * Add performance monitoring of the server, of each module (?), in order to help
+ understanding what worth looking at in order to improve overall performance.
+ (https://cdn.wp.nginx.com/wp-content/uploads/2016/12/Amplify-Dashboards-page-base-for-filters.png)
+ * Drop CGI-1.1-incompatible behaviors kept for compatibility reasons with
+ "broken" server implementations (PR 51517). (Note that many of them are
+ "broken" *because* of our behaviors.)
- OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.2 BUT OBVIOUSLY WEREN'T:
+ * Add a "normalized" list of headers for a HTTP response, rather then relying
+ on r->headers_out and r->err_headers_out, since mod_headers' behavior is
+ not really user friendly in some scenarios (example in PR 62380).
+
+
+OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.4 BUT OBVIOUSLY WEREN'T:
* Handling of non-trailing / config by non-default handler is broken
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105451701628081&w=2
* the edge connection filter cannot be removed
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105366252619530&w=2
-
+ http://mail-archives.apache.org/mod_mbox/httpd-dev/200501.mbox/%3C41E30B42.4060202@stason.org%3E
jerenkrantz asks: Why should this block a release?
-
stas replies: because it requires a rewrite of the filters stack
implementation (you have suggested that) and once 2.2 is
released you can't do that anymore.
-
pgollucci: this affects mod_perl I'm pretty sure.
-CURRENT VOTES:
-
- * If the parent process dies, should the remaining child processes
- "gracefully" self-terminate. Or maybe we should make it a runtime
- option, or have a concept of 2 parent processes (one being a
- "hot spare").
- See: Message-ID: <3C58232C.FE91F19F@Golux.Com>
-
- Self-destruct: Ken, Martin, Lars, sctemme (parent shouldn't die, ever)
- Not self-destruct: BrianP, Ian, Cliff, BillS
- Make it runtime configurable: Aaron, jim, Justin, wrowe, rederpj, nd, pgollucci
-
- /* The below was a concept on *how* to handle the problem */
- Have 2 parents: +1: jim
- -1: Justin, wrowe, rederpj, nd, pgollucci
- +0: Lars, Martin (while standing by, could it do
- something useful?)
-
- * Make the worker MPM the default MPM for threaded Unix boxes.
- +1: Justin, Ian, Cliff, BillS, striker, wrowe, nd, pgollucci, sctemme
- +0: BrianP, Aaron (mutex contention is looking better with the
- latest code, let's continue tuning and testing), rederpj, jim
- -0: Lars
-
- pquerna: Do we want to change this for *2.4*?
- wrowe: Replies "yes"
-
- * Name the Server (version 2.4 or 3.0, depending on the final call)
- Recent discussion indicates we should designate a (short name).
- This is not yet a [Vote] - Your nominations please:
- * Apache HTTP Server (httpd)
- +1: sctemme (why mess with it?)
RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
+ * Clean up all the kruft and *extremely* outdated stuff below...
+
+ * Maybe remove Limit/LimitExcept or at least make it log warnings when
+ mis-used.
+
* Patches submitted to the bug database:
http://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&keywords=PatchAvailable
* RFC 2616 violations.
Closed PRs: 15852, 15857, 15859, 15861, 15864, 15869, 15870, 16120,
16125, 16135, 16136, 16137, 16138, 16139, 16140, 16518,
- 16520
- Open PRs: 15865, 15866, 15868, 16126, 16133, 16142, 16521
+ 16520, 49825
+ Open PRs: 15865, 15866, 15868, 16126, 16133, 16142, 16521, 42978
jerenkrantz says: need to decide how many we need to backport and/or
if these rise to showstopper status.
wrowe suggests: it would be nice to see "MUST" v.s. "SHOULD" v.s. "MAY"
out of this list, without reviewing them individually.
-
- * There is a bug in how we sort some hooks, at least the pre-config
- hook. The first time we call the hooks, they are in the correct
- order, but the second time, we don't sort them correctly. Currently,
- the modules/http/config.m4 file has been renamed to
- modules/http/config2.m4 to work around this problem, it should moved
- back when this is fixed.
-
- OtherBill offers that this is a SERIOUS problem. We do not sort
- correctly by the ordering arguments passed to the register hook
- functions. This was proven when I reordered the open_logs hook
- to attempt to open the error logs prior to the access logs. Possibly
- the entire sorting code needs to be refactored.
+ wrowe asks: what is lingering after 2.4.25 release? Offhand, only
+ URI conformance
* pipes deadlock on all platforms with limited pipe buffers (e.g. both
Linux and Win32, as opposed to only Win32 on 1.3). The right solution
TODO ISSUES REMAINING IN MOD_SSL:
- * Do we need SSL_set_read_ahead()?
-
- * the ssl_expr api is NOT THREAD SAFE. race conditions exist:
- -in ssl_expr_comp() if SSLRequire is used in .htaccess
- (ssl_expr_info is global)
- -is ssl_expr_eval() if there is an error
- (ssl_expr_error is global)
-
* SSLRequire directive (parsing of) leaks memory
- * Diffie-Hellman-Parameters for temporary keys are hardcoded in
- ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says:
- "it is suggested that keys be changed daily or every 500
- transactions, and more often if possible."
-
* ssl_var_lookup could be rewritten to be MUCH faster
- * CRL callback should be pluggable
-
- * session cache store should be pluggable
-
- * init functions should return status code rather than ssl_die()
-
- * ssl_engine_pphrase.c needs to be reworked so it is generic enough
- to also decrypt proxy keys
-
- * output warning when allowing SSL v2.0 ? its so old
-
WISH LIST
* mod_proxy: Ability to run SSL over proxy gateway connections,
encrypting (or reencrypting) at the proxy.
line server hooks (Ryan really hated this. It is great for
performance, but bad because of the complications listed above).
- mod_cache/mod_mem_cache/mod_disk_cache:
+ mod_cache/mod_mem_cache/mod_cache_disk:
* mod_mem_cache: Consider adding a RevalidateTimeout directive to
specify time at which local cached content is to be revalidated
(ie, underlying file stat'ed to see if it has changed).
- * mod_cache: CacheEnable/CacheDisable should accept regular expressions.
- jerenkrantz says: Too slow. Get regexs away from speedy caches by
- default. Introduce a new CacheEnableRegex if you want.
-
- * mod_mem_cache/mod_disk_cache: Need to be able to query cache
+ * mod_mem_cache/mod_cache_disk: Need to be able to query cache
status (num of entries, cache object properties, etc.).
mod_status could be extended to query optional hooks defined
by modules for the purpose of reporting module status.
HTTP or SNMP?
jerenkrantz says: Yawn. Who cares.
- * MaxRequestsPerChild measures connections, not requests.
- Until someone has a better way, we'll probably just rename it
- "MaxConnectionsPerChild".
-
* Regex containers don't work in an intutive way
Status: No one has come up with an efficient way to fix this
behavior. Dean has suggested getting rid of regex containers
projects / apache / blobdiff