-APACHE 2.0 STATUS: -*-text-*-
-Last modified at [$Date: 2002/08/14 20:51:52 $]
-
-Release:
-
- 2.0.41 : in development.
- 2.0.40 : released August 9, 2002 as GA.
- 2.0.39 : released June 17, 2002 as GA.
- 2.0.38 : rolled June 16, 2002. not released.
- 2.0.37 : rolled June 11, 2002. not released.
- 2.0.36 : released May 6, 2002 as GA.
- 2.0.35 : released April 5, 2002 as GA.
- 2.0.34 : tagged March 26, 2002.
- 2.0.33 : tagged March 6, 2002. not released.
- 2.0.32 : released Feburary 16, 2002 as beta.
- 2.0.31 : rolled Feburary 1, 2002. not released.
- 2.0.30 : tagged January 8, 2002. not rolled.
- 2.0.29 : tagged November 27, 2001. not rolled.
- 2.0.28 : released November 13, 2001 as beta.
- 2.0.27 : rolled November 6, 2001
- 2.0.26 : tagged October 16, 2001. not rolled.
- 2.0.25 : rolled August 29, 2001
- 2.0.24 : rolled August 18, 2001
- 2.0.23 : rolled August 9, 2001
- 2.0.22 : rolled July 29, 2001
- 2.0.21 : rolled July 20, 2001
- 2.0.20 : rolled July 8, 2001
- 2.0.19 : rolled June 27, 2001
- 2.0.18 : rolled May 18, 2001
- 2.0.17 : rolled April 17, 2001
- 2.0.16 : rolled April 4, 2001
- 2.0.15 : rolled March 21, 2001
- 2.0.14 : rolled March 7, 2001
- 2.0a9 : released December 12, 2000
- 2.0a8 : released November 20, 2000
- 2.0a7 : released October 8, 2000
- 2.0a6 : released August 18, 2000
- 2.0a5 : released August 4, 2000
- 2.0a4 : released June 7, 2000
- 2.0a3 : released April 28, 2000
- 2.0a2 : released March 31, 2000
- 2.0a1 : released March 10, 2000
+APACHE 2.1 STATUS: -*-text-*-
+Last modified at [$Date$]
+
+Release [NOTE that only Alpha/Beta releases occur in 2.1 development]:
+
+ 2.1.3 : in development
+ 2.1.2 : Released on 12/08/2004 as alpha.
+ 2.1.1 : Released on 11/19/2004 as alpha.
+ 2.1.0 : not released.
Please consult the following STATUS files for information
on related projects:
* srclib/apr-util/STATUS
* docs/STATUS
+Contributors looking for a mission:
-CURRENT RELEASE NOTES:
+ * Just do an egrep on "TODO" or "XXX" in the source.
+ * Review the "PatchAvailable" bugs in the bug database.
+ Append a comment saying "Reviewed and tested".
+
+ * Open bugs in the bug database.
+
+CURRENT RELEASE NOTES:
RELEASE SHOWSTOPPERS:
+ * Handling of non-trailing / config by non-default handler is broken
+ http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105451701628081&w=2
+ jerenkrantz asks: Why should this block a release?
+
+ * the edge connection filter cannot be removed
+ http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105366252619530&w=2
+ jerenkrantz asks: Why should this block a release?
CURRENT VOTES:
a) httpd-std.conf should be tailored by install (from src or
binbuild) even if user has existing httpd.conf
- +1: trawick, slive, gregames, ianh, Ken
+ +1: trawick, slive, gregames, ianh, Ken, wrowe, jwoolley, jim, nd,
+ erikabele
+ wrowe - prefer httpd.default.conf to avoid ambiguity with cvs
b) tailored httpd-std.conf should be copied by install to
sysconfdir/examples
c) tailored httpd-std.conf should be installed to
sysconfdir/examples or manualdir/exampleconf/
- +1: slive, trawick, Ken
+ +1: slive, trawick, Ken, nd (prefer the latter), erikabele
d) Installing a set of default config files when upgrading a server
doesn't make ANY sense at all.
- +1: rbb, striker
- ianh - medium/big sites don't use 'standard config' anyway, as it
- usually needs major customizations
- -1: Ken
-
- * Should we always build [support*] binaries statically unless otherwise
- indicated?
- Message-ID: <20020129210006.B23512@Lithium.MeepZor.Com>
+ +1: ianh - medium/big sites don't use 'standard config' anyway, as it
+ usually needs major customizations
+ -1: Ken, wrowe, jwoolley, jim, nd, erikabele
+ wrowe - diff is wonderful when comparing old/new default configs,
+ even for customized sites that ianh mentions
+ jim - ... assuming that the default configs have been updated
+ with the required inline docs to explain the
+ changes
- +1: Ken, *wrowe [they are PITAs on OSX]
- -1: Justin, Ian
-
* If the parent process dies, should the remaining child processes
"gracefully" self-terminate. Or maybe we should make it a runtime
option, or have a concept of 2 parent processes (one being a
"hot spare").
See: Message-ID: <3C58232C.FE91F19F@Golux.Com>
- Self-destruct: Ken, Martin
+ Self-destruct: Ken, Martin, Lars
Not self-destruct: BrianP, Ian, Cliff, BillS
- Make it runtime configurable: Aaron, Jim, Justin
- Have 2 parents: +1: Jim
- -1: Justin, wrowe [for 2.0]
- +0: Martin (while standing by, could it do
- something useful?)
+ Make it runtime configurable: Aaron, jim, Justin, wrowe, rederpj, nd
+
+ /* The below was a concept on *how* to handle the problem */
+ Have 2 parents: +1: jim
+ -1: Justin, wrowe, rederpj, nd
+ +0: Lars, Martin (while standing by, could it do
+ something useful?)
* Make the worker MPM the default MPM for threaded Unix boxes.
- +1: Justin, Ian, Cliff, BillS, striker
+ +1: Justin, Ian, Cliff, BillS, striker, wrowe, nd
+0: BrianP, Aaron (mutex contention is looking better with the
- latest code, let's continue tuning and testing)
+ latest code, let's continue tuning and testing), rederpj, jim
-0: Lars
+ pquerna: Do we want to change this for 2.2?
+
RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
- * Performance problems in the content-length filter:
- - In many situations, the C-L filter sets aside buckets
- until it sees EOS. Setting aside file buckets is bad
- because it requires an mmap+memcpy+munmap.
- - In addition, the C-L filter reads and buffers all the
- content from a pipe bucket.
+ * Patches submitted to the bug database:
+ http://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2.0&keywords=PatchAvailable
+
+ * The Event MPM does not work on Solaris 10. Solaris 10 does support the
+ Threadsafe Pollsets required by the Event MPM, but it does not support
+ multiple threads calling accept() at the same time. The current
+ structure of the Event MPM makes adding accept() locking difficult.
+
+ * Filter stacks and subrequests, redirects and fast redirects.
+ There's at least one PR that suffers from the current unclean behaviour
+ (which lets the server send garbage): PR 17629
+ nd says: Every subrequest should get its own filter stack with the
+ subreq_core filter as bottom-most. That filter does two things:
+ - swallow EOS buckets
+ - redirect the data stream to the upper request's (rr->main)
+ filter chain directly after the subrequest's starting
+ point.
+ Once we have a clean solution, we can try to optimize
+ it, so that the server won't be slow down too much.
+
+ * RFC 2616 violations.
+ Closed PRs: 15857.
+ Open PRs: 15852, 15859, 15861, 15864, 15865, 15866, 15868, 15869,
+ 15870, 16120, 16125, 16126, 16133, 16135, 16136, 16137,
+ 16138, 16139, 16140, 16142, 16518, 16520, 16521,
+ jerenkrantz says: need to decide how many we need to backport and/or
+ if these rise to showstopper status.
+ wrowe suggests: it would be nice to see "MUST" v.s. "SHOULD" v.s. "MAY"
+ out of this list, without reviewing them individually.
+
+ * There is a bug in how we sort some hooks, at least the pre-config
+ hook. The first time we call the hooks, they are in the correct
+ order, but the second time, we don't sort them correctly. Currently,
+ the modules/http/config.m4 file has been renamed to
+ modules/http/config2.m4 to work around this problem, it should moved
+ back when this is fixed.
+
+ OtherBill offers that this is a SERIOUS problem. We do not sort
+ correctly by the ordering arguments passed to the register hook
+ functions. This was proven when I reordered the open_logs hook
+ to attempt to open the error logs prior to the access logs. Possibly
+ the entire sorting code needs to be refactored.
+
+ * pipes deadlock on all platforms with limited pipe buffers (e.g. both
+ Linux and Win32, as opposed to only Win32 on 1.3). The right solution
+ is either GStein's proposal for a "CGI Brigade", or OtherBill's proposal
+ for "Poll Buckets" for "Polling Filter Chains". Or maybe both :-)
* All handlers should always send content down even if r->header_only
is set. If not, it means that the HEAD requests don't generate the
same headers as a GET which is wrong.
- Is this a showstopper?
- +1: Justin, Ken
- -1: Aaron
-
- * server pushed CGI's not working. (Is this a showstopper??)
- PR: 8482
- Message-ID: <3CE15B85.2FF45121@apache.org>
-
- * HP/UX 10.20: compile breakage in APR. Looks like it should be easy
- to fix, probably just some extraneous #include's that are fouling
- things up.
- PR: 9457
- Jeff: See my reply and patch in the PR (and previous commit to
- stop using "pipe" as a field name). If patch is committed, we
- should be okay. I'll wait to see if the user tests the patch.
- Update by Jeff 20020722: I got an account on HP 10.20. It looks
- like some of the APR thread detection is screwed up. If we find
- pthread.h but we can't compile the pthread test program we still
- think we can use threads. For that reason, the patch I posted
- to the PR won't work as-is since a failed compile of the test
- program means nothing.
* exec cmd and suexec arg-passing enhancements
Status: Patches proposed
Message-ID: <20020526041748.A29148@prodigy.Redbrick.DCU.IE>
(see the "proc.patch" and "suexec-shell.patch" links in this message)
- * Get mod_cache/mod_mem_cache out of experimental (still some
- work items left to complete)
-
* The 2.0.36 worker MPM graceless shutdown changes work but are
a bit clunky on some platforms; eg, on Linux, the loop to
join each worker thread seems to hang, and the parent ends up
wrowe counters: no, it shouldn't happen unless the module is broken.
But the right answer is to fail the request up-front in dir/file
walk if the path was entirely invalid; and we can't do that either
- or we break modules that are unwilling to hook map_to_storage.
-
- * Rewrite core_output_filter. It is nearly impossible to support
- it with predictable results as it is implemented now.
+ UNTIL 2.1 or we break modules that haven't hooked map_to_storage.
* With AP_MODE_EXHAUSTIVE in the core, it is finally clear to me
how the Perchild MPM should be re-written. It hasn't worked
the same time. This mode lets us do that, so the MPM can be
fixed.
- * htpasswd blindly processes the file you give it, and does no
- sanity checking before totally corrupting whatever file it was
- you thought you had. It should check the input file and bail
- if it finds non-comment lines that do not contain exactly 1
- ':' character.
- Message-ID: <20020217150457.A31632@clove.org>
-
* Can a static httpd be built reliably?
Message-ID: <20020207142751.T31582@clove.org>
- * [Ken] Test suite failures:
- o worker is also failing some of the 'cgi' subtests
- (see <URL:http://Source-Zone.Org/Apache/regression/>):
- Justin says: "Worker should be fine and passes httpd-test here.
- If you can provide evidence that it can be reproduced
- outside of httpd-test, then it's a showstopper. I
- think it's a perl or a httpd-test problem."
- Not a showstopper: Justin
-
* Usage of APR_BRIGADE_NORMALIZE in core_input_filter should be
removed if possible.
Message-ID: <Pine.LNX.4.33.0201202232430.318-100000@deepthought.cs.virginia.edu>
Jeff wonders if we still care about this. It is no longer an
API issue but simply an extra trip through the brigade.
- * There is a bug in how we sort some hooks, at least the pre-config
- hook. The first time we call the hooks, they are in the correct
- order, but the second time, we don't sort them correctly. Currently,
- the modules/http/config.m4 file has been renamed to
- modules/http/config2.m4 to work around this problem, it should moved
- back when this is fixed. rbb
- Justin says: "Is this really a showstopper? This has been here
- forever. What's wrong? Does this have to do with
- autoconf or m4?"
- Not a showstopper: Justin, BrianP, trawick, gregames
-
- * The Add...Filter and Set...Filter directives do not allow the
- administrator to order filters, beyond the order of filename (mime)
- extensions. It isn't clear if Set...Filter(s) should be inserted
- before or after the Add...Filter(s) which are ordered by sequence of
- filename extensions. At minimum, some sort of +-[0-10] syntax seems
- like the quickest fix for a 2.0 gold release.
- Justin says: "Could we delay this for a point release or 2.1?"
- Not a showstopper: justin, wrowe, trawick, stoddard, Jim, Ian, Aaron,
- gregames
-
* Get perchild to work on platforms other than Linux. This
will require a portable mechanism to pass data and file/socket
descriptors between vhost child groups. An API was proposed
segments, it would be nice to allow this, or at least
allow it conditionally with a directive.
+ OtherBill adds that %2f as the SECOND character of a multibyte
+ sequence causes the request to fail! This happens notably in
+ the ja-jis encoding.
+
* FreeBSD, threads, and worker MPM. All seems to work fine
if you only have one worker process with many threads. Add
a second worker process and the accept lock seems to be
lost. This might be an APR issue with how it deals with
the child_init hook (i.e. the fcntl lock needs to be resynced).
More examination and analysis is required.
- Status: This has also been reported on Cygwin.
- Message-ID: <3C2CC514.8EF3BED1@wapme-systems.de> (cygnus)
-
- Justin says: So, FreeBSD-CURRENT and Cywin have the same
- problem. Yum. If another platform has this
- with worker, this becomes a showstopper.
- Aaron says: I spent some time disecting this and have come to
- the conclusion that it is not a problem in the worker MPM
- (or at least, it is not isolated to a problem in worker).
- I'll list some of the problems I'm seeing in case someone
- else wants to pick up where I've left off:
- - Delivery of just about any signal to one of the child
- processes will send it into an infinite loop as well.
- - Even though the parent is spinning out of control,
- at first the child or children will appear to work
- properly. At times it is possible to get it into a state,
- however, where a request will hang until another concurrent
- request "kicks" the first, at which point the second will
- hang. My theory is that this has to do with the
- pthread_cond_*() implementation in FreeBSD, but it's still
- possible that it is in APR.
-
- Justin adds: Oh, FreeBSD threads are implemented entirely with
- select()/poll()/longjmp(). Welcome to the nightmare.
- So, that means a ktrace output also has the thread
- scheduling internals in it (since it is all the same to
- the kernel). Which makes it hard to distinguish between
- our select() calls and their select() calls.
- *bangs head on wall repeatedly* But, some of the libc_r
- files have a DBG_MSG #define. This is moderately helpful
- when used with -DNO_DETACH. The kernel scheduler isn't
- waking up the threads on a select(). Yum. And, I bet
- those decrementing select calls have to do with the
- scheduler. Time to brush up on our OS fundamentals.
+ Status: Works with FreeBSD 5.3. Does not work in previous versions.
+ This has also been reported on Cygwin.
* There is increasing demand from module writers for an API
that will allow them to control the server à la apachectl.
Reasons include sole-function servers that need to die if
an external dependency (e.g., a database) fails, et cetera.
Perhaps something in the (ever more abused) scoreboard?
- rbb: I don't believe the scoreboard is the correct mechanism
- for this. We already have a pipe that goes between parent
+
+ On the other hand, we already have a pipe that goes between parent
and child for graceful shutdown events, along with an API that
can be used to send a message down that pipe. In threaded MPMs,
it is easy enough to make that one pipe be used for graceful
striker: See the thread starting with Message-ID:
JLEGKKNELMHCJPNMOKHOGEEJFBAA.striker@apache.org.
-
* Win32: Rotatelogs sometimes is not terminated when Apache
goes down hard. FirstBill was looking at possibly tracking the
child's-child processes in the parent process.
- OtherBill asks, wasn't this fixed?
- stoddard: Not fixed. Shared scoreboard might offer a good
- way for the parent to keep track of 'other child' processes
- and whack them if the child goes down.
+ stoddard: Shared scoreboard might offer a good way for the parent
+ to keep track of 'other child' processes and whack them if the child
+ goes down.
Other thoughts on walking the process chain using the NT kernel
have also been proposed on APR.
- * Win32: Add a simple hold console open patch (wait for close or
- the ESC key, with a nice message) if the server died a bad
- death (non-zero exit code) in console mode.
- Resolution: bring forward same ugly hacks from 1.3.13-.20
- This is not so simple. Any exit() from APR or other libraries
- can't be caught unless we add some sort of apr_exit(rv) with
- registered apr_atexit() fn's that have the return code as an
- argument to the registered fn.
-
* Eliminate unnecessary creation of pipes in mod_cgid
* Combine log_child and piped_log_spawn. Clean up http_log.c.
Common logging API.
- * Document mod_file_cache.
-
* Platforms that do not support fork (primarily Win32 and AS/400)
Architect start-up code that avoids initializing all the modules
in the parent process on platforms that do not support fork.
- * Win32: Migrate the MPM over to use APR thread/process calls. This
- would eliminate some code in the Win32 branch that essentially
- duplicates what is in APR.
-
* There are still a number of places in the code where we are
losing error status (i.e. throwing away the error returned by a
system call and replacing it with a generic error code)
something). Another approach would be a new hook phase after
"translate" which would allow the module to munge what the
translation has decided to do.
- Status: Greg +1 (volunteers), Ryan +1
+ Status: Greg +1 (volunteers)
* Explore use of a post-config hook for the code in http_main.c which
calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
actually works) and add in a splash of Win9x service code.
* Fix the worker MPM to use POD to kill child processes instead
- of ap_os_killpg, regardless of how they should die. (Ryan Bloom)
+ of ap_os_killpg, regardless of how they should die.
* Scoreboard structures could be changed in the future such that
proper alignment is not maintained, leading to segfaults on
Message-ID: <Pine.LNX.4.44.0203011354090.16457-200000@deepthought
.cs.virginia.edu>
+ * When sufficiently tested, the AllowEncodedSlashes/%2f patch
+ needs to be backported to 2.0 and 1.3.
+
+ * APXS either needs to be fixed completely for use when apr is out of tree,
+ or it should drop query mode altogether, and we just grow an
+ httpd-config or similar arrangement.
+ To quote a discussion in STATUS earlier:
+
+ thommay: this doesn't fix all the problems with apxs and out of
+ tree apr/apr-util, but it's a good start. There's still the
+ query cases; but I'm beginning to think that in these cases
+ the app should be querying ap{r,u}-config directly
+ gstein: agreed. apxs should deprecate the -q flag
+
TODO ISSUES REMAINING IN MOD_SSL:
* In order to use a DSO version of mod_ssl we have to link with
* the shmcb code should just align its memory segment rather than
jumping through all the "safe" memcpy and memset hoops
-
-EXPERIMENTAL MODULES:
-
- Experimental modules should eventually be be promoted to fully supported
- status or removed from the repository entirely (ie, the
- 'experiment' failed). This section tracks what needs to happen to
- get the modules promoted to fully supported status.
+WISH LIST
+ * mod_proxy: Ability to run SSL over proxy gateway connections,
+ encrypting (or reencrypting) at the proxy.
+
+ * mod_cache: Handle ESI tags.
+
+ * mod_cache: Resolve issue of how to cache page fragements (or perhaps
+ -if- we want to cache page fragements). Today, mod_cache/mod_mem_cache
+ will cache #include 'virtual' requests (but not #include 'file'
+ requests). This was accomplished by making CACHE_IN a
+ CONTENT_SET-1 filter to force it to run before the SUBREQ_CORE
+ filter. But now responses cannot be cached that include the
+ effects of having been run through CONTENT_SET filters
+ (mod_deflate, mod_expires, etc). We could rerun all the
+ CONTENT_SET filters on the cached response, but this will not
+ work in all cases. For example, mod_expires relies on installing
+ the EXPIRATION filter during fixups. Contents served out of
+ mod_cache (out of the quick_handler) bypass -all- the request
+ line server hooks (Ryan really hated this. It is great for
+ performance, but bad because of the complications listed above).
mod_cache/mod_mem_cache/mod_disk_cache:
- * mod_cache: handle cache_control: no_cache "field_name" to enable
- cacheing the response w/o header "field_name"
- See RFC2616 section 14.9.1
+ * mod_mem_cache: Consider adding a RevalidateTimeout directive to
+ specify time at which local cached content is to be revalidated
+ (ie, underlying file stat'ed to see if it has changed).
* mod_cache: CacheEnable/CacheDisable should accept regular expressions.
-
- * mod_cache: Fix dependency on ATOMIC operators. Need
- APR_HAS_ATOMIC_* feature macros.
-
- * mod_disk_cache: Implement garbage collection
+ jerenkrantz says: Too slow. Get regexs away from speedy caches by
+ default. Introduce a new CacheEnableRegex if you want.
* mod_mem_cache/mod_disk_cache: Need to be able to query cache
status (num of entries, cache object properties, etc.).
mod_cache (et. al.) could define optional hooks that are called
to collect status. Status should be queryable by
HTTP or SNMP?
+ jerenkrantz says: Yawn. Who cares.
- * mod_mem_cache: garbage collection. One strategy is to simply
- remove stale entries as we attempt to serve them. Another
- strategy is to kick off a GC thread that traverses the cache
- and preemptively remove stale entries. How to manage a
- cache that is full? Do LRU GC? Other? Bueller?
-
- * mod_mem_cache/mod_disk_cache: Complete implementing config
- directives.
-
- * Sample config for mod_cache/mod_mem_cache/mod_disk_cache for
- inclusion into httpd.conf.
-
- * mod_cache/mod_mem_cache/mod_disk_cache: Documentation.
-
-PRs that have been suspended forever waiting for someone to
-put them into 'the next release':
-
- * documentation and Q&A
-
- PR#2221: Make online documentation search link back to my installation
- Status:
-
- PR#2906: Propose that Apache recommend $UNIQUE_ID for all "session id"
- algorithms
- Status:
-
- PR#2793: When will Apache support P3P? Any Plans?
- Status:
-
- * build
-
- PR#2113: HTTP Server Rebuild Line Needs Changing for the better
- Status:
-
- PR#2421: problem specifying ndbm library for build ?with autoconfigure
- Status:
-
- * config
-
- PR#76: missing call to "setlocale();"
- Status:
-
- PR#628: Request of "Options SymLinksIfGroupMatch"
- Status:
-
- PR#793: RLimitCPU and RLimitMEM don't apply to all children like they should
- Status:
-
- PR#922: it is useful to allow specifiction that root-owned symlinks
- should always be followed
- Status:
-
- PR#1028: DoS attacks involving memory consumption
- Status:
-
- PR#1191: setlogin() is not called, causing problems with e.g. identd
- Status:
-
- PR#1204: regerror() exists, use it
- Status:
-
- PR#2284: Can not POST to ErrorDocument - Apache/1.3b6
- Status:
-
- PR#2396: Proposal for TimeZone directive
- Status:
-
- PR#2446: AllowOverride FileInfo is too coarse
- Status:
-
- PR#2760: [PATCH] User/Group for <Directory> and <Location> i.e. not only
- in global and <Virtual>.
- Status:
-
- PR#2907: suggestion: power up your Include directive :)
- Status:
-
- PR#3018: cannot limit some HTTP methods
- Status:
-
- PR#3677: New ErrorDocumentMatch directive
- Status:
-
- PR#4244: "Files" and "FilesMatch" regexp does not recognize bang as
- negation operator
- Status:
-
- PR#5993: AllowOverride should have a 'CheckNone' and 'AllowNone' argument
- instead of only 'None'
- Status:
-
- * mod_access
-
- PR#537: mod_access syntax allows hosts that should be restricted
- Status:
-
- PR#1287: add allow,deny/deny,allow warning to mod_access
- Status:
-
- PR#2512: <IfDenied> directive wanted
- Status:
-
- * mod_auth-any
-
- PR#557: ~UserHome directories are not honored in absolute pathname
- requests (.htaccess)
- Status:
-
- PR#1117: Using NIS passwd.byname dbm files with AuthDBMUserFile
- Status:
-
- PR#1809: Suggestion for improving authentication modules and core source
- code, problem with 401 and ErrorDocument
- Status:
-
- * mod_autoindex
-
- PR#1263: Add frame-safe anchor attribute to mod_autoindex links
- Status:
-
- * mod_cgi (and suexec)
-
- PR#921: suexec Uses cwd before filling it in, doesn't use syslog
- Status:
-
- PR#1176: Apache cannot handle continuation line in headers
- Status:
-
- PR#1120: suexec does not parse arguments to #exec cmd
- Status:
-
- PR#1268: CGI scripts running as Apache user: security (suexec etc.)
- Status:
-
- PR#1285: Error messages could be easier to spot in cgi.log file for suexec.c
- Status:
-
- PR#1905: suexec - Allow modules to set user:group for execution.
- Status:
-
- PR#2360: suexec for general access of user content?
- Status:
-
- PR#2460: TimeOut applies to output of CGI scripts
- Status:
-
- PR#2573: CGI's for general use still have to be run as another user
- with suExec
- Status:
-
- PR#4241: Need to be able to override shebang line to make CGI scripts
- more portable.
- Status:
-
- PR#4490: mod_cgi prevents handling of OPTIONS requests
- Status:
-
- * mod_env
-
- PR#370: Modified PATH environemnt variable is not passed, instead
- system's is used
- Status:
-
- * mod_headers
-
- PR#1383: I make mod_headers to modify request headers as well as
- response ones.
- Status:
-
- PR#1677: mod_headers should allow mod_log_config-style formats in
- header values
- Status:
-
- * mod_imap
-
- PR#759: imap should read <MAP><AREA>*</MAP> too!
- Status:
-
- * mod_include
-
- PR#78: Additional status for XBitHack directive
- Status:
-
- PR#623: A smarter "Last Modified" value for SSI documents (see PR number 600)
- Status:
-
- PR#1145: mod_include
- Allow for Last-Modified: without resorting to XBitHack
- Status:
-
- PR#1803: patches to mod_include to allow for file tests
- Status:
-
- PR#4459: Suggestion for better handling of Last-modified headers
- Status:
-
- * mod_info
-
- PR#2415: /server-info doesn't check for the virtual host to list the info
- Status:
-
- * mod_log-any
-
- PR#1050: Logging of virtual server to error_log as well
- Status:
-
- PR#1358: Selective url-encode of log fields (or maybe a pseudo
- log_rewrite module?)
- Status:
-
- PR#2073: pipelined connections are not logged correctly
- Status:
-
- PR#4448: Please allow CGI env variables (QUERY_STRING, ...) to be logged
- with %{}e
- Status:
-
- * mod_negotiation
-
- PR#3191: no way to set global quality-of-source (qs) coneg values
- with multiviews
- Status:
-
- * mod_proxy
-
- PR#362: Mod_proxy doesn't allow change of error pages
- Status:
-
- PR#440: Proxy doesn't deliver documents if not connected
- Status:
-
- PR#534: proxy converts ~name to %7Ename when name starts with a dot (.)
- Status:
-
- PR#612: Proxy FTP Authentication Fails
- Status:
-
- PR#700: Proxy doesn't do links right for OpenVMS files through ftp:
- Status:
-
- PR#980: Controlling Access to Remote Proxies would be nice...
- Status:
-
- PR#994: Adding authentication "on the fly" through the proxy module
- Status:
-
- PR#1085: ProxyRemote make a dead cycle.
- Status:
-
- PR#1166: ``nph-'' not honored (no buffering) for ProxyRemote mapping
- Status:
-
- PR#1290: Need to know "hit-rate" on proxy cache
- Status:
-
- PR#1532: Proxy transfer logging
- Status:
-
- PR#1547: No HTTP_X_FORWARDED_FOR set...
- Status:
-
- PR#1567: ProxyRemote proxy requests fail authentication by firewall
- Status:
-
- PR#1702: mod_proxy to support persistent conns?
- Status:
-
- PR#1878: listing of proxy cache content
- Status:
-
- PR#2314: patterns in ProxyRemote
- Status:
-
- PR#2648: Cache file names in Proxy module
- Status:
-
- PR#3568: Accessing URL through proxy server corrupts data.
- Status:
-
- PR#3605: Some anonymous FTP URLs ask for authentication
- Status:
-
- * mod_rewrite
-
- PR#1582: mod_rewrite forms REQUEST_URI different than mod_cgi does
- Status:
-
- PR#2074: mod_rewrite doesn't pass Proxy Throughput on internal subrequests
- Status:
-
- * mod_status
-
- PR#2138: mod_status always displays 256 possible connection slots
- Status:
-
- PR#2343: Status module averages are for entire uptime
- Status:
-
- * apache-api
-
- PR#1004: request_config field in request_rec is moderately bogus
- Status:
-
- PR#1158: improvements to child spawning API
- Status:
-
- PR#1233: there is no way to keep per-connection per-module state
- Status:
-
- PR#2024: adding auth_why to conn_rec
- Status:
-
- PR#2873: Feedback/Comment on APACI
- Status:
-
- PR#3143: No module specific data hook for per-connection data
- Status:
-
- * generally odds and ends
-
- PR#2431: A small addition to rotatelogs.c to improve program functionality.
- Status:
-
- PR#2763: mailto tags and bundling bug report script
- Status:
-
- PR#2785: os-aix Support for System Resource Controller
- Status:
-
- PR#2889: Inclusion of RPM spec file in CVS/distributions
- Status:
-
- PR#5713: os-windows [PATCH] install as win32 service with domain account
- Status: Cannot accept password-as-arg, we should prompt the
- user when -k install/-k config with a user argument.
+EXPERIMENTAL MODULES:
+ Experimental modules should eventually be be promoted to fully supported
+ status or removed from the repository entirely (ie, the
+ 'experiment' failed). This section tracks what needs to happen to
+ get the modules promoted to fully supported status.
Other bugs that need fixing:
- * ap_discard_request should be converted to use the bucket API
- directly rather than waste cycles copying buffers with the old API.
-
* MaxRequestsPerChild measures connections, not requests.
Until someone has a better way, we'll probably just rename it
"MaxConnectionsPerChild".
the <Container ~ foo> forms, and using only
<ContainerMatch foo> semantics.
- * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
- sigwaiting thread. We need to work around this, perhaps unless
- there is hope soon for a fixed glibc.
-
* orig_ct in the byterange/multipart handling may not be
needed. Apache 1.3 just never stashed "multipart" into
r->content_type. We should probably follow suit since the
Status: Greg volunteers to investigate (esp. since he was most
likely the one to break it :-)
-Binaries (2.0.40):
+Binaries (probably not till beta):
Platform Avail. Volunteer
------------------------------------------------------------------
AIX 4.3.3 no Bill Stoddard
- Mandrake 8.1 no Ryan Bloom
- FreeBSD 4.1 no Ryan Bloom
- hppa2.0w-hp-hpux11.00 yes Cliff Woolley
+ Mandrake 8.1 no open
+ FreeBSD 4.1 no open
+ hppa2.0w-hp-hpux11.00 no Cliff Woolley
i386-pc-solaris2.8 no Aaron Bannert
i386-unknown-freebsd4.5 no
- i386-unknown-freebsd4.6 yes Cliff Woolley
- i686-pc-linux-gnu-slackware81 yes Cliff Woolley
+ i386-unknown-freebsd4.6 no Cliff Woolley
+ i686-pc-linux-gnu-slackware81 no Cliff Woolley
i686-pc-linux-gnu-rh70 no Aaron Bannert
- i686-pc-linux-gnu-rh73 yes Cliff Woolley
+ i686-pc-linux-gnu-rh73 no Cliff Woolley
ia64-hp-hpux11.20 no
powerpc-apple-darwin5.5 no Aaron Bannert
powerpc-unknown-linux-gnu no Graham Leggett
- s390-ibm-linux yes Greg Ames
+ s390-ibm-linux no Greg Ames
sparc-sun-solaris2.8 no Jim Jagielski
NetWare no Brad Nicholes
OS/2 no Brian Havard
- OS/390 yes Greg Ames
+ OS/390 no Greg Ames
Win32-x86 no William Rowe
-
-Other features that need writing:
-
- * Finish infrastructure in core for async MPMs
- Status: post 2.0
-
- * TODO in source -- just do an egrep on "TODO" and see what's there
-
-Available Patches:
-
- * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
- htpasswd actions due to a full /tmp volume (other programs may have
- similar problems?)
- PR: 6475
- Status:
-
- * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
- performance
- Status: These were written for 1.3, and are awaiting a port to
- 2.0
-
- * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
- other small mod_usertrack features
-
- * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
- of SSI's to be modified in the config file. Patch is available in
- PR6193