[NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
while x.{even}.z versions are Stable/GA releases.]
- 2.4.19 : In development.
- 2.4.18 : Tagged on December 8, 2015. Released on Decmber 14, 2015.
+ 2.4.19 : In development. Jim to T&R March 21, 2015.
+ 2.4.18 : Tagged on December 8, 2015. Released on December 14, 2015.
2.4.17 : Tagged on October 9, 2015. Released October 13, 2015.
2.4.16 : Tagged on July 9, 2015. Released July 15, 2015
2.4.15 : Tagged on June 19, 2015. Not released.
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
- *) mod_ssl: Free dhparams when getting DH params. This fixes issue when
- SSLCryptoDevice does not get unregistered because of non-zero refcount
- during the mod_ssl unload happening on httpd startup.
- trunk patch: http://svn.apache.org/r1720129
- 2.4.x patch: http://jkaluza.fedorapeople.org/httpd-2.4.x-dhparams-free.patch
- +1: jkaluza
- ylavic: +1 with r1723295 (likewise for ecparams).
- rpluem says: Can we get an updated 2.4.x proposal that includes r1723295?
-
- *) mod_ssl: Add SSLOCSPProxyURL to add the possibility to do all queries
- to OCSP responders through a HTTP proxy.
- Trunk version of patch:
- http://svn.apache.org/r1726881
- http://svn.apache.org/r1727111
- Backport version for 2.4.x of patch:
- Trunk version of patch works modulo CHANGES
- +1: rpluem, jim
-
*) mod_proxy_hcheck: Dynamic reverse proxy backend health check module
Trunk version of patch: <various>
Backport version for 2.4.x of patch:
- http://home.apache.org/~jim/patches/hcheck-2.4.patch
+ http://home.apache.org/~jim/patches/hcheck-2.4-v2.patch
<Plus docs>
+1: jim
- ylavic: Needs r1732957 for empty APLOGNO()s.
-
- *) core: Track the useragent_host per-request when mod_remoteip or similar
- modules track a per-request useragent_ip. Modules should be updated
- to inquire for ap_get_useragent_host() in place of ap_get_remote_host().
- Trunk version of patch:
- http://svn.apache.org/r1729929
- Trunk patch to core.c/http_core.h applies, modulo CHANGES & ap_mmn.h
- Note: httpd.h comment r.e. realiging bit fields must be omitted.
- +1: wrowe
-
- *) hostname: Test and log useragent_host per-request across various modules,
- including the scoreboard, expression and rewrite engines, setenvif,
- authz_host, access_compat, custom logging, ssl and REMOTE_HOST variables.
- PR55348 [William Rowe]
- Trunk version of patch:
- http://svn.apache.org/r1729930
- http://svn.apache.org/r1729931
- Trunk patch r1729930 applies, modulo CHANGES
- Backport patch to r1729931 is noted in the commit log message
- Requires r1729929 to be applied.
- +1: wrowe
-
- *) Use pre_connection hook in event.c to properly setup connection state
- of slave connections (eliminates hacks in mod_http2).
- Trunk patch:
- http://svn.apache.org/r1727603
- 2.4.x patch:
- Trunk version of patch works modulo CHANGES
- +1: icing
-
- *) Save a few bytes in conf pool when parsing some directives
- Trunk patch:
- http://svn.apache.org/r1732252
- http://svn.apache.org/r1732353
- http://svn.apache.org/r1732369
- 2.4.x patch:
- Trunk version of patch works
+ ylavic: Looks like the changes on struct proxy_worker_shared would break
+ startup with "BalancerPersist on" due to the strict checks on
+ the sizes of existing slotmems (slotmem_create/attach)?
+ jim: Yes, that is right (re: breakage)... this would be noted at
+ release.
+ ylavic: OK, this is just that persisted slotmems won't be reused on first
+ startup, not that the startup will fail (as I first thought).
+
+ *) core/util_script: relax alphanumeric filter of enviroment variable names
+ on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al.
+ unadulterated in 64 bit versions of Windows. PR 46751.
+ trunk patch: http://svn.apache.org/r1705217
+ 2.4.x patch: trunk patch works
+1: jailletc36
-
- *) proxy_util: Add missing APLOGNO()s from r1732266 (already backported
- to 2.4.x/19)
- trunk patch: http://svn.apache.org/r1732954
- 2.4.x patch: trunk works (modulo docs/log-message-tags)
- +1: ylavic
-
- *) core: Add missing APLOGNO() from r1729495 (somehow r1725395 was
- backported in r1729495 but without this "server/core.c" change)
- trunk patch: http://svn.apache.org/r1725395 (already backported)
- 2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-r1729495_missing_APLOGNO.patch
+ ylavic: As asked on dev@ (in reply to r1705217), what about CVE-2014-6271
+ (shellshock) with unix-like shells (or even maybe native windows
+ ones too)?
+
+ *) mod_ssl: Add "no_crl_for_cert_ok" flag to SSLCARevocationCheck directive
+ to opt-in previous behaviour (2.2) with CRLs verification when checking
+ certificate(s) with no corresponding CRL.
+ trunk patch: http://svn.apache.org/r1734561
+ http://svn.apache.org/r1734807
+ http://svn.apache.org/r1735159
+ http://svn.apache.org/r1735337
+ 2.4.x patch: trunk works (modulo CHANGES) or
+ http://home.apache.org/~ylavic/patches/httpd-2.4.x-no_crl_for_cert_ok.patch
+1: ylavic
-
+ *) mod_proxy_http2: add http2 proxy support in new, experimental module.
+ Includes backport of r1729208 to set ALPN protocols for ssl backend
+ connections.
+ Trunk version of patch: <various>
+ Backport version for 2.4.x of patch: https://www.eissing.org/proxy_http2_2.4v4.patch
+ +1: icing, ylavic
+ updated patch after review by cjaillet, merged 1735668,1735748 from trunk
+ updated patch with APLOGNOs by merging 1735931,1735935 from trunk
+ updated patch with APLOGNOs by merging 1735942 from trunk
+
+ *) CGIVar for controlling building of REQUEST_URI (and future uses)
+ As mentioned on dev@:
+ * This is intended to replace existing methods of configuring how various
+ CGI vars should be built over the long term, though only REQUEST_URI is
+ handled for now.
+ * If the mechanism should be usable by third-party modules for its own
+ concerns, a check for recognized-envvar can be removed from the command
+ processor and the rest of the code will let the third-party module do
+ the right thing since the rule for a var is a character string in a table,
+ not a separate core_dir_config flag with enumerated values.
+ Trunk patch: r1734947, 1735952
+ 2.4.x patch: https://emptyhammock.com/media/downloads/CGIVar-to-2.4.x.txt
+ +1: trawick, ylavic
+
+
PATCHES/ISSUES THAT ARE BEING WORKED
- * core: Fix crash in ap_mpm_pod_check call caused by NULL dereference of
- its parameter when starting httpd as single process (httpd -X).
- trunk patch: http://svn.apache.org/r1711479
- 2.4.x patch: trunk works
- +1: jkaluza, jim
- minfrin: Needs extra parens to suppress a warning:
- prefork.c:1319:16: note: place parentheses around the assignment
- to silence this warning
- jailletc36: This has been done in r1711919
- ylavic: Also, I don't think the changes on worker/event are needed,
- only prefork requires the accept mutex in ONE_PROCESS mode.
-
*) http: Don't remove the Content-Length of zero from a HEAD response if
it comes from an origin server, module or script. Allow the previous
behaviour (for legacy/buggy modules only, not origin) by also backporting
make it nonblocking (by default)?
jim: Non-blocking seems the best way to handle...
+
PATCHES/ISSUES THAT ARE STALLED
* core: Add ap_errorlog_provider to make ErrorLog logging modular. This
projects / apache / blobdiff