X-Git-Url: https://granicus.if.org/sourcecode?a=blobdiff_plain;f=CHANGES;h=485f1dfc767703f4b8a8c0376988e53f9bf5400e;hb=f2c1f268b06a7a7985051ead4094044c90603c59;hp=df83e57f0c78411176262034f97765e0a2765ce0;hpb=43267df5fe169e3b1de8095955967a201bf6029d;p=apache diff --git a/CHANGES b/CHANGES index df83e57f0c..485f1dfc76 100644 --- a/CHANGES +++ b/CHANGES @@ -1,136 +1,90 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 - *) mod_proxy_http2: using single connection for several requests *if* - master connection uses HTTP/2 itself. Not yet hardened under load. - [Stefan Eissing] + *) core: Drop an invalid Last-Modified header value coming + from a FCGI/CGI script instead of replacing it with Unix epoch. + [Luca Toscano] - *) core: Added support for HTTP code 451. PR58985. - [Yehuda Katz , Jim Jagielski] + *) mod_dav: Allow other modules to become providers and add ACLs + to the DAV response. + [Jari Urpalainen , Graham Leggett] - *) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung] - - *) hostname: Test and log useragent_host per-request across various modules, - including the scoreboard, expression and rewrite engines, setenvif, - authz_host, access_compat, custom logging, ssl and REMOTE_HOST variables. - PR55348 [William Rowe] - - *) core: Track the useragent_host per-request when mod_remoteip or similar - modules track a per-request useragent_ip. Modules should be updated - to inquire for ap_get_useragent_host() in place of ap_get_remote_host(). - [William Rowe] - - *) mod_proxy: Play/restore the TLS-SNI on new backend connections which - had to be issued because the remote closed the previous/reusable one - during idle (keep-alive) time. [Yann Ylavic] - - *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy - urls. Uses, so far, one connection per request, reuses connections. - [Stefan Eissing] - - *) event: use pre_connection hook to properly initialize connection state for - slave connections. use protocol_switch hook to initialize server config - early based on SNI selected vhost. - [Stefan Eissing] - - *) mod_http2: allowing link header to specify multiple "rel" values, - space-separated inside a quoted string. Prohibiting push when Link parameter - "nopush" is present. - [Stefan Eissing] - - *) core: Prevent a server crash in case of an invalid CONNECT request with - a custom error page for status code 400 that uses server side includes. - PR 58929 [Ruediger Pluem] - - *) mod_ssl: Add SSLOCSPProxyURL to add the possibility to do all queries - to OCSP responders through a HTTP proxy. [Ruediger Pluem] - - *) mod_http2: idle connections are returned to async mpms. new hook - "pre_close_connection" used to send GOAWAY frame when not already done. - Setting event mpm server config "by hand" for the main connection to - the correct negotiated server. - [Stefan Eissing] - - *) core: new hook "pre_close_connection" which is run before the lingering - close of connections is started. This gives protocol handlers one last - chance to use a connection before it goes down. - [Stefan Eissing] + *) mod_dav: Add dav_begin_multistatus, dav_send_one_response, + dav_finish_multistatus, dav_send_multistatus, dav_handle_err, + dav_failed_proppatch, dav_success_proppatch to mod_dav.h. + [Jari Urpalainen , Graham Leggett] - *) mod_filter: Fix AddOutputFilterByType with non-content-level filters. - PR58856 [Micha Lenk ] + *) core: Add -DDUMP_INCLUDES configtest option to show the tree + of Included configuration files. [Jacob Champion ] - *) mod_cache: Consider Cache-Control: s-maxage in expiration - calculations. [Eric Covener] + *) mod_dav: Add support for childtags to dav_error. + [Jari Urpalainen ] - *) mod_cache: Allow caching of responses with an Expires header - in the past that also has Cache-Control: max-age or s-maxage. - PR55156. [Eric Covener] + *) abs: include OpenSSL_Applink when compiling on Visual Studio 2015 + and up. PR59630 [Jan Ehrhardt ] - *) ap_expr: expression support for variable HTTP2=on|off - [Stefan Eissing] + *) mod_proxy, mod_ssl: Handle SSLProxy* directives in sections, + allowing per backend TLS configuration. [Yann Ylavic] - *) mod_status/scoreboard: showing connection protocol in new column, new - ap_update_child_status methods for updating server/description. mod_ssl - sets vhost negotiated by servername directly. - [Stefan Eissing] + *) core: explicitly exclude 'h2' from protocols announced via an Upgrade: + header as commanded by http-wg. [Stefan Eissing] + + *) http: Respond with "408 Request Timeout" when a timeout occurs while + reading the request body. [Yann Ylavic] - *) mod_http2: keep-alive blocking reads are done with 1 second timeouts to - check for MPM stopping. Will announce early GOAWAY and finish processing - open streams, then close. - [Stefan Eissing] + *) scoreboard/status: Keep workers' previous Client, VHost and Request values + when idle, like in 2.4.18 and earlier. [Yann Ylavic] - *) mod_proxy_hcheck: Provide for dynamic background health - checks on reverse proxies associated with BalancerMember - workers. [Jim Jagielski] + *) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy + AJP13 authentication. PR 53098. [Dmitry A. Bakshaev ] - *) mod_ssl: handle TIMEOUT on empty SSL input as non-fatal, returning - APR_TIMEUP and preserving connection state for later retry. - [Stefan Eissing] + *) mpm_event: Don't take over scoreboard slots from gracefully finishing + threads. [Stefan Fritsch] - *) mod_http2: bytes read/written on slave connections are reported via the - optional mod_logio functions. Fixes PR 58871. + *) mod_status: Display the process slot number in the async connection + overview. [Stefan Fritsch] - *) Added many log numbers to log statements that had none. + *) mpm_event, mpm_worker: Fix computation of MinSpareThreads' lower bound + according the number of listeners buckets. [Yann Ylavic] - *) core: Add expression support to SetHandler. - [Eric Covener] + *) mpm: Generalise the ap_mpm_register_socket functions to accept pipes + or sockets. [Graham Leggett] + + *) core: Extend support for setting aside data from the network input filter + to any connection or request input filter. [Graham Leggett] + + *) mod_ssl: Add "no_crl_for_cert_ok" flag to SSLCARevocationCheck directive + to opt-in previous behaviour (2.2) with CRLs verification when checking + certificate(s) with no corresponding CRL. [Yann Ylavic] - *) mod_proxy_fcgi: Suppress HTTP error 503 and message 01075, - "Error dispatching request", when the cause appears to be - due to the client closing the connection. - PR58118. [Tobias Adolph ] + *) core: Split ap_create_request() from ap_read_request(). [Graham Leggett] - *) mod_cgid: Message 02550, failure to flush a response to the client, - is now logged at TRACE1 level to match the underlying core output filter - severity. [Eric Covener] + *) ab: Use caseless matching for HTTP tokens (e.g. content-length). PR 59111. + [Yann Ylavic] - *) mod_rewrite: Avoid looping on relative substitutions that - result in the same filename we started with. PR 58854. + *) mod_auth_digest: Fix compatibility with expression-based Authname. PR59039. [Eric Covener] - *) mime.types: add common extension "m4a" for MPEG 4 Audio. - PR 57895 [Dylan Millikin ] + *) mpm: Add a complete_connection hook that confirms whether an MPM is allowed + to leave the WRITE_COMPLETION phase. Move filter code out of the MPMs. + [Graham Leggett] - *) mod_ssl: Save some TLS record (application data) fragmentations by - including the last and subsequent suitable buckets when coalescing. - [Yann Ylavic] + *) core: Added support for HTTP code 451. PR58985. + [Yehuda Katz , Jim Jagielski] - *) mod_cache_socache: Fix a possible cached entity body corruption when it - is received from an origin server in multiple batches and forwarded by - mod_proxy. [Yann Ylavic] + *) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung] + + *) mod_filter: Fix AddOutputFilterByType with non-content-level filters. + PR58856 [Micha Lenk ] - *) mod_proxy_fdpass: Fix AH01153 error when using the default configuration. - In earlier version of httpd, you can explicitelly set the 'flusher' parameter - to 'flush' as a workaround. (i.e. flusher=flush) - Add documentation for the 'flusher' parameter when defining a proxy worker. - [Christophe Jaillet] + *) mod_cache: Consider Cache-Control: s-maxage in expiration + calculations. [Eric Covener] - *) mod_ssl: For the "SSLStaplingReturnResponderErrors off" case, make sure - to only staple responses with certificate status "good". [Kaspar Brand] + *) mod_cache: Allow caching of responses with an Expires header + in the past that also has Cache-Control: max-age or s-maxage. + PR55156. [Eric Covener] - *) core: Limit to ten the number of tolerated empty lines between request, - and consume them before the pipelining check to avoid possible response - delay when reading the next request without flushing. [Yann Ylavic] + *) Added many log numbers to log statements that had none. *) mod_session: Introduce SessionExpiryUpdateInterval which allows to configure the session/cookie expiry's update interval. PR 57300. @@ -142,14 +96,6 @@ Changes with Apache 2.5.0 *) mpm_event: Free memory earlier when shutting down processes. [Stefan Fritsch] - *) mod_ssl: Make the output filter more friendly with deferred write and - response pipelining. [Yann Ylavic, Joe Orton] - - *) core/util_script: relax alphanumeric filter of environment variable names - on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al. - unadulterated in 64 bit versions of Windows. PR 46751. - [John ] - *) mod_auth_digest: remove AuthDigestEnableQueryStringHack which is no more documented since dec 2012 (r1415960). [Christophe Jaillet] @@ -159,17 +105,6 @@ Changes with Apache 2.5.0 *) mod_dir: Responses that go through "FallbackResource" might appear to hang due to unterminated chunked encoding. PR58292. [Eric Covener] - *) mod_alias: Limit Redirect expressions to directory (Location) context - and redirect statuses (implicit or explicit). - [Yann Ylavic, Ruediger Pluem] - - *) mod_substitute: Fix configuraton merge order. - PR 57641 [] - - *) mod_ssl: When SSLVerify is disabled (NONE), don't force a renegotiation if - the SSLVerifyDepth applied with the default/handshaken vhost differs from - the one applicable with the finally selected vhost. [Yann Ylavic] - *) http: Don't remove the Content-Length of zero from a HEAD response if it comes from an origin server, module or script. [Yann Ylavic] @@ -217,9 +152,6 @@ Changes with Apache 2.5.0 *) mod_authnz_ldap: Resolve crashes with LDAP authz and non-LDAP authn since r1608202. [Eric Covener] - *) core: Ensure that httpd exits with an error status when the MPM fails - to run. [Yann Ylavic] - *) apreq: Content-Length header should be always interpreted as a decimal. Leading 0 could be erroneously considered as an octal value. PR 56598. [Chris Card ] @@ -240,10 +172,6 @@ Changes with Apache 2.5.0 *) mod_authnz_ldap: Return LDAP connections to the pool before the handler is run, instead of waiting until the end of the request. [Eric Covener] - *) mod_log_config: Add GlobalLog to allow a globally defined log to - be inherited by virtual hosts that define a CustomLog. - [Edward Lu ] - *) mod_proxy_html: support automatic detection of doctype and processing of FPIs. PR56285 [Micha Lenk , Nick Kew] @@ -277,13 +205,6 @@ Changes with Apache 2.5.0 *) Add module mod_ssl_ct, which provides an implementation of Certificate Transparency (RFC 6962) for httpd. [Jeff Trawick] - *) mod_remoteip: Prevent an external proxy from presenting an internal - proxy. PR 55962. [Mike Rumph] - - *) mod_ssl: Add hooks to allow other modules to perform processing at - several stages of initialization and connection handling. See - mod_ssl_openssl.h. [Jeff Trawick] - *) mod_proxy_wstunnel: Avoid sending error responses down an upgraded websockets connection as it is being close down. [Eric Covener]