X-Git-Url: https://granicus.if.org/sourcecode?a=blobdiff_plain;f=CHANGES;h=9011e7e5668ea7dc47e607b3cb25cae677ef7e0c;hb=7d5bef8273f482dee4d3b82c101f07db78c2f7bb;hp=d5132c2627ca493c4ff0812c458e077ea2df777d;hpb=b514669c7a6fac30d166fa392d7ab803fae2bca8;p=apache diff --git a/CHANGES b/CHANGES index d5132c2627..9011e7e566 100644 --- a/CHANGES +++ b/CHANGES @@ -2,24 +2,126 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] - *) mod_ldap: Set character set for status page to ISO-8859-1 to avoid - UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] + *) mod_session_cookie: Add a session implementation capable of storing + session information within cookies on the browser. Useful for high + volume sites where server bound sessions are too resource intensive. + [Graham Leggett] + + *) mod_session: Add a generic session interface to unify the different + attempts at saving persistent sessions across requests. + [Graham Leggett] + + *) core, authn/z: Avoid calling access control hooks for internal requests + with configurations which match those of initial request. Revert to + original behaviour (call access control hooks for internal requests + with URIs different from initial request) if any access control hooks or + providers are not registered as permitting this optimization. + Introduce wrappers for access control hook and provider registration + which can accept additional mode and flag data. [Chris Darroch] + + *) http_filters: Don't spin if get an error when reading the + next chunk. PR 44381 [Ruediger Pluem] + + *) mod_dav: Return "method not allowed" if the destination URI of a WebDAV + copy / move operation is no DAV resource. PR 44734 [Ruediger Pluem] + + *) Introduced ap_expr API for expression evaluation. + This is adapted from mod_include, which is the first module + to use the new API. + [Nick Kew] + + *) mod_authz_dbd: When redirecting after successful login/logout per + AuthzDBDRedirectQuery, do not report authorization failure, and use + first row returned by database query instead of last row. + [Chris Darroch] + + *) mod_rewrite: Initialize hash needed by ap_register_rewrite_mapfunc early + enough. PR 44641 [Daniel Lescohier ] + + *) mod_authn_dbd: Disambiguate and tidy database authentication + error messages. PR 43210. [Chris Darroch, Phil Endecott + ] + + *) mod_cache: Handle If-Range correctly if the cached resource was stale. + PR 44579 [Ruediger Pluem] + + *) mod_speling: remove regression from 1.3/2.0 behavior and + drop dependency between mod_speling and AcceptPathInfo. + PR 43562 [Jose Kahan ] + + *) mod_ldap: Correctly return all requested attribute values + when some attributes have a null value. + PR 44560 [Anders Kaseorg ] + + *) core: check symlink ownership if both FollowSymlinks and + SymlinksIfOwnerMatch are set [Nick Kew] + + *) core: fix origin checking in SymlinksIfOwnerMatch + PR 36783 [Robert L Mathews ] + + *) rotatelogs: Added '-f' option to force rotatelogs to create the + logfile as soon as started, and not wait until it reads the + first entry. [Jim Jagielski] + + *) mod_proxy: Do not try a direct connection if the connection via a + remote proxy failed before and the request has a request body. + [Ruediger Pluem] - *) mod_proxy_balancer: Set character set for balancer manager to ISO-8859-1 - to avoid UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] + *) mod_substitute: The default is now flattening the buckets after + each substitution. This was mostly done to abide by the + Principle Of Least Astonishment. The newly added 'q' flag allows for + the quicker, more efficient bucket-splitting if the user so + desires. [Jim Jagielski] - *) mod_proxy_ftp: Set character set for generated FTP directory listing to - ISO-8859-1 to avoid UTF-7 XSS vulnerabilities of certain browsers. - [Joe Orton] + *) Added 'disablereuse' option for ProxyPass which, essentially, + disables connection pooling for the backend servers. + [Jim Jagielski] - *) mod_info: Set character set for info page to ISO-8859-1 to avoid - UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] + *) Activate mod_cache, mod_file_cache and mod_disc_cache as part of the + 'most' set for '--enable-modules' and '--enable-shared-mods'. Include + mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik] - *) mod_dav: Set character set for error pages to ISO-8859-1 to avoid - UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] + *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these + contain public function declarations which are useful for + third party module authors. PR 42431 [Dirk-Willem van Gulik]. - *) mod_ssl: Added server name indication support (RFC 4366). - PR 34607. [Kaspar Brand ] + *) mod_dir, mod_negotiation: pass the output filter information + to newly created sub requests; as these are later on used + as true requests with an internal redirect. This allows for + mod_cache et.al. to trap the results of the redirect. + [Dirk-Willem van Gulik, Ruediger Pluem] + + *) ab: Use a 64 bit unsigned int instead of a signed long to count the + bytes transferred to avoid integer overflows. PR 44346 [Ruediger Pluem] + + *) mod_proxy_ajp: Do not retry request in the case that we either failed to + sent a part of the request body or if the request is not idempotent. + PR 44334 [Ruediger Pluem] + + *) ProxyPassReverse is now balancer aware. [Jim Jagielski] + + *) rotatelogs: Don't leak memory when reopening the logfile. + PR 40183 [Ruediger Pluem, Takashi Sato ] + + *) mod_ldap: Add support (taking advantage of the new APR capability) + for ldap rebind callback while chasing referrals. This allows direct + searches on LDAP servers (in particular MS Active Directory 2003+) + using referrals without the use of the global catalog. + PRs 26538, 40268, and 42557 [Paul J. Reder] + + *) ab: Do not try to read non existing response bodies of HEAD requests. + PR 34275 [Takashi Sato ] + + *) Support chroot on Unix-family platforms + PR 43596 [Dimitar Pashev ] + + *) mod_proxy_http: Return HTTP status codes instead of apr_status_t + values for errors encountered while forwarding the request body + PR 44165 [Eric Covener] + + *) mod_ssl: Added server name indication support (SNI, RFC 4366). + PR 34607. [Kaspar Brand ]. A test configuration + can be created with test/make_sni.sh [Dirk-Willem van Gulik]. *) ApacheMonitor.exe: Introduce --kill argument for use by the installer. This will permit the installation tool to remove @@ -61,10 +163,6 @@ Changes with Apache 2.3.0 *) mpm winnt: fix null pointer dereference PR 42572 [Davi Arnaut] - *) mod_deflate: Don't leave a strong ETag in place while transforming - the entity. - PR 39727 [Nick Kew] - *) core: reinstate location walk to fix config for subrequests PR 41960 [Jose Kahan ]