X-Git-Url: https://granicus.if.org/sourcecode?a=blobdiff_plain;f=CHANGES;h=f1fe3cc8a005589bf069421657f9b227c40521b4;hb=5bdb7b75121bf7dc37bfc3f81c59e44013e1c4de;hp=9322beffb0f91f5282ded368f08ed5756f00bdb9;hpb=14b07d473ddff3093fb406cbecfeda91d9d6a1d7;p=apache diff --git a/CHANGES b/CHANGES index 9322beffb0..f1fe3cc8a0 100644 --- a/CHANGES +++ b/CHANGES @@ -1,10 +1,110 @@ -*- coding: utf-8 -*- +Changes with Apache 2.4.30 + + *) mpm_event: close connections not reported as handled by any module to + avoid losing track of them and leaking scoreboard entries. PR 61551. + [Yann Ylavic] + + *) core: A signal received while stopping could have crashed the main + process. PR 61558. [Yann Ylavic] + + *) mod_ssl: support for mod_md added. [Stefan Eissing] + + *) mod_proxy_html: process parsed comments immediately. + Fixes bug (seen in the wild when used with IBM's HTTPD bundle) + where parsed comments may be lost. [Nick Kew] + + *) mod_proxy_html: introduce doctype for HTML 5 [Nick Kew] + + *) mod_proxy_html: fix typo-bug processing "strict" vs "transitional" + HTML/XHTML. PR 56457 [Nick Kew] + + *) mpm_event: avoid a very unlikely race condition between the listener and + the workers when the latter fails to add a connection to the pollset. + [Yann Ylavic] + + *) core: silently ignore a not existent file path when IncludeOptional + is used. PR 57585. [Alberto Murillo Silva , Luca Toscano] + + *) mod_macro: fix usability of globally defined macros in .htaccess files. + PR 57525. [Jose Kahan , Yann Ylavic] + + *) mod_rewrite, core: add the Vary header when a condition evaluates to true + and the related RewriteRule is used in a Directory context + (triggering an internal redirect). [Luca Toscano] + + *) ab: Make the TLS layer aware that the underlying socket is nonblocking, + and use/handle POLLOUT where needed to avoid busy IOs and recover write + errors when appropriate. [Yann Ylavic] + + *) ab: Keep reading nonblocking to exhaust TCP or SSL buffers when previous + read was incomplete (the SSL case can cause the next poll() to timeout + since data are buffered already). PR 61301 [Luca Toscano, Yann Ylavic] + + *) mod_http2: avoid unnecessary data retrieval for a trace log. Allow certain + information retrievals on null bucket beams where it makes sense. [Stefan Eissing] + +Changes with Apache 2.4.29 + + *) mod_unique_id: Use output of the PRNG rather than IP address and + pid, avoiding sleep() call and possible DNS issues at startup, + plus improving randomness for IPv6-only hosts. [Jan Kaluza] + + *) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST + is used in a condition that evaluates to true. PR 58231 [Luca Toscano, Yann Ylavic] + + *) mod_http2: v0.10.12, removed optimization for mutex handling in bucket + beams that could lead to assertion failure in edge cases. + [Stefan Eissing] + + *) mod_proxy: Fix regression for non decimal loadfactor parameter introduced + in 2.4.28. [Jim Jagielski] + + *) mod_authz_dbd: fix a segmentation fault if AuthzDBDQuery is not set. + PR 61546. [Lubos Uhliarik ] + + *) mod_rewrite: Add support for starting External Rewriting Programs + as non-root user on UNIX systems by specifying username and group + name as third argument of RewriteMap directive. [Jan Kaluza] + + *) core: Rewrite the Content-Length filter to avoid excessive memory + consumption. Chunked responses will be generated in more cases + than in previous releases. PR 61222. [Joe Orton, Ruediger Pluem] + + *) mod_ssl: Fix SessionTicket callback return value, which does seem to + matter with OpenSSL 1.1. [Yann Ylavic] + Changes with Apache 2.4.28 - *) build: allow configuration without APR sources. [Jacob Champion] + *) SECURITY: CVE-2017-9798 (cve.mitre.org) + Corrupted or freed memory access. must now be used in the + main configuration file (httpd.conf) to register HTTP methods before the + .htaccess files. [Yann Ylavic] + + *) event: Avoid possible blocking in the listener thread when shutting down + connections. PR 60956. [Yann Ylavic] + + *) mod_speling: Don't embed referer data in a link in error page. + PR 38923 [Nick Kew] - *) core: Disallow Methods' registration at runtime (.htaccess), they may be - used only if registered at init time (httpd.conf). [Yann Ylavic] + *) htdigest: prevent a buffer overflow when a string exceeds the allowed max + length in a password file. + [Luca Toscano, Hanno Böck ] + + *) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25). + [Jim Jagielski] + + *) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically. + PR 61142. + + *) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified + down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond), + 's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski] + + *) mod_http2: Fix for stalling when more than 32KB are written to a + suspended stream. [Stefan Eissing] + + *) build: allow configuration without APR sources. [Jacob Champion] *) mod_ssl, ab: Fix compatibility with LibreSSL. PR 61184. [Bernard Spil , Michael Schlenker , @@ -356,6 +456,9 @@ Changes with Apache 2.4.24 (not released) *) mod_socache_memcache: Provide memcache stats to mod_status. [Jim Jagielski] + *) mod_file_cache: mod_file_cache should be able to serve files that + haven't had a Content-Type set via e.g. mod_mime. [Eric Covener] + *) http_filters: Fix potential looping in new check_headers() due to new pattern of ap_die() from http header filter. Explicitly clear the previous headers and body. @@ -386,7 +489,7 @@ Changes with Apache 2.4.24 (not released) *) core: New directive RegisterHttpMethod for registering non-standard HTTP methods. [Stefan Fritsch] - *) mod_socache_memcache: Pass expiration time through to memcached. + *) mod_socache_memcache: Pass expiration time through to memcached. PR 55445. [Faidon Liambotis , Joe Orton] *) mod_cache: Use the actual URI path and query-string for identifying the @@ -583,6 +686,9 @@ Changes with Apache 2.4.22 Changes with Apache 2.4.21 + *) core: Added support for HTTP code 451. PR 58985. + [Yehuda Katz , Jim Jagielski] + *) ab: Use caseless matching for HTTP tokens (e.g. content-length). PR 59111. [Yann Ylavic]