X-Git-Url: https://granicus.if.org/sourcecode?a=blobdiff_plain;f=STATUS;h=631170e4b5f3dccda5ca2b7fdcf3f8129e4c690a;hb=4249623437dc61c8e093d819f4f205a766df0feb;hp=c6828ea7cd36353574c9a1134265609fffd2b91d;hpb=eb169b42e85e3994038c145794082260be4c11b0;p=apache diff --git a/STATUS b/STATUS index c6828ea7cd..631170e4b5 100644 --- a/STATUS +++ b/STATUS @@ -1,11 +1,11 @@ -APACHE 2.3 STATUS: -*-text-*- +APACHE 2.5 STATUS: -*-text-*- Last modified at [$Date$] The current version of this file can be found at: * http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS -Documentation status is maintained seperately and can be found at: +Documentation status is maintained separately and can be found at: * docs/STATUS in this source tree, or * http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/STATUS @@ -13,29 +13,20 @@ Documentation status is maintained seperately and can be found at: Consult the following STATUS files for information on related projects: * http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS - * http://svn.apache.org/repos/asf/apr/apr-util/trunk/STATUS Patches considered for backport are noted in their branches' STATUS: - * http://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x/STATUS * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS + * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS + Release history: [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] - 2.3.9 : Tagged on November 23, 2010. - 2.3.8 : Tagged on August 24, 2010. - 2.3.7 : Tagged on August 19, 2010, not released. - 2.3.6 : Released on June 21, 2010. - 2.3.5 : Released on January 26, 2010. - 2.3.4 : Released on December 8, 2009. - 2.3.3 : Tagged on November 11, 2009, not released. - 2.3.2 : Tagged on March 23, 2009, not released. - 2.3.1 : Tagged on January 2, 2009, not released. - 2.3.0 : Tagged on December 6, 2008, not released. + 2.5.0 : In Development. Contributors looking for a mission: @@ -59,37 +50,107 @@ CURRENT RELEASE NOTES: RELEASE SHOWSTOPPERS: - FOR GA: - * Modules that are not ready for production use should be marked as - experimental. Candidates: - - MPM simple - - mod_serf +CURRENT VOTES: + + +THINGS THAT SHOULD BE CONSIDERED EARLY IN THE 2.6/3.0 DEVELOPMENT CYCLE: + + * Seriously ramp up/replace test framework and cases to have better + coverage of existing special cases and behaviours users rely on. + + * Add performance testing to the test framework. + + * Competely untangle core filesystem behavior where a filesystem htdocs/ + resource wasn't indicated by the request URI. + + * Refactor r->uri into a %escaped raw form presented by the client, and + a distinct decoded field used only for local filesystem access. + + * Change default prefix from /usr/local/apache2 to something corresponding + to the project name. Rename apachectl to httpdctl. + + * Change merge order of to be most specific match last. This + is more consistent with and allows some optimizations for the + location merge code. + + * Detect Lua 5.2.0 during configure and add LUA_COMPAT_ALL to CPPFLAGS. + Maybe it even suffices to add LUA_COMPAT_MODULE and individually + care about the two remaining incompatible code lines (one with lua_strlen, + one with lua_objlen). + + * Event's timeout_mutex to enter keepalive state probably needs some + analysis/attention. + + * Better H2 integration? + - adding handling of slave connections to mpm, no extra H2 workers, + triggering "events" read/write/timer from main/slave + - add slave writes/done/abort to events that wake up master connection + - disentangle core filters to server one purpose only, so that H2 + versions can reuse them properly. + + * Remove mod_access_compat? + + * Ditch platforms/89/old prereqs or anything else? + + * Leverage libmill? Drop serf? + + * Better abstraction of slave connections and "requests". + - add abstraction for "response" as something that can be passed + through filters. To be serialized into the correct HTTP bytes on + the main connection. + - solve multi-threaded access to master connection props/module conf + (e.g. ssl vars) + + * make mod_ssl more "core"? + + * add high-level server configuration directives that can steer/influence + module defaults/warn/rejects related to security + + * Ditch HTTP/0.9? At least, make HttpProtocolOptions Require1.0 the default. + + * Restructure merge fn table/indexes to ignore modules with no directives, + and permit modules with dozens upon dozens of merge values to split these + into multiple functional config groups to avoid excessive merging. + Retitle from 'per-dir' to 'per-location' to better reflect the always-run + sections (location, ifexpr etc), while we phase out the file-oriented + bias from httpd. + + * New versioning or release cadence. + + * Ditch old APIs when we have the chance with 3.x. Consolidate current + functionality into APIs with stronger guarantees. (Specific examples TBD.) - * Review the example configuration. It should be based on current best - practices and not use deprecated features. + * Remove as many undesirable-but-kept-for-backwards-compatibility behaviors + as possible from current config directives. (Specific examples TBD.) - FOR BETA: + * True event-loop/asynchronous support in the server core. - * Modules without documentation need to be moved to experimental or be - removed. + * Modify configuration syntax to separate meta-directives from runtime + directives (e.g. If vs. IfVersion). Allow as much static analysis of the + configuration as possible without needing to start the server to figure out + what's going on. - * Not all MPMs are updated to set conn_rec::current_thread correctly. - (Prefork, Worker, Event, Simple are updated). - jim sez: Then we just ship with those... mark any others as - experimental + * Support JSON-like configuration files - FOR NEXT ALPHA: + * Opaque data structures w/ getters/setters - * The mod_session* modules need to be checked that their hooks respect - the returning of int (HTTP status codes) and apr_status_t as appropriate, - and any anomolies fixed. + * Generic interface to enable runtime changes (adjusting log level, modifying + balancer information, toggling flags on/off). Perhaps modules can register + callbacks for making these changes? - * mod_ssl's proxy support only allows one proxy client certificate per - frontend virtual host. Lift this restriction. + * REST-based administration for existing (balancer/etc) and new dynamic + runtime changes (see above) + * Improve the look of generated pages (status, load-balancer...) with dynamic + update of the values. Generate HTML5 pages, instead of 3.2, Get rid of XHTML + in the generated pages. - OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.2 BUT OBVIOUSLY WEREN'T: + * Add performance monitoring of the server, of each module (?), in order to help + understanding what worth looking at in order to improve overall performance. + (https://cdn.wp.nginx.com/wp-content/uploads/2016/12/Amplify-Dashboards-page-base-for-filters.png) + +OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.4 BUT OBVIOUSLY WEREN'T: * Handling of non-trailing / config by non-default handler is broken http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105451701628081&w=2 @@ -100,33 +161,21 @@ RELEASE SHOWSTOPPERS: * the edge connection filter cannot be removed http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105366252619530&w=2 - + http://mail-archives.apache.org/mod_mbox/httpd-dev/200501.mbox/%3C41E30B42.4060202@stason.org%3E jerenkrantz asks: Why should this block a release? - stas replies: because it requires a rewrite of the filters stack implementation (you have suggested that) and once 2.2 is released you can't do that anymore. - pgollucci: this affects mod_perl I'm pretty sure. -CURRENT VOTES: - - * Name the Server (version 2.4 or 3.0, depending on the final call) - Recent discussion indicates we should designate a (short name). - This is not yet a [Vote] - Your nominations please: - * Apache HTTP Server (httpd) - +1: sctemme (why mess with it?) RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: + * Clean up all the kruft and *extremely* outdated stuff below... + * Maybe remove Limit/LimitExcept or at least make it log warnings when mis-used. - * Sort out modules selections for most/all/reallyall. Maybe rename - all -> most, reallyall -> all, and remove the old 'most'. - - * Add mod_define. - * Patches submitted to the bug database: http://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&keywords=PatchAvailable @@ -145,12 +194,14 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: * RFC 2616 violations. Closed PRs: 15852, 15857, 15859, 15861, 15864, 15869, 15870, 16120, 16125, 16135, 16136, 16137, 16138, 16139, 16140, 16518, - 16520, 42978, 49825 - Open PRs: 15865, 15866, 15868, 16126, 16133, 16142, 16521 + 16520, 49825 + Open PRs: 15865, 15866, 15868, 16126, 16133, 16142, 16521, 42978 jerenkrantz says: need to decide how many we need to backport and/or if these rise to showstopper status. wrowe suggests: it would be nice to see "MUST" v.s. "SHOULD" v.s. "MAY" out of this list, without reviewing them individually. + wrowe asks: what is lingering after 2.4.25 release? Offhand, only + URI conformance * pipes deadlock on all platforms with limited pipe buffers (e.g. both Linux and Win32, as opposed to only Win32 on 1.3). The right solution @@ -350,28 +401,10 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: TODO ISSUES REMAINING IN MOD_SSL: - * Do we need SSL_set_read_ahead()? - * SSLRequire directive (parsing of) leaks memory - * Diffie-Hellman-Parameters for temporary keys are hardcoded in - ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says: - "it is suggested that keys be changed daily or every 500 - transactions, and more often if possible." - * ssl_var_lookup could be rewritten to be MUCH faster - * CRL callback should be pluggable - - * session cache store should be pluggable - - * init functions should return status code rather than ssl_die() - - * ssl_engine_pphrase.c needs to be reworked so it is generic enough - to also decrypt proxy keys - - * output warning when allowing SSL v2.0 ? its so old - WISH LIST * mod_proxy: Ability to run SSL over proxy gateway connections, encrypting (or reencrypting) at the proxy. @@ -393,17 +426,13 @@ WISH LIST line server hooks (Ryan really hated this. It is great for performance, but bad because of the complications listed above). - mod_cache/mod_mem_cache/mod_disk_cache: + mod_cache/mod_mem_cache/mod_cache_disk: * mod_mem_cache: Consider adding a RevalidateTimeout directive to specify time at which local cached content is to be revalidated (ie, underlying file stat'ed to see if it has changed). - * mod_cache: CacheEnable/CacheDisable should accept regular expressions. - jerenkrantz says: Too slow. Get regexs away from speedy caches by - default. Introduce a new CacheEnableRegex if you want. - - * mod_mem_cache/mod_disk_cache: Need to be able to query cache + * mod_mem_cache/mod_cache_disk: Need to be able to query cache status (num of entries, cache object properties, etc.). mod_status could be extended to query optional hooks defined by modules for the purpose of reporting module status.