X-Git-Url: https://granicus.if.org/sourcecode?a=blobdiff_plain;f=STATUS;h=7e5ad15683152f3ebb6dcc6d12a219e5142ef691;hb=ce68ba8b331f855923c724553d6cf57f3c6b796d;hp=813f720ce82c8cb02b41c4da8d77b3c20a08e0e4;hpb=fa8dc749ee34685c7beb3d0aea1a45a50b98c600;p=apache diff --git a/STATUS b/STATUS index 813f720ce8..7e5ad15683 100644 --- a/STATUS +++ b/STATUS @@ -1,11 +1,11 @@ -APACHE 2.3 STATUS: -*-text-*- +APACHE 2.5 STATUS: -*-text-*- Last modified at [$Date$] The current version of this file can be found at: * http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS -Documentation status is maintained seperately and can be found at: +Documentation status is maintained separately and can be found at: * docs/STATUS in this source tree, or * http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/STATUS @@ -13,12 +13,12 @@ Documentation status is maintained seperately and can be found at: Consult the following STATUS files for information on related projects: * http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS - * http://svn.apache.org/repos/asf/apr/apr-util/trunk/STATUS Patches considered for backport are noted in their branches' STATUS: * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS + * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS @@ -26,21 +26,8 @@ Release history: [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] - 2.3.14 : In development. - 2.3.13 : Tagged on June 28, 2011. - 2.3.12 : Tagged on May 11, 2011. Released May 23, 2011. - 2.3.11 : Released as Beta on March 7, 2011. - 2.3.10 : Tagged on December 13, 2010. Released Dec 21, 2010. - 2.3.9 : Tagged on November 23, 2010, not released. - 2.3.8 : Tagged on August 24, 2010. - 2.3.7 : Tagged on August 19, 2010, not released. - 2.3.6 : Released on June 21, 2010. - 2.3.5 : Released on January 26, 2010. - 2.3.4 : Released on December 8, 2009. - 2.3.3 : Tagged on November 11, 2009, not released. - 2.3.2 : Tagged on March 23, 2009, not released. - 2.3.1 : Tagged on January 2, 2009, not released. - 2.3.0 : Tagged on December 6, 2008, not released. + 2.5.1 : In development + 2.5.0 : Tagged on November 8, 2017. Not released. Contributors looking for a mission: @@ -62,52 +49,118 @@ Contributors looking for a mission: CURRENT RELEASE NOTES: -GA PLAN: +RELEASE SHOWSTOPPERS: - Jim proposes another beta release the end of March, another in - April with a goal towards GA in May (at the latest). Jim volunteers - to RM these. -RELEASE SHOWSTOPPERS: +CURRENT VOTES: + + +THINGS THAT SHOULD BE CONSIDERED EARLY IN THE 2.6/3.0 DEVELOPMENT CYCLE: + + * Seriously ramp up/replace test framework and cases to have better + coverage of existing special cases and behaviours users rely on. + + * Add performance testing to the test framework. + + * Competely untangle core filesystem behavior where a filesystem htdocs/ + resource wasn't indicated by the request URI. + + * Refactor r->uri into a %escaped raw form presented by the client, and + a distinct decoded field used only for local filesystem access. + + * Change default prefix from /usr/local/apache2 to something corresponding + to the project name. Rename apachectl to httpdctl. - FOR GA: - - * Modules that are not ready for production use must be removed. - The same for modules without documentation. - Candidates: - - MPM simple - - mod_serf (which is optimal for async httpd anyways) - - * The mod_session* modules need to be checked that their hooks respect - the returning of int (HTTP status codes) and apr_status_t as appropriate, - and any anomolies fixed. - jim sez: from what I can see, mod_session* is no worse that other - modules that mix these 2 types... clean up is - forthcoming but should not be considered a blocker, imo - pgollucci: +1 jim - wrowe asks: what's the API change required? - wrowe asks; why are we shipping this if it requires apr_ssl + * Change merge order of to be most specific match last. This + is more consistent with and allows some optimizations for the + location merge code. + + * Detect Lua 5.2.0 during configure and add LUA_COMPAT_ALL to CPPFLAGS. + Maybe it even suffices to add LUA_COMPAT_MODULE and individually + care about the two remaining incompatible code lines (one with lua_strlen, + one with lua_objlen). + + * Event's timeout_mutex to enter keepalive state probably needs some + analysis/attention. + + * Better H2 integration? + - adding handling of slave connections to mpm, no extra H2 workers, + triggering "events" read/write/timer from main/slave + - add slave writes/done/abort to events that wake up master connection + - disentangle core filters to server one purpose only, so that H2 + versions can reuse them properly. - * mod_ssl's proxy support only allows one proxy client certificate per - frontend virtual host. Lift this restriction. - jim sez: Why a blocker?, pgollucci +1 jim - wrowe asks: what's the API change required? + * Remove mod_access_compat? + + * Ditch platforms/89/old prereqs or anything else? + + * Leverage libmill? Drop serf? + + * Better abstraction of slave connections and "requests". + - add abstraction for "response" as something that can be passed + through filters. To be serialized into the correct HTTP bytes on + the main connection. + - solve multi-threaded access to master connection props/module conf + (e.g. ssl vars) + + * make mod_ssl more "core"? + + * add high-level server configuration directives that can steer/influence + module defaults/warn/rejects related to security + + * Ditch HTTP/0.9? At least, make HttpProtocolOptions Require1.0 the default. + + * Restructure merge fn table/indexes to ignore modules with no directives, + and permit modules with dozens upon dozens of merge values to split these + into multiple functional config groups to avoid excessive merging. + Retitle from 'per-dir' to 'per-location' to better reflect the always-run + sections (location, ifexpr etc), while we phase out the file-oriented + bias from httpd. + + * New versioning or release cadence. + + * Ditch old APIs when we have the chance with 3.x. Consolidate current + functionality into APIs with stronger guarantees. (Specific examples TBD.) + + * Remove as many undesirable-but-kept-for-backwards-compatibility behaviors + as possible from current config directives. (Specific examples TBD.) + + * True event-loop/asynchronous support in the server core. - * Clarify/potentially change the meaning of MaxConnections for Event MPM - with respect to accepting new connections and keep alive requests for - the docs and example config. This shouldn't change after users and - vendors have set up their stock config for event. This will end up - as a per-process thing for efficiency. + * Modify configuration syntax to separate meta-directives from runtime + directives (e.g. If vs. IfVersion). Allow as much static analysis of the + configuration as possible without needing to start the server to figure out + what's going on. - * INCLUDE mod_fcgid with 2.4.0, esp to help php users etc to enjoy - a painless event mpm experience. + * Support JSON-like configuration files - * Decouple from apr_ldap to ease the transition to apr-2.0 + * Opaque data structures w/ getters/setters - FOR BETA: + * Generic interface to enable runtime changes (adjusting log level, modifying + balancer information, toggling flags on/off). Perhaps modules can register + callbacks for making these changes? + * REST-based administration for existing (balancer/etc) and new dynamic + runtime changes (see above) - OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.2 BUT OBVIOUSLY WEREN'T: + * Improve the look of generated pages (status, load-balancer...) with dynamic + update of the values. Generate HTML5 pages, instead of 3.2, Get rid of XHTML + in the generated pages. + + * Add performance monitoring of the server, of each module (?), in order to help + understanding what worth looking at in order to improve overall performance. + (https://cdn.wp.nginx.com/wp-content/uploads/2016/12/Amplify-Dashboards-page-base-for-filters.png) + + * Drop CGI-1.1-incompatible behaviors kept for compatibility reasons with + "broken" server implementations (PR 51517). (Note that many of them are + "broken" *because* of our behaviors.) + + * Add a "normalized" list of headers for a HTTP response, rather then relying + on r->headers_out and r->err_headers_out, since mod_headers' behavior is + not really user friendly in some scenarios (example in PR 62380). + + +OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.4 BUT OBVIOUSLY WEREN'T: * Handling of non-trailing / config by non-default handler is broken http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105451701628081&w=2 @@ -118,22 +171,13 @@ RELEASE SHOWSTOPPERS: * the edge connection filter cannot be removed http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105366252619530&w=2 - + http://mail-archives.apache.org/mod_mbox/httpd-dev/200501.mbox/%3C41E30B42.4060202@stason.org%3E jerenkrantz asks: Why should this block a release? - stas replies: because it requires a rewrite of the filters stack implementation (you have suggested that) and once 2.2 is released you can't do that anymore. - pgollucci: this affects mod_perl I'm pretty sure. -CURRENT VOTES: - - * Name the Server (version 2.4 or 3.0, depending on the final call) - Recent discussion indicates we should designate a (short name). - This is not yet a [Vote] - Your nominations please: - * Apache HTTP Server (httpd) - +1: sctemme (why mess with it?), pgollucci RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: @@ -142,9 +186,6 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: * Maybe remove Limit/LimitExcept or at least make it log warnings when mis-used. - * Sort out modules selections for most/all/reallyall. Maybe rename - all -> most, reallyall -> all, and remove the old 'most'. - * Patches submitted to the bug database: http://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&keywords=PatchAvailable @@ -169,6 +210,8 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: if these rise to showstopper status. wrowe suggests: it would be nice to see "MUST" v.s. "SHOULD" v.s. "MAY" out of this list, without reviewing them individually. + wrowe asks: what is lingering after 2.4.25 release? Offhand, only + URI conformance * pipes deadlock on all platforms with limited pipe buffers (e.g. both Linux and Win32, as opposed to only Win32 on 1.3). The right solution @@ -368,28 +411,10 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: TODO ISSUES REMAINING IN MOD_SSL: - * Do we need SSL_set_read_ahead()? - * SSLRequire directive (parsing of) leaks memory - * Diffie-Hellman-Parameters for temporary keys are hardcoded in - ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says: - "it is suggested that keys be changed daily or every 500 - transactions, and more often if possible." - * ssl_var_lookup could be rewritten to be MUCH faster - * CRL callback should be pluggable - - * session cache store should be pluggable - - * init functions should return status code rather than ssl_die() - - * ssl_engine_pphrase.c needs to be reworked so it is generic enough - to also decrypt proxy keys - - * output warning when allowing SSL v2.0 ? its so old - WISH LIST * mod_proxy: Ability to run SSL over proxy gateway connections, encrypting (or reencrypting) at the proxy. @@ -417,10 +442,6 @@ WISH LIST specify time at which local cached content is to be revalidated (ie, underlying file stat'ed to see if it has changed). - * mod_cache: CacheEnable/CacheDisable should accept regular expressions. - jerenkrantz says: Too slow. Get regexs away from speedy caches by - default. Introduce a new CacheEnableRegex if you want. - * mod_mem_cache/mod_cache_disk: Need to be able to query cache status (num of entries, cache object properties, etc.). mod_status could be extended to query optional hooks defined