X-Git-Url: https://granicus.if.org/sourcecode?a=blobdiff_plain;f=STATUS;h=7e5ad15683152f3ebb6dcc6d12a219e5142ef691;hb=ce68ba8b331f855923c724553d6cf57f3c6b796d;hp=b1d1c7945ecc95dff9346cd6c31b696e41949e6f;hpb=e9f4bdae6a6dc2ecbfb530d40f8f0c64a722c858;p=apache diff --git a/STATUS b/STATUS index b1d1c7945e..7e5ad15683 100644 --- a/STATUS +++ b/STATUS @@ -1,11 +1,11 @@ -APACHE 2.3 STATUS: -*-text-*- +APACHE 2.5 STATUS: -*-text-*- Last modified at [$Date$] The current version of this file can be found at: * http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS -Documentation status is maintained seperately and can be found at: +Documentation status is maintained separately and can be found at: * docs/STATUS in this source tree, or * http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/STATUS @@ -13,27 +13,21 @@ Documentation status is maintained seperately and can be found at: Consult the following STATUS files for information on related projects: * http://svn.apache.org/repos/asf/apr/apr/trunk/STATUS - * http://svn.apache.org/repos/asf/apr/apr-util/trunk/STATUS Patches considered for backport are noted in their branches' STATUS: - * http://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x/STATUS * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/STATUS + * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/STATUS + Release history: [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] - 2.3.7 : In development. - 2.3.6 : Tagged June 11, 2010. - 2.3.5 : Released on January 26, 2010. - 2.3.4 : Released on December 8, 2009. - 2.3.3 : Tagged on November 11, 2009, not released. - 2.3.2 : Tagged on March 23, 2009, not released. - 2.3.1 : Tagged on January 2, 2009, not released. - 2.3.0 : Tagged on December 6, 2008, not released. + 2.5.1 : In development + 2.5.0 : Tagged on November 8, 2017. Not released. Contributors looking for a mission: @@ -49,40 +43,124 @@ Contributors looking for a mission: * Open bugs in the bug database. + * See also the STATUS file in the docs/ directory, which lists documentation-specific TODO items. + CURRENT RELEASE NOTES: RELEASE SHOWSTOPPERS: - FOR GA: - FOR BETA: +CURRENT VOTES: + + +THINGS THAT SHOULD BE CONSIDERED EARLY IN THE 2.6/3.0 DEVELOPMENT CYCLE: + + * Seriously ramp up/replace test framework and cases to have better + coverage of existing special cases and behaviours users rely on. + + * Add performance testing to the test framework. + + * Competely untangle core filesystem behavior where a filesystem htdocs/ + resource wasn't indicated by the request URI. + + * Refactor r->uri into a %escaped raw form presented by the client, and + a distinct decoded field used only for local filesystem access. + + * Change default prefix from /usr/local/apache2 to something corresponding + to the project name. Rename apachectl to httpdctl. + + * Change merge order of to be most specific match last. This + is more consistent with and allows some optimizations for the + location merge code. + + * Detect Lua 5.2.0 during configure and add LUA_COMPAT_ALL to CPPFLAGS. + Maybe it even suffices to add LUA_COMPAT_MODULE and individually + care about the two remaining incompatible code lines (one with lua_strlen, + one with lua_objlen). + + * Event's timeout_mutex to enter keepalive state probably needs some + analysis/attention. + + * Better H2 integration? + - adding handling of slave connections to mpm, no extra H2 workers, + triggering "events" read/write/timer from main/slave + - add slave writes/done/abort to events that wake up master connection + - disentangle core filters to server one purpose only, so that H2 + versions can reuse them properly. + + * Remove mod_access_compat? + + * Ditch platforms/89/old prereqs or anything else? + + * Leverage libmill? Drop serf? + + * Better abstraction of slave connections and "requests". + - add abstraction for "response" as something that can be passed + through filters. To be serialized into the correct HTTP bytes on + the main connection. + - solve multi-threaded access to master connection props/module conf + (e.g. ssl vars) + + * make mod_ssl more "core"? + + * add high-level server configuration directives that can steer/influence + module defaults/warn/rejects related to security + + * Ditch HTTP/0.9? At least, make HttpProtocolOptions Require1.0 the default. + + * Restructure merge fn table/indexes to ignore modules with no directives, + and permit modules with dozens upon dozens of merge values to split these + into multiple functional config groups to avoid excessive merging. + Retitle from 'per-dir' to 'per-location' to better reflect the always-run + sections (location, ifexpr etc), while we phase out the file-oriented + bias from httpd. + + * New versioning or release cadence. + + * Ditch old APIs when we have the chance with 3.x. Consolidate current + functionality into APIs with stronger guarantees. (Specific examples TBD.) + + * Remove as many undesirable-but-kept-for-backwards-compatibility behaviors + as possible from current config directives. (Specific examples TBD.) + + * True event-loop/asynchronous support in the server core. - * Modules without documentation need to be moved to experimental or be - removed. + * Modify configuration syntax to separate meta-directives from runtime + directives (e.g. If vs. IfVersion). Allow as much static analysis of the + configuration as possible without needing to start the server to figure out + what's going on. - * There is no working equivalent to 'Satisfy any' to authorize by - user _or_ IP address: - http://mail-archives.apache.org/mod_mbox/httpd-dev/200912.mbox/<4B28E73C.4050209%40kippdata.de> + * Support JSON-like configuration files - * Not all MPMs are updated to set conn_rec::current_thread correctly. - (Prefork, Worker, Event, Simple are updated). - jim sez: Then we just ship with those... mark any others as - experimental + * Opaque data structures w/ getters/setters - * Running the log_transaction hook from pool cleanup is fubar: + * Generic interface to enable runtime changes (adjusting log level, modifying + balancer information, toggling flags on/off). Perhaps modules can register + callbacks for making these changes? - http://marc.info/?l=apache-httpd-dev&m=123910381908293&w=1 + * REST-based administration for existing (balancer/etc) and new dynamic + runtime changes (see above) - * MPM event (maybe others, too) closes open files only after the - connection has been closed. This could be fixed in apr-util or httpd: - http://mail-archives.apache.org/mod_mbox/httpd-dev/201005.mbox/<201005172311.39558.sf@sfritsch.de> + * Improve the look of generated pages (status, load-balancer...) with dynamic + update of the values. Generate HTML5 pages, instead of 3.2, Get rid of XHTML + in the generated pages. - FOR NEXT ALPHA: + * Add performance monitoring of the server, of each module (?), in order to help + understanding what worth looking at in order to improve overall performance. + (https://cdn.wp.nginx.com/wp-content/uploads/2016/12/Amplify-Dashboards-page-base-for-filters.png) + * Drop CGI-1.1-incompatible behaviors kept for compatibility reasons with + "broken" server implementations (PR 51517). (Note that many of them are + "broken" *because* of our behaviors.) - OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.2 BUT OBVIOUSLY WEREN'T: + * Add a "normalized" list of headers for a HTTP response, rather then relying + on r->headers_out and r->err_headers_out, since mod_headers' behavior is + not really user friendly in some scenarios (example in PR 62380). + + +OLD ISSUES THAT WERE THOUGHT TO BE SHOWSTOPPERS FOR 2.4 BUT OBVIOUSLY WEREN'T: * Handling of non-trailing / config by non-default handler is broken http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105451701628081&w=2 @@ -93,50 +171,21 @@ RELEASE SHOWSTOPPERS: * the edge connection filter cannot be removed http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105366252619530&w=2 - + http://mail-archives.apache.org/mod_mbox/httpd-dev/200501.mbox/%3C41E30B42.4060202@stason.org%3E jerenkrantz asks: Why should this block a release? - stas replies: because it requires a rewrite of the filters stack implementation (you have suggested that) and once 2.2 is released you can't do that anymore. - pgollucci: this affects mod_perl I'm pretty sure. -CURRENT VOTES: - - * If the parent process dies, should the remaining child processes - "gracefully" self-terminate. Or maybe we should make it a runtime - option, or have a concept of 2 parent processes (one being a - "hot spare"). - See: Message-ID: <3C58232C.FE91F19F@Golux.Com> - - Self-destruct: Ken, Martin, Lars, sctemme (parent shouldn't die, ever) - Not self-destruct: BrianP, Ian, Cliff, BillS - Make it runtime configurable: Aaron, jim, Justin, wrowe, rederpj, nd, pgollucci - - /* The below was a concept on *how* to handle the problem */ - Have 2 parents: +1: jim - -1: Justin, wrowe, rederpj, nd, pgollucci - +0: Lars, Martin (while standing by, could it do - something useful?) - - * Make the worker MPM the default MPM for threaded Unix boxes. - +1: Justin, Ian, Cliff, BillS, striker, wrowe, nd, pgollucci, sctemme - +0: BrianP, Aaron (mutex contention is looking better with the - latest code, let's continue tuning and testing), rederpj, jim - -0: Lars - - pquerna: Do we want to change this for *2.4*? - wrowe: Replies "yes" - - * Name the Server (version 2.4 or 3.0, depending on the final call) - Recent discussion indicates we should designate a (short name). - This is not yet a [Vote] - Your nominations please: - * Apache HTTP Server (httpd) - +1: sctemme (why mess with it?) RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: + * Clean up all the kruft and *extremely* outdated stuff below... + + * Maybe remove Limit/LimitExcept or at least make it log warnings when + mis-used. + * Patches submitted to the bug database: http://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2&keywords=PatchAvailable @@ -155,25 +204,14 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: * RFC 2616 violations. Closed PRs: 15852, 15857, 15859, 15861, 15864, 15869, 15870, 16120, 16125, 16135, 16136, 16137, 16138, 16139, 16140, 16518, - 16520 - Open PRs: 15865, 15866, 15868, 16126, 16133, 16142, 16521 + 16520, 49825 + Open PRs: 15865, 15866, 15868, 16126, 16133, 16142, 16521, 42978 jerenkrantz says: need to decide how many we need to backport and/or if these rise to showstopper status. wrowe suggests: it would be nice to see "MUST" v.s. "SHOULD" v.s. "MAY" out of this list, without reviewing them individually. - - * There is a bug in how we sort some hooks, at least the pre-config - hook. The first time we call the hooks, they are in the correct - order, but the second time, we don't sort them correctly. Currently, - the modules/http/config.m4 file has been renamed to - modules/http/config2.m4 to work around this problem, it should moved - back when this is fixed. - - OtherBill offers that this is a SERIOUS problem. We do not sort - correctly by the ordering arguments passed to the register hook - functions. This was proven when I reordered the open_logs hook - to attempt to open the error logs prior to the access logs. Possibly - the entire sorting code needs to be refactored. + wrowe asks: what is lingering after 2.4.25 release? Offhand, only + URI conformance * pipes deadlock on all platforms with limited pipe buffers (e.g. both Linux and Win32, as opposed to only Win32 on 1.3). The right solution @@ -373,34 +411,10 @@ RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: TODO ISSUES REMAINING IN MOD_SSL: - * Do we need SSL_set_read_ahead()? - - * the ssl_expr api is NOT THREAD SAFE. race conditions exist: - -in ssl_expr_comp() if SSLRequire is used in .htaccess - (ssl_expr_info is global) - -is ssl_expr_eval() if there is an error - (ssl_expr_error is global) - * SSLRequire directive (parsing of) leaks memory - * Diffie-Hellman-Parameters for temporary keys are hardcoded in - ssl_engine_dh.c, while the comment in ssl_engine_kernel.c says: - "it is suggested that keys be changed daily or every 500 - transactions, and more often if possible." - * ssl_var_lookup could be rewritten to be MUCH faster - * CRL callback should be pluggable - - * session cache store should be pluggable - - * init functions should return status code rather than ssl_die() - - * ssl_engine_pphrase.c needs to be reworked so it is generic enough - to also decrypt proxy keys - - * output warning when allowing SSL v2.0 ? its so old - WISH LIST * mod_proxy: Ability to run SSL over proxy gateway connections, encrypting (or reencrypting) at the proxy. @@ -422,17 +436,13 @@ WISH LIST line server hooks (Ryan really hated this. It is great for performance, but bad because of the complications listed above). - mod_cache/mod_mem_cache/mod_disk_cache: + mod_cache/mod_mem_cache/mod_cache_disk: * mod_mem_cache: Consider adding a RevalidateTimeout directive to specify time at which local cached content is to be revalidated (ie, underlying file stat'ed to see if it has changed). - * mod_cache: CacheEnable/CacheDisable should accept regular expressions. - jerenkrantz says: Too slow. Get regexs away from speedy caches by - default. Introduce a new CacheEnableRegex if you want. - - * mod_mem_cache/mod_disk_cache: Need to be able to query cache + * mod_mem_cache/mod_cache_disk: Need to be able to query cache status (num of entries, cache object properties, etc.). mod_status could be extended to query optional hooks defined by modules for the purpose of reporting module status. @@ -441,10 +451,6 @@ WISH LIST HTTP or SNMP? jerenkrantz says: Yawn. Who cares. - * MaxRequestsPerChild measures connections, not requests. - Until someone has a better way, we'll probably just rename it - "MaxConnectionsPerChild". - * Regex containers don't work in an intutive way Status: No one has come up with an efficient way to fix this behavior. Dean has suggested getting rid of regex containers