Skip to content
CHANGES 642 KiB
Newer Older
Paul Querna's avatar
Paul Querna committed
Changes with Apache 2.1.7
  [Remove entries to the current 2.0 section below, when backported]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) SECURITY: CAN-2005-2088
     proxy: Correctly handle the Transfer-Encoding and Content-Length
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     headers.  Discard the request Content-Length whenever T-E: chunked
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     is used, always passing one of either C-L or T-E: chunked whenever 
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     the request includes a request body.  Resolves an entire class of
     proxy HTTP Request Splitting/Spoofing attacks.  [William Rowe]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Added TraceEnable [on|off|extended] per-server directive to alter
     the behavior of the TRACE method.  This addresses a flaw in proxy
     conformance to RFC 2616 - previously the proxy server would accept
     a TRACE request body although the RFC prohibited it.  The default
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
     remains 'TraceEnable on'.  [William Rowe]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

  *) Add additional SSLSessionCache option, 'nonenotnull', which is
     similar to 'none' (disabling any external shared cache) but forces
     OpenSSL to provide a non-null session ID.  [Jim Jagielski]
  *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
     [Paul Querna]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Add SSL_COMPRESS_METHOD variable (included in +StdEnvVars) to note
     the negotiated compression.  [Georg v. Zezschwitz <gvz 2scale.de>]

  *) Fixed complaints about unpackaged files within the RPM build
     after changes to the config files. [Graham Leggett]

  *) Fix shutdown for the Worker MPM when an Accept Filter is used. Instead of 
     just closing the socket, a HTTP request is made, to make sure the child is 
     always awakened. [Paul Querna]

Paul Querna's avatar
Paul Querna committed
Changes with Apache 2.1.6

  *) Fix htdbm password validation for records which included comments.
     [Eric Covener <covener gmail.com>]

  *) mod_cgid: Fix buffer overflow processing ScriptSock directive.
     [Steve Kemp <steve steve.org.uk>]

Paul Querna's avatar
Paul Querna committed
Changes with Apache 2.1.5

  *) mod_ssl: Setting the Protocol to 'https' can replace the use of the 
     'SSLEngine on' command. [Paul Querna]

  *) core: Refactor the mapping of Accept Filters to Sockets. Add the 
     AcceptFilter and Protocol directives to aid in mapping filter types.
     Extend the Listen directive to optionally take a protocol name.
     [Paul Querna]

  *) mod_disk_cache: Support storing multiple variations of one URL. PR 35211.
     [Paul Querna]

  *) mod_disk_cache: Atomically create the header data file. [Paul Querna]

  *) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125. 
     [Paul Querna]

  *) mod_cache: Rename 'generate_name' to 'ap_cache_generate_name'. 
     [Paul Querna]

  *) proxy FTP: Fix confusion about globbing characters which could lead
     to getting a directory listing when a file was requested.  PR 34512.
     [Sean <infamous41md hotmail.com>]

  *) mod_mime_magic: Handle CRLF-format magic files so that it works with
     the default installation on Windows.  [Jeff Trawick]

  *) core: Allow multiple modules to register interest in a single 
     configuration command. [Paul Querna]

  *) EBCDIC: Handle chunked input from client or, with proxy, origin
     server.  [Jeff Trawick]

  *) authn_provider_alias: Adds the configuration block tag
     <AuthnProviderAlias baseProvider Alias>
     Authentication directives contained within this block can be
     referenced as a new authProvider using the AuthBasicProvider or
     AuthDigestProvider directive.  These directives will be merged in to
     the per_dir configuration just before the base provider is called.
     [Brad Nicholes]

  *) ap_getword_conf: Fix backslashes at the end of configuration directives. 
     PR 34834. [Timo Viipuri <viipuri dlc.fi>]

Nick Kew's avatar
Nick Kew committed
  *) mod_dbd: New additions: mod_dbd.c, mod_dbd.h, mod_dbd.xml
     Provide module hooks for apr_dbd; optimise for httpd
     threaded and non-threaded arch [Nick Kew]

  *) ab: SSL support rewritten, improved, and enabled if SSL is enabled
     during the build; -f and -Z arguments added to specify SSL protocol
     options.  [Masaoki Kobayashi <masaoki techfirm.co.jp>]

  *) Support the suppress-error-charset setting, as with Apache 1.3.x.
     PR 31274.  [Jeff Trawick]

  *) Prevent hangs of child processes when writing to piped loggers at
     the time of graceful restart.  PR 26467.  [Jeff Trawick]
  
  *) mod_info: Show the Quick Handler [Paul Querna]
  *) mod_ldap: Add the directive LDAPVerifyServerCert to specify 
     whether to force verification of the server certificate when
     establishing an SSL connection to the LDAP server. 
     [Brad Nicholes]
     
  *) mod_proxy: Run mod_rewrite before mod_proxy in the translate_name
  *) Add AP_INIT_TAKE_ARGV for configuration commands. (minor MMN bump) 
     [Paul Querna]

  *) ap_get_local_host() rewritten for APR. [Jim Jagielski]

  *) Add the ap_vhost_iterate_given_conn function to expose the information
     used in Name Based Virtual Hosting. (minor MMN bump)
     [Paul Querna]

  *) Remove the never working ap_method_list_do and ap_method_list_vdo.
     [Paul Querna]

  *) Added makefile and doc for building mod_ssl on the NetWare 
     platform. [Guenter Knauf, Brad Nicholes]
  
  *) mod_deflate: Merge the Vary header, isntead of Setting it. Fixes
     applications that send the Vary Header themselves, and also apply 
     mod_deflate as an output filter. [Paul Querna]
Joe Orton's avatar
Joe Orton committed

  *) Change the default (when not present in the config file) setting
     for UseCanonicalName to Off.
     [Joshua Slive]

  *) mod_userdir: The module no longer does any remapping unless the
     UserDir directive is present in the config file.
     [Joshua Slive]

  *) Massively simplify the distributed httpd.conf by removing
     many features and many directives that are at their default
     setting.  Add a selection of example config excerpts for adding
     extra features in the conf/extra/ directory.  Install the
     distributed config and the extra config examples in the
     conf/original/ directory during make install.
     [Joshua Slive, Justin Erenkrantz]

  *) NetWare: Reposition mod_asis, mod_actions, mod_cgi, mod_imagemap,
     mod_userdir and mod_autoindex as shared modules rather than 
     built-in modules within the NetWare build.
     [Brad Nicholes]

  *) Rename mod_imap to mod_imagemap.
     [Paul Querna]

  *) util_ldap: Eliminate the load ordering of mod_ldap and mod_authnz_ldap
     by changing the mod_ldap exported functions to optional functions.
     [Brad Nicholes]

Changes with Apache 2.1.4

  *) Don't let a subrequest inherit headers describing the original request's
     body.  [Greg Ames]

  *) Fix Windows CompContext buff size miscalculation
     [Allan Edwards]

  *) Add ReceiveBufferSize directive to control the TCP receive buffer.
     [Eric Covener <covener gmail.com>]

  *) mod_proxy: Add proxy-sendextracrlf option to send an extra CRLF at the
     end of the request body to work with really old HTTP servers.
     [Justin Erenkrantz]

  *) util_ldap: Keep track of the number of attributes retrieved from 
     LDAP so that all the values can be properly cached even if the 
     value is NULL. PR 33901 [Brad Nicholes]
  *) mod_cache: Fix error where incoming Cache-Control would be ignored.
     [Justin Erenkrantz]

  *) mod_cache: Correctly handle originally conditional requests.
     [Sander Striker]

  *) mod_disk_cache: Correctly update cached headers on revalidated responses.
     [Sander Striker, Justin Erenkrantz]

  *) worker MPM/mod_status: Support per-worker tracking of pid and
     generation in the scoreboard so that mod_status can accurately
     represent workers in processes which are gracefully terminating.
     (major MMN bump)
     [Jeff Trawick]

  *) Correctly export all mod_dav public functions.
     [Branko Èibej <brane xbc.nu>]

Justin Erenkrantz's avatar
Justin Erenkrantz committed
Changes with Apache 2.1.3

  *) mod_ssl: Add ssl_ext_lookup optional function for accessing
     certificate extensions.   [David Reid, Joe Orton]

Joe Orton's avatar
Joe Orton committed
  *) Add support for use of an external PCRE library; pass the
Loading full blame...