Newer
Older
*) SECURITY: CVE-2011-3348 (cve.mitre.org)
mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
recognized. [Jean-Frederic Clere]
*) SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Fix handling of byte-range requests to use less memory, to avoid
denial of service. If the sum of all ranges in a request is larger than
the original file, ignore the ranges and send the complete file.
William A. Rowe Jr
committed
PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener,
<lowprio20 gmail.com>]
*) mod_session_crypto: Refactor to support the new apr_crypto API.
[Graham Leggett]
*) http: Add missing Location header if local URL-path is used as
ErrorDocument for 30x. [Stefan Fritsch]
*) mod_buffer: Make sure we step down for subrequests, but not for internal
redirects triggered by mod_rewrite. [Graham Leggett]
*) mod_lua: add r:construct_url as a wrapper for ap_construct_url.
[Eric Covener]
*) mod_remote_ip: Fix configuration of internal proxies. PR 49272.
[Jim Riggs <jim riggs me>]
*) mpm_winnt: Handle AcceptFilter 'none' mode correctly; resolve specific
server IP endpoint and remote client IP upon connection. [William Rowe]
*) mod_setenvif: Remove OID match which is obsoleted by SetEnvIfExpr with
PeerExtList(). [Stefan Fritsch]
*) mpm_prefork, mpm_worker, mpm_event: If a child is created just before
graceful restart and then exits because of a missing lock file, don't
shutdown the whole server. PR 39311. [Shawn Michael
<smichael rightnow com>]
*) mpm_event: Check the return value from ap_run_create_connection.
PR: 41194. [Davi Arnaut]
*) mod_mime_magic: Add signatures for PNG and SWF to the example config.
PR: 48352. [Jeremy Wagner-Kaiser <jwagner-kaiser adknowledge com>]
*) core, unixd: Add -D DUMP_RUN_CFG option to dump some configuration items
from the parsed (or default) config. This is useful for init scripts that
need to setup temporary directories and permissions. [Stefan Fritsch]
Stefan Fritsch
committed
*) core, mod_actions, mod_asis: Downgrade error log messages which accompany
a 404 request status from loglevel error to info. PR: 35768. [Stefan
Fritsch]
*) core: Fix hook sorting with Perl modules. PR: 45076. [Torsten Foertsch
Stefan Fritsch
committed
<torsten foertsch gmx net>]
*) core: Enforce LimitRequestFieldSize after multiple headers with the same
name have been merged. [Stefan Fritsch]
*) mod_ssl: If MaxMemFree is set, ask OpenSSL >= 1.0.0 to reduce memory
usage. PR 51618. [Cristian Rodríguez <crrodriguez opensuse org>,
Stefan Fritsch]
*) mod_ssl: At startup, when checking a server certificate whether it
matches the configured ServerName, also take dNSName entries in the
subjectAltName extension into account. PR 32652, PR 47051. [Kaspar Brand]
*) mod_substitute: Reduce memory usage and copying of data. PR 50559.
[Stefan Fritsch]
*) mod_ssl/proxy: enable the SNI extension for backend TLS connections
[Kaspar Brand]
*) Add wrappers for malloc, calloc, realloc that check for out of memory
situations and use them in many places. PR 51568, PR 51569, PR 51571.
[Stefan Fritsch]
*) Fix cross-compilation of mod_cgi/mod_cgid when APR_HAVE_STRUCT_RLIMIT is
false but RLIMIT_* are defined. PR51371. [Eric Covener]
*) core: Correctly obey ServerName / ServerAlias if the Host header from the
request matches the VirtualHost address.
PR 51709. [Micha Lenk <micha lenk.info>]
*) mod_unique_id: Use random number generator to initialize counter.
PR 45110. [Stefan Fritsch]
*) core: Add convenience API for apr_random. [Stefan Fritsch]
*) core: Add MaxRangeOverlaps and MaxRangeReversals directives to control
the number of overlapping and reversing ranges (respectively) permitted
before returning the entire resource, with a default limit of 20.
[Jim Jagielski]
*) mod_ldap: Optional function uldap_ssl_supported(r) always returned false
if called from a virtual host with mod_ldap directives in it. Did not
affect mod_authnz_ldap's usage of mod_ldap. [Eric Covener]
*) mod_filter: Instead of dropping the Accept-Ranges header when a filter
registered with AP_FILTER_PROTO_NO_BYTERANGE is present,
set the header value to "none". [Eric Covener, Ruediger Pluem]
*) core: Allow MaxRanges none|unlimited|default and set 'Accept-Ranges: none'
in the case Ranges are being ignored with MaxRanges none.
[Eric Covener]
*) mod_ssl: revamp CRL-based revocation checking when validating
certificates of clients or proxied servers. Completely delegate
CRL processing to OpenSSL, and add a new [Proxy]CARevocationCheck
directive for controlling the revocation checking mode. [Kaspar Brand]
*) core: Add MaxRanges directive to control the number of ranges permitted
before returning the entire resource, with a default limit of 200.
[Eric Covener]
*) mod_cache: Ensure that CacheDisable can correctly appear within
a LocationMatch. [Graham Leggett]
*) mod_cache: Fix the moving of the CACHE filter, which erroneously
stood down if the original filter was not added by configuration.
[Graham Leggett]
*) mod_ssl: improve certificate error logging. PR 47408. [Kaspar Brand]
*) mod_authz_groupfile: Increase length limit of lines in the group file to
16MB. PR 43084. [Stefan Fritsch]
*) core: Increase length limit of lines in the configuration file to 16MB.
PR 45888. PR 50824. [Stefan Fritsch]
*) core: Add API for resizable buffers. [Stefan Fritsch]
Eric Covener
committed
*) mod_ldap: Enable LDAPConnectionTimeout for LDAP toolkits that have
LDAP_OPT_CONNECT_TIMEOUT instead of LDAP_OPT_NETWORK_TIMEOUT, such
as Tivoli Directory Server 6.3 and later. [Eric Covener]
*) mod_ldap: Change default number of retries from 10 to 3, and add
Eric Covener
committed
an LDAPRetries and LDAPRetryDelay directives. [Eric Covener]
*) mod_authnz_ldap: Don't retry during authentication, because this just
multiplies the ample retries already being done by mod_ldap. [Eric Covener]
*) configure: Allow to explicitly disable modules even with module selection
'reallyall'. [Stefan Fritsch]
*) mod_rewrite: Check validity of each internal (int:) RewriteMap even if the
RewriteEngine is disabled in server context, avoiding a crash while
referencing the invalid int: map at runtime. PR 50994.
[Ben Noordhuis <info noordhuis nl>]
*) mod_ssl, configure: require OpenSSL 0.9.7 or later. [Kaspar Brand]
*) mod_ssl: remove ssl_toolkit_compat layer. [Kaspar Brand]
*) mod_ssl, configure, ab: drop support for RSA BSAFE SSL-C toolkit.
[Kaspar Brand]
*) mod_usertrack: Run mod_usertrack earlier in the fixups hook to ensure the
cookie is set when modules such as mod_rewrite trigger a redirect. Also
use r->err_headers_out for the cookie, for the same reason. PR29755.
[Sami J. Mäkinen <sjm almamedia fi>, Eric Covener]
Stefan Fritsch
committed
*) mod_proxy_http, mod_proxy_connect: Add 'proxy-status' and
'proxy-source-port' request notes for logging. PR 30195. [Stefan Fritsch]
Stefan Fritsch
committed
*) configure: Enable ldap modules in 'all' and 'most' selections if ldap
is compiled into apr-util. [Stefan Fritsch]
*) core: Add ap_check_cmd_context()-check if a command is executed in
.htaccess file. [Stefan Fritsch]
*) mod_deflate: Fix endless loop if first bucket is metadata. PR 51590.
[Torsten Foertsch <torsten foertsch gmx net>]
*) mod_authn_socache: Fix to work in .htaccess if not configured anywhere
in httpd.conf, and introduce an AuthnCacheEnable directive.
PR 51991 [Nick Kew]
*) mod_proxy_ajp: Improve trace logging. [Rainer Jung]
*) mod_proxy_ajp: Respect "reuse" flag in END_REPONSE packets.
[Rainer Jung]
*) mod_proxy: enable absolute URLs to be rewritten with ProxyPassReverse,
e.g. to reverse proxy "Location: https://other-internal-server/login"
[Nick Kew]
*) prefork, worker, event: Make sure crashes are logged to the error log if
httpd has already detached from the console. [Stefan Fritsch]
Stefan Fritsch
committed
*) prefork, worker, event: Reduce period during startup/restart where a
successive signal may be lost. PR 43696. [Arun Bhalla <arun shme net>]
*) mod_allowmethods: Correct Merging of "reset" and do not allow an
empty parameter list for the AllowMethods directive. [Rainer Jung]
*) configure: Update selection of modules for 'all' and 'most'. 'all' will
Loading full blame...