Skip to content
CHANGES 43.7 KiB
Newer Older
Paul Querna's avatar
Paul Querna committed

Paul Querna's avatar
Paul Querna committed
Changes with Apache 2.3.6

Changes with Apache 2.3.5
Paul Querna's avatar
Paul Querna committed

  *) Ensure each subrequest has a shallow copy of headers_in so that the
     parent request headers are not corrupted.  Elimiates a problematic
     optimization in the case of no request body.  PR 48359 
     [Jake Scott, William Rowe, Ruediger Pluem]
  *) Turn static function get_server_name_for_url() into public
     ap_get_server_name_for_url() and use it where appropriate. This
     fixes mod_rewrite generating invalid URLs for redirects to IPv6
     literal addresses. [Stefan Fritsch]

  *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
     for LDAP operations like bind and search. [Stefan Fritsch]

  *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
     mod_proxy_ftp. [Takashi Sato]

Takashi Sato's avatar
Takashi Sato committed
  *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
     mod_proxy_connect. [Takashi Sato]

  *) mod_cache: Do an exact match of the keys defined by
     CacheIgnoreURLSessionIdentifiers against the querystring instead of
     a partial match.  PR 48401.i
     [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]

  *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]

  *) Core HTTP: disable keepalive when the Client has sent
     Expect: 100-continue
     but we respond directly with a non-100 response.
     Keepalive here led to data from clients continuing being treated as
     a new request.
     PR 47087 [Nick Kew]

  *) Core: reject NULLs in request line or request headers.
     PR 43039 [Nick Kew]

  *) Core: (re)-introduce -T commandline option to suppress documentroot
     check at startup.
     PR 41887 [Jan van den Berg <janvdberg gmail.com>]

  *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
                    ScanHTMLTitles, ReadmeName, HeaderName
     PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]

  *) Proxy: Fix ProxyPassReverse with relative URL
     Derived (slightly erroneously) from PR 38864 [Nick Kew]
  *) mod_headers: align Header Edit with Header Set when used on Content-Type
     PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]

  *) mod_headers: Enable multi-match-and-replace edit option
     PR 47066 [Nick Kew]

  *) mod_filter: enable it to act on non-200 responses.
     PR 48377 [Nick Kew]

Changes with Apache 2.3.4
  *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
     and WatchdogMutexPath with a single Mutex directive.  Add APIs to
     simplify setup and user customization of APR proc and global mutexes.  
     (See util_mutex.h.)  Build-time setting DEFAULT_LOCKFILE is no longer
     respected; set DEFAULT_REL_RUNTIMEDIR instead.  [Jeff Trawick]

  *) http_core: KeepAlive no longer accepts other than On|Off.
     [Takashi Sato]

  *) mod_dav: Remove errno from dav_error interface.  Calls to dav_new_error()
     and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
     [Jeff Trawick]

  *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
     try other providers in the case of an LDAP bind failure.
     PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]

  *) Build: fix --with-module to work as documented
     PR 43881 [Gez Saunders <gez.saunders virgin.net>]

Changes with Apache 2.3.3

  *) SECURITY: CVE-2009-3095 (cve.mitre.org)
     mod_proxy_ftp: sanity check authn credentials.
     [Stefan Fritsch <sf fritsch.de>, Joe Orton]

  *) SECURITY: CVE-2009-3094 (cve.mitre.org)
     mod_proxy_ftp: NULL pointer dereference on error paths.
     [Stefan Fritsch <sf fritsch.de>, Joe Orton]
  *) mod_ssl: enable support for ECC keys and ECDH ciphers.  Tested against
Jeff Trawick's avatar
Jeff Trawick committed
     OpenSSL 1.0.0b3.  [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
  *) mod_dav: Include uri when logging a PUT error due to connection abort.
  *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
     resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]

  *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
     (a COPY request where the parent of the destination resource does not
     exist). PR 39299. [Stefan Fritsch]

  *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
     PR 42896. [Stefan Fritsch]

  *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
     old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]

  *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
Jeff Trawick's avatar
Jeff Trawick committed
     creating files. On systems with inode numbers, this is a format change of
     the DavLockDB. The old DavLockDB must be deleted on upgrade.
     [Stefan Fritsch]
  *) mod_log_config: Make ${cookie}C correctly match whole cookie names
     instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
     Stefan Fritsch]

  *) vhost: A purely-numeric Host: header should not be treated as a port.
     PR 44979 [Nick Kew]

  *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
     when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
     LDAPReferralHopLimit is explicitly configured.
     [Eric Covener]

  *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
     [Eric Covener]

  *) mod_ssl: Add support for OCSP Stapling.  PR 43822.  
     [Dr Stephen Henson <shenson oss-institute.org>]

  *) mod_socache_shmcb: Allow parens in file name if cache size is given.
     Fixes SSLSessionCache directive mis-parsing parens in pathname.
  *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]

  *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]

  *) mod_sed: Reduce memory consumption when processing very long lines.
     PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]

  *) ab: Fix segfault in case the argument for -n is a very large number.
     PR 47178. [Philipp Hagemeister <oss phihag.de>]

  *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
     [Stefan Fritsch]

  *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again 
     for worker MPM. [Takashi Sato]

  *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
     from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
     Brian France <brian brianfrance.com>]

  *) Build: Use install instead of cp if available on installing
Takashi Sato's avatar
Takashi Sato committed
     modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
  *) mod_cache: correctly consider s-maxage in cacheability
     decisions.  [Dan Poirier]

  *) mod_logio/core: Report more accurate byte counts in mod_status if
     mod_logio is loaded. PR 25656. [Stefan Fritsch]

  *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
     some cache entries and log a warning. Also increase the default
     LDAPSharedCacheSize to 500000. This is a more realistic size suitable
     for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
     PR 46749. [Stefan Fritsch]

  *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
     the request is a CONNECT request. [Bill Zajac <billz consultla.com>]

  *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
     Location section, in line with how ProxyPass works. [Graham Leggett]

  *) mod_reqtimeout: New module to set timeouts and minimum data rates for
     receiving requests from the client. [Stefan Fritsch]

  *) core: Fix potential memory leaks by making sure to not destroy
     bucket brigades that have been created by earlier filters.
     [Stefan Fritsch]

  *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
     brigades in several places. [Stefan Fritsch]

  *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
     match by scheme, or by a wildcarded hostname. PR 40169
     [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
  *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
     on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]

  *) mod_mime: Make RemoveType override the info from TypesConfig.
     PR 38330. [Stefan Fritsch]

Loading full blame...