Skip to content
CHANGES 213 KiB
Newer Older
Jeff Trawick's avatar
Jeff Trawick committed
                                                         -*- coding: utf-8 -*-
Ruediger Pluem's avatar
Ruediger Pluem committed

Jim Jagielski's avatar
Jim Jagielski committed
Changes with Apache 2.4.24

  *) mod_proxy_http2: fixed duplicate symbols with mod_http2.
     [Stefan Eissing]
  
  *) mod_http2: rewrite of how responses and trailers are transferred between
     master and slave connection. Reduction of internal states for tasks
     and streams, stability. Heuristic id generation for slave connections
     to better keep promise of connection ids unique at given point int time.
     Fix for mod_cgid interop in high load situtations. 
     Fix for handling of incoming trailers when no request body is sent.
     [Stefan Eissing]
  
  *) mod_http2: fix suspended handling for streams. Output could become
     blocked in rare cases. [Stefan Eissing]
  *) mpm_winnt: Prevent a denial of service when the 'data' AcceptFilter is in
     use by replacing it with the 'connect' filter. PR 59970. [Jacob Champion]

  *) mod_cgid: Resolve a case where a short CGI response causes a subsequent
     CGI to be killed prematurely, resulting in a truncated subsequent
     response. [Eric Covener]

  *) mod_proxy_hcheck: Set health check URI and expression correctly for health
     check worker. PR 60038 [zdeno <zdeno@scnet.sk>]

  *) mod_http2: if configured with nghttp2 1.14.0 and onward, invalid request
     headers will immediately reset the stream with a PROTOCOL error. Feature
     logged by module on startup as 'INVHD' in info message.
     [Stefan Eissing]
     
  *) mod_http2: fixed handling of stream buffers during shutdown.
     [Stefan Eissing]
     
  *) mod_reqtimeout: Fix body timeout disabling for CONNECT requests to avoid
     triggering mod_proxy_connect's AH01018 once the tunnel is established.
     [Yann Ylavic]

  *) ab: Set the Server Name Indication (SNI) extension on outgoing TLS
     connections (unless -I is specified), according to the Host header (if
     any) or the requested URL's hostname otherwise.  [Yann Ylavic]

  *) mod_proxy_fcgi: avoid loops when ProxyErrorOverride is enabled
     and the error documents are proxied. PR 55415. [Luca Toscano]

  *) mod_proxy_fcgi: read the whole FCGI response even when the content has
     not been modified (HTTP 304) to avoid subsequent bougus reads and
     confusing error messages logged. [Luca Toscano]

Stefan Eissing's avatar
Stefan Eissing committed
  *) mod_http2: h2 status resource follows latest draft, see
     http://www.ietf.org/id/draft-benfield-http2-debug-state-01.txt
     [Stefan Eissing]
     
  *) mod_http2: handling graceful shutdown gracefully, e.g. handling existing
     streams to the end. [Stefan Eissing]
  
  *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.
     [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]

Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_proxy_balancer: Prevent redirect loops between workers within a
     balancer by limiting the number of redirects to the number balancer
     members. PR 59864 [Ruediger Pluem]

Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_proxy: Correctly consider error response codes by the backend when
     processing failonstatus. PR 59869 [Ruediger Pluem]

Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_dav: Add dav_get_provider_name() function to obtain the name
     of the provider from mod_dav.  [Graham Leggett]

Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_dav: Add support for childtags to dav_error.
     [Jari Urpalainen <jari.urpalainen nokia.com>]

  *) mod_proxy_fcgi: Fix 2.4.23 breakage for mod_rewrite per-dir and query 
     string showing up in SCRIPT_FILENAME. PR59815

Eric Covener's avatar
Eric Covener committed
  *) mod_include: Fix a potential memory misuse while evaluating expressions.
     PR59844. [Eric Covener]

  *) mod_http2: new H2CopyFiles directive that changes treatment of file
     handles in responses. Necessary in order to fix broken lifetime handling
     in modules such as mod_wsgi.
  
  *) mod_http2: removing timeouts on master connection while requests are
     being processed. Requests may timeout, but the master only times out when
     no more requests are active. [Stefan Eissing]
     
  *) mod_http2: fixes connection flush when answering SETTINGS without any
     stream open. [Moto Ishizawa <@summerwind>, Stefan Eissing]
     
Jim Jagielski's avatar
Jim Jagielski committed
Changes with Apache 2.4.23

  *) mod_ssl: reset client-verify state of ssl when aborting renegotiations.
     [Erki Aring <erki@example.ee>, Stefan Eissing]

  *) mod_sed: Fix 'x' command processing. [Christophe Jaillet]

  *) configure: Fix ./configure edge-case failures around dependencies
     of mod_proxy_hcheck. [William Rowe, Ruediger Pluem, Jeff Trawick]
Jim Jagielski's avatar
Jim Jagielski committed
Changes with Apache 2.4.22

Jim Jagielski's avatar
Jim Jagielski committed
  *) mod_http2: fix for request abort when connections drops, introduced in
     1.5.8

Jim Jagielski's avatar
Jim Jagielski committed
Changes with Apache 2.4.21

  *) mod_http2: more rigid error handling in DATA frame assembly, leading
     to deterministic connection errors if assembly fails.
     [Stefan Eissing, Pal Nilsen <https://github.com/maedox>]

  *) abs: Include OPENSSL_Applink when compiling on Windows, to resolve
     failures under Visual Studio 2015 and other mismatched MSVCRT flavors.
     PR59630 [Jan Ehrhardt <phpdev ehrhardt.nl>]

  *) mod_ssl: Add "no_crl_for_cert_ok" flag to SSLCARevocationCheck directive
     to opt-in previous behaviour (2.2) with CRLs verification when checking
     certificate(s) with no corresponding CRL.  [Yann Ylavic]

  *) mpm_event, mpm_worker: Fix computation of MinSpareThreads' lower bound
     according the number of listeners buckets.  [Yann Ylavic]

  *) Add ap_cstr_casecmp[n]() - placeholder of apr_cstr_casecmp[n] functions
     for case-insensitive C/POSIX-locale token comparison.
     [Jim Jagielski, William Rowe, Yann Ylavic, Branko Čibej]

  *) mod_userdir: Constify and save a few bytes in the conf pool when
     parsing the "UserDir" directive. [Christophe Jaillet]

  *) mod_cache: Fix (max-stale with no '=') and enforce (check
     integers after '=') Cache-Control header parsing.
     [Christophe Jaillet]

  *) core: Add -DDUMP_INCLUDES configtest option to show the tree
     of Included configuration files.
     [Jacob Champion <champion.pxi gmail.com>]

  *) mod_proxy_fcgi: Avoid passing a filename of proxy:fcgi:// as
     SCRIPT_FILENAME to a FastCGI server. PR59618.
     [Jacob Champion <champion.pxi gmail.com>]

  *) mod_dav: Add dav_get_provider_name() function to obtain the name
     of the provider from mod_dav.
     [Jari Urpalainen <jari.urpalainen nokia.com>]

  *) mod_proxy_http2: properly care for HTTP2 flow control of the frontend
     connection is HTTP/1.1. [Patch supplied by Evgeny Kotkov]
     
  *) mod_http2: improved cleanup of connection/streams/tasks to always
     have deterministic order regardless of event initiating it. Addresses
     reported crashes due to memory read after free issues. 
     [Stefan Eissing] 
  *) mod_ssl: Correct the interaction between SSLProxyCheckPeerCN and newer
     SSLProxyCheckPeerName directives since release 2.4.5, such that disabling
     either disables both, and that enabling either triggers the new, more
     comprehensive SSLProxyCheckPeerName behavior. Only a single configuration
     remains to enable the legacy behavior, which is to explicitly disable
     SSLProxyCheckPeerName, and enable SSLProxyCheckPeerCN. [William Rowe]

  *) mod_include: add the <!--#comment ...> syntax in order to include comments
     in a SSI file. [Christophe Jaillet based on a suggestion from Rob]

  *) mod_http2: improved event handling for suspended streams, responses
     and window updates. [Stefan Eissing] 
     
  *) mod_proxy_hcheck: Provide for dynamic background health
     checks on reverse proxies associated with BalancerMember
     workers. [Jim Jagielski]

  *) mod_http2: Fix async write issue that led to selection of wrong timeout
     vs. keepalive timeout selection for idle sessions. [Stefan Eissing]
     
  *) mod_http2: checking LimitRequestLine, LimitRequestFields and 
     LimitRequestFieldSize configurated values for incoming streams. Returning
     HTTP status 431 for too long/many headers fields and 414 for a too long
     pseudo header. [Stefan Eissing]
     
  *) mod_http2: tracking conn_rec->current_thread on slave connections, so
     that mod_lua finds the correct one. Fixes PR 59542. [Stefan Eissing]
     
Stefan Eissing's avatar
Stefan Eissing committed
  *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
     urls. Part of the httpd mod_proxy framework, common settings apply.
     Requests from the same HTTP/2 frontend connection against the same backend
     are aggregated on a single connection.
     [Stefan Eissing]
  
  *) mod_http2: slave connections have conn_rec->aborted flag set when a stream
     has been reset by the client. [Stefan Eissing]
  *) mod_http2: merge of some 2.4.x adaptions re filters on slave connections.
     Small fixes in bucket beams when forwarding file buckets. Output handling
     on master connection uses less FLUSH and passes automatically when more
     than half of H2StreamMaxMemSize bytes have accumulated.
     Workaround for http: when forwarding partial file buckets to keep the
     output filter from closing these too early. [Stefan Eissing]

  *) mod_http2: elimination of fixed master connection buffer for TLS 
     connections. New scratch bucket handling optimized for TLS write sizes. 
Loading full blame...