Skip to content
CHANGES 651 KiB
Newer Older
  [Remove entries to the current 2.0 and 2.2 section below, when backported]
  *) Rewrite of ap_coreoutput_filter to do nonblocking writes  [Brian Pane]

  *) Added new connection states for handler and write completion
     [Brian Pane]

  *) mod_proxy_ajp: Do not spool the entire response from AJP backend before
     sending it up the filter chain. PR37100.  [Ruediger Pluem]

  *) Preserve the Content-Length header for a proxied HEAD request.
     PR 18757 [Greg Ames]
  *) mod_cache: Create new filters CACHE_OUT_SUBREQ / CACHE_SAVE_SUBREQ which
     only differ by the type from CACHE_OUT / CACHE_SAVE to ensure that
     subrequests to non local resources work again. [Ruediger Pluem]

Nick Kew's avatar
Nick Kew committed
  *) New module: mod_authn_dbd [Nick Kew]

  *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs.  PR 34264.
     [Justin Erenkrantz]

Jeff Trawick's avatar
Jeff Trawick committed
  *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
     allowing string-valued client certificate attributes to be used for
     access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
     [Martin Kraemer, David Reid]

  *) core: AddOutputFilterByType is ignored for proxied requests. PR31226.
     [Joe Orton, Ruediger Pluem]

  *) mod_proxy_http: Prevent data corruption of POST request bodies when
     client accesses proxied resources with SSL. PR37145.
     [Ruediger Pluem, William Rowe]

  *) mod_proxy_balancer: BalancerManager and proxies correctly handle
     member workers with paths. PR36816. [Ruediger Pluem, Jim Jagielski]

  *) mod_log_config: %{hextid}P will log the thread id in hex with APR
     versions 1.2.0 or higher.  [Jeff Trawick]

  *) httpd.exe/apachectl -V: display the DYNAMIC_MODULE_LIMIT setting, as
     in 1.3.  [Jeff Trawick]

Nick Kew's avatar
Nick Kew committed
  *) Support dbd connections tied to the conn_rec [Nick Kew]

  *) Move mod_dbd to /modules/database/ [Nick Kew]

  *) Move mod_filter and mod_charset_lite to /modules/filters/ [Nick Kew]

  *) Fix mod_dbd's config [Brian J. France <list firehawksystems.com>]

  *) mod_proxy_ajp: mod_proxy_ajp sends empty SSL attributes for non SSL
     connections. PR36883.
     [William Barker <william.barker wilshire.com>, Ruediger Pluem]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Elimiated the NET_TIME filter, restructuring the timeout logic.
     This provides a working mod_echo on all platforms, and ensures any
     custom protocol module is at least given an initial timeout value
     based on the <VirtualHost > context's Timeout directive.
     [William Rowe]

  *) mod_proxy: Run the request_status hook also if there are no free workers
     or all workers are in error state.
     [Ruediger Pluem, Brian Akins <brian.akins turner.com>]

  *) mod_proxy_balancer: mod_proxy_balancer does not handle sticky sessions
     with tomcat correctly. PR36507. [Ruediger Pluem]

  *) mod_proxy_connect: Fix high CPU loop on systems like UnixWare which
     trigger POLL_ERR or POLL_HUP on a terminated connection.  PR 36951.
     [Jeff Trawick, Ruediger Pluem]

  *) SECURITY: CVE-2005-2970 (cve.mitre.org)
Jeff Trawick's avatar
Jeff Trawick committed
     worker MPM: Fix a memory leak which can occur after an aborted
     connection in some limited circumstances.  [Greg Ames]
Jeff Trawick's avatar
Jeff Trawick committed

  *) Doxygen fixup [Neale Ranns <neale ranns.org>, Ian Holsman]

  *) mod_cache/mod_dir: Correct a subrequest lookup bug which was preventing
     mod_dir from serving indexes correctly with mod_cache enabled. 
     [Colm MacCarthaigh]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
Changes with Apache 2.1.8

Joe Orton's avatar
Joe Orton committed
  *) Fix lingering close implementation to match 1.3.x behaviour.
     PR 35292.  [Joe Orton]

  *) mod_ssl: Support limited buffering of request bodies to allow 
     per-location renegotiation to proceed.  PR 12355.  [Joe Orton]
Joe Orton's avatar
Joe Orton committed
  *) Fix regression since 2.0.x in AllowOverride Options handling. 
     PR 35330.  [kabe <kabe sra-tohoku.co.jp>]

  *) mod_ssl: Fix memory leak in ssl_util_algotypeof().
     PR 25659.  [David Blake <dblake hp com>, Martin Kraemer]
Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) prefork, worker and event MPMs: Support a graceful-stop procedure:
     Server will wait until existing requests are finished or until  
     "GracefulShutdownTimeout" number of seconds before exiting. 
     [Colm MacCarthaigh, Ken Coar, Bill Stoddard]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) prefork, worker and event MPMs: Prevent children from holding open 
     listening ports upon graceful restart or stop. PR 28167. 
     [Colm MacCarthaigh, Brian Pinkerton <bp thinkpink.com>]

  *) SECURITY: CVE-2005-2700 (cve.mitre.org)
Joe Orton's avatar
Joe Orton committed
     mod_ssl: Fix a security issue where "SSLVerifyClient" was not
     enforced in per-location context if "SSLVerifyClient optional"
     was configured in the vhost configuration.  [Joe Orton]

  *) mod_ssl: Catch parse errors from misconfigured or malformed
     CRLs.  PR 36438.  [Joe Orton]

  *) mod_proxy/mod_proxy_balancer: lbmethods now implemented as
     providers. Prevent problems when no Vhost containers were
     configured with proxy balancers. [Jim Jagielski]

  *) New provider function to list all available provider names in a
     specific group and version (ap_list_provider_names). [Jim Jagielski]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) mod_cache: Enhance CacheEnable/CacheDisable to control caching on a
     per-protocol, per-host and per-path basis. Intended for proxy
     configurations. [Colm MacCarthaigh]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) mod_disk_cache: Canonicalise the storage key, for improved hit/miss
     ratio. [Colm MacCarthaigh]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) mod_cgid: Append .PID to the script socket filename and remove the
     script socket on exit. [Colm MacCarthaigh, Jim Jagielski]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) mod_cgid: run the get_suexec_identity hook within the request-handler 
     instead of within cgid. PR 36410. [Colm MacCarthaigh]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) Linux 2.0: remove support for threaded MPM's due to linuxthreads use
     of SIGUSR1 clashing with graceful restart signal. [Colm MacCarthaigh]

Changes with Apache 2.1.7
Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed

  *) SECURITY: CVE-2005-2491 (cve.mitre.org): 
     Fix integer overflows in PCRE in quantifier parsing which could
     be triggered by a local user through use of a carefully-crafted 
     regex in an .htaccess file.  [Philip Hazel]

  *) mod_proxy/mod_proxy_balancer: Provide a simple, functional
     interface to add additional balancer lb selection methods
     without requiring code changes to mod_proxy/mod_proxy_balancer;
     these can be implemented via sub-modules now. [Jim Jagielski]

  *) mod_cache: Fix incorrectly served 304 responses when expired cache
     entity is valid, but cache is unwritable and headers cannot be
     updated.  [Colm MacCarthaigh <colm stdlib.net>]

  *) mod_cache: Remove entities from the cache when re-validation
     receives a 404 or other content-no-longer-present error.
     [Rüdiger Plüm ruediger.pluem vodafone.com]

  *) mod_disk_cache: Properly remove files from cache when needed.
     [Rüdiger Plüm ruediger.pluem vodafone.com]

  *) mod_disk_cache: Support htcacheclean removing directories.
     [Andreas Steinmetz]

  *) htcacheclean: Add -t option to remove empty directories.
     [Colm MacCarthaigh <colm stdlib.net>]

  *) Remove the base href tag from mod_proxy_ftp, as it breaks relative
     links for clients not using an Authorization header. [Graham Leggett,
     Jon Snow <jsnow27 gatesec.net>]

  *) mod_cache: Restore the HTTP status of cached responses.
     [Hansjoerg Pehofer <hansjoerg.pehofer uibk.ac.at>]

  *) mod_cache: Store varied contents all in the same prefix for a varied URI.
     [Paul Querna]

  *) mod_cache: Run the CACHE_SAVE and CACHE_OUT Filters after other content
     filters. [Paul Querna]

  *) mod_negotiation: Correctly report 404 instead of 403 for missing files.
     [Paul Querna]

Paul Querna's avatar
Paul Querna committed
  *) new hook (request_status) that gets ran in proxy_handler just before 
     the final return.  This gives modules an opportunity to do something 
     based on the proxy status. (minor MMN bump)
     [Brian Akins <bakins turner.com>, Ian Holsman]
  *) Add additional SSLSessionCache option, 'nonenotnull', which is
     similar to 'none' (disabling any external shared cache) but forces
     OpenSSL to provide a non-null session ID.  [Jim Jagielski]
  *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
     [Paul Querna]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Add SSL_COMPRESS_METHOD variable (included in +StdEnvVars) to note
     the negotiated compression.  [Georg v. Zezschwitz <gvz 2scale.de>]

Loading full blame...