Skip to content
CHANGES 667 KiB
Newer Older
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
                                                        -*- coding: utf-8 -*-
  [Remove entries to the current 2.0 and 2.2 section below, when backported]
William A. Rowe Jr's avatar
 
William A. Rowe Jr committed

  *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
     configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
     The default is none as this is far greater debugging resolution than 
     the typical administrator is prepared to untangle.  [William Rowe]

  *) mod_speling: Add directive to deal with case corrections only
     and ignore other misspellings [Olivier Thereaux  <ot w3.org>]

  *) mod_disk_cache: If possible, check if the size of an object to cache is
     within the configured boundaries before actually saving data.
     [Niklas Edmundsson <nikke acc.umu.se>]

  *) mod_cache: Convert all values to seconds before comparing them when
     checking whether to send a Warning header for a stale response.
     PR 39713. [Owen Taylor <otaylor redhat.com>]

  *) mod_authnz_ldap: Fix a problem with invalid auth error detection for
     LDAP client SDKs that don't support LDAP_SECURITY_ERROR macro. PR 39529.
     [Ray Price <dohrayme yahoo.com>, Josh Fenlason <jfenlason ptc.com>]
  *) mod_cache: Do not overwrite the Content-Type in the cache, for
     successfully revalidated cached objects. PR 39647. [Ruediger Pluem]

  *) mod_disk_cache: Delete temporary files if they cannot be renamed to their
     final name. [Davi Arnaut <davi haxent.com.br>]

  *) Worker MPM: On graceless shutdown or restart, send signals to
     each worker thread to wake them up if they're polling on a
     Keep-Alive connection.  PR 38737.  [Chris Darroch]

  *) Worker and event MPMs: Remove improper scoreboard updates which were
     performed in the event of a fork() failure.  [Chris Darroch]

  *) mod_cache: Make caching of reverse SSL proxies possible again. PR 39593.
     [Ruediger Pluem, Joe Orton]
  *) Add support for fcgi:// proxies to mod_rewrite.
     [Markus Schiegl <ms schiegl.com>]

  *) Remove incorrect comments from scoreboard.h regarding conditional
     loading of worker_score structure with mod_status, and remove unused
     definitions relating to old life_status field.
     [Chris Darroch <chrisd pearsoncmg.com>]

  *) Remove allocation of memory for unused array of lb_score pointers
     in ap_init_scoreboard().  [Chris Darroch <chrisd pearsoncmg.com>]
  *) core, mod_http: add optional 'scheme://' prefix to ServerName directive. 
     For 'https', mod_http returns "https" for the ap_hook_http_scheme and
     DEFAULT_HTTPS_PORT for ap_hook_default_port.  This fixes Redirect
     responses to requests for directories without a trailing slash when
     httpd runs behind a proxy or offload device that processes SSL.  It
     also enables support for Subversion in that configuration.  This change is 
     completely backwards compatible and passes the perl-framework.  Minor
     mmn bump because I add a field to server_rec.  [Sander Temme]     

  *) worker and event MPMs: fix excessive forking if fork() or child_init 
     take a long time.  PR 39275.
     [Greg Ames, Jeff Trawick, Chris Darroch <chrisd pearsoncmg.com> ]

  *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
     [Garrett Rooney, Jim Jagielski, Paul Querna]
  *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
     [Chris Darroch <chrisd pearsoncmg.com>]

  *) mod_charset_lite: Remove Content-Length when output filter can 
     invalidate it.  Warn when input filter can invalidate it.
     [Jeff Trawick]

  *) mod_ssl: Fix spurious hostname mismatch warning for valid
     wildcard certificates.  PR 37911.  [Nick Burch <nick torchbox.com>]

  *) Authz: Add the new module mod_authn_core that will provide common
     authn directives such as 'AuthType', 'AuthName'.  Move the directives
     'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias 
     into mod_authn_core. [Brad Nicholes]
  *) Authz: Mark the directives 'Order', 'Allow', 'Deny' and 'Satisfy' as 
     deprecated and move them into the new module mod_access_compat which
     can be loaded to provide backwards compatibility for these directives.
     [Brad Nicholes]
  *) Authz: Move the 'Require' directive from the core module as well as 
     add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>' 
     and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR' 
     logic into the authorization processing. [Brad Nicholes]
  *) Authz: Add the new module mod_authz_core which acts as the 
     authorization provider vector and contains common authz 
     directives. [Brad Nicholes]

  *) Authz: Renamed mod_authz_dbm authz providers from 'group' and 
     'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]

  *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
     host-based access control provided by mod_authz_host and invoked 
     through the 'Require' directive. [Brad Nicholes]

  *) Authz: Convert all of the authz modules from hook based to 
     provider based. [Brad Nicholes]
  *) mod_cache: Add CacheMinExpire directive to set the minimum time in
     seconds to cache a document.
     [Brian Akins <brian.akins turner.com>, Ruediger Pluem]

Nick Kew's avatar
Nick Kew committed
  *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]

  *) Fix typo in ProxyStatus syntax error message.
     [Christophe Jaillet <christophe.jaillet wanadoo.fr>]

  *) Asynchronous write completion for the Event MPM.  [Brian Pane]

  *) Added an End-Of-Request bucket type.  The logging of a request and
     the freeing of its pool are now done when the EOR bucket is destroyed.
     This has the effect of delaying the logging until right after the last
     of the response is sent; ap_core_output_filter() calls the access logger
     indirectly when it destroys the EOR bucket.  [Brian Pane]

  *) Rewrite of logresolve support utility: IPv6 addresses are now supported
     and the format of statistical output has changed. [Colm MacCarthaigh]

  *) Rewrite of ap_coreoutput_filter to do nonblocking writes  [Brian Pane]

  *) Added new connection states for handler and write completion
     [Brian Pane]

  *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs.  PR 34264.
     [Justin Erenkrantz]

Jeff Trawick's avatar
Jeff Trawick committed
  *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
     allowing string-valued client certificate attributes to be used for
     access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
     [Martin Kraemer, David Reid]

Changes with Apache 2.2.3

  *) Respect GracefulShutdownTimeout in the worker and event MPMs.
     [Chris Darroch, Garrett Rooney]

  *) mod_mem_cache: Set content type correctly when delivering data from
     cache. PR 39266. [Ruediger Pluem]

  *) mod_autoindex: Fix filename escaping with FancyIndexing disabled.
     PR 38910.  [Robby Griffin <rmg terc.edu>]

  *) mod_charset_lite: Bypass translation when the source and dest charsets
     are the same. [Jeff Trawick]
Changes with Apache 2.2.2

  *) mod_deflate: Allow mod_deflate to handle internal redirects.
     [Brian J. France <list firehawksystems.com>]

  *) mod_proxy_balancer: Initialize members of a balancer correctly.
     PR 38227. [James A. Robinson <jim.robinson stanford.edu>]

  *) mod_proxy: Do not release connections from connection pool twice.
     PR 38793. [Ruediger Pluem, matthias <mk-asf gigacodes.de>]

  *) core: Prevent reading uninitialized memory while reading a line of
     protocol input.  PR 39282. [Davi Arnaut <davi haxent.com.br>]

  *) mod_dbd: Update defaults, improve error reporting.
     [Chris Darroch <chrisd pearsoncmg com>, Nick Kew]

  *) mod_dbd: Create own pool and mutex to avoid problem use of
     process pool in request processing.
     [Chris Darroch <chrisd pearsoncmg com>]

  *) HTML-escape the Expect error message.  Not classed as security as
     an attacker has no way to influence the Expect header a victim will
     send to a target site.  Reported by Thiago Zaninotti
     <thiango nstalker.com>. [Mark Cox]

  *) htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
     [Jeff Trawick]

  *) htdbm: Warn the user when adding a plaintext password on a platform
     where it wouldn't work with the server (i.e., anywhere that has
     crypt()).  [Jeff Trawick]

  *) mod_proxy: don't reuse a connection that may be to the wrong backend
     PR 39253 [Ruediger Pluem]

  *) Default handler: Don't return output filter apr_status_t values.
     PR 31759.  [Jeff Trawick, Ruediger Pluem, Joe Orton]

Changes with Apache 2.2.1

  *) SECURITY: CVE-2005-3357 (cve.mitre.org)
     mod_ssl: Fix a possible crash during access control checks if a
     non-SSL request is processed for an SSL vhost (such as the
     "HTTP request received on SSL port" error message when an 400 
     ErrorDocument is configured, or if using "SSLEngine optional").
     PR 37791.  [Rüdiger Plüm, Joe Orton]

  *) SECURITY: CVE-2005-3352 (cve.mitre.org)
     mod_imagemap: Escape untrusted referer header before outputting
     in HTML to avoid potential cross-site scripting.  Change also
     made to ap_escape_html so we escape quotes.  Reported by JPCERT.
     [Mark Cox]

  *) mod_proxy_ajp: Flushing of the output after each AJP chunk is now
     configurable at runtime via the 'flushpackets' and 'flushwait' worker
     params. Minor MMN bump. [Jim Jagielski]

  *) mod_proxy: Fix incorrect usage of local and shared worker init.
     PR 38403. [Jim Jagielski]

  *) mod_isapi: Fix compiler errors on Unix platforms.
     [William Rowe]

  *) mod_proxy_http: Send HTTP Keep-Alive Headers. PR 38524.
     [Rüdiger Plüm, Joe Orton]

  *) mod_disk_cache: Return the correct error codes from bucket read
     failures, instead of APR_EGENERAL.
     [Brian Akins <brian.akins turner.com>]

  *) Add APR/APR-Util Compiled and Runtime Version numbers to the
     output of 'httpd -V'. [William Rowe]

  *) http: If a connection is aborted while waiting for a chunked line,
     flag the connection as errored out.  [Justin Erenkrantz]

  *) core: Reject invalid Expect header immediately. PR 38123.
     [Ruediger Pluem]

  *) mod_proxy: Fix KeepAlives not being allowed and set to
     backend servers. PR 38602. [Ruediger Pluem, Jim Jagielski]

Jim Jagielski's avatar
Jim Jagielski committed
  *) mod_proxy: If we get an error reading the upstream response,
     close the connection.  [Justin Erenkrantz, Roy T. Fielding,
     Jim Jagielski, Ruediger Pluem]
Jim Jagielski's avatar
Jim Jagielski committed
  *) mod_proxy_ajp: Support common headers of the AJP protocol in responses.
     PR 38340. [Aleksey Pesternikov <apesternikov yahoo.com>]

  *) mod_proxy_balancer: Do not overwrite the status of initialized workers and
     respect the configured status of uninitilized workers when creating a new
     child process. [Ruediger Pluem]

  *) mod_proxy_ajp: Crosscheck the length of the body chunk with the length of
     the ajp message to prevent mod_proxy_ajp from reading beyond the buffer
     boundaries and thus revealing possibly sensitive memory contents to the
     client. [Ruediger Pluem]

  *) Ensure that the proper status line is written to the client, fixing
     incorrect status lines caused by filters which modify r->status without 
     resetting r->status_line, such as the built-in byterange filter.
     [Jeff Trawick]

  *) mod_speling: Stop crashing with certain non-file requests.  [Jeff Trawick]

  *) mod_cache: Make caching of reverse proxies possible again. PR 38017.
     [Ruediger Pluem]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Modify apr[util] .h detection to avoid breakage on VPATH builds
     using Solaris make (amoung others) and avoid breakage in ./buildconf
     when srclib/apr[-util] are symlinks rather than directories proper.
     [William Rowe]

  *) Chunk filter: Fix chunk filter to create correct chunks in the case that
     a flush bucket is surrounded by data buckets. [Ruediger Pluem]

  *) Fix syntax error in httpd.h with strict compilers.  PR 38740.
     [Per Olausson <pao darkheim.freeserve.co.uk>]

  *) Preserve the Content-Length header for a proxied HEAD response.
     PR 18757.  [Greg Ames]

  *) Fix recursive ErrorDocument handling.  PR 36090.
     [Chris Darroch <chrisd pearsoncmg.com>]

  *) Don't hang on error return from post_read_request.  PR37790 [Nick Kew]

  *) Fix off-by-one error in proxy_balancer.  PR37753
     [Kazuhiro Osawa <ko yappo ne jp>]

Changes with Apache 2.2.0
  *) mod_negotiation: Minor performance tweak by reusing already calculated
     strlen.
     [Ruediger Pluem, Christophe Jaillet <christophe.jaillet wanadoo.fr>]

  *) Remove support for 'On' and 'Off' for AuthBasicProvider and
     AuthDigestProvider.  [Joshua Slive, Justin Erenkrantz]

  *) Add in new UseCanonicalPhysicalPort directive, which controls
     whether or not Apache will ever use the actual physical port
     when constructing the canonical port number. [Jim Jagielski]

  *) mod_dav: Fix a null pointer dereference in an error code path during the
     handling of MKCOL.
     [Ruediger Pluem, Ghassan Misherghi <ghassanm ucdavis.edu>]

  *) Fix DESTDIR=... installation when using bundled copy of APR.
     [Torsten Foertsch <torsten.foertsch gmx.net>]

  *) mod_proxy_balancer: When finding best worker, use case insensitive
     match for scheme and host, but case sensitive for the rest of
     the path. [Jim Jagielski, Ruediger Pluem]

  *) Add mod_authn_dbd (SQL-based  authentication) [Nick Kew]

  *) mod_proxy_ajp: Do not spool the entire response from AJP backend before
     sending it up the filter chain. PR37100.  [Ruediger Pluem]

  *) mod_cache: Create new filters CACHE_OUT_SUBREQ / CACHE_SAVE_SUBREQ which
     only differ by the type from CACHE_OUT / CACHE_SAVE to ensure that
     subrequests to non local resources work again. [Ruediger Pluem]

  *) mod_proxy: Do not lowercase the entire worker name of a BalancerMember
     since this breaks case sensitive URI's. PR36906.  [Ruediger Pluem]

  *) core: AddOutputFilterByType is ignored for proxied requests. PR31226.
     [Joe Orton, Ruediger Pluem]

  *) mod_proxy_http: Prevent data corruption of POST request bodies when
     client accesses proxied resources with SSL. PR37145.
     [Ruediger Pluem, William Rowe]

  *) mod_proxy_balancer: BalancerManager and proxies correctly handle
     member workers with paths. PR36816. [Ruediger Pluem, Jim Jagielski]

  *) mod_log_config: %{hextid}P will log the thread id in hex with APR
     versions 1.2.0 or higher.  [Jeff Trawick]

  *) httpd.exe/apachectl -V: display the DYNAMIC_MODULE_LIMIT setting, as
     in 1.3.  [Jeff Trawick]

Nick Kew's avatar
Nick Kew committed
  *) Support dbd connections tied to the conn_rec [Nick Kew]

  *) Move mod_dbd to /modules/database/ [Nick Kew]

  *) Move mod_filter and mod_charset_lite to /modules/filters/ [Nick Kew]

  *) Fix mod_dbd's config [Brian J. France <list firehawksystems.com>]

  *) mod_proxy_ajp: mod_proxy_ajp sends empty SSL attributes for non SSL
     connections. PR36883.
     [William Barker <william.barker wilshire.com>, Ruediger Pluem]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Elimiated the NET_TIME filter, restructuring the timeout logic.
     This provides a working mod_echo on all platforms, and ensures any
     custom protocol module is at least given an initial timeout value
     based on the <VirtualHost > context's Timeout directive.
     [William Rowe]

  *) mod_proxy: Run the request_status hook also if there are no free workers
     or all workers are in error state.
     [Ruediger Pluem, Brian Akins <brian.akins turner.com>]

  *) mod_proxy_balancer: mod_proxy_balancer does not handle sticky sessions
     with tomcat correctly. PR36507. [Ruediger Pluem]

  *) mod_proxy_connect: Fix high CPU loop on systems like UnixWare which
     trigger POLL_ERR or POLL_HUP on a terminated connection.  PR 36951.
     [Jeff Trawick, Ruediger Pluem]

  *) SECURITY: CVE-2005-2970 (cve.mitre.org)
Jeff Trawick's avatar
Jeff Trawick committed
     worker MPM: Fix a memory leak which can occur after an aborted
     connection in some limited circumstances.  [Greg Ames]
Jeff Trawick's avatar
Jeff Trawick committed

  *) Doxygen fixup [Neale Ranns <neale ranns.org>, Ian Holsman]

  *) mod_cache/mod_dir: Correct a subrequest lookup bug which was preventing
     mod_dir from serving indexes correctly with mod_cache enabled. 
     [Colm MacCarthaigh]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
Changes with Apache 2.1.8

Joe Orton's avatar
Joe Orton committed
  *) Fix lingering close implementation to match 1.3.x behaviour.
     PR 35292.  [Joe Orton]

  *) mod_ssl: Support limited buffering of request bodies to allow 
     per-location renegotiation to proceed.  PR 12355.  [Joe Orton]
Joe Orton's avatar
Joe Orton committed
  *) Fix regression since 2.0.x in AllowOverride Options handling. 
     PR 35330.  [kabe <kabe sra-tohoku.co.jp>]

  *) mod_ssl: Fix memory leak in ssl_util_algotypeof().
     PR 25659.  [David Blake <dblake hp com>, Martin Kraemer]
Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) prefork, worker and event MPMs: Support a graceful-stop procedure:
     Server will wait until existing requests are finished or until  
     "GracefulShutdownTimeout" number of seconds before exiting. 
     [Colm MacCarthaigh, Ken Coar, Bill Stoddard]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) prefork, worker and event MPMs: Prevent children from holding open 
     listening ports upon graceful restart or stop. PR 28167. 
     [Colm MacCarthaigh, Brian Pinkerton <bp thinkpink.com>]

  *) SECURITY: CVE-2005-2700 (cve.mitre.org)
Joe Orton's avatar
Joe Orton committed
     mod_ssl: Fix a security issue where "SSLVerifyClient" was not
     enforced in per-location context if "SSLVerifyClient optional"
     was configured in the vhost configuration.  [Joe Orton]

  *) mod_ssl: Catch parse errors from misconfigured or malformed
     CRLs.  PR 36438.  [Joe Orton]

  *) mod_proxy/mod_proxy_balancer: lbmethods now implemented as
     providers. Prevent problems when no Vhost containers were
     configured with proxy balancers. [Jim Jagielski]

  *) New provider function to list all available provider names in a
     specific group and version (ap_list_provider_names). [Jim Jagielski]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) mod_cache: Enhance CacheEnable/CacheDisable to control caching on a
     per-protocol, per-host and per-path basis. Intended for proxy
     configurations. [Colm MacCarthaigh]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) mod_disk_cache: Canonicalise the storage key, for improved hit/miss
     ratio. [Colm MacCarthaigh]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) mod_cgid: Append .PID to the script socket filename and remove the
     script socket on exit. [Colm MacCarthaigh, Jim Jagielski]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) mod_cgid: run the get_suexec_identity hook within the request-handler 
     instead of within cgid. PR 36410. [Colm MacCarthaigh]

Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed
  *) Linux 2.0: remove support for threaded MPM's due to linuxthreads use
     of SIGUSR1 clashing with graceful restart signal. [Colm MacCarthaigh]

Changes with Apache 2.1.7
Colm MacCarthaigh's avatar
 
Colm MacCarthaigh committed

  *) SECURITY: CVE-2005-2491 (cve.mitre.org): 
     Fix integer overflows in PCRE in quantifier parsing which could
     be triggered by a local user through use of a carefully-crafted 
     regex in an .htaccess file.  [Philip Hazel]

  *) mod_proxy/mod_proxy_balancer: Provide a simple, functional
     interface to add additional balancer lb selection methods
     without requiring code changes to mod_proxy/mod_proxy_balancer;
     these can be implemented via sub-modules now. [Jim Jagielski]

  *) mod_cache: Fix incorrectly served 304 responses when expired cache
     entity is valid, but cache is unwritable and headers cannot be
     updated.  [Colm MacCarthaigh <colm stdlib.net>]

  *) mod_cache: Remove entities from the cache when re-validation
     receives a 404 or other content-no-longer-present error.
     [Rüdiger Plüm ruediger.pluem vodafone.com]

  *) mod_disk_cache: Properly remove files from cache when needed.
     [Rüdiger Plüm ruediger.pluem vodafone.com]

  *) mod_disk_cache: Support htcacheclean removing directories.
     [Andreas Steinmetz]

  *) htcacheclean: Add -t option to remove empty directories.
     [Colm MacCarthaigh <colm stdlib.net>]

  *) Remove the base href tag from mod_proxy_ftp, as it breaks relative
     links for clients not using an Authorization header. [Graham Leggett,
     Jon Snow <jsnow27 gatesec.net>]

  *) mod_cache: Restore the HTTP status of cached responses.
     [Hansjoerg Pehofer <hansjoerg.pehofer uibk.ac.at>]

  *) mod_cache: Store varied contents all in the same prefix for a varied URI.
     [Paul Querna]

  *) mod_cache: Run the CACHE_SAVE and CACHE_OUT Filters after other content
     filters. [Paul Querna]

  *) mod_negotiation: Correctly report 404 instead of 403 for missing files.
     [Paul Querna]

Paul Querna's avatar
Paul Querna committed
  *) new hook (request_status) that gets ran in proxy_handler just before 
     the final return.  This gives modules an opportunity to do something 
     based on the proxy status. (minor MMN bump)
     [Brian Akins <bakins turner.com>, Ian Holsman]
  *) Add additional SSLSessionCache option, 'nonenotnull', which is
     similar to 'none' (disabling any external shared cache) but forces
     OpenSSL to provide a non-null session ID.  [Jim Jagielski]
  *) Add httxt2dbm to support/ for creating RewriteMap DBM Files.
     [Paul Querna]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) Add SSL_COMPRESS_METHOD variable (included in +StdEnvVars) to note
     the negotiated compression.  [Georg v. Zezschwitz <gvz 2scale.de>]

  *) Fixed complaints about unpackaged files within the RPM build
     after changes to the config files. [Graham Leggett]

  *) Fix shutdown for the Worker MPM when an Accept Filter is used. Instead of 
     just closing the socket, a HTTP request is made, to make sure the child is 
     always awakened. [Paul Querna]

Paul Querna's avatar
Paul Querna committed
Changes with Apache 2.1.6

  *) Fix htdbm password validation for records which included comments.
     [Eric Covener <covener gmail.com>]

  *) mod_cgid: Fix buffer overflow processing ScriptSock directive.
     [Steve Kemp <steve steve.org.uk>]

Paul Querna's avatar
Paul Querna committed
Changes with Apache 2.1.5

  *) mod_ssl: Setting the Protocol to 'https' can replace the use of the 
     'SSLEngine on' command. [Paul Querna]

  *) core: Refactor the mapping of Accept Filters to Sockets. Add the 
     AcceptFilter and Protocol directives to aid in mapping filter types.
     Extend the Listen directive to optionally take a protocol name.
     [Paul Querna]

  *) mod_disk_cache: Support storing multiple variations of one URL. PR 35211.
     [Paul Querna]

  *) mod_disk_cache: Atomically create the header data file. [Paul Querna]

  *) mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125. 
     [Paul Querna]

  *) mod_cache: Rename 'generate_name' to 'ap_cache_generate_name'. 
     [Paul Querna]

  *) mod_mime_magic: Handle CRLF-format magic files so that it works with
     the default installation on Windows.  [Jeff Trawick]

  *) core: Allow multiple modules to register interest in a single 
     configuration command. [Paul Querna]

  *) authn_provider_alias: Adds the configuration block tag
     <AuthnProviderAlias baseProvider Alias>
     Authentication directives contained within this block can be
     referenced as a new authProvider using the AuthBasicProvider or
     AuthDigestProvider directive.  These directives will be merged in to
     the per_dir configuration just before the base provider is called.
     [Brad Nicholes]

  *) ap_getword_conf: Fix backslashes at the end of configuration directives. 
     PR 34834. [Timo Viipuri <viipuri dlc.fi>]

Nick Kew's avatar
Nick Kew committed
  *) mod_dbd: New additions: mod_dbd.c, mod_dbd.h, mod_dbd.xml
     Provide module hooks for apr_dbd; optimise for httpd
     threaded and non-threaded arch [Nick Kew]

  *) ab: SSL support rewritten, improved, and enabled if SSL is enabled
     during the build; -f and -Z arguments added to specify SSL protocol
     options.  [Masaoki Kobayashi <masaoki techfirm.co.jp>]

  *) mod_info: Show the Quick Handler [Paul Querna]
  *) mod_ldap: Add the directive LDAPVerifyServerCert to specify 
     whether to force verification of the server certificate when
     establishing an SSL connection to the LDAP server. 
     [Brad Nicholes]
     
  *) mod_proxy: Run mod_rewrite before mod_proxy in the translate_name
  *) Add AP_INIT_TAKE_ARGV for configuration commands. (minor MMN bump) 
     [Paul Querna]

  *) ap_get_local_host() rewritten for APR. [Jim Jagielski]

  *) Add the ap_vhost_iterate_given_conn function to expose the information
     used in Name Based Virtual Hosting. (minor MMN bump)
     [Paul Querna]

  *) Remove the never working ap_method_list_do and ap_method_list_vdo.
     [Paul Querna]

  *) Added makefile and doc for building mod_ssl on the NetWare 
     platform. [Guenter Knauf, Brad Nicholes]
  
  *) mod_deflate: Merge the Vary header, isntead of Setting it. Fixes
     applications that send the Vary Header themselves, and also apply 
     mod_deflate as an output filter. [Paul Querna]
Joe Orton's avatar
Joe Orton committed

  *) Change the default (when not present in the config file) setting
     for UseCanonicalName to Off.
     [Joshua Slive]

  *) mod_userdir: The module no longer does any remapping unless the
     UserDir directive is present in the config file.
     [Joshua Slive]

  *) Massively simplify the distributed httpd.conf by removing
     many features and many directives that are at their default
     setting.  Add a selection of example config excerpts for adding
     extra features in the conf/extra/ directory.  Install the
     distributed config and the extra config examples in the
     conf/original/ directory during make install.
     [Joshua Slive, Justin Erenkrantz]

  *) NetWare: Reposition mod_asis, mod_actions, mod_cgi, mod_imagemap,
     mod_userdir and mod_autoindex as shared modules rather than 
     built-in modules within the NetWare build.
     [Brad Nicholes]

  *) Rename mod_imap to mod_imagemap.
     [Paul Querna]

  *) util_ldap: Eliminate the load ordering of mod_ldap and mod_authnz_ldap
     by changing the mod_ldap exported functions to optional functions.
     [Brad Nicholes]

Changes with Apache 2.1.4

  *) Don't let a subrequest inherit headers describing the original request's
     body.  [Greg Ames]

  *) Fix Windows CompContext buff size miscalculation
     [Allan Edwards]

  *) Add ReceiveBufferSize directive to control the TCP receive buffer.
     [Eric Covener <covener gmail.com>]

  *) mod_proxy: Add proxy-sendextracrlf option to send an extra CRLF at the
     end of the request body to work with really old HTTP servers.
     [Justin Erenkrantz]

  *) util_ldap: Keep track of the number of attributes retrieved from 
     LDAP so that all the values can be properly cached even if the 
     value is NULL. PR 33901 [Brad Nicholes]
  *) mod_cache: Fix error where incoming Cache-Control would be ignored.
     [Justin Erenkrantz]

  *) mod_cache: Correctly handle originally conditional requests.
     [Sander Striker]

  *) mod_disk_cache: Correctly update cached headers on revalidated responses.
     [Sander Striker, Justin Erenkrantz]

  *) worker MPM/mod_status: Support per-worker tracking of pid and
     generation in the scoreboard so that mod_status can accurately
     represent workers in processes which are gracefully terminating.
     (major MMN bump)
     [Jeff Trawick]

  *) Correctly export all mod_dav public functions.
Justin Erenkrantz's avatar
Justin Erenkrantz committed
Changes with Apache 2.1.3

  *) mod_ssl: Add ssl_ext_lookup optional function for accessing
     certificate extensions.   [David Reid, Joe Orton]

Joe Orton's avatar
Joe Orton committed
  *) Add support for use of an external PCRE library; pass the
     --with-pcre flag to configure.  PR 27550.  [Joe Orton,
     Andres Salomon <dilinger voxel.net>]

  *) Renamed regex interfaces to be namespace-safe, and moved from
     pcreposix.h header to ap_regex.h: regex_t->ap_regex_t,
     regmatch_t->ap_regmatch_t; REG_*->AP_REG_*; functions
     reg*->ap_reg*.  PR 27550.  [Andres Salomon <dilinger voxel.net>,
     Joe Orton]

  *) Only recompile buildmark.c when we have to relink httpd.
     [Justin Erenkrantz]

  *) mod_cache: Fix up handling of revalidated responses.
  *) mod_disk_cache: Properly load cached ETag from on-disk structures.
     [Justin Erenkrantz]

  *) mod_authnz_ldap: Added an optional second parameter to AuthLDAPURL
     to allow it to override the connection type set in mod_ldap. This
     parameter can be set to NONE, SSL or TLS | STARTTLS.
     [Brad Nicholes]

  *) Fix --with-apr=/usr and/or --with-apr-util=/usr.  PR 29740.
     [Max Bowsher <maxb ukf.net>]

  *) mod_proxy: Fix ProxyRemoteMatch directive.  PR 33170.
     [Rici Lake <rici ricilake.net>]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) mod_proxy: Fix ap_proxy_canonenc API.
     PR 32459. [Jim Jagielski]
  *) mod_cache: Add CacheStorePrivate and CacheStoreNoStore directive.
     [Justin Erenkrantz]

  *) Add --enable-pie flag to configure, to build httpd as a Position
     Independent Executable where supported (GCC/binutils).
     [Joe Orton]

  *) proxy_balancer: Add in load-balancing via weighted traffic
     byte count. [Jim Jagielski]

  *) mod_disk_cache: Cache r->err_headers_out headers.  This allows CGI
     scripts to be properly cached.  [Justin Erenkrantz, Sander Striker]

  *) mod_ldap: Updated to use the new apr-util v1.1 apr_ldap_*_option()
     API for the setting of server and client SSL certificates. Replaced
     LDAPTrustedCA directive with LDAPTrustedGlobalCert and
     LDAPTrustedClientCert directives to correctly support global certs
     (CA certs / Netware client certs) and per connection client certs
     as supported by Netware, OpenLDAP and Netscape/Mozilla.
     [Graham Leggett]

  *) mod_cache: Remove unimplemented CacheForceCompletion directive.
     [Justin Erenkrantz]

  *) support/check_forensic: Fix temp file usage
     [Javier Fernandez-Sanguino Pen~a <jfs computer.org>]

  *) mod_ssl: Add SSLCADNRequestFile and SSLCADNRequestPath directives
     which can be used to configure a specific list of CA names to send
     in a client certificate request.  PR 32848. 
     [Tim Taylor <tim.taylor dfas.mil>]

  *) --with-module can now take more than one module to be statically
     linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
     If the <modtype>-subdirectory doesn't exist it will be created and
     populated with a standard Makefile.in.  [Erik Abele]

  *) Remove some compiler warnings within the LDAP modules [Graham Leggett]

  *) Add a build script to create a solaris package. [Graham Leggett]

William A. Rowe Jr's avatar
 
William A. Rowe Jr committed
  *) ap_http_scheme() replaced with ap_http_method() - this function
     returns the scheme (http v.s. https).
     [William Rowe]

  *) mod_proxy: Fix a request corruption problem and a buffering problem
     which sometimes prevented proxy-sendchunks from working.
     [Jeff Trawick]

  *) Fix the RPM spec file so that an RPM build now works. An RPM
     build now requires system installations of APR and APR-util.
     [Graham Leggett]

  *) Significantly simplify the load balancer scheduling algorithm
     for the proxy BalancerMember weighting. loadfactors (lbfactors)
     are now normalized with respect to each other. [Jim Jagielski]

  *) mod_dumpio: Added to the available module suite; it is an
     I/O logging/dumping module. Placed in the (new) debug module
     subdirectory. mod_bucketeer moved to that directory as well.
     [Jim Jagielski]
  *) core: Add support for APR_TCP_DEFER_ACCEPT to defer accepting
     of a connection until data is available.
     [Paul Querna]

Justin Erenkrantz's avatar
Justin Erenkrantz committed
Changes with Apache 2.1.2

  *) mod_proxy: Respect errors reported by pre_connection hooks.
     [Jeff Trawick]

  *) core: Error out on sections that are missing an argument instead of
     silently consuming the section. PR 25460.
     [Geoffrey Young, Paul Querna]

  *) mod_cache/mod_mem_cache/mod_disk_cache: Move out of experimental.

  *) Upgraded PCRE to version 5.0. [Brian Pane]
  *) mod_cgid: Catch configuration problem where two web server instances
     share same ServerRoot but admin forgot to use ScriptSock.
     [Jeff Trawick]

  *) mod_cgi: Ensure that all stderr is logged for a script which returns
     a Location header to generate a non-local redirect.  PR 20111.
     [Joe Orton]

  *) Added the Event MPM to more efficiently handle clients during a 
     Keep Alive request.
     [Paul Querna, Greg Ames]

Justin Erenkrantz's avatar
Justin Erenkrantz committed
Changes with Apache 2.1.1

  *) mod_proxy_http: Stream content better - always flush buffered data to
     the client before blocking waiting for new data.  PR 19954.
     [Joe Orton]

  *) mod_ssl: Add support for command-line option "-t -DDUMP_CERTS" which
     will dump the filenames of all configured SSL certificates to stdout.
     [Joe Orton]

  *) mod_disk_cache: Remove a bunch of non-implemented garbage collection
     and cache size directives that are now available through htcacheclean.
     [Justin Erenkrantz]

  *) Add htcacheclean to support/ for assistance with mod_disk_cache.
     [Andreas Steinmetz]

  *) mod_authnz_ldap: Added the directive "Requires ldap-filter" that
     allows the module to authorize a user based on a complex LDAP
  *) mod_usertrack: Run the fixups hook before other modules.
  *) Allow mod_authnz_ldap authorization functionality to be used 
     without requiring the user to also be authenticated through 
     mod_authnz_ldap. This allows other authentication modules to 
     take advantage of LDAP authorization only [PR 28253]
     [Jari Ahonen jah progress.com, Brad Nicholes]
     
  *) Log the client IP address when an error occurs disabling nagle on a
     connection, but log at a severity of debug since this error 
     generally means that the connection was dropped before data was
     sent.  Log the client IP address when reporting errors in the core
     output filter.  [Jeff Trawick]

  *) core: Add a warning message if the request line read fails.
     [Paul Querna]

  *) mod_rewrite: Removed the MaxRedirects option in favor of the
     core LimitInternalRecursion directive.  [André Malo]
  *) mod_info: Added listing of the Request Hooks and added more build 
     information like 'httpd -V' contains. Changed output to XHTML. 
     [Paul Querna]

  *) mod_info: Rewrote config tree walk using a recursive function.
     Added ?config option. Added printout of config filename and line numbers.
     [Rici Lake <rici ricilake.net>, Paul Querna]

  *) mod_proxy: Fix type error that prevents proxy-sendchunks from working.
     [Justin Erenkrantz]

  *) mod_proxy: Fix data corruption by properly setting aside buckets.
     [Justin Erenkrantz]

  *) mod_proxy: If a request has a blank body and has a 0 Content-Length
     headers, pass that to the proxy.  [Justin Erenkrantz]

Andre Malo's avatar
Andre Malo committed
  *) Recognize QSA flag in mod_rewrite again.
     [Jan Kratochvil <rcpt-dev.AT.httpd.apache.org jankratochvil.net>]

  *) Restructured mod_auth_ldap to fit the new authentication model.
     The module is now called authnz_ldap and has been moved out of
     the modules/experimental area and into modules/aaa with the other
     auth modules.  Both the authn_ldap provider and the authz_ldap
     handler are contained within the authnz_ldap module.  The 
     authz_ldap handler introduces 3 new "requires" values for handling
     authorization.  These handlers are ldap-user, ldap-group and 
     ldap-dn. [Brad Nicholes]

  *) Fix some compiler warnings in proxy
     [Geoffrey Young <geoff@modperlcookbook.org>]

  *) mod_ssl: Add SSL_CLIENT_V_REMAIN variable, representing the
     number of days until the client cert expires.  [Joe Orton]

  *) Add test_config hook, run only if httpd is invoked using -t.
     [Joe Orton]

  *) Improve error handling for corrupted pid files.  [Jeff Trawick]

  *) mod_proxy.c and proxy_util.c: Enable compiling on 2.0-HEAD 
     (for backwards compatibility):
     Avoids mod_ssl.h (not included in 2.0-HEAD) and
     use apr_socket_create_ex for 0.9.x 
     [Mladen Turk]

  *) Added proxy_ajp.c module for proxy support to ajp:// backends.
     [Jean Frederic Clere]

  *) Fixes the build of proxy on Windows. Since the proxy_module is declared
     as extern using AP_MODULE_DECLARE_DATA that expands to dllexport, there
     is a LNK2001 error when building proxy_http. [Mladen Turk]

  *) Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap.
     [Graham Leggett]

  *) Remove deprecated/removed APR_STATUS_IS_SUCCESS().  [Justin Erenkrantz]

  *) perchild MPM: Fix thread safety problem in the use of longjmp().
     [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]

  *) Add load balancer support to the scoreboard in preparation for
     load balancing support in mod_proxy. [Mladen Turk]

  *) mod_nw_ssl: Added the directive NWSSLUpgradeable to mod_nw_ssl to 
     allow a non-secure connection to be upgraded to secure connections
     [Brad Nicholes]
     
  *) core: Add Options= syntax to AllowOverride to specify which options
     may be overridden in .htaccess files. PR 29310.
     [Tom Alsberg <alsbergt cs.huji.ac.il>, Paul Querna]

  *) ab: Handle long URLs with an error instead of an buffer overflow.
     PR 28204. [Erik Weide <erik.weidel mplus-technologies.de>, Paul Querna]

Paul Querna's avatar
Paul Querna committed
  *) mod_so, core: Add new command line options to print all loaded
     modules. '-t -D DUMP_MODULES' and '-M' will show all static 
     and shared modules as loaded from the configuration file.
     [Paul Querna]

  *) mod_autoindex: Add ShowForbidden to IndexOptions to list files
     that are not shown because the subrequest returned 401 or 403. 
     PR 10575.  [Paul Querna]

Nick Kew's avatar
 
Nick Kew committed
  *) mod_headers: implement "Early" processing option in post_read_request
     to enable Header and RequestHeader directives to be used to set up
     testcases for pre-fixups request phases [Nick Kew]

Nick Kew's avatar
 
Nick Kew committed
  *) mod_proxy: multiple bugfixes, principally support cookies in
     ProxyPassReverse, and don't canonicalise URL passed to backend.
     Documentation correspondingly updated. [Nick Kew <nick webthing.com>]

  *) mod_deflate: support gzip flags in inflate_out_filter
     [Nick Kew <nick webthing.com>]

  *) Drop the ErrorHeader directive which turned out to be a misnomer.
     Instead there's a new optional flag for the Header directive
     ('always'), which keeps the former ErrorHeader functionality.
  *) mod_deflate: Don't deflate responses with zero length 
     e.g. proxied 304's [Allan Edwards]

Andre Malo's avatar
Andre Malo committed
  *) <IfModule> now recognizes the module identifier in addition to the
     file name. PR 29003.  [Edward Rudd <eddie omegaware.com>, André Malo]
Andre Malo's avatar
Andre Malo committed

  *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
     OpenSSL 0.9.7 flag which uses the server's cipher order rather
     than the client's.  PR 28665.
     [Jim Schneider <jschneid netilla.com>]
  *) mod_ssl: Drop support for the CompatEnvVars argument to
     SSLOptions, which was never actually implemented in 2.0.
     [Joe Orton]

  *) Fix bug in mod_deflate that unconditionally sent deflate'd output
     even when Accept-Encoding is not present.  [Justin Erenkrantz]

  *) Pass environment variables through to piped loggers and start
     them via the shell, resolving regressions since 1.3.  PR 28815
     [Ken Coar, Jeff Trawick]
  *) External rewrite map responses are no longer limited to 2048
Jim Jagielski's avatar
Jim Jagielski committed
  *) Proxy server was deleting cookies that Apache had already
     assigned if the origin server had set any cookies. PR 27023.
     [Jim Jagielski]

  *) Removed old and unmaintained ap_add_named_module API and changed
     the following APIs to return an error instead of hard exiting:
     ap_add_module, ap_add_loaded_module, ap_setup_prelinked_modules,
     and ap_process_resource_config.  [André Malo]
  *) mod_headers: Allow %% in header values to represent a literal %.
  *) mod_headers: Allow env clauses also for 'echo' and 'unset' actions.
  *) mod_headers: Allow 'echo' also for ErrorHeaders.  [André Malo]
Andre Malo's avatar
Andre Malo committed

Ian Holsman's avatar
Ian Holsman committed
  *) mod_deflate: New option for DEFLATE output file (force-gzip),
     new output filter 'INFLATE' for uncompressing responses.
     [Nick Kew <Nick at WebThing dot com>, Ian Holsman]

  *) Added new module mod_version, which provides version dependent
     configuration containers.  [André Malo]
  *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
     format is used.  PR 27787.  [André Malo]
  *) Allow Digest providers to return AUTH_DENIED to propagate a 401
     status and terminate the provider chain prior to checking the password.
     [Geoffrey Young]

  *) mod_cgid: Don't allow Scriptsock to be specified inside VirtualHost;
     Don't place script socket inside default server root instead of
     actual server root.  PR 27886.  [Jeff Trawick]

  *) mod_proxy: Fix handling of non-200 success status codes when
     "ProxyErrorOverride On" is configured.  PR 20183.
     [Marcus Janson <marcus.janson tre.se>, Joe Orton]

  *) Threaded MPMs for Unix and Win32: Add support for ThreadStackSize 
     directive (previously NetWare-only) to override default thread 
     stack size for threads which handle client connections.  Required 
     for some third-party modules on platforms with small default 
     thread stack size.  [Jeff Trawick]
  *) minor mod_auth_basic and mod_auth_digest sync.  mod_auth_basic
     now populates r->user with the (possibly unauthenticated) user,
     and mod_auth_digest returns 500 when a provider returns
     AUTH_GENERAL_ERROR.
     [Geoffrey Young]

  *) The whole codebase was relicensed and is now available under
     the Apache License, Version 2.0 (http://www.apache.org/licenses).
     [Apache Software Foundation]

  *) Delete some make-generated files in the server directory during 
     "make clean" processing.  PR 26552.  [Jeff Trawick]