Newer
Older
William A. Rowe Jr
committed
-*- coding: utf-8 -*-
Stefan Fritsch
committed
*) SECURITY: CVE-2010-1623 (cve.mitre.org)
Fix a denial of service attack against mod_reqtimeout.
[Stefan Fritsch]
*) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
of rewrite processing when a per-directory substitution occurs.
[Eric Covener]
*) mod_ssl: Make sure to always log an error if loading of CA certificates
fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
*) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
*) mod_dav: Send 400 error if malformed Content-Range header is received for
a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
*) mod_proxy: Release the backend connection as soon as EOS is detected,
so the backend isn't forced to wait for the client to eventually
acknowledge the data. [Graham Leggett]
*) mod_proxy: Optimise ProxyPass within a Location so that it is stored
per-directory, and chosen during the location walk. Make ProxyPass
work correctly from within a LocationMatch. [Graham Leggett]
*) core: Fix segfault if per-module LogLevel is on virtual host
scope. PR 50117. [Stefan Fritsch]
Graham Leggett
committed
*) mod_proxy: Move the ProxyErrorOverride directive to have per
directory scope. [Graham Leggett]
*) mod_allowmethods: New module to deny certain HTTP methods without
interfering with authentication/authorization. [Paul Querna,
Igor Galić, Stefan Fritsch]
*) mod_ssl: Log certificate information and improve error message if client
cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
Stefan Fritsch]
*) htcacheclean: Teach htcacheclean to limit cache size by number of
inodes in addition to size of files. Prevents a cache disk from
running out of space when many small files are cached.
[Graham Leggett]
*) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
describes more accurately what the directive does. The old name
still works but logs a warning. [Stefan Fritsch]
*) mod_cache: Optionally serve stale data when a revalidation returns a
5xx response, controlled by the CacheStaleOnError directive.
[Graham Leggett]
*) htcacheclean: Allow the listing of valid URLs within the cache, with
the option to list entry metadata such as sizes and times. [Graham
Leggett]
*) mod_cache: Allow control over the base URL of reverse proxied requests
using the CacheKeyBaseURL directive, so that the cache key can be
calculated from the endpoint URL instead of the server URL. [Graham
Leggett]
*) mod_cache: CacheLastModifiedFactor, CacheStoreNoStore, CacheStorePrivate,
CacheStoreExpired, CacheIgnoreNoLastMod, CacheDefaultExpire,
CacheMinExpire and CacheMaxExpire can be set per directory/location.
[Graham Leggett]
*) mod_disk_cache: CacheMaxFileSize, CacheMinFileSize, CacheReadSize and
CacheReadTime can be set per directory/location. [Graham Leggett]
*) core: Speed up config parsing if using a very large number of config
files. PR 50002 [andrew cloudaccess net]
*) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
*) htcacheclean: Allow the option to round up file sizes to a given
block size, improving the accuracy of disk usage. [Graham Leggett]
Stefan Fritsch
committed
*) mod_ssl: Add authz providers for use with mod_authz_core and its
RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
'ssl-require' (expressions with same syntax as SSLRequire).
[Stefan Fritsch]
Stefan Fritsch
committed
*) mod_ssl: Make the ssl expression parser thread-safe. It now requires
bison instead of yacc. [Stefan Fritsch]
*) mod_disk_cache: Change on-disk header file format to support the
link of the device/inode of the data file to the matching header
file, and to support the option of not writing a data file when
the data file is empty. [Graham Leggett]
Stefan Fritsch
committed
*) core/mod_unique_id: Add generate_log_id hook to allow to use
the ID generated by mod_unique_id as error log ID for requests.
[Stefan Fritsch]
Stefan Fritsch
committed
*) mod_cache: Make sure that we never allow a 304 Not Modified response
that we asked for to leak to the client should the 304 response be
uncacheable. PR45341 [Graham Leggett]
*) mod_cache: Add the cache_status hook to register the final cache
decision hit/miss/revalidate. Add optional support for an X-Cache
and/or an X-Cache-Detail header to add the cache status to the
response. PR48241 [Graham Leggett]
*) mod_authz_host: Add 'local' provider that matches connections originating
on the local host. PR 19938. [Stefan Fritsch]
*) Event MPM: Fix crash accessing pollset on worker thread when child
process is exiting. [Jeff Trawick]
William A. Rowe Jr
committed
*) core: For process invocation (cgi, fcgid, piped loggers and so forth)
pass the system library path (LD_LIBRARY_PATH or platform-specific
variables) along with the system PATH, by default. Both should be
overridden together as desired using PassEnv etc; see mod_env.
[William Rowe]
*) mod_cache: Introduce CacheStoreExpired, to allow administrators to
capture a stale backend response, perform If-Modified-Since requests
against the backend, and serving from the cache all 304 responses.
This restores pre-2.2.4 cache behavior. [William Rowe]
*) mod_rewrite: Introduce <=, >= string comparison operators, and integer
comparators -lt, -le, -eq, -ge, and -gt. To help bash users and drop
the ambiguity of the symlink test "-ltest", introduce -h or -L as
symlink test operators. [William Rowe]
*) mod_cache: Give the cache provider the opportunity to choose to cache
or not cache based on the buckets present in the brigade, such as the
presence of a FILE bucket.
[Graham Leggett]
*) mod_authz_core: Allow authz providers to check args while reading the
config and allow to cache parsed args. Move 'all' and 'env' authz
providers from mod_authz_host to mod_authz_core. Add 'method' authz
provider depending on the HTTP method. [Stefan Fritsch]
*) mod_include: Move the request_rec within mod_include to be
exposed within include_ctx_t. [Graham Leggett]
*) mod_include: Reinstate support for UTF-8 character sets by allowing a
variable being echoed or set to be decoded and then encoded as separate
steps. PR47686 [Graham Leggett]
*) mod_cache: Add a discrete commit_entity() provider function within the
mod_cache provider interface which is called to indicate to the
provider that caching is complete, giving the provider the opportunity
to commit temporary files permanently to the cache in an atomic
fashion. Replace the inconsistent use of error cleanups with a formal
set of pool cleanups attached to a subpool, which is destroyed on error.
[Graham Leggett]
*) mod_cache: Change the signature of the store_body() provider function
within the mod_cache provider interface to support an "in" brigade
and an "out" brigade instead of just a single input brigade. This
gives a cache provider the option to consume only part of the brigade
passed to it, rather than the whole brigade as was required before.
This fixes an out of memory and a request timeout condition that would
occur when the original document was a large file. Introduce
CacheReadSize and CacheReadTime directives to mod_disk_cache to control
the amount of data to attempt to cache at a time. [Graham Leggett]
Stefan Fritsch
committed
*) core: Add ErrorLogFormat to allow configuring error log format, including
additional information that is logged once per connection or request. Add
error log IDs for connections and request to allow correlating error log
lines and the corresponding access log entry. [Stefan Fritsch]
Stefan Fritsch
committed
*) core: Disable sendfile by default. [Stefan Fritsch]
*) mod_cache: Check the request to determine whether we are allowed
to return cached content at all, and respect a "Cache-Control:
no-cache" header from a client. Previously, "no-cache" would
behave like "max-age=0". [Graham Leggett]
*) mod_cache: Use a proper filter context to hold filter data instead
of misusing the per-request configuration. Fixes a segfault on trunk
when the normal handler is used. [Graham Leggett]
*) mod_cgid: Log a warning if the ScriptSock path is truncated because
it is too long. PR 49388. [Stefan Fritsch]
*) vhosts: Do not allow _default_ in NameVirtualHost, or mixing *
and non-* ports on NameVirtualHost, or multiple NameVirtualHost
directives for the same address:port, or NameVirtualHost
directives with no matching VirtualHosts, or multiple ip-based
VirtualHost sections for the same address:port. These were
previously accepted with a warning, but the behavior was
undefined. [Dan Poirier]
*) mod_remoteip: Fix a segfault when using mod_remoteip in conjunction with
Allow/Deny. PR 49838. [Andrew Skalski <voltara gmail.com>]
*) core: DirectoryMatch can now match on the end of line character ($),
and sub-directories of matched directories are no longer implicitly
matched. PR49809 [Eric Covener]
*) Regexps: introduce new higher-level regexp utility including parsing
Loading full blame...