Newer
Older
*) mod_cache: When serving from cache, only the last header of a multivalued
header was taken into account. Fixed. Ensure that Warning headers are
correctly handled as per RFC2616. [Graham Leggett]
*) mod_cache: Ignore response headers specified by no-cache=header and
private=header as specified by RFC2616 14.9.1 What is Cacheable. Ensure
that these headers are still processed when multiple Cache-Control
headers are present in the response. PR 54706 [Graham Leggett,
Yann Ylavic <ylavic.dev gmail.com>]
*) mod_cache: Invalidate cached entities in response to RFC2616 Section
13.10 Invalidation After Updates or Deletions. PR 15868 [Graham
Leggett]
*) mod_dav: Improve error handling in dav_method_put(), add new
dav_join_error() function. PR 54145. [Ben Reser <ben reser.org>]
*) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault. [Ben Reser
<ben reser.org>]
*) mod_dav: Do not fail PROPPATCH when prop namespace is not known.
PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
*) mod_dav: When a PROPPATCH attempts to remove a non-existent dead
property on a resource for which there is no dead property in the same
namespace httpd segfaults. PR 52559 [Diego Santa Cruz
<diego.santaCruz spinetix.com>]
*) mod_dav: Sending a If or If-Match header with an invalid ETag doesn't
result in a 412 Precondition Failed. PR54610 [Timothy Wood
<tjw omnigroup.com>]
*) mod_dav: Make sure that when we prepare an If URL for Etag comparison,
we compare unencoded paths. PR 53910 [Timothy Wood <tjw omnigroup.com>]
*) 'AuthGroupFile' and 'AuthUserFile' do not accept anymore the optional
'standard' keyword . It was unused and not documented.
PR54463 [Tianyin Xu <tixu cs.ucsd.edu> and Christophe Jaillet]
Graham Leggett
committed
*) core: Do not over allocate memory within 'ap_rgetline_core' for
the common case. [Christophe Jaillet]
Graham Leggett
committed
*) core: speed up (for common cases) and reduce memory usage of
ap_escape_logitem(). This should save 70-100 bytes in the request
pool for a default config. [Christophe Jaillet]
*) mod_dav: Ensure URI is correctly uriencoded on return. PR 54611
[Timothy Wood <tjw omnigroup.com>]
*) core: apachectl -S prints wildcard name-based virtual hosts twice.
PR54948 [Eric Covener]
*) mod_proxy: Reject invalid values for Max-Forwards. [Graham Leggett,
Co-Advisor <coad measurement-factory.com>]
*) mod_cache: RFC2616 14.9.3 The s-maxage directive also implies the
semantics of the proxy-revalidate directive. [Graham Leggett]
*) mod_ssl: add support for subjectAltName-based host name checking
in proxy mode. PR 54030. [Kaspar Brand]
*) core: Use the proper macro for HTTP/1.1. [Graham Leggett]
*) event MPM: Provide error handling for ThreadStackSize. PR 54311
[Tianyin Xu <tixu cs.ucsd.edu>, Christophe Jaillet]
*) mod_dav: Do not segfault on PROPFIND with a zero length DBM.
PR 52559 [Diego Santa Cruz <diego.santaCruz spinetix.com>]
Graham Leggett
committed
*) core: Improve error message where client's request-line exceeds
LimitRequestLine. PR 54384 [Christophe Jaillet]
*) mod_macro: New module that provides macros within configuration files.
[Fabien Coelho]
Jim Jagielski
committed
*) mod_cache_socache: New cache implementation backed by mod_socache
that replaces mod_mem_cache known from httpd 2.2. [Graham
Jim Jagielski
committed
Leggett]
*) htpasswd: Add -v option to verify a password. [Stefan Fritsch]
Jim Jagielski
committed
*) mod_proxy: Add BalancerInherit and ProxyPassInherit to control
whether Proxy Balancers and Workers are inherited by vhosts
(default is On). [Jim Jagielski]
*) mod_authnz_ldap: Allow using exec: calls to obtain LDAP bind
password. [Daniel Ruggeri]
*) Added balancer parameter failontimeout to allow server admin
to configure an IO timeout as an error in the balancer.
[Daniel Ruggeri]
*) mod_auth_digest: Fix crashes if shm initialization failed. [Stefan
Fritsch]
*) htpasswd, htdbm: Fix password generation. PR 54735. [Stefan Fritsch]
*) core: Add workaround for gcc bug on sparc/64bit. PR 52900.
[Stefan Fritsch]
*) mod_setenvif: Fix crash in case SetEnvif and SetEnvIfExpr are used
together. PR 54881. [Ruediger Pluem]
*) htdigest: Fix buffer overflow when reading digest password file
with very long lines. PR 54893. [Rainer Jung]
*) ap_expr: Add the ability to base64 encode and base64 decode
strings and to generate their SHA1 and MD5 hash.
[Graham Leggett, Stefan Fritsch]
*) mod_log_config: Fix crash when logging request end time for a failed
request. PR 54828 [Rainer Jung]
*) mod_ssl: Catch missing, mismatched or encrypted client cert/key pairs
with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.
[Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]
*) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
in the error log to debug level. [William Rowe]
*) mod_cache_disk: CacheMinFileSize and CacheMaxFileSize were always
using compiled in defaults of 1000000/1 respectively. [Eric Covener]
*) mod_lbmethod_heartbeat, mod_heartmonitor: Respect DefaultRuntimeDir/
DEFAULT_REL_RUNTIMEDIR for the heartbeat storage file. [Jeff Trawick]
*) mod_include: Use new ap_expr for 'elif', like 'if',
if legacy parser is not specified. PR 54548 [Tom Donovan]
*) SECURITY: CVE-2012-3499 (cve.mitre.org)
Various XSS flaws due to unescaped hostnames and URIs HTML output in
mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
[Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
*) SECURITY: CVE-2012-4558 (cve.mitre.org)
XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
Niels Heinen <heinenn google com>]
*) mod_dir: Add support for the value 'disabled' in FallbackResource.
[Vincent Deffontaines]
*) mod_proxy_connect: Don't keepalive the connection to the client if the
backend closes the connection. PR 54474. [Pavel Mateja <pavel netsafe cz>]
*) mod_lua: Add bindings for mod_dbd/apr_dbd database access.
[Daniel Gruno]
Jim Jagielski
committed
*) mod_proxy: Allow for persistence of local changes made via the
balancer-manager between graceful/normal restarts and power
cycles. [Jim Jagielski]
*) mod_proxy: Fix startup crash with mis-defined balancers.
PR 52402. [Jim Jagielski]
*) --with-module: Fix failure to integrate them into some existing
module directories. PR 40097. [Jeff Trawick]
*) htcacheclean: Fix potential segfault if "-p" is omitted. [Joe Orton]
*) mod_proxy_http: Honour special value 0 (unlimited) of LimitRequestBody
PR 54435. [Pavel Mateja <pavel netsafe.cz>]
*) mod_proxy_ajp: Support unknown HTTP methods. PR 54416.
[Rainer Jung]
*) htcacheclean: Fix list options "-a" and "-A".
[Rainer Jung]
*) mod_slotmem_shm: Fix mistaken reset of num_free for restored shm.
[Jim Jagielski]
*) mod_proxy: non-existance of byrequests is not an immediate error.
[Jim Jagielski]
*) mod_proxy_balancer: Improve output of balancer-manager (re: Drn,
Dis, Ign, Stby). PR 52478 [Danijel <dt-ng rbfh de>]
*) configure: Fix processing of --disable-FEATURE for various features.
[Jeff Trawick]
*) mod_dialup/mod_http: Prevent a crash in mod_dialup in case of internal
redirect. PR 52230.
*) various modules, rotatelogs: Replace use of apr_file_write() with
apr_file_write_full() to prevent incomplete writes. PR 53131.
[Nicolas Viennot <apache viennot biz>, Stefan Fritsch]
*) ab: Support socket timeout (-s timeout).
[Guido Serra <zeph fsfe org>]
*) httxt2dbm: Correct length computation for the 'value' stored in the
DBM file. PR 47650 [jon buckybox com]
Loading full blame...