Skip to content
CHANGES 252 KiB
Newer Older
Jeff Trawick's avatar
Jeff Trawick committed
                                                         -*- coding: utf-8 -*-
Daniel Ruggeri's avatar
Daniel Ruggeri committed
Changes with Apache 2.4.34
  *) event: avoid possible race conditions with modules on the child pool.
Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_proxy: Fix a corner case where the ProxyPassReverseCookieDomain or
     ProxyPassReverseCookiePath directive could fail to update correctly
     'domain=' or 'path=' in the 'Set-Cookie' header.  PR 61560.
     [Christophe Jaillet]

Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_ratelimit: fix behavior when proxing content. PR 62362.
     [Luca Toscano, Yann Ylavic]

Eric Covener's avatar
Eric Covener committed
  *) core: Re-allow '_' (underscore) in hostnames.
     [Eric Covener]

  *) mod_authz_core: If several parameters are used in a AuthzProviderAlias
     directive, if these parameters are not enclosed in quotation mark, only
     the first one is handled. The other ones are silently ignored.
     Add a message to warn about such a spurious configuration.
     PR 62469 [Hank Ibell <hwibell gmail.com>, Christophe Jaillet]
Stefan Eissing's avatar
Stefan Eissing committed
  *) mod_md: improvements and bugfixes
     - MDNotifyCmd now takes additional parameter that are passed on to the called command.
     - ACME challenges have better checks for interference with other modules
     - ACME challenges are only handled for domains managed by the module, allowing
       other ACME clients to operate for other domains in the server.
     - better libressl integration

  *) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'.
     PR 62480. [Lubos Uhliarik <luhliari redhat.com>}
Eric Covener's avatar
Eric Covener committed
  *) logging: Some early logging-related startup messages could be lost
     when using syslog for the global ErrorLog. [Eric Covener]

  *) mod_cache: Handle case of an invalid Expires header value RFC compliant
     like the case of an Expires time in the past: allow to overwrite the
     non-caching decision using CacheStoreExpired and respect Cache-Control
     "max-age" and "s-maxage".  [Rainer Jung]

  *) mod_xml2enc: Fix forwarding of error metadata/responses. PR 62180.
     [Micha Lenk <micha lenk.info>, Yann Ylavic]

  *) mod_proxy_http: Fix response header thrown away after the previous one
     was considered too large and truncated. PR 62196. [Yann Ylavic]

  *) core: Add and handle AP_GETLINE_NOSPC_EOL flag for ap_getline() family
     of functions to consume the end of line when the buffer is exhausted.
     PR 62198. [Yann Ylavic]

  *) mod_proxy_http: Add new worker parameter 'responsefieldsize' to
     allow maximum HTTP response header size to be increased past 8192
Yann Ylavic's avatar
Yann Ylavic committed
     bytes.  PR 62199.  [Hank Ibell <hwibell gmail.com>]
  *) mod_ssl: Extend SSLOCSPEnable with mode 'leaf' that only checks the leaf
     of a certificate chain.  PR62112.
     [Ricardo Martin Camarero <rickyepoderi yahoo.es>]

  *) http: Fix small memory leak per request when handling persistent
     connections.  [Ruediger Pluem, Joe Orton]

  *) mod_proxy_html: Fix variable interpolation and memory allocation failure
     in ProxyHTMLURLMap.  [Ewald Dieterich <ewald mailbox.org>]

  *) mod_remoteip: Fix RemoteIP{Trusted,Internal}ProxyList loading broken by 2.4.30.
     PR 62220.  [Chritophe Jaillet, Yann Ylavic]

Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_remoteip: When overriding the useragent address from X-Forwarded-For,
     zero out what had been initialized as the connection-level port.  PR59931.
     [Hank Ibell <hwibell gmail.com>]

  *) core: In ONE_PROCESS/debug mode, cleanup everything when exiting.
     [Yann Ylavic]

  *) mod_proxy_balancer: Add hot spare member type and corresponding flag (R).
     Hot spare members are used as drop-in replacements for unusable workers
     in the same load balancer set. This differs from hot standbys which are
     only used when all workers in a set are unusable. PR 61140. [Jim Riggs]

  *) suexec: Add --enable-suexec-capabilites support on Linux, to use
     setuid/setgid capability bits rather than a setuid root binary.
     [Joe Orton]

  *) suexec: Add support for logging to syslog as an alternative to
     logging to a file; use --without-suexec-logfile --with-suexec-syslog.
     [Joe Orton]

Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_ssl: Restore 2.4.29 behaviour in SSL vhost merging/enabling
     which broke some rare but previously-working configs.  [Joe Orton]

  *) core, log: improve sanity checks for the ErrorLog's syslog config, and
Christophe Jaillet's avatar
Christophe Jaillet committed
     explicitly allow only lowercase 'syslog' settings. PR 62102
     [Luca Toscano, Jim Riggs, Christophe Jaillet]

Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_http2: accurate reporting of h2 data input/output per request via
     mod_logio. Fixes an issue where output sizes where counted n-times on
     reused slave connections.  [Stefan Eissing]
Yann Ylavic's avatar
Yann Ylavic committed
     See github issue: https://github.com/icing/mod_h2/issues/158
Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_http2: Fix unnecessary timeout waits in case streams are aborted.
     [Stefan Eissing]

  *) mod_http2: restoring the v1.10.16 keepalive timeout behaviour of mod_http2.
     [Stefan Eissing]

  *) mod_proxy: Do not restrict the maximum pool size for backend connections
     any longer by the maximum number of threads per process and use a better
     default if mod_http2 is loaded.
     [Yann Ylavic, Ruediger Pluem, Stefan Eissing, Gregg Smith]

Daniel Ruggeri's avatar
Daniel Ruggeri committed
  *) mod_slotmem_shm: Add generation number to shm filename to fix races
     with graceful restarts. PRs 62044 and 62308.  [Jim Jagielski, Yann Ylavic]

  *) core: Preserve the original HTTP request method in the '%<m' LogFormat
     when an path-based ErrorDocument is used.  PR 62186.
     [Micha Lenk <micha lenk.info>]

Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_remoteip: make proxy-protocol work on slave connections, e.g. in
     HTTP/2 requests.  [Stefan Eissing]
     See also https://github.com/roadrunner2/mod-proxy-protocol/issues/6
  *) mod_ssl: Fix merging of proxy SSL context outside <Proxy> sections,
     regression introduced in 2.4.30. PR 62232. [Rainer Jung, Yann Ylavic]

  *) mod_md: Fix compilation with OpenSSL before version 1.0.2.  [Rainer Jung]

  *) mod_dumpio: do nothing below log level TRACE7.  [Yann Ylavic]

  *) mod_remoteip: Restore compatibility with APR 1.4 (apr_sockaddr_is_wildcard).
     [Eric Covener]

  *) core: On ECBDIC platforms, some errors related to oversized headers
Jim Jagielski's avatar
Jim Jagielski committed
     may be misreported or be logged as ASCII escapes.  PR 62200
Yann Ylavic's avatar
Yann Ylavic committed
     [Hank Ibell <hwibell gmail.com>]
Rainer Jung's avatar
Rainer Jung committed
  *) mod_ssl: Fix cmake-based build.  PR 62266.  [Rainer Jung]
  *) core: Add <IfFile>, <IfDirective> and <IfSection> conditional
     section containers.  [Eric Covener, Joe Orton]

Daniel Ruggeri's avatar
Daniel Ruggeri committed
Changes with Apache 2.4.33

  *) core: Fix request timeout logging and possible crash for error_log hooks.
     [Yann Ylavic]

Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_slomem_shm: Fix failure to create balancers's slotmems in Windows MPM,
     where children processes need to attach them instead since they are owned
     by the parent process already.  [Yann Ylavic]

  *) ab: try all destination socket addresses returned by
     apr_sockaddr_info_get instead of failing on first one when not available.
     Needed for instance if localhost resolves to both ::1 and 127.0.0.1
     e.g. if both are in /etc/hosts.  [Jan Kaluza]

  *) ab: Use only one connection to determine working destination socket
     address.  [Jan Kaluza]

Rainer Jung's avatar
Rainer Jung committed
  *) ab: LibreSSL doesn't have or require Windows applink.c.  [Gregg L. Smith]

  *) htpasswd/htdigest: Disable support for bcrypt on EBCDIC platforms.
Rainer Jung's avatar
Rainer Jung committed
     apr-util's bcrypt implementation doesn't tolerate EBCDIC.  [Eric Covener]

Rainer Jung's avatar
Rainer Jung committed
  *) htpasswd/htdbm: report the right limit when get_password() overflows.
     [Yann Ylavic]

Rainer Jung's avatar
Rainer Jung committed
  *) htpasswd: Don't fail in -v mode if password file is unwritable.
     PR 61631.  [Joe Orton]

Rainer Jung's avatar
Rainer Jung committed
  *) htpasswd: don't point to (unused) stack memory on output
     to make static analysers happy.  PR 60634.
     [Yann Ylavic, reported by shqking and Zhenwei Zou]

Daniel Ruggeri's avatar
Daniel Ruggeri committed
Changes with Apache 2.4.32

  *) mod_access_compat: Fail if a comment is found in an Allow or Deny
     directive.  [Jan Kaluza]

  *) mod_authz_host: Ignore comments after "Require host", logging a
     warning, or logging an error if the line is otherwise empty.
     [Jan Kaluza, Joe Orton]

  *) rotatelogs: Fix expansion of %Z in localtime (-l) mode, and fix
     Y2K38 bug.  [Joe Orton]

Joe Orton's avatar
Joe Orton committed
  *) mod_ssl: Support SSL DN raw variable extraction without conversion
     to UTF-8, using _RAW suffix on variable names.  [Joe Orton]

Joe Orton's avatar
Joe Orton committed
  *) ab: Fix https:// connection failures (regression in 2.4.30); fix
     crash generating CSV output for large -n.  [Joe Orton, Jan Kaluza]
Changes with Apache 2.4.31 (not released)
  *) mod_proxy_fcgi: Add the support for mod_proxy's flushpackets and flushwait
     parameters. [Luca Toscano, Ruediger Pluem, Yann Ylavic]

Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_ldap: Avoid possible crashes, hangs, and busy loops due to
     improper merging of the cache lock in vhost config.
     PR 43164 [Eric Covener]

Loading full blame...