Newer
Older
-*- coding: utf-8 -*-
Martin Kraemer
committed
Changes with Apache 2.3.0
[Remove entries to the current 2.0 and 2.2 section below, when backported]
*) core: Reject invalid Expect header immediately. PR 38123.
[Ruediger Pluem]
*) Authz: Add the new module mod_authn_core that will provide common
authn directives such as 'AuthType', 'AuthName'. Move the directives
'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
into mod_authn_core. [Brad Nicholes]
*) Authz: Mark the directives 'Order', 'Allow', 'Deny' and 'Satisfy' as
deprecated and move them into the new module mod_access_compat which
can be loaded to provide backwards compatibility for these directives.
[Brad Nicholes]
*) Authz: Move the 'Require' directive from the core module as well as
add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
logic into the authorization processing. [Brad Nicholes]
*) Authz: Add the new module mod_authz_core which acts as the
authorization provider vector and contains common authz
directives. [Brad Nicholes]
*) Authz: Renamed mod_authz_dbm authz providers from 'group' and
'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
*) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
host-based access control provided by mod_authz_host and invoked
through the 'Require' directive. [Brad Nicholes]
*) Authz: Convert all of the authz modules from hook based to
provider based. [Brad Nicholes]
Ruediger Pluem
committed
*) mod_cache: Add CacheMinExpire directive to set the minimum time in
seconds to cache a document.
[Brian Akins <brian.akins turner.com>, Ruediger Pluem]
Ruediger Pluem
committed
*) mod_cache: Make caching of reverse proxies possible again. PR 38017.
[Ruediger Pluem]
*) Refactored ap_read_request() to provide a foundation for
nonblocking reads of requests. [Brian Pane]
Justin Erenkrantz
committed
*) If a connection is aborted while waiting for a chunked line, flag the
connection as errored out. [Justin Erenkrantz]
*) mod_proxy: If we get an error reading the upstream response,
close the connection.
[Justin Erenkrantz, Roy T. Fielding, Jim Jagielski, Ruediger Pluem]
*) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
*) Fix typo in ProxyStatus syntax error message.
[Christophe Jaillet <christophe.jaillet wanadoo.fr>]
*) Asynchronous write completion for the Event MPM. [Brian Pane]
*) Added an End-Of-Request bucket type. The logging of a request and
the freeing of its pool are now done when the EOR bucket is destroyed.
This has the effect of delaying the logging until right after the last
of the response is sent; ap_core_output_filter() calls the access logger
indirectly when it destroys the EOR bucket. [Brian Pane]
*) Rewrite of logresolve support utility: IPv6 addresses are now supported
and the format of statistical output has changed. [Colm MacCarthaigh]
*) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
*) Added new connection states for handler and write completion
[Brian Pane]
*) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
[Justin Erenkrantz]
*) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
allowing string-valued client certificate attributes to be used for
access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
[Martin Kraemer, David Reid]
*) SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a
non-SSL request is processed for an SSL vhost (such as the
"HTTP request received on SSL port" error message when an 400
ErrorDocument is configured, or if using "SSLEngine optional").
PR 37791. [Rüdiger Plüm, Joe Orton]
*) Chunk filter: Fix chunk filter to create correct chunks in the case that
a flush bucket is surrounded by data buckets. [Ruediger Pluem]
*) SECURITY: CVE-2005-3352 (cve.mitre.org)
mod_imagemap: Escape untrusted referer header before outputting
in HTML to avoid potential cross-site scripting. Change also
made to ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
*) Fix syntax error in httpd.h with strict compilers. PR 38740.
[Per Olausson <pao darkheim.freeserve.co.uk>]
*) Preserve the Content-Length header for a proxied HEAD response.
PR 18757. [Greg Ames]
*) Fix recursive ErrorDocument handling. PR 36090.
[Chris Darroch <chrisd pearsoncmg.com>]
*) Don't hang on error return from post_read_request. PR37790 [Nick Kew]
*) Fix off-by-one error in proxy_balancer. PR37753
[Kazuhiro Osawa <ko yappo ne jp>]
Changes with Apache 2.2.0
*) mod_negotiation: Minor performance tweak by reusing already calculated
strlen.
[Ruediger Pluem, Christophe Jaillet <christophe.jaillet wanadoo.fr>]
Justin Erenkrantz
committed
*) Remove support for 'On' and 'Off' for AuthBasicProvider and
AuthDigestProvider. [Joshua Slive, Justin Erenkrantz]
*) Add in new UseCanonicalPhysicalPort directive, which controls
whether or not Apache will ever use the actual physical port
when constructing the canonical port number. [Jim Jagielski]
*) mod_dav: Fix a null pointer dereference in an error code path during the
handling of MKCOL.
[Ruediger Pluem, Ghassan Misherghi <ghassanm ucdavis.edu>]
*) Fix DESTDIR=... installation when using bundled copy of APR.
[Torsten Foertsch <torsten.foertsch gmx.net>]
*) mod_proxy_balancer: When finding best worker, use case insensitive
match for scheme and host, but case sensitive for the rest of
the path. [Jim Jagielski, Ruediger Pluem]
Changes with Apache 2.1.9
*) mod_proxy_ajp: Do not spool the entire response from AJP backend before
sending it up the filter chain. PR37100. [Ruediger Pluem]
*) mod_cache: Create new filters CACHE_OUT_SUBREQ / CACHE_SAVE_SUBREQ which
only differ by the type from CACHE_OUT / CACHE_SAVE to ensure that
subrequests to non local resources work again. [Ruediger Pluem]
Ruediger Pluem
committed
*) mod_proxy: Do not lowercase the entire worker name of a BalancerMember
since this breaks case sensitive URI's. PR36906. [Ruediger Pluem]
*) core: AddOutputFilterByType is ignored for proxied requests. PR31226.
[Joe Orton, Ruediger Pluem]
*) mod_proxy_http: Prevent data corruption of POST request bodies when
client accesses proxied resources with SSL. PR37145.
[Ruediger Pluem, William Rowe]
*) mod_proxy_balancer: BalancerManager and proxies correctly handle
member workers with paths. PR36816. [Ruediger Pluem, Jim Jagielski]
*) mod_log_config: %{hextid}P will log the thread id in hex with APR
versions 1.2.0 or higher. [Jeff Trawick]
*) httpd.exe/apachectl -V: display the DYNAMIC_MODULE_LIMIT setting, as
in 1.3. [Jeff Trawick]
*) Support dbd connections tied to the conn_rec [Nick Kew]
*) Move mod_dbd to /modules/database/ [Nick Kew]
*) Move mod_filter and mod_charset_lite to /modules/filters/ [Nick Kew]
*) Fix mod_dbd's config [Brian J. France <list firehawksystems.com>]
*) mod_proxy_ajp: mod_proxy_ajp sends empty SSL attributes for non SSL
connections. PR36883.
[William Barker <william.barker wilshire.com>, Ruediger Pluem]
*) Elimiated the NET_TIME filter, restructuring the timeout logic.
This provides a working mod_echo on all platforms, and ensures any
custom protocol module is at least given an initial timeout value
based on the <VirtualHost > context's Timeout directive.
[William Rowe]
*) mod_proxy: Run the request_status hook also if there are no free workers
or all workers are in error state.
[Ruediger Pluem, Brian Akins <brian.akins turner.com>]
*) mod_proxy_balancer: mod_proxy_balancer does not handle sticky sessions
with tomcat correctly. PR36507. [Ruediger Pluem]
*) mod_proxy_connect: Fix high CPU loop on systems like UnixWare which
trigger POLL_ERR or POLL_HUP on a terminated connection. PR 36951.
[Jeff Trawick, Ruediger Pluem]
*) SECURITY: CVE-2005-2970 (cve.mitre.org)
worker MPM: Fix a memory leak which can occur after an aborted
connection in some limited circumstances. [Greg Ames]
Loading full blame...