Newer
Older
*) SECURITY: CVE-2017-9789 (cve.mitre.org)
mod_http2: Read after free. When under stress, closing many connections,
the HTTP/2 handling code would sometimes access memory after it has been
freed, resulting in potentially erratic behaviour.
[Stefan Eissing]
*) SECURITY: CVE-2017-9788 (cve.mitre.org)
mod_auth_digest: Uninitialized memory reflection. The value placeholder
in [Proxy-]Authorization headers type 'Digest' was not initialized or
reset before or between successive key=value assignments.
*) COMPATIBILITY: mod_lua: Remove the undocumented exported 'apr_table'
global variable when using Lua 5.2 or later. This was exported as a
side effect from luaL_register, which is no longer supported as of
Lua 5.2 which deprecates pollution of the global namespace.
[Rainer Jung]
*) COMPATIBILITY: mod_http2: Disable and give warning when using Prefork.
The server will continue to run, but HTTP/2 will no longer be negotiated.
[Stefan Eissing]
*) COMPATIBILITY: mod_proxy_fcgi: Revert to 2.4.20 FCGI behavior for the
default ProxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202.
[Jacob Champion, Jim Jagielski]
*) mod_lua: Improve compatibility with Lua 5.1, 5.2 and 5.3.
PR58188, PR60831, PR61245. [Rainer Jung]
*) mod_http2: Simplify ready queue, less memory and better performance. Update
mod_http2 version to 1.10.7. [Stefan Eissing]
*) Allow single-char field names inadvertently disallowed in 2.4.25.
PR 61220. [Yann Ylavic]
*) htpasswd / htdigest: Do not apply the strict permissions of the temporary
passwd file to a possibly existing passwd file. PR 61240. [Ruediger Pluem]
*) core: Avoid duplicate HEAD in Allow header.
This is a regression in 2.4.24 (unreleased), 2.4.25 and 2.4.26.
PR 61207. [Christophe Jaillet]
*) SECURITY: CVE-2017-7679 (cve.mitre.org)
mod_mime can read one byte past the end of a buffer when sending a
*) SECURITY: CVE-2017-7668 (cve.mitre.org)
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a
bug in token list parsing, which allows ap_find_token() to search past
the end of its input string. By maliciously crafting a sequence of
request headers, an attacker may be able to cause a segmentation fault,
or to force ap_find_token() to return an incorrect value.
*) SECURITY: CVE-2017-7659 (cve.mitre.org)
A maliciously constructed HTTP/2 request could cause mod_http2 to
dereference a NULL pointer and crash the server process.
*) SECURITY: CVE-2017-3169 (cve.mitre.org)
mod_ssl may dereference a NULL pointer when third-party modules call
ap_hook_process_connection() during an HTTP request to an HTTPS port.
*) SECURITY: CVE-2017-3167 (cve.mitre.org)
Use of the ap_get_basic_auth_pw() by third-party modules outside of the
authentication phase may lead to authentication requirements being
bypassed.
[Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener]
*) HTTP/2 support no longer tagged as "experimental" but is instead considered
fully production ready.
*) mod_http2: Fix for possible CPU busy loop introduced in v1.10.3 where a stream may keep
the session in continuous check for state changes that never happen.
[Stefan Eissing]
*) mod_proxy_wstunnel: Add "upgrade" parameter to allow upgrade to other
protocols. [Jean-Frederic Clere]
*) MPMs unix: Place signals handlers and helpers out of DSOs to avoid
a possible crash if a signal is caught during (graceful) restart.
PR 60487. [Yann Ylavic]
*) mod_rewrite: When a substitution is a fully qualified URL, and the
scheme/host/port matches the current virtual host, stop interpreting the
path component as a local path just because the first component of the
path exists in the filesystem. Adds RewriteOption "LegacyPrefixDocRoot"
to revert to previous behavior. PR60009.
[Hank Ibell <hwibell gmail.com>]
*) core: ap_parse_form_data() URL-decoding doesn't work on EBCDIC
platforms. PR61124. [Hank Ibell <hwibell gmail.com>]
*) ab: enable option processing for setting a custom HTTP method also for
non-SSL builds. [Rainer Jung]
*) core: EBCDIC fixes for interim responses with additional headers.
[Eric Covener]
*) mod_env: when processing a 'SetEnv' directive, warn if the environment
variable name includes a '='. It is likely a configuration error.
PR 60249 [Christophe Jaillet]
*) Evaluate nested If/ElseIf/Else configuration blocks.
[Luca Toscano, Jacob Champion]
*) mod_rewrite: Add 'BNP' (backreferences-no-plus) flag to RewriteRule to
allow spaces in backreferences to be encoded as %20 instead of '+'.
[Eric Covener]
*) mod_rewrite: Add the possibility to limit the escaping to specific
characters in backreferences by listing them in the B flag.
[Eric Covener]
*) mod_substitute: Fix spurious AH01328 (Line too long) errors on EBCDIC
systems. [Eric Covener]
*) mod_http2: fail requests without ERROR log in case we need to read interim
responses and see only garbage. This can happen if proxied servers send
data where none should be, e.g. a body for a HEAD request. [Stefan Eissing]
*) mod_proxy_http2: adding support for Reverse Proxy Request headers.
[Stefan Eissing]
*) mod_http2: fixed possible deadlock that could occur when connections were
terminated early with ongoing streams. Fixed possible hanger with timeout
on race when connection considers itself idle. [Stefan Eissing]
*) mod_http2: MaxKeepAliveRequests now limits the number of times a
slave connection gets reused. [Stefan Eissing]
*) mod_brotli: Add a new module for dynamic Brotli (RFC 7932) compression.
[Evgeny Kotkov]
*) mod_proxy_http2: Fixed bug in re-attempting proxy requests after
connection error. Reliability of reconnect handling improved.
[Stefan Eissing]
*) mod_http2: better performance, eliminated need for nested locks and
thread privates. Moving request setups from the main connection to the
worker threads. Increase number of spare connections kept.
[Stefan Eissing]
*) mod_http2: input buffering and dynamic flow windows for increased
throughput. Requires nghttp2 >= v1.5.0 features. Announced at startup
in mod_http2 INFO log as feature 'DWINS'. [Stefan Eissing]
*) mod_http2: h2 workers with improved scalability for better scheduling
performance. There are H2MaxWorkers threads created at start and the
number is kept constant for now. [Stefan Eissing]
*) mod_http2: obsoleted option H2SessionExtraFiles, will be ignored and
just log a warning. [Stefan Eissing]
*) mod_autoindex: Add IndexOptions UseOldDateFormat to allow the date
format from 2.2 in the Last Modified column. PR60846.
[Hank Ibell <hwibell gmail.com>]
*) core: Add %{REMOTE_PORT} to the expression parser. PR59938
[Hank Ibell <hwibell gmail.com>]
*) mod_cache: Fix a regression in 2.4.25 for the forward proxy case by
computing and using the same entity key according to when the cache
checks, loads and saves the request.
PR 60577. [Yann Ylavic]
*) mod_proxy_hcheck: Don't validate timed out responses. [Yann Ylavic]
*) mod_proxy_hcheck: Ensure thread-safety when concurrent healthchecks are
in use (ProxyHCTPsize > 0). PR 60071. [Yann Ylavic, Jim Jagielski]
*) core: %{DOCUMENT_URI} used in nested SSI expressions should point to the
URI originally requsted by the user, not the nested documents URI. This
restores the behavior of this variable to match the "legacy" SSI parser.
PR60624. [Hank Ibell <hwibell gmail.com>]
Jim Jagielski
committed
*) mod_proxy_fcgi: Add ProxyFCGISetEnvIf to fixup CGI environment
variables just before invoking the FastCGI. [Eric Covener,
Jacob Champion]
*) mod_proxy_fcgi: Return to 2.4.20-and-earlier behavior of leaving
a "proxy:fcgi://" prefix in the SCRIPT_FILENAME environment variable by
default. Add ProxyFCGIBackendType to allow the type of backend to be
specified so these kinds of fixups can be restored without impacting
FPM. PR60576 [Eric Covener, Jim Jagielski]
*) mod_ssl: work around leaks on (graceful) restart. [Yann Ylavic]
*) mod_ssl: Add support for OpenSSL 1.1.0. [Rainer Jung]
*) Don't set SO_REUSEPORT unless ListenCoresBucketsRatio is greater
than zero. [Eric Covener]
*) mod_http2: moving session cleanup to pre_close hook to avoid races with
modules already shut down and slave connections still operating.
[Stefan Eissing]
*) mod_lua: Support for Lua 5.3
*) mod_proxy_http2: support for ProxyPreserverHost directive. [Stefan Eissing]
*) mod_http2: fix for crash when running out of memory.
*) mod_proxy_fcgi: Return HTTP 504 rather than 503 in case of proxy timeout.
[Luca Toscano]
*) mod_http2: not counting file buckets again stream max buffer limits.
Effectively transfering static files in one step from slave to master
connection. [Stefan Eissing]
*) mod_http2: comforting ap_check_pipeline() on slave connections
to facilitate reuse (see https://github.com/icing/mod_h2/issues/128).
[Stefan Eissing, reported by Armin Abfalterer]
*) mod_http2: http/2 streams now with state handling/transitions as defined
in RFC7540. Stream cleanup/connection shutdown reworked to become easier
to understand/maintain/debug. Added many asserts on state and cleanup
transitions. [Stefan Eissing]
*) mod_auth_digest: Use an anonymous shared memory segment by default,
preventing startup failure after unclean shutdown. PR 54622.
[Jan Kaluza]
*) mod_filter: Fix AddOutputFilterByType with non-content-level filters.
PR 58856. [Micha Lenk <micha lenk.info>]
*) mod_watchdog: Fix semaphore leak over restarts. [Jim Jagielski]
*) mod_http2: regression fix on PR 59348, on graceful restart, ongoing
streams are finished normally before the final GOAWAY is sent.
[Stefan Eissing, <slavko gmail.com>]
*) mod_proxy: Allow the per-request environment variable "no-proxy" to
be used as an alternative to ProxyPass /path !. This is primarily
to set exceptions for ProxyPass specified in <Location> context.
*) mod_http2: fixes PR60599, sending proper response for conditional requests
answered by mod_cache. [Jeff Wheelhouse, Stefan Eissing]
Stefan Eissing
committed
*) mod_http2: rework of stream resource cleanup to avoid a crash in a close
of a lingering connection. Prohibit special file bucket beaming for
shared buckets. Files sent in stream output now use the stream pool
as read buffer, reducing memory footprint of connections.
[Yann Ylavic, Stefan Eissing]
*) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when
modules add empty environment variables to the request. PR 60275.
[<alex2grad AT gmail.com>]
*) mod_http2: fix for possible page fault when stream is resumed during
session shutdown. [sidney-j-r-m (github)]
*) mod_http2: fix for h2 session ignoring new responses while already
open streams continue to have data available. [Stefan Eissing]
*) mod_http2: adding support for MergeTrailers directive. [Stefan Eissing]
*) mod_http2: limiting DATA frame sizes by TLS record sizes in use on the
connection. Flushing outgoing frames earlier. [Stefan Eissing]
*) mod_http2: cleanup beamer registry on server reload. PR 60510.
[Pavel Mateja <pavel verotel.cz>, Stefan Eissing]
*) mod_proxy_{ajp,fcgi}: Fix a possible crash when reusing an established
backend connection, happening with LogLevel trace2 or higher configured,
or at any log level with compilers not detected as C99 compliant (e.g.
MSVC on Windows). [Yann Ylavic]
*) mod_ext_filter: Don't interfere with "error buckets" issued by other
*) mod_http2: fixes https://github.com/icing/mod_h2/issues/126 e.g. beam
bucket lifetime handling when data is sent over temporary pools.
[Stefan Eissing]
*) Fix some build issues related to various modules.
[Rainer Jung]
Changes with Apache 2.4.24 (not released)
*) SECURITY: CVE-2016-8740 (cve.mitre.org)
mod_http2: Mitigate DoS memory exhaustion via endless
[Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State
University, Stefan Eissing]
Jim Jagielski
committed
mod_auth_digest: Prevent segfaults during client entry allocation when
the shared memory space is exhausted.
[Maksim Malyutin <m.malyutin dsec.ru>, Eric Covener, Jacob Champion]
*) SECURITY: CVE-2016-0736 (cve.mitre.org)
mod_session_crypto: Authenticate the session data/cookie with a
MAC (SipHash) to prevent deciphering or tampering with a padding
oracle attack. [Yann Ylavic, Colm MacCarthaigh]
*) SECURITY: CVE-2016-8743 (cve.mitre.org)
Enforce HTTP request grammar corresponding to RFC7230 for request lines
and request headers, to prevent response splitting and cache pollution by
malicious clients or downstream proxies. [William Rowe, Stefan Fritsch]
*) Validate HTTP response header grammar defined by RFC7230, resulting
in a 500 error in the event that invalid response header contents are
detected when serving the response, to avoid response splitting and cache
pollution by malicious clients, upstream servers or faulty modules.
[Stefan Fritsch, Eric Covener, Yann Ylavic]
William A. Rowe Jr
committed
*) core: Mitigate [f]cgi CVE-2016-5387 "httpoxy" issues.
[Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
*) mod_rewrite: Limit runaway memory use by short circuiting some kinds of
looping RewriteRules when the local path significantly exceeds
LimitRequestLine. PR 60478. [Jeff Wheelhouse <apache wheelhouse.org>]
*) mod_ratelimit: Allow for initial "burst" amount at full speed before
throttling: PR 60145 [Andy Valencia <ajv-etradanalhos vsta.org>,
Jim Jagielski]
*) mod_socache_memcache: Provide memcache stats to mod_status.
[Jim Jagielski]
Jim Jagielski
committed
*) http_filters: Fix potential looping in new check_headers() due to new
pattern of ap_die() from http header filter. Explicitly clear the
previous headers and body.
*) core: Drop Content-Length header and message-body from HTTP 204 responses.
PR 51350 [Luca Toscano]
*) mod_proxy: Honor a server scoped ProxyPass exception when ProxyPass is
configured in <Location>, like in 2.2. PR 60458.
[Eric Covener]
*) mod_lua: Fix default value of LuaInherit directive. It should be
'parent-first' instead of 'none', as per documentation. PR 60419
[Christophe Jaillet]
*) core: New directive HttpProtocolOptions to control httpd enforcement
of various RFC7230 requirements. [Stefan Fritsch, William Rowe]
*) core: Permit unencoded ';' characters to appear in proxy requests and
Location: response headers. Corresponds to modern browser behavior.
[William Rowe]
*) core: ap_rgetline_core now pulls from r->proto_input_filters.
*) core: Correctly parse an IPv6 literal host specification in an absolute
URL in the request line. [Stefan Fritsch]
*) core: New directive RegisterHttpMethod for registering non-standard
HTTP methods. [Stefan Fritsch]
Jim Jagielski
committed
*) mod_socache_memcache: Pass expiration time through to memcached.
[Faidon Liambotis <paravoid debian.org>, Joe Orton]
*) mod_cache: Use the actual URI path and query-string for identifying the
cached entity (key), such that rewrites are taken into account when
running afterwards (CacheQuickHandler off). PR 21935. [Yann Ylavic]
*) mod_http2: new directive 'H2EarlyHints' to enable sending of HTTP status
103 interim responses. Disabled by default. [Stefan Eissing]
*) mod_ssl: Fix quick renegotiation (OptRenegotiaton) with no intermediate
in the client certificate chain. PR 55786. [Yann Ylavic]
Jim Jagielski
committed
*) event: Allow to use the whole allocated scoreboard (up to ServerLimit
slots) to avoid scoreboard full errors when some processes are finishing
gracefully. Also, make gracefully finishing processes close all
keep-alive connections. PR 53555. [Stefan Fritsch]
*) mpm_event: Don't take over scoreboard slots from gracefully finishing
threads. [Stefan Fritsch]
*) mpm_event: Free memory earlier when shutting down processes.
[Stefan Fritsch]
*) mod_status: Display the process slot number in the async connection
overview. [Stefan Fritsch]
*) mod_dir: Responses that go through "FallbackResource" might appear to
hang due to unterminated chunked encoding. PR58292. [Eric Covener]
*) mod_dav: Fix a potential cause of unbounded memory usage or incorrect
behavior in a routine that sends <DAV:response>'s to the output filters.
[Evgeny Kotkov]
*) mod_http2: new directive 'H2PushResource' to enable early pushes before
processing of the main request starts. Resources are announced to the
client in Link headers on a 103 early hint response.
All responses with status code <400 are inspected for Link header and
trigger pushes accordingly. 304 still does prevent pushes.
'H2PushResource' can mark resources as 'critical' which gives them higher
priority than the main resource. This leads to preferred scheduling for
processing and, when content is available, will send it first. 'critical'
is also recognized on Link headers. [Stefan Eissing]
*) mod_proxy_http2: uris in Link headers are now mapped back to a suitable
local url when available. Relative uris with an absolute path are mapped
as well. This makes reverse proxy mapping available for resources
announced in this header.
With 103 interim responses being forwarded to the main client connection,
this effectively allows early pushing of resources by a reverse proxied
backend server. [Stefan Eissing]
*) mod_proxy_http2: adding support for newly proposed 103 status code.
[Stefan Eissing]
*) mpm_unix: Apache fails to start if previously crashed then restarted with
the same PID (e.g. in container). PR 60261.
[Val <valentin.bremond gmail.com>, Yann Ylavic]
*) mod_http2: unannounced and multiple interim responses (status code < 200)
are parsed and forwarded to client until a final response arrives.
[Stefan Eissing]
*) mod_proxy_http2: improved robustness when main connection is closed early
by resetting all ongoing streams against the backend.
[Stefan Eissing]
*) mod_http2: allocators from slave connections are released earlier,
resulting in less overall memory use on busy, long lived connections.
[Stefan Eissing]
*) mod_remoteip: Pick up where we left off during a subrequest rather
than running with the modified XFF but original TCP address.
PR 49839/PR 60251
*) http: Respond with "408 Request Timeout" when a timeout occurs while
reading the request body. [Yann Ylavic]
*) mod_http2: connection shutdown revisited: corrected edge cases on
shutting down ongoing streams, changed log warnings to be less noisy
when waiting on long running tasks. [Stefan Eissing]
*) mod_http2: changed all AP_DEBUG_ASSERT to ap_assert to have them
available also in normal deployments. [Stefan Eissing]
*) mod_http2/mod_proxy_http2: 100-continue handling now properly implemented
up to the backend. Reused HTTP/2 proxy connections with more than a second
not used will block request bodies until a PING answer is received.
Requests headers are not delayed by this, since they are repeatable in
case of failure. This greatly increases robustness, especially with
busy server and/or low keepalive connections. [Stefan Eissing]
*) mod_proxy_http2: fixed duplicate symbols with mod_http2.
[Stefan Eissing]
*) mod_http2: rewrite of how responses and trailers are transferred between
master and slave connection. Reduction of internal states for tasks
and streams, stability. Heuristic id generation for slave connections
to better keep promise of connection ids unique at given point int time.
Fix for mod_cgid interop in high load situtations.
Fix for handling of incoming trailers when no request body is sent.
[Stefan Eissing]
*) mod_http2: fix suspended handling for streams. Output could become
blocked in rare cases. [Stefan Eissing]
*) mpm_winnt: Prevent a denial of service when the 'data' AcceptFilter is in
use by replacing it with the 'connect' filter. PR 59970. [Jacob Champion]
*) mod_cgid: Resolve a case where a short CGI response causes a subsequent
CGI to be killed prematurely, resulting in a truncated subsequent
response. [Eric Covener]
*) mod_proxy_hcheck: Set health check URI and expression correctly for health
check worker. PR 60038 [zdeno <zdeno@scnet.sk>]
*) mod_http2: if configured with nghttp2 1.14.0 and onward, invalid request
headers will immediately reset the stream with a PROTOCOL error. Feature
logged by module on startup as 'INVHD' in info message.
[Stefan Eissing]
*) mod_http2: fixed handling of stream buffers during shutdown.
[Stefan Eissing]
*) mod_reqtimeout: Fix body timeout disabling for CONNECT requests to avoid
triggering mod_proxy_connect's AH01018 once the tunnel is established.
[Yann Ylavic]
*) ab: Set the Server Name Indication (SNI) extension on outgoing TLS
connections (unless -I is specified), according to the Host header (if
any) or the requested URL's hostname otherwise. [Yann Ylavic]
*) mod_proxy_fcgi: avoid loops when ProxyErrorOverride is enabled
and the error documents are proxied. PR 55415. [Luca Toscano]
*) mod_proxy_fcgi: read the whole FCGI response even when the content
has not been modified (HTTP 304) or in case of a precondition failure
(HTTP 412) to avoid subsequent bogus reads and confusing
error messages logged. [Luca Toscano]
*) mod_http2: h2 status resource follows latest draft, see
http://www.ietf.org/id/draft-benfield-http2-debug-state-01.txt
[Stefan Eissing]
*) mod_http2: handling graceful shutdown gracefully, e.g. handling existing
streams to the end. [Stefan Eissing]
*) mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data
available before the request is sent. PR 57832. [Yann Ylavic]
*) mod_proxy_balancer: Prevent redirect loops between workers within a
balancer by limiting the number of redirects to the number balancer
members. PR 59864 [Ruediger Pluem]
*) mod_proxy: Correctly consider error response codes by the backend when
processing failonstatus. PR 59869 [Ruediger Pluem]
*) mod_dav: Add dav_get_provider_name() function to obtain the name
of the provider from mod_dav. [Graham Leggett]
*) mod_dav: Add support for childtags to dav_error.
[Jari Urpalainen <jari.urpalainen nokia.com>]
*) mod_proxy_fcgi: Fix 2.4.23 breakage for mod_rewrite per-dir and query
string showing up in SCRIPT_FILENAME. PR59815
*) mod_include: Fix a potential memory misuse while evaluating expressions.
PR59844. [Eric Covener]
*) mod_http2: new H2CopyFiles directive that changes treatment of file
handles in responses. Necessary in order to fix broken lifetime handling
in modules such as mod_wsgi.
*) mod_http2: removing timeouts on master connection while requests are
being processed. Requests may timeout, but the master only times out when
no more requests are active. [Stefan Eissing]
*) mod_http2: fixes connection flush when answering SETTINGS without any
stream open. [Moto Ishizawa <@summerwind>, Stefan Eissing]
*) mod_ssl: reset client-verify state of ssl when aborting renegotiations.
[Erki Aring <erki@example.ee>, Stefan Eissing]
*) mod_sed: Fix 'x' command processing. [Christophe Jaillet]
*) configure: Fix ./configure edge-case failures around dependencies
of mod_proxy_hcheck. [William Rowe, Ruediger Pluem, Jeff Trawick]
*) mod_http2: fix for request abort when connections drops, introduced in
1.5.8
*) ab: Use caseless matching for HTTP tokens (e.g. content-length). PR 59111.
[Yann Ylavic]
*) mod_http2: more rigid error handling in DATA frame assembly, leading
to deterministic connection errors if assembly fails.
[Stefan Eissing, Pal Nilsen <https://github.com/maedox>]
*) abs: Include OPENSSL_Applink when compiling on Windows, to resolve
failures under Visual Studio 2015 and other mismatched MSVCRT flavors.
PR59630 [Jan Ehrhardt <phpdev ehrhardt.nl>]
*) mod_ssl: Add "no_crl_for_cert_ok" flag to SSLCARevocationCheck directive
to opt-in previous behaviour (2.2) with CRLs verification when checking
certificate(s) with no corresponding CRL. [Yann Ylavic]
*) mpm_event, mpm_worker: Fix computation of MinSpareThreads' lower bound
according the number of listeners buckets. [Yann Ylavic]
*) Add ap_cstr_casecmp[n]() - placeholder of apr_cstr_casecmp[n] functions
for case-insensitive C/POSIX-locale token comparison.
[Jim Jagielski, William Rowe, Yann Ylavic, Branko Čibej]
*) mod_userdir: Constify and save a few bytes in the conf pool when
parsing the "UserDir" directive. [Christophe Jaillet]
Graham Leggett
committed
*) mod_cache: Fix (max-stale with no '=') and enforce (check
integers after '=') Cache-Control header parsing.
[Christophe Jaillet]
*) core: Add -DDUMP_INCLUDES configtest option to show the tree
of Included configuration files.
[Jacob Champion <champion.pxi gmail.com>]
*) mod_proxy_fcgi: Avoid passing a filename of proxy:fcgi:// as
SCRIPT_FILENAME to a FastCGI server. PR59618.
[Jacob Champion <champion.pxi gmail.com>]
*) mod_dav: Add dav_get_provider_name() function to obtain the name
of the provider from mod_dav.
[Jari Urpalainen <jari.urpalainen nokia.com>]
*) mod_proxy_http2: properly care for HTTP2 flow control of the frontend
connection is HTTP/1.1. [Patch supplied by Evgeny Kotkov]
*) mod_http2: improved cleanup of connection/streams/tasks to always
have deterministic order regardless of event initiating it. Addresses
reported crashes due to memory read after free issues.
[Stefan Eissing]
William A. Rowe Jr
committed
*) mod_ssl: Correct the interaction between SSLProxyCheckPeerCN and newer
SSLProxyCheckPeerName directives since release 2.4.5, such that disabling
either disables both, and that enabling either triggers the new, more
comprehensive SSLProxyCheckPeerName behavior. Only a single configuration
remains to enable the legacy behavior, which is to explicitly disable
SSLProxyCheckPeerName, and enable SSLProxyCheckPeerCN. [William Rowe]
*) mod_include: add the <!--#comment ...> syntax in order to include comments
in a SSI file. [Christophe Jaillet based on a suggestion from Rob]
*) mod_http2: improved event handling for suspended streams, responses
and window updates. [Stefan Eissing]
Jim Jagielski
committed
*) mod_proxy_hcheck: Provide for dynamic background health
checks on reverse proxies associated with BalancerMember
workers. [Jim Jagielski]
*) mod_http2: Fix async write issue that led to selection of wrong timeout
vs. keepalive timeout selection for idle sessions. [Stefan Eissing]
*) mod_http2: checking LimitRequestLine, LimitRequestFields and
LimitRequestFieldSize configurated values for incoming streams. Returning
HTTP status 431 for too long/many headers fields and 414 for a too long
pseudo header. [Stefan Eissing]
*) mod_http2: tracking conn_rec->current_thread on slave connections, so
that mod_lua finds the correct one. Fixes PR 59542. [Stefan Eissing]
*) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
urls. Part of the httpd mod_proxy framework, common settings apply.
Requests from the same HTTP/2 frontend connection against the same backend
are aggregated on a single connection.
[Stefan Eissing]
*) mod_http2: slave connections have conn_rec->aborted flag set when a stream
has been reset by the client. [Stefan Eissing]
*) mod_http2: merge of some 2.4.x adaptions re filters on slave connections.
Small fixes in bucket beams when forwarding file buckets. Output handling
on master connection uses less FLUSH and passes automatically when more
than half of H2StreamMaxMemSize bytes have accumulated.
Workaround for http: when forwarding partial file buckets to keep the
output filter from closing these too early. [Stefan Eissing]
*) mod_http2: elimination of fixed master connection buffer for TLS
connections. New scratch bucket handling optimized for TLS write sizes.
File bucket data read directly into scratch buffers, avoiding one
copy. Non-TLS connections continue to pass buckets unchanged to the core
filters to allow sendfile() usage. [Stefan Eissing]
*) mod_http2/mod_proxy_http2: h2_request.c is no longer shared between these
modules. This simplifies building on platforms such as Windows, as module
reference used in logging is now clear. [Stefan Eissing]
*) Scoreboard: Fix a regression in 2.4.20 that causes wrong request data
to be displayed on the status page. PR 59333. [Yann Ylavic, William Rowe]
*) mod_http2: fixed a bug that caused mod_proxy_http2 to be called for window
updates on requests it had already reported done. Added synchronization
on early connection/stream close that lets ongoing requests safely drain
their input filters.
[Stefan Eissing]
*) mod_http2: scoreboard updates that summarize the h2 session (and replace
the last request information) will only happen when the session is idle or
in shutdown/done phase. [Stefan Eissing]
*) mod_http2: new "bucket beam" technology to transport buckets across
threads without buffer copy. Delaying response start until flush or
enough body data has been accumulated. Overall significantly smaller
memory footprint. [Stefan Eissing]
*) core: New CGIVar directive can configure REQUEST_URI to represent the
current URI being processed instead of always the original request.
[Jeff Trawick]
*) scoreboard/status: Restore behavior of showing workers' previous Client,
VHost and Request values when idle, like in 2.4.18 and earlier.
*) mod_http2: r->protocol changed to "HTTP/2.0" (was "HTTP/2") as this will
give expected syntax in CGI's SERVER_PROTOCOL is more compatible with
existing major/minor handling. Fixes PR 59313.
*) mod_http2: disabling mmap for file buckets transport due to segmenation
faults when files change on the fly.
*) SECURITY: CVE-2016-1546 (cve.mitre.org)
mod_http2: restricting number of concurrent stream workers per connection
if client is slow.
*) core: Do not read .htaccess if AllowOverride and AllowOverrideList
are "None". PR 58528.
[Michael Schlenker <msc contact.de, Ruediger Pluem, Daniel Ruggeri]
*) mod_proxy_express: Fix possible use of DB handle after close. PR 59230.
[Petr <pgajdos suse.cz>]
*) core/util_script: relax alphanumeric filter of environment variable names
on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al.
unadulterated in 64 bit versions of Windows. PR 46751.
*) mod_http2: incrementing keepalives on each request started so that logging
%k gives increasing numbers per master http2 connection.
New documented variables in env, usable in custom log formats: H2_PUSH,
H2_PUSHED, H2_PUSHED_ON, H2_STREAM_ID and H2_STREAM_TAG.
[Stefan Eissing]
*) mod_http2: more efficient passing of response bodies with less contention
and file bucket forwarding. [Stefan Eissing]
*) mod_http2: fix for missing score board updates on request count, fix for
memory leak on slave connection reuse. [Stefan Eissing]
*) mod_http2: Fix build on Windows from dsp files.
[Stefan Eissing]
Stefan Eissing
committed
*) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the
request for the SSI document. [Jeff Trawick]
*) mod_authz_host: Add a new "forward-dns" authorization type, not relying on
reverse DNS lookups. [Fabien]
Jim Jagielski
committed
*) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
urls. Uses backend connections for concurrent requests if frontend
connection is http2 as well.
[Stefan Eissing]
*) mod_ssl: Add hooks to allow other modules to perform processing at
several stages of initialization and connection handling. See
mod_ssl_openssl.h. [Jeff Trawick]
*) mod_http2: disabling PUSH when client sends GOAWAY. Slave connections are
reused for several requests, improved performance and better memory use.
[Stefan Eissing]
*) mod_rewrite: Don't implicitly URL-escape the original query string
when no substitution has changed it (like PR50447 but server context)
[Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
*) mod_http2: fixes problem with wrong lifetime of file buckets on main
connection. [Stefan Eissing]
*) mod_http2: fixes incorrect denial of requests without :authority header.
[Stefan Eissing]
*) mod_reqtimeout: Prevent long response times from triggering a timeout once
the request has been fully read. PR 59045. [Yann Ylavic]
*) ap_expr: expression support for variable HTTP2=on|off. [Stefan Eissing]
*) mod_http2: give control to async mpm for keepalive timeouts only when
no streams are open and even if only after 1 sec delay. Under load, event
mpm discards connections otherwise too quickly. [Stefan Eissing]
*) mod_ssl: Don't lose track of the SSL context if an unlikely failure occurs
in ssl_init_ssl_connection(). [Graham Leggett]
*) mod_rewrite: Add QSL|qslast flag to allow rewrites to files with
literal question marks in their names. PR 58777. [Eric Covener]
*) event: use pre_connection hook to properly initialize connection state for
slave connections. use protocol_switch hook to initialize server config
early based on SNI selected vhost.
[Stefan Eissing]
*) hostname: Test and log useragent_host per-request across various modules,
including the scoreboard, expression and rewrite engines, setenvif,
authz_host, access_compat, custom logging, ssl and REMOTE_HOST variables.
PR55348 [William Rowe]
*) core: Track the useragent_host per-request when mod_remoteip or similar
modules track a per-request useragent_ip. Modules should be updated
to inquire for ap_get_useragent_host() in place of ap_get_remote_host().
[William Rowe]
*) core: fix a bug in <UnDefine ...> directive processing. When used, the last
<Define...>'ed variable was also withdrawn. PR 59019
[Christophe Jaillet]
*) mod_http2: Accept-Encoding is, when present on the initiating request,
added to push promises. This lets compressed content work in pushes.
by the client. [Stefan Eissing]
*) mod_http2: fixed possible read after free when streams were cancelled early
by the client. [Stefan Eissing]
*) mod_http2: fixed possible deadlock during connection shutdown. Thanks to
@FrankStolle for reporting and getting the necessary data.
[Stefan Eissing]
*) mod_http2: fixed apr_uint64_t formatting in a log statement to user proper
APR def, thanks to @Sp1l.
*) mod_http2: number of worker threads allowed to a connection is adjusting
dynamically. Starting with 4, the number is doubled when streams can be
served without block on http/2 connection flow. The number is halfed, when
the server has to wait on client flow control grants.
This can happen with a maximum frequency of 5 times per second.
When a connection occupies too many workers, repeatable requests
(GET/HEAD/OPTIONS) are cancelled and placed back in the queue. Should that
not suffice and a stream is busy longer than the server timeout, the
connection will be aborted with error code ENHANCE_YOUR_CALM.
This does *not* limit the number of streams a client may open, rather the
number of server threads a connection might use.
[Stefan Eissing]
*) mod_http2: allowing link header to specify multiple "rel" values,
space-separated inside a quoted string. Prohibiting push when Link
parameter "nopush" is present.
[Stefan Eissing]
*) mod_http2: reworked connection state handling. Idle connections accept a
GOAWAY from the client without further reply. Otherwise the
module makes a best effort to send one last GOAWAY to the client.
*) mod_http2: the values from standard directives Timeout and KeepAliveTimeout
properly are applied to http/2 connections.
[Stefan Eissing]
*) mod_http2: idle connections are returned to async mpms. new hook
"pre_close_connection" used to send GOAWAY frame when not already done.
Setting event mpm server config "by hand" for the main connection to
the correct negotiated server.
[Stefan Eissing]
*) mod_http2: keep-alive blocking reads are done with 1 second timeouts to
check for MPM stopping. Will announce early GOAWAY and finish processing
open streams, then close.
[Stefan Eissing]
*) mod_http2: bytes read/written on slave connections are reported via the
optional mod_logio functions. Fixes PR 58871.
*) prefork: Initialize the POD when running in ONE_PROCESS (or -X) mode to
avoid a crash. [Jan Kaluza, Yann Ylavic]
*) mod_ssl: When SSLVerify is disabled (NONE), don't force a renegotiation if
the SSLVerifyDepth applied with the default/handshaken vhost differs from
the one applicable with the finally selected vhost. [Yann Ylavic]
*) core: Ensure that httpd exits with an error status when the MPM fails
to run. [Yann Ylavic]
*) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params.
[Jan Kaluza, Yann Ylavic]
*) mod_ssl: Add SSLOCSPProxyURL to add the possibility to do all queries
to OCSP responders through a HTTP proxy. [Ruediger Pluem]
*) mod_proxy: Play/restore the TLS-SNI on new backend connections which
had to be issued because the remote closed the previous/reusable one
during idle (keep-alive) time. [Yann Ylavic]
*) mod_cache_socache: Fix a possible cached entity body corruption when it
is received from an origin server in multiple batches and forwarded by
mod_proxy. [Yann Ylavic]
*) core: Add expression support to SetHandler.
[Eric Covener]
*) mod_remoteip: Prevent an external proxy from presenting an internal
proxy. PR 55962. [Mike Rumph]
*) core: Prevent a server crash in case of an invalid CONNECT request with
a custom error page for status code 400 that uses server side includes.
PR 58929 [Ruediger Pluem]
*) mod_ssl: handle TIMEOUT on empty SSL input as non-fatal, returning
APR_TIMEUP and preserving connection state for later retry.
[Stefan Eissing]
*) mod_ssl: Save some TLS record (application data) fragmentations by
including the last and subsequent suitable buckets when coalescing.
*) mod_proxy_fcgi: Suppress HTTP error 503 and message 01075,
"Error dispatching request", when the cause appears to be
due to the client closing the connection.
PR58118. [Tobias Adolph <adolph lrz.de>]
*) mod_cgid: Message AH02550, failure to flush a response to the client,
is now logged at TRACE1 level to match the underlying core output filter
severity. [Eric Covener]
*) mime.types: add common extension "m4a" for MPEG 4 Audio.
PR 57895 [Dylan Millikin <dylan.millikin gmail.com>]
*) Added many log numbers to log statements that had none.
[Rainer Jung]
*) mod_log_config: Add GlobalLog to allow a globally defined log to
be inherited by virtual hosts that define a CustomLog.
[Edward Lu]
*) mod_http2: connections how keep a "push diary" where hashes of already
pushed resources are kept. See directive H2PushDiarySize for managing this.
Push diaries can be initialized by clients via the "Cache-Digest" request
header. This carries a base64url encoded. compressed Golomb set as described
in https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/
Introduced a status handler for HTTP/2 connections, giving various counters
and statistics about the current connection, plus its cache digest value
in a JSON record. Not a replacement for more HTTP/2 in the server status.
Configured as
<Location "/http2-status">
SetHandler http2-status
</Location>
[Stefan Eissing]
*) mod_http2: Fixed flushing of last GOAWAY frame. Previously, that frame
did not always reach the client, causing some to fail the next request.
Fixed calculation of last stream id accepted as described in rfc7540.
Reading in KEEPALIVE state now correctly shown in scoreboard.
Fixed possible race in connection shutdown after review by Ylavic.
Fixed segfault on connection shutdown, callback ran into a semi dismantled session.
[Stefan Eissing]
*) mod_http2: Added support for experimental accept-push-policy draft
(https://tools.ietf.org/html/draft-ruellan-http-accept-push-policy-00). Clients
may now influence server pushes by sending accept-push-policy headers.
[Stefan Eissing]
*) mod_http2: new r->subprocess_env variables HTTP2 and H2PUSH, set to "on"
when available for request.
[Stefan Eissing]
*) mod_http2: fixed bug in input window size calculation by moving chunked
request body encoding into later stage of processing. Fixes PR 58825.
[Stefan Eissing]
*) core: new hook "pre_close_connection" which is run before the lingering
close of connections is started. This gives protocol handlers one last
chance to use a connection before it goes down.
[Stefan Eissing]
*) mod_status/scoreboard: showing connection protocol in new column, new
ap_update_child_status methods for updating server/description. mod_ssl
sets vhost negotiated by servername directly.
[Stefan Eissing]
*) mod_ssl: for all ssl_engine_vars.c lookups, fall back to master connection
if conn_rec itself holds no valid SSLConnRec*. Fixes PR58666.
[Stefan Eissing]
*) mod_http2: connection level window for flow control is set to protocol
maximum of 2GB-1, preventing window exhaustion when sending data on many
streams with higher cumulative window size.
Reducing write frequency unless push promises need to be flushed.
[Stefan Eissing]
*) mod_http2: required minimum version of libnghttp2 is 1.2.1
[Stefan Eissing]
*) mod_proxy_fdpass: Fix AH01153 error when using the default configuration.
In earlier version of httpd, you can explicitelly set the 'flusher' parameter
to 'flush' as a workaround. (i.e. flusher=flush)
Add documentation for the 'flusher' parameter when defining a proxy worker.
[Christophe Jaillet]
*) mod_ssl: For the "SSLStaplingReturnResponderErrors off" case, make sure
to only staple responses with certificate status "good". [Kaspar Brand]
*) mod_http2: new directive 'H2PushPriority' to allow priority specifications
on server pushed streams according to their content-type.
[Stefan Eissing]
*) mod_http2: fixes crash on connection abort for a busy connection.
fixes crash on a request that did not produce any response.
[Stefan Eissing]
*) mod_http2: trailers are sent after response body if set in request_rec
trailers_out before the end-of-request bucket is sent through the
output filters. [Stefan Eissing]
*) mod_http2: incoming trailers (headers after request body) are properly
forwarded to the processing engine. [Stefan Eissing]
*) mod_http2: new directive 'H2Push' to en-/disable HTTP/2 server
pushes a server/virtual host. Pushes are initiated by the presence
of 'Link:' headers with relation 'preload' on a response. [Stefan Eissing]
*) mod_http2: write performance of http2 improved for larger resources,
especially static files. [Stefan Eissing]