Newer
Older
-*- coding: utf-8 -*-
*) mod_proxy_http: Allocate the fake backend request from a child pool
of the backend connection, instead of misusing the pool of the frontend
request. Fixes a thread safety issue where buckets set aside in the
backend connection leak into other threads, and then disappear when
the frontend request is cleaned up, in turn causing corrupted buckets
to make other threads spin. [Graham Leggett]
*) mod_ssl: Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
escape other special characters with backslashes. The old format can
still be used with the LegacyDNStringFormat argument to SSLOptions.
*) core, mod_rewrite: Make the REQUEST_SCHEME variable available to
scripts and mod_rewrite. [Stefan Fritsch]
*) mod_rewrite: Allow to use arbitrary boolean expressions (ap_expr) in
RewriteCond. [Stefan Fritsch]
*) mod_rewrite: Allow to unset environment variables using E=!VAR.
PR 49512. [Mark Drayton <mark markdrayton info>, Stefan Fritsch]
*) mod_headers: Restore the 2.3.8 and earlier default for the first
argument of the Header directive ("onsuccess"). [Eric Covener]
*) core: Disallow the mixing of relative and absolute Options PR 33708.
[Sönke Tesch <st kino-fahrplan.de>]
Stefan Fritsch
committed
*) core: When exporting request headers to HTTP_* environment variables,
drop variables whose names contain invalid characters. Describe in the
docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
*) core: When selecting an IP-based virtual host, favor an exact match for
the port over a wildcard (or omitted) port instead of favoring the one
that came first in the configuration file. [Eric Covener]
Eric Covener
committed
*) core: Overlapping virtual host address/port combinations now implicitly
enable name-based virtual hosting for that address. The NameVirtualHost
directive has no effect, and _default_ is interpreted the same as "*".
[Eric Covener]
*) core: In the absence of any Options directives, the default is now
"FollowSymlinks" instead of "All". [Igor Galić]
*) rotatelogs: Add -e option to write logs through to stdout for optional
further processing. [Graham Leggett]
*) mod_ssl: Correctly read full lines in input filter when the line is
incomplete during first read. PR 50481. [Ruediger Pluem]
Stefan Fritsch
committed
*) mod_authz_core: Add AuthzSendForbiddenOnFailure directive to allow
sending '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authorization
fails for an authenticated user. PR 40721. [Stefan Fritsch]
*) mod_rewrite: Don't implicitly URL-escape the original query string
when no substitution has changed it. PR 50447. [Eric Covener]
*) core: Honor 'AcceptPathInfo OFF' during internal redirects,
such as per-directory mod_rewrite substitutions. PR 50349.
[Eric Covener]
Eric Covener
committed
*) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base
rules/conditions before the overridden rules/conditions. PR 39313.
[Jérôme Grandjanny <jerome.grandjanny cea.fr>]
*) mod_autoindex: add IndexIgnoreReset to reset the list of IndexIgnored
filenames in higher precedence configuration sections. PR 24243.
[Eric Covener]
*) mod_cgid: RLimit* directive support for mod_cgid. PR 42135
[Eric Covener]
*) core: Fail startup when the argument to ServerName looks like a glob
or a regular expression instead of a hostname (*?[]). PR 39863
[Rahul Nair <rahul.g.nair gmail.com>]
*) mod_userdir: Add merging of enable, disable, and filename arguments
to UserDir directive, leaving enable/disable of userlists unmerged.
Eric Covener
committed
*) httpd: When no -k option is provided on the httpd command line, the server
was starting without checking for an existing pidfile. PR 50350
[Eric Covener]
*) mod_proxy: Put the worker in error state if the SSL handshake with the
backend fails. PR 50332.
[Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
*) mod_cache_disk: Fix Windows build which was broken after renaming
the module. [Gregg L. Smith]
Stefan Fritsch
committed
*) SECURITY: CVE-2010-1623 (cve.mitre.org)
Fix a denial of service attack against mod_reqtimeout.
[Stefan Fritsch]
*) mod_headers: Change default first argument of Header directive
from "onsuccess" to "always". [Eric Covener]
*) mod_include: Add the onerror attribute to the include element,
allowing an URL to be specified to include on error. [Graham
Leggett]
*) mod_cache_disk: mod_disk_cache renamed to mod_cache_disk, to be
consistent with the naming of other modules. [Graham Leggett]
*) mod_setenvif: Add SetEnvIfExpr directive to set env var depending on
expression. [Stefan Fritsch]
*) mod_proxy: Fix ProxyPassInterpolateEnv directive. PR 50292.
[Stefan Fritsch]
*) suEXEC: Add Suexec directive to disable suEXEC without renaming the
binary (Suexec Off), or force startup failure if suEXEC is required
but not supported (Suexec On). Change SuexecUserGroup to fail
startup instead of just printing a warning if suEXEC is disabled.
[Jeff Trawick]
*) core: Add Error directive for aborting startup or htaccess processing
with a specified error message. [Jeff Trawick]
*) mod_rewrite: Fix the RewriteEngine directive to work within a
location. Previously, once RewriteEngine was switched on globally,
it was impossible to switch off. [Graham Leggett]
Stefan Fritsch
committed
*) core, mod_include, mod_ssl: Move the expression parser derived from
mod_include back into mod_include. Replace ap_expr with a parser
derived from mod_ssl's parser. Make mod_ssl use the new parser. Rework
ap_expr's public interface and provide hooks for modules to add variables
and functions. [Stefan Fritsch]
*) core: Do the hook sorting earlier so that the hooks are properly sorted
for the pre_config hook and during parsing the config. [Stefan Fritsch]
Eric Covener
committed
*) core: In the absence of any AllowOverride directives, the default is now
"None" instead of "All". PR49823 [Eric Covener]
*) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
<Directory> or <Files>. PR47765 [Eric Covener]
*) prefork/worker/event MPMS: default value (when no directive is present)
of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
to match default configuration and manual. PR47782 [Eric Covener]
*) proxy_connect: Don't give up in the middle of a CONNECT tunnel
when the child process is starting to exit. PR50220. [Eric Covener]
Eric Covener
committed
*) mod_autoindex: Fix inheritance of mod_autoindex directives into
contexts that don't have any mod_autoindex directives. PR47766.
[Eric Covener]
*) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
of rewrite processing when a per-directory substitution occurs.
[Eric Covener]
*) mod_ssl: Make sure to always log an error if loading of CA certificates
fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
*) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
*) mod_dav: Send 400 error if malformed Content-Range header is received for
a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
*) mod_proxy: Release the backend connection as soon as EOS is detected,
so the backend isn't forced to wait for the client to eventually
acknowledge the data. [Graham Leggett]
*) mod_proxy: Optimise ProxyPass within a Location so that it is stored
per-directory, and chosen during the location walk. Make ProxyPass
work correctly from within a LocationMatch. [Graham Leggett]
*) core: Fix segfault if per-module LogLevel is on virtual host
scope. PR 50117. [Stefan Fritsch]
Graham Leggett
committed
*) mod_proxy: Move the ProxyErrorOverride directive to have per
directory scope. [Graham Leggett]
*) mod_allowmethods: New module to deny certain HTTP methods without
interfering with authentication/authorization. [Paul Querna,
Igor Galić, Stefan Fritsch]
*) mod_ssl: Log certificate information and improve error message if client
cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
Stefan Fritsch]
*) htcacheclean: Teach htcacheclean to limit cache size by number of
inodes in addition to size of files. Prevents a cache disk from
running out of space when many small files are cached.
[Graham Leggett]
*) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
describes more accurately what the directive does. The old name
still works but logs a warning. [Stefan Fritsch]
Loading full blame...