Skip to content
CHANGES 206 KiB
Newer Older
Jeff Trawick's avatar
Jeff Trawick committed
                                                         -*- coding: utf-8 -*-
Ruediger Pluem's avatar
Ruediger Pluem committed

Jim Jagielski's avatar
Jim Jagielski committed
Changes with Apache 2.4.21

  *) mod_http2: Fix async write issue that led to selection of wrong timeout
     vs. keepalive timeout selection for idle sessions. [Stefan Eissing]
     
  *) mod_http2: checking LimitRequestLine, LimitRequestFields and 
     LimitRequestFieldSize configurated values for incoming streams. Returning
     HTTP status 431 for too long/many headers fields and 414 for a too long
     pseudo header. [Stefan Eissing]
     
  *) mod_http2: tracking conn_rec->current_thread on slave connections, so
     that mod_lua finds the correct one. Fixes PR 59542. [Stefan Eissing]
     
Stefan Eissing's avatar
Stefan Eissing committed
  *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
     urls. Part of the httpd mod_proxy framework, common settings apply.
     Requests from the same HTTP/2 frontend connection against the same backend
     are aggregated on a single connection.
     [Stefan Eissing]
  
  *) mod_http2: slave connections have conn_rec->aborted flag set when a stream
     has been reset by the client. [Stefan Eissing]
  *) mod_http2: merge of some 2.4.x adaptions re filters on slave connections.
     Small fixes in bucket beams when forwarding file buckets. Output handling
     on master connection uses less FLUSH and passes automatically when more
     than half of H2StreamMaxMemSize bytes have accumulated.
     Workaround for http: when forwarding partial file buckets to keep the
     output filter from closing these too early. [Stefan Eissing]

  *) mod_http2: elimination of fixed master connection buffer for TLS 
     connections. New scratch bucket handling optimized for TLS write sizes. 
     File bucket data read directly into scratch buffers, avoiding one
     copy. Non-TLS connections continue to pass buckets unchanged to the core
     filters to allow sendfile() usage. [Stefan Eissing]
  *) mod_http2/mod_proxy_http2: h2_request.c is no longer shared between these
     modules. This simplifies building on platforms such as Windows, as module
     reference used in logging is now clear. [Stefan Eissing]
  *) Scoreboard: Fix a regression in 2.4.20 that causes wrong request data
     to be displayed on the status page. PR 59333. [Yann Ylavic, William Rowe]

  *) mod_http2: fixed a bug that caused mod_proxy_http2 to be called for window
     updates on requests it had already reported done. Added synchronization
     on early connection/stream close that lets ongoing requests safely drain
     their input filters.
     [Stefan Eissing]

  *) mod_http2: scoreboard updates that summarize the h2 session (and replace
     the last request information) will only happen when the session is idle or 
     in shutdown/done phase. [Stefan Eissing]
  *) mod_http2: new "bucket beam" technology to transport buckets across
     threads without buffer copy. Delaying response start until flush or
     enough body data has been accumulated. Overall significantly smaller
     memory footprint. [Stefan Eissing]
  *) core: New CGIVar directive can configure REQUEST_URI to represent the
     current URI being processed instead of always the original request.
     [Jeff Trawick]

  *) scoreboard/status: Restore behavior of showing workers' previous Client,
     VHost and Request values when idle, like in 2.4.18 and earlier. 

  *) mod_http2: r->protocol changed to "HTTP/2.0" (was "HTTP/2") as this will
     give expected syntax in CGI's SERVER_PROTOCOL is more compatible with
     existing major/minor handling. Fixes PR 59313.
  *) mod_http2: disabling mmap for file buckets transport due to segmenation
     faults when files change on the fly.
Jim Jagielski's avatar
Jim Jagielski committed
Changes with Apache 2.4.20

Yann Ylavic's avatar
Yann Ylavic committed
  *) core: Do not read .htaccess if AllowOverride and AllowOverrideList
     are "None". PR 58528.
Ruediger Pluem's avatar
Ruediger Pluem committed
     [Michael Schlenker <msc contact.de, Ruediger Pluem, Daniel Ruggeri]
Yann Ylavic's avatar
Yann Ylavic committed
  *) mod_proxy_express: Fix possible use of DB handle after close.  PR 59230.
     [Petr <pgajdos suse.cz>]
Ruediger Pluem's avatar
Ruediger Pluem committed

Yann Ylavic's avatar
Yann Ylavic committed
  *) core/util_script: relax alphanumeric filter of enviroment variable names
     on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al.
     unadulterated in 64 bit versions of Windows. PR 46751.
Yann Ylavic's avatar
Yann Ylavic committed
     [John <john leineweb de>]

  *) mod_http2: incrementing keepalives on each request started so that logging
     %k gives increasing numbers per master http2 connection. 
     New documented variables in env, usable in custom log formats: H2_PUSH,
     H2_PUSHED, H2_PUSHED_ON, H2_STREAM_ID and H2_STREAM_TAG.
     [Stefan Eissing]

  *) mod_http2: more efficient passing of response bodies with less contention
     and file bucket forwarding. [Stefan Eissing]

  *) mod_http2: fix for missing score board updates on request count, fix for
     memory leak on slave connection reuse. [Stefan Eissing]
  *) mod_http2: Fix build on Windows from dsp files.
     [Stefan Eissing] 
     
  *) SECURITY: CVE-2016-1546 (cve.mitre.org)     
     mod_http2: restricting number of concurrent stream workers per connection
     if client is slow. 
     
Changes with Apache 2.4.19

  *) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the
     request for the SSI document.  [Jeff Trawick]

  *) mod_authz_host: Add a new "forward-dns" authorization type, not relying on
     reverse DNS lookups.  [Fabien]

  *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
     urls. Uses backend connections for concurrent requests if frontend 
     connection is http2 as well.
     [Stefan Eissing]
  
  *) mod_ssl: Add hooks to allow other modules to perform processing at
     several stages of initialization and connection handling.  See
     mod_ssl_openssl.h.  [Jeff Trawick]

  *) mod_http2: disabling PUSH when client sends GOAWAY. Slave connections are 
     reused for several requests, improved performance and better memory use. 
     [Stefan Eissing]  
  *) mod_rewrite: Don't implicitly URL-escape the original query string
     when no substitution has changed it (like PR50447 but server context)
     [Evgeny Kotkov <evgeny.kotkov visualsvn.com>]

  *) mod_http2: fixes problem with wrong lifetime of file buckets on main
     connection. [Stefan Eissing]
  *) mod_http2: fixes incorrect denial of requests without :authority header.
     [Stefan Eissing]
  *) mod_reqtimeout: Prevent long response times from triggering a timeout once
     the request has been fully read.  PR 59045.  [Yann Ylavic]

  *) ap_expr: expression support for variable HTTP2=on|off. [Stefan Eissing]
  *) mod_http2: give control to async mpm for keepalive timeouts only when
     no streams are open and even if only after 1 sec delay. Under load, event
     mpm discards connections otherwise too quickly. [Stefan Eissing]
  *) mod_ssl: Don't lose track of the SSL context if an unlikely failure occurs
     in ssl_init_ssl_connection().  [Graham Leggett]
Eric Covener's avatar
Eric Covener committed
  *) mod_rewrite: Add QSL|qslast flag to allow rewrites to files with
     literal question marks in their names. PR 58777. [Eric Covener]

  *) event: use pre_connection hook to properly initialize connection state for
     slave connections. use protocol_switch hook to initialize server config
     early based on SNI selected vhost. 
     [Stefan Eissing]
  *) hostname: Test and log useragent_host per-request across various modules,
     including the scoreboard, expression and rewrite engines, setenvif,
     authz_host, access_compat, custom logging, ssl and REMOTE_HOST variables.
     PR55348  [William Rowe]
  *) core: Track the useragent_host per-request when mod_remoteip or similar
     modules track a per-request useragent_ip.  Modules should be updated
     to inquire for ap_get_useragent_host() in place of ap_get_remote_host().
     [William Rowe]

Stefan Eissing's avatar
Stefan Eissing committed
  *) core: fix a bug in <UnDefine ...> directive processing. When used, the last
     <Define...>'ed variable was also withdrawn. PR 59019
     [Christophe Jaillet]

  *) mod_http2: Accept-Encoding is, when present on the initiating request, 
     added to push promises. This lets compressed content work in pushes.
     by the client. [Stefan Eissing]

  *) mod_http2: fixed possible read after free when streams were cancelled early
     by the client. [Stefan Eissing]

  *) mod_http2: fixed possible deadlock during connection shutdown. Thanks to 
     @FrankStolle for reporting and getting the necessary data.
     [Stefan Eissing]

  *) mod_http2: fixed apr_uint64_t formatting in a log statement to user proper 
     APR def, thanks to @Sp1l.
  *) mod_http2: number of worker threads allowed to a connection is adjusting 
     dynamically. Starting with 4, the number is doubled when streams can be 
     served without block on http/2 connection flow. The number is halfed, when
     the server has to wait on client flow control grants. 
     This can happen with a maximum frequency of 5 times per second. 
     When a connection occupies too many workers, repeatable requests 
     (GET/HEAD/OPTIONS) are cancelled and placed back in the queue. Should that 
     not suffice and a stream is busy longer than the server timeout, the 
     connection will be aborted with error code ENHANCE_YOUR_CALM.
     This does *not* limit the number of streams a client may open, rather the
     number of server threads a connection might use.
     [Stefan Eissing]
  *) mod_http2: allowing link header to specify multiple "rel" values, 
     space-separated inside a quoted string. Prohibiting push when Link 
Loading full blame...