Newer
Older
*) mod_http2: Fix async write issue that led to selection of wrong timeout
vs. keepalive timeout selection for idle sessions. [Stefan Eissing]
*) mod_http2: checking LimitRequestLine, LimitRequestFields and
LimitRequestFieldSize configurated values for incoming streams. Returning
HTTP status 431 for too long/many headers fields and 414 for a too long
pseudo header. [Stefan Eissing]
*) mod_http2: tracking conn_rec->current_thread on slave connections, so
that mod_lua finds the correct one. Fixes PR 59542. [Stefan Eissing]
*) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
urls. Part of the httpd mod_proxy framework, common settings apply.
Requests from the same HTTP/2 frontend connection against the same backend
are aggregated on a single connection.
[Stefan Eissing]
*) mod_http2: slave connections have conn_rec->aborted flag set when a stream
has been reset by the client. [Stefan Eissing]
*) mod_http2: merge of some 2.4.x adaptions re filters on slave connections.
Small fixes in bucket beams when forwarding file buckets. Output handling
on master connection uses less FLUSH and passes automatically when more
than half of H2StreamMaxMemSize bytes have accumulated.
Workaround for http: when forwarding partial file buckets to keep the
output filter from closing these too early. [Stefan Eissing]
*) mod_http2: elimination of fixed master connection buffer for TLS
connections. New scratch bucket handling optimized for TLS write sizes.
File bucket data read directly into scratch buffers, avoiding one
copy. Non-TLS connections continue to pass buckets unchanged to the core
filters to allow sendfile() usage. [Stefan Eissing]
*) mod_http2/mod_proxy_http2: h2_request.c is no longer shared between these
modules. This simplifies building on platforms such as Windows, as module
reference used in logging is now clear. [Stefan Eissing]
*) Scoreboard: Fix a regression in 2.4.20 that causes wrong request data
to be displayed on the status page. PR 59333. [Yann Ylavic, William Rowe]
*) mod_http2: fixed a bug that caused mod_proxy_http2 to be called for window
updates on requests it had already reported done. Added synchronization
on early connection/stream close that lets ongoing requests safely drain
their input filters.
[Stefan Eissing]
*) mod_http2: scoreboard updates that summarize the h2 session (and replace
the last request information) will only happen when the session is idle or
in shutdown/done phase. [Stefan Eissing]
*) mod_http2: new "bucket beam" technology to transport buckets across
threads without buffer copy. Delaying response start until flush or
enough body data has been accumulated. Overall significantly smaller
memory footprint. [Stefan Eissing]
*) core: New CGIVar directive can configure REQUEST_URI to represent the
current URI being processed instead of always the original request.
[Jeff Trawick]
*) scoreboard/status: Restore behavior of showing workers' previous Client,
VHost and Request values when idle, like in 2.4.18 and earlier.
*) mod_http2: r->protocol changed to "HTTP/2.0" (was "HTTP/2") as this will
give expected syntax in CGI's SERVER_PROTOCOL is more compatible with
existing major/minor handling. Fixes PR 59313.
*) mod_http2: disabling mmap for file buckets transport due to segmenation
faults when files change on the fly.
*) core: Do not read .htaccess if AllowOverride and AllowOverrideList
are "None". PR 58528.
[Michael Schlenker <msc contact.de, Ruediger Pluem, Daniel Ruggeri]
*) mod_proxy_express: Fix possible use of DB handle after close. PR 59230.
[Petr <pgajdos suse.cz>]
*) core/util_script: relax alphanumeric filter of enviroment variable names
on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al.
unadulterated in 64 bit versions of Windows. PR 46751.
*) mod_http2: incrementing keepalives on each request started so that logging
%k gives increasing numbers per master http2 connection.
New documented variables in env, usable in custom log formats: H2_PUSH,
H2_PUSHED, H2_PUSHED_ON, H2_STREAM_ID and H2_STREAM_TAG.
[Stefan Eissing]
*) mod_http2: more efficient passing of response bodies with less contention
and file bucket forwarding. [Stefan Eissing]
*) mod_http2: fix for missing score board updates on request count, fix for
memory leak on slave connection reuse. [Stefan Eissing]
*) mod_http2: Fix build on Windows from dsp files.
[Stefan Eissing]
Stefan Eissing
committed
*) SECURITY: CVE-2016-1546 (cve.mitre.org)
mod_http2: restricting number of concurrent stream workers per connection
if client is slow.
*) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the
request for the SSI document. [Jeff Trawick]
*) mod_authz_host: Add a new "forward-dns" authorization type, not relying on
reverse DNS lookups. [Fabien]
Jim Jagielski
committed
*) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
urls. Uses backend connections for concurrent requests if frontend
connection is http2 as well.
[Stefan Eissing]
*) mod_ssl: Add hooks to allow other modules to perform processing at
several stages of initialization and connection handling. See
mod_ssl_openssl.h. [Jeff Trawick]
*) mod_http2: disabling PUSH when client sends GOAWAY. Slave connections are
reused for several requests, improved performance and better memory use.
[Stefan Eissing]
*) mod_rewrite: Don't implicitly URL-escape the original query string
when no substitution has changed it (like PR50447 but server context)
[Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
*) mod_http2: fixes problem with wrong lifetime of file buckets on main
connection. [Stefan Eissing]
*) mod_http2: fixes incorrect denial of requests without :authority header.
[Stefan Eissing]
*) mod_reqtimeout: Prevent long response times from triggering a timeout once
the request has been fully read. PR 59045. [Yann Ylavic]
*) ap_expr: expression support for variable HTTP2=on|off. [Stefan Eissing]
*) mod_http2: give control to async mpm for keepalive timeouts only when
no streams are open and even if only after 1 sec delay. Under load, event
mpm discards connections otherwise too quickly. [Stefan Eissing]
*) mod_ssl: Don't lose track of the SSL context if an unlikely failure occurs
in ssl_init_ssl_connection(). [Graham Leggett]
*) mod_rewrite: Add QSL|qslast flag to allow rewrites to files with
literal question marks in their names. PR 58777. [Eric Covener]
*) event: use pre_connection hook to properly initialize connection state for
slave connections. use protocol_switch hook to initialize server config
early based on SNI selected vhost.
[Stefan Eissing]
*) hostname: Test and log useragent_host per-request across various modules,
including the scoreboard, expression and rewrite engines, setenvif,
authz_host, access_compat, custom logging, ssl and REMOTE_HOST variables.
PR55348 [William Rowe]
*) core: Track the useragent_host per-request when mod_remoteip or similar
modules track a per-request useragent_ip. Modules should be updated
to inquire for ap_get_useragent_host() in place of ap_get_remote_host().
[William Rowe]
*) core: fix a bug in <UnDefine ...> directive processing. When used, the last
<Define...>'ed variable was also withdrawn. PR 59019
[Christophe Jaillet]
*) mod_http2: Accept-Encoding is, when present on the initiating request,
added to push promises. This lets compressed content work in pushes.
by the client. [Stefan Eissing]
*) mod_http2: fixed possible read after free when streams were cancelled early
by the client. [Stefan Eissing]
*) mod_http2: fixed possible deadlock during connection shutdown. Thanks to
@FrankStolle for reporting and getting the necessary data.
[Stefan Eissing]
*) mod_http2: fixed apr_uint64_t formatting in a log statement to user proper
APR def, thanks to @Sp1l.
*) mod_http2: number of worker threads allowed to a connection is adjusting
dynamically. Starting with 4, the number is doubled when streams can be
served without block on http/2 connection flow. The number is halfed, when
the server has to wait on client flow control grants.
This can happen with a maximum frequency of 5 times per second.
When a connection occupies too many workers, repeatable requests
(GET/HEAD/OPTIONS) are cancelled and placed back in the queue. Should that
not suffice and a stream is busy longer than the server timeout, the
connection will be aborted with error code ENHANCE_YOUR_CALM.
This does *not* limit the number of streams a client may open, rather the
number of server threads a connection might use.
[Stefan Eissing]
*) mod_http2: allowing link header to specify multiple "rel" values,
space-separated inside a quoted string. Prohibiting push when Link
Loading full blame...