Skip to content
CHANGES 149 KiB
Newer Older
                                                         -*- coding: utf-8 -*-
Ruediger Pluem's avatar
Ruediger Pluem committed

Jim Jagielski's avatar
Jim Jagielski committed
Changes with Apache 2.4.8

Jim Jagielski's avatar
Jim Jagielski committed
  *) SECURITY: CVE-2014-0098 (cve.mitre.org)
     Clean up cookie logging with fewer redundant string parsing passes.
     Log only cookies with a value assignment. Prevents degfaults when
     logging truncated cookies.
     [William Rowe, Ruediger Pluem, Jim Jagielski]

  *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
     TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]

  *) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping 
     execution when a handler is already set. PR53929. [Eric Covener]

  *) mod_ssl: Do not perform SNI / Host header comparison in case of a
     forward proxy request. [Ruediger Pluem]

  *) mod_ssl: Remove the hardcoded algorithm-type dependency for the
     SSLCertificateFile and SSLCertificateKeyFile directives, to enable
     future algorithm agility, and deprecate the SSLCertificateChainFile
     directive (obsoleted by SSLCertificateFile). [Kaspar Brand]

  *) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore, 
     and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
     to child scopes without explicitly configuring each child scope.
     PR56153.  [Edward Lu <Chaosed0 gmail com>] 

  *) prefork: Fix long delays when doing a graceful restart.
     PR 54852 [Jim Jagielski, Arkadiusz Miskiewicz <arekm maven pl>]

  *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
     5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]

  *) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
     IDs 02445, 02446, and 02448 to TRACE1 from DEBUG. PR 56145.
     [Joffroy Christen <joffroy.christen solvaxis com>, Eric Covener]

  *) mod_remoteip: Correct the trusted proxy match test. PR 54651.
     [Yoshinori Ehara <yoshinori ehara gmail com>, Eugene L <eugenel amazon com>]

  *) mod_proxy_fcgi: Fix error message when an unexpected protocol version
     number is received from the application.  PR 56110.  [Jeff Trawick]

  *) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field.
     PR 55972. [Mike Rumph]

  *) mod_lua: Update r:setcookie() to accept a table of options and add domain,
     path and httponly to the list of options available to set.
     PR 56128 [Edward Lu <Chaosed0 gmail com>, Daniel Gruno]
     
Eric Covener's avatar
Eric Covener committed
  *) mod_lua: Fix r:setcookie() to add, rather than replace,
     the Set-Cookie header. PR56105
     [Kevin J Walters <kjw ms com>, Edward Lu <Chaosed0 gmail com>]

Daniel Gruno's avatar
Daniel Gruno committed
  *) mod_lua: Allow for database results to be returned as a hash with 
     row-name/value pairs instead of just row-number/value. [Daniel Gruno]

  *) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
     %{REMOTE_ADDR}. PR 56094. [Edward Lu <Chaosed0 gmail com>]

  *) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
     save the socket for reuse by the next worker as if it were an 
     APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]

Eric Covener's avatar
Eric Covener committed
  *) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
     that was just rewritten by mod_rewrite. PR53929. [Eric Covener]

  *) mod_session: When we have a session we were unable to decode,
     behave as if there was no session at all. [Thomas Eckert
     <thomas.r.w.eckert gmail com>]

  *) mod_session: Fix problems interpreting the SessionInclude and
     SessionExclude configuration. PR 56038. [Erik Pearson
     <erik adaptations.com>]

  *) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
     stanzas under virtual hosts. PR 55622. [Eric Covener]

  *) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
     30 seconds timeout. [Jan Kaluza]

Jim Jagielski's avatar
Jim Jagielski committed
  *) mod_proxy: Added support for unix domain sockets as the
     backend server endpoint [Jim Jagielski, Blaise Tarr
     <blaise tarr gmail com>]

Eric Covener's avatar
Eric Covener committed
  *) build: only search for modules (config*.m4) in known subdirectories, see
     build/config-stubs. [Stefan Fritsch]

Jeff Trawick's avatar
Jeff Trawick committed
  *) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk. 
     PR 55833. [Eric Covener]
  *) mod_ssl: Add support for OpenSSL configuration commands by introducing
     the SSLOpenSSLConfCmd directive. [Stephen Henson, Kaspar Brand]

Jim Jagielski's avatar
Jim Jagielski committed
  *) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
     is equivalent to <ProxyMatch wildcard-url>. [Christophe Jaillet]
  *) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
     mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
     require directives. [Graham Leggett]
  *) mod_proxy_http: Core dumped under high load. PR 50335.
     [Jan Kaluza <jkaluza redhat.com>]
  *) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
     previously limited to 64MB. [Jens Låås <jelaas gmail.com>]
  *) mod_lua: Use binary copy when dealing with uploads through r:parsebody() 
     to prevent truncating files. [Daniel Gruno]

Jim Jagielski's avatar
Jim Jagielski committed
Changes with Apache 2.4.7

Jim Jagielski's avatar
Jim Jagielski committed
  *) APR 1.5.0 or later is now required for the event MPM.
  
  *) slotmem_shm: Error detection. [Jim Jagielski]

Jim Jagielski's avatar
Jim Jagielski committed
  *) event: Use skiplist data structure. [Jim Jagielski]
  *) event: Fail at startup with message AP02405 if the APR atomic
     implementation is not compatible with the MPM.  [Jim Jagielski]

  *) mpm_unix: Add ap_mpm_podx_* implementation to avoid code duplication
     and align w/ trunk. [Jim Jagielski]

  *) Fix potential rejection of valid MaxMemFree and ThreadStackSize
     directives.  [Mike Rumph <mike.rumph oracle.com>]

  *) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
     An individual envvar with an encoded length of more than 16K will be
     omitted.  [Jeff Trawick]
  
  *) mod_proxy_fcgi: Handle reading protocol data that is split between
     packets.  [Jeff Trawick]

  *) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
     allowing custom parameters to be configured via SSLCertificateFile,
     and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
     Unless custom parameters are configured, the standardized parameters
     are applied based on the certificate's RSA/DSA key size. [Kaspar Brand]

  *) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]

  *) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
     keys, and unconditionally disable aNULL, eNULL and EXP ciphers
     (not overridable via SSLCipherSuite). [Kaspar Brand]

  *) mod_proxy: Added support for unix domain sockets as the
     backend server endpoint [Jim Jagielski, Blaise Tarr
     <blaise tarr gmail com>]

  *) Add experimental cmake-based build system for Windows.  [Jeff Trawick,
     Tom Donovan]

  *) event MPM: Fix possible crashes (third party modules accessing c->sbh) 
     or occasional missed mod_status updates for some keepalive requests 
     under load. [Eric Covener]

  *) mod_authn_socache: Support optional initialization arguments for
     socache providers.  [Chris Darroch]

  *) mod_session: Reset the max-age on session save. PR 47476. [Alexey
     Varlamov <alexey.v.varlamov gmail com>]

  *) mod_session: After parsing the value of the header specified by the
     SessionHeader directive, remove the value from the response. PR 55279.
     [Graham Leggett]

  *) mod_headers: Allow for format specifiers in the substitution string
     when using Header edit. [Daniel Ruggeri]

  *) mod_dav: dav_resource->uri is treated as unencoded. This was an
     unnecessary ABI changed introduced in 2.4.6. PR 55397.

  *) mod_dav: Don't require lock tokens for COPY source. PR 55306.

  *) core: Don't truncate output when sending is interrupted by a signal,
     such as from an exiting CGI process. PR 55643. [Jeff Trawick]

  *) WinNT MPM: Exit the child if the parent process crashes or is terminated.
     [Oracle Corporation]

  *) Windows: Correct failure to discard stderr in some error log
     configurations.  (Error message AH00093)  [Jeff Trawick]

  *) mod_session_crypto: Allow using exec: calls to obtain session
     encryption key.  [Daniel Ruggeri]

  *) core: Add missing Reason-Phrase in HTTP response headers.
     PR 54946. [Rainer Jung]

Jeff Trawick's avatar
Jeff Trawick committed
  *) mod_rewrite: Make rewrite websocket-aware to allow proxying.
Eric Covener's avatar
Eric Covener committed
     PR 55598. [Chris Harris <chris.harris kitware com>]

  *) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
     instead of an explicit cn=* filter. [David Hawes <dhawes vt.edu>]

  *) ab: Add wait time, fix processing time, and output write errors only if
     they occured. [Christophe Jaillet]
Loading full blame...