Newer
Older
*) mod_headers: Add 'Header note header-name note-name' for copying a response
headers value into a note. [Eric Covener]
*) mod_headers: Add 'setifempty' command to Header and RequestHeader.
[Eric Covener]
*) mod_logio: new format-specifier %S (sum) which is the sum of received
and sent byte counts.
PR54015 [Christophe Jaillet]
*) mod_deflate: Improve error detection when decompressing request bodies
with trailing garbage: handle case where trailing bytes are in
the same bucket. [Rainer Jung]
*) mod_authz_groupfile, mod_authz_user: Reduce severity of AH01671 and AH01663
from ERROR to DEBUG, since these modules do not know what mod_authz_core
is doing with their AUTHZ_DENIED return value. [Eric Covener]
*) mod_ldap: add TRACE5 for LDAP retries. [Eric Covener]
*) mod_ldap: retry on an LDAP timeout during authn. [Eric Covener]
*) mod_ldap: Change "LDAPReferrals off" to actually set the underlying LDAP
SDK option to OFF, and introduce "LDAPReferrals default" to take the SDK
default, sans rebind authentication callback.
[Jan Kaluza <kaluze AT redhat.com>]
Graham Leggett
committed
*) core: Log a message at TRACE1 when the client aborts a connection.
[Eric Covener]
*) WinNT MPM: Don't crash during child process initialization if the
Listen protocol is unrecognized. [Jeff Trawick]
*) modules: Fix some compiler warnings. [Guenter Knauf]
*) skiplist: Add skiplist capability to httpd [Jim Jagielski]
- Avoid some memory allocation and work when TRACE1 is not activated
- fix typo in include guard
- indent
- No need to lower the string before removing the path, it is just a waste of time...
- Save a few cycles
[Christophe Jaillet <christophe.jaillet wanadoo.fr>]
*) mod_filter: Add "change=no" as a proto-flag to FilterProtocol
to remove a providers initial flags set at registration time.
[Eric Covener]
*) core, mod_ssl: Enable the ability for a module to reverse the sense of
a poll event from a read to a write or vice versa. This is a step on
the way to allow mod_ssl taking full advantage of the event MPM.
[Graham Leggett]
*) Makefile.win: Install proper pcre DLL file during debug build install.
PR 55235. [Ben Reser <ben reser org>]
*) mod_ldap: Fix a potential memory leak or corruption. PR 54936.
[Zhenbo Xu <zhenbo1987 gmail com>]
*) ab: Fix potential buffer overflows when processing the T and X
command-line options. PR 55360.
[Mike Rumph <mike.rumph oracle.com>]
*) fcgistarter: Specify SO_REUSEADDR to allow starting a server
with old connections in TIME_WAIT. [Jeff Trawick]
*) core: Add open_htaccess hook which, in conjunction with dirwalk_stat
and post_perdir_config (introduced in 2.4.5), allows mpm-itk to be
used without patches to httpd core. [Stefan Fritsch]
*) support/htdbm: fix processing of -t command line switch. Regression
introduced in 2.4.4
PR 55264 [Jo Rhett <jrhett netconsonance com>]
*) Revert a broken fix for PR54948 that was applied to 2.4.5 (which was
not released) and found post-2.4.5 tagging.
*) SECURITY: CVE-2013-1896 (cve.mitre.org)
mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault. [Ben Reser
<ben reser.org>]
*) SECURITY: CVE-2013-2249 (cve.mitre.org)
mod_session_dbd: Make sure that dirty flag is respected when saving
sessions, and ensure the session ID is changed each time the session
changes. This changes the format of the updatesession SQL statement.
Existing configurations must be changed.
[Takashi Sato, Graham Leggett]
*) mod_auth_basic: Add a generic mechanism to fake basic authentication
using the ap_expr parser. AuthBasicFake allows the administrator to
construct their own username and password for basic authentication based
on their needs. [Graham Leggett]
Jim Jagielski
committed
*) mpm_event: Check that AsyncRequestWorkerFactor is not negative. PR 54254.
[Jackie Zhang <jackie qq zhang gmail com>]
*) mod_proxy: Ensure we don't attempt to amend a table we are iterating
through, ensuring that all headers listed by Connection are removed.
[Graham Leggett, Co-Advisor <coad measurement-factory.com>]
*) mod_proxy_http: Make the proxy-interim-response environment variable
effective by formally overriding origin server behaviour. [Graham
Leggett, Co-Advisor <coad measurement-factory.com>]
*) mod_proxy: Fix seg-faults when using the global pool on threaded
MPMs [Thomas Eckert <thomas.r.w.eckert gmail.com>, Graham Leggett,
Jim Jagielski]
*) mod_deflate: Remove assumptions as to when an EOS bucket might arrive.
Gracefully step aside if the body size is zero. [Graham Leggett]
*) mod_ssl: Fix possible truncation of OCSP responses when reading from the
server. [Joe Orton]
*) core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
on Linux kernel versions 3.x and above. PR 55121. [Bradley Heilbrun
<apache heilbrun.org>]
*) mod_cache_socache: Make sure the CacheSocacheMaxSize directive is merged
correctly. [Jens Låås <jelaas gmail.com>]
*) rotatelogs: add -n number-of-files option to rotate through a number
Jim Jagielski
committed
*) mod_proxy: Support web-socket tunnels via mod_proxy_wstunnel.
[Jim Jagielski]
*) mod_cache_socache: Use the name of the socache implementation when performing
a lookup rather than using the raw arguments. [Martin Ksellmann
<martin@ksellmann.de>]
*) core: Add dirwalk_stat hook. [Jeff Trawick]
*) core: Add post_perdir_config hook.
[Steinar Gunderson <sgunderson bigfoot.com>]
*) proxy_util: NULL terminate the right buffer in 'send_http_connect'.
[Christophe Jaillet]
*) mod_remoteip: close file in error path. [Christophe Jaillet]
Graham Leggett
committed
*) core: make the "default" parameter of the "ErrorDocument" option case
insensitive. PR 54419 [Tianyin Xu <tixu cs ucsd edu>]
*) mod_proxy_html: make the "ProxyHTMLFixups" options case insensitive.
PR 54420 [Tianyin Xu <tixu cs ucsd edu>]
*) mod_cache: Make option "CacheDisable" in mod_cache case insensitive.
PR 54462 [Tianyin Xu <tixu cs ucsd edu>]
Graham Leggett
committed
Graham Leggett
committed
*) mod_cache: If a 304 response indicates an entity not currently cached, then
the cache MUST disregard the response and repeat the request without the
conditional. [Graham Leggett, Co-Advisor <coad measurement-factory.com>]
*) mod_cache: Ensure that we don't attempt to replace a cached response
with an older response as per RFC2616 13.12. [Graham Leggett, Co-Advisor
<coad measurement-factory.com>]
*) core, mod_cache: Ensure RFC2616 compliance in ap_meets_conditions()
with weak validation combined with If-Range and Range headers. Break
out explicit conditional header checks to be useable elsewhere in the
server. Ensure weak validation RFC compliance in the byteranges filter.
Ensure RFC validation compliance when serving cached entities. PR 16142
[Graham Leggett, Co-Advisor <coad measurement-factory.com>]
*) core: Add the ability to do explicit matching on weak and strong ETags
as per RFC2616 Section 13.3.3. [Graham Leggett, Co-Advisor
<coad measurement-factory.com>]
*) mod_cache: Ensure that updated responses to HEAD requests don't get
mistakenly paired with a previously cached body. Ensure that any existing
body is removed when a HEAD request is cached. [Graham Leggett,
Co-Advisor <coad measurement-factory.com>]
*) mod_cache: Honour Cache-Control: no-store in a request. [Graham Leggett]
*) mod_cache: Make sure that contradictory entity headers present in a 304
Not Modified response are caught and cause the entity to be removed.
[Graham Leggett]
*) mod_cache: Make sure Vary processing handles multivalued Vary headers and
multivalued headers referred to via Vary. [Graham Leggett]
*) mod_cache: When serving from cache, only the last header of a multivalued
header was taken into account. Fixed. Ensure that Warning headers are
correctly handled as per RFC2616. [Graham Leggett]
*) mod_cache: Ignore response headers specified by no-cache=header and
private=header as specified by RFC2616 14.9.1 What is Cacheable. Ensure
Loading full blame...