| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
------------------------------------------------------------------------
r80 | roseg | 2014-12-29 11:47:54 +0100 (Mon, 29 Dec 2014) | 10 lines
Release 2.7f
Enhancements:
- compile-time parameter for DH bits (workaround for OpenSSL limitation)
Bug fixes:
- allow '-' and '=' again in URLs (redirect)
- fixed lh_retrieve warning
- fixed "Disable" regex typo
------------------------------------------------------------------------
r79 | roseg | 2014-12-08 14:39:00 +0100 (Mon, 08 Dec 2014) | 12 lines
Release 2.7e
Enhancements:
- added support for elliptical curve encryption
- added support for larger DH keys
- added protocol version in X-SSL-cipher (Tom Fitzhenry)
Bug fixes:
- fixed potential memory leak on client certificates
- fixed alt names problem (Joe Gooch)
- removed debugging messages
------------------------------------------------------------------------
r78 | roseg | 2014-10-18 12:36:28 +0200 (Sat, 18 Oct 2014) | 10 lines
Release 2.7d
Enhancements:
- added "Disable PROTO" directives (fix for Poodle vulnerability)
- added Cert, Disable and Cipher directives for HTTPS back-ends. The
directive HTTPS "cert" no longer supported.
Bug fixes:
- fixed address comparison for RewriteLocation (IPv4/IPv6 problem - Christopher Bartz)
------------------------------------------------------------------------
r77 | roseg | 2014-04-21 13:16:07 +0200 (Mon, 21 Apr 2014) | 9 lines
Release 2.7c
Enhancements:
- added filtering of "Expect: 100-continue" headers
Bug fixes:
- re-patched the redirect patch (Frank Schmierler)
- fixed RPC handling (Frank Schmierler)
------------------------------------------------------------------------
r76 | roseg | 2013-09-26 14:33:21 +0200 (Thu, 26 Sep 2013) | 12 lines
Release 2.7b
Enhancements:
- Add support for PATCH HTTP method
Bug fixes:
- sanitize URLs for redirection (prevent CSRF)
- SSL disable empty fragments
- SSL disable compression (CRIME attack prevention)
- fixed bug in configuration of DISABLED directive
- changed the log level from WARNING to NOTICE if the thread arg is NULL
------------------------------------------------------------------------
r75 | roseg | 2012-04-09 15:37:26 +0200 (Mon, 09 Apr 2012) | 12 lines
Release 2.7a
Enhancements:
- Anonymise configuration option - show last client address byte as 0 (based on an idea by Christian Doering)
- SSLAllowClientRenegotiation (based on a patch from Joe Gooch)
- SSLHonorCipherOrder (based on a patch from Joe Gooch)
- Certificate alternate names support (based on a patch from Jonas Pasche)
- poundctl shows the length of the request queue (based on a request from Leo)
Bug fixes:
- fixed testing of gcc options
------------------------------------------------------------------------
r74 | roseg | 2011-12-28 14:57:45 +0100 (Wed, 28 Dec 2011) | 10 lines
|
|
|
|
|
|
Enhancements:
- support for include directive
- added support for HTTPS backends
- support for SNI via multiple Cert directives (thanks to Joe Gooch)
Bug fixes:
- fixed problem with long input lines in http.c
- keep sessions for disabled back-ends, continue using them until the time-out
- fixed memory leak in session removal
- fix for possible request smuggling by using multiple headers
- changed long to long long for support of requests larger than 2GB
|
|
|
|
|
|
|
|
Requested by Joel Carnat in PR 42163.
------------------------------------------------------------------------
r61 | roseg | 2009-06-29 17:53:55 +0200 (Mon, 29 Jun 2009) | 13 lines
Release 2.4.5
Stable release 2.4.5
Enhancements:
- log back-end killed/disabled/enabled (thanks to Joe Gooch and Jon Garvin)
- kill a BE on connection failure only if it has no HAport defined (thanks to Albert); the request may still fail!
Bug fixes:
- fixed parantheses problems in need_rewrite (thanks to SBR)
- added call to free_headers in http.c (thanks to SBR)
- fixed maximal path length in UNIX domain sockets (thanks to Ricardo Gameiro)
------------------------------------------------------------------------
r60 | roseg | 2009-01-14 17:39:52 +0100 (Wed, 14 Jan 2009) | 18 lines
Release 2.4.4
Stable release 2.4.4
Enhancements:
- added support for UNSUBSCRIBE and NOTIFY in xHTTP 3 and 4
- added support for BPROPFIND in xHTTP 4
- on SSL connections always pass the cipher used to the back-end (thanks to Magnus Sandin)
Bug fixes:
- save and restore errno value in cur_time() (thanks to Albert)
- fixed problem in timer thread (thanks to Albert)
- added shutdown for failed socket connection (thanks to Albert)
- fixed problem with CC containing spaces in Makefile.in (thanks to Elan Ruusamäe)
- increased MAXBUF to default 4096
- increased T_RSA default to 30 minutes
- fixed a problem with Unix sockets back-ends (thanks to Ricardo Gameiro)
------------------------------------------------------------------------
r59 | roseg | 2008-05-31 12:25:41 +0200 (Sat, 31 May 2008) | 11 lines
Release 2.4.3
Stable release 2.4.3
Enhancements:
Bug fixes:
- fixed problem in session access time updating (thanks to Piotr Jakubowski)
- fixed problem in session removal (thanks to Doriam Mori)
- fixed problem in Redirect logging (thanks to Albert)
------------------------------------------------------------------------
r58 | roseg | 2008-04-24 16:31:28 +0200 (Thu, 24 Apr 2008) | 13 lines
Release 2.4.2
Stable release 2.4.2
Enhancements:
Bug fixes:
- fixed problem with session TTL -1 (thanks to Scott Royston for pointing it out)
- fixed problem with back-end killing on failed connect
- fixed a small problem in the poundctl XML output (thanks to johnlr for the fix)
- added hints in call to getaddrinfo() (for Solaris 10 support)
- fixed redirection problem (missing slash in Location/Content-location)
------------------------------------------------------------------------
r57 | roseg | 2008-04-05 11:45:41 +0200 (Sat, 05 Apr 2008) | 12 lines
Release 2.4.1
Stable release 2.4.1
Enhancements:
- added cache control for errors (thanks to Pavel Merdin for the suggestion)
Bug fixes:
- fixed problem with double slash in header rewriting (thanks to Cédric P.)
- remove sched_policy to avoid problems on systems with poor support for it
- fixed memory corruption problem with HAport
------------------------------------------------------------------------
r56 | roseg | 2008-02-11 12:53:51 +0100 (Mon, 11 Feb 2008) | 4 lines
Release 2.4
Stable release 2.4
------------------------------------------------------------------------
r55 | roseg | 2007-12-27 12:54:32 +0100 (Thu, 27 Dec 2007) | 7 lines
Release 2.4f
Enhancements:
Bug fixes:
- fixed back-end enable/disable (priority computing)
------------------------------------------------------------------------
r54 | roseg | 2007-11-29 18:16:36 +0100 (Thu, 29 Nov 2007) | 12 lines
Enhancements:
- added PARM session type. Old PARM is now URL
- allow AddHeader for HTTP listeners as well
- allow -1 for session (all types) TTL. Will hash the key to a fixed value
- Redirect takes an optional code parameter (301, 302/default or 307)
- new config param to allow printing the SSL certificate in a single line
- new config param to control the maximal size of the input line
- added better error messages for SSL loading problems
Bug fixes:
- if the same cookie is defined more than once use LAST definition
------------------------------------------------------------------------
r53 | roseg | 2007-08-15 18:26:58 +0200 (Wed, 15 Aug 2007) | 10 lines
Release 2.4d
Enhancements:
- moved to GPLv3
- now using lh_hash for the session tables
Bug fixes:
- allow case-sensitive matching for URLs
- fixed memory leak in DNS searches
------------------------------------------------------------------------
r52 | roseg | 2007-07-04 15:29:27 +0200 (Wed, 04 Jul 2007) | 10 lines
Release 2.4c
Enhancements:
- added XML output for poundctl
- added more detailed error messages
Bug fixes:
- fixed problems with extra-long lines
- fixed problems with chunked encoding
------------------------------------------------------------------------
r51 | roseg | 2007-05-18 10:35:02 +0200 (Fri, 18 May 2007) | 11 lines
Release 2.4b
Enhancements:
- cleaned resurrection code
- added RR threads scheduling
Bug fixes:
- fixed problem long lines (thanks to Rune Saetre)
- fixed pcreposix autoconf for systems that also require pcre
- fixed problem with IP session handling
------------------------------------------------------------------------
r49 | roseg | 2007-04-30 15:01:17 +0200 (Mon, 30 Apr 2007) | 11 lines
Release 2.4a
Enhancements:
- added display of configuration switches
- added grace period for shutdown (based on an idea from Rune Saetre)
- added support for IPv6 (but host caching was removed)
Bug fixes:
- fixed test for owner/group (BSD portability)
- fixed problem with premature opening of control socket
|
|
|
|
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
|
The Pound program is a reverse proxy, load balancer and HTTPS front-end
for Web server(s). Pound was developed to enable distributing the
load among several Web-servers and to allow for a convenient SSL wrapper
for those Web servers that do not offer it natively. Pound is a very
small program, easily audited for security problems. It can run as
setuid/setgid and/or in a chroot jail. Pound does not access the
hard-disk at all (except for reading the certificate file on start,
if required) and should thus pose no security threat to any machine.
|
