diff options
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 220 |
1 files changed, 190 insertions, 30 deletions
@@ -1,7 +1,160 @@ -*- coding: utf-8 -*- +Changes with Apache 2.4.23 + + *) mod_ssl: reset client-verify state of ssl when aborting renegotiations. + [Erki Aring <erki@example.ee>, Stefan Eissing] + + *) mod_sed: Fix 'x' command processing. [Christophe Jaillet] + + *) configure: Fix ./configure edge-case failures around dependencies + of mod_proxy_hcheck. [William Rowe, Ruediger Pluem, Jeff Trawick] + +Changes with Apache 2.4.22 + + *) mod_http2: fix for request abort when connections drops, introduced in + 1.5.8 + +Changes with Apache 2.4.21 + + *) mod_http2: more rigid error handling in DATA frame assembly, leading + to deterministic connection errors if assembly fails. + [Stefan Eissing, Pal Nilsen <https://github.com/maedox>] + + *) abs: Include OPENSSL_Applink when compiling on Windows, to resolve + failures under Visual Studio 2015 and other mismatched MSVCRT flavors. + PR59630 [Jan Ehrhardt <phpdev ehrhardt.nl>] + + *) mod_ssl: Add "no_crl_for_cert_ok" flag to SSLCARevocationCheck directive + to opt-in previous behaviour (2.2) with CRLs verification when checking + certificate(s) with no corresponding CRL. [Yann Ylavic] + + *) mpm_event, mpm_worker: Fix computation of MinSpareThreads' lower bound + according the number of listeners buckets. [Yann Ylavic] + + *) Add ap_cstr_casecmp[n]() - placeholder of apr_cstr_casecmp[n] functions + for case-insensitive C/POSIX-locale token comparison. + [Jim Jagielski, William Rowe, Yann Ylavic, Branko Čibej] + + *) mod_userdir: Constify and save a few bytes in the conf pool when + parsing the "UserDir" directive. [Christophe Jaillet] + + *) mod_cache: Fix (max-stale with no '=') and enforce (check + integers after '=') Cache-Control header parsing. + [Christophe Jaillet] + + *) core: Add -DDUMP_INCLUDES configtest option to show the tree + of Included configuration files. + [Jacob Champion <champion.pxi gmail.com>] + + *) mod_proxy_fcgi: Avoid passing a filename of proxy:fcgi:// as + SCRIPT_FILENAME to a FastCGI server. PR59618. + [Jacob Champion <champion.pxi gmail.com>] + + *) mod_dav: Add dav_get_provider_name() function to obtain the name + of the provider from mod_dav. + [Jari Urpalainen <jari.urpalainen nokia.com>] + + *) mod_proxy_http2: properly care for HTTP2 flow control of the frontend + connection is HTTP/1.1. [Patch supplied by Evgeny Kotkov] + + *) mod_http2: improved cleanup of connection/streams/tasks to always + have deterministic order regardless of event initiating it. Addresses + reported crashes due to memory read after free issues. + [Stefan Eissing] + + *) mod_ssl: Correct the interaction between SSLProxyCheckPeerCN and newer + SSLProxyCheckPeerName directives since release 2.4.5, such that disabling + either disables both, and that enabling either triggers the new, more + comprehensive SSLProxyCheckPeerName behavior. Only a single configuration + remains to enable the legacy behavior, which is to explicitly disable + SSLProxyCheckPeerName, and enable SSLProxyCheckPeerCN. [William Rowe] + + *) mod_include: add the <!--#comment ...> syntax in order to include comments + in a SSI file. [Christophe Jaillet based on a suggestion from Rob] + + *) mod_http2: improved event handling for suspended streams, responses + and window updates. [Stefan Eissing] + + *) mod_proxy_hcheck: Provide for dynamic background health + checks on reverse proxies associated with BalancerMember + workers. [Jim Jagielski] + + *) mod_http2: Fix async write issue that led to selection of wrong timeout + vs. keepalive timeout selection for idle sessions. [Stefan Eissing] + + *) mod_http2: checking LimitRequestLine, LimitRequestFields and + LimitRequestFieldSize configurated values for incoming streams. Returning + HTTP status 431 for too long/many headers fields and 414 for a too long + pseudo header. [Stefan Eissing] + + *) mod_http2: tracking conn_rec->current_thread on slave connections, so + that mod_lua finds the correct one. Fixes PR 59542. [Stefan Eissing] + + *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy + urls. Part of the httpd mod_proxy framework, common settings apply. + Requests from the same HTTP/2 frontend connection against the same backend + are aggregated on a single connection. + [Stefan Eissing] + + *) mod_http2: slave connections have conn_rec->aborted flag set when a stream + has been reset by the client. [Stefan Eissing] + + *) mod_http2: merge of some 2.4.x adaptions re filters on slave connections. + Small fixes in bucket beams when forwarding file buckets. Output handling + on master connection uses less FLUSH and passes automatically when more + than half of H2StreamMaxMemSize bytes have accumulated. + Workaround for http: when forwarding partial file buckets to keep the + output filter from closing these too early. [Stefan Eissing] + + *) mod_http2: elimination of fixed master connection buffer for TLS + connections. New scratch bucket handling optimized for TLS write sizes. + File bucket data read directly into scratch buffers, avoiding one + copy. Non-TLS connections continue to pass buckets unchanged to the core + filters to allow sendfile() usage. [Stefan Eissing] + + *) mod_http2/mod_proxy_http2: h2_request.c is no longer shared between these + modules. This simplifies building on platforms such as Windows, as module + reference used in logging is now clear. [Stefan Eissing] + + *) Scoreboard: Fix a regression in 2.4.20 that causes wrong request data + to be displayed on the status page. PR 59333. [Yann Ylavic, William Rowe] + + *) mod_http2: fixed a bug that caused mod_proxy_http2 to be called for window + updates on requests it had already reported done. Added synchronization + on early connection/stream close that lets ongoing requests safely drain + their input filters. + [Stefan Eissing] + + *) mod_http2: scoreboard updates that summarize the h2 session (and replace + the last request information) will only happen when the session is idle or + in shutdown/done phase. [Stefan Eissing] + + *) mod_http2: new "bucket beam" technology to transport buckets across + threads without buffer copy. Delaying response start until flush or + enough body data has been accumulated. Overall significantly smaller + memory footprint. [Stefan Eissing] + + *) core: New CGIVar directive can configure REQUEST_URI to represent the + current URI being processed instead of always the original request. + [Jeff Trawick] + + *) scoreboard/status: Restore behavior of showing workers' previous Client, + VHost and Request values when idle, like in 2.4.18 and earlier. + + *) mod_http2: r->protocol changed to "HTTP/2.0" (was "HTTP/2") as this will + give expected syntax in CGI's SERVER_PROTOCOL is more compatible with + existing major/minor handling. Fixes PR 59313. + + *) mod_http2: disabling mmap for file buckets transport due to segmenation + faults when files change on the fly. + Changes with Apache 2.4.20 + *) SECURITY: CVE-2016-1546 (cve.mitre.org) + mod_http2: restricting number of concurrent stream workers per connection + if client is slow. + *) core: Do not read .htaccess if AllowOverride and AllowOverrideList are "None". PR 58528. [Michael Schlenker <msc contact.de, Ruediger Pluem, Daniel Ruggeri] @@ -11,7 +164,7 @@ Changes with Apache 2.4.20 *) core/util_script: relax alphanumeric filter of enviroment variable names on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al. - unadulterated in 64 bit versions of Windows. PR 46751. + unadulterated in 64 bit versions of Windows. PR 46751. [John <john leineweb de>] *) mod_http2: incrementing keepalives on each request started so that logging @@ -25,10 +178,10 @@ Changes with Apache 2.4.20 *) mod_http2: fix for missing score board updates on request count, fix for memory leak on slave connection reuse. [Stefan Eissing] - + *) mod_http2: Fix build on Windows from dsp files. [Stefan Eissing] - + Changes with Apache 2.4.19 *) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the @@ -37,6 +190,11 @@ Changes with Apache 2.4.19 *) mod_authz_host: Add a new "forward-dns" authorization type, not relying on reverse DNS lookups. [Fabien] + *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy + urls. Uses backend connections for concurrent requests if frontend + connection is http2 as well. + [Stefan Eissing] + *) mod_ssl: Add hooks to allow other modules to perform processing at several stages of initialization and connection handling. See mod_ssl_openssl.h. [Jeff Trawick] @@ -260,10 +418,10 @@ Changes with Apache 2.4.18 streams with higher cumulative window size. Reducing write frequency unless push promises need to be flushed. [Stefan Eissing] - + *) mod_http2: required minimum version of libnghttp2 is 1.2.1 [Stefan Eissing] - + *) mod_proxy_fdpass: Fix AH01153 error when using the default configuration. In earlier version of httpd, you can explicitelly set the 'flusher' parameter to 'flush' as a workaround. (i.e. flusher=flush) @@ -276,7 +434,7 @@ Changes with Apache 2.4.18 *) mod_http2: new directive 'H2PushPriority' to allow priority specifications on server pushed streams according to their content-type. [Stefan Eissing] - + *) mod_http2: fixes crash on connection abort for a busy connection. fixes crash on a request that did not produce any response. [Stefan Eissing] @@ -291,22 +449,22 @@ Changes with Apache 2.4.18 *) mod_http2: new directive 'H2Push' to en-/disable HTTP/2 server pushes a server/virtual host. Pushes are initiated by the presence of 'Link:' headers with relation 'preload' on a response. [Stefan Eissing] - + *) mod_http2: write performance of http2 improved for larger resources, especially static files. [Stefan Eissing] - + *) core: if the first HTTP/1.1 request on a connection goes to a server that prefers different protocols, these protocols are announced in a Upgrade: header on the response, mentioning the preferred protocols. [Stefan Eissing] - + *) mod_http2: new directives 'H2TLSWarmUpSize' and 'H2TLSCoolDownSecs' to control TLS record sizes during connection lifetime. [Stefan Eissing] - + *) mod_http2: new directive 'H2ModernTLSOnly' to enforce security requirements of RFC 7540 on TLS connections. [Stefan Eissing] - + *) core: add ap_get_protocol_upgrades() to retrieve the list of protocols that a client could possibly upgrade to. Use in first request on a connection to announce protocol choices. [Stefan Eissing] @@ -314,7 +472,7 @@ Changes with Apache 2.4.18 *) mod_http2: reworked deallocation on connection shutdown and worker abort. Separate parent pool for all workers. worker threads are joined on planned worker shutdown. [Yann Ylavic, Stefan Eissing] - + *) mod_ssl: when receiving requests for other virtual hosts than the handshake server, the SSL parameters are checked for equality. With equal configuration, requests are passed for processing. Any change will trigger @@ -626,7 +784,7 @@ Changes with Apache 2.4.13 (not released) 'No such file or directory: unable to connect to cgi daemon...' could be logged without an actual retry. PR57685. [Edward Lu <Chaosed0 gmail.com>] - + *) mod_proxy: Use the original (non absolute) form of the request-line's URI for requests embedded in CONNECT payloads used to connect SSL backends via a ProxyRemote forward-proxy. PR 55892. [Hendrik Harms <hendrik.harms @@ -723,7 +881,7 @@ Changes with Apache 2.4.12 (not released). Changes with Apache 2.4.11 (not released) - + *) SECURITY: CVE-2014-3583 (cve.mitre.org) mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. [Yann Ylavic, Jeff Trawick] @@ -756,7 +914,7 @@ Changes with Apache 2.4.11 (not released) *) mod_proxy_fcgi: Provide some basic alternate options for specifying how PATH_INFO is passed to FastCGI backends by adding significance to the value of proxy-fcgi-pathinfo. PR 55329. [Eric Covener] - + *) mod_proxy_fcgi: Enable UDS backends configured with SetHandler/RewriteRule to opt-in to connection reuse and other Proxy options via explicitly declared "proxy workers" (<Proxy unix:... enablereuse=on max=...) @@ -839,7 +997,7 @@ Changes with Apache 2.4.11 (not released) *) mod_cache: Avoid a 304 response to an unconditional requst when an AH00752 CacheLock error occurs during cache revalidation. [Eric Covener] - + *) mod_ssl: Move OCSP stapling information from a per-certificate store to a per-server hash. PR 54357, PR 56919. [Alex Bligh <alex alex.org.uk>, Yann Ylavic, Kaspar Brand] @@ -861,7 +1019,7 @@ Changes with Apache 2.4.11 (not released) *) mod_substitute: Fix line length limitation in case of regexp plus flatten. [Rainer Jung] - + *) mod_proxy: Truncated character worker names are no longer fatal errors. PR53218. [Jim Jagielski] @@ -1048,7 +1206,7 @@ Changes with Apache 2.4.10 *) mod_alias: Stop setting CONTEXT_PREFIX and CONTEXT_DOCUMENT environment variables as a result of AliasMatch. [Eric Covener] - + *) mod_cache: Don't add cached/revalidated entity headers to a 304 response. PR 55547. [Yann Ylavic] @@ -1152,7 +1310,7 @@ Changes with Apache 2.4.10 [Daniel Gruno] *) mod_lua: Add r:wspeek for peeking at WebSocket frames. [Daniel Gruno] - + *) mod_lua: Log an error when the initial parsing of a Lua file fails. [Daniel Gruno, Felipe Daragon <filipe syhunt com>] @@ -1248,7 +1406,7 @@ Changes with Apache 2.4.8 (not released) *) mod_lua: Update r:setcookie() to accept a table of options and add domain, path and httponly to the list of options available to set. PR 56128 [Edward Lu <Chaosed0 gmail com>, Daniel Gruno] - + *) mod_lua: Fix r:setcookie() to add, rather than replace, the Set-Cookie header. PR56105 [Kevin J Walters <kjw ms com>, Edward Lu <Chaosed0 gmail com>] @@ -1313,7 +1471,7 @@ Changes with Apache 2.4.7 configuration. [Graham Leggett] *) APR 1.5.0 or later is now required for the event MPM. - + *) slotmem_shm: Error detection. [Jim Jagielski] *) event: Use skiplist data structure. [Jim Jagielski] @@ -1330,7 +1488,7 @@ Changes with Apache 2.4.7 *) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars. An individual envvar with an encoded length of more than 16K will be omitted. [Jeff Trawick] - + *) mod_proxy_fcgi: Handle reading protocol data that is split between packets. [Jeff Trawick] @@ -1347,8 +1505,10 @@ Changes with Apache 2.4.7 (not overridable via SSLCipherSuite). [Kaspar Brand] *) mod_proxy: Added support for unix domain sockets as the - backend server endpoint [Jim Jagielski, Blaise Tarr - <blaise tarr gmail com>] + backend server endpoint. This also introduces an unintended + incompatibility for third party modules using the mod_proxy + proxy_worker_shared structure, especially for balancer lbmethod + modules. [Jim Jagielski, Blaise Tarr <blaise tarr gmail com>] *) Add experimental cmake-based build system for Windows. [Jeff Trawick, Tom Donovan] @@ -1412,7 +1572,7 @@ Changes with Apache 2.4.7 *) ab: Add a new -l parameter in order not to check the length of the responses. This can be usefull with dynamic pages. PR9945, PR27888, PR42040 [<ccikrs1 cranbrook edu>] - + *) Suppress formatting of startup messages written to the console when ErrorLogFormat is used. [Jeff Trawick] @@ -1849,7 +2009,7 @@ Changes with Apache 2.4.4 *) mod_proxy_balancer: Improve output of balancer-manager (re: Drn, Dis, Ign, Stby). PR 52478 [Danijel <dt-ng rbfh de>] - + *) configure: Fix processing of --disable-FEATURE for various features. [Jeff Trawick] @@ -1924,7 +2084,7 @@ Changes with Apache 2.4.4 *) mod_header: Allow for exposure of loadavg and server load using new format specifiers %l, %i, %b [Jim Jagielski] - + *) core: Make ap_regcomp() return AP_REG_ESPACE if out of memory. Make ap_pregcomp() abort if out of memory. This raises the minimum PCRE requirement to version 6.0. [Stefan Fritsch] @@ -1957,7 +2117,7 @@ Changes with Apache 2.4.4 *) mod_ldap: Fix regression in handling "server unavailable" errors on Windows. PR 54140. [Eric Covener] - + *) syslog logging: Remove stray ", referer" at the end of some messages. [Jeff Trawick] @@ -2523,7 +2683,7 @@ Changes with Apache 2.3.15 *) rotatelogs: Add -c option to force logfile creation in every rotation interval, even if empty. [Jan Kaluža <jkaluza redhat.com>] - + *) core: Limit ap_pregsub() to 64K, add ap_pregsub_ex() for longer strings. [Stefan Fritsch] @@ -2538,7 +2698,7 @@ Changes with Apache 2.3.15 *) mod_lua: add r:construct_url as a wrapper for ap_construct_url. [Eric Covener] - + *) mod_remote_ip: Fix configuration of internal proxies. PR 49272. [Jim Riggs <jim riggs me>] |