httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1203636 [2/2] - /httpd/httpd/trunk/CHANGES
Date Fri, 18 Nov 2011 13:14:42 GMT

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1203636&r1=1203635&r2=1203636&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Nov 18 13:14:42 2011
@@ -3,2299 +3,12 @@ Changes with Apache 2.5.0
 
   *) error log hook: add conn_rec as a parameter.  [Jeff Trawick]
 
-  *) mod_ssl: drop support for the SSLv2 protocol. [Kaspar Brand]
+  [Apache 2.5.0-dev includes those bug fixes and changes with the
+   Apache 2.4.xx tree as documented below, except as noted.]
 
-  *) mod_lua: Stop losing track of all but the most specific LuaHook* directives
-     when multiple per-directory config sections are used.  Adds LuaInherit 
-     directive to control how parent sections are merged.  [Eric Covener]
+Changes with Apache 2.4.x and later:
 
-  *) mod_cache: Make sure we merge headers correctly when we handle a
-     non cacheable conditional response. PR52120. [Graham Leggett]
-
-  *) core: Set MaxMemFree 2048 by default. [Stefan Fritsch]
-
-  *) mpm_event: Fix assertion failure during very high load. [Stefan Fritsch]
-
-  *) configure: Only load the really imporant modules (i.e. those enabled by
-     the 'few' selection) by default. Don't handle modules enabled with
-     --enable-foo specially. [Stefan Fritsch]
-
-  *) end-generation hook: Fix false notification of end-of-generation for
-     temporary intervals with no active MPM children.  [Jeff Trawick]
-
-  *) mod_ssl: Add support for RFC 5077 TLS Session tickets.
-     [Paul Querna]
-
-  *) mod_usertrack: Use random value instead of remote IP address.
-     [Stefan Fritsch]
-
-Changes with Apache 2.3.15
-
-  *) SECURITY: CVE-2011-3348 (cve.mitre.org)
-     mod_proxy_ajp: Respond with HTTP_NOT_IMPLEMENTED when the method is not
-     recognized.  [Jean-Frederic Clere]
-
-  *) SECURITY: CVE-2011-3192 (cve.mitre.org)
-     core: Fix handling of byte-range requests to use less memory, to avoid
-     denial of service. If the sum of all ranges in a request is larger than
-     the original file, ignore the ranges and send the complete file.
-     PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener,
-     <lowprio20 gmail.com>]
-
-  *) SECURITY: CVE-2011-3607 (cve.mitre.org)
-     core: Fix integer overflow in ap_pregsub. This can be triggered e.g.
-     with mod_setenvif via a malicious .htaccess. [Stefan Fritsch]
-
-  *) configure: Load all modules in the generated default configuration
-     when using --enable-load-all-modules. [Rainer Jung]
-
-  *) mod_reqtimeout: Change the default to set some reasonable timeout
-     values. [Stefan Fritsch]
-
-  *) core, mod_dav_fs: Change default ETag to be "size mtime", i.e. remove
-     the inode. PR 49623. [Stefan Fritsch]
-
-  *) mod_lua: Expose SSL variables via r:ssl_var_lookup().  [Eric Covener]
-
-  *) mod_lua: LuaHook{AccessChecker,AuthChecker,CheckUserID,TranslateName}
-     can now additionally be run as "early" or "late" relative to other modules.
-     [Eric Covener]
-
-  *) configure: By default, only load those modules that are either required
-     or explicitly selected by a configure --enable-foo argument. The
-     LoadModule statements for modules enabled by --enable-mods-shared=most
-     and friends will be commented out. [Stefan Fritsch]
-
-  *) mod_lua: Prevent early Lua hooks (LuaHookTranslateName and 
-     LuaHookQuickHandler) from being configured in <Directory>, <Files>, 
-     and htaccess where the configuration would have been ignored.
-     [Eric Covener]
-
-  *) mod_lua: Resolve "attempt to index local 'r' (a userdata value)" errors
-     in LuaMapHandler scripts [Eric Covener]
-
-  *) mod_log_debug: Rename optional argument from if= to expr=, to be more
-     in line with other config directives. [Stefan Fritsch]
-
-  *) mod_headers: Require an expression to be specified with expr=, to be more
-     in line with other config directives. [Stefan Fritsch]
-
-  *) mod_substitute: To prevent overboarding memory usage, limit line length
-     to 1MB. [Stefan Fritsch]
-
-  *) mod_lua: Make the query string (r.args) writable. [Eric Covener]
-
-  *) mod_include: Add support for application/x-www-form-urlencoded encoding
-     and decoding. [Graham Leggett]
-
-  *) rotatelogs: Add -c option to force logfile creation in every rotation 
-     interval, even if empty.  [Jan Kaluža <jkaluza redhat.com>]
- 
-  *) core: Limit ap_pregsub() to 64K, add ap_pregsub_ex() for longer strings.
-     [Stefan Fritsch]
-
-  *) mod_session_crypto: Refactor to support the new apr_crypto API.
-     [Graham Leggett]
-
-  *) http: Add missing Location header if local URL-path is used as
-     ErrorDocument for 30x. [Stefan Fritsch]
-
-  *) mod_buffer: Make sure we step down for subrequests, but not for internal
-     redirects triggered by mod_rewrite. [Graham Leggett]
-
-  *) mod_lua: add r:construct_url as a wrapper for ap_construct_url.
-     [Eric Covener]
- 
-  *) mod_remote_ip: Fix configuration of internal proxies. PR 49272.
-     [Jim Riggs <jim riggs me>]
-
-  *) mpm_winnt: Handle AcceptFilter 'none' mode correctly; resolve specific
-     server IP endpoint and remote client IP upon connection.  [William Rowe]
-
-  *) mod_setenvif: Remove OID match which is obsoleted by SetEnvIfExpr with
-     PeerExtList(). [Stefan Fritsch]
-
-  *) mpm_prefork, mpm_worker, mpm_event: If a child is created just before
-     graceful restart and then exits because of a missing lock file, don't
-     shutdown the whole server. PR 39311. [Shawn Michael
-     <smichael rightnow com>]
-
-  *) mpm_event: Check the return value from ap_run_create_connection.
-     PR: 41194. [Davi Arnaut]
-
-  *) mod_mime_magic: Add signatures for PNG and SWF to the example config.
-     PR: 48352. [Jeremy Wagner-Kaiser <jwagner-kaiser adknowledge com>]
-
-  *) core, unixd: Add -D DUMP_RUN_CFG option to dump some configuration items
-     from the parsed (or default) config. This is useful for init scripts that
-     need to setup temporary directories and permissions. [Stefan Fritsch]
-
-  *) core, mod_actions, mod_asis: Downgrade error log messages which accompany
-     a 404 request status from loglevel error to info. PR: 35768. [Stefan
-     Fritsch]
-
-  *) core: Fix hook sorting with Perl modules. PR: 45076. [Torsten Foertsch
-     <torsten foertsch gmx net>]
-
-  *) core: Enforce LimitRequestFieldSize after multiple headers with the same
-     name have been merged. [Stefan Fritsch]
-
-  *) mod_ssl: If MaxMemFree is set, ask OpenSSL >= 1.0.0 to reduce memory
-     usage.  PR 51618. [Cristian Rodríguez <crrodriguez opensuse org>,
-     Stefan Fritsch]
-
-  *) mod_ssl: At startup, when checking a server certificate whether it
-     matches the configured ServerName, also take dNSName entries in the
-     subjectAltName extension into account. PR 32652, PR 47051. [Kaspar Brand]
-
-  *) mod_substitute: Reduce memory usage and copying of data. PR 50559.
-     [Stefan Fritsch]
-
-  *) mod_ssl/proxy: enable the SNI extension for backend TLS connections
-     [Kaspar Brand]
-
-  *) Add wrappers for malloc, calloc, realloc that check for out of memory
-     situations and use them in many places. PR 51568, PR 51569, PR 51571.
-     [Stefan Fritsch]
-
-  *) Fix cross-compilation of mod_cgi/mod_cgid when APR_HAVE_STRUCT_RLIMIT is 
-     false but RLIMIT_* are defined.  PR51371. [Eric Covener]
-
-  *) core: Correctly obey ServerName / ServerAlias if the Host header from the
-     request matches the VirtualHost address.
-     PR 51709. [Micha Lenk <micha lenk.info>]
-
-  *) mod_unique_id: Use random number generator to initialize counter.
-     PR 45110. [Stefan Fritsch]
-
-  *) core: Add convenience API for apr_random. [Stefan Fritsch]
-
-  *) core: Add MaxRangeOverlaps and MaxRangeReversals directives to control
-     the number of overlapping and reversing ranges (respectively) permitted
-     before returning the entire resource, with a default limit of 20.
-     [Jim Jagielski]
-
-  *) mod_ldap: Optional function uldap_ssl_supported(r) always returned false
-     if called from a virtual host with mod_ldap directives in it.  Did not
-     affect mod_authnz_ldap's usage of mod_ldap.  [Eric Covener]
-
-  *) mod_filter: Instead of dropping the Accept-Ranges header when a filter
-     registered with AP_FILTER_PROTO_NO_BYTERANGE is present,
-     set the header value to "none". [Eric Covener, Ruediger Pluem]
-
-  *) core: Allow MaxRanges none|unlimited|default and set 'Accept-Ranges: none'
-     in the case Ranges are being ignored with MaxRanges none.
-     [Eric Covener]
-
-  *) mod_ssl: revamp CRL-based revocation checking when validating
-     certificates of clients or proxied servers. Completely delegate
-     CRL processing to OpenSSL, and add a new [Proxy]CARevocationCheck
-     directive for controlling the revocation checking mode. [Kaspar Brand]
-
-  *) core: Add MaxRanges directive to control the number of ranges permitted
-     before returning the entire resource, with a default limit of 200.
-     [Eric Covener]
-
-  *) mod_cache: Ensure that CacheDisable can correctly appear within
-     a LocationMatch. [Graham Leggett]
-
-  *) mod_cache: Fix the moving of the CACHE filter, which erroneously
-     stood down if the original filter was not added by configuration.
-     [Graham Leggett]
-
-  *) mod_ssl: improve certificate error logging. PR 47408. [Kaspar Brand]
-
-  *) mod_authz_groupfile: Increase length limit of lines in the group file to
-     16MB. PR 43084. [Stefan Fritsch]
-
-  *) core: Increase length limit of lines in the configuration file to 16MB.
-     PR 45888. PR 50824. [Stefan Fritsch]
-
-  *) core: Add API for resizable buffers. [Stefan Fritsch]
-
-  *) mod_ldap: Enable LDAPConnectionTimeout for LDAP toolkits that have
-     LDAP_OPT_CONNECT_TIMEOUT instead of LDAP_OPT_NETWORK_TIMEOUT, such
-     as Tivoli Directory Server 6.3 and later. [Eric Covener]
-
-  *) mod_ldap: Change default number of retries from 10 to 3, and add
-     an LDAPRetries and LDAPRetryDelay directives. [Eric Covener]
-
-  *) mod_authnz_ldap: Don't retry during authentication, because this just
-     multiplies the ample retries already being done by mod_ldap. [Eric Covener]
-
-  *) configure: Allow to explicitly disable modules even with module selection
-     'reallyall'. [Stefan Fritsch]
-
-  *) mod_rewrite: Check validity of each internal (int:) RewriteMap even if the
-     RewriteEngine is disabled in server context, avoiding a crash while
-     referencing the invalid int: map at runtime. PR 50994.
-     [Ben Noordhuis <info noordhuis nl>]
-
-  *) mod_ssl, configure: require OpenSSL 0.9.7 or later. [Kaspar Brand]
-
-  *) mod_ssl: remove ssl_toolkit_compat layer. [Kaspar Brand]
-
-  *) mod_ssl, configure, ab: drop support for RSA BSAFE SSL-C toolkit.
-     [Kaspar Brand]
-
-  *) mod_usertrack: Run mod_usertrack earlier in the fixups hook to ensure the
-     cookie is set when modules such as mod_rewrite trigger a redirect. Also
-     use r->err_headers_out for the cookie, for the same reason.  PR29755.
-     [Sami J. Mäkinen <sjm almamedia fi>, Eric Covener]
-
-  *) mod_proxy_http, mod_proxy_connect: Add 'proxy-status' and
-     'proxy-source-port' request notes for logging. PR 30195. [Stefan Fritsch]
-
-  *) configure: Enable ldap modules in 'all' and 'most' selections if ldap
-     is compiled into apr-util. [Stefan Fritsch]
-
-  *) core: Add ap_check_cmd_context()-check if a command is executed in
-     .htaccess file. [Stefan Fritsch]
-
-  *) mod_deflate: Fix endless loop if first bucket is metadata. PR 51590.
-     [Torsten Foertsch <torsten foertsch gmx net>]
-
-  *) mod_authn_socache: Fix to work in .htaccess if not configured anywhere
-     in httpd.conf, and introduce an AuthnCacheEnable directive.
-     PR 51991 [Nick Kew]
-
-  *) mod_xml2enc: new (formerly third-party) module supporting
-     internationalisation for filters via smart charset sniffing
-     and conversion. [Nick Kew]
-
-  *) mod_proxy_html: new (formerly third-party) module to fix up
-     HTML links in a reverse proxy situation, where a backend
-     generates URLs that are not resolvable by Clients. [Nick Kew]
-
-Changes with Apache 2.3.14
-
-  *) mod_proxy_ajp: Improve trace logging.  [Rainer Jung]
-
-  *) mod_proxy_ajp: Respect "reuse" flag in END_REPONSE packets.
-     [Rainer Jung]
-
-  *) mod_proxy: enable absolute URLs to be rewritten with ProxyPassReverse,
-     e.g. to reverse proxy "Location: https://other-internal-server/login"
-     [Nick Kew]
-
-  *) prefork, worker, event: Make sure crashes are logged to the error log if
-     httpd has already detached from the console. [Stefan Fritsch]
-
-  *) prefork, worker, event: Reduce period during startup/restart where a
-     successive signal may be lost. PR 43696. [Arun Bhalla <arun shme net>]
-
-  *) mod_allowmethods: Correct Merging of "reset" and do not allow an
-     empty parameter list for the AllowMethods directive. [Rainer Jung]
-
-  *) configure: Update selection of modules for 'all' and 'most'. 'all' will
-     now enable all modules except for example and test modules. Make the
-     selection for 'most' more useful (including ssl and proxy). Both 'all'
-     and 'most' will now disable modules if dependencies are missing instead
-     of aborting. If a specific module is requested with --enable-XXX=yes,
-     missing dependencies will still cause configure to exit with an error.
-     [Stefan Fritsch]
-
-  *) mod_ldap: Revert the integration of apr-ldap as ap_ldap which was done
-     in 2.3.13. [Stefan Fritsch]
-
-  *) core: For '*' or '_default_' vhosts, use a wildcard address of any
-     address family, rather than IPv4 only.  [Joe Orton]
-
-  *) core, mod_rewrite, mod_ssl, mod_nw_ssl: Make the SERVER_NAME variable
-     include [ ] for literal IPv6 addresses, as mandated by RFC 3875.
-     PR 26005. [Stefan Fritsch]
-
-  *) mod_negotiation: Fix parsing of Content-Length in type maps. PR 42203.
-     [Nagae Hidetake <nagae eagan jp>]
-
-  *) core: Add more logging to ap_scan_script_header_err* functions. Add
-     ap_scan_script_header_err*_ex functions that take a module index for
-     logging.
-     mod_cgi, mod_cgid, mod_proxy_fcgi, mod_proxy_scgi, mod_isapi: Use the
-     new functions in order to make logging configurable per-module.
-     [Stefan Fritsch]
-
-  *) mod_dir: Add DirectoryIndexRedirect to send an external redirect to
-     the proper index.  [Eric Covener]
-
-  *) mod_deflate: Don't try to compress requests with a zero sized body.
-     PR 51350. [Stefan Fritsch]
-
-  *) core: Fix startup on IPv6-only systems. PR 50592. [Joe Orton,
-     <root linkage white-void net>]
-
-  *) suexec: Add environment variables CONTEXT_DOCUMENT_ROOT, CONTEXT_PREFIX,
-     REDIRECT_ERROR_NOTES, REDIRECT_SCRIPT_FILENAME, REQUEST_SCHEME to the
-     whitelist in suexec. PR 51499. [Graham Laverty <graham reg ca>,
-     Stefan Fritsch]
-
-  *) mod_rewrite: Fix regexp RewriteCond with NoCase. [Stefan Fritsch]
-
-  *) mod_log_debug: New module that allows to log custom messages at various
-     phases in the request processing. [Stefan Fritsch]
-
-  *) mod_ssl: Add some debug logging when loading server certificates.
-     PR 37912. [Nick Burch <nick burch alfresco com>]
-
-  *) configure: Support reallyall option also for --enable-mods-static.
-     [Rainer Jung]
-
-  *) mod_socache_dc: add --with-distcache to configure for choosing
-     the distcache installation directory. [Rainer Jung]
-
-  *) mod_socache_dc: use correct build variable MOD_SOCACHE_DC_LDADD
-     instead of MOD_SOCACHE_LDADD in build macro. [Rainer Jung]
-
-  *) mod_lua, mod_deflate: respect platform specific runpath linker
-     flag. [Rainer Jung]
-
-  *) configure: Only link the httpd binary against PCRE. No other support
-     binary needs PCRE. [Rainer Jung]
-
-  *) configure: tolerate dependency checking failures for modules if
-     they have been enabled implicitely. [Rainer Jung]
-
-  *) configure: Allow to specify module specific custom linker flags via
-     the MOD_XXX_LDADD variables. [Rainer Jung]
-
-Changes with Apache 2.3.13
-
-  *) ab: Support specifying the local address to use. PR 48930.
-     [Peter Schuller <scode spotify com>]
-
-  *) core: Add support to ErrorLogFormat for logging the system unique
-     thread id under Linux. [Stefan Fritsch]
-
-  *) event: New AsyncRequestWorkerFactor directive to influence how many
-     connections will be accepted per process. [Stefan Fritsch]
-
-  *) prefork, worker, event: Rename MaxClients to MaxRequestWorkers which
-     describes more accurately what it does. [Stefan Fritsch]
-
-  *) rotatelogs: Add -p argument to specify custom program to invoke
-     after a log rotation.  PR 51285. [Sven Ulland <sveniu ifi.uio.no>,
-     Joe Orton]
-
-  *) mod_ssl: Don't do OCSP checks for valid self-issued certs. [Kaspar Brand]
-
-  *) mod_ssl: Avoid unnecessary renegotiations with SSLVerifyDepth 0.
-     PR 48215. [Kaspar Brand]
-
-  *) mod_status: Display information about asynchronous connections in the
-     server-status. PR 44377. [Stefan Fritsch]
-
-  *) mpm_event: If the number of connections of a process is very high, or if
-     all workers are busy, don't accept new connections in that process.
-     [Stefan Fritsch]
-
-  *) mpm_event: Process lingering close asynchronously instead of tying up
-     worker threads. [Jeff Trawick, Stefan Fritsch]
-
-  *) mpm_event: If MaxMemFree is set, limit the number of pools that is kept
-     around. [Stefan Fritsch]
-
-  *) mpm_event: Fix graceful restart aborting connections. PR 43359.
-     [Takashi Sato <takashi lans-tv com>]
-
-  *) mod_ssl: Disable AECDH ciphers in example config. PR 51363.
-     [Rob Stradling <rob comodo com>]
-
-  *) core: Introduce new function ap_get_conn_socket() to access the socket of
-     a connection. [Stefan Fritsch]
-
-  *) mod_data: Introduce a filter to support RFC2397 data URLs. [Graham
-     Leggett]
-
-  *) mod_userdir/mod_alias/mod_vhost_alias: Correctly set DOCUMENT_ROOT,
-     CONTEXT_DOCUMENT_ROOT, CONTEXT_PREFIX. PR 26052. PR 46198.
-     [Stefan Fritsch]
-
-  *) core: Allow to override document_root on a per-request basis. Introduce
-     new context_document_root and context_prefix which provide information
-     about non-global URI-to-directory mappings (from e.g. mod_userdir or
-     mod_alias) to scripts. PR 49705. [Stefan Fritsch]
-
-  *) core: Add <ElseIf> and <Else> to complement <If> sections.
-     [Stefan Fritsch]
-
-  *) mod_ext_filter: Remove DebugLevel option in favor of per-module loglevel.
-     [Stefan Fritsch]
-
-  *) mod_include: Make the "#if expr" element use the new "ap_expr" expression
-     parser. The old parser can still be used by setting the new directive
-     SSILegacyExprParser. [Stefan Fritsch]
-
-  *) core: Add some features to ap_expr for use by mod_include: a restricted
-     mode that does not allow to bypass request access restrictions; new
-     variables DOCUMENT_URI (alias for REQUEST_URI), LAST_MODIFIED; -A as an
-     alias for -U; an additional data entry in ap_expr_eval_ctx_t for use by
-     the consumer; an extensible ap_expr_exec_ctx() API that allows to use that
-     data entry. [Stefan Fritsch]
-
-  *) mod_include: Merge directory configs instead of one SSI* config directive
-     causing all other per-directory SSI* config directives to be reset.
-     [Stefan Fritsch]
-
-  *) mod_charset_lite: Remove DebugLevel option in favour of per-module
-     loglevel. [Stefan Fritsch]
-
-  *) core: Add ap_regexec_len() function that works with non-null-terminated
-     strings. PR 51231. [Yehezkel Horowitz <horowity checkpoint com>]
-
-  *) mod_authnz_ldap: If the LDAP server returns constraint violation,
-     don't treat this as an error but as "auth denied". [Stefan Fritsch]
-
-  *) mod_proxy_fcgi|scgi: Add support for "best guess" of PATH_INFO
-     for SCGI/FCGI. PR 50880, 50851. [Mark Montague <mark catseye.org>,
-     Jim Jagielski]
-
-  *) mod_cache: When content is served stale, and there is no means to
-     revalidate the content using ETag or Last-Modified, and we have
-     mandated no stale-on-error behaviour, stand down and don't cache.
-     Saves a cache write that will never be read.
-     [Graham Leggett]
-
-  *) mod_reqtimeout: Fix a timed out connection going into the keep-alive
-     state after a timeout when discarding a request body. PR 51103.
-     [Stefan Fritsch]
-
-  *) core: Add various file existance test operators to ap_expr.
-     [Stefan Fritsch]
-
-  *) mod_proxy_express: New mass reverse-proxy switch extension for
-     mod_proxy. [Jim Jagielski]
-
-  *) configure: Fix script error when configuring module set "reallyall".
-     [Rainer Jung]
-
-Changes with Apache 2.3.12
-
-  *) configure, core: Provide easier support for APR's hook probe
-     capability. [Jim Jagielski, Jeff Trawick]
-
-  *) Silence autoconf 2.68 warnings.  [Rainer Jung]
-
-  *) mod_authnz_ldap: Resolve crash when LDAP is used for authorization only
-     [Scott Hill <shill genscape.com>]
-
-  *) support: Make sure check_forensic works with mod_unique_id loaded
-     [Joe Schaefer]
-
-  *) Add child_status hook for tracking creation/termination of MPM child
-     processes.  Add end_generation hook for notification when the last
-     MPM child of a generation exits. [Jeff Trawick]
-
-  *) mod_ldap: Make LDAPSharedCacheSize 0 create a non-shared-memory cache per
-     process as opposed to disabling caching completely. This allows to use
-     the non-shared-memory cache as a workaround for the shared memory cache
-     not being available during graceful restarts. PR 48958. [Stefan Fritsch]
-
-  *) Add new ap_reserve_module_slots/ap_reserve_module_slots_directive API,
-     necessary if a module (like mod_perl) registers additional modules late
-     in the startup phase. [Stefan Fritsch]
-
-  *) core: Prevent segfault if DYNAMIC_MODULE_LIMIT is reached. PR 51072.
-     [Torsten Förtsch <torsten foertsch gmx net>]
-
-  *) WinNT MPM: Improve robustness under heavy load.  [Jeff Trawick]
-
-  *) MinGW build improvements.  PR 49535.  [John Vandenberg
-     <jayvdb gmail.com>, Jeff Trawick]
-
-  *) core: Support module names with colons in loglevel configuration.
-     [Torsten Förtsch <torsten foertsch gmx net>]
-
-  *) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
-     [Stefan Fritsch]
-
-  *) core: Abort if the MPM is changed across restart.  [Jeff Trawick]
-
-  *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
-     [Peter Pramberger <peter pramberger.at>, Jim Jagielski]
-
-  *) mod_proxy_fcgi: Add support for 'ProxyErrorOverride on'. PR 50913.
-     [Mark Montague <mark catseye.org>, Jim Jagielski]
-
-  *) core: Change the APIs of ap_cfg_getline() and ap_cfg_getc() to return an
-     error code. Abort with a nice error message if a config line is too long.
-     Partial fix for PR 50824. [Stefan Fritsch]
-
-  *) mod_info: Dump config to stdout during startup if -DDUMP_CONFIG is
-     specified. PR 31956. [Stefan Fritsch]
-
-  *) Restore visibility of DEFAULT_PIDLOG to core and modules.  MPM
-     helper function ap_remove_pid() added.  [Jeff Trawick]
-
-  *) Enable DEFAULT_REL_RUNTIMEDIR on Windows and NetWare.  [various]
-
-  *) Correct C++ incompatibility with http_log.h.  [Stefan Fritsch, Jeff
-     Trawick]
-
-  *) mod_log_config: Prevent segfault. PR 50861. [Torsten Förtsch
-     <torsten.foertsch gmx.net>]
-
-  *) core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
-     in request URL path info but not decode them. Change behavior of option
-     "On" to decode the encoded slashes as 2.0 and 2.2 do.  PR 35256,
-     PR 46830.  [Dan Poirier]
-
-  *) mod_ssl: Check SNI hostname against Host header case-insensitively.
-     PR 49491.  [Mayank Agrawal <magrawal.08 gmail.com>]
-
-  *) mod_ldap: Add LDAPConnectionPoolTTL to give control over lifetime
-     of bound backend LDAP connections.  PR47634 [Eric Covener]
-
-  *) mod_cache: Make CacheEnable and CacheDisable configurable per
-     directory in addition to per server, making them work from within
-     a LocationMatch. [Graham Leggett]
-
-  *) worker, event, prefork: Correct several issues when built as
-     DSOs; most notably, the scoreboard was reinitialized during graceful
-     restart, such that processes of the previous generation were not
-     observable.  [Jeff Trawick]
-
-Changes with Apache 2.3.11
-
-  *) mod_win32: Added shebang check for '! so that .vbs scripts work as CGI.
-     Win32's cscript interpreter can only use a single quote as comment char.
-     [Guenter Knauf]
-
-  *) mod_proxy: balancer-manager now uses POST instead of GET.
-     [Jim Jagielski]
-
-  *) core: new util function: ap_parse_form_data(). Previously,
-     this capability was tucked away in mod_request. [Jim Jagielski]
-
-  *) core: new hook: ap_run_pre_read_request. [Jim Jagielski]
-
-  *) mod_cache: When a request other than GET or HEAD arrives, we must
-     invalidate existing cache entities as per RFC2616 13.10. PR 15868.
-     [Graham Leggett]
-
-  *) modules: Fix many modules that were not correctly initializing if they
-     were not active during server startup but got enabled later during a
-     graceful restart. [Stefan Fritsch]
-
-  *) core: Create new ap_state_query function that allows modules to determine
-     if the current configuration run is the initial one at server startup,
-     and if the server is started for testing/config dumping only.
-     [Stefan Fritsch]
-
-  *) mod_proxy: Runtime configuration of many parameters for existing
-     balancers via the balancer-manager. [Jim Jagielski]
-
-  *) mod_proxy: Runtime addition of new workers (BalancerMember) for existing
-     balancers via the balancer-manager. [Jim Jagielski]
-
-  *) mod_cache: When a bad Expires date is present, we need to behave as if
-     the Expires is in the past, not as if the Expires is missing. PR 16521.
-     [Co-Advisor <coad@measurement-factory.com>]
-
-  *) mod_cache: We must ignore quoted-string values that appear in a
-     Cache-Control header. PR 50199. [Graham Leggett]
-
-  *) mod_dav: Revert change to send 501 error if unknown Content-* header is
-    received for a PUT request. PR 42978. [Stefan Fritsch]
-
-  *) mod_cache: Respect s-maxage as described by RFC2616 14.9.3, which must
-     take precedence if present. PR 35247. [Graham Leggett]
-
-  *) mod_ssl: Fix a possible startup failure if multiple SSL vhosts
-     are configured with the same ServerName and private key file.
-     [Masahiro Matsuya <mmatsuya redhat.com>, Joe Orton]
-
-  *) mod_socache_dc: Make module compile by fixing some typos.
-     PR 50735 [Mark Montague <mark catseye.org>]
-
-  *) prefork: Update MPM state in children during a graceful stop or
-     restart.  PR 41743.  [Andrew Punch <andrew.punch 247realmedia.com>]
-
-  *) mod_mime: Ignore leading dots when looking for mime extensions.
-     PR 50434 [Stefan Fritsch]
-
-  *) core: Add support to set variables with the 'Define' directive. The
-     variables that can then be used in the config using the ${VAR} syntax
-     known from envvar interpolation. [Stefan Fritsch]
-
-  *) mod_proxy_http: make adding of X-Forwarded-* headers configurable.
-     ProxyAddHeaders defaults to On. [Vincent Deffontaines]
-
-  *) mod_slotmem_shm: Increase memory alignment for slotmem data.
-     [Rainer Jung]
-
-  *) mod_ssl: Add config options for OCSP: SSLOCSPResponderTimeout,
-     SSLOCSPResponseMaxAge, SSLOCSPResponseTimeSkew.
-     [Kaspar Brand <httpd-dev.2011 velox.ch>]
-
-  *) mod_ssl: Revamp output buffering to reduce network overhead for
-     output fragmented into many buckets, such as chunked HTTP responses.
-     [Joe Orton]
-
-  *) core: Apply <If> sections to all requests, not only to file base requests.
-     Allow to use <If> inside <Directory>, <Location>, and <Files> sections.
-     The merging of <If> sections now happens after the merging of <Location>
-     sections, even if an <If> section is embedded inside a <Directory> or
-     <Files> section.  [Stefan Fritsch]
-
-  *) mod_proxy: Refactor usage of shared data by dropping the scoreboard
-     and using slotmem. Create foundation for dynamic growth/changes of
-     members within a balancer. Remove BalancerNonce in favor of a
-     per-balancer 'nonce' parameter. [Jim Jagielski]
-
-  *) mod_status: Don't show slots which are disabled by MaxClients as open.
-     PR: 47022 [Jordi Prats <jordi prats gmail com>, Stefan Fritsch]
-
-  *) mpm_prefork: Fix ap_mpm_query results for AP_MPMQ_MAX_DAEMONS and
-     AP_MPMQ_MAX_THREADS.
-
-  *) mod_authz_core: Fix bug in merging logic if user-based and non-user-based
-     authorization directives were mixed. [Stefan Fritsch]
-
-  *) mod_authn_socache: change directive name from AuthnCacheProvider
-     to AuthnCacheProvideFor.  The term "provider" is overloaded in
-     this module, and we should avoid confusion between the provider
-     of a backend (AuthnCacheSOCache) and the authn provider(s) for
-     which this module provides cacheing (AuthnCacheProvideFor).
-     [Nick Kew]
-
-  *) mod_proxy_http: Allocate the fake backend request from a child pool
-     of the backend connection, instead of misusing the pool of the frontend
-     request. Fixes a thread safety issue where buckets set aside in the
-     backend connection leak into other threads, and then disappear when
-     the frontend request is cleaned up, in turn causing corrupted buckets
-     to make other threads spin. [Graham Leggett]
-
-  *) mod_ssl: Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables
-     to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
-     escape other special characters with backslashes. The old format can
-     still be used with the LegacyDNStringFormat argument to SSLOptions.
-
-  *) core, mod_rewrite: Make the REQUEST_SCHEME variable available to
-     scripts and mod_rewrite. [Stefan Fritsch]
-
-  *) mod_rewrite: Allow to use arbitrary boolean expressions (ap_expr) in
-     RewriteCond. [Stefan Fritsch]
-
-  *) mod_rewrite: Allow to unset environment variables using E=!VAR.
-     PR 49512. [Mark Drayton <mark markdrayton info>, Stefan Fritsch]
-
-  *) mod_headers: Restore the 2.3.8 and earlier default for the first
-     argument of the Header directive ("onsuccess").  [Eric Covener]
-
-  *) core: Disallow the mixing of relative and absolute Options PR 33708.
-     [Sönke Tesch <st kino-fahrplan.de>]
-
-  *) core: When exporting request headers to HTTP_* environment variables,
-     drop variables whose names contain invalid characters. Describe in the
-     docs how to restore the old behaviour. [Malte S. Stretz <mss apache org>]
-
-  *) core: When selecting an IP-based virtual host, favor an exact match for
-     the port over a wildcard (or omitted) port instead of favoring the one
-     that came first in the configuration file. [Eric Covener]
-
-  *) core: Overlapping virtual host address/port combinations  now implicitly
-     enable name-based virtual hosting for that address.  The NameVirtualHost
-     directive has no effect, and _default_ is interpreted the same as "*".
-     [Eric Covener]
-
-  *) core: In the absence of any Options directives, the default is now
-     "FollowSymlinks" instead of "All".  [Igor Galić]
-
-  *) rotatelogs: Add -e option to write logs through to stdout for optional
-     further processing. [Graham Leggett]
-
-  *) mod_ssl: Correctly read full lines in input filter when the line is
-     incomplete during first read. PR 50481. [Ruediger Pluem]
-
-  *) mod_authz_core: Add AuthzSendForbiddenOnFailure directive to allow
-     sending '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authorization
-     fails for an authenticated user. PR 40721. [Stefan Fritsch]
-
-Changes with Apache 2.3.10
-
-  *) mod_rewrite: Don't implicitly URL-escape the original query string
-     when no substitution has changed it. PR 50447. [Eric Covener]
-
-  *) core: Honor 'AcceptPathInfo OFF' during internal redirects,
-     such as per-directory mod_rewrite substitutions.  PR 50349.
-     [Eric Covener]
-
-  *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base
-     rules/conditions before the overridden rules/conditions.  PR 39313.
-     [Jérôme Grandjanny <jerome.grandjanny cea.fr>]
-
-  *) mod_autoindex: add IndexIgnoreReset to reset the list of IndexIgnored
-     filenames in higher precedence configuration sections.  PR 24243.
-     [Eric Covener]
-
-  *) mod_cgid: RLimit* directive support for mod_cgid.  PR 42135
-     [Eric Covener]
-
-  *) core: Fail startup when the argument to ServerName looks like a glob
-     or a regular expression instead of a hostname (*?[]).  PR 39863
-     [Rahul Nair <rahul.g.nair gmail.com>]
-
-  *) mod_userdir: Add merging of enable, disable, and filename arguments
-     to UserDir directive, leaving enable/disable of userlists unmerged.
-     PR 44076 [Eric Covener]
-
-  *) httpd: When no -k option is provided on the httpd command line, the server
-     was starting without checking for an existing pidfile.  PR 50350
-     [Eric Covener]
-
-  *) mod_proxy: Put the worker in error state if the SSL handshake with the
-     backend fails. PR 50332.
-     [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
-
-  *) mod_cache_disk: Fix Windows build which was broken after renaming
-     the module. [Gregg L. Smith]
-
-Changes with Apache 2.3.9
-
-  *) SECURITY: CVE-2010-1623 (cve.mitre.org)
-     Fix a denial of service attack against mod_reqtimeout.
-     [Stefan Fritsch]
-
-  *) mod_headers: Change default first argument of Header directive
-     from "onsuccess" to "always". [Eric Covener]
-
-  *) mod_include: Add the onerror attribute to the include element,
-     allowing an URL to be specified to include on error. [Graham
-     Leggett]
-
-  *) mod_cache_disk: mod_disk_cache renamed to mod_cache_disk, to be
-     consistent with the naming of other modules. [Graham Leggett]
-
-  *) mod_setenvif: Add SetEnvIfExpr directive to set env var depending on
-     expression. [Stefan Fritsch]
-
-  *) mod_proxy: Fix ProxyPassInterpolateEnv directive. PR 50292.
-     [Stefan Fritsch]
-
-  *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
-     binary (Suexec Off), or force startup failure if suEXEC is required
-     but not supported (Suexec On).  Change SuexecUserGroup to fail
-     startup instead of just printing a warning if suEXEC is disabled.
-     [Jeff Trawick]
-
-  *) core: Add Error directive for aborting startup or htaccess processing
-     with a specified error message.  [Jeff Trawick]
-
-  *) mod_rewrite: Fix the RewriteEngine directive to work within a
-     location. Previously, once RewriteEngine was switched on globally,
-     it was impossible to switch off. [Graham Leggett]
-
-  *) core, mod_include, mod_ssl: Move the expression parser derived from
-     mod_include back into mod_include. Replace ap_expr with a parser
-     derived from mod_ssl's parser. Make mod_ssl use the new parser. Rework
-     ap_expr's public interface and provide hooks for modules to add variables
-     and functions. [Stefan Fritsch]
-
-  *) core: Do the hook sorting earlier so that the hooks are properly sorted
-     for the pre_config hook and during parsing the config. [Stefan Fritsch]
-
-  *) core: In the absence of any AllowOverride directives, the default is now
-     "None" instead of "All".  PR49823 [Eric Covener]
-
-  *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in
-     <Directory> or <Files>. PR47765 [Eric Covener]
-
-  *) prefork/worker/event MPMS: default value (when no directive is present)
-     of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000
-     to match default configuration and manual. PR47782 [Eric Covener]
-
-  *) proxy_connect: Don't give up in the middle of a CONNECT tunnel
-     when the child process is starting to exit.  PR50220. [Eric Covener]
-
-  *) mod_autoindex: Fix inheritance of mod_autoindex directives into
-     contexts that don't have any mod_autoindex directives. PR47766.
-     [Eric Covener]
-
-  *) mod_rewrite: Add END flag for RewriteRule to prevent further rounds
-     of rewrite processing when a per-directory substitution occurs.
-     [Eric Covener]
-
-  *) mod_ssl: Make sure to always log an error if loading of CA certificates
-     fails. PR 40312. [Paul Tiemann <issues apache org ourdetour com>]
-
-  *) mod_dav: Send 501 error if unknown Content-* header is received for a PUT
-     request (RFC 2616 9.6). PR 42978. [Stefan Fritsch]
-
-  *) mod_dav: Send 400 error if malformed Content-Range header is received for
-     a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
-
-  *) mod_proxy: Release the backend connection as soon as EOS is detected,
-     so the backend isn't forced to wait for the client to eventually
-     acknowledge the data. [Graham Leggett]
-
-  *) mod_proxy: Optimise ProxyPass within a Location so that it is stored
-     per-directory, and chosen during the location walk. Make ProxyPass
-     work correctly from within a LocationMatch. [Graham Leggett]
-
-  *) core: Fix segfault if per-module LogLevel is on virtual host
-     scope. PR 50117. [Stefan Fritsch]
-
-  *) mod_proxy: Move the ProxyErrorOverride directive to have per
-     directory scope. [Graham Leggett]
-
-  *) mod_allowmethods: New module to deny certain HTTP methods without
-     interfering with authentication/authorization. [Paul Querna,
-     Igor Galić, Stefan Fritsch]
-
-  *) mod_ssl: Log certificate information and improve error message if client
-     cert verification fails. PR 50093, PR 50094. [Lassi Tuura <lat cern ch>,
-     Stefan Fritsch]
-
-  *) htcacheclean: Teach htcacheclean to limit cache size by number of
-     inodes in addition to size of files. Prevents a cache disk from
-     running out of space when many small files are cached.
-     [Graham Leggett]
-
-  *) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
-     describes more accurately what the directive does. The old name
-     still works but logs a warning. [Stefan Fritsch]
-
-  *) mod_cache: Optionally serve stale data when a revalidation returns a
-     5xx response, controlled by the CacheStaleOnError directive.
-     [Graham Leggett]
-
-  *) htcacheclean: Allow the listing of valid URLs within the cache, with
-     the option to list entry metadata such as sizes and times. [Graham
-     Leggett]
-
-  *) mod_cache: correctly parse quoted strings in cache headers.
-     PR 50199 [Nick Kew]
-
-  *) mod_cache: Allow control over the base URL of reverse proxied requests
-     using the CacheKeyBaseURL directive, so that the cache key can be
-     calculated from the endpoint URL instead of the server URL. [Graham
-     Leggett]
-
-  *) mod_cache: CacheLastModifiedFactor, CacheStoreNoStore, CacheStorePrivate,
-     CacheStoreExpired, CacheIgnoreNoLastMod, CacheDefaultExpire,
-     CacheMinExpire and CacheMaxExpire can be set per directory/location.
-     [Graham Leggett]
-
-  *) mod_disk_cache: CacheMaxFileSize, CacheMinFileSize, CacheReadSize and
-     CacheReadTime can be set per directory/location. [Graham Leggett]
-
-  *) core: Speed up config parsing if using a very large number of config
-     files. PR 50002 [andrew cloudaccess net]
-
-  *) mod_cache: Support the caching of HEAD requests. [Graham Leggett]
-
-  *) htcacheclean: Allow the option to round up file sizes to a given
-     block size, improving the accuracy of disk usage. [Graham Leggett]
-
-  *) mod_ssl: Add authz providers for use with mod_authz_core and its
-     RequireAny/RequireAll containers: 'ssl' (equivalent to SSLRequireSSL),
-     'ssl-verify-client' (for use with 'SSLVerifyClient optional'), and
-     'ssl-require' (expressions with same syntax as SSLRequire).
-     [Stefan Fritsch]
-
-  *) mod_ssl: Make the ssl expression parser thread-safe. It now requires
-     bison instead of yacc. [Stefan Fritsch]
-
-  *) mod_disk_cache: Change on-disk header file format to support the
-     link of the device/inode of the data file to the matching header
-     file, and to support the option of not writing a data file when
-     the data file is empty. [Graham Leggett]
-
-  *) core/mod_unique_id: Add generate_log_id hook to allow to use
-     the ID generated by mod_unique_id as error log ID for requests.
-     [Stefan Fritsch]
-
-  *) mod_cache: Make sure that we never allow a 304 Not Modified response
-     that we asked for to leak to the client should the 304 response be
-     uncacheable. PR45341 [Graham Leggett]
-
-  *) mod_cache: Add the cache_status hook to register the final cache
-     decision hit/miss/revalidate. Add optional support for an X-Cache
-     and/or an X-Cache-Detail header to add the cache status to the
-     response. PR48241 [Graham Leggett]
-
-  *) mod_authz_host: Add 'local' provider that matches connections originating
-     on the local host. PR 19938. [Stefan Fritsch]
-
-  *) Event MPM: Fix crash accessing pollset on worker thread when child
-     process is exiting.  [Jeff Trawick]
-
-  *) core: For process invocation (cgi, fcgid, piped loggers and so forth)
-     pass the system library path (LD_LIBRARY_PATH or platform-specific
-     variables) along with the system PATH, by default.  Both should be
-     overridden together as desired using PassEnv etc; see mod_env.
-     [William Rowe]
-
-  *) mod_cache: Introduce CacheStoreExpired, to allow administrators to
-     capture a stale backend response, perform If-Modified-Since requests
-     against the backend, and serving from the cache all 304 responses.
-     This restores pre-2.2.4 cache behavior.  [William Rowe]
-
-  *) mod_rewrite: Introduce <=, >= string comparison operators, and integer
-     comparators -lt, -le, -eq, -ge, and -gt.  To help bash users and drop
-     the ambiguity of the symlink test "-ltest", introduce -h or -L as
-     symlink test operators.  [William Rowe]
-
-  *) mod_cache: Give the cache provider the opportunity to choose to cache
-     or not cache based on the buckets present in the brigade, such as the
-     presence of a FILE bucket.
-     [Graham Leggett]
-
-  *) mod_authz_core: Allow authz providers to check args while reading the
-     config and allow to cache parsed args. Move 'all' and 'env' authz
-     providers from mod_authz_host to mod_authz_core. Add 'method' authz
-     provider depending on the HTTP method.  [Stefan Fritsch]
-
-  *) mod_include: Move the request_rec within mod_include to be
-     exposed within include_ctx_t. [Graham Leggett]
-
-  *) mod_include: Reinstate support for UTF-8 character sets by allowing a
-     variable being echoed or set to be decoded and then encoded as separate
-     steps. PR47686 [Graham Leggett]
-
-  *) mod_cache: Add a discrete commit_entity() provider function within the
-     mod_cache provider interface which is called to indicate to the
-     provider that caching is complete, giving the provider the opportunity
-     to commit temporary files permanently to the cache in an atomic
-     fashion. Replace the inconsistent use of error cleanups with a formal
-     set of pool cleanups attached to a subpool, which is destroyed on error.
-     [Graham Leggett]
-
-  *) mod_cache: Change the signature of the store_body() provider function
-     within the mod_cache provider interface to support an "in" brigade
-     and an "out" brigade instead of just a single input brigade. This
-     gives a cache provider the option to consume only part of the brigade
-     passed to it, rather than the whole brigade as was required before.
-     This fixes an out of memory and a request timeout condition that would
-     occur when the original document was a large file. Introduce
-     CacheReadSize and CacheReadTime directives to mod_disk_cache to control
-     the amount of data to attempt to cache at a time. [Graham Leggett]
-
-  *) core: Add ErrorLogFormat to allow configuring error log format, including
-     additional information that is logged once per connection or request. Add
-     error log IDs for connections and request to allow correlating error log
-     lines and the corresponding access log entry. [Stefan Fritsch]
-
-  *) core: Disable sendfile by default. [Stefan Fritsch]
-
-  *) mod_cache: Check the request to determine whether we are allowed
-     to return cached content at all, and respect a "Cache-Control:
-     no-cache" header from a client. Previously, "no-cache" would
-     behave like "max-age=0". [Graham Leggett]
-
-  *) mod_cache: Use a proper filter context to hold filter data instead
-     of misusing the per-request configuration. Fixes a segfault on trunk
-     when the normal handler is used. [Graham Leggett]
-
-  *) mod_cgid: Log a warning if the ScriptSock path is truncated because
-     it is too long. PR 49388.  [Stefan Fritsch]
-
-  *) vhosts: Do not allow _default_ in NameVirtualHost, or mixing *
-     and non-* ports on NameVirtualHost, or multiple NameVirtualHost
-     directives for the same address:port, or NameVirtualHost
-     directives with no matching VirtualHosts, or multiple ip-based
-     VirtualHost sections for the same address:port.  These were
-     previously accepted with a warning, but the behavior was
-     undefined.  [Dan Poirier]
-
-  *) mod_remoteip: Fix a segfault when using mod_remoteip in conjunction with
-     Allow/Deny. PR 49838.  [Andrew Skalski <voltara gmail.com>]
-
-  *) core: DirectoryMatch can now match on the end of line character ($),
-     and sub-directories of matched directories are no longer implicitly
-     matched.  PR49809 [Eric Covener]
-
-  *) Regexps: introduce new higher-level regexp utility including parsing
-     and executing perl-style regexp ops (e.g s/foo/bar/i) and regexp memory
-     [Nick Kew]
-
-  *) Proxy: support setting source address.  PR 29404
-     [Multiple contributors iterating through bugzilla,
-      Aron Ujvari <xanco nikhok.hu>, Aleksey Midenkov <asm uezku.kemsu.ru>,
-      <dan listening-station.net; trunk version Nick Kew]
-
-  *) HTTP protocol: return 400 not 503 if we have to abort due to malformed
-     chunked encoding. [Nick Kew]
-
-Changes with Apache 2.3.8
-
-  *) suexec: Support large log files. PR 45856. [Stefan Fritsch]
-
-  *) core: Abort with sensible error message if no or more than one MPM is
-     loaded. [Stefan Fritsch]
-
-  *) mod_proxy: Rename erroronstatus to failonstatus.
-     [Daniel Ruggeri <DRuggeri primary.net>]
-
-  *) mod_dav_fs: Fix broken "creationdate" property.
-     Regression in version 2.3.7. [Rainer Jung]
-
-Changes with Apache 2.3.7
-
-  *) SECURITY: CVE-2010-1452 (cve.mitre.org)
-     mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
-     segment. PR: 49246 [Mark Drayton, Jeff Trawick]
-
-  *) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076.
-     [Stefan Fritsch]
-
-  *) mod_rewrite: Log errors if rewrite map files cannot be opened. PR 49639.
-     [Stefan Fritsch]
-
-  *) mod_proxy_http: Support the 'ping' property for backend HTTP/1.1 servers
-     via leveraging 100-Continue as the initial "request".
-     [Jim Jagielski]
-
-  *) core/mod_authz_core: Introduce new access_checker_ex hook that enables
-     mod_authz_core to bypass authentication if access should be allowed by
-     IP address/env var/... [Stefan Fritsch]
-
-  *) core: Introduce note_auth_failure hook to allow modules to add support
-     for additional auth types. This makes ap_note_auth_failure() work with
-     mod_auth_digest again. PR 48807. [Stefan Fritsch]
-
-  *) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
-
-  *) mod_authn_socache: new module [Nick Kew]
-
-  *) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
-
-  *) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]
-
-  *) mod_rewrite: Allow to set environment variables without explicitly
-     giving a value. [Rainer Jung]
-
-  *) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]
-
-  *) mod_include: recognise "text/html; parameters" as text/html
-     PR 49616 [Andrey Chernov <ache nagual.pp.ru>]
-
-  *) CGI vars: allow PATH to be set by SetEnv, consistent with LD_LIBRARY_PATH
-     PR 43906 [Nick Kew]
-
-  *) Core: Extra robustness: don't try authz and segfault if authn
-     fails to set r->user.  Log bug and return 500 instead.
-     PR 42995 [Nick Kew]
-
-  *) HTTP protocol filter: fix handling of longer chunk extensions
-     PR 49474 [<tee.bee gmx.de>]
-
-  *) Update SSL cipher suite and add example for SSLHonorCipherOrder.
-     [Lars Eilebrecht, Rainer Jung]
-
-  *) move AddOutputFilterByType from core to mod_filter.  This should
-     fix nasty side-effects that happen when content_type is set
-     more than once in processing a request, and make it fully
-     compatible with dynamic and proxied contents. [Nick Kew]
-
-  *) mod_log_config: Implement logging for sub second timestamps and
-     request end time.  [Rainer Jung]
-
-Changes with Apache 2.3.6
-
-  *) SECURITY: CVE-2009-3555 (cve.mitre.org)
-     mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
-     attack when compiled against OpenSSL version 0.9.8m or later. Introduces
-     the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
-     and offer unsafe legacy renegotiation with clients which do not yet
-     support the new secure renegotiation protocol, RFC 5746.
-     [Joe Orton, and with thanks to the OpenSSL Team]
-
-  *) SECURITY: CVE-2009-3555 (cve.mitre.org)
-     mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
-     by rejecting any client-initiated renegotiations. Forcibly disable
-     keepalive for the connection if there is any buffered data readable. Any
-     configuration which requires renegotiation for per-directory/location
-     access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
-     [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
-
-  *) SECURITY: CVE-2010-0408 (cve.mitre.org)
-     mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
-     when request headers indicate a request body is incoming; not a case of
-     HTTP_INTERNAL_SERVER_ERROR.  [Niku Toivola <niku.toivola sulake.com>]
-
-  *) SECURITY: CVE-2010-0425 (cve.mitre.org)
-     mod_isapi: Do not unload an isapi .dll module until the request
-     processing is completed, avoiding orphaned callback pointers.
-     [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
-
-  *) core: Filter init functions are now run strictly once per request
-     before handler invocation.  The init functions are no longer run
-     for connection filters.  PR 49328.  [Joe Orton]
-
-  *) core: Adjust the output filter chain correctly in an internal
-     redirect from a subrequest, preserving filters from the main
-     request as necessary.  PR 17629.  [Joe Orton]
-
-  *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
-     Response if they so choose to do so. Previously an attempt to cache a 206
-     was arbitrarily allowed if the response contained an Expires or
-     Cache-Control header, and arbitrarily denied if both headers were missing.
-     [Graham Leggett]
-
-  *) core: Add microsecond timestamp fractions, process id and thread id
-     to the error log. [Rainer Jung]
-
-  *) configure: The "most" module set gets build by default.  [Rainer Jung]
-
-  *) configure: Building dynamic modules (DSO) by default.  [Rainer Jung]
-
-  *) configure: Fix broken VPATH build when using included APR.
-     [Rainer Jung]
-
-  *) mod_session_crypto: Fix configure problem when building
-     with APR 2 and for VPATH builds with included APR.
-     [Rainer Jung]
-
-  *) mod_session_crypto: API compatibility with APR 2 crypto and
-     APR Util 1.x crypto. [Rainer Jung]
-
-  *) ab: Fix memory leak with -v2 and SSL. PR 49383.
-     [Pavel Kankovsky <peak argo troja mff cuni cz>]
-
-  *) core: Add per-module and per-directory loglevel configuration.
-           Add some more trace logging.
-     mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
-     mod_ssl: Replace LogLevelDebugDump with trace log levels.
-     mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
-           and debug.
-     mod_dumpio:  Replace DumpIOLogLevel with trace log levels.
-     [Stefan Fritsch]
-
-  *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
-     title page only) when any mod_ldap directives were used in VirtualHost
-     context.  [Eric Covener]
-
-  *) mod_disk_cache: Decline the opportunity to cache if the response is
-     a 206 Partial Content. This stops a reverse proxied partial response
-     from becoming cached, and then being served in subsequent responses.
-     [Graham Leggett]
-
-  *) mod_deflate: avoid the risk of forwarding data before headers are set.
-     PR 49369 [Matthew Steele <mdsteele google.com>]
-
-  *) mod_authnz_ldap: Ensure nested groups are checked when the
-     top-level group doesn't have any direct non-group members
-     of attributes in AuthLDAPGroupAttribute. [Eric Covener]
-
-  *) mod_authnz_ldap: Search or Comparison during authorization phase
-     can use the credentials from the authentication phase
-     (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
-     PR 48340 [Domenico Rotiroti, Eric Covener]
-
-  *) mod_authnz_ldap: Allow the initial DN search during authentication
-     to use the HTTP username/pass instead of an anonymous or hard-coded
-     LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
-     [Eric Covener]
-
-  *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
-     when this module is used for authorization. See AuthLDAPAuthorizePrefix.
-     PR 45584 [Eric Covener]
-
-  *) apxs -q: Stop filtering out ':' characters from the reported values.
-     PR 45343.  [Bill Cole]
-
-  *) prefork MPM: Work around possible crashes on child exit in APR reslist
-     cleanup code.  PR 43857.  [Tom Donovan]
-
-  *) ab: fix number of requests sent by ab when keepalive is enabled.  PR 48497.
-     [Bryn Dole <dole blekko.com>]
-
-  *) Log an error for failures to read a chunk-size, and return 408 instead of
-     413 when this is due to a read timeout.  This change also fixes some cases
-     of two error documents being sent in the response for the same scenario.
-     [Eric Covener] PR49167
-
-  *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
-     to control/set the nonce used in the balancer-manager application.
-     [Jim Jagielski]
-
-  *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
-     [Stefan Fritsch]
-
-  *) Proxy balancer: support setting error status according to HTTP response
-     code from a backend.  PR 48939.  [Daniel Ruggeri <DRuggeri primary.net>]
-
-  *) htcacheclean: Introduce the ability to clean specific URLs from the
-     cache, if provided as an optional parameter on the command line.
-     [Graham Leggett]
-
-  *) core: Introduce the IncludeStrict directive, which explicitly fails
-     server startup if no files or directories match a wildcard path.
-     [Graham Leggett]
-
-  *) htcacheclean: Report additional statistics about entries deleted.
-     PR 48944. [Mark Drayton mark markdrayton.info]
-
-  *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
-     builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
-     build of openssl is required for 'SSLFIPS on'.  PR 46270.
-     [Dr Stephen Henson <steve openssl.org>, William Rowe]
-
-  *) mod_proxy_http: Log the port of the remote server in various messages.
-     PR 48812. [Igor Galić <i galic brainsware org>]
-
-  *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
-     connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
-
-  *) mod_proxy_ajp: Really regard the operation a success, when the client
-     aborted the connection. In addition adjust the log message if the client
-     aborted the connection. [Ruediger Pluem]
-
-  *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
-     allows insecure renegotiation with clients which do not yet
-     support the secure renegotiation protocol.  [Joe Orton]
-
-  *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
-     is configured for client cert auth. PR 46952.  [Joe Orton]
-
-  *) core: Only log a 408 if it is no keepalive timeout. PR 39785
-     [Ruediger Pluem,  Mark Montague <markmont umich.edu>]
-
-  *) support/rotatelogs: Add -L option to create a link to the current
-     log file.  PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
-
-  *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
-     setting only, matching most of the documentation and examples.
-     PR 46541 [Paul Reder, Eric Covener]
-
-  *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
-     types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
-
-  *) mod_negotiation: Preserve query string over multiviews negotiation.
-     This buglet was fixed for type maps in 2.2.6, but the same issue
-     affected multiviews and was overlooked.
-     PR 33112 [Joergen Thomsen <apache jth.net>]
-
-  *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
-     when some are not password-protected. [Eric Covener]
-
-  *) Fix startup segfault when the Mutex directive is used but no loaded
-     modules use httpd mutexes.  PR 48787.  [Jeff Trawick]
-
-  *) Proxy: get the headers right in a HEAD request with
-     ProxyErrorOverride, by checking for an overridden error
-     before not after going into a catch-all code path.
-     PR 41646.  [Nick Kew, Stuart Children]
-
-  *) support/rotatelogs: Support the simplest log rotation case, log
-     truncation. Useful when the log is being processed in real time
-     using a command like tail. [Graham Leggett]
-
-  *) support/htcacheclean: Teach it how to write a pid file (modelled on
-     httpd's writing of a pid file) so that it becomes possible to run
-     more than one instance of htcacheclean on the same machine.
-     [Graham Leggett]
-
-  *) Log command line on startup, so there's a record of command line
-     arguments like -f.  PR 48752.  [Dan Poirier]
-
-  *) Introduce mod_reflector, a handler capable of reflecting POSTed
-     request bodies back within the response through the output filter
-     stack. Can be used to turn an output filter into a web service.
-     [Graham Leggett]
-
-  *) mod_proxy_http: Make sure that when an ErrorDocument is served
-     from a reverse proxied URL, that the subrequest respects the status
-     of the original request. This brings the behaviour of proxy_handler
-     in line with default_handler. PR 47106. [Graham Leggett]
-
-  *) Support wildcards in both the directory and file components of
-     the path specified by the Include directive. [Graham Leggett]
-
-  *) mod_proxy, mod_proxy_http: Support remote https proxies
-     by using HTTP CONNECT.  PR 19188.
-     [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
-
-  *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
-     [Philip M. Gollucci]
-
-  *) worker: Don't report server has reached MaxClients until it has.
-     Add message when server gets within MinSpareThreads of MaxClients.
-     PR 46996.  [Dan Poirier]
-
-  *) mod_session: Session expiry was being initialised, but not updated
-     on each session save, resulting in timed out sessions when there
-     should not have been. Fixed. [Graham Leggett]
-
-  *) mod_log_config: Add the R option to log the handler used within the
-     request. [Christian Folini <christian.folini netnea com>]
-
-  *) mod_include: Allow fine control over the removal of Last-Modified and
-     ETag headers within the INCLUDES filter, making it possible to cache
-     responses if desired. Fix the default value of the SSIAccessEnable
-     directive.  [Graham Leggett]
-
-  *) Add new UnDefine directive to undefine a variable. PR 35350.
-     [Stefan Fritsch]
-
-  *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
-     for regex backreferences as mod_rewrite and mod_include: Remove the use
-     of '&' as an alias for '$0' and allow to escape any character with a
-     backslash. PR 48351. [Stefan Fritsch]
-
-  *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
-     password to UTF-8. PR 45318.
-     [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
-
-  *) ab: Fix calculation of requests per second in HTML output. PR 48594.
-     [Stefan Fritsch]
-
-  *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
-     password now result in an informational level log entry instead of
-     warning level.  [Eric Covener]
-
-Changes with Apache 2.3.5
-
-  *) SECURITY: CVE-2010-0434 (cve.mitre.org)
-     Ensure each subrequest has a shallow copy of headers_in so that the
-     parent request headers are not corrupted.  Eliminates a problematic
-     optimization in the case of no request body.  PR 48359
-     [Jake Scott, William Rowe, Ruediger Pluem]
-
-  *) Turn static function get_server_name_for_url() into public
-     ap_get_server_name_for_url() and use it where appropriate. This
-     fixes mod_rewrite generating invalid URLs for redirects to IPv6
-     literal addresses. [Stefan Fritsch]
-
-  *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
-     for LDAP operations like bind and search. [Stefan Fritsch]
-
-  *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
-     mod_proxy_ftp. [Takashi Sato]
-
-  *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
-     mod_proxy_connect. [Takashi Sato]
-
-  *) mod_cache: Do an exact match of the keys defined by
-     CacheIgnoreURLSessionIdentifiers against the querystring instead of
-     a partial match.  PR 48401.
-     [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
-
-  *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
-
-  *) Core HTTP: disable keepalive when the Client has sent
-     Expect: 100-continue
-     but we respond directly with a non-100 response.
-     Keepalive here led to data from clients continuing being treated as
-     a new request.
-     PR 47087 [Nick Kew]
-
-  *) Core: reject NULLs in request line or request headers.
-     PR 43039 [Nick Kew]
-
-  *) Core: (re)-introduce -T commandline option to suppress documentroot
-     check at startup.
-     PR 41887 [Jan van den Berg <janvdberg gmail.com>]
-
-  *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
-                    ScanHTMLTitles, ReadmeName, HeaderName
-     PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
-
-  *) Proxy: Fix ProxyPassReverse with relative URL
-     Derived (slightly erroneously) from PR 38864 [Nick Kew]
-
-  *) mod_headers: align Header Edit with Header Set when used on Content-Type
-     PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
-
-  *) mod_headers: Enable multi-match-and-replace edit option
-     PR 46594 [Nick Kew]
-
-  *) mod_filter: enable it to act on non-200 responses.
-     PR 48377 [Nick Kew]
-
-Changes with Apache 2.3.4
-
-  *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
-     and WatchdogMutexPath with a single Mutex directive.  Add APIs to
-     simplify setup and user customization of APR proc and global mutexes.
-     (See util_mutex.h.)  Build-time setting DEFAULT_LOCKFILE is no longer
-     respected; set DEFAULT_REL_RUNTIMEDIR instead.  [Jeff Trawick]
-
-  *) http_core: KeepAlive no longer accepts other than On|Off.
-     [Takashi Sato]
-
-  *) mod_dav: Remove errno from dav_error interface.  Calls to dav_new_error()
-     and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
-     [Jeff Trawick]
-
-  *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
-     try other providers in the case of an LDAP bind failure.
-     PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
-
-  *) Build: fix --with-module to work as documented
-     PR 43881 [Gez Saunders <gez.saunders virgin.net>]
-
-Changes with Apache 2.3.3
-
-  *) SECURITY: CVE-2009-3095 (cve.mitre.org)
-     mod_proxy_ftp: sanity check authn credentials.
-     [Stefan Fritsch <sf fritsch.de>, Joe Orton]
-
-  *) SECURITY: CVE-2009-3094 (cve.mitre.org)
-     mod_proxy_ftp: NULL pointer dereference on error paths.
-     [Stefan Fritsch <sf fritsch.de>, Joe Orton]
-  *) mod_ssl: enable support for ECC keys and ECDH ciphers.  Tested against
-     OpenSSL 1.0.0b3.  [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
-
-  *) mod_dav: Include uri when logging a PUT error due to connection abort.
-     PR 38149. [Stefan Fritsch]
-
-  *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
-     resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
-
-  *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
-     (a COPY request where the parent of the destination resource does not
-     exist). PR 39299. [Stefan Fritsch]
-
-  *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
-     PR 42896. [Stefan Fritsch]
-
-  *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
-     old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
-
-  *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
-     creating files. On systems with inode numbers, this is a format change of
-     the DavLockDB. The old DavLockDB must be deleted on upgrade.
-     [Stefan Fritsch]
-
-  *) mod_log_config: Make ${cookie}C correctly match whole cookie names
-     instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
-     Stefan Fritsch]
-
-  *) vhost: A purely-numeric Host: header should not be treated as a port.
-     PR 44979 [Nick Kew]
-
-  *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
-     when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
-     LDAPReferralHopLimit is explicitly configured.
-     [Eric Covener]
-
-  *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
-     [Eric Covener]
-
-  *) mod_ssl: Add support for OCSP Stapling.  PR 43822.
-     [Dr Stephen Henson <shenson oss-institute.org>]
-
-  *) mod_socache_shmcb: Allow parens in file name if cache size is given.
-     Fixes SSLSessionCache directive mis-parsing parens in pathname.
-     PR 47945. [Stefan Fritsch]
-
-  *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
-
-  *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
-
-  *) mod_sed: Reduce memory consumption when processing very long lines.
-     PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
-
-  *) ab: Fix segfault in case the argument for -n is a very large number.
-     PR 47178. [Philipp Hagemeister <oss phihag.de>]
-
-  *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
-     [Stefan Fritsch]
-
-  *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
-     for worker MPM. [Takashi Sato]
-
-  *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
-     from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
-     Brian France <brian brianfrance.com>]
-
-  *) Build: Use install instead of cp if available on installing
-     modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
-
-  *) mod_cache: correctly consider s-maxage in cacheability
-     decisions.  [Dan Poirier]
-
-  *) mod_logio/core: Report more accurate byte counts in mod_status if
-     mod_logio is loaded. PR 25656. [Stefan Fritsch]
-
-  *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
-     some cache entries and log a warning. Also increase the default
-     LDAPSharedCacheSize to 500000. This is a more realistic size suitable
-     for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
-     PR 46749. [Stefan Fritsch]
-
-  *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
-     the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
-
-  *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
-     Location section, in line with how ProxyPass works. [Graham Leggett]
-
-  *) mod_reqtimeout: New module to set timeouts and minimum data rates for
-     receiving requests from the client. [Stefan Fritsch]
-
-  *) core: Fix potential memory leaks by making sure to not destroy
-     bucket brigades that have been created by earlier filters.
-     [Stefan Fritsch]
-
-  *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
-     brigades in several places. [Stefan Fritsch]
-
-  *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
-     match by scheme, or by a wildcarded hostname. PR 40169
-     [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
-
-  *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
-     on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
-
-  *) mod_mime: Make RemoveType override the info from TypesConfig.
-     PR 38330. [Stefan Fritsch]
-
-  *) mod_cache: Introduce the option to run the cache from within the
-     normal request handler, and to allow fine grained control over
-     where in the filter chain content is cached. [Graham Leggett]
-
-  *) core: Treat timeout reading request as 408 error, not 400.
-     Log 408 errors in access log as was done in Apache 1.3.x.
-     PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
-     Stefan Fritsch <sf fritsch.de>, Dan Poirier]
-
-  *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
-     SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
-     [Peter Sylvester <peter.sylvester edelweb.fr>]
-
-  *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
-     PR15866.  [Dan Poirier]
-
-  *) ab: ab segfaults in verbose mode on https sites
-     PR46393.  [Ryan Niebur]
-
-  *) mod_dav: Allow other modules to become providers and add resource types
-     to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
-     Brian France <brian brianfrance.com>]
-
-  *) mod_dav: Allow other modules to add things to the DAV or Allow headers
-     of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
-     Brian France <brian brianfrance.com>]
-
-  *) core: Lower memory usage of core output filter.
-     [Stefan Fritsch <sf sfritsch.de>]
-
-  *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
-     LocationMatch sections.  PR47754. [Dan Poirier]
-
-  *) mod_request: Make sure the KeptBodySize directive rejects values
-     that aren't valid numbers. [Graham Leggett]
-
-  *) mod_session_crypto: Sanity check should the potentially encrypted
-     session cookie be too short. [Graham Leggett]
-
-  *) mod_session.c: Prevent a segfault when session is added but not
-     configured. [Graham Leggett]
-
-  *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
-
-  *) mod_auth_digest: Fail server start when nonce count checking
-     is configured without shared memory, or md5-sess algorithm is
-     configured. [Dan Poirier]
-
-  *) mod_proxy_connect: The connect method doesn't work if the client is
-     connecting to the apache proxy through an ssl socket. Fixed.
-     PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
-     David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
-     Kevin Croft, Rudolf Cardinal]
-
-  *) mod_ssl: The error message when SSLCertificateFile is missing should
-     at least give the name or position of the problematic virtual host
-     definition. [Stefan Fritsch sf sfritsch.de]
-
-  *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
-
-  *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
-
-  *) mod_headers: generalise the envclause to support expression
-     evaluation with ap_expr parser [Nick Kew]
-
-  *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
-     the flood of requests at bay that strike a backend webserver as
-     a cached entity goes stale. [Graham Leggett]
-
-  *) mod_auth_digest: Fix usage of shared memory and re-enable it.
-     PR 16057 [Dan Poirier]
-
-  *) Preserve Port information over internal redirects
-     PR 35999 [Jonas Ringh <jonas.ringh cixit.se>]
-
-  *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
-     rather than BAD_GATEWAY or (especially) NOT_FOUND.
-     PR 46971 [evanc nortel.com]
-
-  *) Various modules: Do better checking of pollset operations in order to
-     avoid segmentation faults if they fail. PR 46467
-     [Stefan Fritsch <sf sfritsch.de>]
-
-  *) mod_autoindex: Correctly create an empty cell if the description
-     for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
-
-  *) ab: Fix broken error messages after resolver or connect() failures.
-     [Jeff Trawick]
-
-  *) SECURITY: CVE-2009-1890 (cve.mitre.org)
-     Fix a potential Denial-of-Service attack against mod_proxy in a
-     reverse proxy configuration, where a remote attacker can force a
-     proxy process to consume CPU time indefinitely.  [Nick Kew, Joe Orton]
-
-  *) SECURITY: CVE-2009-1191 (cve.mitre.org)
-     mod_proxy_ajp: Avoid delivering content from a previous request which
-     failed to send a request body. PR 46949 [Ruediger Pluem]
-
-  *) htdbm: Fix possible buffer overflow if dbm database has very
-     long values.  PR 30586 [Dan Poirier]
-
-  *) core: Return APR_EOF if request body is shorter than the length announced
-     by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
-
-  *) mod_suexec: correctly set suexec_enabled when httpd is run by a
-     non-root user and may have insufficient permissions.
-     PR 42175 [Jim Radford <radford blackbean.org>]
-
-  *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
-     type.  PR 45107.  [Michael Ströder <michael stroeder.com>,
-     Peter Sylvester <peter.sylvester edelweb.fr>]
-
-  *) mod_proxy_http: fix case sensitivity checking transfer encoding
-     PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
-
-  *) mod_alias: ensure Redirect issues a valid URL.
-     PR 44020 [Håkon Stordahl <hakon stordahl.org>]
-
-  *) mod_dir: add FallbackResource directive, to enable admin to specify
-     an action to happen when a URL maps to no file, without resorting
-     to ErrorDocument or mod_rewrite.  PR 47184 [Nick Kew]
-
-  *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
-     CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
-
-  *) mod_rewrite: Remove locking for writing to the rewritelog.
-     PR 46942 [Dan Poirier <poirier pobox.com>]
-
-  *) mod_alias: check sanity in Redirect arguments.
-     PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
-
-  *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
-     PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
-
-  *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
-     defined session identifiers encoded in the URL when caching.
-     [Ruediger Pluem]
-
-  *) mod_rewrite: Fix the error string returned by RewriteRule.
-     RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
-     argument of RewriteRule was not started with "[" or not ended with "]".
-     PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
-
-  *) Windows: Fix usage message.
-     [Rainer Jung]
-
-  *) apachectl: When passing through arguments to httpd in
-     non-SysV mode, use the "$@" syntax to preserve arguments.
-     [Eric Covener]
-
-  *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
-     be run when a connection is opened.  PR 46827
-     [Marko Kevac <mkevac gmail.com>]
-
-  *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
-     PR 47037.  [Jeff Trawick]
-
-  *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
-     protocol. [Mladen Turk]
-
-  *) mod_proxy_ajp: Forward remote port information by default.
-     [Rainer Jung]
-
-  *) Allow MPMs to be loaded dynamically, as with most other modules.  Use
-     --enable-mpms-shared={list|"all"} to enable.  This required changes to
-     the MPM interfaces.  Removed: mpm.h, mpm_default.h (as an installed
-     header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
-     ap_max_daemons_limit, ap_my_generation, etc.  ap_mpm_query() can't be
-     called until after the register-hooks phase.  [Jeff Trawick]
-
-  *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
-     to enable stricter checking of remote server certificates.
-     [Ruediger Pluem]
-
-  *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
-     returns EINPROGRESS and a subsequent poll() returns only POLLERR.
-     Observed on HP-UX.  [Eric Covener]
-
-  *) Remove broken support for BeOS, TPF, and even older platforms such
-     as A/UX, Next, and Tandem.  [Jeff Trawick]
-
-  *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
-     globbing characters to be retrieved instead of converted into a
-     directory listing.  PR 46789 [Dan Poirier <poirier pobox.com>]
-
-  *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
-     of module state across unload/load.  [Jeff Trawick]
-
-  *) mod_substitute: Fix a memory leak. PR 44948
-     [Dan Poirier <poirier pobox.com>]
-
-Changes with Apache 2.3.2
-
-  *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
-
-  *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
-     HTML injections and HTTP response splitting.  PR 46837.
-     [Geoff Keating <geoffk apple.com>]
-
-  *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
-     development HEAD.  PR 45521.  [Kaspar Brand, Sander Temme]
-
-  *) ab: Fix maintenance of the pollset to resolve EALREADY errors
-     with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
-     PR 44584.  Use APR_POLLSET_NOCOPY for better performance with some
-     pollset implementations.  [Jeff Trawick]
-
-  *) mod_disk_cache: The module now turns off sendfile support if
-     'EnableSendfile off' is defined globally. [Lars Eilebrecht]
-
-  *) mod_deflate: Adjust content metadata before bailing out on 304
-     responses so that the metadata does not differ from 200 response.
-     [Roy T. Fielding]
-
-  *) mod_deflate: Fix creation of invalid Etag headers. We now make sure
-     that the Etag value is properly quoted when adding the gzip marker.
-     PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding]
-
-  *) Added 20x22 icons for ODF, SVG, and XML documents.  PR 37185.
-     [Peter Harlow]
-
-  *) Disabled DefaultType directive and removed ap_default_type()
-     from core.  We now exclude Content-Type from responses for which
-     a media type has not been configured via mime.types, AddType,
-     ForceType, or some other mechanism. PR 13986. [Roy T. Fielding]
-
-  *) mod_rewrite: Add IPV6 variable to RewriteCond
-     [Ryan Phillips <ryan-apache trolocsis.com>]
-
-  *) core: Enhance KeepAliveTimeout to support a value in milliseconds.
-     PR 46275. [Takashi Sato]
-
-  *) rotatelogs: Allow size units B, K, M, G and combination of
-     time and size based rotation. [Rainer Jung]
-
-  *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung]
-
-  *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508
-     [<tlhackque yahoo.com>]
-
-  *) core: Translate the the status line to ASCII on EBCDIC platforms in
-     ap_send_interim_response() and for locally generated "100 Continue"
-     responses.  [Eric Covener]
-
-  *) prefork: Fix child process hang during graceful restart/stop in
-     configurations with multiple listening sockets.  PR 42829.  [Joe Orton,
-     Jeff Trawick]
-
-  *) mod_session_crypto: Ensure that SessionCryptoDriver can only be
-     set in the global scope. [Graham Leggett]
-
-  *) mod_ext_filter: We need to detect failure to startup the filter
-     program (a mangled response is not acceptable).  Fix to detect
-     failure, and offer configuration option either to abort or
-     to remove the filter and continue.
-     PR 41120 [Nick Kew]
-
-  *) mod_session_crypto: Rewrite the session_crypto module against the
-     apr_crypto API. [Graham Leggett]
-
-  *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest
-     until the main request is cleaned up. [Graham Leggett]
-
-Changes with Apache 2.3.1
-
-  *) ap_slotmem: Add in new slot-based memory access API impl., including
-     2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski,
-     Jean-Frederic Clere, Brian Akins <brian.akins turner.com>]
-
-  *) mod_include: support generating non-ASCII characters as entities in SSI
-     PR 25202 [Nick Kew]
-
-  *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
-     PR 25202 [Nick Kew]
-
-  *) mod_rewrite: fix "B" flag breakage by reverting r5589343
-    PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
-
-  *) CGI: return 504 (Gateway timeout) rather than 500 when a script
-     times out before returning status line/headers.
-     PR 42190 [Nick Kew]
-
-  *) mod_cgid: fix segfault problem on solaris.
-     PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
-
-  *) mod_proxy_scgi: Added. [André Malo]
-
-  *) mod_cache: Introduce 'no-cache' per-request environment variable
-     to prevent the saving of an otherwise cacheable response.
-     [Eric Covener]
-
-  *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
-     way that per-directory rewrites append the previous notion of PATH_INFO
-     to each substitution before evaluating subsequent rules.
-     PR 38642 [Eric Covener]
-
-  *) mod_cgid: Do not add an empty argument when calling the CGI script.
-     PR 46380 [Ruediger Pluem]
-
-  *) scoreboard: Remove unused sb_type from process_score.
-     [Torsten Foertsch <torsten.foertsch gmx.net>, Chris Darroch]
-
-  *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
-     size of the buffer used for the request-body where necessary
-     during a per-dir renegotiation.  PR 39243.  [Joe Orton]
-
-  *) mod_proxy_fdpass: New module to pass a client connection over to a separate
-     process that is reading from a unix daemon socket.
-
-  *) mod_ssl: Improve environment variable extraction to be more
-     efficient and to correctly handle DNs with duplicate tags.
-     PR 45975.  [Joe Orton]
-
-  *) Remove the obsolete serial attribute from the RPM spec file. Compile
-     against the external pcre. Add missing binaries fcgistarter, and
-     mod_socache* and mod_session*. [Graham Leggett]
-
-Changes with Apache 2.3.0
-
-  *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
-
-  *) Remove X-Pad header which was added as a work around to a bug in
-     Netscape 2.x to 4.0b2. [Takashi Sato <takashi lans-tv.com>]
-
-  *) Add DTrace Statically Defined Tracing (SDT) probes.
-    [Theo Schlossnagle <jesus omniti.com>, Paul Querna]
-
-  *) mod_proxy_balancer: Move all load balancing implementations
-     as individual, self-contained mod_proxy submodules under
-     modules/proxy/balancers [Jim Jagielski]
-
-  *) Rename APIs to include ap_ prefix:
-        find_child_by_pid -> ap_find_child_by_pid
-        suck_in_APR -> ap_suck_in_APR
-        sys_privileges_handlers -> ap_sys_privileges_handlers
-        unixd_accept -> ap_unixd_accept
-        unixd_config -> ap_unixd_config
-        unixd_killpg -> ap_unixd_killpg
-        unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
-        unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
-        unixd_set_rlimit -> ap_unixd_set_rlimit
-     [Paul Querna]
-
-  *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
-     based on heartbeats. [Paul Querna]
-
-  *) mod_heartmonitor: New module to collect heartbeats, and write out a file
-     so that other modules can load balance traffic as needed. [Paul Querna]
-
-  *) mod_heartbeat: New module to generate multicast heartbeats to know if a
-     server is online. [Paul Querna]
-
-  *) mod_buffer: Honour the flush bucket and flush the buffer in the
-     input filter. Make sure that metadata buckets are written to
-     the buffer, not to the final brigade. [Graham Leggett]
-
-  *) mod_buffer: Optimise the buffering of heap buckets when the heap
-     buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
-     Ruediger Pluem]
-
-  *) mod_buffer: Optional support for buffering of the input and output
-     filter stacks. Can collapse many small buckets into fewer larger
-     buckets, and prevents excessively small chunks being sent over
-     the wire. [Graham Leggett]
-
-  *) mod_privileges: new module to make httpd on Solaris privileges-aware
-     and to enable different virtualhosts to run with different
-     privileges and Unix user/group IDs [Nick Kew]
-
-  *) mod_mem_cache: this module has been removed. [William Rowe]
-
-  *) authn/z: Remove mod_authn_default and mod_authz_default.
-     [Chris Darroch]
-
-  *) authz: Fix handling of authz configurations, make default authz
-     logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
-     and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
-     directives.  [Chris Darroch]
-
-  *) mod_authn_core: Prevent crash when provider alias created to
-     provider which is not yet registered.  [Chris Darroch]
-
-  *) mod_authn_core: Add AuthType of None to support disabling
-     authentication.  [Chris Darroch]
-
-  *) core: Allow <Limit> and <LimitExcept> directives to nest, and
-     constrain their use to conform with that of other access control
-     and authorization directives.  [Chris Darroch]
-
-  *) unixd: turn existing code into a module, and turn the set user/group
-     and chroot into a child_init function. [Nick Kew]
-
-  *) mod_dir: Support "DirectoryIndex disabled"
-     Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
-
-  *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
-     OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
-
-  *) mod_authnz_ldap: don't return NULL-valued environment variables to
-     other modules.  PR 39045 [Francois Pesce <francois.pesce gmail.com>]
-
-  *) Don't adjust case in pathname components that are not of interest
-     to mod_mime.  Fixes mod_negotiation's use of such components.
-     PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
-
-  *) Be tolerant in what you accept - accept slightly broken
-     status lines from a backend provided they include a valid status code.
-     PR 44995 [Rainer Jung <rainer.jung kippdata.de>]
-
-  *) New module mod_sed: filter Request/Response bodies through sed
-     [Basant Kumar Kukreja <basant.kukreja sun.com>]
-
-  *) mod_auth_form: Make sure that basic authentication is correctly
-     faked directly after login. [Graham Leggett]
-
-  *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
-     within the output headers and error output headers, so that the
-     session is maintained across redirects. [Graham Leggett]
-
-  *) mod_auth_form: Make sure the logged in user is populated correctly
-     after a form login. Fixes a missing REMOTE_USER variable directly
-     following a login. [Graham Leggett]
-
-  *) mod_session_cookie: Make sure that cookie attributes are correctly
-     included in the blank cookie when cookies are removed. This fixes an
-     inability to log out when using mod_auth_form. [Graham Leggett]
-
-  *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
-     null value. [David Shane Holden <dpejesh apache.org>]
-
-  *) core, authn/z: Determine registered authn/z providers directly in
-     ap_setup_auth_internal(), which allows optional functions that just
-     wrapped ap_list_provider_names() to be removed from authn/z modules.
-     [Chris Darroch]
-
-  *) authn/z: Convert common provider version strings to macros.
-     [Chris Darroch]
-
-  *) core: When testing for slash-terminated configuration paths in
-     ap_location_walk(), don't look past the start of an empty string
-     such as that created by a <Location ""> directive.
-     [Chris Darroch]
-
-  *) core, mod_proxy: If a kept_body is present, it becomes safe for
-     subrequests to support message bodies. Make sure that safety
-     checks within the core and within the proxy are not triggered
-     when kept_body is present. This makes it possible to embed
-     proxied POST requests within mod_include. [Graham Leggett]
-
-  *) mod_auth_form: Make sure the input filter stack is properly set
-     up before reading the login form. Make sure the kept body filter
-     is correctly inserted to ensure the body can be read a second
-     time safely should the authn be successful. [Graham Leggett,
-     Ruediger Pluem]
-
-  *) mod_request: Insert the KEPT_BODY filter via the insert_filter
-     hook instead of during fixups. Add a safety check to ensure the
-     filters cannot be inserted more than once. [Graham Leggett,
-     Ruediger Pluem]
-
-  *) ap_cache_cacheable_headers_out() will (now) always
-     merge an error headers _before_ clearing them and _before_
-     merging in the actual entity headers and doing normal
-     hop-by-hop cleansing. [Dirk-Willem van Gulik].
-

[... 294 lines stripped ...]


Mime
View raw message