httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steffen" <i...@apachelounge.com>
Subject Re: [VOTE] Release 2.3.16-beta as beta
Date Fri, 16 Dec 2011 20:08:02 GMT
Update, all the important/usefull modules are working now with 2.3.16, including modsecurity.


Hopefully no API changes anymore.

I shall make a download available at http://www.apachelounge.com , so more can test.

From: Steffen 
Sent: Friday, December 16, 2011 2:08 PM
To: dev@httpd.apache.org 
Subject: Re: [VOTE] Release 2.3.16-beta as beta

The IP adress was understand.   
Now struggling with log_error hook API change. 


My point was that in a so called RC/Latest_Beta the API is now changed  with consequences.
A release candidate phase should be intended as a period of bug fixing only prior to the GA
release. No new features/functions should be included before the GA version.

On Friday 16/12/2011 at 12:37, Graham Leggett wrote: 
  On 16 Dec 2011, at 12:59 PM, Steffen wrote:


    Was expecting that 2.3.16, as RC/latest beta, did not break that much modules. With 2.3.x
till 2.3.15 it was minor, in fact none here.

    Authors were planning to release new versions to support 2.4 GA, based on testing 2.3.15
and  no api changes in a Release Candidate. 

    We must  live with it, according the replies on my modsec example post here.

  The API rules are clear, when v2.4.0 is released, the API is cast in stone. Before that
point, the API is subject to change.

  We are after the most stable server possible, when a bug exists in the API, that bug must
be fixed.


    Gregg reported here that the problems are the changes to the log_error hook and  remote_ip/remote_addr

  This is reported in the CHANGES file, which module authors should be keeping track of.

  In the server, we have gone from tracking just one remote IP address to tracking two - the
IP address of the client directly connected to us, and the IP address of the useragent that
initiated the request, which may be some hops away from us separated by caches, load balancer
or proxies. In order to prevent subtle bugs appearing in modules because modules are looking
at the wrong IP address, we are forcing module authors to make an explicit choice - does their
module need the client IP or the useragent IP? 

  Subtle bugs are bad.

  Regards,
  Graham
  --



Mime
View raw message