summaryrefslogtreecommitdiff
path: root/changes-entries
Commit message (Collapse)AuthorAgeFilesLines
* *) mod_http2: v2.0.15 with the following fixes and improvementsStefan Eissing2023-05-121-0/+18
| | | | | | | | | | | | | | | | | | | | | | | - New directive 'H2EarlyHint name value' to add headers to a response, picked up already when a "103 Early Hints" response is sent. 'name' and 'value' must comply to the HTTP field restrictions. This directive can be repeated several times and header fields of the same names add. Sending a 'Link' header with 'preload' relation will also cause a HTTP/2 PUSH if enabled and supported by the client. - Fixed an issue where requests were not logged and accounted in a timely fashion when the connection returns to "keepalive" handling, e.g. when the request served was the last outstanding one. This led to late appearance in access logs with wrong duration times reported. - Accurately report the bytes sent for a request in the '%O' Log format. This addresses #203, a long outstanding issue where mod_h2 has reported numbers over-eagerly from internal buffering and not what has actually been placed on the connection. The numbers are now the same with and without H2CopyFiles enabled. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909769 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_tls: updating to rustls-ffi version 0.9.2 or higher.Stefan Eissing2023-05-021-0/+4
| | | | | | | | | Checking in configure for proper version installed. Code fixes for changed clienthello member name. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909558 13f79535-47bb-0310-9956-ffa450edef68
* * In the reverse proxy case when we only want to keep encoded slashes untouchedRuediger Pluem2023-04-281-0/+3
| | | | | | | | | | | we can have decoded '%''s in the URI that got sent to us in the original URL as %25. Don't error out in this case but just fall through and have them encoded to %25 when forwarding to the backend. PR: 66580 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909464 13f79535-47bb-0310-9956-ffa450edef68
* * Add server directory to include path as mod_rewrite requires test_char.h.Ruediger Pluem2023-04-191-0/+2
| | | | | | | | | PR: 66571 Submitted by: Valeria Petrov <valeria.petrov@spinetix.com> Reviewed by: rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909241 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES.Yann Ylavic2023-03-319-34/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908867 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1908827: CHANGES entry.Yann Ylavic2023-03-311-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908838 13f79535-47bb-0310-9956-ffa450edef68
* fix regression in 2.4.56Eric Covener2023-03-301-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908813 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: fixed a crash during connection termination. See PR 66539.Stefan Eissing2023-03-241-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908691 13f79535-47bb-0310-9956-ffa450edef68
* * Fix typoRuediger Pluem2023-03-221-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908629 13f79535-47bb-0310-9956-ffa450edef68
* Update ErrorLogFormat CHANGES entry for the full story.Yann Ylavic2023-03-151-2/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908407 13f79535-47bb-0310-9956-ffa450edef68
* core: Add formats %{z} and %{strftime-format} to ErrorLogFormat. PR 62161.Yann Ylavic2023-03-141-0/+3
| | | | | | | | | | | | | | | | | | | %{z} prints the timezone offset (i.e. "[+-]nnnn") and %{strftime-format} allows any %-format handled by [apr_]strftime(). * include/util_time.h(): Define new AP_CTIME_OPTION_GMTOFF option for ap_recent_ctime_ex(). * server/util_time.c(ap_recent_ctime_ex): Handle AP_CTIME_OPTION_GMTOFF to print "[+-]nnnn" timezone. * server/log.c(log_ctime): If the format contains a '%' it's for strftime(), otherwise it's builtin with new 'z' as AP_CTIME_OPTION_GMTOFF. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908380 13f79535-47bb-0310-9956-ffa450edef68
* Do not double encode encoded slashesRuediger Pluem2023-03-131-0/+4
| | | | | | | | | | | | | | | | | | | | | In case that AllowEncodedSlashes is set to NoDecode do not double encode encoded slashes in the URL sent by the reverse proxy to the backend. * include/ap_mmn.h: Document the addition of ap_proxy_canonenc_ex to the API. * modules/proxy/mod_proxy.h: Declare ap_proxy_canonenc_ex and define flag values. * modules/proxy/proxy_util.c: Implement ap_proxy_canonenc_ex by modifying ap_proxy_canonenc accordingly and reimplement ap_proxy_canonenc to use ap_proxy_canonenc_ex with the appropriate flag. * modules/http2/mod_proxy_http2.c, modules/proxy/mod_proxy_*.c: Set the correct flag based on the AllowEncodedSlashes configuration and use ap_proxy_canonenc_ex instead of ap_proxy_canonenc. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908341 13f79535-47bb-0310-9956-ffa450edef68
* add [BCTLS] alternative to [B] for 2.4.56 problemsEric Covener2023-03-111-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908301 13f79535-47bb-0310-9956-ffa450edef68
* allow decoded chars when they will be escapedEric Covener2023-03-111-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908296 13f79535-47bb-0310-9956-ffa450edef68
* * Add CHANGES entry for r1907505 [skip ci]Ruediger Pluem2023-03-081-0/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908186 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md:Stefan Eissing2023-03-051-0/+8
| | | | | | | | | | | | | - Enabling ED25519 support and certificate transparency information when building with libressl v3.5.0 and newer. Thanks to Giovanni Bechis. - MDChallengeDns01 can now be configured for individual domains. Thanks to Jérôme Billiras (@bilhackmac) for the initial PR. - Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the challenge teardown not being invoked as it should. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908080 13f79535-47bb-0310-9956-ffa450edef68
* Sync changes [skip ci]Yann Ylavic2023-03-0218-65/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907983 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_uwsgi: Stricter backend HTTP response parsing/validationYann Ylavic2023-03-021-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907980 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1907972: CHANGES entry.Yann Ylavic2023-03-021-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907977 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: new directive 'H2MaxDataFrameLen n' to limit the maximumStefan Eissing2023-02-161-0/+7
| | | | | | | | | | | | | amount of response body bytes put into a single HTTP/2 DATA frame. Setting this to 0 places no limit (but the max size allowed by the protocol is observed). The module, by default, tries to use the maximum size possible, which is somewhat around 16KB. This sets the maximum. When less response data is available, smaller frames will be sent. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907697 13f79535-47bb-0310-9956-ffa450edef68
* LDAPConnectionPoolTTL should accept negative values in order to allowChristophe Jaillet2023-01-271-0/+4
| | | | | | | connections of any age to be reused. Up to now, a negative value was handled as an error when parsing the configuration file. PR 66421. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1907024 13f79535-47bb-0310-9956-ffa450edef68
* * Report an error if the AJP backend sends an invalid number of headersRuediger Pluem2023-01-231-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906940 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: client resets of HTTP/2 streams led to unwanted 500 errorsStefan Eissing2023-01-181-0/+4
| | | | | | | | | reported in access logs and error documents. The processing of the reset was correct, only unneccesary reporting was caused. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906775 13f79535-47bb-0310-9956-ffa450edef68
* add -T flag to truncate rotated logs onlyEric Covener2023-01-061-0/+2
| | | | | | | | for strftime formats that will loop back on themselves, like day of month or weekday name. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906433 13f79535-47bb-0310-9956-ffa450edef68
* Use 'command -v' instead of 'which' which is more portable.Ruediger Pluem2023-01-041-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906387 13f79535-47bb-0310-9956-ffa450edef68
* * Add CHANGELOG for r1906379, r1906380Ruediger Pluem2023-01-041-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906382 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_proxy_http2: apply the standard httpd content type handlingStefan Eissing2022-12-171-0/+4
| | | | | | | | | to responses from the backend, as other proxy modules do. Fixes PR 66391. Thanks to Jérôme Billiras for providing the patch. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906051 13f79535-47bb-0310-9956-ffa450edef68
* Add a change entry for r1905229Christophe Jaillet2022-11-191-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1905404 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: field values (headers and trailers) are stripped ofStefan Eissing2022-10-221-4/+5
| | | | | | | | | | | | | leading/trailing whitespace (space +htab) before being processed or send in a response. This is compatible behaviour to HTTP/1.1 parsers that strip incoming headers of such characters. [Stefan Eissing] - removed intermittent "H2HeaderStrictness" directive again. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904777 13f79535-47bb-0310-9956-ffa450edef68
* mod_dav: Allow to disable lock discovery via an DAVLockDiscovery expression.Yann Ylavic2022-10-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | mod_dav-fs scales badly when a few clients run PROPFIND requests to discover directory content. Each PROPFIND involves lockdiscovery, which in turn waits for a locked access to the file containing the lock database. Performances quickly drop because of lock contention on this file. Add a DAVLockDiscovery configuration directive that allows lockdiscovery to be disabled. Its argument is an Apache expression so that flexible configuration are possible (per-request). When lock discovery is disabled, an empty lockdiscovery property is returned on POPRFIND methods, just like if no lock was set on the object. That should cause no regression, since a client cannot rely on lockdiscovery to decide when a file should be accessed, the LOCK methood must be used. If DAVLockDiscovery is not specified, the behavior is unchanged. PR 66313. Submitted by: Emmanuel Dreyfus <manu netbsd.org> Reviewed by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904638 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy: Ignore (and warn about) enablereuse=on for ProxyPassMatch whenYann Ylavic2022-10-111-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | some dollar substitution (backreference) happens in the hostname or port part of the URL. Address or connection reuse can't work when the autority part of the URL is dynamic (single origin server[:port] handled/assumed in the reslist). Detect such cases and unset worker->s->is_address_reusable to disable reuse regardless of enablereuse/disablereuse. * modules/proxy/proxy_util.c(ap_proxy_define_worker_ex): Lookup for $n substitution in the hostname[:port] when parsing the URL and if present, set worker->->is_address_reusable=0 / worker->s->disablereuse=1. * modules/proxy/proxy_util.c(ap_proxy_initialize_worker): Don't overwrite worker->s->is_address_reusable from enablereuse/disablereuse parameters, and set both consistently. * docs/manual/mod/mod_proxy.xml: Add ProxyPassMatch compatibility note about key=value parameters handled with $n substitutions since 2.4.47. Document the specificities of enablereuse/disablereuse w.r.t. $n subsitutions in the different part of the URL. Axe the note about unparsable URLs when the $n substitution happens in the port, this has been addressed in 2.4.47 too (and works now). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904513 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: new directive "H2HeaderStrictness" to control the complianceStefan Eissing2022-09-261-0/+4
| | | | | | | | | | | | | | | | level of header checks as defined in the HTTP/2 RFCs. Default is 7540. 9113 activates the checks for forbidden leading/trailing whitespace in field values (available from nghttp2 v1.50.0 on). - source sync with github version - fix for keepalive idle wait in mpm_worker setup - ensuring EOS when secondary connection has been handled - fixed race in late input EOS arrival when stream was already scheduled for execution. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904269 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_proxy_http2: use only the ':authority' header to forward 'Host'Stefan Eissing2022-09-201-0/+4
| | | | | | | | | information to a backend. Deduce ':authority' from what the client sent when 'ProxyPreserveHost' is on. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904164 13f79535-47bb-0310-9956-ffa450edef68
* mod_md v2.4.19 from github syncStefan Eissing2022-08-251-0/+8
| | | | | | | | | | | | | | | *) mod_md: a new directive `MDStoreLocks` can be used on cluster setups with a shared file system for `MDStoreDir` to order activation of renewed certificates when several cluster nodes are restarted at the same time. Store locks are not enabled by default. Restored curl_easy cleanup behaviour from v2.4.14 and refactored the use of curl_multi for OCSP requests to work with that. Fixes <https://github.com/icing/mod_md/issues/293>. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1903677 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_ssl: when a proxy connection had handled a request using SSL, anStefan Eissing2022-08-011-0/+5
| | | | | | | | | | error was logged when "SSLProxyEngine" was only configured in the location/proxy section and not the overall server. The connection continued to work, the error log was in error. Fixed PR66190. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1903167 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: fixed trailer handling. Empty response bodiesStefan Eissing2022-07-021-0/+5
| | | | | | | | | | prevented trailers from being sent to a client. See <https://github.com/icing/mod_h2/issues/233> for how this affected gRPC use. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1902409 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES [skip ci]Yann Ylavic2022-06-024-14/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901551 13f79535-47bb-0310-9956-ffa450edef68
* update of mod_md change description. [skip ci]Stefan Eissing2022-06-021-3/+5
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901546 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: SSLFIPS compatible with OpenSSL 3.0. PR 66063.Yann Ylavic2022-05-311-0/+2
| | | | | | | | | | | | | | | | * modules/ssl/ssl_private.h(): #define modssl_fips_is_enabled() and modssl_fips_enable() to wrap the native OpenSSL FIPS functions available on OPENSSL_VERSION_NUMBER. * modules/ssl/ssl_engine_init.c(ssl_init_Module, modssl_fips_cleanup): Use the new wrappers instead of the OPENSSL_VERSION_NUMBER < 3.0 functions. Submitted by: Petr Sumbera <petr.sumbera oracle.com>, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901470 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_http: Avoid 417 responses for non forwardable 100-continue. PR 65666.Yann Ylavic2022-05-301-0/+2
| | | | | | | | | | | | | | | Stop returning 417 when mod_proxy has to forward an HTTP/1.1 request with both "Expect: 100-continue" and "force-proxy-request-1.0" set, mod_proxy can instead handle the 100-continue by itself before forwarding the request, like in the "Proxy100Continue Off" case. Note that this does not change the behaviour of httpd receiving an HTTP/1.0 request with an Expect header, ap_check_request_header() will still correctly return 417 in this case. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901420 13f79535-47bb-0310-9956-ffa450edef68
* Merge of PR 318:Stefan Eissing2022-05-261-0/+4
| | | | | | | | | | | *) core: the conf/mime.types has been updated in conformance with RFC 9239: - .js moved from 'application/javascript' to 'text/javascript' - .mjs was added as 'text/javascript' [Mathias Bynens <@mathiasbynens> via PR 318] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901273 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: a logic bug in sending long OCSP HTTP request bodies was fixed.Stefan Eissing2022-05-251-0/+4
| | | | | | | | | This did not happen in normal use as request sizes for OSCP queries never exceed that length. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901230 13f79535-47bb-0310-9956-ffa450edef68
* Sync CHANGES entries [skip ci]Yann Ylavic2022-05-1821-86/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901034 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1899858: CHANGES entry.Yann Ylavic2022-05-171-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900991 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: the `MDCertificateAuthority` directive can take more than one ↵Stefan Eissing2022-05-131-0/+7
| | | | | | | | | | | | | | URL/name of an ACME CA. This gives a failover for renewals when several consecutive attempts to get a certificate failed. A new directive was added: `MDRetryDelay` sets the delay of retries. A new directive was added: `MDRetryFailover` sets the number of errored attempts before an alternate CA is selected for certificate renewals. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900852 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: fixed a bug leading to failed transfers for OCSPStefan Eissing2022-05-061-0/+3
| | | | | | | | | stapling information when more than 6 certificates needed updates in the same run. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900628 13f79535-47bb-0310-9956-ffa450edef68
* ab: Add the -W option to use worker threads.Yann Ylavic2022-04-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows for multiple CPUs to handle the load, the number of requests and concurrency level asked are distributed over the configured number of workers, allowing for as much parallelism. On unixes (only for now), -W0 will use all the CPUs available on the system. To avoid synchronization during runtime, the stats and requests times are gathered per worker and consolidated at the end of the run before being printed. Connection closes, keepalives and errors are now handled in a single place, namely cleanup_connection(), which takes care of the good/bad state of each request based on the response fully received or not. When multiple workers are running, SIGINT is handled by the main thread only and masked in workers, workers are asked to stop and woken up if waiting in poll(). A single worker is started first to determine the connectivity with the peer, if that fails (10 tries) ab will stop early still without starting the other workers, otherwise the first worker will signal the main thread to start the others. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900362 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_http2: remove unused and insecure code. Fixes PR66037.Stefan Eissing2022-04-281-0/+3
| | | | | | | | Thanks to Ronald Crane (Zippenhop LLC) for reporting this. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900356 13f79535-47bb-0310-9956-ffa450edef68
* * removing duplicatae changes entryStefan Eissing2022-04-271-5/+0
| | | | | | | [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900315 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: implement full auto status ("key: value" type status output).Stefan Eissing2022-04-271-0/+5
| | | | | | | | | | | | Especially not only status summary counts for certificates and OCSP stapling but also lists. Auto status format is similar to what was used for mod_proxy_balancer. added change desription for code added in r1900313. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900314 13f79535-47bb-0310-9956-ffa450edef68
View Lorry Controller Status