summaryrefslogtreecommitdiffstats
path: root/CHANGES
diff options
context:
space:
mode:
authorYann Ylavic <ylavic@apache.org>2022-05-18 14:44:41 +0200
committerYann Ylavic <ylavic@apache.org>2022-05-18 14:44:41 +0200
commit0f4842ef5aa5193f66fd5cdd1446a449a7c6f8b2 (patch)
tree71fc937ae991afe936a392192bad96c79c2b647e /CHANGES
parentFollow up to r1899858: CHANGES entry. (diff)
downloadapache2-0f4842ef5aa5193f66fd5cdd1446a449a7c6f8b2.tar.xz
apache2-0f4842ef5aa5193f66fd5cdd1446a449a7c6f8b2.zip
Sync CHANGES entries [skip ci]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901034 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'CHANGES')
-rw-r--r--CHANGES106
1 files changed, 106 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index ae5bcce9cf..59e50d87e6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,112 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_md: the `MDCertificateAuthority` directive can take more than one URL/name of
+ an ACME CA. This gives a failover for renewals when several consecutive attempts
+ to get a certificate failed.
+ A new directive was added: `MDRetryDelay` sets the delay of retries.
+ A new directive was added: `MDRetryFailover` sets the number of errored
+ attempts before an alternate CA is selected for certificate renewals.
+ [Stefan Eissing]
+
+ *) mod_heartmonitor: Set the documented default value
+ "10" for HeartbeatMaxServers instead of "0". With "0"
+ no shared memory slotmem was initialized. [Rainer Jung]
+
+ *) mod_md: fixed a bug leading to failed transfers for OCSP
+ stapling information when more than 6 certificates needed
+ updates in the same run. [Stefan Eissing]
+
+ *) mod_http2: use the new REQUEST buckets to forward request
+ on secondary connections. Use the now generic
+ ap_process_connection() in h2 workers to process those.
+ [Stefan Eissing]
+
+ *) Implement full auto status ("key: value" type status output).
+ Especially not only status summary counts for certificates and
+ OCSP stapling but also lists. Auto status format is similar to
+ what was used for mod_proxy_balancer.
+ [Rainer Jung]
+
+ *) core/mod_http: use REQUEST meta buckets and a new HTTP/1.x specific
+ input filter to separate the handling for HTTP requests from the
+ handling of HTTP/1.x request parsing and checks.
+ A new HTTP1_REQUEST_IN filter installs itself on http/1.1 connections
+ before a request is being read. It generates either a REQUEST meta
+ bucket on success or an ERROR bucket with the proposed response status.
+ The core connection processing, relying on ap_read_request(), now expects
+ a REQUEST or ERROR bucket from the input filters and is agnostic to
+ specific HTTP versions and how they bring requests into the server.
+ [Stefan Eissing]
+
+ *) mod_http2: remove unused and insecure code. Fixes PR66037.
+ Thanks to Ronald Crane (Zippenhop LLC) for reporting this.
+ [Stefan Eissing]
+
+ *) mod_md: added support for managing certificates via a
+ local tailscale demon for users of that secure networking.
+ This gives trusted certificates for tailscale assigned
+ domain names in the *.ts.net space.
+ [Stefan Eissing]
+
+ *) mod_md: a possible NULL pointer deref was fixed in
+ the JSON code for persisting time periods (start+end).
+ Fixes #282 on mod_md's github.
+ Thanks to @marcstern for finding this.
+
+ *) core: Avoid an overflow on large inputs in ap_is_matchexp. PR 66033
+ [Ruediger Pluem]
+
+ *) core/mod_http: use RESPONSE meta buckets and a new HTTP/1.x specific
+ filter to send responses through the output filter chain.
+ Specifically: the HTTP_HEADER output filter and ap_send_interim_response()
+ create a RESPONSE bucket and no longer are concerned with HTTP/1.x
+ serialization.
+ A new HTTP1_RESPONSE_OUT transcode filter writes the proper HTTP/1.x
+ bytes when dealing with a RESPONSE bucket. That filter installs itself
+ on the pre_read_request hook when the connection has protocol 'http/1.1'.
+ [Stefan Eissing]
+
+ *) MPM event: Restart chilren processes killed before idle maintenance.
+ PR 65769. [Yann Ylavic, Ruediger Pluem]
+
+ *) core: Disable TCP_NOPUSH optimization on OSX since it might introduce
+ transmission delays. PR 66019. [Yann Ylavic]
+
+ *) ab: Allow for TLSv1.3 when the SSL library supports it.
+ [abhilash1232 gmail.com, xiaolongx.jiang intel.com, Yann Ylavic]
+
+ *) ab: Add the -W option to use worker threads, allowing for multiple CPUs
+ to handle the load. [Yann Ylavic]
+
+ *) mod_substitute: Fix an integer overflow that can happen in very special
+ setups. PR 66034 [Ruediger Pluem]
+
+ *) core: make ap_escape_quotes() work correctly on strings
+ with more than MAX_INT/2 characters, counting quotes double.
+ Credit to <generalbugs@zippenhop.com> for finding this.
+ [Stefan Eissing]
+
+ *) core: adding a new hook and method to the API:
+ create_secondary_connection and ap_create_secondary_connection()
+ to setup connections related to a "master" one, as used in
+ the HTTP/2 protocol implementation.
+ *) mod_http2: using the new API calls to get rid of knowledge
+ about how the core handles conn_rec specifics.
+ Improvements in pollset stream handling to use less sets.
+ Using atomic read/writes instead of volatiles now.
+ Keeping a reserve of "transit" pools and bucket_allocs for
+ use on secondary connections to avoid repeated setup/teardowns.
+
+ *) mod_proxy: Set a status code of 502 in case the backend just closed the
+ connection in reply to our forwarded request. [Ruediger Pluem]
+
+ *) MPM event: Fix accounting of active/total processes on ungraceful restart,
+ PR 66004 (follow up to PR 65626 from 2.4.52). [Yann Ylavic]
+
+ *) mod_proxy: Add backend port to log messages to
+ ease identification of involved service.
+
*) mod_systemd: Systemd socket activation can now be enabled at
build time but disabled at run time, if mod_systemd is not
loaded. [Lubos Uhliarik <luhliari redhat.com>]