Changes with Apache 2.4.46
*) mod_proxy_fcgi: Fix build warnings for Windows platform
[Eric Covener, Christophe Jaillet]
Changes with Apache 2.4.45
*) mod_http2: remove support for abandoned http-wg draft
<https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>.
[Stefan Eissing]
Changes with Apache 2.4.44
*) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard
protocol limit). [Yann Ylavic]
*) mod_http2:
Fixes <https://github.com/icing/mod_h2/issues/200>:
"LimitRequestFields 0" now disables the limit, as documented.
Fixes <https://github.com/icing/mod_h2/issues/201>:
Do not count repeated headers with same name against the field
count limit. The are merged internally, as if sent in a single HTTP/1 line.
[Stefan Eissing]
*) mod_http2: Avoid segfaults in case of handling certain responses for
already aborted connections. [Stefan Eissing, Ruediger Pluem]
*) mod_http2: The module now handles master/secondary connections and has marked
methods according to use. [Stefan Eissing]
*) core: Drop an invalid Last-Modified header value coming
from a FCGI/CGI script instead of replacing it with Unix epoch.
[Yann Ylavic, Luca Toscano]
*) Add support for strict content-length parsing through addition of
ap_parse_strict_length() [Yann Ylavic]
*) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when expression
evaluates to false. PR64365. [Michael König <mail ikoenig.net>]
*) mod_proxy_http: flush spooled request body in one go to avoid
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=610
*) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
*) mod_proxy_http: Fix the forwarding of requests with content body when a
balancer member is unavailable; the retry on the next member was issued
with an empty body (regression introduced in 2.4.41). PR63891.
[Yann Ylavic]
*) mod_http2: Fixes issue where mod_unique_id would generate non-unique request
identifier under load, see <https://github.com/icing/mod_h2/issues/195>.
[Michael Kaufmann, Stefan Eissing]
*) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}.
PR64140. [Renier Velazco <renier.velazco upr.edu>]
*) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info".
PR64172.
*) mod_usertrack: Add CookieSameSite, CookieHTTPOnly, and CookieSecure
to allow customization of the usertrack cookie. PR64077.
[Prashant Keshvani <prashant2400 gmail.com>, Eric Covener]
*) mod_proxy_ajp: Add "secret" parameter to proxy workers to implement legacy
AJP13 authentication. PR 53098. [Dmitry A. Bakshaev <dab1818 gmail com>]
*) mpm_event: avoid possible KeepAliveTimeout off by -100 ms.
[Eric Covener, Yann Ylavic]
*) Add a config layout for OpenWRT. [Graham Leggett]
*) Add support for cross compiling to apxs. If apxs is being executed from
somewhere other than its target location, add that prefix to includes and
library directories. Without this, apxs would fail to find config_vars.mk
and exit. [Graham Leggett]
*) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github
issue mod_md#172 (https://github.com/icing/mod_md/issues/172).
[Michael Kaufmann <mail michael-kaufmann.ch>, Stefan Eissing]
*) mod_ssl: use OPENSSL_init_ssl() to initialise OpenSSL on versions 1.1+.
[Graham Leggett]
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=601
- define DEFAULT_LISTENBACKLOG=APR_INT32_MAX. We want apache
to honour net.core.somaxconn sysctl as the mandatory limit.
the old value of 511 was never used as until v5.4-rc6 it was
clamped to 128, in current kernels the default limit is 4096.
Cannot use the apr_socket_listen(.., -1) idiom because the function
expects a positive integer argument.
OBS-URL: https://build.opensuse.org/request/show/769110
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=596
* mod_proxy/ssl: Cleanup per-request SSL configuration anytime a
backend connection is recycled/reused to avoid a possible crash
with some SSLProxy configurations in <Location> or <Proxy>
context. PR 63256. [Yann Ylavic]
* mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA
failure. [Michael Kaufmann <mail michael-kaufmann.ch>]
* mod_log_config: Support %{c}h for conn-hostname, %h for
useragent_host PR 55348
* mod_socache_redis: Support for Redis as socache storage
provider.
* core: new configuration option 'MergeSlashes on|off' that
controls handling of multiple, consecutive slash ('/')
characters in the path component of the request URL. [Eric
Covener]
* mod_http2: when SSL renegotiation is inhibited and a 403
ErrorDocument is in play, the proper HTTP/2 stream reset did
not trigger with H2_ERR_HTTP_1_1_REQUIRED. Fixed. [Michael
Kaufmann]
* mod_http2: new configuration directive: `H2Padding numbits` to
control padding of HTTP/2 payload frames. 'numbits' is a number
from 0-8, controlling the range of padding bytes added to a
frame. The actual number added is chosen randomly per frame.
This applies to HEADERS, DATA and PUSH_PROMISE frames equally.
The default continues to be 0, e.g. no padding. [Stefan
Eissing]
* mod_http2: ripping out all the h2_req_engine internal features
now that mod_proxy_http2 has no more need for it. Optional
functions are still declared but no longer implemented. While
previous mod_proxy_http2 will work with this, it is
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=581
