Apache 2.4.21 released.
changelog:
changelog:
Changes with Apache 2.4.21
*) mod_http2: more rigid error handling in DATA frame assembly, leading
to deterministic connection errors if assembly fails.
[Stefan Eissing, Pal Nilsen <https://github.com/maedox>]
*) abs: Include OPENSSL_Applink when compiling on Windows, to resolve
failures under Visual Studio 2015 and other mismatched MSVCRT flavors.
PR59630 [Jan Ehrhardt <phpdev ehrhardt.nl>]
*) mod_ssl: Add "no_crl_for_cert_ok" flag to SSLCARevocationCheck directive
to opt-in previous behaviour (2.2) with CRLs verification when checking
certificate(s) with no corresponding CRL. [Yann Ylavic]
*) mpm_event, mpm_worker: Fix computation of MinSpareThreads' lower bound
according the number of listeners buckets. [Yann Ylavic]
*) Add ap_cstr_casecmp[n]() - placeholder of apr_cstr_casecmp[n] functions
for case-insensitive C/POSIX-locale token comparison.
[Jim Jagielski, William Rowe, Yann Ylavic, Branko Čibej]
*) mod_userdir: Constify and save a few bytes in the conf pool when
parsing the "UserDir" directive. [Christophe Jaillet]
*) mod_cache: Fix (max-stale with no '=') and enforce (check
integers after '=') Cache-Control header parsing.
[Christophe Jaillet]
*) core: Add -DDUMP_INCLUDES configtest option to show the tree
of Included configuration files.
[Jacob Champion <champion.pxi gmail.com>]
*) mod_proxy_fcgi: Avoid passing a filename of proxy:fcgi:// as
SCRIPT_FILENAME to a FastCGI server. PR59618.
[Jacob Champion <champion.pxi gmail.com>]
*) mod_dav: Add dav_get_provider_name() function to obtain the name
of the provider from mod_dav.
[Jari Urpalainen <jari.urpalainen nokia.com>]
*) mod_proxy_http2: properly care for HTTP2 flow control of the frontend
connection is HTTP/1.1. [Patch supplied by Evgeny Kotkov]
*) mod_http2: improved cleanup of connection/streams/tasks to always
have deterministic order regardless of event initiating it. Addresses
reported crashes due to memory read after free issues.
[Stefan Eissing]
*) mod_ssl: Correct the interaction between SSLProxyCheckPeerCN and newer
SSLProxyCheckPeerName directives since release 2.4.5, such that disabling
either disables both, and that enabling either triggers the new, more
comprehensive SSLProxyCheckPeerName behavior. Only a single configuration
remains to enable the legacy behavior, which is to explicitly disable
SSLProxyCheckPeerName, and enable SSLProxyCheckPeerCN. [William Rowe]
*) mod_include: add the <!--#comment ...> syntax in order to include comments
in a SSI file. [Christophe Jaillet based on a suggestion from Rob]
*) mod_http2: improved event handling for suspended streams, responses
and window updates. [Stefan Eissing]
*) mod_proxy_hcheck: Provide for dynamic background health
checks on reverse proxies associated with BalancerMember
workers. [Jim Jagielski]
*) mod_http2: Fix async write issue that led to selection of wrong timeout
vs. keepalive timeout selection for idle sessions. [Stefan Eissing]
*) mod_http2: checking LimitRequestLine, LimitRequestFields and
LimitRequestFieldSize configurated values for incoming streams. Returning
HTTP status 431 for too long/many headers fields and 414 for a too long
pseudo header. [Stefan Eissing]
*) mod_http2: tracking conn_rec->current_thread on slave connections, so
that mod_lua finds the correct one. Fixes PR 59542. [Stefan Eissing]
*) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
urls. Part of the httpd mod_proxy framework, common settings apply.
Requests from the same HTTP/2 frontend connection against the same backend
are aggregated on a single connection.
[Stefan Eissing]
*) mod_http2: slave connections have conn_rec->aborted flag set when a stream
has been reset by the client. [Stefan Eissing]
*) mod_http2: merge of some 2.4.x adaptions re filters on slave connections.
Small fixes in bucket beams when forwarding file buckets. Output handling
on master connection uses less FLUSH and passes automatically when more
than half of H2StreamMaxMemSize bytes have accumulated.
Workaround for http: when forwarding partial file buckets to keep the
output filter from closing these too early. [Stefan Eissing]
*) mod_http2: elimination of fixed master connection buffer for TLS
connections. New scratch bucket handling optimized for TLS write sizes.
File bucket data read directly into scratch buffers, avoiding one
copy. Non-TLS connections continue to pass buckets unchanged to the core
filters to allow sendfile() usage. [Stefan Eissing]
*) mod_http2/mod_proxy_http2: h2_request.c is no longer shared between these
modules. This simplifies building on platforms such as Windows, as module
reference used in logging is now clear. [Stefan Eissing]
*) Scoreboard: Fix a regression in 2.4.20 that causes wrong request data
to be displayed on the status page. PR 59333. [Yann Ylavic, William Rowe]
*) mod_http2: fixed a bug that caused mod_proxy_http2 to be called for window
updates on requests it had already reported done. Added synchronization
on early connection/stream close that lets ongoing requests safely drain
their input filters.
[Stefan Eissing]
*) mod_http2: scoreboard updates that summarize the h2 session (and replace
the last request information) will only happen when the session is idle or
in shutdown/done phase. [Stefan Eissing]
*) mod_http2: new "bucket beam" technology to transport buckets across
threads without buffer copy. Delaying response start until flush or
enough body data has been accumulated. Overall significantly smaller
memory footprint. [Stefan Eissing]
*) core: New CGIVar directive can configure REQUEST_URI to represent the
current URI being processed instead of always the original request.
[Jeff Trawick]
*) scoreboard/status: Restore behavior of showing workers' previous Client,
VHost and Request values when idle, like in 2.4.18 and earlier.
*) mod_http2: r->protocol changed to "HTTP/2.0" (was "HTTP/2") as this will
give expected syntax in CGI's SERVER_PROTOCOL is more compatible with
existing major/minor handling. Fixes PR 59313.
*) mod_http2: disabling mmap for file buckets transport due to segmenation
faults when files change on the fly.
