diff --git a/CHANGES b/CHANGES index 1fd6daace7e..d2110493482 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,151 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.58 + *) mod_http2: improved early cleanup of streams. + [Stefan Eissing] + + *) mod_proxy_http2: improved error handling on connection errors while + response is already underway. + [Stefan Eissing] + + *) mod_http2: fixed a bug that could lead to a crash in main connection + output handling. This occured only when the last request on a HTTP/2 + connection had been processed and the session decided to shut down. + This could lead to an attempt to send a final GOAWAY while the previous + write was still in progress. See PR 66646. + [Stefan Eissing] + + *) mod_proxy_http2: fix `X-Forward-Host` header to carry the correct value. + Fixes PR66752. + [Stefan Eissing] + + *) mod_http2: added support for bootstrapping WebSockets via HTTP/2, as + described in RFC 8441. A new directive 'H2WebSockets on|off' has been + added. The feature is by default not enabled. + As also discussed in the manual, this feature should work for setups + using "ProxyPass backend-url upgrade=websocket" without further changes. + Special server modules for WebSockets will have to be adapted, + most likely, as the handling if IO events is different with HTTP/2. + HTTP/2 WebSockets are supported on platforms with native pipes. This + excludes Windows. + [Stefan Eissing] + + *) mod_rewrite: Fix a regression with both a trailing ? and [QSA]. + in OCSP stapling. PR 66672. [Frank Meier , covener] + + *) mod_http2: fixed a bug in flushing pending data on an already closed + connection that could lead to a busy loop, preventing the HTTP/2 session + to close down successfully. Fixed PR 66624. + [Stefan Eissing] + + *) mod_http2: v2.0.15 with the following fixes and improvements + - New directive 'H2EarlyHint name value' to add headers to a response, + picked up already when a "103 Early Hints" response is sent. 'name' and + 'value' must comply to the HTTP field restrictions. + This directive can be repeated several times and header fields of the + same names add. Sending a 'Link' header with 'preload' relation will + also cause a HTTP/2 PUSH if enabled and supported by the client. + - Fixed an issue where requests were not logged and accounted in a timely + fashion when the connection returns to "keepalive" handling, e.g. when + the request served was the last outstanding one. + This led to late appearance in access logs with wrong duration times + reported. + - Accurately report the bytes sent for a request in the '%O' Log format. + This addresses #203, a long outstanding issue where mod_h2 has reported + numbers over-eagerly from internal buffering and not what has actually + been placed on the connection. + The numbers are now the same with and without H2CopyFiles enabled. + [Stefan Eissing] + + *) mod_proxy_http2: fix retry handling to not leak temporary errors. + On detecting that that an existing connection was shutdown by the other + side, a 503 response leaked even though the request was retried on a + fresh connection. + [Stefan Eissing] + + *) mod_rewrite: Add server directory to include path as mod_rewrite requires + test_char.h. PR 66571 [Valeria Petrov ] + + *) mod_http2: new directive `H2ProxyRequests on|off` to enable handling + of HTTP/2 requests in a forward proxy configuration. + General forward proxying is enabled via `ProxyRequests`. If the + HTTP/2 protocol is also enabled for such a server/host, this new + directive is needed in addition. + [Stefan Eissing] + + *) core: Updated conf/mime.types: + - .js moved from 'application/javascript' to 'text/javascript' + - .mjs was added as 'text/javascript' + - add .opus ('audio/ogg') + - add 'application/vnd.geogebra.slides' + - add WebAssembly MIME types and extension + [Mathias Bynens <@mathiasbynens> via PR 318, + Richard de Boer , Dave Hodder , + Zbynek Konecny ] + + *) mod_proxy_http2: fixed using the wrong "bucket_alloc" from the backend + connection when sending data on the frontend one. This caused crashes + or infinite loops in rare situations. + *) mod_proxy_http2: fixed a bug in retry/response handling that could lead + to wrong status codes or HTTP messages send at the end of response bodies + exceeding the announced content-length. + *) mod_proxy_http2: fix retry handling to not leak temporary errors. + On detecting that that an existing connection was shutdown by the other + side, a 503 response leaked even though the request was retried on a + fresh connection. + *) mod_http2: fixed a bug that did cleanup of consumed and pending buckets in + the wrong order when a bucket_beam was destroyed. + [Stefan Eissing] + + *) mod_http2: avoid double chunked-encoding on internal redirects. + PR 66597 [Yann Ylavic, Stefan Eissing] + + *) mod_http2: Fix reporting of `Total Accesses` in server-status to not count + HTTP/2 requests twice. Fixes PR 66801. + [Stefan Eissing] + + *) mod_ssl: Fix handling of Certificate Revoked messages + in OCSP stapling. PR 66626. [] + + *) mod_http2: fixed a bug in handling of stream timeouts. + [Stefan Eissing] + + *) mod_tls: updating to rustls-ffi version 0.9.2 or higher. + Checking in configure for proper version installed. Code + fixes for changed clienthello member name. + [Stefan Eissing] + + *) mod_md: + - New directive `MDMatchNames all|servernames` to allow more control over how + MDomains are matched to VirtualHosts. + - New directive `MDChallengeDns01Version`. Setting this to `2` will provide + the command also with the challenge value on `teardown` invocation. In version + 1, the default, only the `setup` invocation gets this parameter. + Refs #312. Thanks to @domrim for the idea. + - For Managed Domain in "manual" mode, the checks if all used ServerName and + ServerAlias are part of the MDomain now reports a warning instead of an error + (AH10040) when not all names are present. + - MDChallengeDns01 can now be configured for individual domains. + Using PR from Jérôme Billiras (@bilhackmac) and adding test case and fixing proper working + - Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the challenge + teardown not being invoked as it should. + + *) mod_ldap: Avoid performance overhead of APR-util rebind cache for + OpenLDAP 2.2+. PR 64414. [Joe Orton] + + *) mod_http2: new directive 'H2MaxDataFrameLen n' to limit the maximum + amount of response body bytes put into a single HTTP/2 DATA frame. + Setting this to 0 places no limit (but the max size allowed by the + protocol is observed). + The module, by default, tries to use the maximum size possible, which is + somewhat around 16KB. This sets the maximum. When less response data is + available, smaller frames will be sent. + + *) mod_md: fixed passing of the server environment variables to programs + started via MDMessageCmd and MDChallengeDns01 on *nix system. + See . + [Stefan Eissing] + *) mod_dav: Add DavBasePath directive to configure the repository root path. PR 35077. [Joe Orton] diff --git a/changes-entries/h2_cleanup.txt b/changes-entries/h2_cleanup.txt deleted file mode 100644 index 5366b4adfc6..00000000000 --- a/changes-entries/h2_cleanup.txt +++ /dev/null @@ -1,2 +0,0 @@ - * mod_http2: improved early cleanup of streams. - [Stefan Eissing] diff --git a/changes-entries/h2_early_hints_and_fixes.txt b/changes-entries/h2_early_hints_and_fixes.txt deleted file mode 100644 index 74e57315e52..00000000000 --- a/changes-entries/h2_early_hints_and_fixes.txt +++ /dev/null @@ -1,18 +0,0 @@ - *) mod_http2: v2.0.15 with the following fixes and improvements - - New directive 'H2EarlyHint name value' to add headers to a response, - picked up already when a "103 Early Hints" response is sent. 'name' and - 'value' must comply to the HTTP field restrictions. - This directive can be repeated several times and header fields of the - same names add. Sending a 'Link' header with 'preload' relation will - also cause a HTTP/2 PUSH if enabled and supported by the client. - - Fixed an issue where requests were not logged and accounted in a timely - fashion when the connection returns to "keepalive" handling, e.g. when - the request served was the last outstanding one. - This led to late appearance in access logs with wrong duration times - reported. - - Accurately report the bytes sent for a request in the '%O' Log format. - This addresses #203, a long outstanding issue where mod_h2 has reported - numbers over-eagerly from internal buffering and not what has actually - been placed on the connection. - The numbers are now the same with and without H2CopyFiles enabled. - [Stefan Eissing] diff --git a/changes-entries/h2_flush_fix.txt b/changes-entries/h2_flush_fix.txt deleted file mode 100644 index b44a3319f67..00000000000 --- a/changes-entries/h2_flush_fix.txt +++ /dev/null @@ -1,4 +0,0 @@ - *) mod_http2: fixed a bug in flushing pending data on an already closed - connection that could lead to a busy loop, preventing the HTTP/2 session - to close down successfully. Fixed PR 66624. - [Stefan Eissing] diff --git a/changes-entries/h2_max_data_frame_len.txt b/changes-entries/h2_max_data_frame_len.txt deleted file mode 100644 index f32f6e076e4..00000000000 --- a/changes-entries/h2_max_data_frame_len.txt +++ /dev/null @@ -1,7 +0,0 @@ - *) mod_http2: new directive 'H2MaxDataFrameLen n' to limit the maximum - amount of response body bytes put into a single HTTP/2 DATA frame. - Setting this to 0 places no limit (but the max size allowed by the - protocol is observed). - The module, by default, tries to use the maximum size possible, which is - somewhat around 16KB. This sets the maximum. When less response data is - available, smaller frames will be sent. diff --git a/changes-entries/h2_pr66646.txt b/changes-entries/h2_pr66646.txt deleted file mode 100644 index 6bf23cfe47b..00000000000 --- a/changes-entries/h2_pr66646.txt +++ /dev/null @@ -1,6 +0,0 @@ - *) mod_http2: fixed a bug that could lead to a crash in main connection - output handling. This occured only when the last request on a HTTP/2 - connection had been processed and the session decided to shut down. - This could lead to an attempt to send a final GOAWAY while the previous - write was still in progress. See PR 66646. - [Stefan Eissing] diff --git a/changes-entries/h2_proxy_errors.txt b/changes-entries/h2_proxy_errors.txt deleted file mode 100644 index 6c50d5f3423..00000000000 --- a/changes-entries/h2_proxy_errors.txt +++ /dev/null @@ -1,3 +0,0 @@ - *) mod_proxy_http2: improved error handling on connection errors while - response is already underway. - [Stefan Eissing] diff --git a/changes-entries/h2_proxy_forwarded_host.txt b/changes-entries/h2_proxy_forwarded_host.txt deleted file mode 100644 index 338935337e7..00000000000 --- a/changes-entries/h2_proxy_forwarded_host.txt +++ /dev/null @@ -1,4 +0,0 @@ - *) mod_proxy_http2: fix `X-Forward-Host` header to carry the correct value. - Fixes PR66752. - [Stefan Eissing] - diff --git a/changes-entries/h2_proxyrequests.txt b/changes-entries/h2_proxyrequests.txt deleted file mode 100644 index 199d2c93b03..00000000000 --- a/changes-entries/h2_proxyrequests.txt +++ /dev/null @@ -1,6 +0,0 @@ - *) mod_http2: new directive `H2ProxyRequests on|off` to enable handling - of HTTP/2 requests in a forward proxy configuration. - General forward proxying is enabled via `ProxyRequests`. If the - HTTP/2 protocol is also enabled for such a server/host, this new - directive is needed in addition. - [Stefan Eissing] diff --git a/changes-entries/h2_stream_timeout.txt b/changes-entries/h2_stream_timeout.txt deleted file mode 100644 index 401028ecc15..00000000000 --- a/changes-entries/h2_stream_timeout.txt +++ /dev/null @@ -1,2 +0,0 @@ - * mod_http2: fixed a bug in handling of stream timeouts. - [Stefan Eissing] diff --git a/changes-entries/h2_v2.0.18.txt b/changes-entries/h2_v2.0.18.txt deleted file mode 100644 index 38d7f5efe62..00000000000 --- a/changes-entries/h2_v2.0.18.txt +++ /dev/null @@ -1,13 +0,0 @@ - * mod_proxy_http2: fixed using the wrong "bucket_alloc" from the backend - connection when sending data on the frontend one. This caused crashes - or infinite loops in rare situations. - * mod_proxy_http2: fixed a bug in retry/response handling that could lead - to wrong status codes or HTTP messages send at the end of response bodies - exceeding the announced content-length. - * mod_proxy_http2: fix retry handling to not leak temporary errors. - On detecting that that an existing connection was shutdown by the other - side, a 503 response leaked even though the request was retried on a - fresh connection. - * mod_http2: fixed a bug that did cleanup of consumed and pending buckets in - the wrong order when a bucket_beam was destroyed. - [Stefan Eissing] diff --git a/changes-entries/h2_websockets.txt b/changes-entries/h2_websockets.txt deleted file mode 100644 index 0f2bc715da0..00000000000 --- a/changes-entries/h2_websockets.txt +++ /dev/null @@ -1,10 +0,0 @@ - *) mod_http2: added support for bootstrapping WebSockets via HTTP/2, as - described in RFC 8441. A new directive 'H2WebSockets on|off' has been - added. The feature is by default not enabled. - As also discussed in the manual, this feature should work for setups - using "ProxyPass backend-url upgrade=websocket" without further changes. - Special server modules for WebSockets will have to be adapted, - most likely, as the handling if IO events is different with HTTP/2. - HTTP/2 WebSockets are supported on platforms with native pipes. This - excludes Windows. - [Stefan Eissing] \ No newline at end of file diff --git a/changes-entries/ldap-rebind.txt b/changes-entries/ldap-rebind.txt deleted file mode 100644 index 77cdd61adfb..00000000000 --- a/changes-entries/ldap-rebind.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_ldap: Avoid performance overhead of APR-util rebind cache for - OpenLDAP 2.2+. PR 64414. [Joe Orton] diff --git a/changes-entries/md_v2.4.23.txt b/changes-entries/md_v2.4.23.txt deleted file mode 100644 index 736e0c5c684..00000000000 --- a/changes-entries/md_v2.4.23.txt +++ /dev/null @@ -1,14 +0,0 @@ - * mod_md: - - New directive `MDMatchNames all|servernames` to allow more control over how - MDomains are matched to VirtualHosts. - - New directive `MDChallengeDns01Version`. Setting this to `2` will provide - the command also with the challenge value on `teardown` invocation. In version - 1, the default, only the `setup` invocation gets this parameter. - Refs #312. Thanks to @domrim for the idea. - - For Managed Domain in "manual" mode, the checks if all used ServerName and - ServerAlias are part of the MDomain now reports a warning instead of an error - (AH10040) when not all names are present. - - MDChallengeDns01 can now be configured for individual domains. - Using PR from Jérôme Billiras (@bilhackmac) and adding test case and fixing proper working - - Fixed a bug found by Jérôme Billiras (@bilhackmac) that caused the challenge - teardown not being invoked as it should. diff --git a/changes-entries/md_v2.4.24.txt b/changes-entries/md_v2.4.24.txt deleted file mode 100644 index 7df35065a63..00000000000 --- a/changes-entries/md_v2.4.24.txt +++ /dev/null @@ -1,4 +0,0 @@ - * mod_md: fixed passing of the server environment variables to programs - started via MDMessageCmd and MDChallengeDns01 on *nix system. - See . - [Stefan Eissing] diff --git a/changes-entries/mime_update.txt b/changes-entries/mime_update.txt deleted file mode 100644 index c28f5a44b6f..00000000000 --- a/changes-entries/mime_update.txt +++ /dev/null @@ -1,9 +0,0 @@ - *) core: Updated conf/mime.types: - - .js moved from 'application/javascript' to 'text/javascript' - - .mjs was added as 'text/javascript' - - add .opus ('audio/ogg') - - add 'application/vnd.geogebra.slides' - - add WebAssembly MIME types and extension - [Mathias Bynens <@mathiasbynens> via PR 318, - Richard de Boer , Dave Hodder , - Zbynek Konecny ] diff --git a/changes-entries/pr66571.txt b/changes-entries/pr66571.txt deleted file mode 100644 index bfa89af649a..00000000000 --- a/changes-entries/pr66571.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_rewrite: Add server directory to include path as mod_rewrite requires - test_char.h. PR 66571 [Valeria Petrov ] diff --git a/changes-entries/pr66597.txt b/changes-entries/pr66597.txt deleted file mode 100644 index 958af0fb7f3..00000000000 --- a/changes-entries/pr66597.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_http2: avoid double chunked-encoding on internal redirects. - PR 66597 [Yann Ylavic, Stefan Eissing] diff --git a/changes-entries/pr66626.txt b/changes-entries/pr66626.txt deleted file mode 100644 index 92c3e04f562..00000000000 --- a/changes-entries/pr66626.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_ssl: Fix handling of Certificate Revoked messages - in OCSP stapling. PR 66626. [] diff --git a/changes-entries/pr66672.txt b/changes-entries/pr66672.txt deleted file mode 100644 index d4c9be3de65..00000000000 --- a/changes-entries/pr66672.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_rewrite: Fix a regression with both a trailing ? and [QSA]. - in OCSP stapling. PR 66672. [Frank Meier , covener] diff --git a/changes-entries/pr66801.txt b/changes-entries/pr66801.txt deleted file mode 100644 index 5fee4bce913..00000000000 --- a/changes-entries/pr66801.txt +++ /dev/null @@ -1,3 +0,0 @@ - *) mod_http2: Fix reporting of `Total Accesses` in server-status to not count - HTTP/2 requests twice. Fixes PR 66801. - [Stefan Eissing] diff --git a/changes-entries/proxy_http2_retries.txt b/changes-entries/proxy_http2_retries.txt deleted file mode 100644 index 4c66c4eb195..00000000000 --- a/changes-entries/proxy_http2_retries.txt +++ /dev/null @@ -1,5 +0,0 @@ - *) mod_proxy_http2: fix retry handling to not leak temporary errors. - On detecting that that an existing connection was shutdown by the other - side, a 503 response leaked even though the request was retried on a - fresh connection. - [Stefan Eissing] \ No newline at end of file diff --git a/changes-entries/tls-rustls-update.txt b/changes-entries/tls-rustls-update.txt deleted file mode 100644 index 9008d9e0e11..00000000000 --- a/changes-entries/tls-rustls-update.txt +++ /dev/null @@ -1,4 +0,0 @@ - *) mod_tls: updating to rustls-ffi version 0.9.2 or higher. - Checking in configure for proper version installed. Code - fixes for changed clienthello member name. - [Stefan Eissing] \ No newline at end of file