|
|
Line 1: |
Line 1: |
| {{header|docs}} | | {{header|docs}} |
| | {{Docs_beat_open}} |
|
| |
|
|
| |
| == httpd ==
| |
|
| |
| ''httpd'' was updated to 2.4.3-1. The new version has a lot of fixes and improvements:
| |
|
| |
| * SECURITY: CVE-2012-3502 (cve.mitre.org) mod_proxy_ajp, mod_proxy_http: Fix an issue in back end connection closing which could lead to privacy issues due to a response mixup.
| |
|
| |
| * SECURITY: CVE-2012-2687 (cve.mitre.org) mod_negotiation: Escape filenames in variant list to prevent a possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled.
| |
|
| |
| * mod_authnz_ldap: Don't try a potentially expensive nested groups search before exhausting all AuthLDAPGroupAttribute checks on the current group.
| |
|
| |
| * mod_lua: Add new directive LuaAuthzProvider to allow implementing an authorization provider in lua.
| |
|
| |
| * core: Be less strict when checking whether Content-Type is set to "application/x-www-form-urlencoded" when parsing POST data, or we risk losing data with an appended charset.
| |
|
| |
| * httpd.conf: Added configuration directives to set a bad_DNT environment variable based on User-Agent and to remove the DNT header field from incoming requests when a match occurs. This currently has the effect of removing DNT from requests by MSIE 10.0 because it deliberately violates the current specification of DNT semantics for HTTP.
| |
|
| |
| * mod_cache: Set content type in case we return stale content.
| |
|
| |
| * ab: Fix read failure when targeting SSL server.
| |
|
| |
| * htpasswd: Use correct file mode for checking if file is writable.
| |
|
| |
| * mod_rewrite: Fix crash with dbd RewriteMaps.
| |
|
| |
| * mod_ssl: Add new directive SSLCompression to disable TLS-level compression.
| |
|
| |
| * mod_lua: Add a few missing request_rec fields. Rename remote_ip to client_ip to match conn_rec.
| |
|
| |
| * mod_lua: Change prototype of vm_construct, to work around gcc bug which causes a segfault.
| |
|
| |
| * mpm_event: Don't count connections in lingering close state when calculating how many additional connections may be accepted.
| |
|
| |
| * mod_ssl: If exiting during initialization because of a fatal error, log a message to the main error log pointing to the appropriate virtual host error log.
| |
|
| |
| * mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on one connection.
| |
|
| |
| * mod_proxy_balancer: Restore balancing after a failed worker has recovered when using lbmethod_bybusyness.
| |
|
| |
| * mod_setenvif: Compile some global regex only once during startup. This should save some memory, especially with .htaccess.
| |
|
| |
| * core: Add the port number to the vhost's name in the scoreboard.
| |
|
| |
| * mod_proxy: Fix ProxyPassReverse for balancer configurations.
| |
|
| |
| * mod_lua: Add the parsebody function for parsing POST data.
| |
|
| |
| * apxs: Use LDFLAGS from config_vars.mk in addition to CFLAGS and CPPFLAGS.
| |
|
| |
| * mod_proxy: Fix memory leak or possible corruption in ProxyBlock implementation.
| |
|
| |
| * mod_proxy: Check hostname from request URI against ProxyBlock list, not forward proxy, if ProxyRemote* is configured.
| |
|
| |
| * mod_proxy_connect: Avoid DNS lookup on hostname from request URI if ProxyRemote* is configured.
| |
|
| |
| * mpm_event, mpm_worker: Remain active amidst prevalent child process resource shortages.
| |
|
| |
| * Add "strict" and "warnings" pragmas to Perl scripts.
| |
|
| |
| * ab: Fix bind() errors.
| |
|
| |
| * mpm_event: Don't do a blocking write when starting a lingering close from the listener thread.
| |
|
| |
| * mod_so: If a filename without slashes is specified for LoadFile or LoadModule and the file cannot be found in the server root directory, try to use the standard dlopen() search path.
| |
|
| |
| * mpm_event, mpm_worker: Fix cases where the spawn rate wasn't reduced after child process resource shortages.
| |
|
| |
| * mpm_prefork: Reduce spawn rate after a child process exits due to unexpected poll or accept failure.
| |
|
| |
| * core: Log value of Status header line in script responses rather than the fixed header name.
| |
|
| |
| * mpm_ssl: Fix handling of empty response from OCSP server.
| |
|
| |
| * mpm_event: Fix handling of MaxConnectionsPerChild.
| |
|
| |
| * mod_authz_core: If an expression in "Require expr" returns denied and references %{REMOTE_USER}, trigger authentication and retry.
| |
|
| |
| * core: Always log if LimitRequestFieldSize triggers.
| |
|
| |
| * mod_deflate: Skip compression if compression is enabled at SSL level.
| |
|
| |
| * core: Add missing HTTP status codes registered with IANA.
| |
|
| |
| * mod_ldap: Treat the "server unavailable" condition as a transient error with all LDAP SDKs.
| |
|
| |
| * core: Fix spurious "not allowed here" error returned when the Options directive is used in .htaccess and "AllowOverride Options" (with no specific options restricted) is configured.
| |
|
| |
| * mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
| |
|
| |
| * mod_log_config: Fix %{abc}C truncating cookie values at first "=".
| |
|
| |
| * mod_ext_filter: Fix error_log spam when input filters are configured.
| |
|
| |
| * mod_rewrite: Add "AllowAnyURI" option.
| |
|
| |
| * htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
| |
|
| |
| * core: Use a TLS 1.0 close_notify alert for internal dummy connection if the chosen listener is configured for https.
| |
|
| |
| * mod_proxy: Use the the same hostname for SNI as for the HTTP request when forwarding to SSL backends.
| |
|
| |
| * mod_info: Display all registered providers.
| |
|
| |
| * mod_ssl: Send the error message for speaking http to an https port using HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when using SNI.
| |
|
| |
| * core: Fix segfault in logging if r->useragent_addr or c->client_addr is unset.
| |
|
| |
| * log_server_status: Bring Perl style forward to the present, use standard modules, update for new format of server-status output.
| |
|
| |
| * mod_sed, mod_log_debug, mod_rewrite: Symbol namespace cleanups.
| |
|
| |
| * core: Prevent "httpd -k restart" from killing server in presence of config error.
| |
|
| |
| * mod_proxy_fcgi: If there is an error reading the headers from the backend, send an error to the client.
| |
|
| |
| == lighttpd ==
| |
|
| |
| ''lighttpd'' was updated to 1.4.32-2. There are many fixes:
| |
|
| |
| * [ssl] fix segfault in counting renegotiations for openssl versions without TLSEXT/SNI
| |
|
| |
| * Move fdevent subsystem includes to implementation files to reduce conflicts
| |
|
| |
| * [mod_compress] fix handling if etags are disabled but cache-dir is set – may lead to double response
| |
|
| |
| * disable mmap by default
| |
|
| |
| * buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups
| |
|
| |
| * Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind
| |
|
| |
| * Fix access log escaping of ” and \\
| |
|
| |
| * [mod_auth] Fix digest “md5-sess” implementation (Errata ID 1649, RFC 2617)
| |
|
| |
| * [auth] Add “AUTH_TYPE” environment (for * cgi), remove fastcgi specific workaround, add fastcgi test case
| |
|
| |
| * [mod_*cgi,mod_accesslog] Fix splitting :port with ipv6
| |
|
| |
| * Detect multiple -f options: show error message instead of assert
| |
|
| |
| * [mod_extforward] Support ipv6 addresses
| |
|
| |
| * [mod_redirect] Support url.redirect-code option
| |
|
| |
| * Fix --enable-mmap handling in configure.ac
| |
|
| |
|
| [[Category:Docs Project]] | | [[Category:Docs Project]] |
| [[Category:Draft documentation]] | | [[Category:Draft documentation]] |
| [[Category:Documentation beats]] | | [[Category:Documentation beats]] |