Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.0.36 Changelog
  • Fix some minor formatting issues with ab. Part of this is in reference to PR 8544, the rest I noticed while testing the PR fix. [Paul J. Reder]
  • Fix a case where an invalid pass phrase is entered and an error message is given, but the prompt is not shown again. This left the user in an ambiguous state. PR 8320 [Paul J. Reder]
  • Close sockets on worker MPM when doing a graceless restart. [Aaron Bannert]
  • Reverted a minor optimization in mod_ssl.c that used the vhost ID as the session id context rather that a MD5 hash of that vhost ID, because it caused very long vhost id's to be unusable with mod_ssl. PR 8572. [Cliff Woolley]
  • Fix the link to the description of the CoredumpDirectory directive in the server-wide document. PR 8643. [Jeff Trawick]
  • Fixed SHMCB session caching. [Aaron Bannert, Cliff Woolley]
  • Synced with remaining changes from mod_ssl 2.8.8-1.3.24: - Avoid SIGBUS on sparc machines with SHMCB session caches - Allow whitespace between the pipe and the name of the program in SSLLog "| /path/to/program". [Cliff Woolley]
  • Introduce mod_ext_filter and mod_deflate experimental modules to the Win32 build (zlib sources must be in srclib\zlib.) [William Rowe]
  • Changes to the worker MPM's queue management and thread synchronization code to reduce mutex contention [Brian Pane]
  • Don't install *.in configuration files since we already install *-std.conf files. [Aaron Bannert]
  • Many improvements to the threadpool MPM. [Aaron Bannert]
  • Fix subreqs that are promoted via fast_redirect from having invalid frec->r structures. This would cause subtle errors later on in request processing such as seen in PR 7966. [Justin Erenkrantz]
  • More efficient pool recycling logic for the worker MPM [Brian Pane]
  • Modify the worker MPM to not accept() new connections until there is an available worker thread. This prevents queued connections from starving for processing time while long-running connections were hogging all the available threads. [Aaron Bannert]
  • Convert the worker MPM's fdqueue from a LIFO back into a FIFO. [Aaron Bannert]
  • Get basic HTTP proxy working on EBCDIC machines. [Jeff Trawick]
  • Allow mod_unique_id to work on systems with no IPv4 address corresponding to their host name. [Jeff Trawick]
  • Fix suexec behavior with user directories. PR 7810. [Colm ]
  • Reject a blank UserDir directive since it is ambiguous. PR 8472. [Justin Erenkrantz]
  • Make mod_mime use case-insensitive matching when examining extensions on all platforms. PR 8223. [Justin Erenkrantz]
  • Add an intelligent error message should no proxy submodules be valid to handle a request. PR 8407 [Graham Leggett]
  • Major improvements in concurrent processing for AB by enabling non-blocking connect()s and preventing APR from doing blocking read()s. Also implement fatal error checking for apr_recv(). [Aaron Bannert]
  • Fix Win32 NTFS Junctions (symlinks). PR 8014 [William Rowe]
  • Fix Win32 'short name' aliases in httpd.conf directives. PR 8009 [William Rowe]
  • Fix generation of default httpd.conf when the layout paths are disjoint. PR 7979, 8227. [Justin Erenkrantz]
  • Swap downgrade-1.0 and force-response-1.0 conditional checks so that downgraded responses can have force-response. PR 8357. [Justin Erenkrantz]
  • Fix perchild MPM so that it can be configured with the move to the experimental directory. [Scott Lamb ]
  • Fix perchild MPM so that it uses ap_gname2id for groups instead of ap_uname2id. [Scott Lamb ]
  • Fix AcceptPathInfo. PR 8234 [Cliff Woolley]
  • SECURITY: CVE-2002-1592 (cve.mitre.org) [CERT VU#165803] Added the APLOG_TOCLIENT flag to ap_log_rerror() to explicitly tell the server that warning messages should be sent to the client in addition to being recorded in the error log. Prior to this change, ap_log_rerror() always sent warning messages to the client. In one case, a faulty CGI script caused the server to send a warning message to the client that contained the full path to the CGI script. This could be considered a minor security exposure. [Bill Stoddard]
  • mod_autoindex output when SuppressRules was specified would omit the first carriage return so the first item in the list would appear to the right of the column headings instead of underneath them. PR 8016 [David Shane Holden ]
  • Moved the call to apr_mmap_dup outside the error branch so that it would actually get called. This fixes a core dump at init everytime you use the MMapFile directive. PR 8314 [Paul J. Reder]
  • Trigger an error when a LoadModule directive attempts to load a module which is built-in. This is a common error when switching from a DSO build to a static build. [Jeff Trawick]
  • Change instdso.sh to use libtool --install everywhere and then clean up some stray files and symlinks that libtool leaves around on some platforms. This gets subversion building properly since it needed a re-link to be performed by libtool at install time, and the old instdso.sh logic to simply cp the DSO didn't handle that requirement. [Sander Striker]
  • Allow VPATH builds to succeed when configured from an empty directory. [Thom May ]
  • Fix 'control reaches end of non-void function' warning in server/log.c. [Ben Collins-Sussman ]
  • Perchild MPM is now correctly deemed as experimental and is now located in server/mpm/experimental. [Justin Erenkrantz]
  • Fix segfault in mod_mem_cache when garabge collecting an expired cache entry. [Bill Stoddard]
  • Introduced -E startup_logfile_name option to httpd to allow admins to begin logging errors immediately. This provides Win32 users an alternative to sending startup errors to the event viewer, and allows other daemon tool authors an alternative to logging to stderr. [William Rowe]
  • Fix subreqs with non-defined Content-Types being served improperly. [Justin Erenkrantz]
  • Merge in latest GNU config.guess and config.sub files. PR 7818. [Justin Erenkrantz]
  • Move 100 - Continue support to the HTTP_IN filter so that filters are guaranteed to support 100 - Continue logic without any intervention. [Justin Erenkrantz]
  • Add HTTP chunked input trailer support. [Justin Erenkrantz]
  • Rename and export get_mime_headers as ap_get_mime_headers. [Justin Erenkrantz]
  • Allow empty Host: header arguments. PR 7441. [Justin Erenkrantz]
  • Properly substitute sbindir as httpd's location in apachectl. PR 7840. [Andreas Hasenack ]
  • Allow Win32 shebang scripts to follow the path (or omit the .exe suffix from the shebang command), and allow ScriptInterpreterSource Registry or RegistryStrict to override shebang lines, as 1.3 did. PR 8004 [William Rowe]
  • worker MPM: Fix a situation where a child exited without releasing the accept mutex. Depending on the OS and mutex mechanism this could result in a hang. [Jeff Trawick]
  • Update the instructions for how to get started with mod_example. [Stas Bekman]
  • Fix PidFile to default to rel_runtimedir instead of rel_logfiledir. PR 7841. [Andreas Hasenack ]
  • Win32: Fix problem that caused rapid performance degradation when number of connecting clients exceeded ThreadsPerChild. [Bill Stoddard]
  • Fixed a segfault parsing large SSIs on non-mmap systems. [Brian Havard]
  • Proxy was bombing out every second keepalive request, caused by a stray CRLF before the second response's status line. Proxy now tries to read one more line if it encounters a CRLF where it expected a status. PR 10010 [Graham Leggett]
  • Deprecated the apr_lock.h API. Please see the following files for the improved thread and process locking and signaling: apr_proc_mutex.h, apr_thread_mutex.h, apr_thread_rwlock.h, apr_thread_cond.h, and apr_global_mutex.h. [Aaron Bannert]
  • Change mod_status to use scoreboard accessor functions so it can be used in any MPM without having to be recompiled. [Ryan Morgan ]
  • Fix parsing of some AP_DECLARE_DATA declarations so that the filter handle declarations are recognized. This fixes problems loading mod_autoindex on some platforms. [Brian Havard]
  • add optional fixup hook to proxy [Daniel Lopez ]
  • Remind the admin about the User and Group directives when we are unable to set permissions on a semaphore. PR 7812 [Jeff Trawick]
  • fix possible compilation problem in ssl_engine_kernel.c. PR 7802 [Doug MacEachern]
  • fix possible infinite loop in mod_ssl triggered by certain netscape clients [Doug MacEachern]
  • fix ProxyPass when frontend is https and backend is http [Doug MacEachern]
  • Add DASL support to mod_dav [Sung Kim ]