Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.0.37 Changelog
  • allow POST method over SSL when per-directory client cert authentication is used with 'SSLOptions +OptRenegotiate' enabled and a client cert was found in the ssl session cache.
  • 'SSLOptions +OptRengotiate' will use client cert in from the ssl session cache when there is no cert chain in the cache. prior to the fix this situation would result in a FORBIDDEN response and error message "Cannot find peer certificate chain" [Doug MacEachern]
  • ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if one was already sent. PR 9644 [Jeff Trawick]
  • Fix the display of the default name for the mime types config file. PR 9729 [Matthew Brecknell ]
  • Fix the working directory *for WinNT/2K/XP services only* to change to the Apache directory (one level above the location of Apache.exe, in the case that Apache.exe resides in bin/.) Solves the case of ServerRoot /foo paths where /foo was not on the same drive as /winnt/system32. [William Rowe]
  • Make 2.0's "AcceptMutex" startup message now "completely" match how 1.3 does it. [Jim Jagielski]
  • Implement a fixed size memory cache using a priority queue [Ian Holsman]
  • Fix apxs to allow "apxs -q installbuilddir" and to allow querying certain other variables from config_vars.mk. PR 9316 [Jeff Trawick]
  • Added the "detached" attribute to the cgi_exec_info_t internals so that Win32 and Netware won't create a new window or console for each CGI invoked. PR 8387 [Brad Nicholes, William Rowe]
  • Consolidated the command line parameters and attributes that are manipulated by the optional function ap_cgi_build_command() in mod_cgi into a single structure. [Brad Nicholes]
  • Get rid of uninitialized value errors with "apxs -q" on certain variables. [Stas Bekman ]
  • Fix apxs to allow it to work when the build directory is somewhere besides server-root/build. PR 8453 [Jeff Trawick and a host of others]
  • Allow ap_discard_request_body to be called multiple times in the same request. Essentially, ap_http_filter keeps track of whether it has sent an EOS bucket up the stack, if so, it will only ever send an EOS bucket for this request. [Ryan Bloom, Justin Erenkrantz, Greg Stein]
  • Remove all special mod_ssl URIs. This also fixes the bug where redirecting (. will allow an SSL protected page to be viewed without SSL. [Ryan Bloom]
  • Fix the binary build install script so that the build logic created by "apxs -g" will work when the user has a binary build. [Jeff Trawick]
  • Allow instdso.sh to work with full paths to the shared module. [Justin Erenkrantz]
  • NetWare: Enabled CGI functionality and added mod_cgi as a built in module for NetWare [Brad Nicholes]
  • Changed cgi and piped log behavior to accept 65536 characters on Win32 (matching Linux) before deadlocking between outputing client stdin, slurping the output from stdout and then the stderr stream. PR 8179 [William Rowe]
  • Fixed Win32 wintty.exe support to assure the window title is valid. Elimiates possible gpfault or garbage title without the -t option. [William Rowe]
  • Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use brigades and input filters. [Justin Erenkrantz]
  • Allow ap_http_filter (HTTP_IN) to return EOS when there is no request body. [Justin Erenkrantz]
  • NetWare: Piping log entries through RotateLogs using the CustomLogs directive is finally supported now that we have the pipes and spawning functionality working. [Brad Nicholes]
  • SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335] Detect overflow when reading the hex bytes forming a chunk line. [Aaron Bannert]
  • Allow RewriteMap prg:'s to take command-line arguments. PR 8464. [James Tait ]
  • Correctly return 413 when an invalid chunk size is given on input. Also modify ap_discard_request_body to not do anything on sub-requests or when the connection will be dropped. [Justin Erenkrantz]
  • Fix the TIME_* SSL var lookups to be threadsafe. PR 9469. [Cliff Woolley]
  • Ensure that apr_brigade_write() flushes in all of the cases that it should to avoid conditions in some modules that could cause large amounts of data to be buffered. [Cliff Woolley]
  • Fix problem where mod_cache/mod_disk_cache was incorrectly stripping the content_type from cached responses. [Bill Stoddard]
  • apachectl passes through any httpd options. Note: apachectl should be used in preference to httpd since it ensures that any appropriate environment variables have been set up. [Jeff Trawick]
  • Fix the combination of mod_cgid, mod_setuexec, and mod_userdir. PR 7810 [Colm MacCarthaigh ]
  • Fix suexec execution of CGI scripts from mod_include. PR 7791, 8291 [Colm MacCarthaigh ]
  • Fix segfaults at startup on some platforms when mod_auth_digest, mod_suexec, or mod_ssl were used as DSO's due to the way they were tracking the current init phase since DSO's get completely unloaded and reloaded between phases. PR 9413. [Tsuyoshi Sasamoto , Brad Nicholes]
  • Fix mod_include's handling of regular expressions in "