Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.3.16 Changelog
  • SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. [Joe Orton]
  • core: Limit line length in .htaccess to 8K like in 2.2.x, to avoid additional DoS potential. [Stefan Fritsch]
  • core, all modules: Add unique tag to most error log messages. [Stefan Fritsch]
  • mod_socache_memcache: Change provider name from "mc" to "memcache" to match module name. [Stefan Fritsch]
  • mod_slotmem_shm: Change provider name from "shared" to "shm" to match module name. [Stefan Fritsch]
  • mod_ldap: Fix segfault with Solaris LDAP when enabling ldaps. This requires an apr-util fix in which is available in apr-util >= 1.4.0. PR 42682. [Stefan Fritsch]
  • mod_rewrite: Add the AllowNoSlash RewriteOption, which makes it possible for RewriteRules to be placed in .htaccess files that match the directory with no trailing slash. PR 48304. [Matthew Byng-Maddick ]
  • mod_session_crypto: Add a SessionCryptoPassphraseFile directive so that the administrator can hide the keys from the configuration. [Graham Leggett]
  • Introduce a per request version of the remote IP address, which can be optionally modified by a module when the effective IP of the client is not the same as the real IP of the client (such as a load balancer). Introduce a per connection "peer_ip" and a per request "client_ip" to distinguish between the raw IP address of the connection and the effective IP address of the request. [Graham Leggett]
  • ap_pass_brigade_fchk() function added. [Jim Jagielski]
  • core: Pass ap_errorlog_info struct to error log hook. [Stefan Fritsch]
  • mod_cache_disk: Make sure we check return codes on all writes and attempts to close, and clean up after ourselves in these cases. PR43589. [Graham Leggett]
  • mod_cache_disk: Remove the unnecessary intermediate brigade while writing to disk. Fixes a problem where mod_disk_cache was leaving buckets in the intermediate brigade and not passing them to out on exit. [Florian S. , Graham Leggett]
  • mod_ssl: use a shorter setting for SSLCipherSuite in the default default configuration file, and add some more information about configuring a speed-optimized alternative. [Kaspar Brand]
  • mod_ssl: drop support for the SSLv2 protocol. [Kaspar Brand]
  • mod_lua: Stop losing track of all but the most specific LuaHook* directives when multiple per-directory config sections are used. Adds LuaInherit directive to control how parent sections are merged. [Eric Covener]
  • Server directive display (-L): Include directives of DSOs. [Jeff Trawick]
  • mod_cache: Make sure we merge headers correctly when we handle a non cacheable conditional response. PR52120. [Graham Leggett]
  • Pre GA removal of components that will not be included: - mod_noloris was superseded by mod_reqtimeout - mod_serf - mpm_simple [Rainer Jung]
  • core: Set MaxMemFree 2048 by default. [Stefan Fritsch]
  • mpm_event: Fix assertion failure during very high load. [Stefan Fritsch]
  • configure: Additional modules loaded by default: mod_headers. Modules moved from module set "few" to "most" and no longer loaded by default: mod_actions, mod_allowmethods, mod_auth_form, mod_buffer, mod_cgi(d), mod_include, mod_negotiation, mod_ratelimit, mod_request, mod_userdir. [Rainer Jung]
  • mod_lua: Use the right lua scope when used as a hook. [Rainer Jung]
  • configure: Only load the really imporant modules (i.e. those enabled by the 'few' selection) by default. Don't handle modules enabled with --enable-foo specially. [Stefan Fritsch]
  • end-generation hook: Fix false notification of end-of-generation for temporary intervals with no active MPM children. [Jeff Trawick]
  • mod_ssl: Add support for configuring persistent TLS session ticket encryption/decryption keys (useful for clustered environments). [Paul Querna, Kaspar Brand]
  • mod_usertrack: Use random value instead of remote IP address. [Stefan Fritsch]