You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2012/04/23 13:19:10 UTC
svn commit: r642 - /release/httpd/mod_fcgid/Announcement-Fcgid.txt

Author: trawick
Date: Mon Apr 23 11:19:08 2012
New Revision: 642

Log:
announcing mod_fcgid 2.3.7...

Modified:
    release/httpd/mod_fcgid/Announcement-Fcgid.txt

Modified: release/httpd/mod_fcgid/Announcement-Fcgid.txt
==============================================================================
--- release/httpd/mod_fcgid/Announcement-Fcgid.txt (original)
+++ release/httpd/mod_fcgid/Announcement-Fcgid.txt Mon Apr 23 11:19:08 2012
@@ -1,64 +1,34 @@
-         mod_fcgid 2.3.6 Released
+         mod_fcgid 2.3.7 Released
 
   The Apache Software Foundation and the Apache HTTP Server Project are
-  pleased to announce the release of version 2.3.6 of mod_fcgid, a
+  pleased to announce the release of version 2.3.7 of mod_fcgid, a
   FastCGI implementation for Apache HTTP Server versions 2.0, 2.2, and 
-  future 2.4.  This version of mod_fcgid is a bug fix release.
-
-  A fix is included for CVE-2010-3872, a potential vulnerability which
-  can affect sites with untrusted FastCGI applications.
-
-  Additionally, default configuration settings for request body handling
-  have been changed to prevent large system resource use.  Administrators
-  of all versions of mod_fcgid are strongly cautioned to ensure that
-  FcgidMaxRequestLen is configured appropriately.
+  2.4.  This version of mod_fcgid is a bug fix release.
 
   mod_fcgid is available for download from:
 
-    http://httpd.apache.org/download.cgi
+    http://httpd.apache.org/download.cgi#mod_fcgid
 
   A full list of changes in this release follows:
 
-  *) SECURITY: CVE-2010-3872 (cve.mitre.org)
-     Fix possible stack buffer overwrite.  Diagnosed by the reporter.
-     PR 49406.  [Edgar Frank <ef-lists email.de>]
-
-  *) Change the default for FcgidMaxRequestLen from 1GB to 128K.
-     Administrators should change this to an appropriate value based on
-     site requirements.  [Jeff Trawick]
-
-  *) Allow FastCGI apps more time to exit at shutdown before being
-     forcefully killed.  [Jeff Trawick]
-
-  *) Correct a problem that resulted in FcgidMaxProcesses being ignored
-     in some situations.  PR 48981.  [<rkosolapov gmail.com>]
-
-  *) Fix the search for processes with the proper vhost config when
-     ServerName isn't set in every vhost or a module updates 
-     r->server->server_hostname dynamically (e.g., mod_vhost_cdb)
-     or a module updates r->server dynamically (e.g., mod_vhost_ldap).
-     [Jeff Trawick]
-
-  *) FcgidPassHeader now maps header names to environment variable names
-     in the usual manner: The header name is converted to upper case and
-     is prefixed with HTTP_.  An additional environment variable is 
-     created with the legacy name.  PR 48964.  [Jeff Trawick]
-
-  *) Allow processes to be reused within multiple phases of a request
-     by releasing them into the free list as soon as possible.
-     [Chris Darroch]
-
-  *) Fix lookup of process command lines when using FcgidWrapper or
-     access control directives, including within .htaccess files.
-     [Chris Darroch]
-
-  *) Resolve a regression in 2.3.5 with httpd 2.0.x on some Unix platforms;
-     ownership of mutex files was incorrect, resulting in a startup failure.
-     PR 48651.  [Jeff Trawick, <pservit gmail.com>]
+  *) Introduce FcgidWin32PreventOrphans directive on Windows to use OS
+     Job Control Objects to terminate all running fcgi's when the worker
+     process has been abruptly terminated. PR: 51078
+     [Thangaraj AntonyCrouse <thangaraj gmail.com>]
+
+  *) Periodically clean out the brigades which are pulling in the request 
+     body for handoff to the fcgid child. PR: 51749
+     [Dominic Benson <dominic.benson thirdlight.com>]
+
+  *) Resolve crash during graceful restarts. PR 50309
+     [Mario Brandt <JBlond gmail.com>]
+
+  *) Solve latency/cogestion of resolving effective user file access rights
+     when no such info is desired, for config related filename stats. 
+     PR: 51020 [Thangaraj AntonyCrouse <thangaraj gmail.com>, William Rowe]
 
-  *) Return 500 instead of segfaulting when the application returns no output.
-     [Tatsuki Sugiura <sugi nemui.org>, Jeff Trawick]
+  *) Fix regression in 2.3.6 which broke process controls when using vhost-
+     specific configuration.  [Jeff Trawick]
 
-  *) In FCGI_AUTHORIZER role, avoid spawning a new process for every
-     different HTTP request.  [Chris Darroch]
+  *) Account for first process in class in the spawn score.  [Jeff Trawick]