You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2012/04/23 13:19:10 UTC
svn commit: r642 - /release/httpd/mod_fcgid/Announcement-Fcgid.txt
Author: trawick
Date: Mon Apr 23 11:19:08 2012
New Revision: 642
Log:
announcing mod_fcgid 2.3.7...
Modified:
release/httpd/mod_fcgid/Announcement-Fcgid.txt
Modified: release/httpd/mod_fcgid/Announcement-Fcgid.txt
==============================================================================
--- release/httpd/mod_fcgid/Announcement-Fcgid.txt (original)
+++ release/httpd/mod_fcgid/Announcement-Fcgid.txt Mon Apr 23 11:19:08 2012
@@ -1,64 +1,34 @@
- mod_fcgid 2.3.6 Released
+ mod_fcgid 2.3.7 Released
The Apache Software Foundation and the Apache HTTP Server Project are
- pleased to announce the release of version 2.3.6 of mod_fcgid, a
+ pleased to announce the release of version 2.3.7 of mod_fcgid, a
FastCGI implementation for Apache HTTP Server versions 2.0, 2.2, and
- future 2.4. This version of mod_fcgid is a bug fix release.
-
- A fix is included for CVE-2010-3872, a potential vulnerability which
- can affect sites with untrusted FastCGI applications.
-
- Additionally, default configuration settings for request body handling
- have been changed to prevent large system resource use. Administrators
- of all versions of mod_fcgid are strongly cautioned to ensure that
- FcgidMaxRequestLen is configured appropriately.
+ 2.4. This version of mod_fcgid is a bug fix release.
mod_fcgid is available for download from:
- http://httpd.apache.org/download.cgi
+ http://httpd.apache.org/download.cgi#mod_fcgid
A full list of changes in this release follows:
- *) SECURITY: CVE-2010-3872 (cve.mitre.org)
- Fix possible stack buffer overwrite. Diagnosed by the reporter.
- PR 49406. [Edgar Frank <ef-lists email.de>]
-
- *) Change the default for FcgidMaxRequestLen from 1GB to 128K.
- Administrators should change this to an appropriate value based on
- site requirements. [Jeff Trawick]
-
- *) Allow FastCGI apps more time to exit at shutdown before being
- forcefully killed. [Jeff Trawick]
-
- *) Correct a problem that resulted in FcgidMaxProcesses being ignored
- in some situations. PR 48981. [<rkosolapov gmail.com>]
-
- *) Fix the search for processes with the proper vhost config when
- ServerName isn't set in every vhost or a module updates
- r->server->server_hostname dynamically (e.g., mod_vhost_cdb)
- or a module updates r->server dynamically (e.g., mod_vhost_ldap).
- [Jeff Trawick]
-
- *) FcgidPassHeader now maps header names to environment variable names
- in the usual manner: The header name is converted to upper case and
- is prefixed with HTTP_. An additional environment variable is
- created with the legacy name. PR 48964. [Jeff Trawick]
-
- *) Allow processes to be reused within multiple phases of a request
- by releasing them into the free list as soon as possible.
- [Chris Darroch]
-
- *) Fix lookup of process command lines when using FcgidWrapper or
- access control directives, including within .htaccess files.
- [Chris Darroch]
-
- *) Resolve a regression in 2.3.5 with httpd 2.0.x on some Unix platforms;
- ownership of mutex files was incorrect, resulting in a startup failure.
- PR 48651. [Jeff Trawick, <pservit gmail.com>]
+ *) Introduce FcgidWin32PreventOrphans directive on Windows to use OS
+ Job Control Objects to terminate all running fcgi's when the worker
+ process has been abruptly terminated. PR: 51078
+ [Thangaraj AntonyCrouse <thangaraj gmail.com>]
+
+ *) Periodically clean out the brigades which are pulling in the request
+ body for handoff to the fcgid child. PR: 51749
+ [Dominic Benson <dominic.benson thirdlight.com>]
+
+ *) Resolve crash during graceful restarts. PR 50309
+ [Mario Brandt <JBlond gmail.com>]
+
+ *) Solve latency/cogestion of resolving effective user file access rights
+ when no such info is desired, for config related filename stats.
+ PR: 51020 [Thangaraj AntonyCrouse <thangaraj gmail.com>, William Rowe]
- *) Return 500 instead of segfaulting when the application returns no output.
- [Tatsuki Sugiura <sugi nemui.org>, Jeff Trawick]
+ *) Fix regression in 2.3.6 which broke process controls when using vhost-
+ specific configuration. [Jeff Trawick]
- *) In FCGI_AUTHORIZER role, avoid spawning a new process for every
- different HTTP request. [Chris Darroch]
+ *) Account for first process in class in the spawn score. [Jeff Trawick]