2.4.24 soon?

[Eric Covener <co...@gmail.com>]

We have httpoxy as well as a rewrite+fastcgi regression in the queue.
Jim, do you have a near-term release in you we can plan around?

-- 
Eric Covener
covener@gmail.com

Re: 2.4.24 soon?

[Jim Jagielski <ji...@jaguNET.com>]

I'm thinking of a T&R around the last week of Oct...

Re: 2.4.24 soon?

[Jim Jagielski <ji...@jaguNET.com>]

I'd like to see us work on having a 2.4.24 out sometime this
month... Can we spend some time on existing backports and
seeing what of usefulness in trunk *can and should* be backported
to 2.4?

Thx!!

> On Sep 19, 2016, at 11:36 AM, Jim Jagielski <ji...@jaguNET.com> wrote:
> 
> 
>> On Aug 2, 2016, at 2:59 PM, Jacob Champion <ch...@gmail.com> wrote:
>> 
>> On 08/02/2016 11:12 AM, William A Rowe Jr wrote:
>>> One additional thought... On 2.2 and 2.4 I see this change as entirely
>>> opt-in, no disruption to a user performing a subversion upgrade. On
>>> 2.6/3.0 I'd want us to seriously consider changing the out-of-the-box
>>> default to strict parsing.
>> 
>> +1.
>> 
>> (I have no strong opinions on whether or not this should go into the next release, though.)
>> 
> 
> Any more thoughts related to this? I know that it is
> still being worked here and there, but knowing whether or
> not it will be folded in 2.4.24 might be incentive to
> finish polishing as it were.
> 

Re: 2.4.24 soon?

[William A Rowe Jr <wr...@rowe-clan.net>]

On Mon, Sep 19, 2016 at 10:36 AM, Jim Jagielski <ji...@jagunet.com> wrote:

>
> > On Aug 2, 2016, at 2:59 PM, Jacob Champion <ch...@gmail.com> wrote:
> >
> > On 08/02/2016 11:12 AM, William A Rowe Jr wrote:
> >> One additional thought... On 2.2 and 2.4 I see this change as entirely
> >> opt-in, no disruption to a user performing a subversion upgrade. On
> >> 2.6/3.0 I'd want us to seriously consider changing the out-of-the-box
> >> default to strict parsing.
> >
> > +1.
> >
> > (I have no strong opinions on whether or not this should go into the
> next release, though.)
>
> Any more thoughts related to this? I know that it is
> still being worked here and there, but knowing whether or
> not it will be folded in 2.4.24 might be incentive to
> finish polishing as it were.
>

I have a strong opinion that the strict request message parsing should be
included in 2.4.24/2.2.32. That includes disallowing all unexpected CTL
chars. This can easily be ready on your proposed timeframe.

I no longer believe we should address URI formatting until 2.4.25, it's
obviously a much larger hornets nest in terms of many incompatibilites
that are well-known. So I've tweaked some API calls and should have
a patch in by tomorrow for this change, to take out the StrictURI option
and replace the scan valid uri chars with the efficient scan vchar/obstext
that halts on any CTL or space.

Will start a fresh thread for the post-mortem and backport discusssions.

Re: 2.4.24 soon?

[Jim Jagielski <ji...@jaguNET.com>]

> On Aug 2, 2016, at 2:59 PM, Jacob Champion <ch...@gmail.com> wrote:
> 
> On 08/02/2016 11:12 AM, William A Rowe Jr wrote:
>> One additional thought... On 2.2 and 2.4 I see this change as entirely
>> opt-in, no disruption to a user performing a subversion upgrade. On
>> 2.6/3.0 I'd want us to seriously consider changing the out-of-the-box
>> default to strict parsing.
> 
> +1.
> 
> (I have no strong opinions on whether or not this should go into the next release, though.)
> 

Any more thoughts related to this? I know that it is
still being worked here and there, but knowing whether or
not it will be folded in 2.4.24 might be incentive to
finish polishing as it were.

Re: 2.4.24 soon?

[Jacob Champion <ch...@gmail.com>]

On 08/02/2016 11:12 AM, William A Rowe Jr wrote:
> One additional thought... On 2.2 and 2.4 I see this change as entirely
> opt-in, no disruption to a user performing a subversion upgrade. On
> 2.6/3.0 I'd want us to seriously consider changing the out-of-the-box
> default to strict parsing.

+1.

(I have no strong opinions on whether or not this should go into the 
next release, though.)

--Jacob

Re: 2.4.24 soon?

[William A Rowe Jr <wr...@rowe-clan.net>]

On Aug 2, 2016 11:58 AM, "William A Rowe Jr" <wr...@rowe-clan.net> wrote:
>
> On Fri, Jul 22, 2016 at 5:10 AM, Jim Jagielski <ji...@jagunet.com> wrote:
>>
>> I think we should look into other stuff we could fold in in
>> the short term.
>
>
> Seems overdue for us to fold the HTTP_STRICT logic back into 2.4 and 2.2
> before we tag and roll again. It seems pretty odd not to follow RFC2068,
> never mind the RFC 2616 and 723x group of specs. Objections or other
> observations?

One additional thought... On 2.2 and 2.4 I see this change as entirely
opt-in, no disruption to a user performing a subversion upgrade. On 2.6/3.0
I'd want us to seriously consider changing the out-of-the-box default to
strict parsing.

Re: 2.4.24 soon?

[William A Rowe Jr <wr...@rowe-clan.net>]

On Fri, Jul 22, 2016 at 5:10 AM, Jim Jagielski <ji...@jagunet.com> wrote:

> I think we should look into other stuff we could fold in in
> the short term.
>

Seems overdue for us to fold the HTTP_STRICT logic back into 2.4 and 2.2
before we tag and roll again. It seems pretty odd not to follow RFC2068,
never mind the RFC 2616 and 723x group of specs. Objections or other
observations?

Cheers,

Bill

Re: 2.4.24 soon?

[Jim Jagielski <ji...@jaguNET.com>]

I think we should look into other stuff we could fold in in
the short term.

> On Jul 21, 2016, at 10:27 AM, Eric Covener <co...@gmail.com> wrote:
> 
> We have httpoxy as well as a rewrite+fastcgi regression in the queue.
> Jim, do you have a near-term release in you we can plan around?
> 
> -- 
> Eric Covener
> covener@gmail.com

Re: 2.4.24 soon?

[David Zuelke <dz...@heroku.com>]

On 21.07.2016, at 16:27, Eric Covener <co...@gmail.com> wrote:

> We have httpoxy as well as a rewrite+fastcgi regression in the queue.
> Jim, do you have a near-term release in you we can plan around?

Just to *bump* this one up... ;)

David