You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by yl...@apache.org on 2021/09/03 17:05:12 UTC

svn commit: r1892878 - in /httpd/httpd/branches/2.4.x: CHANGES changes-entries/fix_uds_filename.txt changes-entries/md_check_keys.txt changes-entries/ssl_alpn_outgoing.txt changes-entries/uwsgi_path_info.txt

Author: ylavic
Date: Fri Sep  3 17:05:12 2021
New Revision: 1892878

URL: http://svn.apache.org/viewvc?rev=1892878&view=rev
Log:
Sync CHANGES [skip ci].

Removed:
    httpd/httpd/branches/2.4.x/changes-entries/fix_uds_filename.txt
    httpd/httpd/branches/2.4.x/changes-entries/md_check_keys.txt
    httpd/httpd/branches/2.4.x/changes-entries/ssl_alpn_outgoing.txt
    httpd/httpd/branches/2.4.x/changes-entries/uwsgi_path_info.txt
Modified:
    httpd/httpd/branches/2.4.x/CHANGES

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1892878&r1=1892877&r2=1892878&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Sep  3 17:05:12 2021
@@ -1,6 +1,26 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.49
 
+  *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker.  [Yann Ylavic]
+
+  *) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted
+     as successful or a staged renewal is replacing the existing certificates.
+     This avoid potential mess ups in the md store file system to render the active
+     certificates non-working. [@mkauf]
+
+  *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL.
+     [Yann Ylavic]
+
+  *) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
+     connections. If ALPN protocols are provided and sent to the
+     remote server, the received protocol selected is inspected
+     and checked for a match. Without match, the peer handshake
+     fails.
+     An exception is the proposal of "http/1.1" where it is
+     accepted if the remote server did not answer ALPN with
+     a selected protocol. This accomodates for hosts that do
+     not observe/support ALPN and speak http/1.x be default.
+
   *) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances
      with others when their URLs contain a '$' substitution.  PR 65419 + 65429.
      [Yann Ylavic]