You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by dr...@apache.org on 2018/10/26 18:53:04 UTC
svn commit: r30430 - /release/httpd/CHANGES_2.4
Author: druggeri
Date: Fri Oct 26 18:53:04 2018
New Revision: 30430
Log:
Fix missing CHANGES entries
Modified:
release/httpd/CHANGES_2.4
Modified: release/httpd/CHANGES_2.4
==============================================================================
--- release/httpd/CHANGES_2.4 (original)
+++ release/httpd/CHANGES_2.4 Fri Oct 26 18:53:04 2018
@@ -1,4 +1,68 @@
-*- coding: utf-8 -*-
+Changes with Apache 2.4.37
+
+ *) mod_ssl: Fix HTTP/2 failures when using OpenSSL 1.1.1. [Rainer Jung]
+
+ *) mod_ssl: Fix crash during SSL renegotiation with OptRenegotiate set,
+ when client certificates are available from the original handshake
+ but were originally not verified and should get verified now.
+ This is a regression in 2.4.36 (unreleased). [Ruediger Pluem]
+
+ *) mod_ssl: Correctly merge configurations that have client certificates set
+ by SSLProxyMachineCertificate{File|Path}. [Ruediger Pluem]
+
+Changes with Apache 2.4.36
+
+ *) mod_brotli, mod_deflate: Restore the separate handling of 304 Not Modified
+ responses. Regression introduced in 2.4.35.
+
+ *) mod_proxy_scgi, mod_proxy_uwsgi: improve error handling when sending the
+ body of the response. [Jim Jagielski]
+
+ *) mod_http2: adding defensive code for stream EOS handling, in case the request handler
+ missed to signal it the normal way (eos buckets). Addresses github issues
+ https://github.com/icing/mod_h2/issues/164, https://github.com/icing/mod_h2/issues/167
+ and https://github.com/icing/mod_h2/issues/170. [Stefan Eissing]
+
+ *) ab: Add client certificate support. [Graham Leggett]
+
+ *) ab: Disable printing temp key for OpenSSL before
+ version 1.0.2. SSL_get_server_tmp_key is not available
+ there. [Rainer Jung]
+
+ *) mod_ssl: Fix a regression that the configuration settings for verify mode
+ and verify depth were taken from the frontend connection in case of
+ connections by the proxy to the backend. PR 62769. [Ruediger Pluem]
+
+ *) MPMs: Initialize all runtime/asynchronous objects on a dedicated pool and
+ before signals handling to avoid lifetime issues on restart or shutdown.
+ PR 62658. [Yann Ylavic]
+
+ *) mod_ssl: Add support for OpenSSL 1.1.1 and TLSv1.3. TLSv1.3 has
+ behavioural changes compared to v1.2 and earlier; client and
+ configuration changes should be expected. SSLCipherSuite is
+ enhanced for TLSv1.3 ciphers, but applies at vhost level only.
+ [Stefan Eissing, Yann Ylavic, Ruediger Pluem, Joe Orton]
+
+ *) mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces
+ should be accepted after the authorization scheme. \t are also tolerated.
+ [Christophe Jaillet]
+
+ *) mod_proxy_hcheck: Fix issues with interval determination. PR 62318
+ [Jim Jagielski]
+
+ *) mod_proxy_hcheck: Fix issues with TCP health checks. PR 61499
+ [Dominik Stillhard <dominik.stillhard united-security-providers.ch>]
+
+ *) mod_proxy_hcheck: take balancer's SSLProxy* directives into account.
+ [Jim Jagielski]
+
+ *) mod_status, mod_echo: Fix the display of client addresses.
+ They were truncated to 31 characters which is not enough for IPv6 addresses.
+ This is done by deprecating the use of the 'client' field and using
+ the new 'client64' field in worker_score.
+ PR 54848 [Bernhard Schmidt <berni birkenwald de>, Jim Jagielski]
+
Changes with Apache 2.4.35
*) http: Enforce consistently no response body with both 204 and 304