Apache HTTP Server 2.4.8 GA?

Started by chromerep, March 12, 2014, 08:53:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

chromerep

March 12, 2014, 08:53:47 AM
http://httpd.apache.org/dev/dist/httpd-2.4.8.tar.bz2

Changes with Apache 2.4.8
(http://httpd.apache.org/dev/dist/CHANGES_2.4.8)

  *) SECURITY: CVE-2014-0098 (cve.mitre.org)
     Clean up cookie logging with fewer redundant string parsing passes.
     Log only cookies with a value assignment. Prevents segfaults when
     logging truncated cookies.
     [William Rowe, Ruediger Pluem, Jim Jagielski]

  *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
     TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]

  *) mod_dir: Add DirectoryCheckHandler to allow a 2.2-like behavior, skipping
     execution when a handler is already set. PR53929. [Eric Covener]

  *) mod_ssl: Do not perform SNI / Host header comparison in case of a
     forward proxy request. [Ruediger Pluem]

  *) mod_ssl: Remove the hardcoded algorithm-type dependency for the
     SSLCertificateFile and SSLCertificateKeyFile directives, to enable
     future algorithm agility, and deprecate the SSLCertificateChainFile
     directive (obsoleted by SSLCertificateFile). [Kaspar Brand]

  *) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
     and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
     to child scopes without explicitly configuring each child scope.
     PR56153.  [Edward Lu <Chaosed0 gmail com>]

  *) prefork: Fix long delays when doing a graceful restart.
     PR 54852 [Jim Jagielski, Arkadiusz Miskiewicz <arekm maven pl>]

  *) FreeBSD: Disable IPv4-mapped listening sockets by default for versions
     5+ instead of just for FreeBSD 5. PR 53824. [Jeff Trawick]

  *) mod_proxy_wstunnel: Avoid busy loop on client errors, drop message
     IDs 02445, 02446, and 02448 to TRACE1 from DEBUG. PR 56145.
     [Joffroy Christen <joffroy.christen solvaxis com>, Eric Covener]

  *) mod_remoteip: Correct the trusted proxy match test. PR 54651.
     [Yoshinori Ehara <yoshinori ehara gmail com>, Eugene L <eugenel amazon com>]

  *) mod_proxy_fcgi: Fix error message when an unexpected protocol version
     number is received from the application.  PR 56110.  [Jeff Trawick]

  *) mod_remoteip: Use the correct IP addresses to populate the proxy_ips field.
     PR 55972. [Mike Rumph]

  *) mod_lua: Update r:setcookie() to accept a table of options and add domain,
     path and httponly to the list of options available to set.
     PR 56128 [Edward Lu <Chaosed0 gmail com>, Daniel Gruno]
     
  *) mod_lua: Fix r:setcookie() to add, rather than replace,
     the Set-Cookie header. PR56105
     [Kevin J Walters <kjw ms com>, Edward Lu <Chaosed0 gmail com>]

  *) mod_lua: Allow for database results to be returned as a hash with
     row-name/value pairs instead of just row-number/value. [Daniel Gruno]

  *) mod_rewrite: Add %{CONN_REMOTE_ADDR} as the non-useragent counterpart to
     %{REMOTE_ADDR}. PR 56094. [Edward Lu <Chaosed0 gmail com>]

  *) WinNT MPM: If ap_run_pre_connection() fails or sets c->aborted, don't
     save the socket for reuse by the next worker as if it were an
     APR_SO_DISCONNECTED socket. Restores 2.2 behavior. [Eric Covener]

  *) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a URL
     that was just rewritten by mod_rewrite. PR53929. [Eric Covener]

  *) mod_session: When we have a session we were unable to decode,
     behave as if there was no session at all. [Thomas Eckert
     <thomas.r.w.eckert gmail com>]

  *) mod_session: Fix problems interpreting the SessionInclude and
     SessionExclude configuration. PR 56038. [Erik Pearson
     <erik adaptations.com>]

  *) mod_authn_core: Allow <AuthnProviderAlias>'es to be seen from auth
     stanzas under virtual hosts. PR 55622. [Eric Covener]

  *) mod_proxy_fcgi: Use apr_socket_timeout_get instead of hard-coded
     30 seconds timeout. [Jan Kaluza]

  *) mod_proxy: Added support for unix domain sockets as the
     backend server endpoint [Jim Jagielski, Blaise Tarr
     <blaise tarr gmail com>]

  *) build: only search for modules (config*.m4) in known subdirectories, see
     build/config-stubs. [Stefan Fritsch]

  *) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk.
     PR 55833. [Eric Covener]

  *) mod_ssl: Add support for OpenSSL configuration commands by introducing
     the SSLOpenSSLConfCmd directive. [Stephen Henson, Kaspar Brand]

  *) mod_proxy: Remove (never documented) <Proxy ~ wildcard-url> syntax which
     is equivalent to <ProxyMatch wildcard-url>. [Christophe Jaillet]

  *) mod_authz_user, mod_authz_host, mod_authz_groupfile, mod_authz_dbm,
     mod_authz_dbd, mod_authnz_ldap: Support the expression parser within the
     require directives. [Graham Leggett]

  *) mod_proxy_http: Core dumped under high load. PR 50335.
     [Jan Kaluza <jkaluza redhat.com>]

  *) mod_socache_shmcb.c: Remove arbitrary restriction on shared memory size
     previously limited to 64MB. [Jens L??s <jelaas gmail.com>]

  *) mod_lua: Use binary copy when dealing with uploads through r:parsebody()
     to prevent truncating files. [Daniel Gruno]

Gregg

#1
March 12, 2014, 10:00:54 AM Last Edit: March 12, 2014, 10:35:11 AM by Gregg
Yes, but anything in /dev/dist is not released as GA yet. Those are for building, testing and voting by developers and others but we are not allowed to release binaries from them just yet. The minute I see that tarball hit http://www.apache.org/dist/httpd/ we will have them ready.

I'm not quite sure how this one is going to go. I'm waiting 24 hours to see if there are any -1 by any PMCs (I myself am one). One of the SSL updates is incompatible with 0.9.8y & 1.0.1e. Yes 1.0.1f is out but at this time there's no 0.9.8z which many a unix are running 0.9.8 still. I have the patch to fix 0.9.8y so there's no problem there, but I don't want to build 4 different builds + 2 downgrade packages if it's going to fail voting and a 2.4.9 comes a week or two later. I do have both VC9 builds done + the x86 0.9.8y downgrade so far.

So hold on a couple days and stay tuned  :)

Gregg

#2
March 12, 2014, 05:16:14 PM
chromerep,

Here is a perfect case of why we do not jump the gun on releasing, especially when I myself find a problem on the first build. You can read the entire conversation about this here;

http://marc.info/?t=139455581300005&r=1&w=2

2.4.8 has failed without even 24 hours of testing. A fix has already been applied to trunk, it will have to sit there for awhile and will be backported to 2.4 branch. At that time, 2.4.9 will be tagged and the whole process will be done again.

cheers  :)

chromerep

#3
March 13, 2014, 01:18:06 AM
Gregg:

I notice that issue.
It's not the time to run apache 2.4.8 till 2.4.9 or higher GA is available.
Print
Go Up Pages1
User actions