Apache 2.0 STATUS: Last modified at [$Date: 2000/10/07 19:54:21 $] Release: 2.0a7 : ??? 2.0a6 : released August 18, 2000 2.0a5 : released August 4, 2000 2.0a4 : released June 7, 2000 2.0a3 : released April 28, 2000 2.0a2 : released March 31, 2000 2.0a1 : released March 10, 2000 RELEASE SHOWSTOPPERS: * All of the bucket types must be implemented. The list can be found in src/include/ap_buckets.h. May need to implement a bucket type to mark the end of a subrequest content stream, and one to tell filters to flush any pending content. See http_protocol.c: ap_finalize_sub_req_protocol() and ap_rflush() rbb says: Creating a bucket to signal end of sub-request ties the filters to Apache. This can be handled very cleanly by just inserting a sub-request filter. That filter would be responsible for stripping off the EOS bucket for the sub-request, and removing all vestiges of the request. * Remove Buff and IOL from the code. To do this, a chunking and translation filter must be written. This allows us to remove BUFF. IOLs can be removed as soon as somebody gets to it. * suEXEC doesn't work Status: Manoj has posted an patch to fix this. Message-ID: <20000825024943.A17578@manojk.users.mindspring.com> * Win32: Enable the Windows MPM to honor max_requests_per_child Status: Bill will fix this. * Win32: Get Apache working on Windows 95/98. The following work (at least) needs to be done: - winnt MPM: Fix 95/98 code paths in the winnt MPM. There is some NT specific code that is still not in NT only code paths - IOL binds to APR sendfile, implemented with TransmitFile, which is not available on 95/98. - Document warning that OSR2 is required (for Crypt functions, in rand.c, at least.) * Win32: Test access logging with multiple threads. Will the native file I/O calls serialize automagically like the CRT calls or do we need to add region locking each time we access the logs? Status: * Win32: Complete the revamp the service environment and relocation into the WinNT MPM. Changes ServerRoot service registry parameter into ConfigArgs for multiple service startup parameters. Problems to fix in the revamp: -k shutdown/restart are broken, signals are not being acknowledged. Close window and shutdown also seem out of sorts. OtherBill is working on this * We need a thread-safe resolver, at least on Unix. Status: The best known candidate would be something from BIND v9. Status: Greg asks, "why? doesn't gethostbyname_r() handle this?" * Modify mod_cgi and mod_cgid to deal with directories. This allows a lot of directives to be removed from the core. RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP: * Combine log_child and piped_log_spawn. Clean up http_log.c. Common logging API. * Create unified scoreboard API and implementation shared across the MPMs * Document mod_file_cache. * OS/2: Get loadable modules working again. Requires shared core support which doesn't appear to be catered for in the current build system. * OS/2: Make mod_status work for spmt_os2 MPM. * Build scripts do not recognise AIX 4.2.1 pthreads, so the pthread MPMs will not build. * Win32: Enable the winnt MPM to use the new scoreboard API * Win32: Implement ap_shm_ functions in APR. * Win32: Win9x console window still won't play nice with the close window, logoff and shutdown scenarios. * Win32: Add a simple hold console open patch (wait for close or the ESC key, with a nice message) if the server died a bad death (non-zero exit code) in console mode. * Platforms that do not support fork (primarily Win32 and AS/400) Consider introducing HAVE_FORK feature macro. Architect start-up code that avoids initializing all the modules in the parent process on platforms that do not support fork. * Win32: Migrate the MPM over to use APR thread/process calls. This would eliminate some code in the Win32 branch that essentially duplicates what is in APR. Bill says we need a new procattr, APR_CREATE_SUSPENDED (or something similar) to direct ap_create_process to create the process suspended. We also need a call to wake up the suspended process This may not be able to be implemented everywhere though. * There are still a number of places in the code where we are loosing error status (i.e. throwing away the error returned by a system call and replacing it with a generic error code) * Win32: Implement reliable piped logs on Windows * The connection status table is not very efficient. Also, very few stats are exported to the connection status table (easy to fix), and mod_status is ugly. * Mass vhosting version of suEXEC. * Replace tables with a proper opaque ADT that has pluggable implementations (including something like the existing data type, plus hash tables for speed, with options for more later). Status: fanf is working on this. * configuration option to use *DBM Status: Greg +1 (volunteers) * Integrate mod_dav. Message-id: <20000625173247.M29590@lyra.org> Status: works. passes initial regression testing. Joe Orton reports success with his "cadaver" tool. Some additional items remaining: - case_preserved_filename stuff - fix and re-enable sdbm_lock.c - find a new home for ap_text(_header) - is it possible to remove the DAV: namespace stuff from util_xml? * ap_core_translate() and its use by mod_mmap_static are a bit wonky. The function should probably be exposed as a utility function (such as ap_translate_url2fs() or ap_validate_fs_url() or something). Another approach would be a new hook phase after "translate" which would allow mod_mmap_static to munge what the translation has decided to do. Status: Greg +1 (volunteers), Ryan +1 * Go through ap_config.h and namespace-protect the symbols (e.g. USE_*). Some symbols can/should move to mpm_common.h where possible. * Explore use of a post-config hook for the code in http_main.c which calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and ap_sort_hooks() [to reduce the logic in main()] * read the config tree just once, and process N times (as necessary) * add a version number to ap_initialize() as an extra failsafe against (APR) library version skew. MsgID: Status: Greg +1 (volunteers), Jeff +1, Ryan +1, Tony -0(?) * mod_info to use the configuration tree * make apr_get_uuid() thread-safe * (possibly) use UUIDs in mod_unique_id and/or mod_usertrack PRs that have been suspended forever waiting for someone to put them into 'the next release': * PR#73: mod_log-any reporting of referer in error_log Status: * PR#76: general missing call to "setlocale();" Status: * PR#78: mod_include Additional status for XBitHack directive Status: * PR#161: mod_dir Questionable performace of mod_dir() with negotiation Status: * PR#362: mod_proxy Mod_proxy doesn't allow change of error pages Status: * PR#370: mod_env Modified PATH environemnt variable is not passed, instead system's is used Status: * PR#440: mod_proxy Proxy doesn't deliver documents if not connected Status: * PR#534: mod_proxy proxy converts ~name to %7Ename when name starts with a dot (.) Status: * PR#537: mod_access mod_access syntax allows hosts that should be restricted Status: * PR#557: mod_auth-any ~UserHome directories are not honored in absolute pathname requests (.htaccess) Status: * PR#573: mod_log-any More LogFormat directives Status: * PR#612: mod_proxy Proxy FTP Authentication Fails Status: * PR#623: mod_include A smarter "Last Modified" value for SSI documents (see PR number 600) Status: * PR#628: config Request of "Options SymLinksIfGroupMatch" Status: * PR#697: mod_include A security tweak I've been using for a few years for SSI Status: * PR#700: mod_proxy Proxy doesn't do links right for OpenVMS files through ftp: Status: * PR#759: mod_imap imap should read * too! Status: * PR#793: general RLimitCPU and RLimitMEM don't apply to all children like they should Status: * PR#921: suexec Uses cwd before filling it in, doesn't use syslog Status: * PR#922: config it is useful to allow specifiction that root-owned symlinks should always be followed Status: * PR#980: mod_proxy Controlling Access to Remote Proxies would be nice... Status: * PR#994: mod_proxy Adding authentication "on the fly" through the proxy module Status: * PR#1004: apache-api request_config field in request_rec is moderately bogus Status: * PR#1028: other DoS attacks involving memory consumption Status: * PR#1050: mod_log-any Logging of virtual server to error_log as well Status: * PR#1085: mod_proxy ProxyRemote make a dead cycle. Status: * PR#1117: mod_auth-any Using NIS passwd.byname dbm files with AuthDBMUserFile Status: * PR#1120: suexec suexec does not parse arguments to #exec cmd Status: * PR#1145: mod_include Allow for Last-Modified: without resorting to XBitHack Status: * PR#1156: config insufficent AllowOverrides granularity for autoindexing Status: * PR#1158: apache-api improvements to child spawning API Status: * PR#1166: mod_proxy ``nph-'' not honored (no buffering) for ProxyRemote mapping Status: * PR#1176: mod_cgi Apache cannot handle continuation line in headers Status: * PR#1191: general setlogin() is not called, causing problems with e.g. identd Status: * PR#1204: general regerror() exists, use it Status: * PR#1233: apache-api there is no way to keep per-connection per-module state Status: * PR#1263: mod_dir Add frame-safe anchor attribute to mod_autoindex links Status: * PR#1268: suexec CGI scripts running as Apache user: security (suexec etc.) Status: * PR#1285: suexec Error messages could be easier to spot in cgi.log file for suexec.c Status: * PR#1287: mod_access add allow,deny/deny,allow warning to mod_access Status: * PR#1290: mod_proxy Need to know "hit-rate" on proxy cache Status: * PR#1358: mod_log-any Selective url-encode of log fields (or maybe a pseudo log_rewrite module?) Status: * PR#1383: mod_headers I make mod_headers to modify request headers as well as response ones. Status: * PR#1532: mod_proxy Proxy transfer logging Status: * PR#1547: mod_proxy No HTTP_X_FORWARDED_FOR set... Status: * PR#1567: mod_proxy ProxyRemote proxy requests fail authentication by firewall Status: * PR#1574: mod_autoindex ReadmeName and HeaderName don't allow for server-parsed html. Status: * PR#1582: mod_rewrite mod_rewrite forms REQUEST_URI different than mod_cgi does Status: * PR#1677: mod_headers mod_headers should allow mod_log_config-style formats in header values Status: * PR#1702: mod_proxy mod_proxy to support persistent conns? Status: * PR#1803: mod_include patches to mod_include to allow for file tests Status: * PR#1809: mod_auth-any Suggestion for improving authentication modules and core source code, problem with 401 and ErrorDocument Status: * PR#1855: mod_autoindex More Control over autoindex layout Status: * PR#1878: mod_proxy listing of proxy cache content Status: * PR#1905: suexec Allow modules to set user:group for execution. Status: * PR#2024: apache-api adding auth_why to conn_rec Status: * PR#2073: mod_log-any pipelined connections are not logged correctly Status: * PR#2074: mod_rewrite mod_rewrite doesn't pass Proxy Throughput on internal subrequests Status: * PR#2113: config HTTP Server Rebuild Line Needs Changing for the better Status: * PR#2138: mod_status mod_status always displays 256 possible connection slots Status: * PR#2221: documentation Make online documentation search link back to my installation Status: * PR#2284: general Can not POST to ErrorDocument - Apache/1.3b6 Status: * PR#2314: mod_proxy patterns in ProxyRemote Status: * PR#2343: mod_status Status module averages are for entire uptime Status: * PR#2360: suexec suexec for general access of user content? Status: * PR#2396: general Proposal for TimeZone directive Status: * PR#2415: mod_info /server-info doesn't check for the virtual host to list the info Status: * PR#2421: config problem specifying ndbm library for build ?with autoconfigure Status: * PR#2431: general A small addition to rotatelogs.c to improve program functionality. Status: * PR#2446: config AllowOverride FileInfo is too coarse Status: * PR#2460: mod_cgi TimeOut applies to output of CGI scripts Status: * PR#2512: mod_access <IfDenied> directive wanted Status: * PR#2573: suexec CGI's for general use still have to be run as another user with suExec Status: * PR#2648: general Cache file names in Proxy module Status: * PR#2760: config [PATCH] User/Group for and i.e. not only in global and . Status: * PR#2763: general mailto tags and bundling bug report script Status: * PR#2772: mod_log-any more % escapes Status: * PR#2785: os-aix Support for System Resource Controller Status: * PR#2793: protocol When will Apache support P3P? Any Plans? Status: * PR#2873: config Feedback/Comment on APACI Status: * PR#2889: general Inclusion of RPM spec file in CVS/distributions Status: * PR#2906: general Propose that Apache recommend $UNIQUE_ID for all "session id" algorithms Status: * PR#2907: config suggestion: power up your Include directive :) Status: * PR#3018: general cannot limit some HTTP methods Status: * PR#3026: mod_autoindex No way to change ReadmeName/HeaderName suffixes. Status: * PR#3143: apache-api No module specific data hook for per-connection data Status: * PR#3181: config Configuration file in Japanese Status: * PR#3191: mod_negotiation no way to set global quality-of-source (qs) coneg values with multiviews Status: * PR#3430: mod_negotiation Enhancement: MultiViews, Multi-Language Documents Status: * PR#3568: mod_proxy Accessing URL through proxy server corrupts data. Status: * PR#3594: os-windows Please add an Apache icon to the systray instead of a DOS window Status: * PR#3605: mod_proxy Some anonymous FTP URLs ask for authentication Status: * PR#3654: mod_autoindex BORDER=0 makes Icons look nicer (FancyIndexing) Status: * PR#3677: general New ErrorDocumentMatch directive Status: * PR#4180: os-windows Alternative for win95 users Status: * PR#4241: config Need to be able to override shebang line to make CGI scripts more portable. Status: * PR#4244: config "Files" and "FilesMatch" regexp does not recognize bang as negation operator Status: * PR#4448: mod_log-any Please allow CGI env variables (QUERY_STRING, ...) to be logged with %{}e Status: * PR#4455: config apache provides no way to do a wildcard/global NameVirtualHost Status: * PR#4459: mod_include Suggestion for better handling of Last-modified headers Status: * PR#4490: mod_cgi mod_cgi prevents handling of OPTIONS requests Status: * PR#4520: mod_autoindex mod_autoindex does not generate Last-Modified response headers Status: * PR#4658: os-windows The output of CGI scripts appears in the window that apache is running in Status: * PR#4816: general SSI in CGI Status: * PR#5079: config Apache header files should have a private name, e.g. #include "apache/httpd.h" Status: * PR#5713: os-windows [PATCH] install as service with domain account Status: * PR#5993: general AllowOverride should have a 'CheckNone' and 'AllowNone' argument instead of only 'None' Status: * PR#6347: mod_mime MIME types for MNG and JNG files need adding to mime.types and the mime.types and magic files Status: Waiting for IANA types to be defined Other bugs that need fixing: * MaxRequestsPerChild measures connections, not requests. Until someone has a better way, we'll probably just rename it "MaxConnectionsPerChild". * Regex containers don't work in an intutive way Status: No one has come up with an efficient way to fix this behavior. Dean has suggested getting rid of regex containers completely. * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a sigwaiting thread. We need to work around this, perhaps unless there is hope soon for a fixed glibc. * The MM library is built as static and shared library. This should be set up to build only the required version. Other features that need writing: * Finish infrastructure in core for async MPMs Status: post 2.0 * TODO in source -- just do an egrep on "TODO" and see what's there Documentation that needs writing: * Mod_status docs are needed. * The concept of MPMs, especially if we ship more than one MPM for a given platform * New directives in the various MPMs and appropriate links from obsolete directives in core.html to the MPM documentation. * Revise manual/stopping.html and the last part of manual/misc/perf-tuning.html to take account of the MPMs. * API documentation Status: Ben Laurie has written some hooks documentation (apache-2.0/htdocs/hooks.html) * Changes since 1.3.9 can be more easily seen in the commitlog file dev.apache.org:/home/cvs/CVSROOT/commitlogs/apache-2.0 which includes some of Roy's comments when the changes were committed in rough change-sets by purpose. Note that the commitlog does not show the contents of new files until later. Available Patches: * Martin Sojka 's patch to add error reporting for failed htpasswd actions due to a full /tmp volume (other programs may have similar problems?) PR: 6475 Status: * Mike Abbott's patches to improve performance Status: These were written for 1.3, and are awaiting a port to 2.0 * Jim Winstead's patch to add CookieDomain and other small mod_usertrack features * Dan Rench's patch to add allow the errmsg and timefmt of SSI's to be modified in the config file. Patch is available in PR6193 Open issues: * What do we do about mod_proxy? * Which MPMs will be included with Apache 2.0? * Is conf/highperformance.conf-dist obsolete? It looks obsolete.