1.52. httpd

Prior to this update, using any mod_ldap directive within a VirtualHost context prevented the module from caching results for that particular virtual host. This update adapts the mod_ldap module to make sure that caching now works correctly in such configurations.

When the mod_proxy module was configured as a reverse proxy, multiple unrelated bugs may have prevented it from operating correctly, and may have led to incorrect handling of connection timeouts or even data corruption. With this update, various patches have been applied to address this issue, and the mod_proxy module can now serve as a reverse proxy as expected.

When the mod_deflate module was configured to compress responses and an HTTP client prematurely terminated a connection, the previous version of the httpd service may have terminated unexpectedly with a segmentation fault. This update applies a patch that resolves this issue, and httpd no longer crashes.

Prior to this update, the mod_authnz_ldap module was unable to handle referrals from an LDAP server. This update introduces the LDAPChaseReferrals directive, which allows users to enable referral chasing.

Previously, when the OID() function was used as part of the SSLRequire directive, it was unable to parse certificate attributes of an unknown type. Consequent to this, strings that use the Abstract Syntax Notation One (ASN.1) notation were not rendered properly, and may have been incorrectly prefixed with a random string. This update adapts the OID() function to parse all unknown attributes as ASN.1 strings, so that these strings are now rendered as expected.

Due to incorrect handling of the SSL certificate cache, an attempt to use an SSL configuration with multiple VirtualHost sections that use identical ServerName values rendered the httpd service unable to start. With this update, the underlying source code has been adapted to address this issue, and using multiple VirtualHost sections with identical ServerNames values no longer prevents httpd from starting.

Due to incorrect handling of responses with multiple duplicate headers, when a user configured the httpd service to transform HTTP response headers by specifying edit as a value of the Header directive, only one of the matching headers was retained. This has now been fixed, and the edit mode is now applied correctly across all HTTP response headers.

When using the prefork Multi-Processing Module (MPM), children processes with persistent connections (that is, with the KeepAlive directive set to On) kept processing new requests even when a graceful restart had been issued. This update applies a patch that corrects this error, and children processes with persistent connections no longer process new requests when a graceful restart is requested.

Prior to this update, an attempt to use the ProxyPassReverse directive with a balancer:// URL that included a path segment caused redirect responses to map the HTTP Location header paths incorrectly. This error has been fixed, and HTTP Location header paths are now mapped correctly.

Previously, the FilterProvider directive of the mod_filter module was unable to match against non-standard HTTP response headers. With this update, the underlying source code has been adapted to address this issue, and the FilterProvider directive is now able to match against non-standard HTTP response headers as expected.

When configured as a reverse proxy, the previous version of the mod_proxy module was unable to establish an SSL connection via an intermediary proxy configured using the ProxyRemote directive. This update adapts the mod_proxy module to support this configuration.

Prior to this update, the mod_include module may have failed to parse certain Server Side Include (SSI) documents if the response contained attribute boundaries that were split across multiple buckets. This update corrects this error, and such SSI documents can now be parsed as expected.

When using the mod_cache module, by default, the CacheMaxExpire directive is only applied to responses which do not specify their expiry date. Previously, it was not possible to limit the maximum expiry time for all resources. This update adapts the mod_cache module to provide support for hard as a second argument of the CacheMaxExpire directive, allowing a maximum expiry time to be enforced for all resources.

The mod_proxy_balancer load balancer module has been updated to provide support for the bybusyness scheduler algorithm.

The mod_reqtimeout module has been added. When enabled, this module allows fine-grained timeouts to be applied during request parsing.

The mod_proxy and mod_proxy_http modules have been updated to provide support for remote HTTPS proxy servers by using the HTTP CONNECT method.