Software 42767 Published by

A new release candidate of the Apache HTTPD web server has been released.



Apache 2.4.53-rc1-candidate

Changes with Apache 2.4.53

*) core: Make sure and check that LimitXMLRequestBody fits in system memory.
[Ruediger Pluem, Yann Ylavic]

*) core: Simpler connection close logic if discarding the request body fails.
[Yann Ylavic, Ruediger Pluem]

*) mod_http2: preserve the port number given in a HTTP/1.1
request that was Upgraded to HTTP/2. Fixes PR65881.
[Stefan Eissing]

*) mod_proxy: Allow for larger worker name. PR 53218. [Yann Ylavic]

*) dbm: Split the loading of a dbm driver from the opening of a dbm file. When
an attempt to load a dbm driver fails, log clearly which driver triggered
the error (not "default"), and what the error was. [Graham Leggett]

*) mod_proxy: Use the maxium of front end and backend timeouts instead of the
minimum when tunneling requests (websockets, CONNECT requests).
Backend timeouts can be configured more selectively (per worker if needed)
as front end timeouts and typically the backend timeouts reflect the
application requirements better. PR 65886 [Ruediger Pluem]

*) ap_regex: Use Thread Local Storage (TLS) to recycle ap_regexec() buffers
when an efficient TLS implementation is available. [Yann Ylavic]

*) core, mod_info: Add compiled and loaded PCRE versions to version
number display. [Rainer Jung]

*) mod_md: do not interfere with requests to /.well-known/acme-challenge/
resources if challenge type 'http-01' is not configured for a domain.
Fixes https://github.com/icing/mod_md/issues/279.
[Stefan Eissing]

*) mod_dav: Fix regression when gathering properties which could lead to huge
memory consumption proportional to the number of resources.
[Evgeny Kotkov, Ruediger Pluem]

*) Support pcre2 (10.x) library in place of the now end-of-life pcre (8.x)
for regular expression evaluation. This depends on locating pcre2-config.
[William Rowe, Petr Pisar ppisar redhat.com, Rainer Jung]

*) Add the ldap function to the expression API, allowing LDAP filters and
distinguished names based on expressions to be escaped correctly to
guard against LDAP injection. [Graham Leggett]

*) mod_md: the status description in MDomain's JSON, exposed in the
md-status handler (if configured) did sometimes not carry the correct
message when certificates needed renew.
[Stefan Eissing]

*) mpm_event: Fix a possible listener deadlock on heavy load when restarting
and/or reaching MaxConnectionsPerChild. PR 65769. [Yann Ylavic]



Release 2.4.53-rc1-candidate · apache/httpd