From ce0f4bcb8fae8966425723a1fa6fd291f36c9d42 Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Fri, 3 Sep 2021 17:05:12 +0000 Subject: [PATCH] Sync CHANGES [skip ci]. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1892878 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 20 ++++++++++++++++++++ changes-entries/fix_uds_filename.txt | 2 -- changes-entries/md_check_keys.txt | 4 ---- changes-entries/ssl_alpn_outgoing.txt | 9 --------- changes-entries/uwsgi_path_info.txt | 1 - 5 files changed, 20 insertions(+), 16 deletions(-) delete mode 100644 changes-entries/fix_uds_filename.txt delete mode 100644 changes-entries/md_check_keys.txt delete mode 100644 changes-entries/ssl_alpn_outgoing.txt delete mode 100644 changes-entries/uwsgi_path_info.txt diff --git a/CHANGES b/CHANGES index b096cf19268..e16f060b99c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,26 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.49 + *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker. [Yann Ylavic] + + *) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted + as successful or a staged renewal is replacing the existing certificates. + This avoid potential mess ups in the md store file system to render the active + certificates non-working. [@mkauf] + + *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL. + [Yann Ylavic] + + *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) + connections. If ALPN protocols are provided and sent to the + remote server, the received protocol selected is inspected + and checked for a match. Without match, the peer handshake + fails. + An exception is the proposal of "http/1.1" where it is + accepted if the remote server did not answer ALPN with + a selected protocol. This accomodates for hosts that do + not observe/support ALPN and speak http/1.x be default. + *) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances with others when their URLs contain a '$' substitution. PR 65419 + 65429. [Yann Ylavic] diff --git a/changes-entries/fix_uds_filename.txt b/changes-entries/fix_uds_filename.txt deleted file mode 100644 index d6c3471c7fb..00000000000 --- a/changes-entries/fix_uds_filename.txt +++ /dev/null @@ -1,2 +0,0 @@ - *) mod_proxy: Faster unix socket path parsing in the "proxy:" URL. - [Yann Ylavic] diff --git a/changes-entries/md_check_keys.txt b/changes-entries/md_check_keys.txt deleted file mode 100644 index 259c96c8559..00000000000 --- a/changes-entries/md_check_keys.txt +++ /dev/null @@ -1,4 +0,0 @@ - * mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted - as successful or a staged renewal is replacing the existing certificates. - This avoid potential mess ups in the md store file system to render the active - certificates non-working. [@mkauf] diff --git a/changes-entries/ssl_alpn_outgoing.txt b/changes-entries/ssl_alpn_outgoing.txt deleted file mode 100644 index 0b16193ec83..00000000000 --- a/changes-entries/ssl_alpn_outgoing.txt +++ /dev/null @@ -1,9 +0,0 @@ - *) mod_ssl: tighten the handling of ALPN for outgoing (proxy) - connections. If ALPN protocols are provided and sent to the - remote server, the received protocol selected is inspected - and checked for a match. Without match, the peer handshake - fails. - An exception is the proposal of "http/1.1" where it is - accepted if the remote server did not answer ALPN with - a selected protocol. This accomodates for hosts that do - not observe/support ALPN and speak http/1.x be default. \ No newline at end of file diff --git a/changes-entries/uwsgi_path_info.txt b/changes-entries/uwsgi_path_info.txt deleted file mode 100644 index 4591366cbe0..00000000000 --- a/changes-entries/uwsgi_path_info.txt +++ /dev/null @@ -1 +0,0 @@ - *) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker. [Yann Ylavic] -- 2.47.2