Register

Login

• search
• browse source
• diff source
• search source variables

Error Buddy

Do you have an error message from your application? Then find the answer with Error Buddy. You can search over 40000 source code files and troubleshooting documents using our beta lucene/nutch search interface or if you prefer, search as normal using google. With LXR technology you can drill right down into the line of source code where it came from with full cross-referencing.

If after searching you didn't get your ideal answer, or you are still unclear what the error means, you can choose to post that question to the community forums following the link included in the search results.

corestack/ httpd-2.0.54/ CHANGES [1.6]

 Changes with Apache 2.0.54
 
   *) mod_cache: Add CacheIgnoreHeaders directive.  PR 30399.
      [Rüiger Plü <r.pluem t-online.de>]
 
   *) mod_ldap: Added the directive LDAPConnectionTimeout to configure
      the ldap socket connection timeout value.  
      [Brad Nicholes]
 
   *) Correctly export all mod_dav public functions.
      [Branko Èibej <brane xbc.nu>]
 
   *) Add a build script to create a solaris package. [Graham Leggett]
 
   *) worker MPM: Fix a problem which could cause httpd processes to
      remain active after shutdown.  [Jeff Trawick]
 
   *) Unix MPMs: Shut down the server more quickly when child processes are
      slow to exit.  [Joe Orton, Jeff Trawick]
 
   *) Remove formatting characters from ap_log_error() calls.  These
      were escaped as fallout from CAN-2003-0020.
      [Eric Covener <ecovener gmail.com>]
 
   *) mod_ssl: If SSLUsername is used, set r->user earlier.  PR 31418.
      [David Reid]
 
   *) htdigest: Fix permissions of created files.  PR 33765.  [Joe Orton]
 
   *) core_input_filter: Move buckets to a persistent brigade instead of
      creating a new brigade. This stop a memory leak when proxying a 
      Streaming Media Server. PR 33382. [Paul Querna]
 
   *) mod_win32: Ignore both PATH_INFO as well as PATH_TRANSLATED to avoid 
      hiccups from additional path information passed in non-utf-8 format.
      [Richard Donkin <rd9 donkin.org]
 
 Changes with Apache 2.0.53
 
   *) Fix --with-apr=/usr and/or --with-apr-util=/usr.  PR 29740.
      [Max Bowsher <maxb ukf.net>]
 
   *) mod_proxy: Fix ProxyRemoteMatch directive.  PR 33170.
      [Rici Lake <rici ricilake.net>]
 
   *) mod_proxy: Respect errors reported by pre_connection hooks.
      [Jeff Trawick]
 
   *) --with-module can now take more than one module to be statically
      linked: --with-module=<modtype>:<modfile>,<modtype>:<modfile>,...
      If the <modtype>-subdirectory doesn't exist it will be created and
      populated with a standard Makefile.in.  [Erik Abele]
 
   *) Fix the RPM spec file so that an RPM build now works. An RPM
      build now requires system installations of APR and APR-util.
      Remove some arbitrary moving around of binaries - the RPM now
      maps to the ASF build of httpd.
      [Graham Leggett]
 
   *) mod_dumpio, an I/O logging/dumping module, added to the
      modules/expermimental subdirectory.  [Jim Jagielski]
 
   *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
      library handles special characters.  PR 24437.  [Jess Holle]
 
   *) Win32 MPM: Correct typo in debugging output.  [William Rowe]
 
   *) conf: Remove AddDefaultCharset from the default configuration because
      setting a site-wide default does more harm than good. PR 23421.
      [Roy Fielding]
 
   *) Add charset to example CGI scripts.  [Roy Fielding]
 
   *) mod_ssl: fail quickly if SSL connection is aborted rather than
      making many doomed ap_pass_brigade calls.  PR 32699.  [Joe Orton]
 
   *) Remove compiled-in upper limit on LimitRequestFieldSize.
      [Bill Stoddard]
 
   *) Start keeping track of time-taken-to-process-request again for
      mod_status if ExtendedStatus is enabled. [Jim Jagielski]
 
   *) mod_proxy: Handle client-aborted connections correctly.  PR 32443.
      [Janne Hietamäki, Joe Orton]
 
   *) Fix handling of files >2Gb on all platforms (or builds) where
      apr_off_t is larger than apr_size_t.  PR 28898.  [Joe Orton]
 
   *) mod_include: Fix bug which could truncate variable expansions
      of N*64 characters by one byte.  PR 32985.  [Joe Orton]
 
   *) Correct handling of certain bucket types in ap_save_brigade, fixing
      possible segfaults in mod_cgi with #include virtual.  PR 31247.
      [Joe Orton]
 
   *) Allow for the use of --with-module=foo:bar where the ./modules/foo
      directory is local only. Assumes, of course, that the required
      files are in ./modules/foo, but makes it easier to statically
      build/log "external" modules.  [Jim Jagielski]
 
   *) Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that 
      ldap authorization only modules have access to the util_ldap 
      user cache without having to require ldap authentication as well.  
      PR 31898.  [Jari Ahonen jah progress.com, Brad Nicholes]
 
   *) mod_auth_ldap: Added the directive "Requires ldap-attribute" that
      allows the module to only authorize a user if the attribute value
      specified matches the value of the user object. PR 31913
      [Ryan Morgan <rmorgan pobox.com>]
 
   *) SECURITY: CAN-2004-0942 (cve.mitre.org)
      Fix for memory consumption DoS in handling of MIME folded request
      headers.  [Joe Orton]
 
   *) SECURITY: CAN-2004-0885 (cve.mitre.org)
      mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
      bypassed during an SSL renegotiation.  PR 31505.  
      [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
 
   *) mod_ssl: Fail at startup rather than segfault at runtime if a
      client cert is configured with an encrypted private key.
      PR 24030.  [Joe Orton]
 
   *) apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
      [Joe Orton]
 
   *) mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
      [Jeff Trawick]
  
   *) mod_cache: CacheDisable will only disable the URLs it was meant to
      disable, not all caching. PR 31128.
      [Edward Rudd <eddie omegaware.com>, Paul Querna]
 
   *) mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
      cache responses.  [Justin Erenkrantz]
 
   *) mod_rewrite: Handle per-location rules when r->filename is unset.
      Previously this would segfault or simply not match as expected,
      depending on the platform.  [Jeff Trawick]
 
   *) mod_rewrite: Fix 0 bytes write into random memory position.
      PR 31036. [André Malo]
 
   *) mod_disk_cache: Do not store aborted content.  PR 21492.
      [Rüiger Plü <r.pluem t-online.de>]
 
   *) mod_disk_cache: Correctly store cached content type.  PR 30278.
      [Rüiger Plü <r.pluem t-online.de>]
 
   *) mod_ldap: prevent the possiblity of an infinite loop in the LDAP
      statistics display. PR 29216. [Graham Leggett]
 
   *) mod_ldap: fix a bogus error message to tell the user which file
      is causing a potential problem with the LDAP shared memory cache.
      PR 31431 [Graham Leggett]
 
   *) mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
 
   *) Fix the re-linking issue when purging elements from the LDAP cache
      PR 24801.  [Jess Holle <jessh ptc.com>]
       
   *) mod_disk_cache: Fix races in saving responses.  [Justin Erenkrantz]
 
   *) Fix Expires handling in mod_cache.  [Justin Erenkrantz]
 
   *) Alter mod_expires to run at a different filter priority to allow
      proper Expires storage by mod_cache.  [Justin Erenkrantz]
 
 Changes with Apache 2.0.52
 
   *) Use HTML 2.0 <hr> for error pages. PR 30732 [André Malo]
 
   *) Fix the global mutex crash when the global mutex is never allocated
      due to disabled/empty caches. [Jess Holle <jessh ptc.com>]
 
   *) Fix a segfault in the LDAP cache when it is configured switched
      off. [Jess Holle <jessh ptc.com>]
 
   *) SECURITY: CAN-2004-0811 (cve.mitre.org)
      Fix merging of the Satisfy directive, which was applied to
      the surrounding context and could allow access despite configured
      authentication.  PR 31315.  [Rici Lake <rici ricilake.net>]
 
   *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
      is enabled.  Previously, such urls would still be rejected.
      [Jeff Trawick, Bill Stoddard]
 
   *) mod_mem_cache: Fixed race condition causing segfault because of memory being
      freed twice, or reused after being freed.
      [J. Clar, W. Stoddard, G. Ames]
     
   *) Add -l option to rotatelogs to let it use local time rather than
      UTC.  PR 24417.  [Ken Coar, Uli Zappe <uli ritual.org>]
 
   *) mod_log_config: Fix a bug which prevented request completion time
      from being logged for I_INSIST_ON_EXTRA_CYCLES_FOR_CLF_COMPLIANCE
      processing.  PR 29696.  [Alois Treindl <alois astro.ch>]
 
 Changes with Apache 2.0.51
 
   *) SECURITY: CAN-2004-0786 (cve.mitre.org)
      Fix an input validation issue in apr-util which could be
      triggered by malformed IPv6 literal addresses.  [Joe Orton]
 
   *) SECURITY: CAN-2004-0747 (cve.mitre.org)
      Fix buffer overflow in expansion of environment variables in
      configuration file parsing.  [André Malo]
 
   *) SECURITY: CAN-2004-0809 (cve.mitre.org)
      mod_dav_fs: Fix a segfault in the handling of an indirect lock
      refresh.  PR 31183.  [Joe Orton]
 
   *) mod_include no longer checks for recursion, because that's done
      in the core. This allows for careful usage of recursive SSI.
      [André Malo]
 
   *) Fix memory leak in the cache handling of mod_rewrite. PR 27862.
      [chunyan sheng <shengperson yahoo.com>, André Malo]
 
   *) Include directives no longer refuse to process symlinks on
      directories. Instead there's now a maximum nesting level
      of included directories (128 as distributed). This is configurable
      at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch.
      PR 28492.  [André Malo]
 
   *) Win32: apache -k start|restart|install|config can leave stranded
      piped logger processes (eg, rotatelogs.exe) due to improper
      server shutdown on these code paths.
      [Bill Stoddard]
 
   *) SECURITY: CAN-2004-0751 (cve.mitre.org)
      mod_ssl: Fix a segfault in the SSL input filter which could be
      triggered if using "speculative" mode, for instance by a 
      proxy request to an SSL server.  PR 30134.  [Joe Orton]
 
   *) mod_rewrite: Add %{SSL:...} and %{HTTPS} variable lookups.
      PR 30464.  [Joe Orton, Madhusudan Mathihalli]
 
   *) mod_ssl: Add new 'ssl_is_https' optional function.  [Joe Orton]
 
   *) Prevent CGI script output which includes a Content-Range header
      from being passed through the byterange filter.  [Joe Orton]
 
   *) Satisfy directives now can be influenced by a surrounding <Limit>
      container.  PR 14726.  [André Malo]
 
   *) mod_rewrite now officially supports RewriteRules in <Proxy> sections.
      PR 27985.  [André Malo]
 
   *) mod_disk_cache: Implement binary format for on-disk header files.
      [Brian Akins <bakins web.turner.com>, Justin Erenkrantz]
 
   *) mod_disk_cache: Optimize network performance of disk cache subsystem by
      allowing zero-copy (sendfile) writes and other miscellaneous fixes.
      [Justin Erenkrantz]
 
   *) mod_cache, mod_disk_cache, mod_mem_cache: Refactor cache modules, and
      switch to the provider API instead of hooks.  [Justin Erenkrantz]
 
   *) mod_autoindex: Don't truncate the directory listing if a stat()
      call fails (for instance on a >2Gb file).  PR 17357.
      [Joe Orton]
 
   *) Makefile fix: httpd is linked against LIBS given to the
      'make' invocation.  PR 7882.  [Joe Orton]
 
   *) WinNT MPM: Fix a broken log message at termination.  PR 28063.
      [Eider Oliveira <eider bol.com.br>]
 
   *) Prevent Win32 pool corruption at startup [Allan Edwards]
 
   *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
      chosen SSL environment variable.  PR 20957. 
      [Martin v. Loewis <martin v.loewis.de>]
 
   *) suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
      [Zvi Har'El <rl math.technion.ac.il>]
 
   *) apachectl: Fix a problem finding envvars if sbindir != bindir.
      PR 30723.  [Friedrich Haubensak <hsk imb-jena.de>]
 
   *) mod_ssl: Build on RHEL 3.  PR 18989.  [Justin Erenkrantz]
 
   *) SECURITY: CAN-2004-0748 (cve.mitre.org)
      mod_ssl: Fix a potential infinite loop.  PR 29964.  [Joe Orton]
 
   *) mod_ssl: Avoid startup failure after unclean shutdown if using shmcb.
      PR 18989.  [Joe Orton]
 
   *) mod_userdir: Ensure that the userdir identity is used for
      suexec userdir access in a virtual host which has suexec configured.  
      PR 18156.  [Joshua Slive]
 
   *) mod_rewrite no longer confuses the RewriteMap caches if
      different maps defined in different virtual hosts use the
      same map name. PR 26462.  [André Malo]
 
   *) mod_setenvif: Remove "support" for Remote_User variable which
      never worked at all. PR 25725.  [André Malo]
 
   *) Backport from 2.1 / Regression from 1.3: mod_headers now knows
      again the functionality of the ErrorHeader directive. But instead
      using this misnomer additional flags to the Header directive were
      introduced ("always" and "onsuccess", defaulting to the latter).
      PR 28657.  [André Malo]
 
   *) Use the higher performing 'httpready' Accept Filter on all platforms 
      except FreeBSD < 4.1.1. [Paul Querna]
 
   *) mod_usertrack: Escape the cookie name before pasting into the
      regexp.  [André Malo]
 
   *) Extend the SetEnvIf directive to capture subexpressions of the
      matched value.  [André Malo]
 
   *) Recursive Include directives no longer crash. The server stops
      including configuration files after a certain nesting level (128
      as distributed). This is configurable at compile time using the
      -DAP_MAX_INCLUDE_DEPTH switch. PR 28370.  [André Malo]
 
   *) mod_dir: the trailing-slash behaviour is now configurable using the
      DirectorySlash directive.  [André Malo]
 
   *) Allow proxying of resources that are invoked via DirectoryIndex.
      PR 14648, 15112, 29961.  [André Malo]
 
   *) util_ldap: Switched the lock types on the shared memory cache 
      from thread reader/writer locks to global mutexes in order to 
      provide cross process cache protection. [Brad Nicholes]
      
   *) util_ldap: Reworked the cache locking scheme to eliminate duplicate 
      cache entries in the credentials cache due to race conditions.
      [Brad Nicholes]
      
   *) util_ldap: Enhanced the util_ldap cache-info display to show more 
      detail about the contents and current state of the cache. 
      [Brad Nicholes]
      
   *) Enable the option to support anonymous shared memory in mod_ldap.
      This makes the cache work on Linux again. [Graham Leggett]
 
   *) Enable special ErrorDocument value 'default' which restores the
      canned server response for the scope of the directive.
      [Geoffrey Young, André Malo]
 
   *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
      is set in r->subprocess_env allow mismatched query strings to pass.
      PR 27758.  [Paul Querna, Geoffrey Young]
 
   *) Accept URLs for the ServerAdmin directive. If the supplied
      argument is not recognized as an URL, assume it's a mail address.
      PR 28174.  [André Malo, Paul Querna]
 
   *) initialize server arrays prior to calling ap_setup_prelinked_modules
      so that static modules can push Defines values when registering
      hooks just like DSO modules can ["Philippe M. Chiasson" <gozer cpan.org>]
 
   *) Small fix to allow reverse proxying to an ftp server. Previously
      an attempt to do this would try and connect to 0.0.0.0, regardless
      of the server specified. PR 24922
      [Pascal Terjan <pterjan@linuxfr.org>]
 
   *) Add the NOTICE file to the rpm spec file in compliance with the
      Apache v2.0 license. [Graham Leggett]
  
   *) RPM spec file changes: changed default dependancy to link to db4
      instead of db3. Fixed complaints about unpackaged files.
      [Graham Leggett]
  
 Changes with Apache 2.0.50
 
   *) SECURITY: CAN-2004-0493 (cve.mitre.org)
      Close a denial of service vulnerability identified by Georgi
      Guninski which could lead to memory exhaustion with certain
      input data.  [Jeff Trawick]
 
   *) mod_cgi: Handle output on stderr during script execution on Unix
      platforms; preventing deadlock when stderr output fills pipe buffer.
      Also fixes case where stderr from nph- scripts could be lost.
      PR 22030, 18348.  [Joe Orton, Jeff Trawick]
 
   *) mod_alias now emits a warning if it detects overlapping *Alias*
      directives.  [André Malo]
 
   *) mod_rewrite no longer turns forward proxy requests into reverse proxy
      requests. PR 28125  [ast domdv.de, André Malo]
 
   *) ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now
      exported on Win32 and Netware as well (minor MMN bump).  PR 28523.
      [Edward Rudd <eddie omegaware.com>, André Malo]
 
   *) Restore the ability to disable the use of AcceptEx on Win9x systems
      automatically (broken in 2.0.49). PR 28529.  [André Malo]
 
   *) <VirtualHost myhost> now applies to all IP addresses for myhost
      instead of just the first one reported by the resolver.  This
      corrects a regression since 1.3.  [Jeff Trawick]
 
   *) util_ldap: allow relative paths for LDAPTrustedCA to be resolved
      against ServerRoot PR#26602 [Brad Nicholes]
        
   *) SECURITY: CAN-2004-0488 (cve.mitre.org)
      mod_ssl: Fix a buffer overflow in the FakeBasicAuth code for a
      (trusted) client certificate subject DN which exceeds 6K in length.
      [Joe Orton]
 
   *) mod_dav_fs: Fix MKCOL response for missing parent collections, which 
      caused issues for the Eclipse WebDAV extension.
      PR 29034.  [Joe Orton]
 
   *) mod_deflate: Fix memory consumption (which was proportional to the
      response size).  PR 29318.  [Joe Orton]
 
   *) mod_ssl: Log the errors returned on failure to load or initialize
      a crypto accelerator engine.  [Joe Orton]
 
   *) Allow RequestHeader directives to be conditional. PR 27951.
      [Vincent Deffontaines <vincent gryzor.com>, André Malo]
 
   *) Allow LimitRequestBody to be reset to unlimited. PR 29106
      [André Malo]
 
   *) Fix a bunch of cases where the return code of the regex compiler
      was not checked properly. This affects: mod_setenvif, mod_usertrack,
      mod_proxy, mod_proxy_ftp and core. PR 28218.  [André Malo]
 
   *) mod_ssl: Fix a potential segfault in the 'shmcb' session cache for
      small cache sizes.  PR 27751.  [Geoff Thorpe <geoff geoffthorpe.net>]
 
   *) Remove 2Gb log file size restriction on some 32-bit platforms.
      PR 13511.  [Joe Orton]
 
   *) mod_logio no longer removes the EOS bucket. PR 27928.
      [Bojan Smojver <bojan rexursive.com>]
 
   *) htpasswd no longer refuses to process files that contain empty
      lines.  [André Malo]
 
   *) Regression from 1.3: At startup, suexec now will be checked for
      availability, the setuid bit and user root. The works only if
      httpd is compiled with the shipped APR version (0.9.5).
      PR 28287.  [André Malo]
 
   *) Unix MPMs: Stop dropping connections when the file descriptor
      is at least FD_SETSIZE.  [Jeff Trawick]
 
   *) Fix handling of IPv6 numeric strings in mod_proxy.  [Jeff Trawick]
 
   *) mod_isapi: send_response_header() failed to copy status string's 
      last character.  PR 20619.  [Jesse Pelton <jsp pkc.com>]
 
   *) Fix a segfault when requests for shared memory fails and returns
      NULL. Fix a segfault caused by a lack of bounds checking on the
      cache.  PR 24801.  [Graham Leggett]
 
   *) Throw an error message if an attempt is made to use the LDAPTrustedCA
      or LDAPTrustedCAType directives in a VirtualHost. PR 26390
      [Brad Nicholes]
 
   *) Fix a potential segfault if the bind password in the LDAP cache
      is NULL.  PR 28250.  [Jari Ahonen <jah progress.com>]
 
   *) Quotes cannot be used around require group and require dn
      directives, update the documentation to reflect this. Also add
      quotes around the dn and group within debug messages, to make it
      more obvious why authentication is failing if quotes are used in
      error.  PR 19304.  [Graham Leggett]
 
   *) The Microsoft LDAP SDK escapes filters for us, stop util_ldap
      from escaping filters twice when the backslash character is used.
      PR 24437.  [Jess Holle <jessh ptc.com>]
 
   *) Overhaul handling of LDAP error conditions, so that the util_ldap_*
      functions leave the connections in a sane state after errors have
      occurred. PR 27748, 17274, 17599, 18661, 21787, 24595, 24683, 27134,
      27271 [Graham Leggett]
                                                                                 
   *) mod_ldap calls ldap_simple_bind_s() to validate the user
      credentials.  If the bind fails, the connection is left
      in an unbound state.  Make sure that the ldap connection
      record is updated to show that the connection is no longer
      bound. [Brad Nicholes]
 
   *) Ensure that lines in the request which are too long are 
      properly terminated before logging.
      [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
 
   *) Update the bind credentials for the cached LDAP connection to 
      reflect the last bind.  This prevents util_ldap from creating 
      unnecessary connections rather than reusing cached connections.
      [Brad Nicholes]
      
   *) mod_isapi: GetServerVariable returned improperly terminated header 
      fields given "ALL_HTTP" or "ALL_RAW".  PR 20656.
      [Jesse Pelton <jsp pkc.com>]
 
   *) mod_isapi: GetServerVariable("ALL_RAW") returned the wrong buffer
      size.  PR 20617.  [Jesse Pelton <jsp pkc.com>]
 
   *) mod_dav: Fix a problem that could cause crashes when manipulating 
      locks on some platforms.  [Jeff Trawick]
 
   *) mod_headers no longer crashes if an empty header value should
      be added.  [André Malo]
 
   *) Fix segfault in mod_expires, which occured under certain
      circumstances. PR 28047.  [André Malo]
 
   *) htpasswd: use apr_temp_dir_get() and general cleanup
      [Guenter Knauf <eflash gmx.net>, Thom May]
 
   *) mod_ssl: Fix memory leak in session cache handling.  PR 26562
      [Madhusudan Mathihalli]
 
   *) mod_ssl: Fix potential segfaults when performing SSL shutdown from
      a pool cleanup.  PR 27945.  [Joe Orton]
 
   *) Add forensic logging module (mod_log_forensic).
      [Ben Laurie]
 
   *) logresolve: Allow size of log line buffer to be overridden at
      build time (MAXLINE).  PR 27793.  [Jeff Trawick]
 
   *) Fix the comment delimiter in htdbm so that it correctly parses the 
      username comment.  Also add a terminate function to allow NetWare 
      to pause the output before the screen is destroyed.
      [Guenter Knauf <eflash gmx.net>, Brad Nicholes] 
   
   *) Fix crash when Apache was started with no Listen directives.
      [Michael Corcoran <mcorcoran warpsolutions.com>]
 
   *) core_output_filter: Fix bug that could result in sending
      garbage over the network when module handlers construct
      bucket brigades containing multiple file buckets all referencing
      the same open file descriptor. [Bojan Smojver]
 
   *) Fix memory corruption problem with ap_custom_response() function.
      The core per-dir config would later point to request pool data
      that would be reused for different purposes on different requests.
      [Jeff Trawick, based on an old 1.3 patch submitted by Will Lowe]
 
   *) Win32: Tweak worker thread accounting routines to eliminate
      server hang when number of Listen directives in httpd.conf
      is greater than or equal to the setting of ThreadsPerChild.
      [Bill Stoddard]
 
 Changes with Apache 2.0.49
 
   *) SECURITY: CAN-2004-0174 (cve.mitre.org)
      Fix starvation issue on listening sockets where a short-lived
      connection on a rarely-accessed listening socket will cause a
      child to hold the accept mutex and block out new connections until
      another connection arrives on that rarely-accessed listening socket.
      With Apache 2.x there is no performance concern about enabling the 
      logic for platforms which don't need it, so it is enabled everywhere
      except for Win32.  [Jeff Trawick]
 
   *) mod_cgid: Fix storage corruption caused by use of incorrect pool.
      [Jeff Trawick]
 
   *) Win32: find_read_listeners was not correctly handling multiple
      listeners on the Win32DisableAcceptEx path.  [Bill Stoddard]
 
   *) Fix bug in mod_usertrack when no CookieName is set.  PR 24483.
      [Manni Wood <manniwood planet-save.com>]
 
   *) Fix some piped log problems: bogus "piped log program '(null)'
      failed" messages during restart and problem with the logger
      respawning again after Apache is stopped.  PR 21648, PR 24805.
      [Jeff Trawick]
 
   *) Fixed file extensions for real media files and removed rpm extension
      from mime.types. PR 26079.  [Allan Sandfeld <kde carewolf.com>]
 
   *) Remove compile-time length limit on request strings. Length is
      now enforced solely with the LimitRequestLine config directive.
      [Paul J. Reder]
 
   *) mod_ssl: Send the Close Alert message to the peer before closing
      the SSL session.  PR 27428.  [Madhusudan Mathihalli, Joe Orton]
 
   *) SECURITY: CVE-2004-0113 (cve.mitre.org)
      mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
      PR 27106.  [Joe Orton]
 
   *) mod_ssl: Fix bug in passphrase handling which could cause spurious
      failures in SSL functions later.  PR 21160.  [Joe Orton]
 
   *) mod_log_config: Fix corruption of buffered logs with threaded
      MPMs.  PR 25520.  [Jeff Trawick]
 
   *) Fix mod_include's expression parser to recognize strings correctly
      even if they start with an escaped token.  [André Malo]
 
   *) Add fatal exception hook for use by diagnostic modules.  The hook
      is only available if the --enable-exception-hook configure parm 
      is used and the EnableExceptionHook directive has been set to 
      "on".  [Jeff Trawick]
 
   *) Allow mod_auth_digest to work with sub-requests with different
      methods than the original request.  PR 25040.
      [Josh Dady <jpd indecisive.com>]
 
   *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
      argumentless containers.
      ["Philippe M. Chiasson" <gozer cpan.org>]
 
   *) mod_auth_ldap: Fix some segfaults in the cache logic.  PR 18756.
      [Matthieu Estrade <apache moresecurity.org>, Brad Nicholes]
 
   *) mod_cgid: Restart the cgid daemon if it crashes.  PR 19849
      [Glenn Nielsen <glenn apache.org>]
 
   *) The whole codebase was relicensed and is now available under
      the Apache License, Version 2.0 (http://www.apache.org/licenses).
      [Apache Software Foundation]
 
   *) Fixed cache-removal order in mod_mem_cache.
      [Jean-Jacques Clar, Cliff Woolley]
 
   *) mod_setenvif: Fix the regex optimizer, which under circumstances
      treated the supplied regex as literal string. PR 24219.
      [André Malo]
 
   *) ap_mpm.h: Fix include guard of ap_mpm.h to reference mpm
      instead of mmn. [André Malo]
 
   *) mod_rewrite: Catch an edge case, where strange subsequent RewriteRules
      could lead to a 400 (Bad Request) response.  [André Malo]
 
   *) Keep focus of ITERATE and ITERATE2 on the current module when
      the module chooses to return DECLINE_CMD for the directive.
      PR 22299.  [Geoffrey Young <geoff apache.org>]
 
   *) Add support for IMT minor-type wildcards (e.g., text/*) to
      ExpiresByType.  PR#7991  [Ken Coar]
 
   *) Fix segfault in mod_mem_cache cache_insert() due to cache size
      becoming negative.  PR: 21285, 21287
      [Bill Stoddard, Massimo Torquati, Jean-Jacques Clar]
 
   *) core.c: If large file support is enabled, allow any file that is
      greater than AP_MAX_SENDFILE to be split into multiple buckets.
      This allows Apache to send files that are greater than 2gig.
      Otherwise we run into 32/64 bit type mismatches in the file size.
      [Brad Nicholes]
 
   *) proxy_http fix: mod_proxy hangs when both KeepAlive and
      ProxyErrorOverride are enabled, and a non-200 response without a
      body is generated by the backend server. (e.g.: a client makes a
      request containing the "If-Modified-Since" and "If-None-Match"
      headers, to which the backend server respond with status 304.)
      [Graham Wiseman <gwiseman fscinternet.com>, Richard Reiner]
 
   *) mod_dav: Reject requests which include an unescaped fragment in the
      Request-URI.  PR 21779.  [Amit Athavale <amit_athavale lycos.com>]
 
   *) Build array of allowed methods with proper dimensions, fixing
      possible memory corruption.  [Jeff Trawick]
 
   *) mod_ssl: Fix potential segfault on lookup of SSL_SESSION_ID.
      PR 15057.  [Otmar Lendl <lendl nic.at>]
 
   *) mod_ssl: Fix streaming output from an nph- CGI script. PR 21944
      [Joe Orton]
 
   *) mod_usertrack no longer inspects the Cookie2 header for
      the cookie name. PR 11475.  [Chris Darrochi <chrisd pearsoncmg.com>]
 
   *) mod_usertrack no longer overwrites other cookies.
      PR 26002.  [Scott Moore <apache nopdesign.com>]
 
   *) worker MPM: fix stack overlay bug that could cause the parent
      process to crash.  [Jeff Trawick]
 
   *) Win32: Add Win32DisableAcceptEx directive. This Windows
      NT/2000/CP directive is useful to work around bugs in some 
      third party layered service providers like virus scanners, 
      VPN and firewall products, that do not properly handle 
      WinSock 2 APIs.  Use this directive if your server is issuing
      AcceptEx failed messages.
      [Allan Edwards, Bill Rowe, Bill Stoddard, Jeff Trawick]
 
   *) Make REMOTE_PORT variable available in mod_rewrite.
      PR 25772.  [André Malo]
 
   *) Fix a long delay with CGI requests and keepalive connections on
      AIX.  [Jeff Trawick]
 
   *) mod_autoindex: Add 'XHTML' option in order to allow switching between
      HTML 3.2 and XHTML 1.0 output. PR 23747.  [André Malo]
 
   *) Add XHTML Document Type Definitions to httpd.h (minor MMN bump).
      [André Malo]
 
   *) mod_ssl: Advertise SSL library version as determined at run-time rather
      than at compile-time.  PR 23956.  [Eric Seidel <seidel apple.com>]
 
   *) mod_ssl: Fix segfault on a non-SSL request if the 'c' log
      format code is used.  PR 22741.  [Gary E. Miller <gem rellim.com>]
 
   *) Fix build with parallel make.  PR 24643.  [Joe Orton]
 
   *) mod_rewrite: In external rewrite maps lookup keys containing
      a newline now cause a lookup failure. PR 14453.
      [Cedric Gavage <cedric.gavage unixtech.be>, André Malo]
 
   *) Backport major overhaul of mod_include's filter parser from 2.1.
      The new parser code is expected to be more robust and should
      catch all of the edge cases that were not handled by the previous one.
      The 2.1 external API changes were hidden by a wrapper which is
      expected to keep the API backwards compatible.  [André Malo]
 
   *) Add a hook (insert_error_filter) to allow filters to re-insert
      themselves during processing of error responses. Enable mod_expires
      to use the new hook to include Expires headers in valid error
      responses. This addresses an RFC violation. It fixes PRs 19794,
      24884, and 25123. [Paul J. Reder]
 
   *) Add Polish translation of error messages.  PR 25101.
      [Tomasz Kepczynski <tomek jot23.org>]
 
   *) Add AP_MPMQ_MPM_STATE function code for ap_mpm_query. (Not yet
      supported for BeOS or OS/2 MPMs.)  [Jeff Trawick, Brad Nicholes,
      Bill Stoddard]
 
   *) Add mod_status hook to allow modules to add to the mod_status
      report.  [Joe Orton]
 
   *) Fix htdbm to generate comment fields in DBM files correctly.
      [Justin Erenkrantz]
 
   *) mod_dav: Use bucket brigades when reading PUT data. This avoids
      problems if the data stream is modified by an input filter. PR 22104.
      [Tim Robbins <tim robbins.dropbear.id.au>, André Malo]
 
   *) Fix RewriteBase directive to not add double slashes.  [André Malo]
 
   *) Improve 'configure --help' output for some modules.  [Astrid Keßler]
 
   *) Correct UseCanonicalName Off to properly check incoming port number.
      [Jim Jagielski]
 
   *) Fix slow graceful restarts with prefork MPM.  [Joe Orton]
 
   *) Fix a problem with namespace mappings being dropped in mod_dav_fs;
      if any property values were set which defined namespaces these
      came out mangled in the PROPFIND response.  PR 11637.
      [Amit Athavale <amit_athavale persistent.co.in>]
 
   *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
      the destination resource gives a 401.  PR 15571.  [Joe Orton]
 
   *) SECURITY: CVE-2003-0020 (cve.mitre.org)
      Escape arbitrary data before writing into the errorlog. Unescaped
      errorlogs are still possible using the compile time switch
      "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, André Malo]
 
   *) mod_autoindex / core: Don't fail to show filenames containing
      special characters like '%'. PR 13598.  [André Malo]
  
   *) mod_status: Report total CPU time accurately when using a threaded
      MPM.  PR 23795.  [Jeff Trawick]
 
   *) Fix memory leak in handling of request bodies during reverse
      proxy operations.  PR 24991. [Larry Toppi <larry.toppi citrix.com>]
 
   *) Win32 MPM: Implement MaxMemFree to enable setting an upper
      limit on the amount of storage used by the bucket brigades
      in each server thread. [Bill Stoddard]
 
   *) Modified the cache code to be header-location agnostic. Also
      fixed a number of other cache code bugs related to PR 15852.
      Includes a patch submitted by Sushma Rai <rsushma novell.com>.
      This fixes mod_mem_cache but not mod_disk_cache yet so I'm not
      closing the PR since that is what they are using. [Paul J. Reder]
 
   *) complain via error_log when mod_include's INCLUDES filter is
      enabled, but the relevant Options flag allowing the filter to run
      for the specific resource wasn't set, so that the filter won't
      silently get skipped. next remove itself, so the warning will be
      logged only once [Stas Bekman, Jeff Trawick, Bill Rowe]
 
   *) mod_info: HTML escape configuration information so it displays 
      correctly. PR 24232. [Thom May]
      
   *) Restore the ability to add a description for directories that
      don't contain an index file.  (Broken in 2.0.48) [André Malo]
 
   *) Fix a problem with the display of empty variables ("SetEnv foo") in
      mod_include.  PR 24734  [Markus Julen <mj zermatt.net>]
 
   *) mod_log_config: Log the minutes component of the timezone correctly.
      PR 23642.  [Hong-Gunn Chew <hgbug gunnet.org>]
 
   *) mod_proxy: Fix cases where an invalid status-line could be sent 
      to the client.  PR 23998.  [Joe Orton]
 
   *) mod_ssl: Fix segfaults at startup if other modules which use OpenSSL
      are also loaded.  [Joe Orton]
 
   *) mod_ssl: Use human-readable OpenSSL error strings in logs; use
      thread-safe interface for retrieving error strings.  [Joe Orton]
 
   *) mod_expires: Initialize ExpiresDefault to NULL instead of "" to
      avoid reporting an Internal Server error if it is used without
      having been set in the httpd.conf file. PR: 23748, 24459
      [Andre Malo, Liam Quinn  <liam htmlhelp.com>]
 
   *) mod_autoindex: Don't omit the <tr> start tag if the SuppressIcon
      option is set. PR 21668.  [Jesse Tie-Ten-Quee <highos highos.com>]
 
   *) mod_include no longer allows an ETag header on 304 responses.
      PR 19355. [Geoffrey Young <geoff apache.org>, André Malo]
 
   *) EBCDIC: Convert header fields to ASCII before sending (broken
      since 2.0.44). [Martin Kraemer]
 
   *) Fix the inability to log errors like exec failure in
      mod_ext_filter/mod_cgi script children.  This was broken after 
      such children stopped inheriting the error log handle.  
      [Jeff Trawick]
 
   *) Fix mod_info to use the real config file name, not the default
      config file name.  [Aryeh Katz <aryeh secured-services.com>]
 
   *) Set the scoreboard state to indicate logging prior to running 
      logging hooks so that server-status will show 'L' for hung loggers
      instead of 'W'.  [Jeff Trawick]
 
 Changes with Apache 2.0.48
 
   *) SECURITY: CAN-2003-0789 (cve.mitre.org)
      mod_cgid: Resolve some mishandling of the AF_UNIX socket used to
      communicate with the cgid daemon and the CGI script.
      [Jeff Trawick]
 
   *) SECURITY: CAN-2003-0542 (cve.mitre.org)
      Fix buffer overflows in mod_alias and mod_rewrite which occurred
      if one configured a regular expression with more than 9 captures.
      [André Malo]
 
   *) mod_include: fix segfault which occured if the filename was not
      set, for example, when processing some error conditions.
      PR 23836.  [Brian Akins <bakins web.turner.com>, André Malo]
 
   *) fix the config parser to support <Foo>..</Foo> containers (no
      arguments in the opening tag) supported by httpd 1.3. Without
      this change mod_perl 2.0's <Perl> sections are broken.
      ["Philippe M. Chiasson" <gozer cpan.org>]
 
   *) mod_cgid: fix a hash table corruption problem which could
      result in the wrong script being cleaned up at the end of a
      request.  [Jeff Trawick]
 
   *) Update httpd-*.conf to be clearer in describing the connection
      between AddType and AddEncoding for defining the meaning of
      compressed file extensions. [Roy Fielding]
 
   *) mod_rewrite: Don't die silently when failing to open RewriteLogs.
      PR 23416.  [André Malo]
 
   *) mod_rewrite: Fix mod_rewrite's support of the [P] option to send
      rewritten request using "proxy:". The code was adding multiple "proxy:"
      fields in the rewritten URI. PR: 13946.
      [Eider Oliveira <eider bol.com.br>]
 
   *) cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and
      expires as directed in RFC 2616. [Thomas Castelle <tcastelle generali.fr>]
 
   *) Ensure that ssl-std.conf is generated at configure time, and switch
      to using the expanded config variables to work the same as
      httpd-std.conf PR: 19611
      [Thom May]
 
   *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
      [Hartmut Keil <Hartmut.Keil adnovum.ch>]
 
   *) mod_autoindex: If a directory contains a file listed in the
      DirectoryIndex directive, the folder icon is no longer replaced
      by the icon of that file. PR 9587.
      [David Shane Holden <dpejesh yahoo.com>]
 
   *) Fixed mod_usertrack to not get false positive matches on the
      user-tracking cookie's name.  PR 16661.
      [Manni Wood <manniwood planet-save.com>]
 
   *) mod_cache: Fix the cache code so that responses can be cached
      if they have an Expires header but no Etag or Last-Modified
      headers. PR 23130.
      [<bjorn exoweb.net>]
 
   *) mod_log_config: Fix %b log format to write really "-" when 0 bytes
      were sent (e.g. with 304 or 204 response codes).  [Astrid Keßler]
 
   *) Modify ap_get_client_block() to note if it has seen EOS.
      [Justin Erenkrantz]
 
   *) Fix a bug, where mod_deflate sometimes unconditionally compressed the
      content if the Accept-Encoding header contained only other tokens than
      "gzip" (such as "deflate"). PR 21523.  [Joe Orton, André Malo]
 
   *) Avoid an infinite recursion, which occured if the name of an included
      config file or directory contained a wildcard character. PR 22194.
      [André Malo]
 
   *) mod_ssl: Fix a problem setting variables that represent the
      client certificate chain.  PR 21371  [Jeff Trawick]
 
   *) Unix: Handle permissions settings for flock-based mutexes in 
      unixd_set_global|proc_mutex_perms().  Allow the functions to be
      called for any type of mutex.  PR 20312  [Jeff Trawick]
 
   *) ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
 
   *) Fix a misleading message from the some of the threaded MPMs when 
      MaxClients has to be lowered due to the setting of ServerLimit.  
      [Jeff Trawick]
 
   *) Lower the severity of the "listener thread didn't exit" message
      to debug, as it is of interest only to developers.  PR 9011
      [Jeff Trawick]
 
   *) MPMs: The bucket brigades subsystem now honors the MaxMemFree setting.
      [Cliff Woolley, Jean-Jacques Clar]
 
   *) Install config.nice into the build/ directory to make
      minor version upgrades easier. [Joshua Slive]
 
   *) Fix mod_deflate so that it does not call deflate() without checking
      first whether it has something to deflate. (Currently this causes
      deflate to generate a fatal error according to the zlib spec.)
      PR 22259. [Stas Bekman]
 
   *) mod_ssl: Fix FakeBasicAuth for subrequest.  Log an error when an
      identity spoof is encountered.
      [Sander Striker]
 
   *) mod_rewrite: Ignore RewriteRules in .htaccess files if the directory
      containing the .htaccess file is requested without a trailing slash.
      PR 20195.  [André Malo]
 
   *) ab: Overlong credentials given via command line no longer clobber
      the buffer.  [André Malo]
 
   *) mod_deflate: Don't attempt to hold all of the response until we're
      done.  [Justin Erenkrantz]
 
   *) Assure that we block properly when reading input bodies with SSL.
      PR 19242.  [David Deaves <David.Deaves dd.id.au>, William Rowe]
 
   *) Update mime.types to include latest IANA and W3C types.  [Roy Fielding]
 
   *) mod_ext_filter: Set additional environment variables for use by
      the external filter.  PR 20944.  [Andrew Ho, Jeff Trawick]
 
   *) Fix buildconf errors when libtool version changes.  [Jeff Trawick]
 
   *) Remember an authenticated user during internal redirects if the
      redirection target is not access protected and pass it
      to scripts using the REDIRECT_REMOTE_USER environment variable.
      PR 10678, 11602.  [André Malo]
 
   *) mod_include: Fix a trio of bugs that would cause various unusual
      sequences of parsed bytes to omit portions of the output stream.
      PR 21095. [Ron Park <ronald.park cnet.com>, André Malo, Cliff Woolley]
 
   *) Update the header token parsing code to allow LWS between the
      token word and the ':' seperator.  [PR 16520]
      [Kris Verbeeck <kris.verbeeck advalvas.be>, Nicel KM <mnicel yahoo.com>]
 
   *) Eliminate creation of a temporary table in ap_get_mime_headers_core()
      [Joe Schaefer <joe+gmane sunstarsys.com>]
 
   *) Added FreeBSD directory layout. PR 21100.
      [Sander Holthaus <info orangexl.com>, André Malo]
 
   *) Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP
      response. PR 21085. [Glenn Nielsen <glenn apache.org>, André Malo]
 
   *) mod_rewrite: Perform child initialization on the rewrite log lock.
      This fixes a log corruption issue when flock-based serialization
      is used (e.g., FreeBSD).  [Jeff Trawick]
 
   *) Don't respect the Server header field as set by modules and CGIs.
      As with 1.3, for proxy requests any such field is from the origin
      server; otherwise it will have our server info as controlled by
      the ServerTokens directive.  [Jeff Trawick]
 
 Changes with Apache 2.0.47
 
   *) SECURITY: CAN-2003-0192 (cve.mitre.org)
      Fixed a bug whereby certain sequences of per-directory
      renegotiations and the SSLCipherSuite directive being used to
      upgrade from a weak ciphersuite to a strong one could result in
      the weak ciphersuite being used in place of the strong one.  
      [Ben Laurie]
 
   *) SECURITY: CAN-2003-0253 (cve.mitre.org)
      Fixed a bug in prefork MPM causing temporary denial of service
      when accept() on a rarely accessed port returns certain errors.
      Reported by Saheed Akhtar <S.Akhtar talis.com>.  [Jeff Trawick]
 
   *) SECURITY: CAN-2003-0254 (cve.mitre.org)
      Fixed a bug in ftp proxy causing denial of service when target
      host is IPv6 but proxy server can't create IPv6 socket.  Fixed by
      the reporter.  [Yoshioka Tsuneo <tsuneo.yoshioka f-secure.com>]
 
   *) SECURITY [VU#379828] Prevent the server from crashing when entering
      infinite loops. The new LimitInternalRecursion directive configures
      limits of subsequent internal redirects and nested subrequests, after
      which the request will be aborted.  PR 19753 (and probably others).
      [William Rowe, Jeff Trawick, André Malo]
 
   *) core_output_filter: don't split the brigade after a FLUSH bucket if
      it's the last bucket.  This prevents creating unneccessary empty
      brigades which may not be destroyed until the end of a keepalive
      connection.
      [Juan Rivera <Juan.Rivera citrix.com>]
 
   *) Add support for "streamy" PROPFIND responses.
      [Ben Collins-Sussman <sussman collab.net>]
 
   *) mod_cgid: Eliminate a double-close of a socket.  This resolves
      various operational problems in a threaded MPM, since on the
      second attempt to close the socket, the same descriptor was
      often already in use by another thread for another purpose.
      [Jeff Trawick]
 
   *) mod_negotiation: Introduce "prefer-language" environment variable,
      which allows to influence the negotiation process on request basis
      to prefer a certain language.  [André Malo]
 
   *) Make mod_expires' ExpiresByType work properly, including for
      dynamically-generated documents.  [Ken Coar, Bill Stoddard]
 
 Changes with Apache 2.0.46
 
   *) SECURITY: CAN-2003-0245 (cve.mitre.org)
      Fixed a bug causing apr_pvsprintf() to crash by sending an overly
      long string.  This can be triggered remotely through mod_dav,
      mod_ssl, and other mechanisms.
      Reported by David Endler <DEndler iDefense.com>.  [Joe Orton]
 
   *) SECURITY: CAN-2003-0189 (cve.mitre.org)
      Fixed a denial-of-service vulnerability affecting basic
      authentication on Unix platforms related to thread-safety in
      apr_password_validate().
      Reported by John Hughes <john.hughes entegrity.com>.
 
   *) Fix for mod_dav.  Call the 'can_be_activity' callback, if provided,
      when a MKACTIVITY request comes in.
      [Ben Collins-Sussman <sussman collab.net>]
 
   *) Perform run-time query in apxs for apr and apr-util's includes.
      [Justin Erenkrantz]
 
   *) run libtool from the apr install directory (in case that is different
      from the apache install directory) [Jeff Trawick]
 
   *) configure.in: Play nice with libtool-1.5. [Wilfredo Sanchez]
 
   *) If mod_mime_magic does not know the content-type, do not attempt to
      guess.  PR 16908.  [Andrew Gapon <agapon telcordia.com>]
 
   *) ssl session caching(shmht) : Fix a SEGV problem with SHMHT session
      caching. PR 17864.
      [Andreas Leimbacher <andreasl67 yahoo.de>, Madhusudan Mathihalli]
 
   *) Add a delete flag to htpasswd.
      [Thom May]
 
   *) Fix mod_rewrite's handling of absolute URIs. The escaping routines
      now work scheme dependent and the query string will only be
      appended if supported by the particular scheme.  [André Malo]
 
   *) Add another check for already compressed content in mod_deflate.
      PR 19913. [Tsuyoshi SASAMOTO <nazonazo super.win.ne.jp>]
 
   *) Fixes for VPATH builds; copying special.mk and any future .mk files 
      from the source tree as well as the build tree (now creates a usable
      configuration for apxs), and eliminated redundant -I'nclude paths.
      [William Rowe]
 
   *) Code fixes, constness corrections and ssl_toolkit_compat.h updates
      for SSLC and OpenSSL toolkit compatibility.  Still work remains to
      be done to cripple features based on the limitations of RSA's binary 
      distribution of their SSL-C toolkit.
      [William Rowe, Madhusudan Mathihalli, Jeff Trawick]
 
   *) Linux 2.4+: If Apache is started as root and you code 
      CoreDumpDirectory, coredumps are enabled via the prctl() syscall.
      [Greg Ames]
 
   *) ap_get_mime_headers_core: allocate space for the trailing null
      when folding is in effect.
      PR 18170 [Peter Mayne <PeterMayne SPAM_SUX.ap.spherion.com>]
 
   *) Fix --enable-mods-shared=most and other variants.  [Aaron Bannert]
 
   *) mod_log_config: Add the ability to log the id of the thread 
      processing the request via new %P formats.  [Jeff Trawick]
 
   *) Use appropriate language codes for Czech (cs) and Traditional Chinese
      (zh-tw) in default config files. PR 9427.  [André Malo]
 
   *) mod_auth_ldap: Use generic whitespace character class when parsing
      "require" directives, instead of literal spaces only. PR 17135.
      [André Malo]
 
   *) Hook mod_rewrite's type checker before mod_mime's one. That way the
      RewriteRule [T=...] Flag should work as expected now. PR 19626.
      [André Malo]
 
   *) htpasswd: Check the processed file on validity. If a line is not empty
      and not a comment, it must contain at least one colon. Otherwise exit
      with error code 7. [Kris Verbeeck <Kris.Verbeeck ubizen.com>, Thom May]
 
   *) Fix a problem that caused httpd to be linked with incorrect flags
      on some platforms when mod_so was enabled by default, breaking 
      DSOs on AIX.  PR 19012  [Jeff Trawick]
 
   *) By default, use the same CC and CPP with which APR was built.
      The user can override with CC and CPP environment variables.
      [Jeff Trawick]
 
   *) Fix ap_construct_url() so that it surrounds IPv6 literal address
      strings with [].  This fixes certain types of redirection.
      PR 19207.  [Jeff Trawick]
 
   *) forward port of buffer overflow fixes for htdigest. [Thom May]
 
   *) Added AllowEncodedSlashes directive to permit control of whether
      the server will accept encoded slashes ('%2f') in the URI path.
      Default condition is off (the historical behaviour).  This permits
      environments in which the path-info needs to contain encoded
      slashes.  PR 543, 2389, 3581, 3589, 5687, 7066, 7865, 14639.  [Ken Coar]
 
   *) When using Redirect in directory context, append requested query
      string if there's no one supplied by configuration. PR 10961.
      [André Malo]
 
   *) Unescape the supplied wildcard pattern in mod_autoindex. Otherwise
      the pattern will not always match as desired. PR 12596.
      [André Malo]
 
   *) mod_autoindex now emits and accepts modern query string parameter
      delimiters (;). Thus column headers no longer contain unescaped
      ampersands. PR 10880  [André Malo]
 
   *) Enable ap_sock_disable_nagle for Windows. This along with the 
      addition of APR_TCP_NODELAY_INHERITED to apr.hw will cause Nagle 
      to be disabled for Windows. [Allan Edwards]
 
   *) Correct a mis-correlation between mpm_common.c and mpm_common.h;
      This patch reverts us to pre-2.0.46 behavior, using the 
      ap_sock_disable_nagle noop macro, because ap_sock_disable_nagle 
      was never compiled on Win32. [Allan Edwards, William Rowe]
 
   *) Fix a build problem with passing unsupported --enable-layout
      args to apr and apr-util.  This broke binbuild.sh as well as
      user-specified layout parameters.  PR 18649 [Justin Erenkrantz,
      Jeff Trawick]
 
   *) If a Date response header was already set in the headers array,
      this value was ignored in favour of the current time. This meant
      that Date headers on proxied requests where rewritten when they
      should not have been. PR: 14376 [Graham Leggett]
 
   *) Add code to buildconf that produces an httpd.spec file from
      httpd.spec.in, using build/get-version.sh from APR.
      [Graham Leggett]
 
   *) Fixed a segfault when multiple ProxyBlock directives were used.
      PR: 19023 [Sami Tikka <sami.tikka f-secure.com>]
 
   *) SECURITY: CAN-2003-0134 (cve.mitre.org)
      OS2: Fix a Denial of Service vulnerability identified and
      reported by Robert Howard <rihoward rawbw.com> that where device
      names faulted the running OS2 worker process.  The fix is
      actually in APR 0.9.4.  [Brian Havard]
 
   *) Forward port: Escape special characters (especially control
      characters) in mod_log_config to make a clear distinction between
      client-supplied strings (with special characters) and server-side
      strings. This was already introduced in version 1.3.25.
      [André Malo]
 
   *) mod_deflate: Check also err_headers_out for an already set
      Content-Encoding: gzip header. This prevents gzip compressed content
      from a CGI script from being compressed once more. PR 17797.
      [André Malo]
 
 Changes with Apache 2.0.45
 
   *) Fix possible segfaults under obscure error conditions within the
      cgid daemon.  [Jeff Trawick, William Rowe]
 
   *) SECURITY: CAN-2003-0132 (cve.mitre.org)
      Close a Denial of Service vulnerability identified by David
      Endler <DEndler iDefense.com> on all platforms.  An unlimited
      stream of newlines were acceptable between requests where each
      <lf> would allocate an 80 byte buffer, leading very quickly to
      memory exahustion.  [Brian Pane]
 
   *) Added an rpm build script.
      [Graham Leggett, Joe Orton <jorton redhat.com>]
 
   *) Simpler, faster code path for request header scanning  [Brian Pane]
 
   *) SECURITY:  Eliminated leaks of several file descriptors to child
      processes, such as CGI scripts.  This fix depends on the APR library 
      release 0.9.2 or later (0.9.3 was distributed with the httpd 
      source tarball for Apache 2.0.45.)  PR 17206
      [Christian Kratzer <ck cksoft.de>, Bjoern A. Zeeb <bz zabbadoz.net>]
 
   *) Fix path handling of mod_rewrite, especially on non-unix systems.
      There was some confusion between local paths and URL paths.
      PR 12902.  [André Malo]
 
   *) Prevent endless loops of internal redirects in mod_rewrite by
      aborting after exceeding a limit of internal redirects. The
      limit defaults to 10 and can be changed using the RewriteOptions
      directive. PR 17462.  [André Malo]
 
   *) Win32: Avoid busy wait (consuming all the CPU idle cycles) when
      all worker threads are busy. 
      [Igor Nazarenko <igor_nazarenko hotmail.com>]
 
   *) Keep the subrequest filter in place when a subrequest is 
      redirected.  PR 15423.  [Jeff Trawick]
 
   *) you can now specify the compression level for mod_deflate. 
      [Ian Holsman, Stephen Pierzchala <stephen pierzchala.com>, 
      Michael Schroepl <Michael.Schroepl telekurs.de>]
 
   *) mod_deflate: Extend the DeflateFilterNote directive to
      allow accurate logging of the filter's in- and outstream.
      [André Malo]
 
   *) Allow SSLMutex to select/use the full range of APR locking
      mechanisms available to it. Also, fix the bug that SSLMutex uses
      APR_LOCK_DEFAULT no matter what.  PR 8122  [Jim Jagielski,
      Martin Kutschker <martin.t.kutschker blackbox.net>]
 
   *) Restore the ability of htdigest.exe to create files that contain
      more than one user. PR 12910.  [André Malo]
 
   *) Improve binary compatibility of the core between debug (aka
      maintainer-mode) and a non-debug compile.
      [Sander Striker]
 
   *) mod_usertrack: don't set the cookie in subrequests. This works
      around the problem that cookies were set twice during fast internal
      redirects. PR 13211.  [André Malo]
 
   *) mod_autoindex no longer forgets output format and enabled version
      sort in linked column headers.  [André Malo]
 
   *) Use .sv instead of .se as extension for Swedish documents in the
      default configuration. PR 12877.  [André Malo]
 
   *) Updated mod_ldap and mod_auth_ldap to support the Novell LDAP SDK SSL
      and standardized the LDAP SSL support across the various LDAP SDKs.  
      Isolated the SSL functionality to mod_ldap rather than speading it 
      across mod_auth_ldap and mod_ldap.  Also added LDAPTrustedCA
      and LDAPTrustedCAType directives to mod_ldap to allow for a more 
      common method of specifying the SSL certificate.
      [Dave Ward, Brad Nicholes]
 
   *) Fixed mod_ssl's SSLCertificateChain initialization to no longer 
      skip the first cert of the chain by default.  This misbehavior 
      was introduced in 2.0.34.  PR 14560  [Madhusudan Mathihalli]
 
   *) mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
      be started on Unix because of such problems as bad permissions,
      bad shebang line, etc.  [Jeff Trawick]
 
   *) Fix 64-bit problem in mod_ssl input logic.  
      [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
 
   *) Fix potential memory leaks in mod_deflate on malformed data.  PR 16046.
      [Justin Erenkrantz]
 
   *) Rewrite ap_xml_parse_input to use bucket brigades.  PR 16134.
      [Justin Erenkrantz]
 
   *) Fix segfault which occurred when a section in an included
      configuration file was not closed. PR 17093.  [André Malo]
 
   *) Enhance the behavior of mod_isapi's WriteClient() callback to
      provide better emulation for isapi modules that presume that the
      first WriteClient() call may send status and headers.  An example
      of WriteClient() abuse is the foxisapi module, which relies on
      that assumpion and now works.  [William Rowe, Milan Kosina]
 
   *) Check the return value of ap_run_pre_connection(). So if the
      pre_connection phase fails (without setting c->aborted)
      ap_run_process_connection is not executed. [Stas Bekman]
 
   *) Fixed a problem with mod_ldap which caused it to fault when caching
      was disabled.  Needed to make sure that the code did not
      attempt to use the cache if it didn't exist. Also fixed some memory
      leaks which were due to not releasing LDAP resources on error
      conditions.  [Brad Nicholes]
      
   *) Hook mod_proxy's fixup before mod_rewrite's fixup, so that by
      mod_rewrite proxied URLs will not be escaped accidentally by
      mod_proxy's fixup. PR 16368  [André Malo]
 
   *) While processing filters on internal redirects, remember seen EOS
      buckets also in the request structure of the redirect issuer(s). This
      prevents filters (such as mod_deflate) from adding garbage to the
      response. PR 14451.  [André Malo]
 
   *) suexec: Be more pedantic when cleaning environment. Clean it
      immediately after startup. PR 2790, 10449.
      [Jeff Stewart <jws purdue.edu>, André Malo]
 
   *) Fix apxs to insert LoadModule directives only outside of sections.
      PR 8712, 9012.  [André Malo]
 
   *) Fix suexec compile error under SUNOS4, where strerror() doesn't
      exist. PR 5913, 9977.
      [Jonathan W Miner <Jonathan.W.Miner lmco.com>]
 
   *) Fix If header parsing when a non-mod_dav lock token is passed to it.
      PR 16452.  [Justin Erenkrantz]
 
   *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
      not specified. Now it assumes "/" as already documented. PR 16937.
      [André Malo]
 
   *) Try to log an error if a piped log program fails.  Try to
      restart a piped log program in more failure situations.  Fix an
      existing problem with error handling in piped_log_spawn().  Use
      new APR apr_proc_create() features to prevent Apache from starting
      on Unix* in most cases where a piped log program can be started,
      and add log messages for the other situations.  *Other platforms
      already failed Apache initialization if a piped log program
      couldn't be started.  PR 15761  [Jeff Trawick]
 
   *) Fix mod_cern_meta to not create empty metafiles when the
      metafile searched for does not exist.  PR 12353
      [Owen Rees <owen_rees hp.com>]
 
   *) Introduce debugging symbols for Win32 release builds, both .pdb 
      and .dbg files (older debuggers and Dr. Watson-type utilities 
      on WinNT or Win9x don't support the newer .pdb flavor.)
      [Allen Edwards, William Rowe]
  
   *) Fix bug where 'Satisfy Any' without an AuthType lost all MIME
      information (and more). Related to PR 9076.  [André Malo]
 
   *) mod_file_cache: fix segfault serving mmaped cached files.
      [Bill Stoddard]
 
   *) mod_file_cache: fixed a segfault when multiple MMapFile directives
      were used.  PR 16313.  [Cliff Woolley]
 
   *) Fix a nasty segfault in mmap_bucket_setaside() caused by passing
      an incompatible pointer type to mmap_bucket_destroy(void*).
      [Gerard Eviston <geviston bigpond.net.au>]
 
   *) Enable the -n name parameter on NetWare to allow the
      administrator to rename the Apache console screen
      [Brad Nicholes]
      
   *) Fixed piped access logs on Win32 by disabling OTHER_CHILD
      support by default in APR.  More development is required
      to deploy OTHER_CHILD on Win32.  [William Rowe]
 
   *) Use saner default config values for suexec. PR 15713.
      [Thom May <thom planetarytramp.net>]
 
   *) mod_rewrite: Allow "RewriteEngine Off" even if no "Options FollowSymlinks"
      (or SymlinksIfOwnermatch) is set. PR 12395.  [André Malo]
 
   *) apxs: Include any special APR ld flags when linking the DSO.
      This resolves problems on AIX when building a DSO with apxs+gcc.
      [Jeff Trawick]
 
   *) Added character set support to mod_auth_LDAP to allow it to 
      convert extended characters used in the user ID to UTF-8 
      before authenticating against the LDAP directory. The new
      directive AuthLDAPCharsetConfig is used to specify the config
      file that contains the character set conversion table.
      [Brad Nicholes]
 
   *) Don't remove the Content-Length from responses in mod_proxy
      PR: 8677 [Brian Pane]
 
   *) Ensure LDAP version is set to v3 on every bind. PR 14235.
      [Sergey A. Lipnevich <sergeyli pisem.net>]
 
   *) Fix mod_ldap to open an existing shared memory file should one
      already exist. PR 12757. [Scooter Morris <scooter gene.com>,
      Graham Leggett]
 
   *) Fix the ulimit command used by apachectl on Tru64.  PR 13609.
      [Joseph Senulis <Joseph.Senulis dnr.state.wi.us>, Jeff Trawick]
 
   *) Change the ulimit command used by apachectl on AIX so that it
      works in all locales.  [Jeff Trawick]
 
   *) mod_ext_filter: Fix a problem building argument lists which 
      occasionally caused exec to fail.  PR 15491.  [Jeff Trawick]
 
 Changes with Apache 2.0.44
 
   *) mod_autoindex: Bring forward the IndexOptions IgnoreCase option
      from Apache 1.3.  PR 14276
      [David Shane Holden <dpejesh yahoo.com>, William Rowe]
 
   *) mod_mime: Workaround to prevent a segfault if r->filename=NULL
      [Brian Pane]
  
   *) Reorder the definitions for mod_ldap and mod_auth_ldap within
      config.m4 to make sure the parent mod_ldap is defined first.
      This ensures that mod_ldap comes before mod_auth_ldap in the
      httpd.conf file, which is necessary for mod_auth_ldap to load.
      PR 14256  [Graham Leggett]
 
   *) Fix the building of cgi command lines when the query string
      contains '='.  PR 13914  [Ville Skyttä <ville.skytta iki.fi>,
      Jeff Trawick]
 
   *) Rename CacheMaxStreamingBuffer to MCacheMaxStreamingBuffer. Move
      implementation of MCacheMaxStreamingBuffer from mod_cache to
      mod_mem_cache. MCacheMaxStreamingBuffer now defaults to the
      lesser of 100,000 bytes or MCacheMaxCacheObjectSize. This should 
      eliminate the need for explicitly coding MCacheMaxStreamingBuffer
      in most configurations. [Bill Stoddard]
 
   *) mod_cache: Fix PR 15113, a core dump in cache_in_filter when
      a redirect occurs. The code was passing a format string and
      integer to apr_pstrcat. Changed to apr_psprintf.
      [Paul J. Reder]
 
   *) Replace APU_HAS_LDAPSSL_CLIENT_INIT with APU_HAS_LDAP_NETSCAPE_SSL
      as set by apr-util in util_ldap.c. This should allow mod_ldap
      to work with the Netscape/Mozilla LDAP library. [Øyvin Sømme
      <somme oslo.westerngeco.slb.com>, Graham Leggett]
 
   *) Fix critical bug in new --enable-v4-mapped configure option
      implementation which broke IPv4 listening sockets on some
      systems.  [hiroyuki hanai <hanai imgsrc.co.jp>]
 
   *) mod_setenvif: Fix BrowserMatchNoCase support for non-regex
      patterns [André Malo <nd perlig.de>]
 
   *) Add version string to provider API.  [Justin Erenkrantz]
  
   *) build: './configure && make' now works without an in-tree
      apr and apr-util. [Wilfredo Sanchez]
 
   *) mod_negotiation: Set the appropriate mime response headers
      (Content-Type, charset, Content-Language and Content-Encoding)
      for negotated type-map "Body:" responses (such as the error
      pages.)  [André Malo <nd perlig.de>]
 
   *) mod_log_config: Allow '%%' escaping in CustomLog format
      strings to insert a literal, single '%'.
      [André Malo <nd perlig.de>]
 
   *) mod_autoindex: AddDescription directives for directories
      now work as in Apache 1.3, where no trailing '/' is
      specified on the directory name.  Previously, the trailing
      '/' *had* to be specified, which was incompatible with
      Apache 1.3.  PR 7990  [Jeff Trawick]
 
   *) Fix for PR 14556. The expiry calculations in mod_cache were
      trying to perform "now + ((date - lastmod) * factor)" where
      date == lastmod resulting in "now + 0". The code now follows
      the else path (using the default expiration) if date is
      equal to lastmod. [Sergey <rx armstrike.com>, Paul J. Reder]
 
   *) Use AP_DECLARE in the debug versions of ap_strXXX in case the
      default calling convention is not the same as the one used by
      AP_DECLARE.  [Juan Rivera <Juan.Rivera citrix.com>]
 
   *) mod_cache: Don't cache response header fields designated
      as hop-by-hop headers in HTTP/1.1 (RFC 2616 Section 13.5.1).
      [Estrade Matthieu <estrade-m ifrance.com>, Brian Pane]
 
   *) mod_cgid: Handle environment variables containing newlines.
      PR 14550  [Piotr Czejkowski <apache czarny.eu.org>, Jeff
      Trawick]
 
   *) Move mod_ext_filter out of experimental and into filters.
      [Jeff Trawick]
 
   *) Fixed a memory leak in mod_deflate with dynamic content.
      PR 14321  [Ken Franken <kfranken decisionmark.com>]
 
   *) Add --[enable|disable]-v4-mapped configure option to control
      whether or not Apache expects to handle IPv4 connections
      on IPv6 listening sockets.  Either setting will work on 
      systems with the IPV6_V6ONLY socket option.  --enable-v4-mapped
      must be used on systems that always allow IPv4 connections on
      IPv6 listening sockets.  PR 14037 (Bugzilla), PR 7492 (Gnats)
      [Jeff Trawick]
 
   *) This fixes a problem where the underlying cache code
      indicated that there was one more element on the cache
      than there actually was. This happened since element 0
      exists but is not used. This code allocates the correct
      number of useable elements and reports the number of
      actually used elements. The previous code only allowed
      MCacheMaxObjectCount-1 objects to be stored in the
      cache. [Paul J. Reder]
 
   *) mod_setenvif: Add SERVER_ADDR special keyword to allow
      envariable setting according to the server IP address
      which received the request.  [Ken Coar]
 
   *) mod_cgid: Terminate CGI scripts when the client connection 
      drops.  PR 8388  [Jeff Trawick]
 
   *) Rearrange OpenSSL engine initialization to support RAND 
      redirection on crypto accelerator. 
      [Frederic DONNAT <frederic.donnat zencod.com>]
 
   *) Always emit Vary header if mod_deflate is involved in the
      request.  [Andre Malo <nd perlig.de>]
 
   *) mod_isapi: Stop unsetting the 'empty' query string result with
      a NULL argument in ecb->lpszQueryString, eliminating segfaults
      for some ISAPI modules.  PR 14399
      [Detlev Vendt <detlev.vendt brillit.de>]
 
   *) mod_isapi: Fix an issue where the HSE_REQ_DONE_WITH_SESSION
      notification is received before the HttpExtensionProc() returns 
      HSE_STATUS_PENDING.  This only affected isapi .dll's configured 
      with the ISAPIFakeAsync on directive.  PR 11918
      [John DeSetto <jdesetto radiantsystems.com>, William Rowe]
 
   *) mod_isapi: Fix the issue where all results from mod_isapi would
      run through the core die handler resulting in invalid responses
      or access log entries.  PR 10216 [William Rowe]
 
   *) Improves the user friendliness of the CacheRoot processing
      over my last pass. This version avoids the pool allocations
      but doesn't avoid all of the runtime checks. It no longer
      terminates during post-config processing. An error is logged
      once per worker, indicating that the CacheRoot needs to be set.
      [Paul J. Reder]
 
   *) Fix a bug where we keep files open until the end of a 
      keepalive connection, which can result in:
      (24)Too many open files: file permissions deny server access
      especially on threaded servers.  [Greg Ames, Jeff Trawick]
 
   *) Fix a bug in which mod_proxy sent an invalid Content-Length
      when a proxied URL was invoked as a server-side include within
      a page generated in response to a form POST.  [Brian Pane]
 
   *) Added code to process min and max file size directives and to
      init the expirychk flag in mod_disk_cache. Added a clarifying
      comment to cache_util.   [Paul J. Reder]
 
   *) The value emitted by ServerSignature now mimics the Server HTTP
      header as controlled by ServerTokens.  [Francis Daly <deva daoine.org>]
 
   *) Gracefully handly retry situations in the SSL input filter,
      by following the SSL libraries' retry semantics.
      [William Rowe]
 
   *) Terminate CGI scripts when the client connection drops.  This
      fix only applies to some normal paths in mod_cgi.  mod_cgid
      is still busted.  PR 8388  [Jeff Trawick]
 
   *) Fix a bug where 416 "Range not satisfiable" was being
      returned for content that should have been redirected.
      [Greg Ames]
 
   *) Fix memory leak in mod_ssl from internal SSL library allocations
      within SSL_get_peer_certificate and X509_get_pubkey.
      [Zvi Har'El <rl math.technion.ac.il>
       Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
 
   *) mod_ssl uses free() inappropriately in several places, to free
      memory which has been previously allocated inside OpenSSL.
      Such memory should be freed with OPENSSL_free(), not with free().
      [Nadav Har'El <nyh math.technion.ac.il>,
       Madhusudan Mathihalli <madhusudan_mathihalli hp.com>].
 
   *) Emit a message to the error log when we return 404 because
      the URI contained '%2f'.  (This was previously nastily silent
      and difficult to debug.)  [Ken Coar]
 
   *) Fix streaming output from an nph- CGI script.  CGI:IRC now
      works.  PR 8482  [Jeff Trawick]
 
   *) More accurate logging of bytes sent in mod_logio when
      the client terminates the connection before the response
      is completely sent  [Bojan Smojver <bojan rexursive.com>]
 
   *) Fix some problems in the perchild MPM.  
      [Jonas Eriksson <jonas webkonsulterna.com>]
 
   *) Change the CacheRoot processing to check for a required
      value at config time. This saves a lot of wasted processing
      if the mod_disk_cache module is loaded but no CacheRoot
      was provided. This fix also adds code to log an error
      and avoid useless pallocs and procesing when the computed
      cache file name cannot be opened. This also updates the
      docs accordingly.  [Paul J. Reder]
 
   *) Introduce the EnableSendfile directive, allowing users of NFS 
      shares to disable sendfile mechanics when they either fail
      outright or provide intermitantly corrupted data.  PR 
      [William Rowe]
 
   *) Resolve the error "An operation was attempted on something 
      that is not a socket.  : winnt_accept: AcceptEx failed. 
      Attempting to recover." for users of various firewall and
      anti-virus software on Windows.  PR 8325  [William Rowe]
 
   *) Add the ProxyBadHeader directive, which gives the admin some
      control on how mod_proxy should handle bogus HTTP headers from
      proxied servers. This allows 2.0 to "emulate" 1.3's behavior if
      desired. [Jim Jagielski]
 
   *) Change the LDAP modules to export their symbols correctly
      during a Windows build. Add dsp files for Windows. Update
      README.ldap file for Windows build instructions.
      [Andre Schild <A.Schild aarboard.ch>]
 
   *) Performance improvements for the code that generates HTTP
      response headers  [Brian Pane]
 
   *) Add -S as a synonym for -t -DDUMP_VHOSTS.
      [Thom May <thom planetarytramp.net>]
 
   *) Fix a bug with dbm rewrite maps which caused the wrong value to
      be used when the key was not found in the dbm.  PR 13204
      [Jeff Trawick]
 
   *) Fix a problem with streaming script output and mod_cgid.
      [Jeff Trawick]
 
   *) Add ap_register_provider/ap_lookup_provider API.
      [John K. Sterling <john sterls.com>, Justin Erenkrantz]
 
 Changes with Apache 2.0.43
 
   *) SECURITY: CVE-2002-0840 (cve.mitre.org)
      HTML-escape the address produced by ap_server_signature() against
      this cross-site scripting vulnerability exposed by the directive
      'UseCanonicalName Off'.  Also HTML-escape the SERVER_NAME
      environment variable for CGI and SSI requests.  It's safe to
      escape as only the '<', '>', and '&' characters are affected,
      which won't appear in a valid hostname.  Reported by Matthew
      Murphy <mattmurphy kc.rr.com>.  [Brian Pane]
 
   *) Fix a core dump in mod_cache when it attemtped to store uncopyable
      buckets. This happened, for instance, when a file to be cached
      contained SSI tags to execute a CGI script (passed as a pipe
      bucket). [Paul J. Reder]
 
   *) Ensure that output already available is flushed to the network
      when the content-length filter realizes that no new output will
      be available for a while.  This helps some streaming CGIs as
      well as some other dynamically-generated content.  [Jeff Trawick]
 
   *) Fix a mutex problem in mod_ssl session cache support which
      could lead to an infinite loop.  PR 12705  
      [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
 
   *) SECURITY: CVE-2002-1156 (cve.mitre.org)
      Fix the exposure of CGI source when a POST request is sent to 
      a location where both DAV and CGI are enabled. [Ryan Bloom]
 
   *) Allow the UserDir directive to accept a list of directories.
      This matches what Apache 1.3 does.  Also add documentation for
      this feature. [Jay Ball <jay veggiespam.com>]
 
   *) New Module: mod_logio. adds the ability to log bytes sent and
      received. [Bojan Smojver <bojan rexursive.com>]
 
   *) SuExec needs to use the same default directory as the rest of
      server, namely /usr/local/apache2.  
      [SangBeom han <sbhan os.korea.ac.kr>]
 
   *) Get mod_auth_ldap to retry connections on LDAP_SERVER_DOWN.
      [Thomas Bennett <thomas.bennett eds.com>, Graham Leggett]
 
   *) Make sure the contents of the WWW-Authenticate header is
      passed on a 4xx error by proxy. Previously all headers
      were dropped, resulting in the browser being unable to
      authenticate. [Dr Richard Reiner <rreiner fscinternet.com>,
      Richard Danielli <rdanielli fscinternet.com>, Graham Wiseman
      <gwiseman fscinternet.com>, David Henderson
      <dhenderson fscinternet.com>]
 
   *) Make mod_cache's CacheMaxStreamingBuffer directive work
      properly for virtual hosts that override server-wide mod_cache
      setttings.  [Matthieu Estrade <estrade-m ifrance.com>]
 
   *) Add -p option to apxs to allow programs to be compiled with apxs.
      [Justin Erenkrantz]
 
 Changes with Apache 2.0.42
 
   *) SECURITY: CAN-2002-1593 (cve.mitre.org) [CERT VU#406121]
      mod_dav: Check for versioning hooks before using them.
      [Greg Stein]
 
 Changes with Apache 2.0.41
 
   *) The protocol version (eg: HTTP/1.1) in the request line parsing
      is now case insensitive. [Jim Jagielski]
 
   *) Allow AddOutputFilterByType to add multiple filters per directive.
      [Justin Erenkrantz]
 
   *) Remove warnings with Sun's Forte compiler.  [Justin Erenkrantz]
 
   *) Fixed mod_disk_cache's generation of 304s
      [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
 
   *) Add support for using fnmatch patterns in the final path
      segment of an Include statement (eg.. include /foo/bar/*.conf).
      and remove the noise on stderr during config dir processing.
      [Joe Orton <jorton redhat.com>]
 
   *) mod_cache: cache_storage.c. Add the hostname and any request
      args to the key generated for caching. This provides a unique
      key for each virtual host and for each request with unique
      args. [Paul J. Reder, args code provided by Kris Verbeeck]
 
   *) mod_cache: Do not cache responses to GET requests with query
      URLs if the origin server does not explicitly provide an
      Expires header on the response (RFC 2616 Section 13.9)
      [Kris Verbeeck <krisv be.ubizen.com>]
 
   *) Fix memory leak in core_output_filter.  [Justin Erenkrantz]
 
   *) Update OpenSSL detection to work on Darwin.
      [Sander Temme <sctemme covalent.net>]
 
   *) Update the xslt and css to give the documentation a more
      modern style.
      [André Malo <nd perlig.de>, Gernot Winkler <greh o3media.de>]
 
   *) Fix some bucket memory leaks in the chunking code
      [Joe Schaefer <joe+apache sunstarsys.com>]
 
   *) Add ModMimeUsePathInfo directive.  [Justin Erenkrantz]
 
   *) mod_cache: added support for caching streamed responses (proxy,
      CGI, etc) with optional CacheMaxStreamingBuffer setting [Brian Pane]
 
   *) Add image/x-icon to httpd.conf PR 10993.
      [Ian Holsman, Peter Bieringer <pb bieringer.de>]
 
   *) Fix FileETags none operation.  PR 12207.
      [Justin Erenkrantz, Andrew Ho <andrew tellme.com>]
 
   *) Restored the experimental leader/followers MPM to working
      condition and converted its thread synchronization from
      mutexes to atomic CAS.  [Brian Pane]
 
   *) Fix Logic on non-html file removal in mod_deflate
      [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
 
   *) Fix "ab -g"'s truncated year: the last digit was cut off.
      [Leon Brocard <acme astray.com>]
 
   *) mod_rewrite can now sets cookies in err_headers, uses the correct
      expiry date, and can now set the path as well
      PR 12132,12181,12172.
      [Ian Holsman / Rob Cromwell <apachechangelog robcromwell.com>]
 
   *) The content-length filter no longer tries to buffer up
      the entire output of a long-running request before sending
      anything to the client.  [Brian Pane]
 
   *) Win32: Lower the default stack size from 1MB to 256K. This will
      allow around 8000 threads to be started per child process. 
      'EDITBIN /STACK:size apache.exe' can be used to change this 
      value directly in the apache.exe executable.
      [Bill Stoddard]
 
   *) Win32: Implement ThreadLimit directive in the Windows MPM.
      [Bill Stoddard]
 
   *) Remove CacheOn config directive since it is set but never checked.
      No sense wasting cycles on unused code. Besides, the only truly
      bug free code is deleted code. :)   [Paul J. Reder]
 
   *) BufferLogs are now run-time enabled, and the log_config now has 2 new
      callbacks to allow a 3rd party module to actually do the writing of the
      log file [Ian Holsman]
 
   *) Correct ISAPIReadAheadBuffer to default to 49152, per mod_isapi docs.
      [André Malo, Astrid Keßler <kess kess-net.de>]
 
   *) Fix Segfault in mod_cache. [Kris Verbeeck <Kris.Verbeeck ubizen.com>]
 
   *) Fix a null pointer dereference in the merge_env_dir_configs
      function of the mod_env module. PR 11791
      [Paul J. Reder]
 
   *) New option to ServerTokens 'maj[or]'. Only show the major version
      Also Surfaced this directive in the standard config (default FULL)
      [Ian Holsman]
 
   *) Change mod_rewrite to use apr-util's dbm support for dbm rewrite
      maps.  The dbm type (e.g., ndbm, gdbm) can be specified on the
      RewriteMap directive.  PR 10644  [Jeff Trawick]
 
   *) Fixed mod_rewrite's RewriteMap prg: support so that request/response
      pairs will no longer get out of sync with each other.  PR 9534
      [Cliff Woolley]
 
   *) Fixes required to get quoted and escaped command args working in
      mod_ext_filter. PR 11793 [Paul J. Reder]
 
   *) mod-proxy: handle proxied responses with no status lines
      [JD Silvester <jsilves uwo.ca>, Brett Huttley <brett huttley.net>]
 
   *) Fix bug where environment or command line arguments containing 
      non-ASCII-7 characters would cause the Win32 child process creation
      to fail.  PR 11854  [William Rowe]
 
   *) Bug #11213.. make module loading error messages more informative 
      [Ian Darwin <Ian779 darwinsys.com>]
 
   *) thread safety & proxy-ftp [Alexey Panchenko <alexey liwest.ru>, Ian Holsman]
 
   *) mod_disk_cache works much better. This module should still
      be considered experimental. [Eric Prud'hommeaux]
 
   *) Performance improvement for keepalive requests: when setting
      aside a small file for potential concatenation with the next
      response on the connection, set aside the file descriptor rather
      than copying the file into the heap.  [Brian Pane]
 
   *) Modified version check on openssl so that it finds the executable
      first and then performs a check of the version, only warning the
      user if they chose, or we selected, an old version of OpenSSL.
      This change also allows the code to work for non-openssl libraries
      selected via the --with-ssl=dir option, which can override the
      automated library check in any case.  [Roy Fielding]
 
 Changes with Apache 2.0.40
 
   *) SECURITY: CAN-2002-0661 (cve.mitre.org) 
      Close a very significant security hole that 
      applies only to the Win32, OS2 and Netware platforms.  Unix was not 
      affected, Cygwin may be affected.  Certain URIs will bypass security
      and allow users to invoke or access any file depending on the system 
      configuration.  Without upgrading, a single .conf change will close 
      the vulnerability.  Add the following directive in the global server
      httpd.conf context before any other Alias or Redirect directives;
          RedirectMatch 400 "\\\.\."
      Reported by Auriemma Luigi <bugtest sitoverde.com>.
      [Brad Nicholes]
 
   *) SECURITY: CAN-2002-0654 (cve.mitre.org)
      Close a path-revealing exposure in multiview type
      map negotiation (such as the default error documents) where the
      module would report the full path of the typemapped .var file when
      multiple documents or no documents could be served based on the mime
      negotiation.  Reported by Auriemma Luigi <bugtest sitoverde.com>.
      [William Rowe]
 
   *) SECURITY: CAN-2002-0654 (cve.mitre.org)
      Close a path-revealing exposure in cgi/cgid when we 
      fail to invoke a script.  The modules would report "couldn't create 
      child process /path-to-script/script.pl" revealing the full path
      of the script.  Reported by Jim Race <jrace qualys.com>.
      [Bill Stoddard]
 
   *) Set aside the apr-iconv and apr_xlate() features for the Win32
      build of 2.0.40 so development can be completed.  A patch, from
      <http://www.apache.org/dist/httpd/patches/apply_to_2.0.40/>
      will be available for those that wish to work with apr-iconv.
      [William Rowe]
 
   *) Fix proxy so that it is possible to access ftp: URLs via a proxy
      chain. [Peter Van Biesen <peter.vanbiesen vlafo.be>]
 
   *) mod-deflate now checks to make sure that 'gzip-only-text/html' is
      set to 1, so we can exclude things from the general case with
      browsermatch. [Ian Holsman, Andre Schild <A.Schild aarboard.ch>]
   
   *) Accept multiple leading /'s for requests within the DocumentRoot.
      PR 10946  [William Rowe, David Shane Holden <dpejesh yahoo.com>]
 
   *) Solved the reports of .pdf byterange failures on Win32 alone.
      APR's sendfile for the win32 platform collapses header and trailer
      buffers into a single buffer.  However, we destroyed the pointers
      to the header buffer if a trailer buffer was present.  PR 10781
      [William Rowe]
 
   *) mod_ext_filter: Add the ability to enable or disable a filter via
      an environment variable.  Add the ability to register a filter of
      type other than AP_FTYPE_RESOURCE.  [Jeff Trawick]
 
   *) Restore the ability to specify host names on Listen directives.
      PR 11030.  [Jeff Trawick, David Shane Holden <dpejesh yahoo.com>]
 
   *) When deciding on the default address family for listening sockets, 
      make sure we can actually bind to an AF_INET6 socket before
      deciding that we should default to AF_INET6.  This fixes a startup
      problem on certain levels of OpenUNIX.  PR 10235.  [Jeff Trawick]
 
   *) Replace usage of atol() to parse strings when we might want a
      larger-than-long value with apr_atoll(), which returns long long.
      This allows HTTPD to deal with larger files correctly.
      [Shantonu Sen <ssen apple.com>]
 
   *) mod_ext_filter: Ignore any content-type parameters when checking if
      the response should be filtered.  Previously, "intype=text/html"
      wouldn't match something like "text/html;charset=8859_1".
      [Jeff Trawick]
 
   *) mod_ext_filter: Set up environment variables for external programs.
      [Craig Sebenik <craig netapp.com>]
 
   *) Modified the HTTP_IN filter to immediately append the EOS (end of
      stream) bucket for C-L POST bodies, saving a roundtrip and allowing
      the caller to determine that no content remains without prefetching
      additional POST body.  [William Rowe]
 
   *) Get proxy ftp to work over IPv6.  [Shoichi Sakane <sakane kame.net>]
 
   *) Look for OpenSSL libraries in /usr/lib64.  [Peter Poeml <poeml suse.de>]
 
   *) Update SuSE layout.  [Peter Poeml <poeml suse.de>]
 
   *) Changes to the internationalized error documents:
      Comment them out in the default config file to make the default
      install as simple as possible; Correct the english 500 error to
      be more understandable; Add a Swedish translation.
      [Thomas Sjogren <thomas northernsecurity.net>, 
       Erik Abele <erik codefaktor.de>, Rich Bowen, Joshua Slive]
      
   *) Increase the limit on file descriptors per process in apachectl.
      [Brian Pane]
 
   *) Fix a dependency error when building ApacheMonitor, so that Win32
      and MSVC now trust that the project is current (when it is).
      [James Cox <imajes php.net>]
 
   *) mod_ext_filter: don't segfault if content-type is not set.  PR 10617.
      [Arthur P. Smith <apsmith aps.org>, Jeff Trawick]
 
   *) APR-Util Renames pending have been completed [Thom May]
 
   *) Performance improvements for the code that reads request
      headers (ap_rgetline_core() and related functions)  [Brian Pane]
 
   *) Add a new directive: MaxMemFree.  MaxMemFree makes it possible
      to configure the maximum amount of memory the allocators will
      hold on to for reuse.  Anything over the MaxMemFree threshold
      will be free()d.  This directive is useful when uncommon large
      peaks occur in memory usage.  It should _not_ be used to mask
      defective modules' memory use.  [Sander Striker]
 
   *) Fixed the Content-Length filter so that HTTP/1.0 requests to CGI
      scripts would not result in a truncated response.
      [Ryan Bloom, Justin Erenkrantz, Cliff Woolley]
 
   *) Add a filter_init parameter to the filter registration functions
      so that a filter can execute arbitrary code before the handlers
      are invoked.  This resolves a problem where mod_include requests
      would incorrectly return a 304.  [Justin Erenkrantz]
 
   *) Fix a long-standing bug in 2.0, CGI scripts were being called
      with relative paths instead of absolute paths.  Apache 1.3 used
      absolute paths for everything except for SuExec, this brings back
      that standard.  [Ryan Bloom]
 
   *) Fix infinite loop due to two HTTP_IN filters being present for
      internally redirected requests.  PR 10146.  [Justin Erenkrantz]
 
   *) Switch conn_rec->keepalive to an enumeration rather than a bitfield.
      [Justin Erenkrantz]
 
   *) Fix mod_ext_filter to look in the main server for filter definitions
      when running in a vhost if the filter definition is not found in
      the vhost.  PR 10147  [Jeff Trawick]
 
   *) Support WinNT CGI invocation through ScriptInterpreterSource 
      'registry' for script interpreter paths and names with non-ascii
      characters in the executable filepath.  [William Rowe]
 
   *) Support the -w flag on to keep the Win32 console open on error.
      [William Rowe]
 
   *) Normalize the hostname value in the request_rec to all-lowercase
      [Perry Harrington <pedward webcom.com>]
 
   *) Fix WinNT cgi 500 errors when QUERY_ARGS or other strings include
      extended characters (non US-ASCII) in non-utf8 format.  This brings
      Win32 back into CGI/1.1 compliance, and leaves charset decoding up
      to the cgi application itself.  [William Rowe]
 
   *) Major overhaul of mod_dav, mod_dav_fs and the experimental/cache
      modules to bring them up to the current apr/apr-util APIs.
      [William Rowe]
 
   *) Fix segfault in mod_mem_cache most frequently observed when
      serving the same file to multiple clients on an MP machine.
      [Bill Stoddard]
 
   *) mod_rewrite can now set cookies  (RewriteRule (.*) - [CO=name:$1:.domain])
      [Brian Degenhardt <bmd mp3.com>, Ian Holsman]
 
   *) Fix perchild to work with apachectl by adding -k support to perchild.
      PR 10074  [Jeff Trawick]
 
   *) Fix a silly htpasswd.c logic error that incorrectly reported that
      both -c and -n had been used.  PR 9989  [Cliff Woolley]
 
   *) Fixed a mod_include error case in which no HTTP response was sent
      to the client if an shtml document contained an unterminated SSI
      directive [Brian Pane]
 
   *) Improve ap_get_client_block implementation by using APR-util brigade
      helper functions and relying on current filter assumptions.
      [Justin Erenkrantz]
 
 Changes with Apache 2.0.39
 
   *) Fixed a build problem in htpasswd.c on Win32.
      [Guenter Knauf <eflash gmx.net>, Cliff Woolley]
 
 Changes with Apache 2.0.38
 
   *) Rewrite htpasswd to use APR.  The removes the annoying warning about
      tmpnam being unsafe.   [Ryan Bloom]
 
   *) We must set the MIME-type for .shtml files to text/html if we want them
      to be parsed for SSI tags.  Add the config for that to the default 
      config file so that it is easier to enable .shtml parsing.
      [Dave Dyer <ddyer real-me.net>]
 
   *) Fixed a problem with 'make install' on ReliantUnix.
      [Jean-frederic Clere <jfrederic.clere fujitsu-siemens.com>]
 
   *) Make the default_handler catch all requests that aren't served by
      another handler.  This also gets us to return a 404 if a directory
      is requested, there is no DirectoryIndex, and mod_autoindex isn't
      loaded.  [Justin Erenkrantz]
 
   *) Fixed the handling of nested if-statements in shtml files.
      PR 9866  [Brian Pane]
 
   *) Allow 'make install DESTDIR=/path'.  This allows packagers to install
      into a directory different from the one that was configured.  This 
      also mirrors the root= feature from 1.3.  We cannot use prefix=,
      because both APR and APR-util resolve their installation paths at 
      configuration time.  This means that there is no variable prefix 
      to replace.  [Andreas Hasenack <andreas netbank.com.br>]
 
   *) AIX 4.3.2 and above: Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT.
      These levels of AIX don't have a thundering herd problem with
      accept().  [Jeff Trawick]
 
   *) prefork MPM: Ignore mutex errors during graceful restart.  For
      certain types of mutexes (particularly SysV semaphores), we
      should expect to occasionally fail to obtain or release the
      mutex during restart processing.  [Jeff Trawick]
 
   *) Fix install-bindist.sh so that it finds any perl instead of just
      early perl 5.x versions.  This is consistent with a build/install
      from source, and it allows the perl scripts installed by a bindist 
      to work on systems with perl 5.6.  [Jeff Trawick]
 
   *) Fix apxs so that the makefile created by "apxs -g" works on AIX and
      Tru64 (and probably some other platforms).  [Jeff Trawick]
 
   *) Allow CGI scripts to return their Content-Length.  This also fixes a
      hang on HEAD requests seen on certain platforms (such as FreeBSD).
      [Justin Erenkrantz]
 
   *) Added log rotation based on file size to the RotateLog support
      utility. [Brad Nicholes]
 
   *) Fix some casting in mod_rewrite which broke random maps.
      PR 9770  [Allan Edwards, Greg Ames, Jeff Trawick]
 
 Changes with Apache 2.0.37
 
   *) allow POST method over SSL when per-directory client cert
      authentication is used with 'SSLOptions +OptRenegotiate' enabled
      and a client cert was found in the ssl session cache.
 
   *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl
      session cache when there is no cert chain in the cache.  prior to
      the fix this situation would result in a FORBIDDEN response and
      error message "Cannot find peer certificate chain"
      [Doug MacEachern]
 
   *) ap_finalize_sub_req_protocol() shouldn't send an EOS bucket if
      one was already sent.  PR 9644  [Jeff Trawick]
 
   *) Fix the display of the default name for the mime types config
      file.  PR 9729  [Matthew Brecknell <mbrecknell orchestream.com>]
 
   *) Fix the working directory *for WinNT/2K/XP services only* to
      change to the Apache directory (one level above the location 
      of Apache.exe, in the case that Apache.exe resides in bin/.)
      Solves the case of ServerRoot /foo paths where /foo was not
      on the same drive as /winnt/system32.  [William Rowe]
 
   *) Make 2.0's "AcceptMutex" startup message now "completely"
      match how 1.3 does it. [Jim Jagielski]
 
   *) Implement a fixed size memory cache using a priority queue
      [Ian Holsman]
 
   *) Fix apxs to allow "apxs -q installbuilddir" and to allow
      querying certain other variables from config_vars.mk.  PR 9316  
      [Jeff Trawick]
 
   *) Added the "detached" attribute to the cgi_exec_info_t internals
      so that Win32 and Netware won't create a new window or console
      for each CGI invoked.  PR 8387
      [Brad Nicholes, William Rowe]
 
   *) Consolidated the command line parameters and attributes that are 
      manipulated by the optional function ap_cgi_build_command() in
      mod_cgi into a single structure.
      [Brad Nicholes]
 
   *) Get rid of uninitialized value errors with "apxs -q" on certain
      variables.  [Stas Bekman <stas stason.org>]
 
   *) Fix apxs to allow it to work when the build directory is somewhere
      besides server-root/build.  PR 8453  
      [Jeff Trawick and a host of others]
 
   *) Allow ap_discard_request_body to be called multiple times in the
      same request.  Essentially, ap_http_filter keeps track of whether
      it has sent an EOS bucket up the stack, if so, it will only ever
      send an EOS bucket for this request.  
      [Ryan Bloom, Justin Erenkrantz, Greg Stein]
 
   *) Remove all special mod_ssl URIs.  This also fixes the bug where
      redirecting (.*) will allow an SSL protected page to be viewed
      without SSL.  [Ryan Bloom]
 
   *) Fix the binary build install script so that the build logic
      created by "apxs -g" will work when the user has a binary
      build.  [Jeff Trawick]
 
   *) Allow instdso.sh to work with full paths to the shared module.
      [Justin Erenkrantz]
 
   *) NetWare: Enabled CGI functionality and added mod_cgi as a built
      in module for NetWare  [Brad Nicholes]
 
   *) Changed cgi and piped log behavior to accept 65536 characters
      on Win32 (matching Linux) before deadlocking between outputing
      client stdin, slurping the output from stdout and then the stderr
      stream.  PR 8179  [William Rowe]
 
   *) Fixed Win32 wintty.exe support to assure the window title is valid.
      Elimiates possible gpfault or garbage title without the -t option.
      [William Rowe]
 
   *) Rewrite mod_cgi, mod_cgid, and mod_proxy input handling to use
      brigades and input filters.  [Justin Erenkrantz]
 
   *) Allow ap_http_filter (HTTP_IN) to return EOS when there is no request
      body.  [Justin Erenkrantz]
     
   *) NetWare: Piping log entries through RotateLogs using the 
      CustomLogs directive is finally supported now that we have 
      the pipes and spawning functionality working.
      [Brad Nicholes]
 
   *) SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335]
      Detect overflow when reading the hex bytes forming a chunk line.
      [Aaron Bannert]
 
   *) Allow RewriteMap prg:'s to take command-line arguments.  PR 8464.
      [James Tait <JTait wyrddreams.demon.co.uk>]
 
   *) Correctly return 413 when an invalid chunk size is given on
      input.  Also modify ap_discard_request_body to not do anything
      on sub-requests or when the connection will be dropped.
      [Justin Erenkrantz]
 
   *) Fix the TIME_* SSL var lookups to be threadsafe.  PR 9469.
      [Cliff Woolley]
 
   *) Ensure that apr_brigade_write() flushes in all of the cases that
      it should to avoid conditions in some modules that could cause
      large amounts of data to be buffered.  [Cliff Woolley]
 
   *) Fix problem where mod_cache/mod_disk_cache was incorrectly
      stripping the content_type from cached responses.
      [Bill Stoddard]
 
   *) apachectl passes through any httpd options.  Note: apachectl
      should be used in preference to httpd since it ensures that any
      appropriate environment variables have been set up.
      [Jeff Trawick]
 
   *) Fix the combination of mod_cgid, mod_setuexec, and mod_userdir.
      PR 7810  [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
 
   *) Fix suexec execution of CGI scripts from mod_include.
      PR 7791, 8291  [Colm MacCarthaigh <colmmacc redbrick.dcu.ie>]
 
   *) Fix segfaults at startup on some platforms when mod_auth_digest,
      mod_suexec, or mod_ssl were used as DSO's due to the way they
      were tracking the current init phase since DSO's get completely
      unloaded and reloaded between phases.  PR 9413.
      [Tsuyoshi Sasamoto <nazonazo super.win.ne.jp>, Brad Nicholes]
 
   *) Fix mod_include's handling of regular expressions in
      "<!--#if" directives [Julius Gawlas <julius_gawlas hp.com>]
 
   *) Fix the worker MPM deadlock problem  [Brian Pane]
 
   *) Modify the module documentation to allow for translations.
      [Yoshiki Hayashi, Joshua Slive]
 
   *) Fix a file permissions problem which prevented mod_disk_cache
      from working on Unix.  [Jeff Trawick]
 
   *) Add "-k start|restart|graceful|stop" support to httpd for the Unix 
      MPMs.  These have semantics very similar to the old apachectl 
      commands of the same name.  [Justin Erenkrantz, Jeff Trawick]
 
   *) Make sure that the runtime dir is created by make install.
      PR 9233.  [Jeff Trawick]
 
   *) Fix an unusual set of ./configure arguments that could cause
      mod_http to be built as a DSO, which it currently doesn't
      support.  PR 9244.
      [Cliff Woolley, Robin Johnson <robbat2 orbis-terrarum.net>]
 
   *) Win32: Fix bug in apr_sendfile() that caused incorrect operation
      of the %X, %b and %B logformat options. PR 8253, 8996.
      [Bill Stoddard]
 
   *) If content-encoding is already present, do not run deflate (PR 9222)
      [Kazuhisa ASADA <kaz asada.sytes.net>]
 
   *) The APLOG_NOERRNO flag to ap_log_[r]error() is now deprecated.
      It is currently ignored and it will be removed in a future release
      of Apache.  [Jeff Trawick]
 
   *) Removed documentation references to the no-longer-supported
      "make certificate" feature of mod_ssl for Apache 1.3.x.  Test
      certificates, if truly desired, can be generated using openssl
      commands.  PR 8724.  [Cliff Woolley]
 
   *) Remove SSLLog and SSLLogLevel directives in favor of having
      mod_ssl use the standard ErrorLog directives.  [Justin Erenkrantz]
 
   *) OS/390: LIBPATH no longer has to be manually uncommented in
      envvars to get apachectl to set up httpd properly.  [Jeff Trawick]
 
   *) mod_isapi: All mod_isapi directives, excluding ISAPICacheFile,
      may now be specified to the <File/Directory > container, rather
      than by vhost.  [William Rowe]
 
   *) mod_isapi: Experimental support for faux async support for ISAPI
      modules.  [William Rowe]
 
   *) mod_isapi: Major refactoring of the code to rely on apr internals
      rather than MS APIs (using our own mod_isapi.h headers for ISAPI
      symbol definitions.)  [William Rowe]
 
   *) mod_isapi: Fixed the return string length from GetServerVariable
      callback, it was not including the trailing null in the consumed
      buffer size.  This was particularly bad for Delphi 6.0 users.
      PR 8934  [Sebastian Hantsch <sebastian.hantsch gmx.de>]
 
   *) Fixed Win32 builds for Microsoft VisualStudio 7.0 (.net).
      [William Rowe]
 
   *) Make apxs look in the correct directory for envvars.  It was
      broken when sbindir != bindir.  PR 8869
      [Andreas Sundström <sunkan zappa.cx>]
   
   *) Fix mod_deflate corruption when using multiple buckets.  PR 9014.
      [Asada Kazuhisa <kaz asada.sytes.net>]
 
   *) Performance enhancements for access logger when using
      default timestamp formatting  [Brian Pane]
 
   *) Added EnableMMAP config directive to enable the server
      administrator to disable memory-mapping of delivered files
      on a per-directory basis.  [Brian Pane]
 
   *) Performance enhancements for mod_setenvif  [Brian Pane]
 
   *) Fix a mod_ssl build problem on OS/390.  [Jeff Trawick]
 
   *) Fixed If-Modified-Since on Win32, which would give false positives
      because of the sub-second resolution of file timestamps on that
      platform.  [Cliff Woolley]
 
   *) Reverse the hook ordering for mod_userdir and mod_alias so
      that Alias/ScriptAlias will override Userdir.  PR 8841
      [Joshua Slive]
 
   *) Move mod_deflate out of experimental and into filters.
      [Justin Erenkrantz]
 
   *) Get proxy CONNECT basically working.  [Jeff Trawick]
 
   *) Fix mod_rewrite hang when APR uses SysV Semaphores and
      RewriteLogLevel is set to anything other than 0.  PR: 8143
      [Aaron Bannert, Cliff Woolley]
 
   *) Fix byterange requests from returning 416 when using dynamic data
      (such as filters like mod_include).  [Justin Erenkrantz]
 
   *) Allow mod_rewrite's set of "int:" internal RewriteMap functions
      to be extended by third-party modules via an optional function.
      [Tahiry Ramanamampanoharana <nomentsoa hotmail.com>, Cliff Woolley]
 
   *) Fix mod_include expression parser's handling of unquoted strings
      followed immediately by a closing paren.  PR 8462.  [Brian Pane]
 
   *) Remove autom4te.cache in 'make distclean'.
      [Thom May <thom planetarytramp.net>]
 
   *) Fix generated httpd.conf to respect layout for LoadModule lines.
      PR 8170.  [Thom May <thom planetarytramp.net>]
 
   *) Win32: During a graceful restart, threads in the new process
      were accessing scoreboard slots still in use by active threads in 
      the old process. [Bill Stoddard]
 
 Changes with Apache 2.0.36
 
   *) Fix some minor formatting issues with ab. Part of this is
      in reference to PR 8544, the rest I noticed while testing
      the PR fix. [Paul J. Reder]
 
   *) Fix a case where an invalid pass phrase is entered and an
      error message is given, but the prompt is not shown again.
      This left the user in an ambiguous state. PR 8320 [Paul J. Reder]
 
   *) Close sockets on worker MPM when doing a graceless restart.
      [Aaron Bannert]
 
   *) Reverted a minor optimization in mod_ssl.c that used the vhost ID
      as the session id context rather that a MD5 hash of that vhost ID,
      because it caused very long vhost id's to be unusable with mod_ssl.
      PR 8572.  [Cliff Woolley]
 
   *) Fix the link to the description of the CoredumpDirectory 
      directive in the server-wide document.  PR 8643.  [Jeff Trawick]
 
   *) Fixed SHMCB session caching.  [Aaron Bannert, Cliff Woolley]
 
   *) Synced with remaining changes from mod_ssl 2.8.8-1.3.24:
      - Avoid SIGBUS on sparc machines with SHMCB session caches
      - Allow whitespace between the pipe and the name of the
      program in SSLLog "| /path/to/program".  [Cliff Woolley]
 
   *) Introduce mod_ext_filter and mod_deflate experimental modules
      to the Win32 build (zlib sources must be in srclib\zlib.)
      [William Rowe]
 
   *) Changes to the worker MPM's queue management and thread
      synchronization code to reduce mutex contention  [Brian Pane]
 
   *) Don't install *.in configuration files since we already install
      *-std.conf files.  [Aaron Bannert]
 
   *) Many improvements to the threadpool MPM.  [Aaron Bannert]
 
   *) Fix subreqs that are promoted via fast_redirect from having invalid
      frec->r structures.  This would cause subtle errors later on in
      request processing such as seen in PR 7966.  [Justin Erenkrantz]
 
   *) More efficient pool recycling logic for the worker MPM [Brian Pane]
 
   *) Modify the worker MPM to not accept() new connections until
      there is an available worker thread. This prevents queued
      connections from starving for processing time while long-running
      connections were hogging all the available threads.  [Aaron Bannert]
 
   *) Convert the worker MPM's fdqueue from a LIFO back into a FIFO.
      [Aaron Bannert]
 
   *) Get basic HTTP proxy working on EBCDIC machines.  [Jeff Trawick]
 
   *) Allow mod_unique_id to work on systems with no IPv4 address
      corresponding to their host name.  [Jeff Trawick]
 
   *) Fix suexec behavior with user directories.  PR 7810.
      [Colm <colmmacc redbrick.dcu.ie>]
 
   *) Reject a blank UserDir directive since it is ambiguous.  PR 8472.
      [Justin Erenkrantz]
 
   *) Make mod_mime use case-insensitive matching when examining
      extensions on all platforms.  PR 8223.  [Justin Erenkrantz]
 
   *) Add an intelligent error message should no proxy submodules be
      valid to handle a request. PR 8407 [Graham Leggett]
 
   *) Major improvements in concurrent processing for AB by enabling
      non-blocking connect()s and preventing APR from doing blocking
      read()s. Also implement fatal error checking for apr_recv().
      [Aaron Bannert]
 
   *) Fix Win32 NTFS Junctions (symlinks).  PR 8014  [William Rowe]
 
   *) Fix Win32 'short name' aliases in httpd.conf directives.
      PR 8009  [William Rowe]
 
   *) Fix generation of default httpd.conf when the layout paths are
      disjoint.  PR 7979, 8227.  [Justin Erenkrantz]
 
   *) Swap downgrade-1.0 and force-response-1.0 conditional checks so
      that downgraded responses can have force-response.  PR 8357.
      [Justin Erenkrantz]
 
   *) Fix perchild MPM so that it can be configured with the move to the
      experimental directory.  [Scott Lamb <slamb slamb.org>]
 
   *) Fix perchild MPM so that it uses ap_gname2id for groups instead of
      ap_uname2id. [Scott Lamb <slamb slamb.org>]
 
   *) Fix AcceptPathInfo. PR 8234  [Cliff Woolley]
 
   *) SECURITY: CAN-2002-1592 (cve.mitre.org) [CERT VU#165803]
      Added the APLOG_TOCLIENT flag to ap_log_rerror() to
      explicitly tell the server that warning messages should be sent 
      to the client in addition to being recorded in the error log. 
      Prior to this change, ap_log_rerror() always sent warning 
      messages to the client. In one case, a faulty CGI script caused
      the server to send a warning message to the client that contained
      the full path to the CGI script. This could be considered a
      minor security exposure. [Bill Stoddard]
 
   *) mod_autoindex output when SuppressRules was specified would
      omit the first carriage return so the first item in the list
      would appear to the right of the column headings instead of
      underneath them. PR 8016  [David Shane Holden <dpejesh yahoo.com>]
 
   *) Moved the call to apr_mmap_dup outside the error branch so
      that it would actually get called. This fixes a core dump
      at init everytime you use the MMapFile directive. PR 8314
      [Paul J. Reder]
 
   *) Trigger an error when a LoadModule directive attempts to
      load a module which is built-in.  This is a common error when
      switching from a DSO build to a static build.  [Jeff Trawick]
 
   *) Change instdso.sh to use libtool --install everywhere and then
      clean up some stray files and symlinks that libtool leaves around
      on some platforms.  This gets subversion building properly since
      it needed a re-link to be performed by libtool at install time,
      and the old instdso.sh logic to simply cp the DSO didn't handle
      that requirement.  [Sander Striker]
 
   *) Allow VPATH builds to succeed when configured from an empty
      directory.  [Thom May <thom planetarytramp.net>]
 
   *) Fix 'control reaches end of non-void function' warning in
      server/log.c.  [Ben Collins-Sussman <sussman collab.net>]
 
   *) Perchild MPM is now correctly deemed as experimental and is now
      located in server/mpm/experimental.  [Justin Erenkrantz]
 
   *) Fix segfault in mod_mem_cache when garabge collecting an expired
      cache entry.  [Bill Stoddard]
 
   *) Introduced -E startup_logfile_name option to httpd to allow admins
      to begin logging errors immediately.  This provides Win32 users 
      an alternative to sending startup errors to the event viewer, and
      allows other daemon tool authors an alternative to logging to stderr.
      [William Rowe] 
      
   *) Fix subreqs with non-defined Content-Types being served improperly.
      [Justin Erenkrantz]
 
   *) Merge in latest GNU config.guess and config.sub files.  PR 7818.
      [Justin Erenkrantz]
 
   *) Move 100 - Continue support to the HTTP_IN filter so that filters
      are guaranteed to support 100 - Continue logic without any
      intervention.  [Justin Erenkrantz]
 
   *) Add HTTP chunked input trailer support.  [Justin Erenkrantz]
 
   *) Rename and export get_mime_headers as ap_get_mime_headers.
      [Justin Erenkrantz]
 
   *) Allow empty Host: header arguments.  PR 7441.  [Justin Erenkrantz]
 
   *) Properly substitute sbindir as httpd's location in apachectl.  PR 7840.
      [Andreas Hasenack <andreas netbank.com.br>]
 
   *) Allow Win32 shebang scripts to follow the path (or omit the .exe
      suffix from the shebang command), and allow ScriptInterpreterSource
      Registry or RegistryStrict to override shebang lines, as 1.3 did.
      PR 8004  [William Rowe]
 
   *) worker MPM: Fix a situation where a child exited without releasing
      the accept mutex.  Depending on the OS and mutex mechanism this 
      could result in a hang.  [Jeff Trawick]
 
   *) Update the instructions for how to get started with mod_example.
      [Stas Bekman]
   
   *) Fix PidFile to default to rel_runtimedir instead of
      rel_logfiledir.  PR 7841.  [Andreas Hasenack <andreas netbank.com.br>]
 
   *) Win32: Fix problem that caused rapid performance degradation
      when number of connecting clients exceeded ThreadsPerChild.
      [Bill Stoddard]
 
   *) Fixed a segfault parsing large SSIs on non-mmap systems.
      [Brian Havard]
 
   *) Proxy was bombing out every second keepalive request, caused by a
      stray CRLF before the second response's status line. Proxy now
      tries to read one more line if it encounters a CRLF where it
      expected a status. PR 10010 [Graham Leggett]
 
   *) Deprecated the apr_lock.h API. Please see the following files
      for the improved thread and process locking and signaling: 
      apr_proc_mutex.h, apr_thread_mutex.h, apr_thread_rwlock.h,
      apr_thread_cond.h, and apr_global_mutex.h.  [Aaron Bannert]
 
   *) Change mod_status to use scoreboard accessor functions so it can
      be used in any MPM without having to be recompiled.
      [Ryan Morgan <rmorgan covalent.net>]
 
   *) Fix parsing of some AP_DECLARE_DATA declarations so that the filter
      handle declarations are recognized.  This fixes problems loading 
      mod_autoindex on some platforms.  [Brian Havard]
 
   *) add optional fixup hook to proxy [Daniel Lopez <daniel covalent.net>]
 
   *) Remind the admin about the User and Group directives when we are
      unable to set permissions on a semaphore.  PR 7812  [Jeff Trawick]
 
   *) fix possible compilation problem in ssl_engine_kernel.c. PR 7802
      [Doug MacEachern]
 
   *) fix possible infinite loop in mod_ssl triggered by certain
      netscape clients [Doug MacEachern]
 
   *) fix ProxyPass when frontend is https and backend is http
      [Doug MacEachern]
 
   *) Add DASL support to mod_dav
      [Sung Kim <hunkim cse.ucsc.edu>]
 
 Changes with Apache 2.0.35
 
   *) mod_rewrite: updated to use the new APR global mutex type.
      [Aaron Bannert]
 
   *) Fixes for mod_include errors on boundary conditions in which
      "<!--#" occurs at the very end of a bucket
      [Paul Reder, Brian Pane]
 
   *) worker, prefork, perchild, beos MPMs: Add -DFOREGROUND switch to 
      cause the Apache parent process to run in the foreground (similar to
      -DNO_DETACH except that it doesn't switch session ids).  
      [Jeff Trawick]
 
   *) Added support for Posix semaphore mutex locking (AcceptMutex posixsem)
      for those platforms that support it. If using the default
      implementation, this is between pthread and sysvsem in priority.
      This implies it's the new default for Darwin. [Jim Jagielski]
 
   *) AIX: Fix the syntax for setting the LDR_CNTRL and AIXTHREAD_SCOPE
      environment variables in the envvars file.  [Jeff Trawick]
 
   *) worker MPM: Don't create a listener thread until we have a worker
      thread.  Otherwise, in situations where we'll have to wait a while
      to take over scoreboard slots from a previous generation, we'll be
      accepting connections we can't process yet.  [Jeff Trawick]
 
   *) Allow worker MPM to build on systems without pthread_kill().
      [Pier Fumagalli, Jeff Trawick]
 
   *) Prevent ap_add_output_filters_by_type from being called in
      ap_set_content_type if the content-type hasn't changed.
      [Justin Erenkrantz]
 
   *) Performance: implemented the bucket allocator made possible by the
      API change in 2.0.34.  [Cliff Woolley]
 
   *) Don't allow initialization to succeed if we can't get a socket
      corresponding to one of the Listen statements.  [Jeff Trawick]
 
 Changes with Apache 2.0.34
 
   *) Allow all Perchild directives to accept either numerical UID/GID
      or logical user/group names.  [Scott Lamb <slamb slamb.org>]
 
   *) Make Perchild compile cleanly and serve pages again. [Ryan Bloom]
 
   *) implement ssl proxy to support ProxyPass / https:// and the
      SSLProxy* directives [Doug MacEachern]
 
   *) Update mod_cgid to not do single-byte socket reads for CGI headers
      [Brian Pane]
 
   *) Made AB's use of the Host: header rfc2616 compliant
      by Taisuke Yamada <tai iij.ad.jp> [Dirk-Willem van Gulik].
 
   *) The old, legacy (and unused) code in which the scoreboard was totally
      and completely contained in a file (SCOREBOARD_FILE) has been
      removed. This does not affect scoreboards which are *mapped* to
      files using named-shared-memory. [Jim Jagielski]
 
   *) Change bucket brigades API to allow a "bucket allocator" to be
      passed in at certain points.  This allows us to implement freelists
      so that we can stop using malloc/free so frequently.
      [Cliff Woolley, Brian Pane]
 
   *) Add support for macro expansion within the variable names in
      <!--#echo--> and <!--#set--> directives [Brian Pane]
 
   *) Fix some mod_include segfaults [Cliff Woolley, Brian Pane, Brad Nicholes]
 
   *) Update the "RedHat" Layout to match Red Hat Linux version 7. PR BZ-7422
      [Joe Orton] 
 
   *) add compat layer to support RSA SSLC 1.x and 2.x in mod_ssl
      [Jon Travis, John Barbee, William Rowe, Ryan Bloom, Doug MacEachern]
 
   *) Add a new parameter to the quick_handler hook to instruct
      quick handlers to optionally do a lookup rather than actually 
      serve content. This is the first of several changes required fix
      several problems with how quick handlers work with subrequests.
      [Bill Stoddard]
 
   *) worker MPM: Get MaxRequestsPerChild to work again.  [Jeff Trawick]
 
   *) [APR-related] The ordering of the default accept mutex method has
      been changed to better match what's done in Apache 1.3. The ordering 
      is now (highest to lowest): pthread -> sysvsem -> fcntl -> flock.
      [Jim Jagielski]
 
   *) Ensure that the build/ directory is created when using VPATH.
      [Justin Erenkrantz]
 
   *) Add some popular types to the mime magic file.  PR 7730.
      [Linus Walleij <triad df.lth.se>, Justin Erenkrantz]
 
   *) Remove the single-byte socket reads for CGI headers [Brian Pane]
 
   *) When a proxied site was being served, Apache was replacing
      the original site Server header with it's own, which is not
      allowed by RFC2616. Fixed. [Graham Leggett]
 
   *) Fix a mod_cgid problem that left daemon processes stranded
      in some server restart scenarios.  [Jeff Trawick]
 
   *) Added exp_foo and rel_foo variables to config_vars.mk for
      all Apache and Autoconf path variables (like --sysconfdir,
      --sbindir, etc). exp_foo is the "expanded" version, which means
      that all internal variable references have been interpolated.
      rel_foo is the same as $exp_foo, only relative to $prefix if they
      share a common path.  [Aaron Bannert]
 
   *) Fix some restart/terminate problems in the worker MPM.  Don't
      drop connections during graceful restart.  [Jeff Trawick]
 
   *) Change the header merging behaviour in proxy, as some headers
      (like Set-Cookie) cannot be unmerged due to stray commas in
      dates. [Graham Leggett]
 
   *) Be more vocal about what AcceptMutex values we allow, to make
      us closer to how 1.3 does it. [Jim Jagielski]
 
   *) Get nph- CGI scripts working again.  PRs 8902, 8907, 9983
      [Jeff Trawick]
 
   *) Upgraded PCRE library to latest version 3.9 [Brian Pane]
 
   *) Add accessor function to set r->content_type. From now on,
      ap_rset_content_type() should be used to set r->content_type.
      This change is required to properly implement the 
      AddOutputFilterByType configuration directive.
      [Bill Stoddard, Sander Striker, Ryan Bloom]
 
   *) Add new M_FOO symbols for the WebDAV/DeltaV methods specified by
      RFC 3253. Improved the method name/number mapping functions.
      [Greg Stein]
 
   *) remove sock_enable_linger from connection.c [Ian Holsman]
 
   *) Fix for virtual host processing where the requested hostname
      has a '.' at the end (PR 9187) [Ryan Cruse <ryan estara.com>]
 
   *) mod_dav's APIs for REPORT response handling was changed so that
      providers can generate the content directly into the output filter
      stack, rather than buffering the response into memory. [Greg Stein]
 
   *) Fix a hang condition with graceful restart and prefork MPM
      in the situation where MaxClients is very high but
      much fewer servers are actually started at the time of the
      restart.  [Jeff Trawick]
 
   *) Small performance fixes for mod_include [Brian Pane]
 
   *) Performance improvement for the error logger [Brian Pane]
 
   *) Change configure so that Solaris 8 and above have 
      SINGLE_LISTEN_UNSERIALIZED_ACCEPT defined by default.
      according to sun people solaris 8+ doesn't have a thundering
      herd problem [Ian Holsman]
 
   *) Allow URIs specifying CGI scripts to include '/' at the end
      (e.g., /cgi-bin/printenv/) on AIX and Solaris (and other OSs
      which ignore '/' at the end of the names of non-directories).
      PR 10138  [Jeff Trawick]
 
   *) implement SSLSessionCache shmht and shmcb based on apr_rmm and
      apr_shm.  [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
 
   *) Fix apxs -g handling.  Move config_vars.mk from the top build
      directory to the build directory.  PR 10163  [Jeff Trawick]
 
   *) Fix some mod_include problems which broke evaluation of some
      expressions.  PR 10108  [Jeff Trawick]
 
   *) Fix the calculation of request time in mod_status.  [Stas Bekman]
 
   *) Fix the calculation of thread_num in the worker score structure.
      [Stas Bekman]
 
   *) Use apr_atomic operations in managing the mod_mem_cache
      cache_objects for SMP scalability. (see USE_ATOMICS
      preprocessor directive in mod_file_cache)
      [Bill Stoddard]
 
   *) Add filehandle caching to mod_mem_cache. (see CACHE_FD
      preprocessor directive in mod_file_cache)
      [Bill Stoddard]
 
   *) Implement prototype mod_disk_cache for use with mod_cache.
      [Bill Stoddard]
 
   *) Add a missing manualdir entry in the Debian config.layout.
      [Thom May <thom planetarytramp.net>]
 
   *) Stop installing libtool for APR and tell APR where it should place
      its copy of libtool (via our installbuildpath layout variable).
      [Justin Erenkrantz]
 
   *) New directive ProxyIOBufferSize. Sets the size of the buffer used
      when reading from a remote HTTP server in proxy. [Graham Leggett]
 
   *) Modify receive/send loop in proxy_http and proxy_ftp so that
      should it be necessary, the remote server socket is closed before
      transmitting the last buffer (set by ProxyIOBufferSize) to the
      client. This prevents the backend server from being forced to hang
      around while the last few bytes are transmitted to a slow client.
      Fix the case where no error checking was performed on the final
      brigade in the loop. [Graham Leggett]
 
   *) Scrap CacheMaxExpireMin and CacheDefaultExpireMin. Change
      CacheMaxExpire and CacheDefaultExpire to use seconds rather than
      hours. [Graham Leggett, Bill Stoddard]
 
   *) New Directive SSIUndefinedEcho. to change the '(none)' echoed
      for a undefined variable. [Ian Holsman]
 
   *) Proxy HTTP and CONNECT: Keep trying other addresses from the DNS
      when we can't get a socket in the specified address family.  We may
      have gotten back an IPv6 address first and yet our system is not
      configured to allow IPv6 sockets.  [Jeff Trawick]
 
   *) Be more careful about recursively removing CVS directories. Make
      sure that we aren't cd'ing to their home directory first. PR: 9993
      [Aaron Bannert, James LewisMoss <dres lewismoss.net>]
 
   *) Add a missing errordir entry in the Debian config.layout. PR: 10067
      [Dirk-Jan Faber <dirk-jan selwerd.nl>, Aaron Bannert,
       Thom May <thom planetarytramp.net>]
 
   *) Rename the filter ordering priorities.  The recent filtering fixes
      have showcased problems with their usage.  Therefore, we need to
      rename them to increase the clarity.  (CONTENT->RESOURCE,
      HTTP_HEADER->CONTENT_SET/PROTOCOL)  [Justin Erenkrantz]
 
 Changes with Apache 2.0.33
 
   *) Fix a problem in the new --enable-layout functionality where
      it wouldn't allow overrides from variables like --prefix,
      --bindir, etc.  [Thom May <thom planetarytramp.net>]
 
   *) Fix a bug in the core input filter for AP_MODE_EXHAUSTIVE. It
      no longer hangs around waiting for the socket to close before
      returning exhaustive data.  [Aaron Bannert]
 
   *) rename apr_exploded_time_t to apr_time_exp_t (as per renames pending)
      [Thom May <thom planetarytramp.net>]
 
   *) Change mod_ssl to always do a full startup/teardown on restarts.
      this allows mod_ssl to be added to a server that is already
      running and makes it possible to add/change certs/keys after the
      server has been started.  [Doug MacEachern]
 
   *) Introduce PassPhraseDialog "|/path/to/pipe" mechanism to mod_ssl.
      This pipe must be a bidirectional 'console' style relay, which
      mod_ssl prints all prompts to the pipe's stdin, and reads the
      passphrases from the pipe's stdout.  [William Rowe]
 
   *) Fix bug where --sysconfdir and --localstatedir were being
      ignored.  [Thom May <thom planetarytramp.net>, Aaron Bannert]
      PR 9888
 
   *) Fix --enable-layout to work again. Caution: When specifying
      --enable-layout, common arguments like --prefix, --exec-prefix,
      etc. will be ignored and the settings from the layout will be
      used instead.  [Thom May <thom planetarytramp.net>, Aaron Bannert]
      PR 9124, 9873, 9885
 
   *) New Directive for mod_proxy: ProxyRemoteMatch. This provides
      regex pattern matching for the determination of which requests
      to use the remote proxy for. [Jim Jagielski]
 
   *) Fix CustomLog bytes-sent with HTTP 0.9.  [Justin Erenkrantz]
 
   *) Prevent Apache from ignoring SIGHUP due to some lingering 1.3
      cruft in piped logs and rewritemap child processes.
      [William Rowe]
 
   *) All instances of apr_lock_t have been removed and converted
      to one of the following new lock APIs: apr_thread_mutex.h,
      apr_proc_mutex.h, or apr_global_mutex.h. No new code should
      use the apr_lock.h API, as the old API will soon be deprecated.
      [Aaron Bannert]
 
   *) Merged in changes to mod_ssl up through 2.8.7-1.3.23.
      [Ralf S. Engelschall, Cliff Woolley]
 
   *) mod-include: make it handle flush'es and fix the 'false-alarm'
      [Justin Erenkrantz, Brian Pane, Ian Holsman]
 
   *) ap_get_*_filter_handle() functions to allow 3rd party modules
      to lookup filter handles so they can bypass the filter name
      lookup when adding filters to a request (via ap_add_*_filter_handle())
      [Ryan Morgan <rmorgan covalent.net>]
 
   *) Fix for multiple file buckets on Win32, where the first file
      bucket would cause the immediate closure of the socket on any
      non-keepalive requests.  [Ryan Morgan <rmorgan covalent.net>]
 
   *) Correct Win32 failure of mmap of a segment beyond start of the
      file; fixes large SSL and similar transfers.  [William Rowe]
      PR 9898
 
   *) Implement apr_proc_detach changes and allow -DNO_DETACH in the
      multi-process mode to not "daemonize" while detaching from the
      controlling terminal. This is necessary for Apache to work with
      process-management tools like AIX's "System Resource Controller"
      as well as Dan Bernstein's "daemontools".
      [Jos Backus <josb cncdsl.com>, Aaron Bannert]
 
   *) Convert mod_auth_digest to use the new apr_global_mutex_t
      type.  [Aaron Bannert]
 
   *) fix bug in mod-include where it wouldn't send a unmatched
      part if it was at the end of a bucket [Ian Holsman]
 
   *) worker MPM: Improve logging of errors with the interface between
      the listener thread and worker threads.  [Jeff Trawick]
 
   *) Some browsers ignore cookies that have been merged into a
      single Set-Cookie header. Set-Cookie and Set-Cookie2 headers
      are now unmerged in the http proxy before being sent to the
      client. [Graham Leggett]
 
   *) Fix a problem with proxy where each entry of a duplicated
      header such as Set-Cookie would overwrite and obliterate the
      previous value of the header, resulting in multiple header
      values (like cookies) going missing.
      [Graham Leggett, Joshua Slive]
 
   *) Add the server-limit and thread-limit values to the scoreboard
      for the sake of third-party applications.
      [Adam Sussman <myddryn vishnu.vidya.com>]
 
   *) Fix segfault when proxy recieves an invalid HTTP response [Ian Holsman]
 
   *) OS/390: Get make install to properly copy DSO modules.
      [Jeff Trawick]
 
   *) Win32: Fix bug in mod_status with displaying "Restart Time"
      and "Server uptime".
      [Bill Stoddard]
 
   *) Fix IPv6 name-based virtual hosts.  [Jeff Trawick]
 
   *) Introduce AddOutputFilterByType directive.  [Justin Erenkrantz]
 
   *) Fix DEBUG_CGI support in mod_cgi.  PR 9670, 9671.
      [David MacKenzie <djm pix.net>]
 
   *) Fix incorrect check for script_in in mod_cgi.  PR 9669.
      [David MacKenzie <djm pix.net>]
 
   *) Fix segfault and display error when SSLMutex file can not be
      created.  [Adam Sussman <myddryn vishnu.vidya.com>]
 
   *) Add reference counting to mod_mem_cache cache objects to
      better manage removing objects from the cache.
      [Bill Stoddard]
 
   *) Change the verbage on the ScoreBoardFile in our default configs.
      Also change the default to be commented out (unspecified) so we
      get anonymous shared memory by default.  [Aaron Bannert]
 
   *) Implement new ScoreBoardFile directive logic. This affects how
      we create the scoreboard's shared memory segment. If the directive
      is present, a name-based segment is created. If the directive is
      not present, first an anonymous segment is created, and if that
      fails, a name-based segment is created from a file of the name
      DEFAULT_SCOREBOARD. This gives third-party applications the
      ability to access our scoreboard.  [Aaron Bannert]
 
   *) Allow mod_deflate to work with non-GET requests and properly send
      Content-Lengths.  [Sander Striker <striker apache.org>]
 
   *) Fix ap_directory_merge() to correctly merge configs when there is
      no <Directory /> block.  [Justin Erenkrantz, William Rowe]
 
   *) Remove spurious debug messsages that are normal under HTTP
      keep-alive logic.  [Jeff Trawick, Justin Erenkrantz]
 
   *) Fix a bug in mod_cgid that would prevent proper shutdown death
      of the cgid process.  [Aaron Bannert]
 
   *) Add signal handling back in to the worker MPM for the one_process
      (-X, -DDEBUG, -DONE_PROCESS) case.  [Aaron Bannert]
 
   *) Performance: Reuse per-connection transaction pools in the
      worker MPM, rather than destroying and recreating them.  [Brian Pane]
 
   *) Remove all signals from the worker MPM's child process.  Instead,
      the parent uses the Pipe of Death for all communication with the
      child processes.  [Ryan Bloom]
 
 Changes with Apache 2.0.32
 
   *) mod_negotiation: ForceLanguagePriority now uses 'Prefer' as the
      default if the directive is not specified.  This mirrors older
      behavior without changes to the httpd.conf.  [William Rowe]
 
   *) Win32: solve the win32 service problems in 2.0.31-alpha, by fixing
      the service, mpm and logging code, and bugs in apr_file_open_stderr 
      and apr_file_dup2 functions.  Win2K/XP services have no handles 
      associated for stdin/out/err, which caused unpredictable behavior
      in the prior release.  [William Rowe, Bill Stoddard]
 
   *) Win32: simplify the Application Event Log messages, since there isn't
      likely to be 'more information in the error log' before an error log
      has been opened.  [William Rowe]
 
   *) Win32: substantial cleanup to the mpm_winnt code for legibility and
      to follow the program flow of other MPMs.  [Ryan Bloom, William Rowe]
 
   *) Win32: apache -k shutdown now behaves like apache -k stop.
      [Bill Stoddard]
 
   *) Fix prefork to not kill the parent if a child hits a resource shortage
      on accept().  [Greg Ames]
 
   *) Fix seg faults that occur when what should be the httpd request line
      starts with \r\n followed by garbage.  [Greg Ames]
 
   *) Allow statically linked support binaries with the new
      --enable-static-support flag, and enable this behavior in
      the binbuild script. Also add a new --enable-static-htdbm
      flag.  [Aaron Bannert]
 
   *) Allow mod_autoindex to serve symlinks if permitted and attempt to
      do only one stat() call when generating the directory listings.
      [Justin Erenkrantz]
 
   *) Fix resolve_symlink to save the original symlink name if known.
      [Justin Erenkrantz]
 
   *) Be a bit more sane with regard to CanonicalNames.  If the user has
      specified they want to use the CanonicalName, but they have not
      configured a port with the ServerName, then use the same port that 
      the original request used. [Ryan Bloom and Ken Coar]
 
   *) In core_input_filter, check for an empty brigade after 
      APR_BRIGADE_NORMALIZE().  Otherwise, we can get segfaults if a
      client says it will post some data but we get FIN before any
      data arrives.  [Jeff Trawick]
 
   *) Not being able to bind to the socket is a fatal error.  We should
      print an error to the console, and return a non-zero status code.
      With these changes, all of the Unix MPMs do that correctly.
      [Ryan Bloom]
 
   *) suexec: Allow HTTPS and SSL_* environment variables to be passed
      through to CGI scripts. PR 9163
      [Brian Reid <breid customlogic.com>, 
       Zvi Har'El <rl math.technion.ac.il>]
 
   *) binbuild.sh: Make sure that we use the expat from our source
      tree so that there aren't any surprises on the target machine.
      [Jeff Trawick]
 
   *) mod_cgid: Add retry logic for when the daemon can't fork fast
      enough to keep up with new requests.  Start using 
      HTTP_SERVER_UNAVAILABLE instead of HTTP_INTERNAL_SERVER_ERROR
      when we can't talk to the daemon.  [Jeff Trawick]
 
   *) apxs: LTFLAGS envvar can override default libtool options.  Try
      "LTFLAGS=' ' apxs -c mod_foo.c" to see what libtool does under
      the covers.  [Jeff Trawick]
 
   *) The Location: response header field, used for external
      redirect, *must* be an absoluteURI.  The Redirect directive
      tested for that, but RedirectMatch didn't -- it would allow
      almost anything through.  Now it will try to turn an abs_path
      into an absoluteURI, but it will correctly varf like Redirect
      if the final redirection target isn't an absoluteURI.  [Ken Coar]
 
 Changes with Apache 2.0.31
 
   *) Create the scoreboard (in the parent) in a global pool context,
      so it survives graceful restarts. This fixes a SEGV during
      graceful restarts.  [Aaron Bannert]
 
   *) Add a timeout option to the proxy code 'ProxyTimeout' 
      [Ian Holsman]
 
   *) FTP directory listings are now always retrieved in ASCII mode.
      The FTP proxy properly escapes URI's and HTML in the generated
      listing, and escapes the path components when talking to the FTP
      server. It is now possible to browse the root directory by using
      a url like:   ftp://user@host/%2f/ (ported from apache_1.3.24)
      Also, the last path component may contain wildcard characters
      '*' and '?', and if they do, a directory listing is created instead
      of a file retrieval. Example: ftp://user@host/httpd/server/*.c
      [Martin Kraemer]
 
   *) Added single-listener unserialized accept support to the
      worker MPM [Brian Pane]
 
   *) New Directive for mod_proxy: 'ProxyPreserveHost'. This passes
      the incoming host header through to the proxied server
      [Geoff <g.russell ieee.org>]
 
   *) New Directive Option for ProxyPass. It now can block a location
      from being proxied [Jukka Pihl <jukka.pihl entirem.com>]
 
   *) Don't let the default handler try to serve a raw directory.  At
      best you get gibberish.  Much worse things can happen depending
      on the OS.  [Jeff Trawick]
      
   *) Change the pre_config hook to return a value. Modules can now emit
      an error message and then cause the server to quit gracefully during
      startup. This required a bump to the MMN.  [Aaron Bannert]
 
   *) Fix some unix socket descriptor leaks in the handler side of
      mod_cgid (the part that runs in the server process).  Whack a
      silly "close(-1)" in the handler too.  [Jeff Trawick]
 
   *) Change the pre_mpm hook to return a value, so that scoreboard
      init errors percolate up to code that knows how to exit 
      cleanly.  This required a bump to the MMN.  [Jeff Trawick]
 
   *) Add the socket back to the conn_rec and remove the create_connection
      hook. The create_connection hook had a design flaw that did not 
      allow creating connections based on vhost info. [Bill Stoddard]
 
   *) Fixed PATH_INFO and QUERY_STRING from mod_negotiation results.
      Resolves the common case of using negotation to resolve the request
      /script/foo for /script.cgi/foo.  [William Rowe]
 
   *) Added new functions ap_add_(input|output)_filter_handle to
      allow modules to bypass the usual filter name lookup when
      adding hard-coded filters to a request [Brian Pane]
 
   *) caching should now work on subrequests (still very experimental)
      [Ian Holsman]
   
   *) The Win32 mpm_winnt now has a shared scoreboard.  [William Rowe]
 
   *) Change ap_get_brigade prototype to use apr_off_t instead of apr_off_t*.
      [Justin Erenkrantz]
 
   *) Refactor ap_rgetline so that it does not use an internal brigade.
      Change ap_rgetline's prototype to return errors.  [Justin Erenkrantz]
 
   *) Remove mod_auth_db.  [Justin Erenkrantz]
 
   *) Do not install unnecessary pcre headers like config.h and internal.h.
      [Joe Orton <joe manyfish.co.uk>]
 
   *) Change in quick_hanlder behavior for subrequests. it now passes DONE
      (as it does for a normal request). quick_handled sub-requests now work
      in mod-include [Ian Holsman]
 
   *) Change SUBREQ_CORE so that it is a 'HTTP_HEADER' filter instead of
      'CONTENT' one, as it needs to run AFTER all content headers
 
   *) Rename BeOS MPM directive RequestsPerThread to MaxRequestsPerThread.
      [Lars Eilebrecht]
 
   *) Split out blocking from the mode in the input filters.
      [Justin Erenkrantz]
 
   *) Fix a segfault in mod_include.  [Justin Erenkrantz, Jeff Trawick]
 
   *) Cause Win32 to capture all child-worker process errors in
      Apache to the main server error log, until the child can
      open its own error logs.  [William Rowe]
 
   *) HPUX 11.*: Do not kill the child process when accept() 
      returns ENOBUFS on HPUX 11.*. (ported from th 1.3 patch)
      [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>, Bill Stoddard]
 
   *) Fix a problem in the parsing of the <Proxy foo> directive.
      [Jeff Trawick]
 
   *) rewrite of mod_ssl input filter for better performance and less
      memory usage [Doug MacEachern]
 
   *) allow quick_handler to be run on subrequests. [Ian Holsman]
 
   *) mod_dav now asks its provider to place content directly into the
      filter stack when handling a GET request. The mod_dav/provider
      API has changed, so providers need to be updated. [Greg Stein]
 
   *) Clear the output socket descriptor in unixd_accept() to make sure
      we don't supply a bogus socket to the caller if the accept fails.
      This caused problems with the worker MPM, which tried to process
      the returned socket if it was non-NULL.  [Brian Pane]
 
   *) Move a check for an empty brigade to the start of core input filter
      to avoid segfaults.  [Justin Erenkrantz, Jeff Trawick]
 
   *) Add FileETag directive to allow configurable control of what
      data are used to form ETag values for file-based URIs.  MMN
      bumped to 20020111 because of fields added to the end of
      the core_dir_config structure.  [Ken Coar]
 
   *) Fix a segfault in mod_rewrite's logging code caused by passing the
      wrong config to ap_get_remote_host().  [Jeff Trawick]
 
   *) Allow mod_cgid to work from a binary distribution install by
      using 755 for the permissions on the log directory instead of
      750.  [Jeff Trawick]
 
   *) Fixed a segfault that happened during graceful shutdown (or when
      the httpd ran out of file descriptors) with the worker MPM [Brian Pane]
 
   *) Split all Win32 modules [excluding the core components mod_core, 
      mod_so, mod_win32 and the winnt mpm] into individual loadable
      modules, so the administrator may individually disable the former
      compiled-in modules by simply commenting out their LoadModule
      directives.  [William Rowe]
 
   *) Saved Win32 module authors and porters many future headaches, by
      duplicating the appropriate .h files such as os.h into the include
      directory, including in the build tree.  [William Rowe]
 
   *) mod_ssl adjustments to help with using toolkits other than OpenSSL:
       Use SSL functions/macros instead of directly dereferencing SSL
       structures wherever possible.
       Add type-casts for the cases where functions return a generic pointer.
       Add $SSL/include to configure search path.
      [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
 
   *) Moved several pointers out of the shared Scoreboard so it is
      more portable, and will present the vhost name across server
      generation restarts.  [William Rowe]
 
   *) Fix SSLPassPhraseDialog exec: and SSLRandomSeed exec:
      [Doug MacEachern]
 
 Changes with Apache 2.0.30
 
   *) Fix the main bug for FreeBSD and threaded MPM's. There are
      still issues (see STATUS) but at least the server will now
      run without crashing the machine.
      [David Reid, Aaron Bannert, Justin Erenkrantz]
 
   *) Fix a typo in mod_deflate's m4 config section.
      [albert chin <china thewrittenword.com>]
 
   *) Fix a couple of mod_proxy problems forwarding HTTP connections
      and handling CONNECT:
      (1) PR #9190  Proxy failed to connect to IPv6 hosts.
      (2) Proxy failed to connect when the first IP address returned by 
          the resolver was unreachable but a secondary IP address was.  
      [Jeff Trawick]
 
   *) Fix the module identifer as shown in the docs for various core
      modules (e.g., the identifer for mod_log_config was previously
      listed as config_log_module).  PR #9338
      [James Watson <ap2bug sowega.org>]
 
   *) Fix LimitRequestBody directive by placing it in the HTTP
      filter.  [Justin Erenkrantz]
 
   *) Fix mod_proxy seg fault when the proxied server returns 
      an HTTP/0.9 response or a bogus status line.
      [Adam Sussman]
 
   *) Prevent mod_proxy from truncating one character off the
      end of the status line returned from the proxied server.
      [Adam Sussman, Bill Stoddard]
 
   *) Eliminate loop in ap_proxy_string_read().
      [Adam Sussman, Bill Stoddard]
 
   *) Provide $0..$9 results from mod_include regex parsing.
      [William Rowe]
 
   *) Allow mod-include to look for alternate start & end tags [Ian Holsman]
 
   *) Introduced the ForceLanguagePriority directive, to prevent
      returning MULTIPLE_CHOICES or NONE_ACCEPTABLE in some cases,
      when using Multiviews.  [William Rowe]
 
   *) Fix a problem which prevented mod_cgid and suexec from working
      together reliably [Greg Ames]
 
   *) Remove the call to exit() from within mod_auth_digest's post_config
      phase.  [Aaron Bannert]
 
   *) Fix a problem in mod_auth_digest that could potentially cause
      problems with initialized static data on a system that uses DSOs.
      [Aaron Bannert]
 
   *) Fix a segfault in the worker MPM that could happen during
      child process exits.  [Brian Pane, Aaron Bannert]
 
   *) Allow mod_auth_dbm to handle multiple DBM types [Ian Holsman]
 
   *) Fix matching of vhosts by ip address so we find IPv4
      vhost address when target address is v4-mapped form of
      that address.  [Jeff Trawick]
 
   *) More performance tweaks to the BNDM string-search algorithm
      used to find "<!--#" tokens in mod_include [Brian Pane]
 
   *) Miscellaneous small performance fixes: optimized away various
      string copy operations and removed large temp buffers from
      the stack [Brian Pane]
 
   *) Fixed startup segfault that occurred when a VirtualHost
      directive had a port but no address [Brian Pane]
 
   *) Allow htdbm to work with multiple DBM types [Ian Holsman]
 
   *) Win32: Made change to apr_sendfile() to return APR_ENOTIMPL
      if oslevel < WINNT.  This should fix several problems reported
      Against 2.0.28 on Windows 98 [Bill Stoddard]
 
   *) Win32: Fix bug that could cause CGI scripts with QUERY_STRINGS
      to fail. [Bill Stoddard]
 
   *) Change core code to allow an MPM to set hard thread/server
      limits at startup.  prefork, worker, and perchild MPMs now have 
      directives to set these limits.  [Jeff Trawick]
 
   *) Win32: The async AcceptEx() event should be autoreset upon
      successful completion of a wait (WaitForSingleObject). This
      eliminates a number of spurious
      setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed." messages.
      [Bill Stoddard]
 
   *) Move any load library path environment variables out of 
      apachectl and into a separate environment variable file which
      can be more easily tailored by the admin.  The environment
      variable file as built by Apache may have additional system-
      specific settings.  For example, on OS/390 we tailor the heap
      settings to allow lots of threads.  [Jeff Trawick]
     
   *) Use the new APR pool code to reduce pool-related lock
      contention in the worker MPM.  [Sander Striker]
 
   *) The POD no longer assumes the child is listening on 127.0.0.1
      and now pulls the first hostname in the list of listeners to
      perform the dummy connect on. This fixes a bug when the user
      had configured the Listen directive for an IP other than
      127.0.0.1. This would result in undead children and error
      messages such as "Connection refused: connect to listener".
      [Aaron Bannert]
 
   *) The worker MPM now respects the LockFile setting, needed to
      avoid locking problems with NFS.  [Jeff Trawick]
 
   *) Fix segfault when worker MPM receives SIGHUP.
      [Ian Holsman, Aaron Bannert, Justin Erenkrantz]
 
   *) Fix bug that could potentially prevent the perchild MPM from
      working with more than one vhost/uid.  [Aaron Bannert]
 
   *) Change make install and apxs -i processing of DSO modules to 
      perform special handling on platforms where libtool doesn't install 
      mod_foo.so.  This fixes some wonkiness on HP-UX, Tru64, and AIX 
      which prevented standard LoadModule statements from working.
      [Jeff Trawick]
 
   *) Whenever mod_so is enabled (not just when there are DSOs for
      our modules), do whatever special magic is required for compiling/
      loading third-party modules.  This allows third-party DSOs to
      be used on an AIX build when there were no built-in modules
      built as DSOs.  (This should help on OS/390 and BeOS as well.)
      [Jeff Trawick]
 
   *) Allow apxs to be used to build DSOs on AIX without requiring the
      user to hard-code the list of import files.  (This should help
      on OS/390 and BeOS as well.)  [Jeff Trawick]
      
   *) Resolved segfault in mod_isapi when configuring with ISAPICacheFile.
      PR 8563, 8919  [William Rowe]
   
   *) Get binary builds working when libapr and libaprutil are built
      shared [Greg Ames]
 
   *) Get shared builds of libapr and libaprutil, as well as Apache DSOs,
      working on AIX.  [Aaron Bannert, Dick Dunbar <RLDunbar pacbell.net>,
      Gary Hook <ghook us.ibm.com>, Victor Orlikowski, Jeff Trawick]
 
   *) Fix the handling of SSI directives in which the ">" of the
      terminating "-->" is the last byte in a file [Brian Pane]
 
   *) Add back in the "suEXEC mechanism enabled (wrapper: /path/to/suexec)"
      message that we had back in apache-1.3 and still have scattered
      throughout our docs.  [Aaron Bannert]
 
   *) Prevent the Win32 port from continuing after encountering an
      error in the command line args to apache.  [William Rowe]
 
   *) On a error in the proxy, make it write a line to the error log
      [Ian Holsman]
 
   *) Various mod_ssl performance improvements [Doug MacEachern]
 
 Changes with Apache 2.0.29
 
   *) Add buffering in core_output_filter to ensure that long
      lists of small buckets don't cause small packet writes.
      [Brian Pane, Ryan Bloom]
 
   *) Fix the installation target to make sure that the manual is 
      installed in the correct location.
      [Yoshifumi Hiramatsu <hiramatu boreas.dti.ne.jp> and
       Gomez Henri <hgomez slib.fr>]
 
   *) Fix the cmd command for mod_include.  When we are processing
      a cmd command, we do not want to use the r->filename to set
      the command name.  The command comes from the SSI tag.  To do this,
      I added a variable to the function that builds the command line
      in mod_cgi.  This allows the include_cmd function to specify
      the command line itself. [Ryan Bloom]
 
   *) Change open_logs hook to return a value, allowing you
      to flag a error while opening logs
      [Ian Holsman, Doug MacEachern]
 
   *) Change post_config hook to return a value, allowing you
      to flag a error post config
      [Ian Holsman, Jeff Trawick]
 
   *) Allow SUEXEC_BIN (the path to the suexec binary that is
      hard-coded into the server) to be specified to the configure
      script by the --with-suexec-bin parameter.  [Aaron Bannert]
 
   *) Fix segv in worker MPM following accept on pipe-of-death
      [Brian Pane]
 
   *) Add mod_deflate to experimental.  
      [Ian Holsman, Justin Erenkrantz]
 
   *) Bail out at configure time if an invalid MPM was specified.
      [jean-frederic clere <jfrederic.clere fujitsu-siemens.com>]
 
   *) Prevent segv in ap_note_basic_auth_failure() when no AuthName is
      configured [John Sterling <sterling covalent.net>]
 
   *) Fix apxs to use sbindir.  [Henri Gomez <hgomez slib.fr>]
 
   *) Fix a problem with IPv6 vhosts.  PR #8118  [Jeff Trawick]
 
   *) Optimization for the BNDM string-search function in
      mod_include.  [Brian Pane]
 
   *) Fixed the behavior of the XBitHack directive.
      [Taketo Kabe <kabe sra-tohoku.co.jp>, Cliff Woolley] PR#8804
 
   *) The threaded MPM for Unix has been removed.  Use the worker
      MPM instead.  [various]
 
   *) APR-ize the resolver logic in mod_unique_id.  This fixes a bug
      in logging the error from a failed DNS lookup.  [Jeff Trawick]
 
   *) Added the missing macros AP_INIT_TAKE13 and AP_INIT_TAKE123.
      [Cliff Woolley]
 
   *) Get mod_cgid killed when a MPM exits due to a fatal error.
      [Jeff Trawick]
 
   *) Fix a file descriptor leak in mod_include.  When we include a
      file, we use a sub-request, but we didn't destroy the sub-request
      immediately, instead we waited until the original request was
      done.  This patch closes the sub-request as soon as the data is
      done being generated.  [Brian Pane <bpane pacbell.net>]
 
   *) Allow modules that add sockets to the ap_listeners list to
      define the function that should be used to accept on that
      socket.  Each MPM can define their own function to use for
      the accept function with the MPM_ACCEPT_FUNC macro.  This
      also abstracts out all of the Unix accept error handling
      logic, which has become out of synch across Unix MPMs.
      [Ryan Bloom]
 
   *) Fix a bug which would cause the response headers to be omitted
      when sending a negotiated ErrorDocument because the required
      filters were attached to the wrong request_rec.
      [John Sterling <sterling covalent.net>]
 
   *) Remove commas from the end of the macros that define
      directives that are used by MPMs.  Prior to this patch,
      you would use these macros without commas, which was unlike
      the macros for any other directives.  Now, the caller provides
      the comma rather than the macro providing it.  This makes
      the macros look more like the rest of the directives.
      [Ryan Bloom and Cliff Woolley]
 
   *) Add 'redirect-carefully' environment option to disable sending
      redirects under special circumstances.  This is helpful for 
      Microsoft's WebFolders when accessing a directory resource via
      DAV methods.  [Justin Erenkrantz]
 
   *) Begin to abstract out the underlying transport layer.
      The first step is to remove the socket from the conn_rec,
      the server now lives in a context that is passed to the
      core's input and output filters. This forces us to be very
      careful when adding calls that use the socket directly,
      because the socket isn't available in most locations.
      [Ryan Bloom]
 
   *) Really reset the MaxClients value in worker and threaded
      when the configured value is not a multiple of the number 
      of threads per child.  We said we did previously but we 
      forgot to. [Jeff Trawick]
 
   *) Add Debian layout.  [Daniel Stone <daniel sfarc.net>]
 
   *) If shared modules are requested and mod_so is not available,
      produce a fatal config-time error.  [Justin Erenkrantz]
 
   *) Improve http2env's performance by cutting the work it has to
      do.  [Brian Pane <bpane pacbell.net>]
 
   *) use new 'apr_hash_merge' function in mod_mime (performance fix)
      [Brian Pane <bpane pacbell.net>]
 
 Changes with Apache 2.0.28
 
   *) Fix infinite loop in mod_cgid.c.  
      [Dale Ghent <daleg elemental.org>, Brian Pane <bpane pacbell.net>]
 
   *) When no port is given in a "ServerName host" directive, the
      server_rec->port is now set to zero, not 80. That allows for
      run-time deduction of the correct server port (depending on
      SSL/plain, and depending also on the current setting of
      UseCanonicalName). This change makes redirections
      work, even with https:// connections. As in Apache-1.3, the
      connection's actual port number is never used, only the ServerName
      setting or the client's Host: setting. Documentation updated
      to reflect the change. [Martin Kraemer]
 
   *) Add a '%{note-name}e' argument to mod-headers, which works in
      the same way as mod_log_confg.  [Ian Holsman]
 
   *) Fix the spelling of the AP_MPMQ_MIN_SPARE_DAEMONS and
      AP_MPMQ_MAX_REQUESTS_DAEMON macros in ap_mpm.h and all standard
      MPMs.  [Cliff Woolley]
 
   *) Introduce htdbm, a user management utility for db/dbm authorization
      databases.  [Mladen Turk <mturk mappingsoft.com>]
 
   *) Optimize usage of strlen and strcat in ap_directory_walk.
      [Brian Pane <bpane pacbell.net>]
 
 Changes with Apache 2.0.27
 
   *) Introduce an Apache mod_ssl initial configuration template 
      (ssl.conf, generated from ssl-std.conf).  [Ralf S. Engelschall]
 
   *) Fixed a memory leak in the getline parsing code that could
      be triggered by arbitrarily large header lines. Requests
      from the core input filter for single lines are now limited
      to HUGE_STRING_LEN (8192 bytes).  [Aaron Bannert]
 
   *) Fix a truncation bug in how we print the port on the Via: header. 
      The routine that prints the Via: header now takes a length for
      the port string.  [Zvi Har'El <rl math.technion.ac.il>]
 
   *) Some syntax errors in mod_mime_magic's magic file can result
      in a 500 error, which previously was unlogged.  Now we log the
      error.  [Jeff Trawick]
 
   *) Add the support/checkgid helper app, which checks the run-time
      validity of group identifiers usable in the Group directive.
      [Ken Coar]
 
   *) Various --enable-so options have been fixed: --enable-so is
      treated as "static"; explicit --enable-so=shared issues an error;
      and explicit --enable-so fails with error on systems without
      APR_HAS_DSO.  [Aaron Bannert]
 
   *) Fix a segfault in the core input filter when the client socket
      gets disconnected unexpectedly.  [Cliff Woolley]
 
   *) Fix the reporting for child processes that die.  This removes
      all of the non-portable W* macros from Apache. 
      [Jeff Trawick and Ryan Bloom]
 
   *) Win32: Track and display "Parent Server Generation:" in
      mod_status output. The generation will be bumped at
      server graceful restart, when the child process exits
      by hitting MaxRequestsPerChild or if the child 
      process exits abnormally. [Bill Stoddard]
 
   *) Win32: Fix problem where MaxRequestsPerChild directive was
      not being picked up in favor of the default. Enable
      the parent to start up a new child process immediately upon
      the old child starting shutdown.
      [Bill Stoddard]
 
   *) Fix some bungling of the remote port in rfc1413.c so that 
      IdentityCheck retrieves the proper user id instead of failing
      and thus always returning "nobody."  
      [Dick Streefland <Dick.Streefland xs4all.nl>]
 
   *) Introduced thread saftey for mod_rewrite's internal cache.
      [Brian Pane <bpane pacbell.net>]
 
   *) Simplified mod_env's directives to behave as most directives are
      expected, in that UnsetEnv will not unset a SetEnv and PassEnv 
      directive following that UnsetEnv within the same container.
      Also provides a runtime startup warning if a PassEnv configured 
      environment value is undefined.  [William Rowe]
 
   *) The worker MPM is now completely ported to APR's new lock API. It
      uses native APR types for thread mutexes, cross-process mutexes,
      and condition variables.  [Aaron Bannert]
 
   *) Sync up documentation to remove all references to the now deprecated
      Port directive.  [Justin Erenkrantz]
 
   *) Moved all ldap modules from the core to httpd-ldap sub-project
      [Ryan Bloom]
 
   *) Exit when we can't listen on any of the configured ports.  This
      is the same behavior as 1.3, and it avoids having the MPMs to
      deal with bogus ap_listen_rec structures.  [Jeff Trawick]
 
   *) Cleanup the proxy code that creates a request to the origin
      server.  This change adds an optional hook, which allows modules
      to gain control while the request is created if the proxy module
      is loaded.  The purpose of this hook is to allow modules to add
      input and/or output filters to the request to the origin.  While
      I was at it, I made the core use this hook, so that proxy request
      creation uses some of the code from the core.  This can still be
      greatly improved, but this is a good start.  [Ryan Bloom]
 
 Changes with Apache 2.0.26
 
   *) Port the MaxClients changes from the worker MPM to the threaded
      MPM.  [Ryan Bloom]
 
   *) Fix mod_proxy so that it handles chunked transfer-encoding and works
      with the new input filtering system.  [Justin Erenkrantz]
 
   *) Introduce the MultiviewsMatch directive, to allow the operator
      to be flexible in recognizing Handlers and Filters filename
      extensions as part of the Multiviews matching logic, strict with
      MultiviewsMatch NegotiatedOnly to accept only filename extentions 
      that designate negotiated parameters, (content type, charset, etc.)
      or MultiviewsAll for the 1.3 behavior of matching any files, even
      if they have unregistered extensions.  [William Rowe]
 
   *) Fixed the configure script to add a LoadModule directive to
      the default httpd.conf for any module that was compiled
      as a DSO.  [Aaron Bannert <aaron clove.org>]
 
   *) rewrite mod_ssl input filtering to work with the new input filtering
      system.  [Justin Erenkrantz]
 
   *) prefork: Don't segfault when we are able to listen on some but
      not all of the configured ports.  [Jeff Trawick]
 
   *) Build mod_so even if no core modules are built shared.
      [Aaron Bannert <aaron clove.org>]
 
   *) Introduce ap_directory_walk rewrite (with further optimizations
      required) to adapt to the ap_process_request_internal() changes.
      Optimized so subrequests and redirects now reuse previous section 
      merges, until we mismatch with the original directory_walk, and
      precomputed r->finfo results will cause directory_walk to skip
      the most expensive phases of the function.  [William Rowe]
 
   *) Allow ApacheMonitor to connect to and control Apache on other 
      WinNT/2K machines.   [Mladen Turk <mturk mappingsoft.com>]
 
   *) Remove the Port directive.  In it's place, the Listen directive
      is now a required directive, which tells Apache what port to
      listen on.  The ServerName directive has also been extended
      to accept an optional port.  If the port is specified to the
      ServerName, the server will report that port whenever it
      reports the port that it is listening on.  This change was
      made to ease configuration errors that stem from having a Port
      directive, and a Listen directive.  In that situation, the server
      would only listen to the port specified by the Listen command,
      which caused a lot of confusion to users.  [Ryan Bloom]
 
   *) Added mod_mime_magic, mod_unique_id and mod_vhost_alias to the Win32
      build, as loadable modules.  [William Rowe]
 
   *) Fix --enable-mods-shared processing.  If most is specified,
      then all modules that can be compiled as shared modules are.
      [Aaron Bannert <aaron clove.org>]
 
   *) Update the mime.types file to map video/vnd.mpegurl to mxu
      and add commonly used audio/x-mpegurl for m3u extensions.        
      [Heiko Recktenwald <uzs106 uni-bonn.de>, Lars Eilebrecht]
 
   *) Eliminate the depreciated r->content_language, in favor of the array
      r->content_languages introduced many years ago.  Module authors must
      substantially overhaul their modules, so this needs to be upgraded
      if the module still relied on backwards-brokeness.  [William Rowe]
 
   *) Allow configure help strings to work with autoconf 2.50+ and 2.13.
      [Justin Erenkrantz]
 
   *) Rewrite the input filtering mechanisms to consolidate and reorganize
      code.  In short, core_input_filter does something now and
      ap_http_filter is now only concerned with HTTP.  [Justin Erenkrantz]
 
   *) Update the Win32 build to re-absorb mod_proxy and family.
      [William Rowe]
 
   *) Resolved the build failure on Win32 using MSVC 5.0 (without the
      current SDK.)  [William Rowe]
 
   *) Some style changes to the code that does ProxyErrorOverride. Fixed
      config merge behaviour. [Graham Leggett]
 
   *) Allow support programs to be compiled against a static version
      of libapr.  This allows the smaller support programs to be 
      relocated.  [Aaron Bannert <aaron clove.org>]
 
   *) Update the mime.types file to the registered media types as
      of 2001-09-25, and add mapping for xsl extension [Mark Cox]
 
   *) Fix MaxClients in the Worker MPM, so that it specifies the maximum
      number of clients that can connect at the same time, instead of
      specifying the maximum number of child processes.
      [Aaron Bannert <aaron clove.org>]
 
   *) Switch proc_pthread AcceptMutex configuration directive to pthread to 
      be consistent with 1.3.  [Justin Erenkrantz]
 
   *) Cache apr_explode_localtime() value for 15 seconds.
      [Brian Pane <bpane pacbell.net>]
 
   *) Fix mod_include to not return ETag or Last-Modified headers.
      [Ian Holsman <ianh cnet.com>]
 
   *) Fix worker MPM's scoreboard logic.  [Aaron Bannert <aaron clove.org>]
 
   *) Eliminate the wasteful run-time conversion of method names from strings 
      to numbers in places where the methods are known at compile time.  
      [Brian Pane <bpane pacbell.net>]
 
   *) Turn the worker MPM's queue into a LIFO.  This may
      improve cache-hit performance under some conditions.
      [Aaron Bannert <aaron clove.org>]
 
   *) Switch back to SIGUSR1 for graceful restarts on all platforms that
      support it.  [Justin Erenkrantz]
 
   *) Cleanup the worker MPM.  We no longer re-use transaction
      pools.  This incurs less overhead than shuffling the pools
      around so that they can be re-used.  Remove one of the
      queue's condition variables.  We just redefined the API to
      state that you can't try to add more stuff than you allocated
      segments for.  [Aaron Bannert <aaron clove.org>]
 
   *) Fix SSL VPATH builds [Cody Sherr <csherr covalent.net>]
 
   *) Fixed persistent connections when a request contains a body.
      [Greg Stein]
 
   *) mod_dav uses a new API to speak to the backend provider for dead
      property management. [Greg Stein]
 
   *) Remove the Win32 script-processing exception from mod_cgi, and
      roll build_command_line/build_argv_list into a unified, overrideable
      ap_cgi_build_command optional function.  [William Rowe]
 
   *) Rewrite find_start_sequence to use a better search algorithm
      to find the start tag.  [Justin Erenkrantz]
 
   *) Fix a seg fault in mod_include.  When we are generating an
      internal redirect, we must set r->uri to "", not a bogus
      string, and not NULL.  [Ryan Bloom]
 
   *) Optimized location_walk, so subrequests, redirects and second passes
      now reuse previous section merges on a <Location > by <Location >
      basis, until we mismatch with the original location_walk. 
      [William Rowe]
 
   *) Back out the 1.45 change to util_script.c.  This change made
      us set the environment variable REQUEST_URI to the redirected
      URI, instead of the originally requested URI.
      [Taketo Kabe <kabe sra-tohoku.co.jp>]
 
   *) Make mod_include do lazy evaluation of potentially expensive to
      compute variables.  [Brian Pane <bpane pacbell.net>]
 
   *) Fix logging of bytes sent for HEAD requests.  %b and %B should
      log either - or 0, before this patch, they were both logging
      the file size.  [Taketo Kabe <kabe sra-tohoku.co.jp>]
 
   *) Make mod_include check for BYTE_CHECK_THRESHOLD per bucket rather 
      than per character.  [Brian Pane <bpane pacbell.net>]
 
   *) Normalize the primary request, redirects and sub-requests to
      run the same ap_process_request_internal for consistency in
      robustness, behavior and security.  [William Rowe]
 
   *) Fix a segfault with mod_include when r->path_info is not set
      (which is the case with mod_proxy).  [Ian Holsman <ianh cnet.com>]
 
   *) Add -X functionality back.  This indicates to all MPMs and any other
      part of Apache that it should run in "debug" mode.  [Justin Erenkrantz]
 
   *) Some initial support for the cygwin platform [prefork only].
      This is not to be confused with support for the WinNT/Win32
      platform, which is the recommended configuration for native
      Win32 users.  The cygwin platform support is recommended for
      cygwin platform users. [Stipe Tolj <tolj wapme-systems.de>]
 
   *) Changed syntax of Set{Input|Output}Filter.  The list of filters
      must be semicolon delimited (if more than one filter is given.)
      The Set{Input|Output}Filter directive now overrides a parent
      container's directive (e.g. SetInputFilter in <Directory /web/foo>
      will override any SetInputFilter directive in <Directory /web>.)
      This new syntax is more consistent with Add{Input|Output}Filter
      directives defined in mod_mime.  Also cures a bug in prior releases
      where the Set{Input|Output}Filter directive would corrupt the 
      global configuration if the multiple directives were nested.
      [William Rowe]
 
   *) Cured what's ailed mime for quite some time.  If an AddSomething
      was given in the configuration (Language, Charset, Handler or
      Encoding) Apache would set the content type as given by AddType, 
      but refused to check the mime.types file if AddType wasn't given 
      for that specific extension.  Setting the AddHandler for .html 
      without setting the AddType text/html html would cause Apache to 
      use the default content type.  [William Rowe]
 
   *) Added some bulletproofing to memory allocation in the LDAP cache
      code. [Graham Leggett]
 
 Changes with Apache 2.0.25
 
   *) Move the installed /manual directory out of the /htdocs/ tree, so
      that it can be kept more independently from the remaining document
      root. The "Alias /manual ..." already allowed for easy projection
      into existing private document trees. [Martin Kraemer]
 
   *) Add specified user attributes to the environment when using
      mod_auth_ldap. This allows you to use mod_include to embed specified
      user attributes in a page like so:
      Hello <!--#echo var="AUTHENTICATE_CN"-->, how are you?
      [Graham Leggett]
 
   *) Fix a performance problem with the worker MPM.  We now create
      transaction pools once, and re-use them for each connection.
      [Aaron Bannert <aaron clove.org>]
 
   *) Modfied mod_mime to prevent mod_negotation from serving a multiview
      of a 'handler' or 'filter', so that any filename extension that does 
      not contribute to the negotiated metadata can't be served without
      an explicit request.  E.g., if the .Z extension is associated with
      an unzip filter, the user request somefile.Z.html, mod_negotiation
      won't serve it.  It can serve somefile.Z.html when somefile.Z is
      requested, since the .Z extension is explictly requested, if the
      .html extension is associated with ContentType text/html.
      [William Rowe]
 
   *) Introduce the AddInputFilter filter[;filter...] ext [ext...]
      and corresponding AddOutputFilter syntax, to insert one or more 
      filters by mod_mime filename extension processing.
      [William Rowe]
 
   *) Fix a growing connection pool in core_output_filter() for 
      keepalive requests.  [Jeff Trawick]
 
   *) Moved split_and_pass_pretag_buckets back to being a
      macro at Ryans's request. Removed the return from it
      by setting and returning a return code instead. Updated
      the code to check the return code from the macro and
      do the right thing. [Paul J. Reder]
 
   *) Fix a segfault when a numeric value was received for Host:.
      [Jeff Trawick]
 
   *) Add a function ap_remove_input_filter.  This is to match
      up with ap_remove_output_filter.  [Ryan Bloom]
 
   *) Clean up location_walk, so that this step performs a minimum
      amount of redundant effort (it must be run twice, but it will no
      longer reparse all <Location > blocks when the request uri
      hadn't changed.)  [William Rowe]
 
   *) Eliminate proxy: (and all other 'special') processing from the
      ap_directory_walk() phase.  Modules that want to use special
      walk logic should refer to the mod_proxy map_to_location example,
      with it's proxy_walk and proxysection implementation.  This makes
      either directory_walk flavor much more legible, since that phase
      only runs against real <Directory > blocks.
      [William Rowe]
 
   *) SECURITY: Fix a security problem in mod_include which would allow
      an SSI document to be passed to the client unparsed.
      [Cliff Woolley, Brian Pane]
 
   *) Introduce the map_to_storage hook, which allows modules to bypass
      the directory_walk and file_walk for non-file requests.  TRACE
      shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the
      directory_walk/file_walk happen as APR_HOOK_VERY_LAST in core.c.
      [William Rowe]
 
   *) Add the ability for mod_include to add the INCLUDES filter
      if the file is configured for the server-parsed handler.
      This makes the configuration for .shtml files much easier
      to understand, and allows mod_include to honor Apache 1.3
      config files.   Based on Doug MacEachern's patch to PHP
      to do the same thing.  [Ryan Bloom]
 
   *) force OpenSSL to ignore process local-caching and to always
      get/set/delete sessions using mod_ssl's callbacks
      [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>,
       Geoff Thorpe <geoff geoffthorpe.net>]
 
   *) Make the worker MPM shutdown and restart cleanly.  This also
      cleans up some race conditions, and gets the worker using
      pools more cleanly.  [Aaron Bannert <aaron clove.org>]
 
   *) Implement CRYPTO_set_locking_callback() in terms of apr_lock
      for mod_ssl
      [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
 
   *) Fix for mod_include. Ryan's patch to check error
      codes put a return in the wrong place. Also, the
      include handler return code wasn't being checked.
      I don't like macros with returns, so I converted
      SPLIT_AND_PASS_PRETAG_BUCKETS into a function.
      [Paul J. Reder <rederpj raleigh.ibm.com>]
 
   *) fix segv in mod_mime if no AddTypes are configured
      [John Sterling <sterling covalent.net>]
 
   *) Enable ssl client authentication at SSL_accept time
      [Madhusudan Mathihalli <madhusudan_mathihalli hp.com>]
 
   *) Fix a segfault in mod_include when the original request has no
      associated filename (e.g., we're filtering the error document for
      a bad URI).  [Jeff Trawick]
 
   *) Fix a storage leak (a strdup() call) in mod_mime_magic.  [Jeff Trawick]
 
   *) The prefork and OS/2 MPMs are overwriting the pid file when a second copy
      of httpd is started and shuts down due to socket conflict. Moving the
      call to ap_log_pid solves the problem.
 
   *) Changed the late-1.3 log_config substitution %c to %X, to log the
      status of the closed connection, as it conflicts with the far more
      common, historical ssl logging directive %...{var}c.  [William Rowe]
 
   *) Added the common error/ tree to the build/install targets 
      (similar to the common icons/ tree) for the multi-language error 
      messages that Lars committed earlier.  [William Rowe]
 
   *) Added a multi process, multi threaded OS/2 MPM mpmt_os2.  [Brian Havard]
 
   *) Added a default commented-out mod_ldap and mod_auth_ldap
      configuration to httpd-std.conf and httpd-win.conf
      [Graham Leggett]
 
   *) Added documentation for mod_ldap and mod_auth_ldap.
      [Graham Leggett]
 
   *) Enabled negative caching on attribute comparisons in the LDAP cache.
      Fixed a problem where the default cache TTL was set in milliseconds
      not microseconds causing the cache to time out almost immediately.
      [Graham Leggett]
 
   *) Fixed all the #if APR_HAS_SHARED_MEMORY checks within the LDAP
      module code to follow APR. [Graham Leggett]
 
   *) Fixed LDAP cleanup on graceful restarts. LDAP connections are now
      cleaned up when the connection pool pool is cleaned up.
      [Graham Leggett]
 
   *) Fix a minor issue with Jeff Trawick's mod_include
      patch. Without this patch, the code will just allocate
      more bytes in get_combined_directive than are needed.
      [Paul Reder]
 
   *) Added the LDAP authentication module mod_auth_ldap.
      [Dave Carrigan <dave rudedog.org>, Graham Leggett]
 
   *) Added the LDAP cache and connection pooling module mod_ldap.
      [Dave Carrigan <dave rudedog.org>, Graham Leggett]
 
   *) Fix --enable-modules=all breakage with mod_auth_db and mod_auth_digest
      by allowing a module to disable itself if its prerequisites are not
      met.  [Justin Erenkrantz]
 
 Changes with Apache 2.0.24
 
   *) Fix a couple of issues in mod_include when the tag appeared at
      offsets near 8192 in the file being parsed.  [Jeff Trawick]
 
   *) Fix an assertion failure in mod_ssl when the keepalive timeout is  
      reached.  [Jeff Trawick]
 
   *) Numerous improvements to the Win32 build system.  Introduced command line
      builds without requiring .mak files for MSVC 6.0 and later versions.
      Improved .dsp file compatibility for both Visual Studio 5.0 and 6.0 users.
      [William Rowe]
 
   *) Assorted corrections and improvements to the winnt_mpm startup code.  Better
      reporting of uninstalled services and other error conditions, and changed the 
      default service name to Apache2.  [William Rowe]
 
   *) Numerous improvements to the Win32 ApacheMonitor utility, including winnt_mpm 
      compatibility with existing Apache 1.3 Win32 Apache management utilites.