The Apache Project is a collaborative software development effort aimed at creating a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (Web) server. The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation. These volunteers are known as the Apache Group. In addition, hundreds of users have contributed ideas, code, and documentation to the project.
What is new in this release:
*) mod_http2: added donated HTTP/2 implementation via core module. Similar configuration options to mod_ssl.]
*) mod_proxy: don't recyle backend announced "Connection: close" connections to avoid reusing it should the close be effective after some new request is ready to be sent.
*) mod_substitute: Allow to configure the patterns merge order with the new SubstituteInheritBefore on|off directive.
*) mod_proxy: Fix ProxySourceAddress binding failure with AH00938.
What is new in version 2.4.16:
*) http: Fix LimitRequestBody checks when there is no more bytes to read.
*) mod_alias: Revert expression parser support for Alias, ScriptAlias and Redirect due to a regression (introduced in 2.4.13, not released).
*) mod_reqtimeout: Don't let pipelining checks and keep-alive times interfere with the timeouts computed for subsequent requests. PR 56729.
*) core: Avoid a possible truncation of the faulty header included in the HTML response when LimitRequestFieldSize is reached.
*) mod_ldap: In some case, LDAP_NO_SUCH_ATTRIBUTE could be returned instead of an error during a compare operation.
What is new in version 2.4.10:
Fix crash in Connection header handling which allowed a denial of service attack against a reverse proxy with a threaded MPM. [Ben Reser]