Topic: mod_fcgid 2.3.10-dev available

[Steffen]

Almost 6 years ago 2.3.9 was released by the ASF.

There are fixes hanging in trunk, the best is make them available with 2.3.10-dev from trunk.

More info about mod_fcgid : https://httpd.apache.org/mod_fcgid/


Steffen

Changes with mod_fcgid 2.3.10-dev (trunk 6 May 2019)

*) Send Content-Length to backend for chunked request bodies. PR 53332.
[Dominic Benson, Joe Orton]

*) Fix memory consumption for large requests. PR 51747.
[Dominic Benson, Jan Stürtz]

*) Use an alternate, lower severity log message when a failure to
forward a response is due to the client connection being aborted.
[Eric Covener]

*) Windows: "graceful kill fail, sending SIGKILL" log message is now
debug level instead of warning. PR 54597. [Mario Brandt]

Changes with mod_fcgid 2.3.9

*) Revert fix for PR 53693, added in 2.3.8 but undocumented. Fix
issues with a minor optimization added in 2.3.8. [Jeff Trawick]

Changes with mod_fcgid 2.3.8 (not released)

*) SECURITY: CVE-2013-4365 (cve.mitre.org)
Fix possible heap buffer overwrite. Reported and solved by:
[Robert Matthews <rob tigertech.com>]

*) Add experimental cmake-based build system for Windows. [Jeff Trawick]

*) Correctly parse quotation and escaped spaces in FcgidWrapper and the
AAA Authenticator/Authorizor/Access directives' command line argument,
as currently documented. PR 51194 [William Rowe]

*) Honor quoted FcgidCmdOptions arguments (notably for InitialEnv
assignments). PR 51657 [William Rowe]

*) Conform script response parsing with mod_cgid and ensure no response
body is sent when ap_meets_conditions() determines that request
conditions are met. [Chris Darroch]

*) Improve logging in access control hook functions. [Chris Darroch]

*) Avoid making internal sub-requests and processing Location headers
when in FCGI_AUTHORIZER mode, as the auth hook functions already
treat Location headers returned by scripts as an error since
redirections are not meaningful in this mode. [Chris Darroch]

[Steffen]

Almost 6 years ago 2.3.9 was released by the ASF.

There are fixes hanging in trunk, the best is make them available with 2.3.10-dev from trunk. We keep 2.3.9 available.

[Smitty]

2.3.10 working fine here. The error.log is breathing a sigh of relief now with the SIGKILL notices gone.

[Jan-E]

Was there a special reason to make this available without a ASF release? Which of the changes was important enough to justify this ‘release’?

[James Blond]

[Jan-E]

OK. I still regret that mod_fcgid is not part of the httpd project it self, like so many other modules. Did you ever try to get that accepted?

[James Blond]

Yes, but mod_proxy_fcgi was more in favor. There was a hype about all mod_proxy_* modules. Gladly mod_proxy_html made it into the main project. Also mod_macro.
I don't think the hype was a bad thing. A lot of code was cleaned and the different proxy modules use the same api and the same base module / code.
mod_proxy_fcgi is for PHP FPM which doesn't work so great for me on windows. Also I prefer the fact of multiple PHP processes. That way multi core cpu are much better used.

Another reason from my point of view is that there not so many windows guys on the httpd dev list.

[admin]

Now 2.3.10 available for VS16

[jmweb]

Any chance the following patch can make it into 2.3.10?

https://lists.gt.net/apache/dev/390238

If not, I will have to keep using a custom build with each release

[Steffen]

Is already there

http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1847623

[Steffen]

Now also available for VS17.

[James Blond]

We need a release of that version. it might be an option to send more email requests for that to the development mailing list.