|
| 1 | +============== |
| 2 | +Version 4.4.10 |
| 3 | +============== |
| 4 | + |
| 5 | +Version 4.4.10 of mod_wsgi can be obtained from: |
| 6 | + |
| 7 | + https://codeload.github.com/GrahamDumpleton/mod_wsgi/tar.gz/4.4.10 |
| 8 | + |
| 9 | +For details on the availability of Windows binaries see: |
| 10 | + |
| 11 | + https://github.com/GrahamDumpleton/mod_wsgi/tree/master/win32 |
| 12 | + |
| 13 | +Bugs Fixed |
| 14 | +---------- |
| 15 | + |
| 16 | +1. Fixed a reference counting bug which would cause a daemon process to |
| 17 | +crash if both ``home`` and ``python-path`` options were specified at the |
| 18 | +same time with the ``WSGIDaemonProcess`` directive. |
| 19 | + |
| 20 | +2. When using ``--https-only`` option with ``mod_wsgi-express``, the |
| 21 | +redirection from the ``http`` address to the ``https`` address was not |
| 22 | +setting the correct port for ``https``. |
| 23 | + |
| 24 | +Features Changed |
| 25 | +---------------- |
| 26 | + |
| 27 | +1. Changed the default Apache log level for ``mod_wsgi-express`` to |
| 28 | +``warn`` instead of ``info``. This has been done avoid very noisy logs |
| 29 | +when enabling secure HTTP connections. To set back to ``info`` level use |
| 30 | +the ``--log-level`` option. |
| 31 | + |
| 32 | +2. When specifying a service script with the ``--service-script`` option of |
| 33 | +``mod_wsgi-express``, the home directory for the process will now be set to |
| 34 | +the same home directory as used for the hosted WGSI application. Python |
| 35 | +modules from the WSGI application will therefore be automatically found |
| 36 | +when imported. Any directory paths added using ``--python-path`` option |
| 37 | +will also be added as search directories for Python module imports, with |
| 38 | +any ``.pth`` files in those directories also being handled. In addition, |
| 39 | +the language locale and Python eggs directory used by the hosted WSGI |
| 40 | +application will also be used for the service script. |
| 41 | + |
| 42 | +3. When specifying ``--python-path`` option, when paths are now setup for |
| 43 | +the WSGI application, they will be added in such a way that they appear at |
| 44 | +the head of ``sys.path`` and any ``.pth`` files in those directories are |
| 45 | +also handled. |
| 46 | + |
| 47 | +New Features |
| 48 | +------------ |
| 49 | + |
| 50 | +1. Added the ``--directory-listing`` option to ``mod_wsgi-express`` to |
| 51 | +allow automatic directory listings to be enabled when using the static file |
| 52 | +application type and no explicit directory index file has been specified. |
| 53 | + |
| 54 | +2. In addition to the convenience function of ``--ssl-certificate`` for |
| 55 | +``mod_wsgi-express``, which allowed the SSL certificate and private key |
| 56 | +file to be specified using one option by specifying the command file |
| 57 | +name up to the extension, separate ``--ssl-certificate-file`` and |
| 58 | +``--ssl-certificate-key-file`` options are now also provided. These |
| 59 | +would either both need to be specified, or the existing |
| 60 | +``--ssl-certificate`` option used, when specifying that secure HTTPS |
| 61 | +connections should be used through having specified ``--https-port``. |
| 62 | + |
| 63 | +3. Added the ``--ssl-ca-certificate-file`` option to ``mod_wsgi-express``. |
| 64 | +If specified this should give the location of the file with any CA |
| 65 | +certificates to be used for client authentication. As soon as this option |
| 66 | +is provided, the client authentication will be required for the whole site. |
| 67 | +This would generally be used in conjunction with the ``--https-only`` |
| 68 | +option so that only a secure communication channel is being used. |
| 69 | + |
| 70 | +If you do not wish for the whole site to required client authentication, |
| 71 | +you can use the ``--ssl-verify-client`` option to specify sub URLs for |
| 72 | +which client authentication should be performed. |
| 73 | + |
| 74 | +4. Added the ``--ssl-environment`` option to ``mod_wsgi-express`` to enable |
| 75 | +the passing of standard SSL variables in the WSGI environ dictionary passed |
| 76 | +to the WSGI application. |
| 77 | + |
| 78 | +5. Added the ``WSGITrustedProxies`` directive and corresponding option of |
| 79 | +``--trust-proxy`` to ``mod_wsgi-express``. This works in conjunction with |
| 80 | +the ``WSGITrustedProxyHeaders`` directive and ``--trust-proxy-header`` |
| 81 | +option of ``mod_wsgi-express``. When trusted proxies are specified, then |
| 82 | +proxy headers will only be trusted if the request originated with a trusted |
| 83 | +proxy. Further, any IP addresses corresponding to a proxy listed in the |
| 84 | +``X-Forwarded-For`` header will only be trusted if specified. When |
| 85 | +determining the value for ``REMOTE_ADDR`` the IP preceding the last |
| 86 | +recognised proxy the request passed through will be used and not simply the |
| 87 | +first IP listed in the header. The header will be rewritten to reflect what |
| 88 | +was honoured with client IPs of dubious origin discarded. |
0 commit comments