This file contains an overview of version differences. The list
is not complete. Refer to cvs comments for more information.

Changes since 3.6 beta 24
- Fix compilation of LDAP authentication

Changes since 3.6 beta 23
- Clean up 'forward' syntax in .redir to match 'redir' command
- Include a replacement crypt() if libc, libcrypt and libssl fail
- Add NoPrivs option to .xsconf (and deprecate .xsuid)
- Enable Smashing Stack Protector (SSP) by default
- Fix parsing of empty lines in mime.types

Changes since 3.6 beta 22
- Fix possible build conflict caused by libmd and openssl
- Fix parsing of mime.types files

Changes since 3.6 beta 21
- Fix memory mismanagement in digest authentication verification
- Replace fgets(), fgetln() by friendlier fparseln() routine
  Include replacement functions for fgetln() and fparseln()
- Fix crash in https timeout handler
- Portability fixes (b20 doesn't work on many platforms)
- Tweak TCP options (especially for Linux systems)
- Add xspasswd -r option to remove accounts from password file

Changes since 3.6 beta 20
- Remove arbitrary string length limits for many configuration files,
  HTTP header messages and SSL certificate fields
- Add support for SSLVhosts (using TLS extension: Server Name Indication)
- Fix NULL-pointer dereference and string termination in HTML encoding
- Add UseSendfile option in httpd.conf to disable sendfile(2)

Changes since 3.6 beta 19
- Fix memory mismanagement in digest authentication verification

Changes since 3.6 beta 18
- Enable experimental ruby interpreter (internal:ruby)

Changes since 3.6 beta 17
- Fix parsing problem in run-cgi SSI (and maybe other places)

Changes since 3.6 beta 16
- Add index.xhtml and index.xml to default IndexFiles
- Improve url-encoding routine

Changes since 3.6 beta 15
- Fix escaping of user input used in HTML error messages;
  possible XSS abuse reported by Serge van den Boom
- Fix checks for pcre used by libxs

Changes since 3.6 beta 14
- Fix potential crash in server-side include parsing

Changes since 3.6 beta 13
- Always terminate SSL connection when reading from socket fails
- Add conditional ifenv option to .redir files

Changes since 3.6 beta 12
- Don't install empty docdir
- Shuffle internal structures (reduce global vars, getenv calls)
- Reject non-HTTP protocol specifiers

Changes since 3.6 beta 11
- Drop persistent connections after client read/write errors

Changes since 3.6 beta 10
- Add RedirFile configuration option for light-weight vhosts
- Sort qvalues in accept-* arrays
- Fake qvalues for */* and type/* when qvalues are not used

Changes since 3.6 beta 9
- Use original URL in rewriting rules before trying index.html
- Add PhIconDir option, analogous to PhExecDir

Changes since 3.6 beta 8
- Close unused CGI pipes (could block execution), by jilles

Changes since 3.6 beta 7
- Extend characters available for alternative setproctitle()
- Lock pidfile and don't start if somebody holds a lock
- Allow multiple arguments to Restrict and AuthFile
- Allow method selector in .xsconf blocks (e.g. only match POST)

Changes since 3.6 beta 6
- Improve configuration checks
- Fix include order and typechecks

Changes since 3.6 beta 5
- Enable FastCGI support again (experimental)
- Clean Perl and Python detection and initialisation (experimental)

Changes since 3.6 beta 4
- Shuffle configuration files
- Fix build outside source directory (wrt config.h)
- Fix sendfile on Linux
- Fix infinate read when content-length exceeds post data
- Portability fixes in function/library checking

Changes since 3.6 beta 3
- Remove outputbuffer and set TCP_NOPUSH (where available)
- Add 'passexist' redirection command

Changes since 3.6 beta 2
- Fix server-side include variable cleanup
- Use sendfile (where appropriate)

Changes since 3.6 beta 1
- Add http status code back to $ERROR_READABLE

Changes since 3.5 beta 31
- No functional changes

Changes since 3.5 beta 30
- Fix read errors with long POST content

Changes since 3.5 beta 29
- Make CGI header size dynamic (unlimited)
- Add default PathInfoScripts (imagemap, xschpass)
- Update manpages

Changes since 3.5 beta 28
- Fix basic authentication check
- Fix ldap authentication check

Changes since 3.5 beta 27
- Fix reading of stderr data from CGI scripts (could block CGI)
- Minor code cleanups

Changes since 3.5 beta 26
- Add -f filename option to xspasswd
- Change default of UsePut to true; document default settings
- Minor portability improvements
- Minor changes in server error messages (standard format)
- Add LogScript to log CGI script error messages

Changes since 3.5 beta 25
- Implement chunked requests (post and put) - also persistent
- Prompt for a passphrase when reading protected SSL key
- Honour Accept and Accept-Charset request headers

Changes since 3.5 beta 24
- Start webserver with httpdc start/restart even when not running yet,
  based on a patch by Ariane
- Fix list parsing and allocation
- #include virtual SSI can now run CGIs as well
- #include binary SSI to include unparsed content
- Implement HTTP PUT and DELETE support (experimental)

Changes since 3.5 beta 23
- Fix bug in HTTP/0.9 redirection
- Don't send headers with HTTP/0.9 error messages
- Rewrite list parsing routines (now filters q-values)
- Implement support for HTTP trailers with chunked transfers
- Implement Content-MD5 support (using libmd)

Changes since 3.5 beta 22
- Flush POST data buffer when CGI did not read it
- Move configuration file handling functions to separated files
- Don't send (zero length) body when CGI produces 304 status
- Fix timeout handling during blocking SSL_read
- Fix error handling on HEAD requests

Changes since 3.5 beta 21
- Fix library linking order for strict linkers
- Remove misplaced CGI error message
- Log CGI errors to the vhost specific error_log
- Fix redirect check with /~username (use /~username/ instead)
- Disable internal:fcgi for now (wasn't useful yet anyway)

Changes since 3.5 beta 20
- Fix If-(Un)modified-Since header parsing
- Add UseCoreDump and UseETag configuration options
- Implement ETag header and If-Match, If-None-Match handling
- Log 304 (not modified) status code

Changes since 3.5 beta 19
- Change to BSD style license (2 clause version)

Changes since 3.5 beta 18
- Fix time format in If-Modified-Since handling (caused 2hr offset)
- Add REQUEST_URI environment variable
- Avoid duplicated Pragma headers
- Don't fold Set-Cookie headers
- Include vhost name in error logging, by Ed Schouten

Changes since 3.5 beta 17
- Increase chunk size for files >12Mb
- Use srandomdev() where available
- Make sure redirects use absolute URLs
- Fix reverse DNS lookups

Changes since 3.5 beta 16
- Fix CGI Status header parsing

Changes since 3.5 beta 15
- Deal nicely with blocking write interrupts (don't abort write)
- Fix POST data handling broken by recent readlinemode changes
- Handle HTTP/1.1 TRACE requests
- New header parsing routines (understands multi-line headers)

Changes since 3.5 beta 14
- Fix config file parsing bug
- Removing lingering sockets using sendfrom
- Cleanup xschpass and enable digest password updates

Changes since 3.5 beta 13
- Fix read/write (error) handling; deprecate readlinemode
- Fix connection timeout when no data is exchanged yet
- Fix authentication header parsing

Changes since 3.5 beta 12
- Allow shell redirect or command line options in Execute argument
- Fix segfault in error message for non-existent user pages
- Discard the body from a CGI on HEAD requests
- Implement RFC 2617 digest auth with qop=auth, algorithm=md5
- Don't terminate child upon alarm when no data has been exchanged

Changes since 3.5 beta 11
- Fix $SCRIPT_NAME for secondary index files
- Add PathInfoScripts option to use $PATH_INFO uid for system CGIs
- Fix absolute pathnames in #include SSI
- Clean up xschpass and xscrypt
- Install xschpass by default again (not suid; with manpage)

Changes since 3.5 beta 10
- Fix convertpath() which was broken for long filenames
- Fix SSL environment vars (now available again to CGI)
- Fix $SCRIPT_NAME when PATH_INFO is supplied

Changes since 3.5 beta 9
- LDAP authentication directives moved to .xsconf
- SSL authentication directives added to .xsconf
- Use OpenLDAP 2.3+ function names
- Move all global configuration files to Rootdir/conf subdir
- Move icons back to Rootdir/icons and add IconDir config option
- Add option UseStrictHostname to check Host: headers

Changes since 3.5 beta 8
- Allow DSA keyfiles to specify DSA parameters instead of DH parameters
- Fix setting of PWD, SCRIPT_{,FILE}NAME for index file
- Add -x option to 'xsindex' to exclude certain files or file patterns
- Allow CGI output to start directly with content
- Include httpd_ssi and httpd_cgi manuals by Janjaap van Velthooven
- Enable PCRE support by default (where available)

Changes since 3.5 beta 7
- Simplify directory and file settings in configure and confuser.h
- Improve internal crypt() functionality and usage
- Fix file descriptor leak
- CGI changes
  - Fix PATH_TRANSLATED once again;
    support scripts gfxcount, imagemap, xschpass may now actually work
  - Pass all (unknown) headers as HTTP_* environment variables
  - Add QUERY_STRING_UNESCAPED environment variable (NCSA-compatible)
- Server-side include changes
  - Add optional 'format' and 'zone' arguments to 'date', 'date-format'
  - Implement 'encoding=url' argument to 'echo'
  - No longer accept arguments to 'printenv'

Changes since 3.5 beta 6
- Remove obsoleted command line arguments
- Remove SSI compile time option (now runtime configuration option)
- Remove IPv6 compile time option
- Add local IndexFile option to .xsconf
- Don't install xschpass by default; Install suid root if requested
- Remove broken user-name guessing from 404 error page

Changes since 3.5 beta 5
- Show 403 when .noxs/.xsauth/.xsconf exists, but is not readable
- First go at linking with a Python interpreter (--with-python)
- Change process naming: master will be MAIN-A
- Add support for UseAcceptFilter (using accf_http(9) on FreeBSD)

Changes since 3.5 beta 4
- Remember that icons should go into htdocs/icons
- Fix MD5 selection on systems with libmd
- Fix perl interpreter (compilation)
- Fix header corruption triggered by IndexFile selection for rootdir

Changes since 3.5 beta 3
- Resolve possible md.5 conflict between libmd and libssl (35b02)
- Fix library linking order for old systems (35b02)
- Rename --enable-perl to --with-perl
- Change default (unknown) mime type to application/octet-stream
- Fix authentication handling (first entry was ignored; 35b01)
- Add large file support (>2Gb)

Changes since 3.5 beta 2
- Fix a bug in chunked transfer encoding (35b01)
- Fix a bug in ./configure (35b01)

Changes since 3.5 beta 1
- Use MD5() from OpenSSL when MD5Data() is not available (Linux)
- Add p3pReference and p3pCompactPolicy options to set P3P header
- Add ContentLanguage option
- Move standard library replacement functions to libcompat
- Various portability fixes

Changes since 3.4 beta 26
- Include xsconf.1
- Change xspasswd: it now defaults to unlocked passwords
- Add xspasswd -d option to store password digests (default)
- Update agentstats (Ed)
- Add ScriptTimeout option to .xsconf
- Fix script error logging in system error log
- Implement RFC2069 Digest Authentication (with fresh nonces)

Changes since 3.4 beta 25
- Fix #if argument check when argument does not exist
- Rename .xsmatch to .xsconf
- Implement Restrict, MimeType, Execute, Charset in .xsconf

Changes since 3.4 beta 24
- Allow quoted whitespace in #if argument list
- Check for #set variables in #if var=...
- Allow preprocessor to handle global configuration file

Changes since 3.4 beta 23
- Delay setting PATH_TRANSLATED, making it work for index pages as well
- Add #set SSI option (set variables are available accross #include's)
- Make a distinction between  #echo var  and  #echo envvar
- Completely rewrite internal SSI argument parsing

Changes since 3.4 beta 22
- Force HTTP/1.0 on forwarded requests (avoid chunked data issues)
- Enable forwarded POST requests
- Enable forwarded HTTPS requests

Changes since 3.4 beta 21
- Fix compilation with LDAP support
- Support default .xsscripts interpreter program (using * as extension)
- Improve building on systems lacking some libc functionality
- Fix path used in redir (again)
- Document redirection support in xsredir(5)

Changes since 3.4 beta 20
- Workaround for file descriptor leak
- Fix ssl post writing error
- Fix path considered by redir and xsmatch
- Check for environment variables in SSI, with #if var="VAR" pattern(s)
- Fix 100 Continue response

Changes since 3.4 beta 19
- Fix another error in handling of writes
- Fix error handling for reading as well

Changes since 3.4 beta 18
- Fix write counter to avoid problems with HTTP/1.1 and non-blocking sockets
- Fix error handling for large writes

Changes since 3.4 beta 17
- Fix bug with default indexfiles on 64-bits arch
- Handle query_string in redirect parsing
- Gracefully handle missing compress.methods
- Allow multiple vhost entries for one SocketName

Changes since 3.4 beta 16
- SSL certificate files must be listed in the Socket section (not global)
- SocketName can now link with multiple Virtual entries (using SocketName)
- Virtual entries linked with SocketName won't be available on other sockets
- Wait for CGI binaries to terminate properly

Changes since 3.4 beta 15
- Increase (header) line buffer size
- Fix query string arguments with redirects
- Rename httpdc kill to stop - kill now forces quick termination
- Re-read entire configuration file upon httpdc reload
- Remove READBLOCK mode due to problems with requests streaming
- Remove superfluous warnings related to closing (HTTP/1.1) sockets

Changes since 3.4 beta 14
- Don't send error messages to closed sockets
- Remove the following global configuration options:
  UseCharset, UseRestrictAddr, UseVirtualHost, UsePcreRedir, UseLdapAuth
- Use fnmatch() rather than PCRE for .xsmatch rules
- Show a proper error message (403) for non-executable CGIs

Changes since 3.4 beta 13
- Remove Connection: close for CGI execution
- Fix uid handling for non-homedirs

Changes since 3.4 beta 12
- Fix Content-Length headers with error messages
- Default to persistent connections on HTTP/1.1
- Add 'forward' option to .redir to offload request to remote server

Changes since 3.4 beta 11
- Fix lockfile names in clearxs
- Fix error message on missing/bad hostname
- Fix HTTP/1.1 header compliance on CGI execution
- Send HTTP/1.1 chunked CGI/SSI output
- Increment several in/output buffers to speed up transactions

Changes since 3.4 beta 10
- Implement .xsmatch checking, based on a patch by Rink Springer
  It currently knows AuthFilename and AccessFilename directives
- Reshuffle functions that do .noxs .redir .xsauth (no functional changes)
- Remove mygetopt, mystring, procname
- Do litteral string matching rather than nothing when PCRE not available
- Fix PATH_TRANSLATED (again)
- Remove RLIMIT_MEMLOCK for CGI's: mlock() is now allowed

Changes since 3.4 beta 9
- Fix in xscounter updating, add xscat, add cleanup routines to reformatxs
- Fix stupid bug in SocketName handling which broke <Virtual> sections
- Add basis for FastCGI support (unfinished), by Remko van der Vossen
- Clean up SSL initialisation and termination

Changes since 3.4 beta 8
- Fix operation with OpenSSL 0.9.8
- Implement the <!--#echo variable--> server-side include
  This obsoletes #agent-short, #agent-long, #argument and #referer
- Document the <!--#printenv--> server-side include
- Add SocketName option to link a <Socket> to a specific <Virtual> entry
- Fix $ERROR_URL_ESCAPED environment variable

Changes since 3.4 beta 7
- Fix overwriting of counter lockfile
- Improved readline() boundary checking, by Dennis Payne
- Improved error handling in case SSL handshake fails
- Support reading of SSL DH parameters from cert (required for DSA certs)

Changes since 3.4 beta 6
- Fix file descriptor leak (upon https call of CGI outside cgi-bin dir)

Changes since 3.4 beta 5
- SSI counter format changed: run src/reformatxs before starting!
  It now stores timestamp of last view, so clearxs can remove old records
- Fix a bug in handling of script.methods in combination with .xsscripts

Changes since 3.4 beta 4
- Remove the less useful -D, -r command line options
- Clean up httpd, httpd.conf manual layout

Changes since 3.4 beta 3
- Fix SERVER_PORT variable
- Fix child SEGV on illegal request and other small bugs
- Browser definition updates from Ed

Changes since 3.4 beta 2
- Add SSLMatch[SI]DN config option to match client certs (PCRE req'd)
- Add $SSL_CLIENT_VERIFY information for SSLAuthenticate = optional
- Rename SSLAuthentication to SSLAuthenticate
- Add ScriptEnvPath configuration option to set $PATH for CGIs

Changes since 3.4 beta 1
- Support SSL client certificates (see SSLAuthentication)

Changes since 3.3 beta 35
- Reorder C replacement functions
- Allow reusable SSL sessions (untested)
- Fix late uid check that might cause confusing error message
- Remove $LOCALMODE environment variable; clean up others

Changes since 3.3 beta 34
- Once again fix handling of virtual uids

Changes since 3.3 beta 33
- Remove duplicated authorization checks for CGI
- Remove SSLv2 compatibility: keep SSLv3 and TLSv1
- Improve error handling, limit $ERROR_CODE cases

Changes since 3.3 beta 32
- Directory redirects are backwards compatible again (i.e. add filename)

Changes since 3.3 beta 31
- Fix compilation on NetBSD, by Ed Schouten

Changes since 3.3 beta 30
- Allow SSL certs per socket config. '-s' is now deprecated.

Changes since 3.3 beta 29
- Error messages are now valid xhtml, by Ed Schouten
- Fix domain detection and S_IFDIR on Linux, by Peter Koeleman
- Fix perl interpreter usage, by Peter Koeleman

Changes since 3.3 beta 28
- Allow comments in .redir and .noxs files, fix parsing

Changes since 3.3 beta 27
- Previous uid fix was broken, this one's better

Changes since 3.3 beta 26
- Use configured virtual host uid for non-user CGI binaries

Changes since 3.3 beta 25
- Added contrib/agentstats.pl for user agent statistics, by Ed Schouten
- PCRE and LDAP support are now *disabled* by default
- httpd -v option displays compiled in options (better than ldd guessing)
- Include PATH_INFO and QUERY_STRING info in access logging of CGI's
- Fix race condition in posting via https

Changes since 3.3 beta 24
- Fix handling of 'pass' in .redir files

Changes since 3.3 beta 23
- wwwstats.pl changed to show per domain averages
- Change how .redir with PCREs work (not backwards compatible)
- Allow server-side URL rewrites using .redir files and PCREs

Changes since 3.3 beta 22
- Allow multiple extensions in mime.types lines and ignore empty definitions
- Move supplied tools to contrib directory

Changes since 3.3 beta 21
- Fix handling of local .mimetypes files
- Include example vhost statistics script by Ed Schouten
- Log configured main vhost name, rather than client's Host: header

Changes since 3.3 beta 20
- Set $USER, $HOME and $PWD as users might expect

Changes since 3.3 beta 19
- Introduce strlcat, strlcpy (with replacement functions)
- Allow port indication in <Virtual> Hostname field:
  one can now use different configs (dirs) depending on the port number

Changes since 3.3 beta 18
- Fix session termination when entire POST has been read

Changes since 3.3 beta 17
- Fix missing SSL_CIPHER environment variable

Changes since 3.3 beta 16
- Workaround for possible race condition

Changes since 3.3 beta 15
- Include LDAP authentication patch by Rink Springer, see xsauth(5)

Changes since 3.3 beta 14
- Clean up temp files used during extracting of compressed data
- Add UsePcreRedir to interpret PCREs in *.redir files

Changes since 3.3 beta 13
- Add HostAlias option to define multiple hostnames with the same settings
- Add ScriptCpuLimit option to limit CPU abuse of CGI scripts (in mins)

Changes since 3.3 beta 12
- Pathnames containing // or /./ will now generate a redirect
- DNS lookups for logging can be disabled with UseDnsLookup

Changes since 3.3 beta 11
- Cleaned up SSL and moved to libxs.a as well (to do: cgi-ssl)

Changes since 3.3 beta 10
- Include local strsep and fix other replacement functions
- Revamped build system by using a libxs.a for general functions

Changes since 3.3 beta 9
- Added LogStyle 'virtual': combined log with http_host prefix

Changes since 3.3 beta 8
- Added IndexFiles configuration directive

Changes since 3.3 beta 7
- Style cleanup and minor bug fixes (thanks Janjaap)
- Document recently introduced features
- Fixed bug in https directory redirects

Changes since 3.3 beta 6
- Finally got rid of all the DECL* macros (thanks Janjaap)
- Also removed VOID, PROTO, NOFORWARDS, NONEWSTYLE
- Some compile warnings fixed

Changes since 3.3 beta 5
- Recursive .mimetypes
- Recursive .xsscripts

Changes since 3.3 beta 4
- Allow per directory .mimetypes

Changes since 3.3 beta 3
- Several patches to compile on other machines
- Added VirtualHostDir configuration directive. Please set this.

Changes since 3.3 beta 2
- Make default charset configurable
- Recursive check for .noxs and .charset files as well
- Parse IP or IPv6 prefix (CIDR-notation) in .noxs

Changes since 3.3 beta 1
- Recursive check for .xsauth files (probably not air-tight)
- SSL certificate files are a global setting
- Add charset=US-ASCII for text documents if unspecified

Changes since 3.2 gamma 1
- Remove superfluous double quotes from logs (rewrite as single quote)
- Allow configurable priority - and a separate prio for user CGI's
- Deprecate LocalMode option - use %u with full path in Users/HtmlDir

Changes since 3.2 beta 36
- Accomodate new autoconf (259) and automake (1.8) versions

Changes since 3.2 beta 35
- SERVER_NAME uses the requested HTTP_HOST instead of default hostname

Changes since 3.2 beta 34
- A 404 NOT FOUND error was returned when not appropriate
- Tested (and working) with PHP 5.0.0

Changes since 3.2 beta 33
- Last socket instance might have wrong settings
- HANDLE_SCRIPT and HANDLE_COMPRESSED can no longer be disabled at compile;
  set UseLocalScript or UseCompressed to false if you don't want it

Changes since 3.2 beta 32
- Fix a bug in naming logfiles (this broke httpdc reload)
- Prepare for DIGEST-MD5 support (not implemented yet)
- Make ScriptTimeout configurable

Changes since 3.2 beta 31
- The multiple sockets implementation did not work. Redone.

Changes since 3.2 beta 30
- Fix -p (port) command line option
- New option -N disables configuration file, logging and pidfile

Changes since 3.2 beta 29
- Enable logging through an external program, such as cronolog
- Support binding on multiple sockets simultaneously

Changes since 3.2 beta 28
- Deal with standard HTTP server headers supplied by CGI scripts
- Set SCRIPT_FILENAME to accomodate new PHP versions
- Don't serve *.[Rr]edir files
- Don't log errors to access_log, even when using an error CGI
- Use setproctitle() when available instead of setprocname() hacks

Changes since 3.2 beta 27
- Document the use of SSL in 'man httpd' and include SSL-Makefile

Changes since 3.2 beta 26
- Undo change in beta 25 which would lead to different counters being
  used for 'path/' and 'path/index.html'
- Don't set PATH_INFO for files w/o additional info

Changes since 3.2 beta 25
- <!--#last-modified--> now looks at the original URL
- Original URL is kept in $ORIG_PATH_INFO and $ORIG_PATH_TRANSLATED
  and restored to $PATH_INFO and $PATH_TRANSLATED when appropriate,
  instead of overwriting with <!--#include--> or <!--#run-cgi--> filenames
- New SSI <!--#printenv--> which takes an optional argument (for debugging)
- SCRIPT_NAME would be wrong for a directory index with arguments

Changes since 3.2 beta 24
- Fix typo that caused PATH_TRANSLATED and friends to be unset

Changes since 3.2 beta 23
- Fix small portability issues: now runs again on IRIX, Solaris, etc.
- httpdc uses PidFile setting from httpd.conf

Changes since 3.2 beta 22
- Fixed error handling for root and non-existant users
- Start up with an empty environment
- OpenSSL support is now compiled in by default if it is available
  use './configure --without-ssl' if this this is not desired
- Use new style autoconf scripts

[oops, missed a lot of changes here]

Patch peters@stack.nl
- When nesting <virtual>, complain about nesting <virtual> instead of <users>
- Added support for Username and Groupname directives inside <virtual>

Changes since 3.1 beta 4
- Pragma: no-cache would be omitted when required and vice versa
- Use Extended CLF logging format by default

Changes since 3.1 beta 3
- Use SO_REUSEPORT instead of SO_REUSEADDR
- Be RFC2324 compatible... well, sortof...

Changes since 3.1 beta 2
- Hook up with a perl library (experimental)

Changes since 3.1 beta 1
- Add internal:404 for file types that should never be shown (includes)
- Compile cleanly under Darwin

Changes since 3.0 beta 13
- Add a third directory index fallback: index.php
- Allow multiple password retries
- Use general /cgi-bin/error when virtual host doesn't have it
- Don't allow virtual host "."
- Change to current directory before running CGI or PHP
- Allow setting character set (using .charset files)

Changes since 3.0 beta 12
- Fix a uid check

Changes since 3.0 beta 11
- Preserve QUERY_STRING in directory redirects
- Optionally switch to user id for virtual hosts
- Fix nph-scripts
- Fix nph-scripts in combination with SSL
- Append port number in HTTP_HOST even when MSIE is used
- Don't show files in group/world writable homedirs
- Don't expect the user to always give -s as first argument
- A good rewrite for SSL handling routines (credits to Marc Olzheim)
- Minor cleanups

Changes since 3.0 beta 10
- Optionally display virtual hosts with euid of dir owner
- Fix bug which might allow source access to global /cgi-bin files
- Started work on a decent configuration file
- Fix possible abort when EWOULDBLOCK occurs during CGI write
- Work around broken Linux libs when IPv6 is not available
- Never show contents of .noxs files
- Send compressed data only when the browser expects it
- Several minor fixes/cleanups

Changes since 3.0 beta 9
- Critical: check for valid Host: header before using $HTTP_HOST
  pointed out by Mark Huizer and Martijn van Buul
- Remove the obsolete '#include virtual' server-side include
- Allow relative paths in '#include-file' SSI
- Only use tolower(c) iff isupper(c): critical on 2.11BSD
- Collapse // and /./ in requested path, but not in $QUERY_STRING
- Several small bug-fixes

Changes since 3.0 beta 8
- Several portability patches (compiles even on Cygwin/MS Windows)
- Detect more "features" (now including the domainname ;)
- Include strptime() library when required
- Send compressed files with the proper Content-Encoding headers
- Re-introduce header parsing (using a static buffer)
- Several small bug-fixes (thanks to Rob Essink)

Changes since 3.0 beta 7
- Fix default port selection on systems without getaddrinfo()
- Added optional define BROKEN_GETNAMEINFO (no offline check yet)
- Replaced old MAXHOSTNAMELEN by NI_MAXHOST (self-defined if needed)
- Removed/rewritten all functions that require libnsl
- Include files named mystring.h and mygetopt.h to prevent recursion
- Several small bug-fixes (now compiles clean on Solaris and IRIX)

Changes since 3.0 beta 6
- Easy to configure and install (using ./configure)
- Support for server-side includes in CGI binaries
- Allowing arbitrary CGI headers
- Rewrite and improvement of IPv6 support
- Added command line -f option for binding to a single iface
- Many small bug- and security-fixes

