On 16 Dec 2011, at 12:59 PM, Steffen wrote: > Was expecting that 2.3.16, as RC/latest beta, did not break that much > modules. With 2.3.x till 2.3.15 it was minor, in fact none here.
> Authors were planning to release new versions to support 2.4 GA, based on > testing 2.3.15 and no api changes in a Release Candidate. > > We must live with it, according the replies on my modsec example post here. The API rules are clear, when v2.4.0 is released, the API is cast in stone. Before that point, the API is subject to change. We are after the most stable server possible, when a bug exists in the API, that bug must be fixed. > Gregg reported here that the problems are the changes to the log_error hook > and remote_ip/remote_addr This is reported in the CHANGES file, which module authors should be keeping track of. In the server, we have gone from tracking just one remote IP address to tracking two - the IP address of the client directly connected to us, and the IP address of the useragent that initiated the request, which may be some hops away from us separated by caches, load balancer or proxies. In order to prevent subtle bugs appearing in modules because modules are looking at the wrong IP address, we are forcing module authors to make an explicit choice - does their module need the client IP or the useragent IP? Subtle bugs are bad. Regards, Graham --
