CppCMS - C++ Web Framework

Main  /  Edit  /  History  /   /  Users Area

Changelog for CppCMS 1.x.x

• • • Version 1.2.1
    • Version 1.2.0
    • Version 1.1.1
    • Version 1.1.0
    • Version 1.0.5
    • Version 1.0.4
    • Version 1.0.3
    • Version 1.0.2
    • Version 1.0.1
    • Version 1.0.0
    • Version 0.999.1
    • Version 0.999.0
    • Version 0.99.11
    • Version 0.99.10.1
    • Version 0.99.10
    • Version 0.99.9
    • Version 0.99.8
    • Version 0.99.7
    • Version 0.99.6
    • Version 0.99.5
    • Version 0.99.4
    • Version 0.99.3
    • Version 0.99.2
    • Version 0.99.1

Version 1.2.1

Released: 2018-05-18

Security Bug Fixes:

• Fixed security bug fix in JSON parser module that can lead to DOS

Bugs Fixed:

• Fixed issues #36 - building with GZIP disabled
• Fixed issue #150 - incorrect parsing of multipart form

Changes:

• By default CppCMS now uses OpenSSL instead of GNU-TLS if both available (you can change behavior back by adding -DDISABLE_OPENSSL=ON to cmake)

Special Thanks to Khaled Yakdan from code-intelligence.de for reporting this security issue

Version 1.2.0

Released: 2018-01-16

Now it is official stable version

Changes:

• License changed to MIT instead of LGPLv3

Version 1.1.1

Released: 2017-12-03

• Nightly build system updated to moderns OSes/compilers:

  1. Windows XP -> Windows 7
  2. MSVC 2008 x86 to MSVC 2017 x86/x65
  3. MinGW GCC 4.5 x86 -> 7.1 x86/x64
  4. OpenSolars 2009 to Solaris 11
  5. FreeBSD 10 -> FreeBSD 11.1
  6. Added travis.yml for Mac OS X builds

• Improved http timeouts handling on non Linux/Windows OSes.

• Fixed incorrect asynchronous IO handing in *cgi API.
• Added support of SOL_SNDBUF/SOL_RCVBUF to service configuration
• Fixed HTTP timeout handling on Solaris
• Fixed #24 failure to send large blocks asynchronously over FastCGI
• Fixied issue #21 Program produces 100% CPU load on one core - due to incorrect EOF handling
• Fixed icu backend test for ICU >= 60.1
• Fixed missing getenv(std::string const &) issue #16
• Fixed issues with codecvt generation FreeBSD/clang
• Use Windows Vista/7 API by defaults since XP reached EOL.
• Fixed incorrect async connect error handling
• Lineup with Boost.Locale 1.65
• Updated session interface for external languages and unit tests

Version 1.1.0

Released: 2017-07-11

Major release, see What's new in CppCMS 1.2.0

Version 1.0.5

Released: 2014-10-30

Bug Fixes:

• Fixed 121, 98 - bug caused invalid year formatting/parsing by icu backend - fixed incorrect use of year of the week instead year
• Fixed 122 - memory leak in Win32 threading library
• Fixed 105 - string_key.h has a bad operator '!='
• Fixed 119 - bad html formatting.
• Fixed 106 - IPv6 support on Winows
• Fixed 129 - cppcms_make_key - invalid option name
• Fixed 97 - impossible to use upper case in namespace in <% include %>
• Fixed 84 - 64K fd limit
• Fixed 108 - test_locale_boundary & booster_locale_formatting failure
• Fixed various issues libc++/clang support
• Significantly improved multipart parsing closing f.r. 27
• Removed reuse_address socket option use at Windows

Minor Security Improvements:

• Issue 117: possibility of Timing Attack Vulnerability

Platform Support:

• NetBSD is supported platform
• FreeBSD added support of POSIX locale & clang/libc++

Version 1.0.4

Released: 2013-06-24

Critical Bugs:

• Added "Expires" to cookie expiration time handling that is supported by IE.

  Prior to this release, cppcms session cookies used max-age option, that IE does not recognize. Starting from this release the session cookies would have both Expires and Max-Age options. All browsers that use Max-Age would ignore Expires if both given.

  New options that control the session cookie properties are added, see expiration_method that would allow to alter the behavior and handle possible clock skew issues

Version 1.0.3

Released: 2013-01-04

Security Bugs:

• Fixed UTF-8 validation, some invalid sequences could be accepted as valid.

Bugs:

• Added missing header in cppcms/http_context.h
• Fixed typo (ticket 3560932)

Version 1.0.2

Released: 2012-08-14

Bugs:

• Fixed incorrect HTML generation using as_table
• Fixed build issues with latest ICU: 3540278
• Fixed some warnings in Boost.Locale
• Fixed missing error report in case of running out of disk space in file upload: 3542469
• Fixed visual studio 11 build issues: 3527712,3527702
• Fixed problem with using automatic type detection in C++11 mode with gcc: 3537374
• Fixed bugs that made stackstream useless
• Fixed build issues on Mac OS X: 3513865
• Fixed OpenSSL detection on Windows: 3515712
• Fixed incorrect scgi configuration for nginx in cppcms_run

Version 1.0.1

Released: 2012-03-14

Bugs:

• Fixed crash when using process-shared memory cache, when CppCMS compiled in Release mode with gcc 4.5 and 4.6.
• Added support of CMake LIBDIR option to allow installation of libraries to lib64 instead of lib as required by Rad Had based distributions.

Version 1.0.0

Released: 2012-02-26

Licensing:

• CppCMS is now available alternative Commercial license.

  See: http://commercial.cppcms.com

Bugs:

• Workaround for a compiler problem that prevented building CppCMS on MSVC10 in Release mode.

Version 0.999.1

Released: 2012-02-17

Security Bug Fixes:

• Fixed a bug when calling reset_session() would not reset it when session content itself was not changed.
• Fixed a bug that could cause infinite waiting when POST data contained incomplete multi-part data potentially causing DOS.

Breaking Changes:

The protocol between cppcms_scale and cppcms clients had changed, you can't use old cppcms_scale with newer versions of cppcms and vice versa.

The protocol now uses absolute 64 bit time-stamp rather then relative one.

New Features:

• Many new unit tests implemented giving good test coverage for the CppCMS framework.
• Added support of SCGI protocol to cppcms_run when using nginx web server.
• Many examples added: Asynchronous I/O, Serialization, Templates Inheritance. Some examples updated to use modern API.

Bug Fixes:

• Fixed a bug that prevented "Keep-Alive" option to work with FastCGI protocol.
• Session cookie was not delete on clear session call with server side session storage.
• Fixed a bug that caused a session value to be unexposed what it was updated.
• Fixed incorrect call of view_builder instead of unsafe_view_builder when unsefe option was given
• Fixed status handling according to HTTP/CGI specifications in case of invalid POST input.
• Fixed a bug when in certain situations sockets were not shutdown properly.
• Added better error reporting when the content of invalid type was used during view rendering.
• Fixed cppcms_run to setup nginx's PATH_INFO correctly according to the options available in the latest version.

Version 0.999.0

Released: 2012-01-18

Policy Changes:

• API Freeze, this release marks that no more backward incompatible changes would be done for CppCMS 1.x.x

New Features:

• Templates engine improvements:

  • Added template helpers support functions <% using ... %> and <% render ... %> that allow using other views directly from the code and not just templates as it was done before.

  • Added new syntax

    <% form block foo %>...<% end %> 
    

    as better alternative to:

    <% form begin foo %>...<% form end foo %>
    

  • Improved error messages in templates compiler such that it gives more clear errors in case of syntax error.

  • Changed semantics of application::render function such that it would not override an application that was assigned to the contend (if it was assigned at all)

• cppcms_scale improvements:

  • Support of session storage in addition to cache storage now providing full scalability of CppCMS services.
  • Now it uses same configuration method as CppCMS process - JSON file with optional command line parameters.
  • cppcms_scale now can run as Unix deamon and as Windows service.

• URL Mapper does not throws by default, but rather create an invalid URL making initial programming easier.

  The behavior can be reverted back by setting misk.invalid_url_throws option to true.

• Added recursive shared_mutex support to booster.

• Provided an experimental support of STLPort 5.2.

Version 0.99.11

Released: 2011-12-23

New Features:

• Fully refactored views loading and unloading code. The views interface now is documented, public and clear.

• Documentation updates, now all public classes and functions have full Doxygen reference documentation.

• Added multiple examples and created examples page in Doxygen reference documentation. New examples are:

  • JSON RPC
  • JSON RPC Chat
  • File Upload Example

• Internal File Server Improvements:

  • Added support of simple URL rewriting
  • Reduced memory copying in sending files

• Added support of dynamic session storage backend loading as plugins, implemented several session storage backends under contrib section:

  • Berkeley DB
  • Sqlite3
  • CppDB with MySql and PostgreSQL servers

• Removed dependency on pthreads-win32 under Windows 2000 and XP.

• Improved JSON-RPC handling - reduced copying of json objects.

• Added support of custom timezone for logging closing #3432220, changed default time zone in the log file to local time rather then GMT.

• Added JavaScript JSON-RPC Client implementation under contrib section

• Performance improvements in TCP Cahce Server.

Bugs:

• Fixed use of deprecated functions in examples, closing #3404317
• Spelling improvements, closing #3206151, thanks Augustin for the contribution.
• Fixed TLS behavior such that TLS pointer destruction, still allows destruction of local objects
• Fixed issue #3441849, Typo in cppcms::http::context::complition_type, now it is cppcms::http::context::completion_type, as correct spelling requires.
• Fixed cosmetic issue #3460062
• Fix incorrect condition check in PCRE using
• Fixed bug #3386163, setting REMOTE_ADDR behind HTTP Proxy feature was not working.

• Lineup with Boost.Locale:

  • fixed problems with build with clang
  • fixed handing of invalid characters in MultiByteToWideChar API on windows

Version 0.99.10.1

Released: 2011-10-19

It is a bug fix release that includes fixes for several critical bugs that could not wait for 0.99.11 version.

Critical Bugs:

• Fixed a bug that caused an infinite loop in shared_ptr counter on Windows platform when multi-core machines are used.
• Fixed a bug that prevented from lock file to be created in demonetization process (regression in 0.99.10)
• Fixed a bug that prevented CppCMS process to shutdown properly when running in prefork mode (regression in 0.99.10).
• Fixed a bug that prevented from JSON-RPC notifications work properly.

Other bugs:

• Fixed typo (#3404317)
• Fixed a race condition in access to socket that may occur in some situations on multi-core machines.
• Fixed booster::nowide::fstream to follow open flags specifications properly in some cases.

Version 0.99.10

Released: 2011-09-01

New Features:

• New Cross Site Request Forgery prevention tools.
• Many HTTP web server improvements, now built in HTTP web severer is fully useful not only for debugging but also for using on embedded platforms or running behind proxies:
  • Full support of timeouts on all stages
  • File server improvements:
    • Security improvements - in file serving - now it is useful for embedded platforms.
    • Full Unicode file names support under Windows (UTF-8).
    • Optional directory listing.
    • Support of directory aliases.
• Support loading XSS profiles from file/json object making XSS filters configuration much easier and simpler.
• Support of installing, uninstalling and running CppCMS as windows service.
• New tool for generation of HMAC/AES keys cppcms_make_key
• Support of numeric index and reverse iteration in foreach statement, closing issue #3111909
• Added deprecation warning of <% var %> templates format in flavor of <%= var %> and form + widget operator in flavor of form.add(widget)
• Added workaround for sending full HTTP headers for broken SCGI connectors like IIS's one
• Lineup with latest Boost.Locale - mostly bug fixes and tests improvements.

Bugs:

• a bug in json::value::is_null() incorrect answer.
• XSS filter - prevent from relative URI filter to accidentally match absolute ones .

Version 0.99.9

Released: 2011-08-10

New Features:

• Clang is support provided, CppCMS was tested against Clang 2.8.

  Now CppCMS supports 5 families of C++ compilers:

  • GCC 3.4.x to 4.6.1
  • Visual Studio 2005 - 2010
  • Clang 2.8
  • Intel 11
  • Sun Studio 5.10

• Significant performance improvements in XSS filtering by rewriting URI validation using a C++ parser rather then using complex regular expression.

  Added support of fully custom validation for HTML attributes using callback functions in the XSS filter.

• Significant performance improvements over multiple places in code by eliminating multiple memory allocations:

  • HTTP, SCGI and FastCGI backends - improved memory allocation for CGI variables.
  • Fetching values from JSON objects using get(...), find(...) APIs is now done with 0 memory allocation.
  • URL mapping is now done with 0 or very low memory allocation.
  • Various filters like escape, urlencode and some others now work with no or few memory allocations.

• Performance improvements in caching by replacing the balanced binary tree by hash table in the primary cache key index.

Breaking Changes:

• json::object had changed from std::map<std::string,value> to std::map<string_key,value>. It should be fully transparent for almost all users.

Bugs:

• Fixed a crash in http::response when writing HTTP headers throws due for example to incorrect file permissions.
• Fixed a bug in booster::regex that prevented some valid patterns to be matched against some regular expressions.
• Fixed a bug that may prevent from booster::regex to work on big endian 64 bit platforms
• Added initial support of Python3 for templates compiler.
• Added a workaround for systems that use python3 by default.

Version 0.99.8

Released: 2011-07-11

New Features:

• Boost.Locale is updated to the latest version that is going to be merged into Boost svn tree.

  It includes some breaking changes:

  • Redesigned boundary analysis interface:

    Instead of using mapping, token_iterator and break_iterator new classes that provide same functionality introduced:

    segment_index, boundary_point_index and the elements that can be iterated segment and boundary_point.

    See: http://cppcms.sourceforge.net/boost_locale/html/boundary_analysys.html

  • Updated messages interface, now messages use same type of character for key and output message, i.e.

      std::wstring wh = translate(L"hello").str();
      std::string   h = translate( "hello").str();
    

    Instead of

      std::wstring wh = translate("hello").str<wchar_t>();
      std::string   h = translate("hello").str<char>();
    

    It allows to use non-US-ASCII keys transparently.

  • Update date_time interface to be more consistent with Boost.DateTime and Boost.Chrono. Operations are more type safe now.

• Introduced support of SunStudio Compiler on OpenSolaris.

• New nightly tests: Linux Armel and Solaris/SunStudio.

Bugs:

• Fixed bug that virtually disabled gzip compression in CppCMS 0.99.7

• Some compilation and testing fixes for older versions of Mac OS X/Darwin 8.

  Note Darwin 8 is not supported due to bugs in the standard C library, but there should be no problems with newer Mac OS X versions.

• Fixes to support ICU 4.8
• Fixes to support gcc-4.6 and gcc-4.0
• Fixes to support Python 2.3.5

Version 0.99.7

Released: 2011-03-26

Security Bugs:

• Fixed incorrect key parsing caused reduced entropy of AES and HMAC keys
• Fixed incorrect HMAC key definition when using separate keys for CBC and MAC

New Features:

• URL Mapping - the opposite of URL Dispatching is created, now every URL can be easily abstracted from the physical URL,

  It allows creating hierarchies of applications and referring each other using named URL.

• Caching system:

  • Added support of dependent triggers recording using cppcms::triggers_recorder class
  • Added cache support at templates level
  • Added "tee" filter for better caching support of HTML fragments

• Template System

  • Provided basic unit-testing
  • Provided access too application that renders the view, giving basics for access to many features like sessions, cache and so on.
  • Added <% url ... %>, <% cache ...%>, <% trigger ... %> tags
  • Improved error reporting
  • Added <%= variable | filters%> style of rendering to allow override reserved words and variables

• Updated Message Board example to use url mapping

• Boost.Locale features:

  • Default locale is UTF-8 on windows
  • Support of Gregorian calendar for non-ICU backends
  • Support of checking if the time is in daylight savings time to the calendar
  • Performance optimization in formatting and collation

• Redesigned booster::socket class, split into set of smaller classes according to their roles

• Optimization for embedded builds adds support of removing of modules that may be not useful for embedded applications:

  • Cache storage, prefork storage, distributed cache storage
  • GZip compression

• Support of graceful shutdown of fastcgi process by Apache on Windows using libfastcgi waiting style

• Improved boost::thread api to support detach member function

• Booster: support of timegm, making booster::ptime symmetric.

Bugs:

• Fixed bug #3177531 - invalid port/ip returned in CGI headers when using "list" of apis
• Cleanup of set() property, make sure it is set to false only in cases where it is really needed, and turn it on by default on most widgets Fixing F.R. #3177317
• Changed warning level to -Wall -Wextra, warnings cleanup
• Boost.Locale - workaround of ICU time zone detection bug
• Fixed incorrect rendering of input form when pointer involved
• Fixed issue with urandom device when running with limited user under Windows
• Fixes of MSVC-2005 issues

Version 0.99.6

Released: 2011-01-13

Security Bugs:

• Fixed AES backend: invalid redundancy test
• Fixed buffer overflow in urlencode for characters above 127.

Bugs:

• Fixed crash on attempt to use base64_urlencode filter.

Version 0.99.5

Released: 2011-01-01

New Features:

• New XSS Filer. It is very new and experimental feature. It allows to validate and filter the HTML input that comes from untrusted source to ensure that it does not include malicious code. This is very common case when we want to integrate in the applications tools like TinyMCS.

  It is based on white-list of tags and HTML attributes values that are allowed to be included.

  The filter and filtering rules can be found under cppcms::xss namespace.

  Currently XSS filter is used only on CppCMS's wiki. So you are welcome to try to bypass it editing the wiki's Sandbox and if you succeed please report me immediately.

• Support Windows Vista/Windows 7 API. It allows to build CppCMS on Windows without pthreads-win32 library.

  Note: you need to use CMake's option: -DUSE_WINDOWS6_API=ON as by default CppCMS targeted for Windows XP and above.

• Changed default number of worker threads to depend on number of physical CPUs

Bugs:

• Fixed incorrect mutex configuration that caused deadlocks in preforking mode
• Some fixed in CMake scripts that caused libraries not being found in some situations.
• Some fixes to allow CppCMS to work with uclibc
• Fixed problem in URL dispatching to sub application that caused inability to redefine main function of them
• Some bug fixes in response handling

Version 0.99.4

Released: 2010-11-30

New Features:

• Added support of OpenSSL as alternative to Gcrypt library for AES cookies encryption
• Added support of strength options of AES and better selection of hash for HMAC.
• Added support of recording and showing stack backtrace from thrown exceptions - for better debug-ability of the code.
• Added support of daemonization - running as service under Unix, including options: switch to unprivileged user and chrooting to specified directory.
• Added support of reset_session function in session_interface that forces allocation of new session id - to be used for preventing session fixation.
• Added support of suppression of error messages by default - the exception information is not shown by default to user.
• Improved session ids generation security.
• Improved performance of generation of random numbers under Windows
• Improved Content-Type header handling

Bug Fixes:

• Fixed accidental crashes caused by dangling reference.
• Fixed bug incorrect using of non-blocking sockets caused incomplete writes on long outputs
• Fixed memory leak in AES encryption backend
• Fixed incorrect handing of script name in HTTP server.
• Fixed incorrect shutdown handling when working in prefork mode caused deadlock between parent and child on exit.
• Fixed bug in booster::streambuf caused accidental character loss, added handing of putback.
• Fixed incorrect error handing in http_response class that could cause thread-pool to run out of threads.
• Various platform related test fixes

Version 0.99.3

Released: 2010-09-16

Security Bugs:

• Bugfix of hmac backend: generation of signature with too small block size

New Features:

• New version of Boost.Locale

• Added support of multiple hmac cookie signatures:

  Built in: hmac-md5, hmac-sha1
  With libgcrypt: hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512
  By default hmac now uses sha1 instead of less secure md5

Bugs:

• Fixed memory leak in aes session encryptor
• Fixed incorrect validation of UTF-8 encoding that could cause some illegal sequences to pass through.
• Fixed missing attributes of some form widgets
• Fixed incorrect code generation in templates in foreach loop
• Fixed race condition when dispatch and context assignment may happen not simultaneously

Version 0.99.2

Released: 2010-08-04

New Features:

• Significant performance improvements in Booster.Aio
• Significant performance improvment in FastCGI backend.
• Added more examples

Bugs:

• Fixed response/status handling in synchronous and asynchronous API.
• Fixed incorrect numbers handling in JSON.
• Various platform related fixes.
• Important bug fixes in file upload handling.

Version 0.99.1

Released: 2010-06-24

• Full CppCMS core rewrite that introduced:
  • Asynchronous programming support
  • Removal of 3rd part libraries from the core api.
  • Stable API and ABI through all major releases.
• Improved Ajax support with introduction of JSON-RPC
• Powerful i18n and l10n
• Native Windows support including support of MSVC.
• And much more...

---

← Supported Compilers and Platforms | Top | CppCMS versioning scheme →

About

CppCMS is a web development framework for performance demanding applications.

Support This Project

---

Navigation

• Index
• Changes

Main Page

• English
• Русский
• עברית

---

---

Valid CSS | Valid XHTML 1.0