<!--toc--> |
|
### Version 1.0.4 |
|
_Released:_ 2013-06-24 |
|
Critical Bugs: |
|
- Added "Expires" to cookie expiration time handling that is supported by IE. |
|
Till now, cppcms cookies used max-age option, that IE does not recognize from this time and afterwards it would set both Expires and Max-Age options as all browsers that use Max-Age would ignore Expires if both given. |
|
New options that control the session cookie properties are added, see [expiration\_method](/wikipp/en/page/cppcms_1x_config#session.cookies.expiration_method) that would allow to alter the behavior and handle possible clock skew issues |
|
|
### Version 1.0.3 |
|
_Released:_ 2013-01-04 |
|
Security Bugs: |
|
- Fixed UTF-8 validation, some invalid sequences could be accepted as valid. |
|
Bugs: |
|
- Added missing header in `cppcms/http_context.h` |
- Fixed typo (ticket 3560932) |
|
### Version 1.0.2 |
|
_Released:_ 2012-08-14 |
|
Bugs: |
|
- Fixed incorrect HTML generation using `as_table` |
- Fixed build issues with latest ICU: 3540278 |
- Fixed some warnings in Boost.Locale |
- Fixed missing error report in case of running out of disk space in file upload: 3542469 |
- Fixed visual studio 11 build issues: 3527712,3527702 |
- Fixed problem with using automatic type detection in C++11 mode with gcc: 3537374 |
- Fixed bugs that made stackstream useless |
- Fixed build issues on Mac OS X: 3513865 |
- Fixed OpenSSL detection on Windows: 3515712 |
- Fixed incorrect scgi configuration for nginx in `cppcms_run` |
|
|
### Version 1.0.1 |
|
_Released:_ 2012-03-14 |
|
Bugs: |
|
- Fixed crash when using process-shared memory cache, when CppCMS compiled in Release mode with gcc 4.5 and 4.6. |
- Added support of CMake LIBDIR option to allow installation of libraries to lib64 instead of lib as required by Rad Had based distributions. |
|
|
|
### Version 1.0.0 |
|
_Released:_ 2012-02-26 |
|
Licensing: |
|
- CppCMS is now available alternative Commercial license. |
|
See: <http://commercial.cppcms.com> |
|
Bugs: |
|
- Workaround for a compiler problem that prevented building |
CppCMS on MSVC10 in Release mode. |
|
|
### Version 0.999.1 |
|
_Released:_ 2012-02-17 |
|
|
Security Bug Fixes: |
|
- Fixed a bug when calling `reset_session()` would not reset it when session content itself was not changed. |
- Fixed a bug that could cause infinite waiting when POST data contained incomplete |
multi-part data potentially causing DOS. |
|
|
Breaking Changes: |
|
The protocol between `cppcms_scale` and `cppcms` clients had changed, |
you can't use old `cppcms_scale` with newer versions of `cppcms` and vice versa. |
|
The protocol now uses absolute 64 bit time-stamp rather then relative one. |
|
New Features: |
|
- Many new unit tests implemented giving good test coverage for the CppCMS framework. |
- Added support of SCGI protocol to `cppcms_run` when using nginx web server. |
- Many examples added: Asynchronous I/O, Serialization, Templates Inheritance. Some examples updated to use modern API. |
|
|
Bug Fixes: |
|
- Fixed a bug that prevented "Keep-Alive" option to work with FastCGI protocol. |
- Session cookie was not delete on clear session call with server |
side session storage. |
- Fixed a bug that caused a session value to be unexposed what it was updated. |
- Fixed incorrect call of `view_builder` instead of `unsafe_view_builder` when |
unsefe option was given |
- Fixed status handling according to HTTP/CGI specifications in case of invalid POST input. |
- Fixed a bug when in certain situations sockets were not shutdown properly. |
- Added better error reporting when the content of invalid type was used during view rendering. |
- Fixed `cppcms_run` to setup nginx's `PATH_INFO` correctly according to the options available in the latest version. |
|
|
|
### Version 0.999.0 |
|
_Released:_ 2012-01-18 |
|
Policy Changes: |
|
- API Freeze, this release marks that no more |
backward incompatible changes would be done |
for CppCMS 1.x.x |
|
|
New Features: |
|
|
- Templates engine improvements: |
|
- Added template helpers support functions |
[`<% using ... %>`](http://art-blog.no-ip.info/wikipp/en/page/cppcms_1x_templates_comm#Views.Helpers) and |
[`<% render ... %>`](http://art-blog.no-ip.info/wikipp/en/page/cppcms_1x_templates_comm#Rendering.other.views) |
that allow using other views directly from the code and not just |
templates as it was done before. |
|
- Added new syntax |
|
<% form block foo %>...<% end %> |
|
as better alternative to: |
|
<% form begin foo %>...<% form end foo %> |
|
- Improved error messages in templates compiler such that it gives |
more clear errors in case of syntax error. |
|
- Changed semantics of `application::render` function such that it |
would not override an application that was assigned to the contend |
(if it was assigned at all) |
|
- `cppcms_scale` improvements: |
|
- Support of session storage in addition to cache storage now providing full |
scalability of CppCMS services. |
- Now it uses same configuration method as CppCMS process - JSON file with |
optional command line parameters. |
- `cppcms_scale` now can run as Unix deamon and as Windows service. |
|
- URL Mapper does not throws by default, but rather create an invalid URL making |
initial programming easier. |
|
The behavior can be reverted back by setting `misk.invalid_url_throws` option to true. |
|
- Added recursive `shared_mutex` support to booster. |
|
- Provided an experimental support of STLPort 5.2. |
|
|
|
|
### Version 0.99.11 |
|
_Released:_ 2011-12-23 |
|
New Features: |
|
- Fully refactored views loading and unloading code. The views interface now is documented, public and clear. |
|
- Documentation updates, now all public classes and functions have full Doxygen reference documentation. |
|
- Added multiple examples and created examples page in Doxygen reference documentation. New examples are: |
|
- JSON RPC |
- JSON RPC Chat |
- File Upload Example |
|
- Internal File Server Improvements: |
|
- Added support of simple URL rewriting |
- Reduced memory copying in sending files |
|
- Added support of dynamic session storage backend loading as plugins, implemented several |
session storage backends under `contrib` section: |
|
- Berkeley DB |
- Sqlite3 |
- CppDB with MySql and PostgreSQL servers |
|
- Removed dependency on pthreads-win32 under Windows 2000 and XP. |
|
- Improved JSON-RPC handling - reduced copying of json objects. |
|
- Added support of custom timezone for logging closing #3432220, changed default time zone in the log file |
to local time rather then GMT. |
|
- Added JavaScript JSON-RPC Client implementation under `contrib` section |
|
- Performance improvements in TCP Cahce Server. |
|
Bugs: |
|
- Fixed use of deprecated functions in examples, closing #3404317 |
- Spelling improvements, closing #3206151, thanks Augustin for the contribution. |
- Fixed TLS behavior such that TLS pointer destruction, still allows destruction of local objects |
- Fixed issue #3441849, Typo in `cppcms::http::context::complition_type`, now it is `cppcms::http::context::completion_type`, |
as correct spelling requires. |
- Fixed cosmetic issue #3460062 |
- Fix incorrect condition check in PCRE using |
- Fixed bug #3386163, setting `REMOTE_ADDR` behind HTTP Proxy feature was not working. |
- Lineup with Boost.Locale: |
|
- fixed problems with build with clang |
- fixed handing of invalid characters in `MultiByteToWideChar` API on windows |
|
### Version 0.99.10.1 |
|
_Released:_ 2011-10-19 |
|
It is a bug fix release that includes fixes for several critical bugs that could not wait for 0.99.11 version. |
|
Critical Bugs: |
|
- Fixed a bug that caused an infinite loop in `shared_ptr` counter on Windows platform when multi-core machines are used. |
- Fixed a bug that prevented from lock file to be created in demonetization process (regression in 0.99.10) |
- Fixed a bug that prevented CppCMS process to shutdown properly when running in prefork mode (regression in 0.99.10). |
- Fixed a bug that prevented from JSON-RPC notifications work properly. |
|
Other bugs: |
|
- Fixed typo (#3404317) |
- Fixed a race condition in access to socket that may occur in some situations on multi-core machines. |
- Fixed `booster::nowide::fstream` to follow open flags specifications properly in some cases. |
|
|
|
### Version 0.99.10 |
|
_Released:_ 2011-09-01 |
|
New Features: |
|
- New Cross Site Request Forgery prevention tools. |
- Many HTTP web server improvements, now built in HTTP web severer is fully useful not only for debugging but also for using on embedded platforms or running behind proxies: |
- Full support of timeouts on all stages |
- File server improvements: |
- Security improvements - in file serving - now it is useful for embedded platforms. |
- Full Unicode file names support under Windows (UTF-8). |
- Optional directory listing. |
- Support of directory aliases. |
- Support loading XSS profiles from file/json object making XSS filters configuration much easier and simpler. |
- Support of installing, uninstalling and running CppCMS as windows service. |
- New tool for generation of HMAC/AES keys `cppcms_make_key` |
- Support of numeric index and reverse iteration in foreach statement, closing issue #3111909 |
- Added deprecation warning of `<% var %>` templates format in flavor of `<%= var %>` and |
`form + widget` operator in flavor of `form.add(widget)` |
- Added workaround for sending full HTTP headers for broken SCGI connectors like IIS's one |
- Lineup with latest Boost.Locale - mostly bug fixes and tests improvements. |
|
|
Bugs: |
|
- a bug in json::value::is_null() incorrect answer. |
- XSS filter - prevent from relative URI filter to accidentally match absolute ones . |
|
|
### Version 0.99.9 |
|
_Released:_ 2011-08-10 |
|
New Features: |
|
- Clang is support provided, CppCMS was tested against |
Clang 2.8. |
|
Now CppCMS supports 5 families of C++ compilers: |
|
- GCC 3.4.x to 4.6.1 |
- Visual Studio 2005 - 2010 |
- Clang 2.8 |
- Intel 11 |
- Sun Studio 5.10 |
|
- Significant performance improvements in XSS filtering by |
rewriting URI validation using a C++ parser rather then |
using complex regular expression. |
|
Added support of fully custom validation for HTML |
attributes using callback functions in the XSS filter. |
|
- Significant performance improvements over multiple places |
in code by eliminating multiple memory allocations: |
|
- HTTP, SCGI and FastCGI backends - improved memory allocation |
for CGI variables. |
- Fetching values from JSON objects using get(...), |
find(...) APIs is now done with 0 memory allocation. |
- URL mapping is now done with 0 or very low memory allocation. |
- Various filters like `escape`, `urlencode` and some others |
now work with no or few memory allocations. |
|
- Performance improvements in caching by replacing |
the balanced binary tree by hash table in the |
primary cache key index. |
|
Breaking Changes: |
|
- `json::object` had changed from `std::map<std::string,value>` |
to `std::map<string_key,value>`. It should be fully |
transparent for almost all users. |
|
|
Bugs: |
|
- Fixed a crash in http::response when writing HTTP headers |
throws due for example to incorrect file permissions. |
- Fixed a bug in `booster::regex` that prevented some valid |
patterns to be matched against some regular expressions. |
- Fixed a bug that may prevent from `booster::regex` to work on |
big endian 64 bit platforms |
- Added initial support of Python3 for templates compiler. |
- Added a workaround for systems that use python3 by default. |
|
|
### Version 0.99.8 |
|
_Released:_ 2011-07-11 |
|
New Features: |
|
- Boost.Locale is updated to the latest version |
that is going to be merged into Boost svn tree. |
|
It includes some breaking changes: |
|
- Redesigned boundary analysis interface: |
|
Instead of using `mapping`, `token_iterator` |
and `break_iterator` new classes that |
provide same functionality introduced: |
|
`segment_index`, `boundary_point_index` |
and the elements that can be iterated |
`segment` and `boundary_point`. |
|
See: |
<http://cppcms.sourceforge.net/boost_locale/html/boundary_analysys.html> |
|
- Updated messages interface, now messages |
use same type of character for key and |
output message, i.e. |
|
std::wstring wh = translate(L"hello").str(); |
std::string h = translate( "hello").str(); |
|
Instead of |
|
std::wstring wh = translate("hello").str<wchar_t>(); |
std::string h = translate("hello").str<char>(); |
|
|
It allows to use non-US-ASCII keys transparently. |
|
- Update `date_time` interface to |
be more consistent with Boost.DateTime |
and Boost.Chrono. Operations are more |
type safe now. |
|
- Introduced support of SunStudio Compiler on |
OpenSolaris. |
|
- New nightly tests: Linux Armel and Solaris/SunStudio. |
|
|
Bugs: |
|
- Fixed bug that virtually disabled gzip |
compression in CppCMS 0.99.7 |
- Some compilation and testing fixes for older |
versions of Mac OS X/Darwin 8. |
|
Note Darwin 8 is not supported due to |
bugs in the standard C library, but there should |
be no problems with newer Mac OS X versions. |
- Fixes to support ICU 4.8 |
- Fixes to support gcc-4.6 and gcc-4.0 |
- Fixes to support Python 2.3.5 |
|
|
### Version 0.99.7 |
|
_Released:_ 2011-03-26 |
|
Security Bugs: |
|
- Fixed incorrect key parsing caused reduced entropy of AES and HMAC keys |
- Fixed incorrect HMAC key definition when using separate keys for CBC and MAC |
|
|
New Features: |
|
- URL Mapping - the opposite of URL Dispatching |
is created, now every URL can be easily abstracted |
from the physical URL, |
|
It allows creating hierarchies of applications |
and referring each other using named URL. |
|
- Caching system: |
|
- Added support of dependent triggers |
recording using cppcms::triggers_recorder class |
- Added cache support at templates level |
- Added "tee" filter for better caching support |
of HTML fragments |
|
- Template System |
|
- Provided basic unit-testing |
- Provided access too application that renders |
the view, giving basics for access to many features like |
sessions, cache and so on. |
- Added `<% url ... %>`, `<% cache ...%>`, `<% trigger ... %>` |
tags |
- Improved error reporting |
- Added `<%= variable | filters%>` style of rendering to allow |
override reserved words and variables |
|
- Updated Message Board example to use url mapping |
|
- Boost.Locale features: |
- Default locale is UTF-8 on windows |
- Support of Gregorian calendar for non-ICU backends |
- Support of checking if the time is in daylight savings time |
to the calendar |
- Performance optimization in formatting and collation |
|
- Redesigned booster::socket class, split into set of smaller |
classes according to their roles |
|
- Optimization for embedded builds adds support of removing of |
modules that may be not |
useful for embedded applications: |
|
- Cache storage, prefork storage, distributed cache storage |
- GZip compression |
|
- Support of graceful shutdown of fastcgi process by Apache on Windows |
using libfastcgi waiting style |
|
- Improved boost::thread api to support detach member function |
|
- Booster: support of timegm, making booster::ptime symmetric. |
|
|
Bugs: |
|
- Fixed bug #3177531 - invalid port/ip returned in CGI headers |
when using "list" of apis |
- Cleanup of set() property, make sure it is set to false only in cases |
where it is really needed, and turn it on by default on most widgets |
Fixing F.R. #3177317 |
- Changed warning level to -Wall -Wextra, warnings cleanup |
- Boost.Locale - workaround of ICU time zone detection bug |
- Fixed incorrect rendering of input form when pointer |
involved |
- Fixed issue with urandom device when running with limited user |
under Windows |
- Fixes of MSVC-2005 issues |
|
|
|
### Version 0.99.6 |
|
_Released:_ 2011-01-13 |
|
Security Bugs: |
|
- Fixed AES backend: invalid [redundancy test](http://art-blog.no-ip.info/cppcms/blog/post/74) |
- Fixed buffer overflow in urlencode for characters above 127. |
|
Bugs: |
|
- Fixed crash on attempt to use base64_urlencode filter. |
|
### Version 0.99.5 |
|
_Released:_ 2011-01-01 |
|
|
New Features: |
|
- New [XSS](http://en.wikipedia.org/wiki/Cross-site_scripting) |
Filer. It is very new |
and experimental feature. It allows to validate and filter |
the HTML input that comes from untrusted source to |
ensure that it does not include malicious code. |
This is very common case when we want to integrate |
in the applications tools like TinyMCS. |
|
It is based on white-list of tags and HTML attributes |
values that are allowed to be included. |
|
The filter and filtering rules can be found under |
[cppcms::xss](/cppcms_ref_v0_99/namespacecppcms_1_1xss.html) namespace. |
|
Currently XSS filter is used only on CppCMS's wiki. |
So you are welcome to try to bypass it |
editing the wiki's [Sandbox](http://art-blog.no-ip.info/wikipp/en/page/sandbox) |
and if you succeed please report me immediately. |
|
- Support Windows Vista/Windows 7 API. It allows to build CppCMS on |
Windows without pthreads-win32 library. |
|
Note: you need to use CMake's option: `-DUSE_WINDOWS6_API=ON` as |
by default CppCMS targeted for Windows XP and above. |
|
- Changed default number of worker threads to depend on |
number of physical CPUs |
|
Bugs: |
|
- Fixed incorrect mutex configuration that caused deadlocks |
in preforking mode |
- Some fixed in CMake scripts that caused libraries not being |
found in some situations. |
- Some fixes to allow CppCMS to work with uclibc |
- Fixed problem in URL dispatching to sub application that |
caused inability to redefine main function of them |
- Some bug fixes in response handling |
|
### Version 0.99.4 |
|
_Released:_ 2010-11-30 |
|
|
New Features: |
|
- Added support of OpenSSL as alternative to Gcrypt library for AES cookies encryption |
- Added support of strength options of AES and better selection of hash for HMAC. |
- Added support of recording and showing stack backtrace from thrown exceptions - for better debug-ability of the code. |
- Added support of daemonization - running as service under Unix, including options: switch to unprivileged user and `chroot`ing to specified directory. |
- Added support of reset\_session function in session\_interface that forces allocation of new session id - to be used for preventing session fixation. |
- Added support of suppression of error messages by default - the exception information is not shown by default to user. |
- Improved session ids generation security. |
- Improved performance of generation of random numbers under Windows |
- Improved Content-Type header handling |
|
Bug Fixes: |
|
- Fixed accidental crashes caused by dangling reference. |
- Fixed bug incorrect using of non-blocking sockets caused incomplete writes on long outputs |
- Fixed memory leak in AES encryption backend |
- Fixed incorrect handing of script name in HTTP server. |
- Fixed incorrect shutdown handling when working in prefork mode caused deadlock between parent and child on exit. |
- Fixed bug in booster::streambuf caused accidental character loss, added handing of putback. |
- Fixed incorrect error handing in http\_response class that could cause thread-pool to run out of threads. |
- Various platform related test fixes |
|
|
### Version 0.99.3 |
|
_Released:_ 2010-09-16 |
|
Security Bugs: |
|
- Bugfix of hmac backend: generation of signature with too small block size |
|
|
New Features: |
|
- New version of Boost.Locale |
- Added support of multiple hmac cookie signatures: |
|
Built in: hmac-md5, hmac-sha1 |
With libgcrypt: hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512 |
By default hmac now uses sha1 instead of less secure md5 |
|
|
Bugs: |
|
- Fixed memory leak in aes session encryptor |
- Fixed incorrect validation of UTF-8 encoding that could cause some illegal sequences to pass through. |
- Fixed missing attributes of some form widgets |
- Fixed incorrect code generation in templates in `foreach` loop |
- Fixed race condition when dispatch and context |
assignment may happen not simultaneously |
|
### Version 0.99.2 |
|
_Released:_ 2010-08-04 |
|
New Features: |
|
- Significant performance improvements in Booster.Aio |
- Significant performance improvment in FastCGI backend. |
- Added more examples |
|
|
Bugs: |
|
- Fixed response/status handling in synchronous and asynchronous API. |
- Fixed incorrect numbers handling in JSON. |
- Various platform related fixes. |
- Important bug fixes in file upload handling. |
|
|
### Version 0.99.1 |
|
_Released:_ 2010-06-24 |
|
- Full CppCMS core rewrite that introduced: |
- Asynchronous programming support |
- Removal of 3rd part libraries from the core api. |
- Stable API and ABI through all major releases. |
- Improved Ajax support with introduction of JSON-RPC |
- Powerful i18n and l10n |
- Native Windows support including support of MSVC. |
- And much more... |