Main  /  Edit version 25  /  Edit version 26  /   /  Users Area

Difference "Changelog for CppCMS 1.x.x" ver. 25 versus ver. 26

Content:

<!--toc-->
### Version 1.1.0
_Released:_ 2017-07-11
Major release, see [What's new in CppCMS 1.2.0](/wikipp/en/page/cppcms_1_2_whats_new)
### Version 1.0.5
_Released:_ 2014-10-30
Bug Fixes:
- Fixed 121, 98 - bug caused invalid year formatting/parsing by icu backend - fixed incorrect use of year of the week instead year
- Fixed 122 - memory leak in Win32 threading library
- Fixed 105 - string_key.h has a bad operator '!='
- Fixed 119 - bad html formatting.
- Fixed 106 - IPv6 support on Winows
- Fixed 129 - cppcms_make_key - invalid option name
- Fixed 97 - impossible to use upper case in namespace in `<% include %>`
- Fixed 84 - 64K fd limit
- Fixed 108 - test_locale_boundary & booster_locale_formatting failure
- Fixed various issues libc++/clang support
- Significantly improved multipart parsing closing f.r. 27
- Removed reuse_address socket option use at Windows
Minor Security Improvements:
- Issue 117: possibility of Timing Attack Vulnerability
Platform Support:
- NetBSD is supported platform
- FreeBSD added support of POSIX locale & clang/libc++
### Version 1.0.4
_Released:_ 2013-06-24
Critical Bugs:
- Added "Expires" to cookie expiration time handling that is supported by IE.
Prior to this release, cppcms session cookies used max-age option, that IE does not recognize. Starting from this release the session cookies would have both Expires and Max-Age options. All browsers that use Max-Age would ignore Expires if both given.
New options that control the session cookie properties are added, see [expiration\_method](/wikipp/en/page/cppcms_1x_config#session.cookies.expiration_method) that would allow to alter the behavior and handle possible clock skew issues
### Version 1.0.3
_Released:_ 2013-01-04
Security Bugs:
- Fixed UTF-8 validation, some invalid sequences could be accepted as valid.
Bugs:
- Added missing header in `cppcms/http_context.h`
- Fixed typo (ticket 3560932)
### Version 1.0.2
_Released:_ 2012-08-14
Bugs:
- Fixed incorrect HTML generation using `as_table`
- Fixed build issues with latest ICU: 3540278
- Fixed some warnings in Boost.Locale
- Fixed missing error report in case of running out of disk space in file upload: 3542469
- Fixed visual studio 11 build issues: 3527712,3527702
- Fixed problem with using automatic type detection in C++11 mode with gcc: 3537374
- Fixed bugs that made stackstream useless
- Fixed build issues on Mac OS X: 3513865
- Fixed OpenSSL detection on Windows: 3515712
- Fixed incorrect scgi configuration for nginx in `cppcms_run`
### Version 1.0.1
_Released:_ 2012-03-14
Bugs:
- Fixed crash when using process-shared memory cache, when CppCMS compiled in Release mode with gcc 4.5 and 4.6.
- Added support of CMake LIBDIR option to allow installation of libraries to lib64 instead of lib as required by Rad Had based distributions.
### Version 1.0.0
_Released:_ 2012-02-26
Licensing:
- CppCMS is now available alternative Commercial license.
See: <http://commercial.cppcms.com>
Bugs:
- Workaround for a compiler problem that prevented building
CppCMS on MSVC10 in Release mode.
### Version 0.999.1
_Released:_ 2012-02-17
Security Bug Fixes:
- Fixed a bug when calling `reset_session()` would not reset it when session content itself was not changed.
- Fixed a bug that could cause infinite waiting when POST data contained incomplete
multi-part data potentially causing DOS.
Breaking Changes:
The protocol between `cppcms_scale` and `cppcms` clients had changed,
you can't use old `cppcms_scale` with newer versions of `cppcms` and vice versa.
The protocol now uses absolute 64 bit time-stamp rather then relative one.
New Features:
- Many new unit tests implemented giving good test coverage for the CppCMS framework.
- Added support of SCGI protocol to `cppcms_run` when using nginx web server.
- Many examples added: Asynchronous I/O, Serialization, Templates Inheritance. Some examples updated to use modern API.
Bug Fixes:
- Fixed a bug that prevented "Keep-Alive" option to work with FastCGI protocol.
- Session cookie was not delete on clear session call with server
side session storage.
- Fixed a bug that caused a session value to be unexposed what it was updated.
- Fixed incorrect call of `view_builder` instead of `unsafe_view_builder` when
unsefe option was given
- Fixed status handling according to HTTP/CGI specifications in case of invalid POST input.
- Fixed a bug when in certain situations sockets were not shutdown properly.
- Added better error reporting when the content of invalid type was used during view rendering.
- Fixed `cppcms_run` to setup nginx's `PATH_INFO` correctly according to the options available in the latest version.
### Version 0.999.0
_Released:_ 2012-01-18
Policy Changes:
- API Freeze, this release marks that no more
backward incompatible changes would be done
for CppCMS 1.x.x
New Features:
- Templates engine improvements:
- Added template helpers support functions
[`<% using ... %>`](http://art-blog.no-ip.info/wikipp/en/page/cppcms_1x_templates_comm#Views.Helpers) and
[`<% render ... %>`](http://art-blog.no-ip.info/wikipp/en/page/cppcms_1x_templates_comm#Rendering.other.views)
that allow using other views directly from the code and not just
templates as it was done before.
- Added new syntax
<% form block foo %>...<% end %>
as better alternative to:
<% form begin foo %>...<% form end foo %>
- Improved error messages in templates compiler such that it gives
more clear errors in case of syntax error.
- Changed semantics of `application::render` function such that it
would not override an application that was assigned to the contend
(if it was assigned at all)
- `cppcms_scale` improvements:
- Support of session storage in addition to cache storage now providing full
scalability of CppCMS services.
- Now it uses same configuration method as CppCMS process - JSON file with
optional command line parameters.
- `cppcms_scale` now can run as Unix deamon and as Windows service.
- URL Mapper does not throws by default, but rather create an invalid URL making
initial programming easier.
The behavior can be reverted back by setting `misk.invalid_url_throws` option to true.
- Added recursive `shared_mutex` support to booster.
- Provided an experimental support of STLPort 5.2.
### Version 0.99.11
_Released:_ 2011-12-23
New Features:
- Fully refactored views loading and unloading code. The views interface now is documented, public and clear.
- Documentation updates, now all public classes and functions have full Doxygen reference documentation.
- Added multiple examples and created examples page in Doxygen reference documentation. New examples are:
- JSON RPC
- JSON RPC Chat
- File Upload Example
- Internal File Server Improvements:
- Added support of simple URL rewriting
- Reduced memory copying in sending files
- Added support of dynamic session storage backend loading as plugins, implemented several
session storage backends under `contrib` section:
- Berkeley DB
- Sqlite3
- CppDB with MySql and PostgreSQL servers
- Removed dependency on pthreads-win32 under Windows 2000 and XP.
- Improved JSON-RPC handling - reduced copying of json objects.
- Added support of custom timezone for logging closing #3432220, changed default time zone in the log file
to local time rather then GMT.
- Added JavaScript JSON-RPC Client implementation under `contrib` section
- Performance improvements in TCP Cahce Server.
Bugs:
- Fixed use of deprecated functions in examples, closing #3404317
- Spelling improvements, closing #3206151, thanks Augustin for the contribution.
- Fixed TLS behavior such that TLS pointer destruction, still allows destruction of local objects
- Fixed issue #3441849, Typo in `cppcms::http::context::complition_type`, now it is `cppcms::http::context::completion_type`,
as correct spelling requires.
- Fixed cosmetic issue #3460062
- Fix incorrect condition check in PCRE using
- Fixed bug #3386163, setting `REMOTE_ADDR` behind HTTP Proxy feature was not working.
- Lineup with Boost.Locale:
- fixed problems with build with clang
- fixed handing of invalid characters in `MultiByteToWideChar` API on windows
### Version 0.99.10.1
_Released:_ 2011-10-19
It is a bug fix release that includes fixes for several critical bugs that could not wait for 0.99.11 version.
Critical Bugs:
- Fixed a bug that caused an infinite loop in `shared_ptr` counter on Windows platform when multi-core machines are used.
- Fixed a bug that prevented from lock file to be created in demonetization process (regression in 0.99.10)
- Fixed a bug that prevented CppCMS process to shutdown properly when running in prefork mode (regression in 0.99.10).
- Fixed a bug that prevented from JSON-RPC notifications work properly.
Other bugs:
- Fixed typo (#3404317)
- Fixed a race condition in access to socket that may occur in some situations on multi-core machines.
- Fixed `booster::nowide::fstream` to follow open flags specifications properly in some cases.
### Version 0.99.10
_Released:_ 2011-09-01
New Features:
- New Cross Site Request Forgery prevention tools.
- Many HTTP web server improvements, now built in HTTP web severer is fully useful not only for debugging but also for using on embedded platforms or running behind proxies:
- Full support of timeouts on all stages
- File server improvements:
- Security improvements - in file serving - now it is useful for embedded platforms.
- Full Unicode file names support under Windows (UTF-8).
- Optional directory listing.
- Support of directory aliases.
- Support loading XSS profiles from file/json object making XSS filters configuration much easier and simpler.
- Support of installing, uninstalling and running CppCMS as windows service.
- New tool for generation of HMAC/AES keys `cppcms_make_key`
- Support of numeric index and reverse iteration in foreach statement, closing issue #3111909
- Added deprecation warning of `<% var %>` templates format in flavor of `<%= var %>` and
`form + widget` operator in flavor of `form.add(widget)`
- Added workaround for sending full HTTP headers for broken SCGI connectors like IIS's one
- Lineup with latest Boost.Locale - mostly bug fixes and tests improvements.
Bugs:
- a bug in json::value::is_null() incorrect answer.
- XSS filter - prevent from relative URI filter to accidentally match absolute ones .
### Version 0.99.9
_Released:_ 2011-08-10
New Features:
- Clang is support provided, CppCMS was tested against
Clang 2.8.
Now CppCMS supports 5 families of C++ compilers:
- GCC 3.4.x to 4.6.1
- Visual Studio 2005 - 2010
- Clang 2.8
- Intel 11
- Sun Studio 5.10
- Significant performance improvements in XSS filtering by
rewriting URI validation using a C++ parser rather then
using complex regular expression.
Added support of fully custom validation for HTML
attributes using callback functions in the XSS filter.
- Significant performance improvements over multiple places
in code by eliminating multiple memory allocations:
- HTTP, SCGI and FastCGI backends - improved memory allocation
for CGI variables.
- Fetching values from JSON objects using get(...),
find(...) APIs is now done with 0 memory allocation.
- URL mapping is now done with 0 or very low memory allocation.
- Various filters like `escape`, `urlencode` and some others
now work with no or few memory allocations.
- Performance improvements in caching by replacing
the balanced binary tree by hash table in the
primary cache key index.
Breaking Changes:
- `json::object` had changed from `std::map<std::string,value>`
to `std::map<string_key,value>`. It should be fully
transparent for almost all users.
Bugs:
- Fixed a crash in http::response when writing HTTP headers
throws due for example to incorrect file permissions.
- Fixed a bug in `booster::regex` that prevented some valid
patterns to be matched against some regular expressions.
- Fixed a bug that may prevent from `booster::regex` to work on
big endian 64 bit platforms
- Added initial support of Python3 for templates compiler.
- Added a workaround for systems that use python3 by default.
### Version 0.99.8
_Released:_ 2011-07-11
New Features:
- Boost.Locale is updated to the latest version
that is going to be merged into Boost svn tree.
It includes some breaking changes:
- Redesigned boundary analysis interface:
Instead of using `mapping`, `token_iterator`
and `break_iterator` new classes that
provide same functionality introduced:
`segment_index`, `boundary_point_index`
and the elements that can be iterated
`segment` and `boundary_point`.
See:
<http://cppcms.sourceforge.net/boost_locale/html/boundary_analysys.html>
- Updated messages interface, now messages
use same type of character for key and
output message, i.e.
std::wstring wh = translate(L"hello").str();
std::string h = translate( "hello").str();
Instead of
std::wstring wh = translate("hello").str<wchar_t>();
std::string h = translate("hello").str<char>();
It allows to use non-US-ASCII keys transparently.
- Update `date_time` interface to
be more consistent with Boost.DateTime
and Boost.Chrono. Operations are more
type safe now.
- Introduced support of SunStudio Compiler on
OpenSolaris.
- New nightly tests: Linux Armel and Solaris/SunStudio.
Bugs:
- Fixed bug that virtually disabled gzip
compression in CppCMS 0.99.7
- Some compilation and testing fixes for older
versions of Mac OS X/Darwin 8.
Note Darwin 8 is not supported due to
bugs in the standard C library, but there should
be no problems with newer Mac OS X versions.
- Fixes to support ICU 4.8
- Fixes to support gcc-4.6 and gcc-4.0
- Fixes to support Python 2.3.5
### Version 0.99.7
_Released:_ 2011-03-26
Security Bugs:
- Fixed incorrect key parsing caused reduced entropy of AES and HMAC keys
- Fixed incorrect HMAC key definition when using separate keys for CBC and MAC
New Features:
- URL Mapping - the opposite of URL Dispatching
is created, now every URL can be easily abstracted
from the physical URL,
It allows creating hierarchies of applications
and referring each other using named URL.
- Caching system:
- Added support of dependent triggers
recording using cppcms::triggers_recorder class
- Added cache support at templates level
- Added "tee" filter for better caching support
of HTML fragments
- Template System
- Provided basic unit-testing
- Provided access too application that renders
the view, giving basics for access to many features like
sessions, cache and so on.
- Added `<% url ... %>`, `<% cache ...%>`, `<% trigger ... %>`
tags
- Improved error reporting
- Added `<%= variable | filters%>` style of rendering to allow
override reserved words and variables
- Updated Message Board example to use url mapping
- Boost.Locale features:
- Default locale is UTF-8 on windows
- Support of Gregorian calendar for non-ICU backends
- Support of checking if the time is in daylight savings time
to the calendar
- Performance optimization in formatting and collation
- Redesigned booster::socket class, split into set of smaller
classes according to their roles
- Optimization for embedded builds adds support of removing of
modules that may be not
useful for embedded applications:
- Cache storage, prefork storage, distributed cache storage
- GZip compression
- Support of graceful shutdown of fastcgi process by Apache on Windows
using libfastcgi waiting style
- Improved boost::thread api to support detach member function
- Booster: support of timegm, making booster::ptime symmetric.
Bugs:
- Fixed bug #3177531 - invalid port/ip returned in CGI headers
when using "list" of apis
- Cleanup of set() property, make sure it is set to false only in cases
where it is really needed, and turn it on by default on most widgets
Fixing F.R. #3177317
- Changed warning level to -Wall -Wextra, warnings cleanup
- Boost.Locale - workaround of ICU time zone detection bug
- Fixed incorrect rendering of input form when pointer
involved
- Fixed issue with urandom device when running with limited user
under Windows
- Fixes of MSVC-2005 issues
### Version 0.99.6
_Released:_ 2011-01-13
Security Bugs:
- Fixed AES backend: invalid [redundancy test](http://art-blog.no-ip.info/cppcms/blog/post/74)
- Fixed buffer overflow in urlencode for characters above 127.
Bugs:
- Fixed crash on attempt to use base64_urlencode filter.
### Version 0.99.5
_Released:_ 2011-01-01
New Features:
- New [XSS](http://en.wikipedia.org/wiki/Cross-site_scripting)
Filer. It is very new
and experimental feature. It allows to validate and filter
the HTML input that comes from untrusted source to
ensure that it does not include malicious code.
This is very common case when we want to integrate
in the applications tools like TinyMCS.
It is based on white-list of tags and HTML attributes
values that are allowed to be included.
The filter and filtering rules can be found under
[cppcms::xss](/cppcms_ref_v0_99/namespacecppcms_1_1xss.html) namespace.
Currently XSS filter is used only on CppCMS's wiki.
So you are welcome to try to bypass it
editing the wiki's [Sandbox](http://art-blog.no-ip.info/wikipp/en/page/sandbox)
and if you succeed please report me immediately.
- Support Windows Vista/Windows 7 API. It allows to build CppCMS on
Windows without pthreads-win32 library.
Note: you need to use CMake's option: `-DUSE_WINDOWS6_API=ON` as
by default CppCMS targeted for Windows XP and above.
- Changed default number of worker threads to depend on
number of physical CPUs
Bugs:
- Fixed incorrect mutex configuration that caused deadlocks
in preforking mode
- Some fixed in CMake scripts that caused libraries not being
found in some situations.
- Some fixes to allow CppCMS to work with uclibc
- Fixed problem in URL dispatching to sub application that
caused inability to redefine main function of them
- Some bug fixes in response handling
### Version 0.99.4
_Released:_ 2010-11-30
New Features:
- Added support of OpenSSL as alternative to Gcrypt library for AES cookies encryption
- Added support of strength options of AES and better selection of hash for HMAC.
- Added support of recording and showing stack backtrace from thrown exceptions - for better debug-ability of the code.
- Added support of daemonization - running as service under Unix, including options: switch to unprivileged user and `chroot`ing to specified directory.
- Added support of reset\_session function in session\_interface that forces allocation of new session id - to be used for preventing session fixation.
- Added support of suppression of error messages by default - the exception information is not shown by default to user.
- Improved session ids generation security.
- Improved performance of generation of random numbers under Windows
- Improved Content-Type header handling
Bug Fixes:
- Fixed accidental crashes caused by dangling reference.
- Fixed bug incorrect using of non-blocking sockets caused incomplete writes on long outputs
- Fixed memory leak in AES encryption backend
- Fixed incorrect handing of script name in HTTP server.
- Fixed incorrect shutdown handling when working in prefork mode caused deadlock between parent and child on exit.
- Fixed bug in booster::streambuf caused accidental character loss, added handing of putback.
- Fixed incorrect error handing in http\_response class that could cause thread-pool to run out of threads.
- Various platform related test fixes
### Version 0.99.3
_Released:_ 2010-09-16
Security Bugs:
- Bugfix of hmac backend: generation of signature with too small block size
New Features:
- New version of Boost.Locale
- Added support of multiple hmac cookie signatures:
Built in: hmac-md5, hmac-sha1
With libgcrypt: hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512
By default hmac now uses sha1 instead of less secure md5
Bugs:
- Fixed memory leak in aes session encryptor
- Fixed incorrect validation of UTF-8 encoding that could cause some illegal sequences to pass through.
- Fixed missing attributes of some form widgets
- Fixed incorrect code generation in templates in `foreach` loop
- Fixed race condition when dispatch and context
assignment may happen not simultaneously
### Version 0.99.2
_Released:_ 2010-08-04
New Features:
- Significant performance improvements in Booster.Aio
- Significant performance improvment in FastCGI backend.
- Added more examples
Bugs:
- Fixed response/status handling in synchronous and asynchronous API.
- Fixed incorrect numbers handling in JSON.
- Various platform related fixes.
- Important bug fixes in file upload handling.
### Version 0.99.1
_Released:_ 2010-06-24
- Full CppCMS core rewrite that introduced:
- Asynchronous programming support
- Removal of 3rd part libraries from the core api.
- Stable API and ABI through all major releases.
- Improved Ajax support with introduction of JSON-RPC
- Powerful i18n and l10n
- Native Windows support including support of MSVC.
- And much more...
---
← [Supported Compilers and Platforms][prev]
| [Top](#maincontent)
| [CppCMS versioning scheme][next] →
[prev]: /wikipp/en/page/cppcms_1x_platforms
[next]: /wikipp/en/page/cppcms_versioning_scheme

About

CppCMS is a web development framework for performance demanding applications.

Support This Project

SourceForge.net Logo

Поддержать проект

CppCMS needs You


Navigation

Main Page


Valid CSS | Valid XHTML 1.0