<!--toc--> |
|
### Version 0.99.8 |
|
_Released:_ 2011-07-11 |
|
New Features: |
|
- Boost.Locale is updated to the latest version |
that is going to be merged into Boost svn tree. |
|
It includes some breaking changes: |
|
- Redesigned boundary analysis interface: |
|
Instead of using `mapping`, `token_iterator` |
and `break_iterator` new classes that |
provide same functionality introduced: |
|
`segment_index`, `boundary_point_index` |
and the elements that can be iterated |
`segment` and `boundary_point`. |
|
See: |
<http://cppcms.sourceforge.net/boost_locale/html/boundary_analysys.html> |
|
- Updated messages interface, now messages |
use same type of character for key and |
output message, i.e. |
|
std::wstring = translate(L"hello"); |
std::string = translate( "hello"); |
std::wstring wh = translate(L"hello").str(); |
std::string h = translate( "hello").str(); |
|
Instead of |
|
std::wstring wh = translate("hello").str<wchar_t>(); |
std::string h = translate("hello").str<char>(); |
|
|
It allows to use non-US-ASCII keys transparently. |
|
- Update `date_time` interface to |
be more consistent with Boost.DateTime |
and Boost.Chrono. Operations are more |
type safe now. |
|
- Introduced support of SunStudio Compiler on |
OpenSolaris. |
|
- New nightly tests: Linux Armel and Solaris/SunStudio. |
|
|
Bugs: |
|
- Fixed bug that virtually disabled gzip |
compression in CppCMS 0.99.7 |
- Some compilation and testing fixes for older |
versions of Mac OS X/Darwin 8. |
|
Note Darwin 8 is not supported due to |
bugs in the standard C library, but there should |
be no problems with newer Mac OS X versions. |
- Fixes to support ICU 4.8 |
- Fixes to support gcc-4.6 and gcc-4.0 |
- Fixes to support Python 2.3.5 |
|
|
### Version 0.99.7 |
|
_Released:_ 2011-03-26 |
|
Security Bugs: |
|
- Fixed incorrect key parsing caused reduced entropy of AES and HMAC keys |
- Fixed incorrect HMAC key definition when using separate keys for CBC and MAC |
|
|
New Features: |
|
- URL Mapping - the opposite of URL Dispatching |
is created, now every URL can be easily abstracted |
from the physical URL, |
|
It allows creating hierarchies of applications |
and referring each other using named URL. |
|
- Caching system: |
|
- Added support of dependent triggers |
recording using cppcms::triggers_recorder class |
- Added cache support at templates level |
- Added "tee" filter for better caching support |
of HTML fragments |
|
- Template System |
|
- Provided basic unit-testing |
- Provided access too application that renders |
the view, giving basics for access to many features like |
sessions, cache and so on. |
- Added `<% url ... %>`, `<% cache ...%>`, `<% trigger ... %>` |
tags |
- Improved error reporting |
- Added `<%= variable | filters%>` style of rendering to allow |
override reserved words and variables |
|
- Updated Message Board example to use url mapping |
|
- Boost.Locale features: |
- Default locale is UTF-8 on windows |
- Support of Gregorian calendar for non-ICU backends |
- Support of checking if the time is in daylight savings time |
to the calendar |
- Performance optimization in formatting and collation |
|
- Redesigned booster::socket class, split into set of smaller |
classes according to their roles |
|
- Optimization for embedded builds adds support of removing of |
modules that may be not |
useful for embedded applications: |
|
- Cache storage, prefork storage, distributed cache storage |
- GZip compression |
|
- Support of graceful shutdown of fastcgi process by Apache on Windows |
using libfastcgi waiting style |
|
- Improved boost::thread api to support detach member function |
|
- Booster: support of timegm, making booster::ptime symmetric. |
|
|
Bugs: |
|
- Fixed bug #3177531 - invalid port/ip returned in CGI headers |
when using "list" of apis |
- Cleanup of set() property, make sure it is set to false only in cases |
where it is really needed, and turn it on by default on most widgets |
Fixing F.R. #3177317 |
- Changed warning level to -Wall -Wextra, warnings cleanup |
- Boost.Locale - workaround of ICU time zone detection bug |
- Fixed incorrect rendering of input form when pointer |
involved |
- Fixed issue with urandom device when running with limited user |
under Windows |
- Fixes of MSVC-2005 issues |
|
|
|
### Version 0.99.6 |
|
_Released:_ 2011-01-13 |
|
Security Bugs: |
|
- Fixed AES backend: invalid [redundancy test](http://art-blog.no-ip.info/cppcms/blog/post/74) |
- Fixed buffer overflow in urlencode for characters above 127. |
|
Bugs: |
|
- Fixed crash on attempt to use base64_urlencode filter. |
|
### Version 0.99.5 |
|
_Released:_ 2011-01-01 |
|
|
New Features: |
|
- New [XSS](http://en.wikipedia.org/wiki/Cross-site_scripting) |
Filer. It is very new |
and experimental feature. It allows to validate and filter |
the HTML input that comes from untrusted source to |
ensure that it does not include malicious code. |
This is very common case when we want to integrate |
in the applications tools like TinyMCS. |
|
It is based on white-list of tags and HTML attributes |
values that are allowed to be included. |
|
The filter and filtering rules can be found under |
[cppcms::xss](/cppcms_ref_v0_99/namespacecppcms_1_1xss.html) namespace. |
|
Currently XSS filter is used only on CppCMS's wiki. |
So you are welcome to try to bypass it |
editing the wiki's [Sandbox](http://art-blog.no-ip.info/wikipp/en/page/sandbox) |
and if you succeed please report me immediately. |
|
- Support Windows Vista/Windows 7 API. It allows to build CppCMS on |
Windows without pthreads-win32 library. |
|
Note: you need to use CMake's option: `-DUSE_WINDOWS6_API=ON` as |
by default CppCMS targeted for Windows XP and above. |
|
- Changed default number of worker threads to depend on |
number of physical CPUs |
|
Bugs: |
|
- Fixed incorrect mutex configuration that caused deadlocks |
in preforking mode |
- Some fixed in CMake scripts that caused libraries not being |
found in some situations. |
- Some fixes to allow CppCMS to work with uclibc |
- Fixed problem in URL dispatching to sub application that |
caused inability to redefine main function of them |
- Some bug fixes in response handling |
|
### Version 0.99.4 |
|
_Released:_ 2010-11-30 |
|
|
New Features: |
|
- Added support of OpenSSL as alternative to Gcrypt library for AES cookies encryption |
- Added support of strength options of AES and better selection of hash for HMAC. |
- Added support of recording and showing stack backtrace from thrown exceptions - for better debug-ability of the code. |
- Added support of daemonization - running as service under Unix, including options: switch to unprivileged user and `chroot`ing to specified directory. |
- Added support of reset\_session function in session\_interface that forces allocation of new session id - to be used for preventing session fixation. |
- Added support of suppression of error messages by default - the exception information is not shown by default to user. |
- Improved session ids generation security. |
- Improved performance of generation of random numbers under Windows |
- Improved Content-Type header handling |
|
Bug Fixes: |
|
- Fixed accidental crashes caused by dangling reference. |
- Fixed bug incorrect using of non-blocking sockets caused incomplete writes on long outputs |
- Fixed memory leak in AES encryption backend |
- Fixed incorrect handing of script name in HTTP server. |
- Fixed incorrect shutdown handling when working in prefork mode caused deadlock between parent and child on exit. |
- Fixed bug in booster::streambuf caused accidental character loss, added handing of putback. |
- Fixed incorrect error handing in http\_response class that could cause thread-pool to run out of threads. |
- Various platform related test fixes |
|
|
### Version 0.99.3 |
|
_Released:_ 2010-09-16 |
|
Security Bugs: |
|
- Bugfix of hmac backend: generation of signature with too small block size |
|
|
New Features: |
|
- New version of Boost.Locale |
- Added support of multiple hmac cookie signatures: |
|
Built in: hmac-md5, hmac-sha1 |
With libgcrypt: hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512 |
By default hmac now uses sha1 instead of less secure md5 |
|
|
Bugs: |
|
- Fixed memory leak in aes session encryptor |
- Fixed incorrect validation of UTF-8 encoding that could cause some illegal sequences to pass through. |
- Fixed missing attributes of some form widgets |
- Fixed incorrect code generation in templates in `foreach` loop |
- Fixed race condition when dispatch and context |
assignment may happen not simultaneously |
|
### Version 0.99.2 |
|
_Released:_ 2010-08-04 |
|
New Features: |
|
- Significant performance improvements in Booster.Aio |
- Significant performance improvment in FastCGI backend. |
- Added more examples |
|
|
Bugs: |
|
- Fixed response/status handling in synchronous and asynchronous API. |
- Fixed incorrect numbers handling in JSON. |
- Various platform related fixes. |
- Important bug fixes in file upload handling. |
|
|
### Version 0.99.1 |
|
_Released:_ 2010-06-24 |
|
- Full CppCMS core rewrite that introduced: |
- Asynchronous programming support |
- Removal of 3rd part libraries from the core api. |
- Stable API and ABI through all major releases. |
- Improved Ajax support with introduction of JSON-RPC |
- Powerful i18n and l10n |
- Native Windows support including support of MSVC. |
- And much more... |
|
