Main  /  Edit version 5  /  Edit version 6  /   /  Users Area

Difference "Changelog for CppCMS 1.x.x" ver. 5 versus ver. 6

Content:

<!--toc-->
### Version 0.99.10
_Released:_ 2011-09-01
New Features:
- New Cross Site Request Forgery prevention tools.
- Many HTTP web server improvements, now built in HTTP web severer is fully useful not only for debugging but also for using on embedded platforms or running behind proxies:
- Full support of timeouts on all stages
- File server improvements:
- Security improvements - in file serving - now it is useful for embedded platforms.
- Full Unicode file names support under Windows (UTF-8).
- Optional directory listing.
- Support of directory aliases.
- Support loading XSS profiles from file/json object making XSS filters configuration much easier and simpler.
- Support of installing, uninstalling and running CppCMS as windows service.
- New tool for generation of HMAC/AES keys `cppcms_make_key`
- Support of numeric index and reverse iteration in foreach statement, closing issue #3111909
- Added deprecation warning of `<% var %>` templates format in flavor of `<%= var %>` and
`form + widget` operator in flavor of `form.add(widget)`
- Added workaround for sending full HTTP headers for broken SCGI connectors like IIS's one
- Lineup with latest Boost.Locale - mostly bug fixes and tests improvements.
Bugs:
- a bug in json::value::is_null() incorrect answer.
- XSS filter - prevent from relative URI filter to accidentally match absolute ones .
### Version 0.99.9
_Released:_ 2011-08-10
New Features:
- Clang is support provided, CppCMS was tested against
Clang 2.8.
Now CppCMS supports 5 families of C++ compilers:
- GCC 3.4.x to 4.6.1
- Visual Studio 2005 - 2010
- Clang 2.8
- Intel 11
- Sun Studio 5.10
- Significant performance improvements in XSS filtering by
rewriting URI validation using a C++ parser rather then
using complex regular expression.
Added support of fully custom validation for HTML
attributes using callback functions in the XSS filter.
- Significant performance improvements over multiple places
in code by eliminating multiple memory allocations:
- HTTP, SCGI and FastCGI backends - improved memory allocation
for CGI variables.
- Fetching values from JSON objects using get(...),
find(...) APIs is now done with 0 memory allocation.
- URL mapping is now done with 0 or very low memory allocation.
- Various filters like `escape`, `urlencode` and some others
now work with no or few memory allocations.
- Performance improvements in caching by replacing
the balanced binary tree by hash table in the
primary cache key index.
Breaking Changes:
- `json::object` had changed from `std::map<std::string,value>`
to `std::map<string_key,value>`. It should be fully
transparent for almost all users.
Bugs:
- Fixed a crash in http::response when writing HTTP headers
throws due for example to incorrect file permissions.
- Fixed a bug in `booster::regex` that prevented some valid
patterns to be matched against some regular expressions.
- Fixed a bug that may prevent from `booster::regex` to work on
big endian 64 bit platforms
- Added initial support of Python3 for templates compiler.
- Added a workaround for systems that use python3 by default.
### Version 0.99.8
_Released:_ 2011-07-11
New Features:
- Boost.Locale is updated to the latest version
that is going to be merged into Boost svn tree.
It includes some breaking changes:
- Redesigned boundary analysis interface:
Instead of using `mapping`, `token_iterator`
and `break_iterator` new classes that
provide same functionality introduced:
`segment_index`, `boundary_point_index`
and the elements that can be iterated
`segment` and `boundary_point`.
See:
<http://cppcms.sourceforge.net/boost_locale/html/boundary_analysys.html>
- Updated messages interface, now messages
use same type of character for key and
output message, i.e.
std::wstring wh = translate(L"hello").str();
std::string h = translate( "hello").str();
Instead of
std::wstring wh = translate("hello").str<wchar_t>();
std::string h = translate("hello").str<char>();
It allows to use non-US-ASCII keys transparently.
- Update `date_time` interface to
be more consistent with Boost.DateTime
and Boost.Chrono. Operations are more
type safe now.
- Introduced support of SunStudio Compiler on
OpenSolaris.
- New nightly tests: Linux Armel and Solaris/SunStudio.
Bugs:
- Fixed bug that virtually disabled gzip
compression in CppCMS 0.99.7
- Some compilation and testing fixes for older
versions of Mac OS X/Darwin 8.
Note Darwin 8 is not supported due to
bugs in the standard C library, but there should
be no problems with newer Mac OS X versions.
- Fixes to support ICU 4.8
- Fixes to support gcc-4.6 and gcc-4.0
- Fixes to support Python 2.3.5
### Version 0.99.7
_Released:_ 2011-03-26
Security Bugs:
- Fixed incorrect key parsing caused reduced entropy of AES and HMAC keys
- Fixed incorrect HMAC key definition when using separate keys for CBC and MAC
New Features:
- URL Mapping - the opposite of URL Dispatching
is created, now every URL can be easily abstracted
from the physical URL,
It allows creating hierarchies of applications
and referring each other using named URL.
- Caching system:
- Added support of dependent triggers
recording using cppcms::triggers_recorder class
- Added cache support at templates level
- Added "tee" filter for better caching support
of HTML fragments
- Template System
- Provided basic unit-testing
- Provided access too application that renders
the view, giving basics for access to many features like
sessions, cache and so on.
- Added `<% url ... %>`, `<% cache ...%>`, `<% trigger ... %>`
tags
- Improved error reporting
- Added `<%= variable | filters%>` style of rendering to allow
override reserved words and variables
- Updated Message Board example to use url mapping
- Boost.Locale features:
- Default locale is UTF-8 on windows
- Support of Gregorian calendar for non-ICU backends
- Support of checking if the time is in daylight savings time
to the calendar
- Performance optimization in formatting and collation
- Redesigned booster::socket class, split into set of smaller
classes according to their roles
- Optimization for embedded builds adds support of removing of
modules that may be not
useful for embedded applications:
- Cache storage, prefork storage, distributed cache storage
- GZip compression
- Support of graceful shutdown of fastcgi process by Apache on Windows
using libfastcgi waiting style
- Improved boost::thread api to support detach member function
- Booster: support of timegm, making booster::ptime symmetric.
Bugs:
- Fixed bug #3177531 - invalid port/ip returned in CGI headers
when using "list" of apis
- Cleanup of set() property, make sure it is set to false only in cases
where it is really needed, and turn it on by default on most widgets
Fixing F.R. #3177317
- Changed warning level to -Wall -Wextra, warnings cleanup
- Boost.Locale - workaround of ICU time zone detection bug
- Fixed incorrect rendering of input form when pointer
involved
- Fixed issue with urandom device when running with limited user
under Windows
- Fixes of MSVC-2005 issues
### Version 0.99.6
_Released:_ 2011-01-13
Security Bugs:
- Fixed AES backend: invalid [redundancy test](http://art-blog.no-ip.info/cppcms/blog/post/74)
- Fixed buffer overflow in urlencode for characters above 127.
Bugs:
- Fixed crash on attempt to use base64_urlencode filter.
### Version 0.99.5
_Released:_ 2011-01-01
New Features:
- New [XSS](http://en.wikipedia.org/wiki/Cross-site_scripting)
Filer. It is very new
and experimental feature. It allows to validate and filter
the HTML input that comes from untrusted source to
ensure that it does not include malicious code.
This is very common case when we want to integrate
in the applications tools like TinyMCS.
It is based on white-list of tags and HTML attributes
values that are allowed to be included.
The filter and filtering rules can be found under
[cppcms::xss](/cppcms_ref_v0_99/namespacecppcms_1_1xss.html) namespace.
Currently XSS filter is used only on CppCMS's wiki.
So you are welcome to try to bypass it
editing the wiki's [Sandbox](http://art-blog.no-ip.info/wikipp/en/page/sandbox)
and if you succeed please report me immediately.
- Support Windows Vista/Windows 7 API. It allows to build CppCMS on
Windows without pthreads-win32 library.
Note: you need to use CMake's option: `-DUSE_WINDOWS6_API=ON` as
by default CppCMS targeted for Windows XP and above.
- Changed default number of worker threads to depend on
number of physical CPUs
Bugs:
- Fixed incorrect mutex configuration that caused deadlocks
in preforking mode
- Some fixed in CMake scripts that caused libraries not being
found in some situations.
- Some fixes to allow CppCMS to work with uclibc
- Fixed problem in URL dispatching to sub application that
caused inability to redefine main function of them
- Some bug fixes in response handling
### Version 0.99.4
_Released:_ 2010-11-30
New Features:
- Added support of OpenSSL as alternative to Gcrypt library for AES cookies encryption
- Added support of strength options of AES and better selection of hash for HMAC.
- Added support of recording and showing stack backtrace from thrown exceptions - for better debug-ability of the code.
- Added support of daemonization - running as service under Unix, including options: switch to unprivileged user and `chroot`ing to specified directory.
- Added support of reset\_session function in session\_interface that forces allocation of new session id - to be used for preventing session fixation.
- Added support of suppression of error messages by default - the exception information is not shown by default to user.
- Improved session ids generation security.
- Improved performance of generation of random numbers under Windows
- Improved Content-Type header handling
Bug Fixes:
- Fixed accidental crashes caused by dangling reference.
- Fixed bug incorrect using of non-blocking sockets caused incomplete writes on long outputs
- Fixed memory leak in AES encryption backend
- Fixed incorrect handing of script name in HTTP server.
- Fixed incorrect shutdown handling when working in prefork mode caused deadlock between parent and child on exit.
- Fixed bug in booster::streambuf caused accidental character loss, added handing of putback.
- Fixed incorrect error handing in http\_response class that could cause thread-pool to run out of threads.
- Various platform related test fixes
### Version 0.99.3
_Released:_ 2010-09-16
Security Bugs:
- Bugfix of hmac backend: generation of signature with too small block size
New Features:
- New version of Boost.Locale
- Added support of multiple hmac cookie signatures:
Built in: hmac-md5, hmac-sha1
With libgcrypt: hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512
By default hmac now uses sha1 instead of less secure md5
Bugs:
- Fixed memory leak in aes session encryptor
- Fixed incorrect validation of UTF-8 encoding that could cause some illegal sequences to pass through.
- Fixed missing attributes of some form widgets
- Fixed incorrect code generation in templates in `foreach` loop
- Fixed race condition when dispatch and context
assignment may happen not simultaneously
### Version 0.99.2
_Released:_ 2010-08-04
New Features:
- Significant performance improvements in Booster.Aio
- Significant performance improvment in FastCGI backend.
- Added more examples
Bugs:
- Fixed response/status handling in synchronous and asynchronous API.
- Fixed incorrect numbers handling in JSON.
- Various platform related fixes.
- Important bug fixes in file upload handling.
### Version 0.99.1
_Released:_ 2010-06-24
- Full CppCMS core rewrite that introduced:
- Asynchronous programming support
- Removal of 3rd part libraries from the core api.
- Stable API and ABI through all major releases.
- Improved Ajax support with introduction of JSON-RPC
- Powerful i18n and l10n
- Native Windows support including support of MSVC.
- And much more...

About

CppCMS is a web development framework for performance demanding applications.

Support This Project

SourceForge.net Logo

Поддержать проект

CppCMS needs You

Navigation

Main Page

Valid CSS | Valid XHTML 1.0