Changes from 1.12.2 to 1.13.0 ----------------------------- * Fix helptext messages 4be4a861 * Changes to compile with gcc10 ebee2d99 * Changes to fix builds on BSDs c8af3538 c8ba8cf0 * Make HAVEGE dependency optional 8a6db3be 00af3d3c * Website updates 786ac316 * Python 3 support df257a04 * Prevent spurious leave notifications 677ffcf2 * Fix crash in websocket support 945434ca 6c458d53 * Address some warnings eb95f7c4 72520957 71845ced 0a4e763a 1cb046a7 d68fb292 6943899e f11270e1 8860740e a1876145 * M2SH: check for proper exit when running system() commands 7cc5b15e * Fix possible use of uninitialized variable 6c57fb63 * Logging improvements (better consistency, runtime filtering) 300b7fa8 5c5fd46a cd8bce0a c28a0f08 274b1dd9 Changes from 1.12.1 to 1.12.2 ----------------------------- * Disable some warnings that were spurious for ragel-generated files fd3c6e6b * Fix bug in previous bugfix for incorrect content-length 67db18df Changes from 1.12.0 to 1.12.1 ----------------------------- * Fix to prevent crashing on large files 66caedbb Changes from 1.11.0 to 1.12.0 ----------------------------- * Add more MIME types 5e643551 * Update mbedTLS to v2.9.0 f121648d * Fix memory bug in SuperPoll eff30f3a * Fix uninitialized memory error in darray ADT 911ee207 * Fix shutdown signal handler 232c517d 1b788752 * Makefile cleanup; default to using system mbedTLS, add homebrew target NB: The oldfile is available with `make -f localmbedtls.mak` 4d67a3a1 5be7fc9c a922d7b7 * Fix memory bug in Connection_create c54579d5 * Add SNI cache to improve SSL connection performance 27f68ba5 e27f68ba * Stop sending disconnect message in response to a cancel control request 65bc71bc * Fixes to download credits 599bd7ed 54653ef2 cef57c38 * Fix memory leak in websocket code 76906b99 * Misc code cleanup b1724168 7cb8532e * Fix path normalization on systems that do not define PATH_MAX 7c1a57e8 * authbind support for listening as non root 0778ec65 Changes from 1.10.0 to 1.11.0 ----------------------------- * Created a new release script (does not affect code) f80ad2a35 14d4e6b00 * Upgrade to newer mbedTLS version bdad09cad c9436cc38 * Add back in DHE with a 2048 bit parameter c2f61c63a c7d318f52 6a7426aac c8b33e168 7949693b2 07dd1347f Changes from 1.9.3 to 1.10.0 ---------------------------- * Several minor Makefile fixes: 7560af00 6bb17785 0410fa6d fb04b232 * Try getrandom, /dev/urandom (if available in chroot) and havege (old behavior) In that order: 650031cc 856b4600 71328bd6 0214841a * Fix closing and error-handling on SSL sockets: eb75e842 ea09dd5e ed2f5406 89333c60 * Fix warnings: 4fa1cf88 8c075ed3 4609a9e2 * Rename PolarSSL to mbedTLS and switch GH repository we pull from to match: fbe71d3c 817ffb62 * The reloading new configurations on SIGHUP was broken, and is now removed We now just rotate logs on SIGHUP: f09c80ce a5d302ac * Get submodule via https rather than insecure git protocol: 3033f7b6 546dc888 * Be more aggressive about notifying handlers of disconnect events: 14af9346 ac6a7220 8f849586 293f93ee 90e9ef73 801580c3 * Fix NULL referrence that could occur if client disconnects in the middle of a websocket packet: b721274e 8766da74 * Allow flow-control for large client downloads from handlers; handlers must request this behavior; old behavior is default: dab97e92 6b98e7bb * Fix memory leak: 3a407e51 * Fix symbol-name conflict in system headers on some newer systems: 81a0cd9f 563bac8c * Add optional more-relaxed URI parsing: b023666e aace2e86 ea943d29 * Expire SSL session cache entries: de9d44cf 53036f43 * Add support for wildcard certs with SNI: ee5bab17 26652403 * Add support for chunked uploads 955bae8a 26b2dd71 * Fix build failure when debug is enabled on connection.c c855c714 Changes from 1.9.2 to 1.9.3 --------------------------- * Fix "make clean" when not in a git checkout c59d3931 * Bump polarSSL version 053e0d53 cad261ca Changes from 1.9.1 to 1.9.2 --------------------------- * Make improvements to default ciphers 679b9529 1784b562 d1963dc5 fd551b2d ea03afc4 53c27d6b f91a5915 7a057fc9 * Cleanup polarssl git submodule integration 1edb6ab4 854bc486 * Remove non-working ARM code 605d7972 1a81de53 * Disable SSLv3 in PolarSSL configuration 3d9d91c6 f95d8ce1 * When handling large uploads via tempfile, close tempfile before notifying handler: 423bcd47 fba57ddb * Makefile fixes: c40e8b2b de30bef1 61cf4217 eafe3cf3 * Improve portability of websocket upgrade handling 9bc56c50 Changes from 1.9.0 to 1.9.1 --------------------------- * Fix broken test-mode b734059e * Update expired certificate for failing test 7762c93f * Tidy up a few minor issues found by scan-build: b3f547e5 Changes from 1.8.0 to 1.9.0: commit 19df4cbd1 Upgrade to PolarSSL 1.3.0 commit 21d4cc95b Change flags for building .so on macports (A new sample filter broke the old options) commit e61fee3e7 Add an option to stream large uploads to a handler using a token credit system to prevent over-buffering. commit 3a58aa0da Add an option ssl.verify_required to mandate client certificate verification commit 9024156ad Add a control XREQ type; only supported option is a keep-alive which acts as a "ping" for the mongrel2 idle connection killer commit 854cff6e9 Add mongrel2 header field "REMOTE_ADDR" with the actual remote from mongrel2. Add option "no_clobber_xff" which will preserve the x-forwarded-for field from the client/upstream proxy. Old behavior was to replace the x-forwarded-for header with the remote address to mongrel2. This new way is better since it still allows a trusted field (REMOTE_ADDR) while also preserving x-forwarded-for for setups that include (for instance) a load-balancer or external ssl-terminator. We don't replace the old behavior for x-forwarded-for unless requested, since older handlers may trust that header. commit b82451f343 Add ability to have a separate control port for each server commit ea6a9cd729 This was hotfixed-into 1.8.1 and fixed some bugs in how the deliver task gets killed. commit ef1c601777 Add a few MIME type mappings commit 89ed061396 Adds TLS SNI identification In the certdir, place e.g. example.com.key and example.com.crt to have SNI work. 1.9.0 should fall back on the old key/crt files if these aren't found commit 81bf4ac84ba Adds a new "Extended" handler reply format, and a plugin system to hook into them. A sample plugin was created that will do x-sendfile like responses (The handler sends the proper headers, then an extended reply keyed to the plugin, which causes mongrel2 to dump a file to the connection) commit 82b3ab000dc Docs fixes for ubuntu installation instructions commit 24b2ed3936a A number of either completely or nearly non-functional changes to make a static analyzer happy. commit 89e1f43f545 Add ability for filters to rewrite headers going to proxy connections This allows, for example mod_rewrite like ability in filters commit 5150a0583c1 Modification to Python zmq library to allow forwarding of raw 0mq message commit 82a26a67c04 Bugfix for when a connection first goes to proxy and then a zmq handler commit 861cdf36f585 Add configuration option to prevent forking Makes a lot of process management tools happier