forked from alepharchives/hiawatha
-
Notifications
You must be signed in to change notification settings - Fork 1
/
ChangeLog
1459 lines (1052 loc) · 49.2 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
hiawatha (10.7) stable; urgency=low
* Connect to a Unix socket via a reverse proxy.
* Added BlockExtensions setting.
* mbed TLS updated to 2.6.0.
* Small improvements.
* Bugfix: error in handling renewal scripts in Let's Encrypt script.
-- Hugo Leisink <[email protected]> Mon, 16 Oct 2017 19:31:54 +0200
hiawatha (10.6) stable; urgency=low
* Added PublicKeyPins option.
* Added renewal-scripts to Let's Encrypt script.
* mbed TLS updated to 2.4.2.
* Small changes to CMake build system.
* Small improvements.
* Bugfix: SCSV bug in mbed TLS.
-- Hugo Leisink <[email protected]> Sun, 16 Apr 2017 22:04:37 +0200
hiawatha (10.5) stable; urgency=low
* mbed TLS updated to 2.4.0, using GPL version.
* Added CustomHeaderBackend option.
* Renamed CustomHeader option to CustomHeaderClient. Old name still works.
* Hiawatha ignores FileHashes and ReverseProxy for Let's Encrypt
authentication requests.
* Small bugfixes.
-- Hugo Leisink <[email protected]> Fri, 27 Jan 2017 12:06:10 +0100
hiawatha (10.4) stable; urgency=low
* mbed TLS updated to 2.3.0.
* SkipCacheCookie option added.
* Added Systemd init script to Debian package.
* Small improvements and bugfixes.
-- Hugo Leisink <[email protected]> Wed, 5 Oct 2016 19:56:21 +0200
hiawatha (10.3) stable; urgency=low
* PreventCSRF, PreventSQLi and PreventXSS improved.
* Prevention of MySQL data mining via SQL injection. Thanks to
Esmaeil Rahimian <[email protected]>.
* Added revoke option to Let's Encrypt script.
* Hiawatha ignores RequireTLS for Let's Encrypt authentication requests.
* Small bugfixes and improvements.
* Bugfix: possible HTTP request pipelining error after CSRF prevented.
-- Hugo Leisink <[email protected]> Sun, 5 Jun 2016 08:21:38 +0200
hiawatha (10.2) stable; urgency=low
* Added Let's Encrypt script (see extra/letsencrypt).
* Added support for requesting Let's Encrypt certificates (see AccessList
and PasswordFile settings in manual page).
* Small improvements.
* Bugfix: HideProxy not working for Forwarded header.
-- Hugo Leisink <[email protected]> Sun, 1 May 2016 20:21:41 +0200
hiawatha (10.1) stable; urgency=low
* Added Extensions setting.
* Added support for X-Sendfile header.
* mbed TLS updated to 2.2.1.
* Improved SQL injection detection.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Thu, 11 Feb 2016 08:39:12 +0100
hiawatha (10.0) stable; urgency=low
* Usage of Directory sections changed.
* Added support for RFC 5785.
* Added support for GZip compression. Removed the UseGZfile option.
* Added ECDSA support for TLS 1.0 and TLS 1.1.
* Replaced UrlToolkit Expire option with ExpirePeriod in Directory section.
* Replaced IgnoreDotHiawatha option with UseLocalConfig.
* Removed the VolatileObject option.
* Improved SQL injection detection.
* mbed TLS updated to 2.2.0.
* Small improvements.
-- Hugo Leisink <[email protected]> Wed, 25 Nov 2015 19:13:39 +0100
hiawatha (9.15) stable; urgency=low
* Support for WebSockets via reverse proxy.
* UNIX socket support for connections to WebSockets.
* Responsive design for directory index and error message.
* mbed TLS updated to 2.1.2.
* Fixed mbed TLS linking in CMake configuration.
* ListenBacklog option added.
* Small bugfixes.
-- Hugo Leisink <[email protected]> Wed, 14 Oct 2015 20:46:07 +0200
hiawatha (9.14) stable; urgency=low
* mbed TLS updated to 2.0.0.
* Small bugfixes.
* Bugfix: crash when sending very large request to FastCGI server.
-- Hugo Leisink <[email protected]> Wed, 26 Jul 2015 11:23:50 +0200
hiawatha (9.13) stable; urgency=low
* Renamed SSLcertFile to TLScertFile.
* Renamed RequireSSL to RequireTLS.
* Renamed SSL_* CGI environment variables to TLS_*.
* Renamed UrlToolkit option UseSSL to UseTLS.
* Replaced MinSSLversion by MinTLSversion.
* LogTimeouts option added.
* Added 'skip directories' parameter to reverse proxy.
* Failed logins sent to Hiawatha Monitor.
* Small bugfix and improvements.
-- Hugo Leisink <[email protected]> Sun, 10 May 2015 09:47:41 +0200
hiawatha (9.12) stable; urgency=medium
* PolarSSL 1.3.9 upgraded to mbed TLS 1.3.10.
* MacOS X PreferencePane removed from MacOS X package.
* Bugfix: memory leak in SSL library.
* Small bugfix.
-- Hugo Leisink <[email protected]> Thu, 12 Feb 2015 22:39:50 +0100
hiawatha (9.11) stable; urgency=low
* ChallengeClient option added.
* UrlToolkit options TotalConnections and OmitRequestLog added.
* Improvements to UrlToolkit and reverse proxy swap.
* UrlToolkit rules are also applied to PUT and DELETE.
* Small improvements.
-- Hugo Leisink <[email protected]> Sun, 18 Jan 2015 10:36:27 +0100
hiawatha (9.10) stable; urgency=low
* Support for banning bad clients who connect via a proxy.
* UrlToolkit option Do added. Changed how Call and Skip should be called.
* General UrlToolkit improvements. See config/toolkit.conf for syntax.
* Hiawatha now prefers reverse proxies with a scheme matching the one of
the client connection. See config/toolkit.conf for syntax.
* Hiawatha will now first process UrlToolkit rules before using ReverseProxy.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Sat, 3 Jan 2015 19:09:11 +0100
hiawatha (9.9) stable; urgency=low
* HTTPAuthToCGI option added.
* BanByCGI option added.
* PolarSSL updated to version 1.3.9.
* Improved SSL ciphersuite selections.
* CAcertificates options added.
* Dropped support for SSL3.0.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Sun, 7 Dec 2014 12:15:57 +0100
hiawatha (9.8) stable; urgency=low
* Added support for websockets. WebSocket option added.
* Added Red Hat package building script (extra/make_redhat_package).
Thanks to Paul F. Bernal B.
* SSL key and certificate checks added to wigwam.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Sat, 27 Sep 2014 14:13:21 +0200
hiawatha (9.7) stable; urgency=low
* UseToolkit now possible in .hiawatha file at root of website.
* Method option added to URL Toolkit.
* SetResourceLimit option added.
* ThreadKillRate option added.
* Improved SQL injection detection.
* Default value for DHsize set to 2048.
* PolarSSL updated to version 1.3.8.
* Memory allocation debugger module added.
* Small bugfixes and improvements.
* Bugfix: incorrect file hash printing by wigwam with directory as symlink.
-- Hugo Leisink <[email protected]> Thu, 21 Aug 2014 22:20:49 +0200
hiawatha (9.6) stable; urgency=medium
* Logfile rotation for access logfiles.
* HTTP Strict Transport Security header made optional for RequireSSL.
* Support for chunked transfer encoded requests (not for PUT).
* Support for improved server statistics in Hiawatha Monitor.
* The Hiawatha Monitor is now supported without the need for XSLT.
* PolarSSL updated to version 1.3.7.
* A few bugfixes as reported by Coverity.
* Small bugfixes.
* Bugfix: SQL injection detection was broken since 8.6.
* Bugfix: XSS detection didn't work for reverse proxy.
-- Hugo Leisink <[email protected]> Sat, 31 May 2014 20:07:55 +0200
hiawatha (9.5) stable; urgency=low
* Added support for CGI statistics in Hiawatha Monitor.
* MonitorRequests and MonitorStatsInterval option removed.
* Added support for Origin HTTP header to prevent CSRF.
* EnforceFirstHostname option added.
* ScriptAlias option added.
* PolarSSL updated to version 1.3.6.
* Dropped support for PolarSSL 1.2.
-- Hugo Leisink <[email protected]> Wed, 23 Apr 2014 20:55:29 +0200
hiawatha (9.4) stable; urgency=low
* Keep-Alive connections for reverse proxy made optional.
* ErrorXSLTfile option added.
* IgnoreDotHiawatha option added.
* RandomHeader option added.
* Dropped support for RC4.
* PolarSSL updated to version 1.3.4.
* Added support for Hyper Text Coffee Pot Control Protocol (RFC 2324).
* Added SSL_CIPHER to CGI environment.
* Added Public/Private to URL Toolkit expire option.
* Small improvements.
-- Hugo Leisink <[email protected]> Sat, 22 Mar 2014 10:53:03 +0100
hiawatha (9.3.1) stable; urgency=low
* Several bugfixes in reverse proxy.
-- Hugo Leisink <[email protected]> Sat, 7 Dec 2013 19:54:49 +0100
hiawatha (9.3) stable; urgency=low
* PolarSSL updated to version 1.3.2.
* Added support for Elliptic Curve Cryptography.
* TunnelSSH option added.
* AnonymizeIP option added. Thanks to Klemens Scholhorn.
* Keep-alive connections for reverse proxy.
* Small improvements.
-- Hugo Leisink <[email protected]> Tue, 5 Nov 2013 20:21:13 +0100
hiawatha (9.2) stable; urgency=low
* Added support for compiling Hiawatha against the system's default
version (>=1.2.0) of the PolarSSL library.
* PolarSSL updated to version 1.2.8.
* Small bugfixes (memory leaks in error situations).
* Bugfix: virtual hostname selection for IPv6 with non-standard port.
-- Hugo Leisink <[email protected]> Sun, 23 Jun 2013 12:25:52 +0200
hiawatha (9.1) stable; urgency=low
* FileHashes option added.
* PolarSSL updated to version 1.2.7. Enabled ciphersuite selection based
on protocol version.
* Enabled accf_http support for FreeBSD. Thanks to Martin Tournoij.
* Better handling of previous installed configuration files under MacOS X.
Thanks to Sander Niemeijer.
* ImageReferer option removed.
* Added SSL_VERSION to CGI environment.
* Bugfix: incorrect BanOnFlooding behavior.
* Small improvements.
-- Hugo Leisink <[email protected]> Mon, 15 Apr 2013 17:56:48 +0200
hiawatha (9.0) stable; urgency=low
* Clients handled via thread pool instead of creating threads on the fly.
* ThreadPoolSize option added.
* Header option added to URL Toolkit.
* Improved client SSL certificate handling. Environment variables renamed.
* PolarSSL updated to version 1.2.6.
* Improved Reverse Proxy caching support for requests with URL parameters.
* CacheMinFilesize option removed.
* DenyBot option removed. Use URL Toolkit's Header option instead.
* OldBrowser option removed from URL Toolkit. Use Header option instead.
* Improved URL Toolkit rule testing in wigwam.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Thu, 28 Mar 2013 11:46:52 +0100
hiawatha (8.8.1) stable; urgency=medium
* Bugfix: Incorrect size of buffer for poll() can lead to a crash
when using Tomahawk.
-- Hugo Leisink <[email protected]> Tue, 5 Mar 2013 15:27:01 +0100
hiawatha (8.8) stable; urgency=low
* Caching for Reverse Proxy. CacheRProxyExtensions option added.
* Basic HTTP authentication now supports the glibc2 version of crypt().
* Hostname in ImageReferer can now contain a wildcard.
* DenyBody matching is now case insensitive.
* PolarSSL updated to version 1.2.5.
* Small improvements.
-- Hugo Leisink <[email protected]> Mon, 18 Feb 2013 22:05:46 +0100
hiawatha (8.7) stable; urgency=low
* Added support for HTTP Strict Transport Security (RFC 6797). Integrated
in RequireSSL option.
* DHsize option added.
* PolarSSL updated to version 1.2.3.
* CloudFlare headers placed in environment variables.
* Removed php-fcgi.
* Small improvements.
* Bugfix: slow page loading via Reverse Proxy.
-- Hugo Leisink <[email protected]> Wed, 9 Jan 2013 20:18:23 +0100
hiawatha (8.6) stable; urgency=low
* PolarSSL updated to version 1.2. Added support for TLS 1.2 and
secure renegotiation.
* Added support for Server Name Indication.
* MinSSLversion option added.
* ServerRoot option removed.
* Improved MacOS X package building script.
* Marked php-fcgi as deprecated. Use php-fpm instead.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Wed, 31 Oct 2012 19:10:32 +0100
hiawatha (8.5) stable; urgency=low
* Improved Reverse Proxy.
* Changed error message style.
* Renamed Command Channel to Tomahawk.
* Return 403 instead of 401 upon correct password for HTTP
authentication but user not in right group.
* Small improvements.
* Bugfix: replaced select() with poll() to prevent crashes in case of
large amount of simultaneous connections. Thanks to Peter Bex.
-- Hugo Leisink <[email protected]> Sun, 9 Sep 2012 11:39:12 +0200
hiawatha (8.4) stable; urgency=low
* MaxServerLoad option added.
* PolarSSL updated to version 1.1.4.
* Small bugfixes and improvements.
* Bugfix: invalid reverse proxy request when URL parameters are present.
-- Hugo Leisink <[email protected]> Thu, 7 Jun 2012 20:07:46 +0200
hiawatha (8.3.2) stable; urgency=high
* Bugfix: memory leak in SSL library.
-- Hugo Leisink <[email protected]> Tue, 29 May 2012 18:02:59 +0200
hiawatha (8.3.1) stable; urgency=low
* Improved security for reverse proxy (works with PreventSQLi, etc).
-- Hugo Leisink <[email protected]> Mon, 28 May 2012 21:50:31 +0200
hiawatha (8.3) stable; urgency=low
* ReverseProxy option added.
* PolarSSL updated to version 1.1.3.
-- Hugo Leisink <[email protected]> Wed, 23 May 2012 18:11:56 +0200
hiawatha (8.2) stable; urgency=low
* WebDAVapp option added. Enables support for WebDAV applications
like ownCloud (http://owncloud.org/).
* Removed support for the OPTIONS method.
* AllowDotFiles option added.
* Global forks setting in php-fcgi.conf moved to Server setting.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Tue, 1 May 2012 17:48:27 +0200
hiawatha (8.1) stable; urgency=low
* BanOnInvalidURL option added.
* PolarSSL updated to version 1.1.1.
* Small improvements in Windows packaging script.
* Bugfix: paths missing in default values and examples in manual pages.
-- Hugo Leisink <[email protected]> Sat, 25 Feb 2012 19:02:41 +0100
hiawatha (8.0) stable; urgency=low
* Replaced Autoconf with CMake. Many thanks to Sander Niemeijer.
* Replaced OpenSSL with PolarSSL. Many thanks to Paul Bakker.
* AllowedCiphers and DHparameters options removed.
* Added IE7 to URL Toolkit's OldBrowser list, removed IE5.
* MaxUrlLength option added, can return 414 Request-URI Too Long.
* Changed default value of TriggerOnCGIstatus to 'no'.
* Equalized format of logfiles.
* Extra checks added to php-fcgi.
* Small improvements.
-- Hugo Leisink <[email protected]> Fri, 27 Jan 2012 12:06:10 +0100
hiawatha (7.8.2) stable; urgency=high
* Improved SQL injection detection.
* Bugfix: memory leak in PreventSQLi routine.
* Bugfix: potential server freeze with 100% CPU in CGI output caching.
-- Hugo Leisink <[email protected]> Fri, 18 Nov 2011 06:51:07 +0100
hiawatha (7.8.1) stable; urgency=low
* Small bugfixes and improvements.
* Bugfix: null byte in HTTP header of cached CGI content.
-- Hugo Leisink <[email protected]> Wed, 9 Nov 2011 17:21:52 +0100
hiawatha (7.8) stable; urgency=low
* Control CGI output cache via X-Hiawatha-Cache and X-Hiawatha-Cache-Remove
CGI headers. See the CGI OUTPUT CACHE section in the manual page.
* BanOnWrongPassword now also triggers on wrong username.
* Small improvements.
* Bugfix: timeout issue with large POST requests on SSL connections.
-- Hugo Leisink <[email protected]> Mon, 31 Oct 2011 21:27:18 +0100
hiawatha (7.7) stable; urgency=low
* First parameter of Alias can now contain subdirectories.
* Improved stability for connections with SSL client authentication.
* Bugfix: BanOnFlooding was broken.
-- Hugo Leisink <[email protected]> Tue, 4 Oct 2011 19:48:30 +0200
hiawatha (7.6) stable; urgency=low
* PreventSQLi option rewritten.
-- Hugo Leisink <[email protected]> Sun, 21 Aug 2011 08:06:21 +0200
hiawatha (7.5) stable; urgency=low
* OldBrowser option added to URL Toolkit.
* Improved mimetype configuration.
* Do-not-track HTTP header support.
* Password file entries can now be created with Wigwam.
* Small bugfixes and improvements.
* Bugfix: sent one byte too few for Range -XX.
* Bugfix: possible crash when using PreventSQLi.
-- Hugo Leisink <[email protected]> Sat, 28 May 2011 15:39:13 +0200
hiawatha (7.4.1) stable; urgency=high
* Bugfix: integer overflow in fetch_request() which could
lead to a server crash.
-- Hugo Leisink <[email protected]> Sat, 26 Feb 2011 10:32:24 +0100
hiawatha (7.4) stable; urgency=medium
* Connections per IP added to RequestLimitMask.
* NoExtensionAs made a per-host setting.
* Small bugfixes and improvements.
* Bugfix: usage of HideProxy caused Hiawatha to refuse new connections
after ConnectionsTotal connections.
* Bugfix: memory leak in XSLT module.
-- Hugo Leisink <[email protected]> Mon, 8 Nov 2010 20:58:54 +0100
hiawatha (7.3) stable; urgency=low
* RequestLimitMask option added.
* URL parameters for ErrorHandler.
* Support for Haiku OS.
* Small security bugfixes.
-- Hugo Leisink <[email protected]> Sun, 6 Jun 2010 23:18:37 +0200
hiawatha (7.2) stable; urgency=low
* URL Toolkit code restructured.
* UseSSL option added to URL Toolkit.
* Digest HTTP authentication works with htdigest(1) created password files.
* Small improvements.
-- Hugo Leisink <[email protected]> Wed, 21 Apr 2010 18:12:37 +0200
hiawatha (7.1) stable; urgency=low
* Small bugfixes.
* Bugfix: deny access and redirect result via URL Toolkit subroutine.
* Bugfix: broken flooding protection.
-- Hugo Leisink <[email protected]> Sun, 28 Mar 2010 10:39:12 +0200
hiawatha (7.0) stable; urgency=low
* Remote Monitoring support. MonitorServer, MonitorRequests and
MonitorStatsInterval options added.
* IPv6 support for Windows version, due to IPv6 support in Cygwin 1.7.
* XSLT support turned on by default.
* All directory listings are done via XSLT. The internal index layout has
been removed. IndexStyle option removed.
* ServerRoot option has been made available via configure parameter.
* Small improvements.
-- Hugo Leisink <[email protected]> Fri, 12 Feb 2010 14:13:09 +0100
hiawatha (6.19) stable; urgency=low
* Expire option added to URL Toolkit.
* HideProxy option added.
* UNIX socket support for connections to FastCGI daemons.
* ExploitLogfile option added.
* Small bugfixes.
-- Hugo Leisink <[email protected]> Sun, 6 Dec 2009 21:25:41 +0100
hiawatha (6.18) stable; urgency=low
* DenyBody and BanOnDeniedBody options added.
* PreventCMDi and BanOnCMDi options removed. DenyBody and URL Toolkit offer
better functionality.
* Ban option added to URL Toolkit.
* UseGZfile now first looks for .gz file instead of after requested file
does not exist.
* Changed duplicate hostnames in configuration from blocking error to
warning in Wigwam.
* Small bugfixes.
-- Hugo Leisink <[email protected]> Sun, 15 Nov 2009 20:19:57 +0100
hiawatha (6.17.1) stable; urgency=high
* Bugfix: possible crash due to bug in log.c.
-- Hugo Leisink <[email protected]> Sat, 5 Sep 2009 08:45:18 +0200
hiawatha (6.17) stable; urgency=low
* Directory index via XSLT.
* Small bugfixes and improvements.
* Bugfix: incorrect SCRIPT_NAME value with PathInfo.
-- Hugo Leisink <[email protected]> Sun, 30 Aug 2009 20:04:22 +0200
hiawatha (6.16) stable; urgency=medium
* Main configuration file httpd.conf renamed to hiawatha.conf.
* Improved error detecting and logging in php-fcgi.
* RunOnDownload option added.
* Small bugfixes and improvements.
* Bugfix: repeated PIDs in php-fcgi.pid with multiple servers.
* Bugfix: incorrect extended log format.
* Bugfix: crash on too long StartFile in .hiawatha file.
-- Hugo Leisink <[email protected]> Sun, 26 Jul 2009 18:13:37 +0200
hiawatha (6.15) stable; urgency=low
* Basic SSI support.
* TimeForCGI option per directory.
* SocketSendTimeout option added.
* Small improvements.
-- Hugo Leisink <[email protected]> Sun, 5 Jul 2009 17:20:53 +0200
hiawatha (6.14.1) stable; urgency=low
* Bugfix: Wigwam updated with UseFastCGI change.
-- Hugo Leisink <[email protected]> Sun, 7 Jun 2009 23:41:07 +0200
hiawatha (6.14) stable; urgency=medium
* Platform independent read-timeout handlers.
* RequiredCA option added.
* UseSSL option removed, ServerKey option renamed to SSLcertFile and made
available only in Binding section.
* FastCGI option renamed to UseFastCGI.
* Small bugfixes and improvements.
* Bugfix: fork-mutex issue when executing CGI.
-- Hugo Leisink <[email protected]> Wed, 3 Jun 2009 19:50:37 +0200
hiawatha (6.13) stable; urgency=low
* LSB style header added to init script.
* SSL initialization improved for cross compiling.
* Change in signal handling (HUP and USR2 signal).
* Small bugfixes and improvements.
* Bugfix: incorrect MD5 hashing on 64bit machines.
-- Hugo Leisink <[email protected]> Wed, 6 May 2009 21:33:49 +0200
hiawatha (6.12) stable; urgency=low
* Compile errors under the latest Ubuntu release fixed.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Sun, 29 Mar 2009 13:27:05 +0200
hiawatha (6.11) stable; urgency=low
* Duplicate hostname check included in Wigwam.
* All HTTP headers starting with X- are added to CGI environment and
set as XSLT parameter.
* Non-present HTTP/CGI variable set as empty XSLT parameter.
* Small bugfixes and improvements.
* Bugfix: URL Toolkit's FastCGI setting issues.
-- Hugo Leisink <[email protected]> Mon, 29 Dec 2008 08:57:42 +0100
hiawatha (6.10) stable; urgency=low
* Prevention of cross-site request forgery. PreventCSRF option added.
* A start and stop preference pane has been added to the MacOS X package.
* A new dedicated website for Hiawatha has been launched. Please, visit
http://www.hiawatha-webserver.org/. The welcome webpage inside the package
has been updated to match the new design.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Wed, 29 Oct 2008 21:48:21 +0100
hiawatha (6.9) stable; urgency=low
* NoExtensionAs option added.
* Tool added to the Windows package to start Hiawatha as a service under
Windows (see Installation.txt in Windows package for more information).
* Small bugfixes and improvements.
* Bugfix: URL encoding of links in directory listing.
-- Hugo Leisink <[email protected]> Wed, 24 Sep 2008 19:12:45 +0200
hiawatha (6.8) stable; urgency=low
* XSLT parameter support.
* 'URL rewriting' has been renamed to 'URL Toolkit' (because rewriting
is just one of the four options of this feature).
* FastCGI option added to URL Toolkit.
* WaitForCGI option added.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Tue, 22 Jul 2008 09:30:12 +0200
hiawatha (6.7) stable; urgency=low
* BanOnWrongPassword option added.
* Workaround to handle non-compliant CGI headers.
* Updated Debian package building files.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Wed, 28 May 2008 22:06:36 +0200
hiawatha (6.6) stable; urgency=medium
* XSLT support (compile with --enable-xslt).
* Bugfix: possible crash when using HTTPS (due to bug in OpenSSL).
-- Hugo Leisink <[email protected]> Mon, 28 Apr 2008 19:30:44 +0200
hiawatha (6.5) stable; urgency=medium
* Small bugfixes and improvements.
* Bugfix: integer overflow in str2int().
* Bugfix: compile error with --disable-ssl.
-- Hugo Leisink <[email protected]> Sat, 8 Mar 2008 08:12:41 +0100
hiawatha (6.4) stable; urgency=medium
* SSL memory leak fixed.
* Skip, Redirect and RequestURI options added to URL rewriting.
* Old format of ConnectTo is no longer valid.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Sun, 10 Feb 2008 08:54:01 +0100
hiawatha (6.3) stable; urgency=low
* Release of stdin, stdout and stderr on startup.
* Small improvements.
-- Hugo Leisink <[email protected]> Mon, 21 Jan 2008 20:51:18 +0100
hiawatha (6.2) stable; urgency=medium
* Moved TimeForCGI from 'server settings' to virtual host section.
* RunOnAlter option added.
* Improved error logging.
* URL rewriting disabled for PUT and DELETE requests.
* Path corrections in manpages via autoconf.
* Workaround: dot at end of filename in Windows version.
* Bugfix: digest HTTP authentication was broken when using GET data.
-- Hugo Leisink <[email protected]> Thu, 13 Dec 2007 08:21:10 +0100
hiawatha (6.1) stable; urgency=low
* Format of ConnectTo changed. Old format will be valid for a few
more releases.
* Changed some CGI environment variables after URL rewriting.
* Some URL rewrite checks included in Wigwam.
* TriggerOnCGIstatus option added.
* RequireResolveIP option removed.
* Bugfix: POST data larger then 64kB via FastCGI.
-- Hugo Leisink <[email protected]> Sun, 11 Nov 2007 09:45:08 +0100
hiawatha (6.0) stable; urgency=low
* IPv6 support.
* Delimiters in php-fcgi.conf en cgi-wrapper.conf changed to ';'.
* Format of AccessList, AlterList, BanlistMask, ConnectTo and
LogfileMask changed (colon changed to space because of IPv6).
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Fri, 26 Oct 2007 18:13:05 +0200
hiawatha (5.14) stable; urgency=low
* Improved logfile handling.
* More checks included in Wigwam.
* Small improvements.
* Bugfix: memory issue in Wigwam.
-- Hugo Leisink <[email protected]> Sat, 13 Oct 2007 12:11:37 +0200
hiawatha (5.13) stable; urgency=low
* DenyAccess option added to URL rewriting.
* Path 'aliases' (set C: = /cygdrive/c) and usage of forward slashes
no longer necessary in configuration file of the Windows version.
* SCRIPT_URL logged as URL in case of URL rewrite.
* Cookies no longer present in logfiles.
* Optimizations for compiling under Solaris. See the INSTALL file for
more information (Thanks to Richard Barrington).
* Some dependency fixes.
* CGI zombies under OpenBSD fixed.
* Pthread issue under OpenBSD fixed (Thanks to Kurt Miller).
* Small bugfixes and improvements.
* Bugfix: POST data larger then 64kB via FastCGI.
-- Hugo Leisink <[email protected]> Thu, 27 Sep 2007 17:34:14 +0200
hiawatha (5.12) stable; urgency=medium
* URL rewriting.
* Small bugfixes.
* Bugfix: possible crash (non-exploitable) on too large request.
-- Hugo Leisink <[email protected]> Sun, 26 Aug 2007 15:35:44 +0200
hiawatha (5.11) stable; urgency=low
* Made some changes to the ErrorHandler behaviour.
* Uploading (PUT) goes directly to disk, instead of buffering in memory.
* Option MaxUploadSize added.
* 201 Created.
* 411 Length Required.
* Small improvements.
* Bugfix: two bugs in the parsing of CGI HTTP headers.
* Bugfix: Hiawatha for Windows returned 403 for CGI because of Cygwin
file access rights.
* Bugfix: setenv in php-fcgi was not working.
* Bugfix: 404 for non-existing local file and remote FastCGI server
and non-gzip content-encoding.
-- Hugo Leisink <[email protected]> Tue, 7 Aug 2007 17:26:21 +0200
hiawatha (5.10) stable; urgency=low
* Improved CGI support for Windows version (Cygwin).
* Throttle configuration merged into httpd.conf.
* EnablePathInfo option added.
* Workaround for syntax-bug in php-fcgi.conf (comma in GIDs conflicts
with comma before PHP configuration file).
* Improved ErrorHandler.
* Small improvements.
* Bugfix: possible crash when using load-balanced FastCGI.
-- Hugo Leisink <[email protected]> Thu, 5 Jul 2007 22:08:20 +0200
hiawatha (5.9) stable; urgency=medium
* PUT and DELETE method implemented.
* 204 No Content.
* Options EnableAlter, AlterGroup, AlterList and AlterMode added.
* Options PasswordFile and RequiredGroup have been changed.
* Better handling of URL encoded characters.
* Improved SQL/command injection and XSS prevention.
* Autoconf improvements (Thanks to Sander Niemeijer, again).
* Small bugfixes and improvements.
* Bugfix: alias in directory index also appeared in subdirectories.
* Bugfix: ranges were ignored while reading from cache.
* Bugfix: digest HTTP authentication failed when a comma was present
in the URL.
* Bugfix: small memory leak when reading a .hiawatha file.
-- Hugo Leisink <[email protected]> Sat, 16 Jun 2007 16:03:14 +0200
hiawatha (5.8) stable; urgency=low
* Source-plugin has been removed. It's obsolete because of FastCGI.
* Entropy fix during SSL initialization if needed.
* UserDirectory option added.
* More error logging for Hiawatha and the CGI-wrapper.
* Added OpenSSL exception to the license file and libssl.c.
* Bugfixes and small improvements.
-- Hugo Leisink <[email protected]> Wed, 25 Apr 2007 15:19:40 +0200
hiawatha (5.7) stable; urgency=medium
* RequireResolveIP option added.
* KillTimedoutCGI option added.
* Aliases added to directory index.
* Extended Command Channel status output.
* Configurationfiles read in alfabetic order when including a directory.
* More error logging.
* (Fast)CGI code improvement.
* Small bugfixes and improvements.
* Bugfix: minor memory issue fixed in show_index().
* Bugfix: possible webserver crash due to bug in log_error().
-- Hugo Leisink <[email protected]> Sun, 4 Mar 2007 08:43:28 +0100
hiawatha (5.6) stable; urgency=low
* Chrooted FastCGI server support.
* Configuration reading routine rewritten. Angle bracket sections
are no longer available. Only curly bracket sections can be used.
* An error in a .hiawatha file results in a 500. An errormessage
will be written to the ErrorLogfile.
* Command Channel improved.
* AllowedCiphers option added.
* DHparameters option added.
* CGIwrapId option renamed to WrapCGI.
* FCGIserverId option renamed to FastCGIid.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Mon, 12 Feb 2007 21:16:19 +0100
hiawatha (5.5) stable; urgency=low
* Segmentation fault handler (just in case). Logs an alert to syslog.
* An 'include' configuration option can now handle a directory.
* CGI-wrapper logs errors to ErrorLogfile.
* Commandline options -k and -v added.
* LogFormat option added.
* UseGZfile option added.
* Alternative strcasecmp() en strncasecmp().
* 'cgi_wrapper' renamed to 'cgi-wrapper'.
* 'fcgi-server' replaced by 'php-fcgi'.
* 'newroot' installed via autotools.
* Complete code review and rewrites of 'old code'.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Sun, 21 Jan 2007 12:56:12 +0100
hiawatha (5.4) stable; urgency=low
* Alternative setenv() en unsetenv() (for HP-UX and Solaris).
* Commandline options -c, -d and -h added.
* Faster flooding-check.
* Proper exit-codes when an error occurs.
* Bugfix in default_config() which made it fail to run on OpenBSD.
* Small bugfixes and improvements.
-- Hugo Leisink <[email protected]> Fri, 29 Dec 2006 01:42:38 +0100
hiawatha (5.3) stable; urgency=low
* Handling of not-available FastCGI servers.
* Large file support.
* Cache speed improvement.
* Total-connections-counter adjusted in case of ReconnectDelay.
* StartFile option now available inside a Directory section.
* 'newroot' and 'fcgi-server' scripts added to the Debian package
and the FreeBSD Makefile.
* CacheMinFilesize option added.
* Alternative clearenv() en strcasestr().
* Small bugfixes in the cache module.
-- Hugo Leisink <[email protected]> Sun, 17 Dec 2006 11:52:26 +0100
hiawatha (5.2) stable; urgency=low
* Multiple, load-balanced FastCGI server support.
* Digest HTTP authentication.
* Improved error checking by Wigwam.
* Included FreeBSD port files.
-- Hugo Leisink <[email protected]> Sat, 25 Nov 2006 09:37:44 +0100
hiawatha (5.1) stable; urgency=low
* BindingId added to CGI environment (SERVER_BINDING).
* Improved error checking by Wigwam.
* Small improvements (source dependencies)
* Bugfix: BindingId instead of Binding_Id
-- Hugo Leisink <[email protected]> Wed, 8 Nov 2006 22:07:41 +0100
hiawatha (5.0) stable; urgency=low
* FastCGI support (Responder role only).
* Configurationfile checker (Wigwam).
* Internal file caching. CacheSize and CacheMaxFilesize options added
(Compile with --disable-cache to disable this feature).
* Start/stop and install script for FreeBSD (see freebsd/ in source package).
* PIDfile option added.
* Name in a binding section renamed to BindingId.
* Small bugfixes.
* Bugfix: directory index with no keep-alive for HTTP/1.0 proxies.
-- Hugo Leisink <[email protected]> Thu, 26 Oct 2006 18:31:57 +0100
hiawatha (4.3.2) stable; urgency=medium
* Bugfix: client/time information missing in unbanned-logmessage.
-- Hugo Leisink <[email protected]> Tue, 6 Jun 2006 21:10:55 +0200
hiawatha (4.3.1) stable; urgency=high
* Bugfix: HTTP authentication was broken.
-- Hugo Leisink <[email protected]> Mon, 15 May 2006 10:12:55 +0200
hiawatha (4.3) stable; urgency=low
* Speed improvement (real improvement for static content).
* Reason for 403 HTTP error added to access logfile (not for wrapped CGIs).
* X-Forwarded-For header field also used for AccessList.
* Code cleanup: Uniform variablename format.
* Small bugfixes.
* Bugfix: removed double Content-Type for HTTP error messages.
-- Hugo Leisink <[email protected]> Thu, 23 Feb 2006 19:57:14 +0100
hiawatha (4.2) stable; urgency=low
* Seperate keyfile for every SSL binding.
* ErrorLogfile option added.
* LogFile option renamed to AccessLogfile.
* Prevention of command injection. PreventCMDi and BanOnCMDi options added.
* Separate manualpage for the CGI-wrapper: cgi_wrapper(1).
-- Hugo Leisink <[email protected]> Thu, 23 Feb 2006 19:57:14 +0100
hiawatha (4.1) stable; urgency=low
* Chroot functionality for wrapped CGIs.
* New section boundaries (section{...}).
* Small bugfixes.
* Bugfix: fixed ImageReferer for HTTPS connections.
* Bugfix: directories with the beginning of its name equal to an Alias now
accessible again.
-- Hugo Leisink <[email protected]> Sun, 22 Jan 2006 16:31:24 +0100
hiawatha (4.0) stable; urgency=low
* BindHTTP and BindHTTPS options replaced by Binding sections.
* CGI-wrapper replaced the HostId options. See the CGI-WRAPPER section in
the manualpage for more information.
* TimeForRequest option improved.
* ServerId option improved.
* BanOnTimeout option added.
* ReconnectDelay option added.
* Improved FollowSymlink check: symlinks are always followed if they stay
inside the webroot.
* Number of bytes sent per request added to the requestlog.
* Configuration-reload removed. Gave to much trouble.
* Customizable stylesheet for directory listings. IndexStyle option added.
* New layout for the errormessages.
* Small bugfixes.
-- Hugo Leisink <[email protected]> Tue, 18 Dec 2005 21:04:37 +0100
hiawatha (3.7) stable; urgency=low
* SSLv2 has been removed from HTTPS. Only SSLv3 en TLSv1 are available.
* HomedirSource option added.
* Multiple presence of BindHTTP, BindHTTPS, AccessList, BanlistMask
and LogfileMask in configurationfile now allowed.
* get_hostrecord() rewritten: the wildcard in the Hostname now also matches
the domainname. Example: 'Hostname = www.domainname.com, *.domainname.com'
now also matches 'http://domainname.com/'.
* RequireBinding option renamed to RequiredBinding. RequireBinding has become