1hiawatha (10.12) stable; urgency=low 2 3 * mbed TLS updated to 2.26.0. 4 * New LE_ISSUERS setting for Let's Encrypt script. 5 * Bugfix: vfprintf issue for syslog in log.c. 6 7 -- Hugo Leisink <hugo@leisink.net> Thu, 25 Mar 2021 09:30:07 +0100 8 9hiawatha (10.11) stable; urgency=low 10 11 * Default value of MinTLSversion set to 1.2. 12 * mbed TLS updated to 2.23.0. 13 * Small bugfixes. 14 15 -- Hugo Leisink <hugo@leisink.net> Wed, 8 Jul 2020 14:31:50 +0200 16 17hiawatha (10.10) stable; urgency=low 18 19 * Removed several build options. Functionalities are now always enabled. 20 * mbed TLS updated to 2.16.3. 21 * Updated Let's Encrypt script due to changes in the API. 22 * Bugfix: AlterMode not working correctly. 23 24 -- Hugo Leisink <hugo@leisink.net> Thu, 19 Sep 2019 20:33:21 +0200 25 26hiawatha (10.9) stable; urgency=low 27 28 * Let's Encrypt script installed via CMake. 29 * mbed TLS updated to 2.16.0. 30 * Small improvements. 31 32 -- Hugo Leisink <hugo@leisink.net> Mon, 18 Feb 2019 19:15:46 +0100 33 34hiawatha (10.8.4) stable; urgency=high 35 36 * Bugfix: Directory traversal when AllowDotFiles is enabled. 37 38 -- Hugo Leisink <hugo@leisink.net> Tue, 12 Feb 2018 21:37:04 +0100 39 40hiawatha (10.8.3) stable; urgency=low 41 42 * Several fixes in build system. 43 * mbed TLS updated to 2.13.0. 44 * Added build system for nghttp2. 45 46 -- Hugo Leisink <hugo@leisink.net> Sun, 16 Sep 2018 10:50:23 +0200 47 48hiawatha (10.8.2) stable; urgency=low 49 50 * mbed TLS updated to 2.12.0. 51 * New style for directory index. 52 * uri_depth added to XML for directory index. 53 54 -- Hugo Leisink <hugo@leisink.net> Sat, 28 Jul 2018 09:51:07 +0200 55 56hiawatha (10.8.1) stable; urgency=low 57 58 * mbed TLS updated to 2.8.0. 59 * Removed support for secp192r1 and secp192k1 curves, to make it PCI DSS 60 compliant out of the box. 61 * Small improvements to Let's Encrypt ACMEv2 script. 62 63 -- Hugo Leisink <hugo@leisink.net> Tue, 10 Apr 2018 21:58:41 +0200 64 65hiawatha (10.8) stable; urgency=low 66 67 * New Let's Encrypt script that supports ACME v2. 68 * Added Syslog option. 69 * Added GZipExtensions option. 70 * AllowDotFiles now used to show hidden files in directory listings. 71 * mbed TLS updated to 2.7.0. 72 * Removed support for static RSA ciphers. 73 * Hiawatha log format changed. 74 * Small improvements. 75 * Bugfix: certain characters in filenames disrupted directory index output. 76 * Bugfix: requesting non-regular files now results in a 403 instead of 77 blocking that thread. 78 79 -- Hugo Leisink <hugo@leisink.net> Wed, 21 Mar 2018 19:57:44 +0100 80 81hiawatha (10.7) stable; urgency=low 82 83 * Connect to a reverse proxy via a Unix socket. 84 * Added BlockExtensions setting. 85 * mbed TLS updated to 2.6.0. 86 * Small improvements. 87 * Bugfix: error in handling renewal scripts in Let's Encrypt script. 88 89 -- Hugo Leisink <hugo@leisink.net> Mon, 16 Oct 2017 19:31:54 +0100 90 91hiawatha (10.6) stable; urgency=low 92 93 * Added PublicKeyPins option. 94 * Added renewal-scripts to Let's Encrypt script. 95 * mbed TLS updated to 2.4.2. 96 * Small changes to CMake build system. 97 * Small improvements. 98 * Bugfix: SCSV bug in mbed TLS. 99 100 -- Hugo Leisink <hugo@leisink.net> Sun, 16 Apr 2017 22:04:37 +0200 101 102hiawatha (10.5) stable; urgency=low 103 104 * mbed TLS updated to 2.4.0, using GPL version. 105 * Added CustomHeaderBackend option. 106 * Renamed CustomHeader option to CustomHeaderClient. Old name still works. 107 * Hiawatha ignores FileHashes and ReverseProxy for Let's Encrypt 108 authentication requests. 109 * Small bugfixes. 110 111 -- Hugo Leisink <hugo@leisink.net> Fri, 27 Jan 2017 12:06:10 +0100 112 113hiawatha (10.4) stable; urgency=low 114 115 * mbed TLS updated to 2.3.0. 116 * SkipCacheCookie option added. 117 * Added Systemd init script to Debian package. 118 * Small improvements and bugfixes. 119 120 -- Hugo Leisink <hugo@leisink.net> Wed, 5 Oct 2016 19:56:21 +0200 121 122hiawatha (10.3) stable; urgency=low 123 124 * PreventCSRF, PreventSQLi and PreventXSS improved. 125 * Prevention of MySQL data mining via SQL injection. Thanks to 126 Esmaeil Rahimian <rahimian@securehost.co>. 127 * Added revoke option to Let's Encrypt script. 128 * Hiawatha ignores RequireTLS for Let's Encrypt authentication requests. 129 * Small bugfixes and improvements. 130 * Bugfix: possible HTTP request pipelining error after CSRF prevented. 131 132 -- Hugo Leisink <hugo@leisink.net> Sun, 5 Jun 2016 08:21:38 +0200 133 134hiawatha (10.2) stable; urgency=low 135 136 * Added Let's Encrypt script (see extra/letsencrypt). 137 * Added support for requesting Let's Encrypt certificates (see AccessList 138 and PasswordFile settings in manual page). 139 * Small improvements. 140 * Bugfix: HideProxy not working for Forwarded header. 141 142 -- Hugo Leisink <hugo@leisink.net> Sun, 1 May 2016 20:21:41 +0200 143 144hiawatha (10.1) stable; urgency=low 145 146 * Added Extensions setting. 147 * Added support for X-Sendfile header. 148 * mbed TLS updated to 2.2.1. 149 * Improved SQL injection detection. 150 * Small bugfixes and improvements. 151 152 -- Hugo Leisink <hugo@leisink.net> Thu, 11 Feb 2016 08:39:12 +0100 153 154hiawatha (10.0) stable; urgency=low 155 156 * Usage of Directory sections changed. 157 * Added support for RFC 5785. 158 * Added support for GZip compression. Removed the UseGZfile option. 159 * Added ECDSA support for TLS 1.0 and TLS 1.1. 160 * Replaced UrlToolkit Expire option with ExpirePeriod in Directory section. 161 * Replaced IgnoreDotHiawatha option with UseLocalConfig. 162 * Removed the VolatileObject option. 163 * Improved SQL injection detection. 164 * mbed TLS updated to 2.2.0. 165 * Small improvements. 166 167 -- Hugo Leisink <hugo@leisink.net> Wed, 25 Nov 2015 19:13:39 +0100 168 169hiawatha (9.15) stable; urgency=low 170 171 * Support for WebSockets via reverse proxy. 172 * UNIX socket support for connections to WebSockets. 173 * Responsive design for directory index and error message. 174 * mbed TLS updated to 2.1.2. 175 * Fixed mbed TLS linking in CMake configuration. 176 * ListenBacklog option added. 177 * Small bugfixes. 178 179 -- Hugo Leisink <hugo@leisink.net> Wed, 14 Oct 2015 20:46:07 +0200 180 181hiawatha (9.14) stable; urgency=low 182 183 * mbed TLS updated to 2.0.0. 184 * Small bugfixes. 185 * Bugfix: crash when sending very large request to FastCGI server. 186 187 -- Hugo Leisink <hugo@leisink.net> Wed, 26 Jul 2015 11:23:50 +0200 188 189hiawatha (9.13) stable; urgency=low 190 191 * Renamed SSLcertFile to TLScertFile. 192 * Renamed RequireSSL to RequireTLS. 193 * Renamed SSL_* CGI environment variables to TLS_*. 194 * Renamed UrlToolkit option UseSSL to UseTLS. 195 * Replaced MinSSLversion by MinTLSversion. 196 * LogTimeouts option added. 197 * Added 'skip directories' parameter to reverse proxy. 198 * Failed logins sent to Hiawatha Monitor. 199 * Small bugfix and improvements. 200 201 -- Hugo Leisink <hugo@leisink.net> Sun, 10 May 2015 09:47:41 +0200 202 203hiawatha (9.12) stable; urgency=medium 204 205 * PolarSSL 1.3.9 upgraded to mbed TLS 1.3.10. 206 * MacOS X PreferencePane removed from MacOS X package. 207 * Bugfix: memory leak in SSL library. 208 * Small bugfix. 209 210 -- Hugo Leisink <hugo@leisink.net> Thu, 12 Feb 2015 22:39:50 +0100 211 212hiawatha (9.11) stable; urgency=low 213 214 * ChallengeClient option added. 215 * UrlToolkit options TotalConnections and OmitRequestLog added. 216 * Improvements to UrlToolkit and reverse proxy swap. 217 * UrlToolkit rules are also applied to PUT and DELETE. 218 * Small improvements. 219 220 -- Hugo Leisink <hugo@leisink.net> Sun, 18 Jan 2015 10:36:27 +0100 221 222hiawatha (9.10) stable; urgency=low 223 224 * Support for banning bad clients who connect via a proxy. 225 * UrlToolkit option Do added. Changed how Call and Skip should be called. 226 * General UrlToolkit improvements. See config/toolkit.conf for syntax. 227 * Hiawatha now prefers reverse proxies with a scheme matching the one of 228 the client connection. See config/toolkit.conf for syntax. 229 * Hiawatha will now first process UrlToolkit rules before using ReverseProxy. 230 * Small bugfixes and improvements. 231 232 -- Hugo Leisink <hugo@leisink.net> Sat, 3 Jan 2015 19:09:11 +0100 233 234hiawatha (9.9) stable; urgency=low 235 236 * HTTPAuthToCGI option added. 237 * BanByCGI option added. 238 * PolarSSL updated to version 1.3.9. 239 * Improved SSL ciphersuite selections. 240 * CAcertificates options added. 241 * Dropped support for SSL3.0. 242 * Small bugfixes and improvements. 243 244 -- Hugo Leisink <hugo@leisink.net> Sun, 7 Dec 2014 12:15:57 +0100 245 246hiawatha (9.8) stable; urgency=low 247 248 * Added support for websockets. WebSocket option added. 249 * Added Red Hat package building script (extra/make_redhat_package). 250 Thanks to Paul F. Bernal B. 251 * SSL key and certificate checks added to wigwam. 252 * Small bugfixes and improvements. 253 254 -- Hugo Leisink <hugo@leisink.net> Sat, 27 Sep 2014 14:13:21 +0200 255 256hiawatha (9.7) stable; urgency=low 257 258 * UseToolkit now possible in .hiawatha file at root of website. 259 * Method option added to URL Toolkit. 260 * SetResourceLimit option added. 261 * ThreadKillRate option added. 262 * Improved SQL injection detection. 263 * Default value for DHsize set to 2048. 264 * PolarSSL updated to version 1.3.8. 265 * Memory allocation debugger module added. 266 * Small bugfixes and improvements. 267 * Bugfix: incorrect file hash printing by wigwam with directory as symlink. 268 269 -- Hugo Leisink <hugo@leisink.net> Thu, 21 Aug 2014 22:20:49 +0200 270 271hiawatha (9.6) stable; urgency=medium 272 273 * Logfile rotation for access logfiles. 274 * HTTP Strict Transport Security header made optional for RequireSSL. 275 * Support for chunked transfer encoded requests (not for PUT). 276 * Support for improved server statistics in Hiawatha Monitor. 277 * The Hiawatha Monitor is now supported without the need for XSLT. 278 * PolarSSL updated to version 1.3.7. 279 * A few bugfixes as reported by Coverity. 280 * Small bugfixes. 281 * Bugfix: SQL injection detection was broken since 8.6. 282 * Bugfix: XSS detection didn't work for reverse proxy. 283 284 -- Hugo Leisink <hugo@leisink.net> Sat, 31 May 2014 20:07:55 +0200 285 286hiawatha (9.5) stable; urgency=low 287 288 * Added support for CGI statistics in Hiawatha Monitor. 289 * MonitorRequests and MonitorStatsInterval option removed. 290 * Added support for Origin HTTP header to prevent CSRF. 291 * EnforceFirstHostname option added. 292 * ScriptAlias option added. 293 * PolarSSL updated to version 1.3.6. 294 * Dropped support for PolarSSL 1.2. 295 296 -- Hugo Leisink <hugo@leisink.net> Wed, 23 Apr 2014 20:55:29 +0200 297 298hiawatha (9.4) stable; urgency=low 299 300 * Keep-Alive connections for reverse proxy made optional. 301 * ErrorXSLTfile option added. 302 * IgnoreDotHiawatha option added. 303 * RandomHeader option added. 304 * Dropped support for RC4. 305 * PolarSSL updated to version 1.3.4. 306 * Added support for Hyper Text Coffee Pot Control Protocol (RFC 2324). 307 * Added SSL_CIPHER to CGI environment. 308 * Added Public/Private to URL Toolkit expire option. 309 * Small improvements. 310 311 -- Hugo Leisink <hugo@leisink.net> Sat, 22 Mar 2014 10:53:03 +0100 312 313hiawatha (9.3.1) stable; urgency=low 314 315 * Several bugfixes in reverse proxy. 316 317 -- Hugo Leisink <hugo@leisink.net> Sat, 7 Dec 2013 19:54:49 +0100 318 319hiawatha (9.3) stable; urgency=low 320 321 * PolarSSL updated to version 1.3.2. 322 * Added support for Elliptic Curve Cryptography. 323 * TunnelSSH option added. 324 * AnonymizeIP option added. Thanks to Klemens Scholhorn. 325 * Keep-alive connections for reverse proxy. 326 * Small improvements. 327 328 -- Hugo Leisink <hugo@leisink.net> Tue, 5 Nov 2013 20:21:13 +0100 329 330hiawatha (9.2) stable; urgency=low 331 332 * Added support for compiling Hiawatha against the system's default 333 version (>=1.2.0) of the PolarSSL library. 334 * PolarSSL updated to version 1.2.8. 335 * Small bugfixes (memory leaks in error situations). 336 * Bugfix: virtual hostname selection for IPv6 with non-standard port. 337 338 -- Hugo Leisink <hugo@leisink.net> Sun, 23 Jun 2013 12:25:52 +0200 339 340hiawatha (9.1) stable; urgency=low 341 342 * FileHashes option added. 343 * PolarSSL updated to version 1.2.7. Enabled ciphersuite selection based 344 on protocol version. 345 * Enabled accf_http support for FreeBSD. Thanks to Martin Tournoij. 346 * Better handling of previous installed configuration files under MacOS X. 347 Thanks to Sander Niemeijer. 348 * ImageReferer option removed. 349 * Added SSL_VERSION to CGI environment. 350 * Bugfix: incorrect BanOnFlooding behavior. 351 * Small improvements. 352 353 -- Hugo Leisink <hugo@leisink.net> Mon, 15 Apr 2013 17:56:48 +0200 354 355hiawatha (9.0) stable; urgency=low 356 357 * Clients handled via thread pool instead of creating threads on the fly. 358 * ThreadPoolSize option added. 359 * Header option added to URL Toolkit. 360 * Improved client SSL certificate handling. Environment variables renamed. 361 * PolarSSL updated to version 1.2.6. 362 * Improved Reverse Proxy caching support for requests with URL parameters. 363 * CacheMinFilesize option removed. 364 * DenyBot option removed. Use URL Toolkit's Header option instead. 365 * OldBrowser option removed from URL Toolkit. Use Header option instead. 366 * Improved URL Toolkit rule testing in wigwam. 367 * Small bugfixes and improvements. 368 369 -- Hugo Leisink <hugo@leisink.net> Thu, 28 Mar 2013 11:46:52 +0100 370 371hiawatha (8.8.1) stable; urgency=medium 372 373 * Bugfix: Incorrect size of buffer for poll() can lead to a crash 374 when using Tomahawk. 375 376 -- Hugo Leisink <hugo@leisink.net> Tue, 5 Mar 2013 15:27:01 +0100 377 378hiawatha (8.8) stable; urgency=low 379 380 * Caching for Reverse Proxy. CacheRProxyExtensions option added. 381 * Basic HTTP authentication now supports the glibc2 version of crypt(). 382 * Hostname in ImageReferer can now contain a wildcard. 383 * DenyBody matching is now case insensitive. 384 * PolarSSL updated to version 1.2.5. 385 * Small improvements. 386 387 -- Hugo Leisink <hugo@leisink.net> Mon, 18 Feb 2013 22:05:46 +0100 388 389hiawatha (8.7) stable; urgency=low 390 391 * Added support for HTTP Strict Transport Security (RFC 6797). Integrated 392 in RequireSSL option. 393 * DHsize option added. 394 * PolarSSL updated to version 1.2.3. 395 * CloudFlare headers placed in environment variables. 396 * Removed php-fcgi. 397 * Small improvements. 398 * Bugfix: slow page loading via Reverse Proxy. 399 400 -- Hugo Leisink <hugo@leisink.net> Wed, 9 Jan 2013 20:18:23 +0100 401 402hiawatha (8.6) stable; urgency=low 403 404 * PolarSSL updated to version 1.2. Added support for TLS 1.2 and 405 secure renegotiation. 406 * Added support for Server Name Indication. 407 * MinSSLversion option added. 408 * ServerRoot option removed. 409 * Improved MacOS X package building script. 410 * Marked php-fcgi as deprecated. Use php-fpm instead. 411 * Small bugfixes and improvements. 412 413 -- Hugo Leisink <hugo@leisink.net> Wed, 31 Oct 2012 19:10:32 +0100 414 415hiawatha (8.5) stable; urgency=low 416 417 * Improved Reverse Proxy. 418 * Changed error message style. 419 * Renamed Command Channel to Tomahawk. 420 * Return 403 instead of 401 upon correct password for HTTP 421 authentication but user not in right group. 422 * Small improvements. 423 * Bugfix: replaced select() with poll() to prevent crashes in case of 424 large amount of simultaneous connections. Thanks to Peter Bex. 425 426 -- Hugo Leisink <hugo@leisink.net> Sun, 9 Sep 2012 11:39:12 +0200 427 428hiawatha (8.4) stable; urgency=low 429 430 * MaxServerLoad option added. 431 * PolarSSL updated to version 1.1.4. 432 * Small bugfixes and improvements. 433 * Bugfix: invalid reverse proxy request when URL parameters are present. 434 435 -- Hugo Leisink <hugo@leisink.net> Thu, 7 Jun 2012 20:07:46 +0200 436 437hiawatha (8.3.2) stable; urgency=high 438 439 * Bugfix: memory leak in SSL library. 440 441 -- Hugo Leisink <hugo@leisink.net> Tue, 29 May 2012 18:02:59 +0200 442 443hiawatha (8.3.1) stable; urgency=low 444 445 * Improved security for reverse proxy (works with PreventSQLi, etc). 446 447 -- Hugo Leisink <hugo@leisink.net> Mon, 28 May 2012 21:50:31 +0200 448 449hiawatha (8.3) stable; urgency=low 450 451 * ReverseProxy option added. 452 * PolarSSL updated to version 1.1.3. 453 454 -- Hugo Leisink <hugo@leisink.net> Wed, 23 May 2012 18:11:56 +0200 455 456hiawatha (8.2) stable; urgency=low 457 458 * WebDAVapp option added. Enables support for WebDAV applications 459 like ownCloud (http://owncloud.org/). 460 * Removed support for the OPTIONS method. 461 * AllowDotFiles option added. 462 * Global forks setting in php-fcgi.conf moved to Server setting. 463 * Small bugfixes and improvements. 464 465 -- Hugo Leisink <hugo@leisink.net> Tue, 1 May 2012 17:48:27 +0200 466 467hiawatha (8.1) stable; urgency=low 468 469 * BanOnInvalidURL option added. 470 * PolarSSL updated to version 1.1.1. 471 * Small improvements in Windows packaging script. 472 * Bugfix: paths missing in default values and examples in manual pages. 473 474 -- Hugo Leisink <hugo@leisink.net> Sat, 25 Feb 2012 19:02:41 +0100 475 476hiawatha (8.0) stable; urgency=low 477 478 * Replaced Autoconf with CMake. Many thanks to Sander Niemeijer. 479 * Replaced OpenSSL with PolarSSL. Many thanks to Paul Bakker. 480 * AllowedCiphers and DHparameters options removed. 481 * Added IE7 to URL Toolkit's OldBrowser list, removed IE5. 482 * MaxUrlLength option added, can return 414 Request-URI Too Long. 483 * Changed default value of TriggerOnCGIstatus to 'no'. 484 * Equalized format of logfiles. 485 * Extra checks added to php-fcgi. 486 * Small improvements. 487 488 -- Hugo Leisink <hugo@leisink.net> Fri, 27 Jan 2012 12:06:10 +0100 489 490hiawatha (7.8.2) stable; urgency=high 491 492 * Improved SQL injection detection. 493 * Bugfix: memory leak in PreventSQLi routine. 494 * Bugfix: potential server freeze with 100% CPU in CGI output caching. 495 496 -- Hugo Leisink <hugo@leisink.net> Fri, 18 Nov 2011 06:51:07 +0100 497 498hiawatha (7.8.1) stable; urgency=low 499 500 * Small bugfixes and improvements. 501 * Bugfix: null byte in HTTP header of cached CGI content. 502 503 -- Hugo Leisink <hugo@leisink.net> Wed, 9 Nov 2011 17:21:52 +0100 504 505hiawatha (7.8) stable; urgency=low 506 507 * Control CGI output cache via X-Hiawatha-Cache and X-Hiawatha-Cache-Remove 508 CGI headers. See the CGI OUTPUT CACHE section in the manual page. 509 * BanOnWrongPassword now also triggers on wrong username. 510 * Small improvements. 511 * Bugfix: timeout issue with large POST requests on SSL connections. 512 513 -- Hugo Leisink <hugo@leisink.net> Mon, 31 Oct 2011 21:27:18 +0100 514 515hiawatha (7.7) stable; urgency=low 516 517 * First parameter of Alias can now contain subdirectories. 518 * Improved stability for connections with SSL client authentication. 519 * Bugfix: BanOnFlooding was broken. 520 521 -- Hugo Leisink <hugo@leisink.net> Tue, 4 Oct 2011 19:48:30 +0200 522 523hiawatha (7.6) stable; urgency=low 524 525 * PreventSQLi option rewritten. 526 527 -- Hugo Leisink <hugo@leisink.net> Sun, 21 Aug 2011 08:06:21 +0200 528 529hiawatha (7.5) stable; urgency=low 530 531 * OldBrowser option added to URL Toolkit. 532 * Improved mimetype configuration. 533 * Do-not-track HTTP header support. 534 * Password file entries can now be created with Wigwam. 535 * Small bugfixes and improvements. 536 * Bugfix: sent one byte too few for Range -XX. 537 * Bugfix: possible crash when using PreventSQLi. 538 539 -- Hugo Leisink <hugo@leisink.net> Sat, 28 May 2011 15:39:13 +0200 540 541hiawatha (7.4.1) stable; urgency=high 542 543 * Bugfix: integer overflow in fetch_request() which could 544 lead to a server crash. 545 546 -- Hugo Leisink <hugo@leisink.net> Sat, 26 Feb 2011 10:32:24 +0100 547 548hiawatha (7.4) stable; urgency=medium 549 550 * Connections per IP added to RequestLimitMask. 551 * NoExtensionAs made a per-host setting. 552 * Small bugfixes and improvements. 553 * Bugfix: usage of HideProxy caused Hiawatha to refuse new connections 554 after ConnectionsTotal connections. 555 * Bugfix: memory leak in XSLT module. 556 557 -- Hugo Leisink <hugo@leisink.net> Mon, 8 Nov 2010 20:58:54 +0100 558 559hiawatha (7.3) stable; urgency=low 560 561 * RequestLimitMask option added. 562 * URL parameters for ErrorHandler. 563 * Support for Haiku OS. 564 * Small security bugfixes. 565 566 -- Hugo Leisink <hugo@leisink.net> Sun, 6 Jun 2010 23:18:37 +0200 567 568hiawatha (7.2) stable; urgency=low 569 570 * URL Toolkit code restructured. 571 * UseSSL option added to URL Toolkit. 572 * Digest HTTP authentication works with htdigest(1) created password files. 573 * Small improvements. 574 575 -- Hugo Leisink <hugo@leisink.net> Wed, 21 Apr 2010 18:12:37 +0200 576 577hiawatha (7.1) stable; urgency=low 578 579 * Small bugfixes. 580 * Bugfix: deny access and redirect result via URL Toolkit subroutine. 581 * Bugfix: broken flooding protection. 582 583 -- Hugo Leisink <hugo@leisink.net> Sun, 28 Mar 2010 10:39:12 +0200 584 585hiawatha (7.0) stable; urgency=low 586 587 * Remote Monitoring support. MonitorServer, MonitorRequests and 588 MonitorStatsInterval options added. 589 * IPv6 support for Windows version, due to IPv6 support in Cygwin 1.7. 590 * XSLT support turned on by default. 591 * All directory listings are done via XSLT. The internal index layout has 592 been removed. IndexStyle option removed. 593 * ServerRoot option has been made available via configure parameter. 594 * Small improvements. 595 596 -- Hugo Leisink <hugo@leisink.net> Fri, 12 Feb 2010 14:13:09 +0100 597 598hiawatha (6.19) stable; urgency=low 599 600 * Expire option added to URL Toolkit. 601 * HideProxy option added. 602 * UNIX socket support for connections to FastCGI daemons. 603 * ExploitLogfile option added. 604 * Small bugfixes. 605 606 -- Hugo Leisink <hugo@leisink.net> Sun, 6 Dec 2009 21:25:41 +0100 607 608hiawatha (6.18) stable; urgency=low 609 610 * DenyBody and BanOnDeniedBody options added. 611 * PreventCMDi and BanOnCMDi options removed. DenyBody and URL Toolkit offer 612 better functionality. 613 * Ban option added to URL Toolkit. 614 * UseGZfile now first looks for .gz file instead of after requested file 615 does not exist. 616 * Changed duplicate hostnames in configuration from blocking error to 617 warning in Wigwam. 618 * Small bugfixes. 619 620 -- Hugo Leisink <hugo@leisink.net> Sun, 15 Nov 2009 20:19:57 +0100 621 622hiawatha (6.17.1) stable; urgency=high 623 624 * Bugfix: possible crash due to bug in log.c. 625 626 -- Hugo Leisink <hugo@leisink.net> Sat, 5 Sep 2009 08:45:18 +0200 627 628hiawatha (6.17) stable; urgency=low 629 630 * Directory index via XSLT. 631 * Small bugfixes and improvements. 632 * Bugfix: incorrect SCRIPT_NAME value with PathInfo. 633 634 -- Hugo Leisink <hugo@leisink.net> Sun, 30 Aug 2009 20:04:22 +0200 635 636hiawatha (6.16) stable; urgency=medium 637 638 * Main configuration file httpd.conf renamed to hiawatha.conf. 639 * Improved error detecting and logging in php-fcgi. 640 * RunOnDownload option added. 641 * Small bugfixes and improvements. 642 * Bugfix: repeated PIDs in php-fcgi.pid with multiple servers. 643 * Bugfix: incorrect extended log format. 644 * Bugfix: crash on too long StartFile in .hiawatha file. 645 646 -- Hugo Leisink <hugo@leisink.net> Sun, 26 Jul 2009 18:13:37 +0200 647 648hiawatha (6.15) stable; urgency=low 649 650 * Basic SSI support. 651 * TimeForCGI option per directory. 652 * SocketSendTimeout option added. 653 * Small improvements. 654 655 -- Hugo Leisink <hugo@leisink.net> Sun, 5 Jul 2009 17:20:53 +0200 656 657hiawatha (6.14.1) stable; urgency=low 658 659 * Bugfix: Wigwam updated with UseFastCGI change. 660 661 -- Hugo Leisink <hugo@leisink.net> Sun, 7 Jun 2009 23:41:07 +0200 662 663hiawatha (6.14) stable; urgency=medium 664 665 * Platform independent read-timeout handlers. 666 * RequiredCA option added. 667 * UseSSL option removed, ServerKey option renamed to SSLcertFile and made 668 available only in Binding section. 669 * FastCGI option renamed to UseFastCGI. 670 * Small bugfixes and improvements. 671 * Bugfix: fork-mutex issue when executing CGI. 672 673 -- Hugo Leisink <hugo@leisink.net> Wed, 3 Jun 2009 19:50:37 +0200 674 675hiawatha (6.13) stable; urgency=low 676 677 * LSB style header added to init script. 678 * SSL initialization improved for cross compiling. 679 * Change in signal handling (HUP and USR2 signal). 680 * Small bugfixes and improvements. 681 * Bugfix: incorrect MD5 hashing on 64bit machines. 682 683 -- Hugo Leisink <hugo@leisink.net> Wed, 6 May 2009 21:33:49 +0200 684 685hiawatha (6.12) stable; urgency=low 686 687 * Compile errors under the latest Ubuntu release fixed. 688 * Small bugfixes and improvements. 689 690 -- Hugo Leisink <hugo@leisink.net> Sun, 29 Mar 2009 13:27:05 +0200 691 692hiawatha (6.11) stable; urgency=low 693 694 * Duplicate hostname check included in Wigwam. 695 * All HTTP headers starting with X- are added to CGI environment and 696 set as XSLT parameter. 697 * Non-present HTTP/CGI variable set as empty XSLT parameter. 698 * Small bugfixes and improvements. 699 * Bugfix: URL Toolkit's FastCGI setting issues. 700 701 -- Hugo Leisink <hugo@leisink.net> Mon, 29 Dec 2008 08:57:42 +0100 702 703hiawatha (6.10) stable; urgency=low 704 705 * Prevention of cross-site request forgery. PreventCSRF option added. 706 * A start and stop preference pane has been added to the MacOS X package. 707 * A new dedicated website for Hiawatha has been launched. Please, visit 708 http://www.hiawatha-webserver.org/. The welcome webpage inside the package 709 has been updated to match the new design. 710 * Small bugfixes and improvements. 711 712 -- Hugo Leisink <hugo@leisink.net> Wed, 29 Oct 2008 21:48:21 +0100 713 714hiawatha (6.9) stable; urgency=low 715 716 * NoExtensionAs option added. 717 * Tool added to the Windows package to start Hiawatha as a service under 718 Windows (see Installation.txt in Windows package for more information). 719 * Small bugfixes and improvements. 720 * Bugfix: URL encoding of links in directory listing. 721 722 -- Hugo Leisink <hugo@leisink.net> Wed, 24 Sep 2008 19:12:45 +0200 723 724hiawatha (6.8) stable; urgency=low 725 726 * XSLT parameter support. 727 * 'URL rewriting' has been renamed to 'URL Toolkit' (because rewriting 728 is just one of the four options of this feature). 729 * FastCGI option added to URL Toolkit. 730 * WaitForCGI option added. 731 * Small bugfixes and improvements. 732 733 -- Hugo Leisink <hugo@leisink.net> Tue, 22 Jul 2008 09:30:12 +0200 734 735hiawatha (6.7) stable; urgency=low 736 737 * BanOnWrongPassword option added. 738 * Workaround to handle non-compliant CGI headers. 739 * Updated Debian package building files. 740 * Small bugfixes and improvements. 741 742 -- Hugo Leisink <hugo@leisink.net> Wed, 28 May 2008 22:06:36 +0200 743 744hiawatha (6.6) stable; urgency=medium 745 746 * XSLT support (compile with --enable-xslt). 747 * Bugfix: possible crash when using HTTPS (due to bug in OpenSSL). 748 749 -- Hugo Leisink <hugo@leisink.net> Mon, 28 Apr 2008 19:30:44 +0200 750 751hiawatha (6.5) stable; urgency=medium 752 753 * Small bugfixes and improvements. 754 * Bugfix: integer overflow in str2int(). 755 * Bugfix: compile error with --disable-ssl. 756 757 -- Hugo Leisink <hugo@leisink.net> Sat, 8 Mar 2008 08:12:41 +0100 758 759hiawatha (6.4) stable; urgency=medium 760 761 * SSL memory leak fixed. 762 * Skip, Redirect and RequestURI options added to URL rewriting. 763 * Old format of ConnectTo is no longer valid. 764 * Small bugfixes and improvements. 765 766 -- Hugo Leisink <hugo@leisink.net> Sun, 10 Feb 2008 08:54:01 +0100 767 768hiawatha (6.3) stable; urgency=low 769 770 * Release of stdin, stdout and stderr on startup. 771 * Small improvements. 772 773 -- Hugo Leisink <hugo@leisink.net> Mon, 21 Jan 2008 20:51:18 +0100 774 775hiawatha (6.2) stable; urgency=medium 776 777 * Moved TimeForCGI from 'server settings' to virtual host section. 778 * RunOnAlter option added. 779 * Improved error logging. 780 * URL rewriting disabled for PUT and DELETE requests. 781 * Path corrections in manpages via autoconf. 782 * Workaround: dot at end of filename in Windows version. 783 * Bugfix: digest HTTP authentication was broken when using GET data. 784 785 -- Hugo Leisink <hugo@leisink.net> Thu, 13 Dec 2007 08:21:10 +0100 786 787hiawatha (6.1) stable; urgency=low 788 789 * Format of ConnectTo changed. Old format will be valid for a few 790 more releases. 791 * Changed some CGI environment variables after URL rewriting. 792 * Some URL rewrite checks included in Wigwam. 793 * TriggerOnCGIstatus option added. 794 * RequireResolveIP option removed. 795 * Bugfix: POST data larger then 64kB via FastCGI. 796 797 -- Hugo Leisink <hugo@leisink.net> Sun, 11 Nov 2007 09:45:08 +0100 798 799hiawatha (6.0) stable; urgency=low 800 801 * IPv6 support. 802 * Delimiters in php-fcgi.conf en cgi-wrapper.conf changed to ';'. 803 * Format of AccessList, AlterList, BanlistMask, ConnectTo and 804 LogfileMask changed (colon changed to space because of IPv6). 805 * Small bugfixes and improvements. 806 807 -- Hugo Leisink <hugo@leisink.net> Fri, 26 Oct 2007 18:13:05 +0200 808 809hiawatha (5.14) stable; urgency=low 810 811 * Improved logfile handling. 812 * More checks included in Wigwam. 813 * Small improvements. 814 * Bugfix: memory issue in Wigwam. 815 816 -- Hugo Leisink <hugo@leisink.net> Sat, 13 Oct 2007 12:11:37 +0200 817 818hiawatha (5.13) stable; urgency=low 819 820 * DenyAccess option added to URL rewriting. 821 * Path 'aliases' (set C: = /cygdrive/c) and usage of forward slashes 822 no longer necessary in configuration file of the Windows version. 823 * SCRIPT_URL logged as URL in case of URL rewrite. 824 * Cookies no longer present in logfiles. 825 * Optimizations for compiling under Solaris. See the INSTALL file for 826 more information (Thanks to Richard Barrington). 827 * Some dependency fixes. 828 * CGI zombies under OpenBSD fixed. 829 * Pthread issue under OpenBSD fixed (Thanks to Kurt Miller). 830 * Small bugfixes and improvements. 831 * Bugfix: POST data larger then 64kB via FastCGI. 832 833 -- Hugo Leisink <hugo@leisink.net> Thu, 27 Sep 2007 17:34:14 +0200 834 835hiawatha (5.12) stable; urgency=medium 836 837 * URL rewriting. 838 * Small bugfixes. 839 * Bugfix: possible crash (non-exploitable) on too large request. 840 841 -- Hugo Leisink <hugo@leisink.net> Sun, 26 Aug 2007 15:35:44 +0200 842 843hiawatha (5.11) stable; urgency=low 844 845 * Made some changes to the ErrorHandler behaviour. 846 * Uploading (PUT) goes directly to disk, instead of buffering in memory. 847 * Option MaxUploadSize added. 848 * 201 Created. 849 * 411 Length Required. 850 * Small improvements. 851 * Bugfix: two bugs in the parsing of CGI HTTP headers. 852 * Bugfix: Hiawatha for Windows returned 403 for CGI because of Cygwin 853 file access rights. 854 * Bugfix: setenv in php-fcgi was not working. 855 * Bugfix: 404 for non-existing local file and remote FastCGI server 856 and non-gzip content-encoding. 857 858 -- Hugo Leisink <hugo@leisink.net> Tue, 7 Aug 2007 17:26:21 +0200 859 860hiawatha (5.10) stable; urgency=low 861 862 * Improved CGI support for Windows version (Cygwin). 863 * Throttle configuration merged into httpd.conf. 864 * EnablePathInfo option added. 865 * Workaround for syntax-bug in php-fcgi.conf (comma in GIDs conflicts 866 with comma before PHP configuration file). 867 * Improved ErrorHandler. 868 * Small improvements. 869 * Bugfix: possible crash when using load-balanced FastCGI. 870 871 -- Hugo Leisink <hugo@leisink.net> Thu, 5 Jul 2007 22:08:20 +0200 872 873hiawatha (5.9) stable; urgency=medium 874 875 * PUT and DELETE method implemented. 876 * 204 No Content. 877 * Options EnableAlter, AlterGroup, AlterList and AlterMode added. 878 * Options PasswordFile and RequiredGroup have been changed. 879 * Better handling of URL encoded characters. 880 * Improved SQL/command injection and XSS prevention. 881 * Autoconf improvements (Thanks to Sander Niemeijer, again). 882 * Small bugfixes and improvements. 883 * Bugfix: alias in directory index also appeared in subdirectories. 884 * Bugfix: ranges were ignored while reading from cache. 885 * Bugfix: digest HTTP authentication failed when a comma was present 886 in the URL. 887 * Bugfix: small memory leak when reading a .hiawatha file. 888 889 -- Hugo Leisink <hugo@leisink.net> Sat, 16 Jun 2007 16:03:14 +0200 890 891hiawatha (5.8) stable; urgency=low 892 893 * Source-plugin has been removed. It's obsolete because of FastCGI. 894 * Entropy fix during SSL initialization if needed. 895 * UserDirectory option added. 896 * More error logging for Hiawatha and the CGI-wrapper. 897 * Added OpenSSL exception to the license file and libssl.c. 898 * Bugfixes and small improvements. 899 900 -- Hugo Leisink <hugo@leisink.net> Wed, 25 Apr 2007 15:19:40 +0200 901 902hiawatha (5.7) stable; urgency=medium 903 904 * RequireResolveIP option added. 905 * KillTimedoutCGI option added. 906 * Aliases added to directory index. 907 * Extended Command Channel status output. 908 * Configurationfiles read in alfabetic order when including a directory. 909 * More error logging. 910 * (Fast)CGI code improvement. 911 * Small bugfixes and improvements. 912 * Bugfix: minor memory issue fixed in show_index(). 913 * Bugfix: possible webserver crash due to bug in log_error(). 914 915 -- Hugo Leisink <hugo@leisink.net> Sun, 4 Mar 2007 08:43:28 +0100 916 917hiawatha (5.6) stable; urgency=low 918 919 * Chrooted FastCGI server support. 920 * Configuration reading routine rewritten. Angle bracket sections 921 are no longer available. Only curly bracket sections can be used. 922 * An error in a .hiawatha file results in a 500. An errormessage 923 will be written to the ErrorLogfile. 924 * Command Channel improved. 925 * AllowedCiphers option added. 926 * DHparameters option added. 927 * CGIwrapId option renamed to WrapCGI. 928 * FCGIserverId option renamed to FastCGIid. 929 * Small bugfixes and improvements. 930 931 -- Hugo Leisink <hugo@leisink.net> Mon, 12 Feb 2007 21:16:19 +0100 932 933hiawatha (5.5) stable; urgency=low 934 935 * Segmentation fault handler (just in case). Logs an alert to syslog. 936 * An 'include' configuration option can now handle a directory. 937 * CGI-wrapper logs errors to ErrorLogfile. 938 * Commandline options -k and -v added. 939 * LogFormat option added. 940 * UseGZfile option added. 941 * Alternative strcasecmp() en strncasecmp(). 942 * 'cgi_wrapper' renamed to 'cgi-wrapper'. 943 * 'fcgi-server' replaced by 'php-fcgi'. 944 * 'newroot' installed via autotools. 945 * Complete code review and rewrites of 'old code'. 946 * Small bugfixes and improvements. 947 948 -- Hugo Leisink <hugo@leisink.net> Sun, 21 Jan 2007 12:56:12 +0100 949 950hiawatha (5.4) stable; urgency=low 951 952 * Alternative setenv() en unsetenv() (for HP-UX and Solaris). 953 * Commandline options -c, -d and -h added. 954 * Faster flooding-check. 955 * Proper exit-codes when an error occurs. 956 * Bugfix in default_config() which made it fail to run on OpenBSD. 957 * Small bugfixes and improvements. 958 959 -- Hugo Leisink <hugo@leisink.net> Fri, 29 Dec 2006 01:42:38 +0100 960 961hiawatha (5.3) stable; urgency=low 962 963 * Handling of not-available FastCGI servers. 964 * Large file support. 965 * Cache speed improvement. 966 * Total-connections-counter adjusted in case of ReconnectDelay. 967 * StartFile option now available inside a Directory section. 968 * 'newroot' and 'fcgi-server' scripts added to the Debian package 969 and the FreeBSD Makefile. 970 * CacheMinFilesize option added. 971 * Alternative clearenv() en strcasestr(). 972 * Small bugfixes in the cache module. 973 974 -- Hugo Leisink <hugo@leisink.net> Sun, 17 Dec 2006 11:52:26 +0100 975 976hiawatha (5.2) stable; urgency=low 977 978 * Multiple, load-balanced FastCGI server support. 979 * Digest HTTP authentication. 980 * Improved error checking by Wigwam. 981 * Included FreeBSD port files. 982 983 -- Hugo Leisink <hugo@leisink.net> Sat, 25 Nov 2006 09:37:44 +0100 984 985hiawatha (5.1) stable; urgency=low 986 987 * BindingId added to CGI environment (SERVER_BINDING). 988 * Improved error checking by Wigwam. 989 * Small improvements (source dependencies) 990 * Bugfix: BindingId instead of Binding_Id 991 992 -- Hugo Leisink <hugo@leisink.net> Wed, 8 Nov 2006 22:07:41 +0100 993 994hiawatha (5.0) stable; urgency=low 995 996 * FastCGI support (Responder role only). 997 * Configurationfile checker (Wigwam). 998 * Internal file caching. CacheSize and CacheMaxFilesize options added 999 (Compile with --disable-cache to disable this feature). 1000 * Start/stop and install script for FreeBSD (see freebsd/ in source package). 1001 * PIDfile option added. 1002 * Name in a binding section renamed to BindingId. 1003 * Small bugfixes. 1004 * Bugfix: directory index with no keep-alive for HTTP/1.0 proxies. 1005 1006 -- Hugo Leisink <hugo@leisink.net> Thu, 26 Oct 2006 18:31:57 +0100 1007 1008hiawatha (4.3.2) stable; urgency=medium 1009 1010 * Bugfix: client/time information missing in unbanned-logmessage. 1011 1012 -- Hugo Leisink <hugo@leisink.net> Tue, 6 Jun 2006 21:10:55 +0200 1013 1014hiawatha (4.3.1) stable; urgency=high 1015 1016 * Bugfix: HTTP authentication was broken. 1017 1018 -- Hugo Leisink <hugo@leisink.net> Mon, 15 May 2006 10:12:55 +0200 1019 1020hiawatha (4.3) stable; urgency=low 1021 1022 * Speed improvement (real improvement for static content). 1023 * Reason for 403 HTTP error added to access logfile (not for wrapped CGIs). 1024 * X-Forwarded-For header field also used for AccessList. 1025 * Code cleanup: Uniform variablename format. 1026 * Small bugfixes. 1027 * Bugfix: removed double Content-Type for HTTP error messages. 1028 1029 -- Hugo Leisink <hugo@leisink.net> Thu, 23 Feb 2006 19:57:14 +0100 1030 1031hiawatha (4.2) stable; urgency=low 1032 1033 * Seperate keyfile for every SSL binding. 1034 * ErrorLogfile option added. 1035 * LogFile option renamed to AccessLogfile. 1036 * Prevention of command injection. PreventCMDi and BanOnCMDi options added. 1037 * Separate manualpage for the CGI-wrapper: cgi_wrapper(1). 1038 1039 -- Hugo Leisink <hugo@leisink.net> Thu, 23 Feb 2006 19:57:14 +0100 1040 1041hiawatha (4.1) stable; urgency=low 1042 1043 * Chroot functionality for wrapped CGIs. 1044 * New section boundaries (section{...}). 1045 * Small bugfixes. 1046 * Bugfix: fixed ImageReferer for HTTPS connections. 1047 * Bugfix: directories with the beginning of its name equal to an Alias now 1048 accessible again. 1049 1050 -- Hugo Leisink <hugo@leisink.net> Sun, 22 Jan 2006 16:31:24 +0100 1051 1052hiawatha (4.0) stable; urgency=low 1053 1054 * BindHTTP and BindHTTPS options replaced by Binding sections. 1055 * CGI-wrapper replaced the HostId options. See the CGI-WRAPPER section in 1056 the manualpage for more information. 1057 * TimeForRequest option improved. 1058 * ServerId option improved. 1059 * BanOnTimeout option added. 1060 * ReconnectDelay option added. 1061 * Improved FollowSymlink check: symlinks are always followed if they stay 1062 inside the webroot. 1063 * Number of bytes sent per request added to the requestlog. 1064 * Configuration-reload removed. Gave to much trouble. 1065 * Customizable stylesheet for directory listings. IndexStyle option added. 1066 * New layout for the errormessages. 1067 * Small bugfixes. 1068 1069 -- Hugo Leisink <hugo@leisink.net> Tue, 18 Dec 2005 21:04:37 +0100 1070 1071hiawatha (3.7) stable; urgency=low 1072 1073 * SSLv2 has been removed from HTTPS. Only SSLv3 en TLSv1 are available. 1074 * HomedirSource option added. 1075 * Multiple presence of BindHTTP, BindHTTPS, AccessList, BanlistMask 1076 and LogfileMask in configurationfile now allowed. 1077 * get_hostrecord() rewritten: the wildcard in the Hostname now also matches 1078 the domainname. Example: 'Hostname = www.domainname.com, *.domainname.com' 1079 now also matches 'http://domainname.com/'. 1080 * RequireBinding option renamed to RequiredBinding. RequireBinding has become 1081 a temporary alias. 1082 * TRACE method implemented. EnableTRACE option added. 1083 * Small bugfixes and improvements. 1084 1085 -- Hugo Leisink <hugo@leisink.net> Tue, 12 Nov 2005 22:36:06 +0100 1086 1087hiawatha (3.6.1) stable; urgency=medium 1088 1089 * HTTP_GENERATED_ERROR environment variable added for ErrorHandler. 1090 * ErrorHandler from a Virtual Host ignored when handling a userwebsite. 1091 * Bugfix: gzip Content-Encoding was broken. 1092 * Bugfix: logfile got flooded with warnings in case of a configuration reload 1093 and an error in the configurationfile. 1094 1095 -- Hugo Leisink <hugo@leisink.net> Tue, 23 Aug 2005 08:45:43 +0200 1096 1097hiawatha (3.6) stable; urgency=medium 1098 1099 * Prevention of SQL injection. PreventSQLi and BanOnSQLi options added. 1100 * Prevention of cross-site scripting. PreventXSS option added. 1101 * Alias option added. 1102 * FollowSymlinks option added. 1103 * Use of variables in configurationfile via 'set'. 1104 * Path option changed, PathMatch option removed. 1105 * Removal of dangerous characters (ASCII-values 0..31) from the URL. 1106 * Manualpage updated. 1107 * Improved Debian package. 1108 * Small bugfixes and improvements. 1109 * Bugfix: filethrottling and UploadSpeed were broken. 1110 1111 -- Hugo Leisink <hugo@leisink.net> Sun, 14 Aug 2005 18:43:57 +0200 1112 1113hiawatha (3.5) stable; urgency=low 1114 1115 * HTTP_CLIENT_IP and HTTP_VIA variable passed thru to CGI programs. 1116 * Case-insensitive HTTP-header matching. 1117 * Small bugfixes. 1118 1119 -- Hugo Leisink <hugo@leisink.net> Sat, 16 Apr 2005 22:31:14 +0100 1120 1121hiawatha (3.4) stable; urgency=low 1122 1123 * Specify the returncode of an ErrorHandler. 1124 * DenyBot option added. 1125 * BindHTTP and BindHTTPS options added (BindAddress option has been removed). 1126 * ServerPort and SSLPort have become an alias for BindHTTP and BindHTTPS. 1127 * RequireBinding option added. 1128 * CGIextension and CGIhandler options updated. 1129 * Source dependencies re-organized. 1130 * BSD autoconf errors fixed (Thanks to Sander Niemeijer). 1131 1132 -- Hugo Leisink <hugo@leisink.net> Sun, 23 Jan 2005 22:36:13 +0100 1133 1134hiawatha (3.3) stable; urgency=low 1135 1136 * CGIhandler option added (PHPextension, PHPprogram and ExecutePHP options 1137 have been removed). 1138 * Support for HTTP/1.0 proxies (No chunked Transfer-Encoding, so no 1139 keep-alive connections for CGI). 1140 * Username of HTTP authentication logged. 1141 * Escape characters removed from logfile. 1142 * BanlistMask option added. 1143 * LogAccess option renamed to LogfileMask. 1144 * HTTP pipelining support. 1145 * Bugfix: GarbageLogfile was not created on startup. 1146 * Bugfix: removed double Content-Type for CGI ErrorHandler. 1147 1148 -- Hugo Leisink <hugo@leisink.net> Fri, 26 Nov 2004 00:16:40 +0100 1149 1150hiawatha (3.2) stable; urgency=medium 1151 1152 * Gentoo ebuild script (see gentoo/ in sourcepackage). 1153 * Bugfix: incorrect Chunked Transfer-Encoding. 1154 * Bugfix: wrong hostname on 301. 1155 1156 -- Hugo Leisink <hugo@leisink.net> Wed, 3 Nov 2004 18:51:52 +0100 1157 1158hiawatha (3.1) stable; urgency=low 1159 1160 * Small bugfixes and improvements. 1161 * Start and stop script (extra/hiawatha). 1162 * Command Channel made optional. 1163 * ServerString moved from host to main section in the configuration file. 1164 * Compile errors fixed (under Cygwin for example). 1165 * Bugfix: SERVER_PORT was set to ServerPort instead of SSLPort on HTTPS 1166 connections. 1167 * Bugfix: 301 via HTTPS used ServerPort instead of SSLPort. 1168 1169 -- Hugo Leisink <hugo@leisink.net> Mon, 20 Sep 2004 00:12:30 +0200 1170 1171hiawatha (3.0) stable; urgency=low 1172 1173 * SSL support: SSLPort, ServerKey and RequireSSL option added. 1174 (Many thanks to Denis de Leeuw Duarte. Compile with --disable-ssl 1175 to disable this feature). 1176 * SetEnvir option added. 1177 * RequiredGroup option added. 1178 * Case-insensitive configuration options. 1179 * Directory independent installation support. 1180 (Many thanks to Sander Niemeijer). 1181 1182 -- Hugo Leisink <hugo@leisink.net> Wed, 1 Sep 2004 23:54:46 +0200 1183 1184hiawatha (2.8) stable; urgency=low 1185 1186 * gzip Content-Encoding support (see manpage for more information). 1187 * BanOnMaxReqSize option added. 1188 * Some 400 and 413 returncode fixes. 1189 * Garbage log for 400. 1190 * Faster restart. 1191 * Configuration reload stable (USR1 signal). 1192 * Small bugfixes and improvements. 1193 1194 -- Hugo Leisink <hugo@leisink.net> Thu, 26 Aug 2004 18:28:17 +0200 1195 1196hiawatha (2.7) stable; urgency=low 1197 1198 * RequestBuffer option added. 1199 * Binary upload support. 1200 * AccessList option improved with 'pwd'. 1201 * Bugfix: incorrect Content-Length for HTTP code screens. 1202 1203 -- Hugo Leisink <hugo@leisink.net> Wed, 18 Aug 2004 12:32:40 +0200 1204 1205hiawatha (2.6) stable; urgency=low 1206 1207 * log.c rewritten. 1208 * Connect attempts during ban counted (to prefent long logfiles). 1209 * Bugfix: netmask 0 for AccessList didn't work. 1210 * Bugfix: Directory record ended configfile. 1211 1212 -- Hugo Leisink <hugo@leisink.net> Fri, 6 Aug 2004 15:37:46 +0200 1213 1214hiawatha (2.5) stable; urgency=high 1215 1216 * Range header field (single range support). 1217 * 206 Partial Content. 1218 * 416 Requested Range Not Satisfiable. 1219 * Date header field. 1220 * Modified-Since header field. 1221 * Bugfix: memory-leak fixed (free(error_line) in target.c). 1222 * Bugfix: thread-record problem fixed. 1223 1224 -- Hugo Leisink <hugo@leisink.net> Mon, 26 Jul 2004 09:09:18 +0200 1225 1226hiawatha (2.4.1) stable; urgency=medium 1227 1228 * Bugfix: use of <Directory> without UploadSpeed always resulted in a 503. 1229 1230 -- Hugo Leisink <hugo@leisink.net> Mon, 24 May 2004 13:38:06 +0200 1231 1232hiawatha (2.4) stable; urgency=high 1233 1234 * 503 Service Unavailable. 1235 * Access option removed. 1236 * AccessList option added. 1237 * AccessLog option added. 1238 * BindAddresses option added. 1239 * GarbageLogfile option added. 1240 * ImageReferer option added. 1241 * PathMatch option added. 1242 * UploadSpeed option extended. 1243 * Global change: extention -> extension. 1244 * exePHP/CGI option renamed to ExecutePHP/CGI. 1245 * Bugfix: only the first Directory record could be used. 1246 * Bugfix: If-Modified-Since time converted to GMT. 1247 * Bugfix: filedescriptor to .hiawatha left open. 1248 1249 -- Hugo Leisink <hugo@leisink.net> Fri, 16 Apr 2004 23:29:09 +0100 1250 1251hiawatha (2.3.2) stable; urgency=low 1252 1253 * Include option added. 1254 * Log requestresult code. 1255 * Code improvement. 1256 1257 -- Hugo Leisink <hugo@leisink.net> Sun, 28 Mar 2004 23:03:09 +0100 1258 1259hiawatha (2.3.1) stable; urgency=low 1260 1261 * Extra CGI environment variables. 1262 * Bugfix: incorrect Content-Type for multipart/form-data CGI data. 1263 * Bugfix: pidfile problem. 1264 1265 -- Hugo Leisink <hugo@leisink.net> Sun, 28 Mar 2004 12:33:06 +0100 1266 1267hiawatha (2.3) stable; urgency=low 1268 1269 * OPTIONS method improved. 1270 * A .hiawatha configurationfile will also be active in all the 1271 subdirectories. 1272 * CGI errors are logged to the SystemLogfile. 1273 * PHPextension option added. 1274 * ServerName option renamed to Hostname. 1275 * ReconnectDelay option renamed to BanOnMaxPerIP. 1276 * BanOnGarbage option added. 1277 * BanOnFlooding option added. 1278 * KickOnBan option added. 1279 * Manualpage updated. 1280 * Small bugfixes. 1281 1282 -- Hugo Leisink <hugo@leisink.net> Wed, 24 Mar 2004 20:10:17 +0100 1283 1284hiawatha (2.2) stable; urgency=low 1285 1286 * Improved directory listing (ShowIndex) and errorcode layout. 1287 * 405 response for PUT, DELETE, TRACE and CONNECT methods changed to 501 1288 Method Not Implemented. 1289 * POST request for a non CGI script results in a 405. 1290 * If-Modified-Since and If-Unmodigied-Since header fields. 1291 * 304 Not Modified. 1292 * 408 Request Timeout. 1293 * 412 Precondition Failed. 1294 1295 -- Hugo Leisink <hugo@leisink.net> Wed, 17 Mar 2004 20:25:50 +0100 1296 1297hiawatha (2.1.1) stable; urgency=high 1298 1299 * Bugfix: Basic HTTP authentication fixed. Also full path for 1300 PasswordFile allowed in chroot environment. 1301 1302 -- Hugo Leisink <hugo@leisink.net> Sun, 14 Mar 2004 11:58:56 +0100 1303 1304hiawatha (2.1) stable; urgency=high 1305 1306 * Command Channel (compile with --enable-command). 1307 * UserWebsite option added. (UserDirectory option removed, userwebsites.conf 1308 added to /etc/hiawatha). 1309 * UploadSpeed option for Directory sections added. 1310 * Improved error checking. 1311 * Traffic throttling for CGI scripts. 1312 * SystemLogfile option added. 1313 * Small bugfixes. 1314 * Bugfix: CONTENT_LENGTH was set incorrectly for POST requests. 1315 * Bugfix: reloading throttleconfiguration. 1316 * Bugfix: zombie CGI scripts. A kill (9) signal is send to all CGI processes 1317 after finishing. Just to be sure. :) 1318 1319 -- Hugo Leisink <hugo@leisink.net> Thu, 11 Mar 2004 18:11:26 +0100 1320 1321hiawatha (2.0) stable; urgency=low 1322 1323 * Multi-threading instead of forking 1324 (Many thanks to Sander Niemeijer). 1325 * Configuration reloading (USR1 signal). 1326 * Disconnect all clients (USR2 signal). 1327 * Mimetype and throttletype checking case unsensitive. 1328 * Improved URI checking. 1329 * run_script() rewritten: faster and bugfix (also using select()). 1330 * ServerId option added. 1331 * UserId and GroupId option combined to HostId. 1332 * Access option for Directory sections added. 1333 * Some code improvements. 1334 * Small bugfixes. 1335 1336 -- Hugo Leisink <hugo@leisink.net> Sun, 7 Mar 2004 14:51:27 +0100 1337 1338hiawatha (1.7) stable; urgency=low 1339 1340 * nanny_thread() removed. select() timeout used to check childs. 1341 * fetch_request() rewritten: it's much faster now (using select()). 1342 * RootDirectory option renamed to WebsiteRoot. 1343 * ServerRoot option added (Hiawatha will chroot() to that directory). 1344 1345 -- Hugo Leisink <hugo@leisink.net> Sat, 24 Feb 2004 14:06:53 +0100 1346 1347hiawatha (1.6.1) stable; urgency=medium 1348 1349 * Source-plugin support (compile with --enable-plugin). 1350 * Bugfix: problem with reading directory configurationfile (.hiawatha). 1351 * Bugfix: several realloc() fixes. 1352 * Bugfix: config->directory set to NULL on init. 1353 1354 -- Hugo Leisink <hugo@leisink.net> Tue, 26 Jan 2004 10:13:26 +0100 1355 1356hiawatha (1.6) stable; urgency=low 1357 1358 * URL checked for special characters (%20 = ' ', etc). 1359 * Remarks on every line in configuration file allowed. 1360 * Added some MIME-types. 1361 1362 -- Hugo Leisink <hugo@leisink.net> Fri, 19 Dec 2003 13:23:08 +0100 1363 1364hiawatha (1.5.1) stable; urgency=high 1365 1366 * ServerString option added. 1367 * Bugfix: CGI server hang-up bug fixed. 1368 1369 -- Hugo Leisink <hugo@leisink.net> Mon, 15 Sep 2003 11:13:12 +0100 1370 1371hiawatha (1.5) stable; urgency=low 1372 1373 * Improved 301: first ServerName may now contain a wildcard. 1374 * 302 Found (when a CGI script prints Location). 1375 * 413 Request Entity Too Large. 1376 * CGI scripts can now output binary data. 1377 * Automake script (Many thanks to Sander Niemeijer and Denis de Leeuw 1378 Duarte). Compilation tested on FreeBSD and MacOS X. 1379 * Small bugfixes. 1380 1381 -- Hugo Leisink <hugo@leisink.net> Sun, 17 Aug 2003 14:13:17 +0100 1382 1383hiawatha (1.4) stable; urgency=low 1384 1385 * Multiple ServerName options. 1386 * Wildcard allowed in ServerName. 1387 * Ownership logfiles set to UserId:GroupId from configurationfile. 1388 * Small bugfixes. 1389 1390 -- Hugo Leisink <hugo@leisink.net> Tue, 22 Jul 2003 09:44:12 +0100 1391 1392hiawatha (1.3) stable; urgency=low 1393 1394 * Directory settings support. 1395 * Flooding protection. 1396 * Volatile object support. 1397 * Bugfixes: some potential segmentation faults. 1398 1399 -- Hugo Leisink <hugo@leisink.net> Thu, 17 Oct 2002 20:40:00 +0100 1400 1401hiawatha (1.2) stable; urgency=low 1402 1403 * <VirtualHost> settings. 1404 * Check for errors in configurationfile. 1405 * Manpage updated. 1406 1407 -- Hugo Leisink <hugo@leisink.net> Sat, 28 Sep 2002 18:13:21 +0100 1408 1409hiawatha (1.1.1) stable; urgency=high 1410 1411 * Bugfix: server lock-up for POST request with Content-Length = 0. 1412 1413 -- Hugo Leisink <hugo@leisink.net> Thu, 26 Sep 2002 10:46:55 +0100 1414 1415hiawatha (1.1) stable; urgency=low 1416 1417 * Traffic throttling. 1418 1419 -- Hugo Leisink <hugo@leisink.net> Sat, 21 Sep 2002 23:04:19 +0100 1420 1421hiawatha (1.0) stable; urgency=low 1422 1423 * 405 Method not allowed. 1424 * 505 HTTP version not supported. 1425 * Logrotate script added to the package. 1426 * Bugfix: no Content-Type for directorylisting. 1427 * Bugfix: chunks didn't end with CRLF. 1428 * Bugfix: a PHP script couldn't be used as an ErrorHandler. 1429 * Bugfix: logfile problem. 1430 * Bugfix: StartFile from .hiawatha didn't work. 1431 1432 -- Hugo Leisink <hugo@leisink.net> Thu, 17 Sep 2002 18:12:35 +0100 1433 1434hiawatha (1.0b) stable; urgency=low 1435 1436 * Basic HTTP authentication. 1437 * 401 Unauthorized. 1438 * Support for PHP. 1439 * Chunked Transfer-encoding. 1440 * Directorylisting in HTML for directories without a startfile. 1441 * Main request-handling routine splitted in seperate functions. 1442 * parse_request() rewritten. 1443 * Some minor bugfixes. 1444 * Bugfix: setuid() security issue fixed. 1445 1446 -- Hugo Leisink <hugo@leisink.net> Thu, 16 Sep 2002 23:21:26 +0100 1447 1448hiawatha (0.9) stable; urgency=low 1449 1450 * Keep-alive connections. 1451 * Some minor bugfixes. 1452 1453 -- Hugo Leisink <hugo@leisink.net> Thu, 5 Sep 2002 19:36:04 +0100 1454 1455hiawatha (0.8) stable; urgency=low 1456 1457 * Size HTTP request limited to 64 kilobytes. 1458 * Better Content-Length handling for incoming HTTP requests. 1459 * Number of connections per IP address can be limited. 1460 * Filelock on logfile. 1461 * More actions are being logged. 1462 * Manpage added to the package. 1463 * Finally got rid of the root group. :) 1464 * User configurationfile. 1465 * Some minor bugfixes. 1466 * Bugfix: When the ErrorHandler was set a 301 error was not returned 1467 correctly. 1468 1469 -- Hugo Leisink <hugo@leisink.net> Fri, 28 Jun 2002 11:55:26 +0100 1470 1471hiawatha (0.7.1) stable; urgency=low 1472 1473 * Bugfix: the local IP address was logged instead of the remote IP address. 1474 * Bugfix: when CGI was disabled and the ErrorHandler was needed, the server 1475 crashed. 1476 1477 -- Hugo Leisink <hugo@leisink.net> Wed, 19 Jun 2002 11:55:26 +0100 1478 1479hiawatha (0.7) stable; urgency=low 1480 1481 * StartFile added to the configurationfile. 1482 * ErrorHandler added to the configurationfile. 1483 * The number of total connections can be limited. 1484 * The runtime for a CGI process can be limited. 1485 * Cookie support. 1486 * HTTP_USER_AGENT, HTTP_X_FORWARDED_FOR and HTTP_REFERER variables are passed 1487 thru to a CGI script. 1488 * Bugfix: the zombie problem has been fixed. 1489 * Bugfix: child quits when client disconnects. 1490 1491 -- Hugo Leisink <hugo@leisink.net> Wed, 19 Jun 2002 10:33:41 +0100 1492 1493hiawatha (0.6) stable; urgency=low 1494 1495 * 400 Bad request. 1496 * HEAD method implemented. 1497 * POST method implemented. 1498 * OPTIONS method implemented. 1499 * User directories. 1500 * Improved security. 1501 1502 -- Hugo Leisink <hugo@leisink.net> Sat, 18 May 2002 13:57:50 +0100 1503 1504hiawatha (0.5) stable; urgency=low 1505 1506 * Content-Type header field (Mimetypes). 1507 * Logfile. 1508 1509 -- Hugo Leisink <hugo@leisink.net> Thu, 16 May 2002 12:41:28 +0100 1510 1511hiawatha (0.4) stable; urgency=low 1512 1513 * Server can execute scripts. 1514 * Server information in header. 1515 * 403 Forbidden. 1516 * 500 Internal server error. 1517 1518 -- Hugo Leisink <hugo@leisink.net> Thu, 18 May 2002 13:57:50 +0100 1519 1520hiawatha (0.3) stable; urgency=low 1521 1522 * 200 OK. 1523 * 301 Redirect. 1524 * 404 File not found. 1525 1526 -- Hugo Leisink <hugo@leisink.net> Sat, 27 Apr 2002 17:21:42 +0100 1527 1528hiawatha (0.2) stable; urgency=low 1529 1530 * Configurationfile (/etc/hiawatha.conf). 1531 1532 -- Hugo Leisink <hugo@leisink.net> Sat, 20 Apr 2002 18:48:09 +0100 1533 1534hiawatha (0.1) stable; urgency=low 1535 1536 * Initial release. 1537 * GET method implemented. 1538 1539 -- Hugo Leisink <hugo@leisink.net> Sun, 27 Jan 2002 12:06:10 +0100 1540