diff --git a/CHANGELOG.md b/CHANGELOG.md index b5a6e05e..1af5e81f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,15 +7,45 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/). ## [Unreleased] ### Added +- `examples`: Added an example to run the debug app with apache2+libfcgi inside a docker container. +- `wsf`: Updated the default rescue response (i.e when exception or bad internal error occurs). Factorized the implementation in WGI_RESCUE_EXECUTION, and now by redefining the `WGI_EXECUTION.execute_rescue (...)` procedure, it is possible to have a custom response on such rescued execution. + + +### Changed +- `wsf`: Adopted the nanoseconds timeout precision. And in config file added support for ns, us, ms, s timeout precision (without indication, it uses `seconds` precision). + +### Deprecated +### Removed +### Fixed +- `websocket`: Allow (websocket) upgrade even without persistent connection for normal http request. + (note: this allows to use websocket in single-threaded mode, and avoid the keep-alive-timeout delay before websocket begins its execution) + +- `http`: Fixed HTTP_HEADER.put_raw_header (..) by ignoring any empty line of the argument value. (note: "%R" is considered as empty line here.) +- `jwt`: updated to make JWT algorithm support more flexible, and simple to extend with specific algorithm. +- `httpd`, `websocket`: Fixed setting of socket.timeout in httpd (was not currently set before). +### Security + +## [v1.0.6] - 2018-05-17 +### Added - `jwt`: new JSON Web Token (JWT) library (supports for claim exp, iat, nbf, iss, aud). - `http_client`: added support for ciphers setting in the libcurl implementation only. - `http_client`: added convenient `get` and `custom` functions on HTTP_CLIENT directly. -- `websocket`: added `on_timer` solution to allow the server to check for external events and send notification to websocket clients. - `wsf`: added `WSF_EXECUTE_HANDLER`, and `WSF_CGI_HANDLER`. Demonstration of `WSF_CGI_HANDLER` in the new `tools/httpd` project. - `wsf_security`: new security library, providing support for XSS injection protection and similar. +- `wsf`: Support persistent connection, even in single thread mode (i.e concurrency=none). + Warning: as there is no concurrent request handling in single threaded mode, it is recommended to either set the keep_alive_timeout to a small value, or disable persistent connection by setting max_keep_alive_requests to 0. + Accept -1 as value of max_keep_alive_requests to have unlimited number of request in the same persistent connection. +- `wsf_compression`: Introduced WSF_COMPRESSION and applied to WSF_*_WITH_COMPRESSION classes. Added `simple_compression` example. +- `websocket`: added `on_timer` solution to allow the server to check for external events and send notification to websocket clients. +- `wsf`: Added routing condition mapping. +- `wsf_extension`: added handler to add support for CGI scripts. +- Added a new tool `httpd` which is a basic httpd server product (with file server and CGI handler). +- `wsf_security`: added security protections such as XSS injection protection support. ### Changed - adopted ecf version 1-16-0 and use a single .ecf file (the -safe.ecf are now redirection to normal .ecf) +- `wsf_html`: Made interface of wsf forms and widgets a bit more flexible by accepting READABLE_STRING_GENERAL. + ### Deprecated - removed support for Eiffel version before 17.05 . - SSL 2 or 3 is obsolete and will raise an exception if used. @@ -26,6 +56,9 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/). - `authentication`: HTTP_AUTHORIZATION acceps now READABLE_STRING_GENERAL for username and password argument. - `http_client`: fixed curl implementation by setting `Content-Type` to `x-www-form-urlencoded` (if not set) when POST send data as `x-www-form-urlencoded`. - `notification_email`: fixed the SMTP support for multiple recipients address. +- `http_network`: use proper ciphers settings for libcurl implementation. +- `http_client`: Improved support of absolute/relative https:// and http:// in http_client. +- `json_encoder.e`: Properly JSON encode null character as \u0000 . ### Security