For the last year the development of the CppCMS project was less active. The vast majority of the work hours were spent on a customer's project that used CppCMS to create an outstanding advertisement system.
The project is called Linicom.
Today, when Linicom is up, running and maintained by a larger team, so I can resume the activity on the core CppCMS project itself.
Few words about Linicom:
Linicom is an engine that provides content and visitor sensitive advertisements for almost all large Israeli news web sites: including Ynet, Haaretz, Jerusalem Post, Mako, Walla and other significant web sites in Israel and abroad.
Here some interesting facts:
- Linicom is based on CppCMS technology.
- The system serves around 10,000,000 custom requests a day, i.e ~115 req./s.
- During peak hours, it servers around 160 requests per second.
- Its typical network output is around 11 megabit per second.
- Its total memory consumption (web server, database, applications, OS) is only around 350Mb.
- The server's average CPU load is around 5%
- The server runs on a
c1.mediumAmazon EC2 instance.
The system runs behind Lighttpd and uses PostgreSQL for persistent data storage. Also PostgreSQL is used extensively, all real time data is stored in memory.
Almost every request needs data processing in order to provide highly customized advertisements. In technical terms it means that almost no request can be "outsourced" to a static files - every request for every customer should be processed explicitly.
This system is probably one of the classic applications of CppCMS technology - web based system that required to be fast and efficient, being able to handle outstanding and sometimes unexpectedly changing loads without problems and provide high QoS.
Use of in-memory data storage, caching and efficient handing of the data that can't be cached is were CppCMS shines. Having a big growth potential with a minimal required maintenance and high reliability allows the to handle the business-end safely without worrying about performance issues.
- Fixed 121, 98 - bug caused invalid year formatting/parsing by icu backend - fixed incorrect use of year of the week instead year
- Fixed 122 - memory leak in Win32 threading library
- Fixed 105 - string_key.h has a bad operator '!='
- Fixed 119 - bad html formatting.
- Fixed 106 - IPv6 support on Winows
- Fixed 129 - cppcms_make_key - invalid option name
- Fixed 97 - impossible to use upper case in namespace in
<% include %>
- Fixed 84 - 64K fd limit
- Fixed 108 - test_locale_boundary & booster_locale_formatting failure
- Fixed various issues libc++/clang support
- Significantly improved multipart parsing closing f.r. 27
- Removed reuse_address socket option use at Windows
Minor Security Improvements:
- Issue 117: possibility of Timing Attack Vulnerability
- NetBSD is supported platform
- FreeBSD added support of POSIX locale & clang/libc++
The code is downloadable from sourceforge. Binary RPM releases already available at The Open Build Service repository. Debian packages would be published soon.
Update: Debian and Ubuntu packages are ready at the repository.
This is a critical bug fix release that relates to session handing in Internet Explorer.
Added "Expires" to cookie expiration time handling that is supported by IE.
Prior to this release, cppcms session cookies used max-age option, that IE does not recognize. Starting from this release the session cookies would have both Expires and Max-Age options. All browsers that use Max-Age would ignore Expires if both given.
New options that control the session cookie properties are added, see expiration_method that would allow to alter the behavior and handle possible clock skew issues
Special thanks to Saikumar Gandapodi who reported me this issue.
CppCMS 1.0.3 was released today, it includes security bug fix.
This bug allowed CppCMS encoding validation to accept some invalid UTF-8 sequences which could potentially lead to various security problems like XSS and more.
It is strongly recommended to upgrade to latest version.
Note: for thous who used
booster::locale::utf::utf_traits or functions
booster::locale::conv::utf_to_utf directly rather than using built in
CppCMS forms validation/XSS validation, you may need to recompile the
application to get the updates.
The release is available on sourceforge and in the official repositories for Ubuntu oneiric, precise and quantal, Debian squeeze, Fedora 16 and 17, Centos 6 and Open Suse 11.4 and 12.1
Here in Israel...
I hear explosions of Grad rockets fired by Hamas to our cities. I hear sirens that gives us short alarms to run for shelters.
This is daily routine...
Lead CppCMS Developer, from Israel