Posts in category ‘Progress’.
CppCMS 0.99.10 Released
I'd like to summarize this release that makes:
- CppCMS more secure platform for web development.
- CppCMS more windows friendly
- Much closer to the Release Candidate 1...
As a part of security improvements new page was added to the CppCMS wiki:
It is still work in progress but it shows some important tools that would help you to develop safer web applications. I'd recommend every one to read it, especially the sections about XSS and CSRF
Now about the changes CppCMS itself.
New features:
New Cross Site Request Forgery prevention tools.
Support loading XSS profiles from file/json object making XSS filters configuration much easier and simpler. A new example of using XSS filter with can be found under
/examples/xss
subdirectory in the CppCMS sources.Full support of timeouts in HTTP web server and other improvements.
Now built in HTTP web severer is fully useful not only for debugging but also for using on embedded platforms.
File server improvements:
- Security improvements - in file serving - now it is useful for embedded platforms.
- Full Unicode file names support under Windows (UTF-8).
- Optional directory listing support.
- Added support of alias in the file server
Support of installing, uninstalling and running CppCMS as windows service.
New tool for generation of HMAC/AES keys
cppcms_make_key
Support of numeric index and reverse iteration in foreach statement, closing issue #3111909
Added deprecation warning of
<% var %>
templates format in flavor of<%= var %>
andform + widget
operator in flavor ofform.add(widget)
Added workaround for sending full HTTP headers for broken SCGI connectors like IIS's one using.
Bugs:
- a bug in json::value::is_null() incorrect answer.
- Security fix: prevent from relative URI filter to match absolute ones in XSS filter.
Version 0.99.9 Released
New Features:
Clang is support provided, CppCMS was tested against Clang 2.8.
Now CppCMS supports 5 families of C++ compilers:
- GCC 3.4.x to 4.6.1
- Visual Studio 2005 - 2010
- Clang 2.8
- Intel 11
- Sun Studio 5.10
Significant performance improvements in XSS filtering by rewriting URI validation using a C++ parser rather then using complex regular expression.
Added support of fully custom validation for HTML attributes using callback functions in the XSS filter.
Significant performance improvements over multiple places in code by eliminating multiple memory allocations:
- HTTP, SCGI and FastCGI backends - improved memory allocation for CGI variables.
- Fetching values from JSON objects using get(...), find(...) APIs is now done with 0 memory allocation.
- URL mapping is now done with 0 or very low memory allocation.
- Various filters like
escape
,urlencode
and some others now work with no or few memory allocations.
Performance improvements in caching by replacing the balanced binary tree by hash table in the primary cache key index.
Breaking Changes:
json::object
had changed fromstd::map<std::string,value>
tostd::map<string_key,value>
. It should be fully transparent for almost all users.
Bugs:
- Fixed a crash in http::response when writing HTTP headers throws due for example to incorrect file permissions.
- Fixed a bug in
booster::regex
that prevented some valid patterns to be matched against some regular expressions. - Fixed a bug that may prevent from
booster::regex
to work on big endian 64 bit platforms - Added initial support of Python3 for templates compiler.
- Added a workaround for systems that use python3 by default.
CppCMS 0.99.8 and Boost.Locale 4.0.0 Rleased
New Versions of CppCMS and Boost.Locale were released.
New Features:
Boost.Locale is updated to the latest version that is going to be merged into Boost svn tree.
It includes some breaking changes:
Redesigned boundary analysis interface:
Instead of using
mapping
,token_iterator
andbreak_iterator
new classes that provide same functionality introduced:segment_index
,boundary_point_index
and the elements that can be iteratedsegment
andboundary_point
.See: http://cppcms.sourceforge.net/boost_locale/html/boundary_analysys.html
Updated messages interface, now messages use same type of character for key and output message, i.e.
std::wstring wh = translate(L"hello").str(); std::string h = translate( "hello").str();
Instead of
std::wstring wh = translate("hello").str<wchar_t>(); std::string h = translate("hello").str<char>();
It allows to use non-US-ASCII keys transparently.
Update
date_time
interface to be more consistent with Boost.DateTime and Boost.Chrono. Operations are more type safe now.
Introduced support of SunStudio Compiler on OpenSolaris.
New nightly tests: Linux Armel and Solaris/SunStudio.
Bug Fixes:
- Fixed bug that virtually disabled gzip compression in CppCMS 0.99.7
Some compilation and testing fixes for older versions of Mac OS X/Darwin 8.
Note Darwin 8 is not supported due to bugs in the standard C library, but there should be no problems with newer Mac OS X versions.
- Fixes to support ICU 4.8
- Fixes to support gcc-4.6 and gcc-4.0
- Fixes to support Python 2.3.5
Note to SVN-trunk users
Do not forget to untar the updated cppcms_boost.tar.bz2 file.
The blog was upgraded
The blog was upgraded.
In fact it was completely rewritten to use all new features of CppCMS 0.99.7. It was not a simple task, as this blog was the first application implemented with CppCMS. It carried lots of legacy code. For example the it hadn't even used sessions or existing form validation tools at all.
So the new version that was rewritten with all new tools and now safe application to use.
It's code can be found in svn at:
https://cppcms.svn.sourceforge.net/svnroot/cppcms/blog/trunk
After running the new version on this web site for a while I'll release it officially with all appropriate build instructions and release notes.
Meanwhile if you want to try it, you need following:
- CppCMS 0.99.7 and higher
- CppDB
- discount markdown library: http://www.pell.portland.or.us/~orc/Code/discount/
- ImageMagick or GraphicsMagick library (for captcha)
Build it with CMake as usual (inside sources)
mkdir build
cd build
cmake ..
make
And then you can create a database using sql/mysql.sql
, sql/postgresql.sql
or sql/sqlite3.sql
scripts, edit config.js according to the DB and run it as usual.
./blog -c ../config.js
On first access you'll be requested to configure the blog.
Currently it supports:
- Two languages: Hebrew and English
- Two skins "OrangeSky" and "Contendend"
- Three databases PostgreSQL, MySQL and Sqlite3
Enjoy
Boost.Locale was accepted into Boost
Now it is official. Boost.Locale was accepted into Boost.
So the Localization part of CppCMS would be spread all over the C++ world.