Home  /  RSS  /  RSS Comments  /  RSS for Progress  /  Enter

Posts in category ‘Progress’.

CppCMS 0.99.10 Released

I'd like to summarize this release that makes:

• CppCMS more secure platform for web development.
• CppCMS more windows friendly
• Much closer to the Release Candidate 1...

As a part of security improvements new page was added to the CppCMS wiki:

Secure Programming with CppCMS

It is still work in progress but it shows some important tools that would help you to develop safer web applications. I'd recommend every one to read it, especially the sections about XSS and CSRF

Now about the changes CppCMS itself.

New features:

• New Cross Site Request Forgery prevention tools.

  See: Secure Programming with CppCMS: CSRF

• Support loading XSS profiles from file/json object making XSS filters configuration much easier and simpler. A new example of using XSS filter with can be found under /examples/xss subdirectory in the CppCMS sources.

• Full support of timeouts in HTTP web server and other improvements.

  Now built in HTTP web severer is fully useful not only for debugging but also for using on embedded platforms.

• File server improvements:

  • Security improvements - in file serving - now it is useful for embedded platforms.
  • Full Unicode file names support under Windows (UTF-8).
  • Optional directory listing support.
  • Added support of alias in the file server

• Support of installing, uninstalling and running CppCMS as windows service.

• New tool for generation of HMAC/AES keys cppcms_make_key

• Support of numeric index and reverse iteration in foreach statement, closing issue #3111909

• Added deprecation warning of <% var %> templates format in flavor of <%= var %> and form + widget operator in flavor of form.add(widget)

• Added workaround for sending full HTTP headers for broken SCGI connectors like IIS's one using.

Bugs:

• a bug in json::value::is_null() incorrect answer.
• Security fix: prevent from relative URI filter to match absolute ones in XSS filter.

Version 0.99.9 Released

New Features:

• Clang is support provided, CppCMS was tested against Clang 2.8.

  Now CppCMS supports 5 families of C++ compilers:

  • GCC 3.4.x to 4.6.1
  • Visual Studio 2005 - 2010
  • Clang 2.8
  • Intel 11
  • Sun Studio 5.10

• Significant performance improvements in XSS filtering by rewriting URI validation using a C++ parser rather then using complex regular expression.

  Added support of fully custom validation for HTML attributes using callback functions in the XSS filter.

• Significant performance improvements over multiple places in code by eliminating multiple memory allocations:

  • HTTP, SCGI and FastCGI backends - improved memory allocation for CGI variables.
  • Fetching values from JSON objects using get(...), find(...) APIs is now done with 0 memory allocation.
  • URL mapping is now done with 0 or very low memory allocation.
  • Various filters like escape, urlencode and some others now work with no or few memory allocations.

• Performance improvements in caching by replacing the balanced binary tree by hash table in the primary cache key index.

Breaking Changes:

• json::object had changed from std::map<std::string,value> to std::map<string_key,value>. It should be fully transparent for almost all users.

Bugs:

• Fixed a crash in http::response when writing HTTP headers throws due for example to incorrect file permissions.
• Fixed a bug in booster::regex that prevented some valid patterns to be matched against some regular expressions.
• Fixed a bug that may prevent from booster::regex to work on big endian 64 bit platforms
• Added initial support of Python3 for templates compiler.
• Added a workaround for systems that use python3 by default.

CppCMS 0.99.8 and Boost.Locale 4.0.0 Rleased

New Versions of CppCMS and Boost.Locale were released.

New Features:

• Boost.Locale is updated to the latest version that is going to be merged into Boost svn tree.

  It includes some breaking changes:

  • Redesigned boundary analysis interface:

    Instead of using mapping, token_iterator and break_iterator new classes that provide same functionality introduced:

    segment_index, boundary_point_index and the elements that can be iterated segment and boundary_point.

    See: http://cppcms.sourceforge.net/boost_locale/html/boundary_analysys.html

  • Updated messages interface, now messages use same type of character for key and output message, i.e.

      std::wstring wh = translate(L"hello").str();
      std::string   h = translate( "hello").str();
    

    Instead of

      std::wstring wh = translate("hello").str<wchar_t>();
      std::string   h = translate("hello").str<char>();
    

    It allows to use non-US-ASCII keys transparently.

  • Update date_time interface to be more consistent with Boost.DateTime and Boost.Chrono. Operations are more type safe now.

• Introduced support of SunStudio Compiler on OpenSolaris.

• New nightly tests: Linux Armel and Solaris/SunStudio.

Bug Fixes:

• Fixed bug that virtually disabled gzip compression in CppCMS 0.99.7

• Some compilation and testing fixes for older versions of Mac OS X/Darwin 8.

  Note Darwin 8 is not supported due to bugs in the standard C library, but there should be no problems with newer Mac OS X versions.

• Fixes to support ICU 4.8
• Fixes to support gcc-4.6 and gcc-4.0
• Fixes to support Python 2.3.5

Note to SVN-trunk users

Do not forget to untar the updated cppcms_boost.tar.bz2 file.

The blog was upgraded

The blog was upgraded.

In fact it was completely rewritten to use all new features of CppCMS 0.99.7. It was not a simple task, as this blog was the first application implemented with CppCMS. It carried lots of legacy code. For example the it hadn't even used sessions or existing form validation tools at all.

So the new version that was rewritten with all new tools and now safe application to use.

It's code can be found in svn at:
https://cppcms.svn.sourceforge.net/svnroot/cppcms/blog/trunk

After running the new version on this web site for a while I'll release it officially with all appropriate build instructions and release notes.

Meanwhile if you want to try it, you need following:

• CppCMS 0.99.7 and higher
• CppDB
• discount markdown library: http://www.pell.portland.or.us/~orc/Code/discount/
• ImageMagick or GraphicsMagick library (for captcha)

Build it with CMake as usual (inside sources)

mkdir build
cd build
cmake ..
make

And then you can create a database using sql/mysql.sql, sql/postgresql.sql or sql/sqlite3.sql scripts, edit config.js according to the DB and run it as usual.

./blog -c ../config.js

On first access you'll be requested to configure the blog.

Currently it supports:

• Two languages: Hebrew and English
• Two skins "OrangeSky" and "Contendend"
• Three databases PostgreSQL, MySQL and Sqlite3

Enjoy

Boost.Locale was accepted into Boost

Now it is official. Boost.Locale was accepted into Boost.

So the Localization part of CppCMS would be spread all over the C++ world.

Pages

• About This Project
• My Open Source Astronomy Projects

Categories

• Progress
• Storage
• Benchmarks
• Templates
• FastCGI
• Framework
• Cache
• Berkeley DB
• Comet
• Unicode and Localization
• Off Topic