Posts in category ‘Progress’.
CppCMS 0.99.7 Rleased
Security Bugs:
- Fixed incorrect key parsing caused reduced entropy of AES and HMAC keys
- Fixed incorrect HMAC key definition when using separate keys for CBC and MAC
All users are encouraged to upgrade to latest version, if not possible do following:
Use
session.client.key
orsession.client.key_file
over separatesession.client.cbc
andsession.client.hmac
orsession.client.cbc_key
andsession.client.hmac_file
Note: if you use
session.client.hmac
orsession.client.hmac_file
only - MAC authentication without encryption then the problem does not affects you.Increase secret key size by at least 1.5 - this is relevant for both encryption and hmac authentication.
New Features:
URL Mapping - the opposite of URL Dispatching is created, now every URL can be easily abstracted from the physical URL,
It allows creating hierarchies of applications and referring each other using named URL.
Caching system:
- Added support of dependent triggers recording using cppcms::triggers_recorder class
- Added cache support at templates level
- Added "tee" filter for better caching support of HTML fragments
Template System
- Provided basic unit-testing
- Provided access too application that renders the view, giving basics for access to many features like sessions, cache and so on.
- Added
<% url ... %>
,<% cache ...%>
,<% trigger ... %>
tags - Improved error reporting
- Added
<%= variable | filters%>
style of rendering to allow override reserved words and variables
Updated Message Board example to use url mapping
Boost.Locale features:
- Default locale is UTF-8 on windows
- Support of Gregorian calendar for non-ICU backends
- Support of checking if the time is in daylight savings time to the calendar
- Performance optimization in formatting and collation
Redesigned booster::socket class, split into set of smaller classes according to their roles
Optimization for embedded builds adds support of removing of modules that may be not useful for embedded applications:
- Cache storage, prefork storage, distributed cache storage
- GZip compression
Support of graceful shutdown of fastcgi process by Apache on Windows using libfastcgi waiting style
Improved boost::thread api to support detach member function
Booster: support of timegm, making booster::ptime symmetric.
Bugs:
- Fixed bug #3177531 - invalid port/ip returned in CGI headers when using "list" of apis
- Cleanup of set() property, make sure it is set to false only in cases where it is really needed, and turn it on by default on most widgets Fixing F.R. #3177317
- Changed warning level to -Wall -Wextra, warnings cleanup
- Boost.Locale - workaround of ICU time zone detection bug
- Fixed incorrect rendering of input form when pointer involved
- Fixed issue with urandom device when running with limited user under Windows
- Fixes of MSVC-2005 issues
CppCMS 0.99.5 released
Changelog:
New Features:
New XSS Filer. It is very new and experimental feature. It allows to validate and filter the HTML input that comes from untrusted source to ensure that it does not include malicious code. This is very common case when we want to integrate in the applications tools like TinyMCS.
It is based on white-list of tags and HTML attributes values that are allowed to be included.
The filter and filtering rules can be found under cppcms::xss namespace.
Currently XSS filter is used only on CppCMS's wiki. So you are welcome to try to bypass it editing the wiki's Sandbox and if you succeed please report me immediately.
Support Windows Vista/Windows 7 API. It allows to build CppCMS on Windows without pthreads-win32 library.
Note: you need to use CMake's option:
-DUSE_WINDOWS6_API=ON
as by default CppCMS targeted for Windows XP and above.Changed default number of worker threads to depend on number of physical CPUs
Bugs Fixes:
- Fixed incorrect mutex configuration that caused deadlocks in preforking mode
- Some fixed in CMake scripts that caused libraries not being found in some situations.
- Some fixes to allow CppCMS to work with uclibc
- Fixed problem in URL dispatching to sub application that caused inability to redefine main function of them
- Some bug fixes in response handling
SQL Connectivity Libraries released
Today two SQL Connectivity libraries were released.
- Released first version 0.0.1 of CppDB library - new powerful SQL Connectivity library written in C++.
Released updated version 0.0.4 of DbiXX - libdbi wrapper. It was also deprecated in favor of CppDB.
It would be continued to be updated with bug fixed and probably small features, but the support will be discontinued withing a year or two, depending on the users needs.
Downloads are available in usual place: https://sourceforge.net/projects/cppcms/files/
Documentation can be found at: http://art-blog.no-ip.info/sql
Why CppDB? What is New There?
New SQL Connectivity library was introduced. There were many reasons for this step:
- Support of both prepared and unprepared statements and transparent prepared statements caching.
- Connection Pooling
- Static and Dynamic linking of the modules - very important for deploy.
- Native windows support including MSVC compiler.
- Removal of additional intermediate layer between the C++ code and native SQL client - libdbi.
- Performance.
- Ensure thread safety (which libdbi was lacking on some platforms - windows)
What is new in DbiXX
- Correct overloading for all integer types
- Access to underlying dbi data structures from all classes
- Support of connection string
- Support of getting driver name (for conditional coding)
- Full Doxygen documentation
- Some code cleanup - to make it locale safe
Why not other libraries like SOCI or QtSql
- QtSql is very heavy depends on Qt framework and does not fit well to modern C++ design (as it provides their own classes for everything - QString etc)
- SOCI - the development cycle is very slow, the quality of some primary FOSS RDBMS drivers is very low, and general disagreement about several concepts.
CppCMS 0.99.4 released
New Features:
- Added support of OpenSSL as alternative to Gcrypt library for AES cookies encryption
- Added support of strength options of AES and better selection of hash for HMAC.
- Added support of recording and showing stack backtrace from thrown exceptions - for better debug-ability of the code.
- Added support of daemonization - running as service under Unix, including options: switch to unprivileged user and
chroot
ing to specified directory. - Added support of reset_session function in session_interface that forces allocation of new session id - to be used for preventing session fixation.
- Added support of suppression of error messages by default - the exception information is not shown by default to user.
- Improved session ids generation security.
- Improved performance of generation of random numbers under Windows
- Improved Content-Type header handling
Bug Fixes:
- Fixed accidental crashes caused by dangling reference.
- Fixed bug incorrect using of non-blocking sockets caused incomplete writes on long outputs
- Fixed memory leak in AES encryption backend
- Fixed incorrect handing of script name in HTTP server.
- Fixed incorrect shutdown handling when working in prefork mode caused deadlock between parent and child on exit.
- Fixed bug in booster::streambuf caused accidental character loss, added handing of putback.
- Fixed incorrect error handing in http_response class that could cause thread-pool to run out of threads.
- Various platform related test fixes
The download is available in usual place: https://sourceforge.net/projects/cppcms/files/
CppCMS Nightly Tests
Hello All,
In order to simplify CppCMS release procedure and ensure that current SVN trunk it not got broken on platforms that are used less frequently the night build and test were set up.
Each night svn-trunk is tested with different compilers and platforms. The full test matrix in not complete yet, but most important platforms and compilers are tested (or actually the plafroms that can be tested relatievly easily)
It is expected to be extedned more in future.
Thanks to VirtualBox for simple and convinient virtualization solutions.