CppCMS 1.0.3 was released today, it includes security bug fix.
This bug allowed CppCMS encoding validation to accept some invalid UTF-8 sequences which could potentially lead to various security problems like XSS and more.
It is strongly recommended to upgrade to latest version.
Note: for thous who used
booster::locale::utf::utf_traits or functions
booster::locale::conv::utf_to_utf directly rather than using built in
CppCMS forms validation/XSS validation, you may need to recompile the
application to get the updates.
The release is available on sourceforge and in the official repositories for Ubuntu oneiric, precise and quantal, Debian squeeze, Fedora 16 and 17, Centos 6 and Open Suse 11.4 and 12.1
Here in Israel...
I hear explosions of Grad rockets fired by Hamas to our cities. I hear sirens that gives us short alarms to run for shelters.
This is daily routine...
Lead CppCMS Developer, from Israel
Due to upgrades on sourceforge the svn repositories had moved. If you are using the version from SVN-Trunk, please checkout them once again:
- HTTP-Protocol: http://svn.code.sf.net/p/cppcms/code/framework/trunk
- SVN-Protocol: svn://svn.code.sf.net/p/cppcms/code/framework/trunk
- HTTP-Protocol: http://svn.code.sf.net/p/cppcms/code/cppdb/trunk
- SVN-Protocol: svn://svn.code.sf.net/p/cppcms/code/cppdb/trunk
There is a simple class added to the contrib section in trunk.
The Server-Sent Events support is provide in form of a generic class
sse::event_source that the user expected to derive from.
Also two simple event source objects with a predefined policy:
- Queue bounded up to certain capacity:
- Real time state updates that allows to keep clients updated with the latest events - rather than sending all the events from the beginning:
Examples of a simple chat and a stock ticker are provided.
sse::event_sourcesupports falling back to long polling using XHR by sending a special header, notifying the server that the connection should be closed rather than kept open.
- Also the code resides withing trunk, it is fully useful with current stable CppCMS release - 1.0.2.
- This code does nothing exceptional, you don't really have to use it to create SSE, it is just makes it easy to handle them without knowing too much about server-side event driven programming.
CppCMS 1.0.2 Released, it is a bug fix release.
- Fixed incorrect HTML generation using
- Fixed build issues with latest ICU: 3540278
- Fixed some warnings in Boost.Locale
- Fixed missing error report in case of running out of disk space in file upload: 3542469
- Fixed visual studio 11 build issues: 3527712,3527702
- Fixed problem with using automatic type detection in C++11 mode with gcc 3537374
- Fixed bugs that made stackstream useless
- Fixed issues build issues on Mac OS X: 3513865
- Fixed OpenSSL detection on Windows: 3515712
- Fixed incorrect scgi configuration for nginx in