CppCMS 0.0.7 and 0.99.3-beta3 released

This release is security fix release for stable branch of CppCMS and both security and feature release for CppCMS 1.x.x branch.

All users are encouraged to update to latest version.

If it is not possible to upgrade don't use "hmac" session backend, switch to "aes" or server side session storage backend.

Changedlog 0.0.7

• Bugfix of hmac backend: generation of signature with too small block size

Changedlog 0.99.3

Security:

• Bugfix of hmac backend: generation of signature with too small block size

Features:

• New version of Boost.Locale

• Added support of multiple hmac cookie signatures:

  Built in: hmac-md5, hmac-sha1
  With libgcrypt: hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512
  By default hmac now uses sha1 instead of less secure md5

Bugs:

• Fixed memory leak in aes session encryptor
• Fixed incorrect validation of UTF-8 encoding that could cause some illegal sequences to pass through.
• Fixed missing attributes of some form widgets
• Fixed incorrect code generation in templates in foreach loop
• Fixed race condition when dispatch and context assignment may happen not simultaneously

Pages

• About This Project
• My Open Source Astronomy Projects

Categories

• Progress
• Storage
• Benchmarks
• Templates
• FastCGI
• Framework
• Cache
• Berkeley DB
• Comet
• Unicode and Localization
• Off Topic