CppCMS 0.99.10 Released
I'd like to summarize this release that makes:
- CppCMS more secure platform for web development.
- CppCMS more windows friendly
- Much closer to the Release Candidate 1...
As a part of security improvements new page was added to the CppCMS wiki:
It is still work in progress but it shows some important tools that would help you to develop safer web applications. I'd recommend every one to read it, especially the sections about XSS and CSRF
Now about the changes CppCMS itself.
New features:
New Cross Site Request Forgery prevention tools.
Support loading XSS profiles from file/json object making XSS filters configuration much easier and simpler. A new example of using XSS filter with can be found under
/examples/xsssubdirectory in the CppCMS sources.Full support of timeouts in HTTP web server and other improvements.
Now built in HTTP web severer is fully useful not only for debugging but also for using on embedded platforms.
File server improvements:
- Security improvements - in file serving - now it is useful for embedded platforms.
- Full Unicode file names support under Windows (UTF-8).
- Optional directory listing support.
- Added support of alias in the file server
Support of installing, uninstalling and running CppCMS as windows service.
New tool for generation of HMAC/AES keys
cppcms_make_keySupport of numeric index and reverse iteration in foreach statement, closing issue #3111909
Added deprecation warning of
<% var %>templates format in flavor of<%= var %>andform + widgetoperator in flavor ofform.add(widget)Added workaround for sending full HTTP headers for broken SCGI connectors like IIS's one using.
Bugs:
- a bug in json::value::is_null() incorrect answer.
- Security fix: prevent from relative URI filter to match absolute ones in XSS filter.
Comments
I'm really impressed. Now I really have to try it out and build a site with this. I said I would some time ago but you're doing a good job and it sounds really tempting now. Thanks, not only for your work but I also admire you determination to get it done.
First of all, many congratulations to developers of this project. Looks very promissing.
Second, is there a forum to get support in a relative short time?? I have trouble in the compilation process, and simply i dont know how to solve this issue.
Any support is gratefully received.
Thx and keep the good work.
There is a mailing list that you can register and read:
Also read build and troubleshoot instructions:
Add Comment:
You must enable JavaScript in order to post comments.