forked from erlyaws/yaws
/
news
555 lines (495 loc) · 43 KB
/
news
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
Fri Jul 3 15:43:03 CEST 2009
New stats feature added by Olivier Girondel whereby (optionally) stats is collected for a virt server. Stats available from comand line (yaws --stats). There are also plugins for munin to graph the statistics.
The authmod code should now be backwards compatible (faal)
fixes for traffic tracing in reverse proxy mode (Olivier Girondel)
Better error msg if erl is not found for win32 users (klacke)
Wed Jun 24 20:42:51 CEST 2009
An unfortunate backwards incompatibility crept in to the 1.82 release. Authentication is now backwards compat.
eliminate io_lib:format overhead in yaws_log:fmtnow (Steve)
handle authdirs search properly when docroot not defined (Olivier Girondel)
removed ancient backwards compat flag (klacke)
Thu May 28 20:17:10 CEST 2009 Yaws 1.82
Have the yaws script set HOME if unset, this is required since some distros (Ubuntu) don't set HOME for code run under/etc/rc and erlexec requires HOME to be set. (Klacke)
add extra cgi vars patch from joe_e_e
new ebuild file for gentoo from joe_e_e
patch by joe_e_e to move all files from /etc to /etc/yaws in the install script. This may cause some troubles for some users when upgrading. By default the make install target doesn't overwrite /etc files. Pay attention.
added sendfile check for Darwin, since no sendfile is available on OS X Tiger (Steve)
RSS fixes, (Steve)
Several authentication fixes by Fabian Alenius. Changed the way authentication is done, added support for multiple authentication methods to be used for one directory and changed so that the 401 page can be customized similarly to the 404 page. In general this is a major cleanup of how authentication is done. Much better. One backwards incompat change here. Fabian Renamed yaws_401.erl to yaws_outmod.erl, which is probably a better name considering it's current use(it also displays the crashmsg). We need some better docs describing authentication !!!
add date header to OPTIONS response (Steve)
fix badmatch calling yaws_server:suffix_type from yaw_server:do_url_type when dav is true (Steve)
Added fix and tests for github issue #2. Handle zero values for max_num_cached_files, max_num_cached_bytes, and max_size_cached_file to prevent infinite loops. (Steve)
modify time_to_string to avoid slow io_lib:format (Steve)
added sendfile check for Darwin, since no sendfile is available on OS X Tiger (Steve)
document rss_dir (Steve)
add ets-based yapp registry implementation for cases where mnesia is overkill (Steve)
Fixed so that the HTTP status is set to 401 explicitly in yaws_server:handle_ut(...), previously out401 needed to return {status, ...} or status would default to 200. (Fabian Alenius)
Mon Mar 9 21:48:18 CET 2009 Yaws 1.81
Moved the Yaws repository to http://www.github.som. See instructions at http://yaws.hyber.org/configuration.yaws on how to git clone Yaws. This is the first yaws release out of the github repo. The default Yaws wiki previously found at http://yaws.hyber.org/wiki has been moved to the wiki at github. New address of wiki is http://wiki.github.com/klacke/yaws. The previous (Erlang based wiki written by Johan Bevemyr) turned ... well unmodern, and was also plagued by spammers.
Several cleanups by Hans Ulrich Niedermann, file perms, speling errors etc.
remove leading slash in yapp_appmods examples (Tom McNulty)
Add DIME support for SOAP Anders Nygren
patch by Jouni Ryno finding broken fdsrv support
Two patches by Joseph Wayen Norton, one dbg-bug and one providing better cookie support for yaws sesssions
When yaws_ctl checks the CTL file to see if any current instance is running, check the socket opened to the port read from the CTL file to verify that the ephemeral port for that socket is not the same as the port read from the CTL file. This avoids a false positive caused by connecting the socket to its own port. (Steve Vinoski)
cleaned up the redirect feature. It was poorly implemented and poorly documented. This fix is backwards compatible for users using redirect in confd.conf. However, it is NOT backwards compatible for embedded users that specify the redirect_map explicitly in their #sconf{} records. The required changes for embedded users should be evident from the code. The new required format is documented in the code where #sconf{} is defined (klacke)
Thu Feb 12 22:58:16 CET 2009 Yaws 1.80
Full windows support with a proper .exe Windows installer (klacke)
Added a timestamp check on the ssl cert/key files making it possible to just upload new cert/key files and do yaws --hup to automatically have the new cert/key files being used (klacke)
Disgusting DOS attack discovered by Manuel Duran Aguete whereby if a neverendig series of headers are sent to yaws, we die of out of memory. Actual attack not described here. Contact me (klacke) if you're interested in the details and want a backport patch. I'm not really sure this is indeed the right procedure for announcing a DOS bug. (First time !!!)
init_db patch cleanup by Liu Yubao
patch by Liu Yubao to remove timeout in ssl accept
add pkg-config support contributed by Olivier Girondel
add --disable-sendfile option to configure, fix src/Makefile to clean yaws_configure.hrl (Steve)
set HEART_COMMAND to allow a maximum of 5 restarts within any 60 second period (Steve)
patch for queryparts that contain a question mark
Document the --wait-started option for the yaws script (Steve)
Fix the yaws script to allow --id ID to be passed after --wait-started (Steve)
Allow optional wait time to be specified to yaws via --wait-started=<seconds> (Steve)
added kpoll as default
fix sendfile socket fd handling problems on 64-bit platforms (Steve)
cygwin build patch by Davide marques
stream content with a timeout patch from Davide Marques
traffic trace was broken for certain types of requsts - found by wde
Tue Jan 20 20:19:16 CET 2009 version 1.79
This release fixes the completely broken 1.78 release. So at last, we have good sendfile support.
traffic trace was broken for certain types of requsts - found by wde
Fixed several sendfile related bugs (vinoski)
Improved yaws supervision structure (klacke)
apply case-insensitive servername comparison patch from John Webb
Thu Jan 8 22:00:51 CET 2009 version 1.78
Added --wait-started option to the yaws script (klacke)
Added initial test suites (klacke)
wrap log infinity bug found bt Phanikar.K
allow keys with multiple values within opaque data
fix handling of any existing listen_opts when reading listen_backlog conf variable (vinoski)
incorporate Lev Walkin's patch for a configurable TCP listen backlog, adding yaws.conf support and documentation as well (vinoski)
Added sendfile support, Works on Linux, FreeBSD and MacosX (vinoski)
patch by wde@free.fr to let errormod_crash return {content, MimeType, Cont}
added support/docs for authbind/privbind (klacke)
handle 100 continue with POST patch by Haobu Yu
configure/latex support and also slightly nicer listdir output by Hans Ulrich Niedermann
better soap docs by Stu Bailey
haxe serialization patch by Tomas Abrahamsson
proc dict/proc_lib patch by Magnus F
mime type patch by Tomas Abrahamsson
POST patch for .yaws files (submitted by Tomas Abrahamsson)
Several new MIME types added (vinoski)
patch from magnus Froberg addressing a sync issue with add-sconf, e.g. dynamic updates that manifested itself when add_sconf was run several times in a row in certain scenarios.
Implement special handling of the '*' URI for the OPTIONS method as specified in RFC2616 section 9.2. (vinoski)
Added more thorough support for the HTTP OPTIONS method. For "active" applications such as appmods and yapps, the OPTIONS method is delivered through to the application for processing. For "passive" resources such as files and directories, OPTIONS returns a canned response just as before. (vinoski)
added redirect_self() to yaws_api (klacke)
yaws.rel.src was missing and better error printuts when yaws.conf is missing, patch by Vance Shipley
solaris patch by Vance Shipley
name of a file sent in a multipart request contains quotes, I get a crash pathh by Michael Slaski
Blindly applied soap patch from Vance shipley addressing ... which causes operations to be missed when there are more than one port type in a WSDL.
file descriptor leak found by John Fessenden
modified patch by Robert David to add a hook to yaws session server when a session is gone
Vance Shipley patch to correct error handling in yaws_soap_lib
Mon Jun 16 22:44:45 CEST 2008 version 1.77
Content-Length chunked patch by Oleg Avdeev
eaccess typos in confd_ctl.erl - Sergei Golovan
added support for weird utf8 urlencoding
Added the cygwin README by Bill Robtersson
Added a 'make release' target in the top makefile. The release file picks up the versions of installed applications (erts,kernel, stdlib, sasl and mnesia). The product of this is a release package file (e.g. yaws-1.77.tar.gz) which can be installed on an embedded system using the SASL application release_handler. (Vance Shipley)
added mnesia_dir support to the gconf record as per patch BY Richard Bucker
The supervisor args were wrong, yaws shall have 1,0 restart strategy. This may break some backwards compat. Sites that ues yaws embedded need to check this.
Added debug dump functionality (klacke)
cygwin install patch by Bill Robertsson
Adding files for Erlware. A very rough packaging of 1.76 has been released at erlware.org. See the doc/overview.edoc for more details. (tobbe)
Major general code cleanup, finally got rid of all the export_all statements and in that process removed a bit of code that wasn't used (klacke)
Better timeout support in yaws-session_server
{page, P} patch by Robert David that handles better the case with a browser POST request
patch by oleg avdeev for CRNL in revproxy
embedded startup problem solved by Anders Nygren
Make crashmsg set status code 500
Thu Apr 3 23:13:03 CEST 2008 version 1.76
Patch from Lev Walkin to pass HTTP_REFERER as well as the HTTP_IF headers to the cgi script
Untabified all code. This is the right thing (TM) I've finally realized after programming for some 20 years with TABS in the files. (klacke)
redhat /etc/init patch by Steve Vinoski
quote patch for mnesiadir by Richard Bucker
Added CGI documentation including a new page http://yaws.hyber.org/cgi.yaws (klacke)
Several cleanups due to dialyzer, also moved the control file into users HOME directory so that we don't have the problem of writing in /var when we're running as non-root
Adding support for: imports in the WSDL and support for more than one schema in the WSDL. Committed on behalf of: Willem de Jong.
CGI should not just because it sees a Location: header do a 302, it is up the CGI script to set the correct status code (Sebastian strollo)
Added some rudimentary docs in yaws.conf.5 for virtual directories. A feature added some time ago by Julian Noble, but never properly documented. (klacke)
Sun Feb 3 2008 version 1.75
Better id handling for embedde startup (Klacke)
Reintroduced the SPNEGO/GSSAPI auth support by Mikael Magnusson
rpc patch by adam.boz@gmail.com
updated yapp documentation and startup sequence of yapp to avoid deadlock situation when yapp is inncluded in other applications .app files. (Micke)
Sat Dec 29 15:18:12 CET 2007 1.74
patch to make ssi work inside the crash handler from Michael FIG
tidy up patch by Richard Buckner
Logging work by Richar Bucker to make yaws work nice together with normal UNIX logrotate.
race condition on update counter for a page, a pagecounter could be removed by another process
Fixed a problem with heart restarting Yaws in a loop.
Fixed a couple of problems with Yaws terminating on purpose when accept() fails.
A bindings patch from Richard Bucker.
silently discard traffic which isn't even HTTP.
multivalued queryval/postval patch by yinso chen
Thu Sep 20 15:09:35 CEST 2007 1.73
Sloppy ssl bug found by John Webb
Wed Sep 19 23:17:47 CEST 2007 1.72
Even more bad properties found. Now all png, gif and wob (those are for the wiki) files have svn:mime-type application/octet-stream and no other properties. Finally fixed I hope.
Fri Sep 14 21:52:52 CEST 2007 version 1.71
Lots of broken png anf gif files found in the wiki due to the cvs->svn conversion (klacke)
Thu Sep 6 19:40:28 CEST 2007 version 1.70
Regular bugfix and small feature release.
Revproxy bug found by igor goryachev.
Started to use the new ssl:transport_accept() function, when accept fails, We now fail yaws entirely and it needs to be restarted by its supervisor or heart. If we have filedescriptor leaks, even outside of yaws, there is no good thing to do when accept fails. (klacke)
A body message patch from Brian Templeton which cleaned up code and improved RFC 2616 compliance
Added HTTPS env variable for trac (klacke)
added x-javascript as a compressible mime type, patch by anthony shipman
added a dir_listing function in yaws_api (klacke)
fixed yapp dependencies to vdir handling, added local stylesheet and updated yapp_intro documentation (mikaelk)
Virtual Directory support. ARG record and CGI variable changes. This change by Julian Noble was quite extensive. The feature is still completely undocumented - thus it is still experimental.
Thu Feb 8 16:45:47 CET 2007 version 1.68
Forgot to update configure after the patch to configure.in for ubuntu edgy users in 1.67
Patch by Julian Noble to pass auth info over the CGI interface.
Bugfix by Magnus Froberg: binding socket with fd_server now only listens to the specified IP address given in #sconf.listen
Sun Feb 4 16:56:30 CET 2007 version 1.67
Bugfix release
Removed the urlc_total counter - it didn't provide info which was worth the price of having it - Also Chris NewCombe reported troubles with the counter. (klacke)
Added install of the priv/*.xsd files for the SOAP server (tobbe)
Fixing yaws_api:find_cookie_val/2 which was broken (tobbe)
Made the examples SOAP look prettier. (tobbe)
Adding missing description on call to yaws_soap_srv:setup/2. (tobbe)
patch from Dimitriy Kargapolov for tmpdir handling (klacke)
Bugfix by Fredrik Thulin: The (undocumented) http_uri:parse/1 return format was changed between Erlang/OTP R11B-1 and R11B-2. (tobbe)
Patch from Fredrik Thulin to make setuid_drv work better under ubuntu where gcc with some stack smashing tech is used to build, then we cannot use ld, we need to use ggc to greate the shared object.
Appmod </, Mod> didn't work properly. Should be fixed now again !!!!!
RSS The generated content was not valid RSS 2.0 content (tobbe)
added ability to have config files in several files, patch from Sergei Golovan.
Added call to callback function: M:F(cookie_expire) which is expected to return a proper cookie expire string. If non-existant, the default behaviour will prevail, i.e a session bases cookie lifetime. (tobbe)
Extending yaws_api:find_cookie_val/2 to accept an #arg record as second argument as well. (tobbe)
tweaked the haXe documentation (yariv)
Sun Dec 17 20:58:21 CET 2006 version 1.66
Followup to the previous soap release.
Adding entry for the yaws_soap_lib man-page (tobbe)
pam fixes (made pam_wheel/pam_group work) (klacke)
Tue Dec 12 10:51:18 CET 2006 version 1.66
pam fixes, e.g make pam_group.so/pam_wheel.so work (klacke)
Full SOAP server/client implementation in Yaws
bug found in path handling for yaws_dir by CEAN guys
suppress dead client error msgs (klacke)
shutdown fixes from Danile Luna
added env DOCUMENT_ROOT to cgi env vars Michael FIG
the pathinfo elem in #arg got wrong when appmod was / (klacke)
start_embedded default flags patch by Jason Andersson
Added option for having a module for handling authentication. (jb)
Fix to yapp for starting dependencies, patch from Michael Leonhard
added the client IP address to the #arg record
added config flag 'use_large_ssl_pool = bool()' (klacke)
Mon Sep 11 19:59:57 CEST 2006 version 1.65
patch by Chris NewCombeto handle PUT method better.
Yapp added. Yaws application (Yapp) handler in yaws/applications/yapp directory "Drops" web applications independently of each other into an existing server where they get the default URL http://servername/application_name/. Yapps are simply Erlang/OTP applications with web pages in their priv/docroot directory (default). One can also configure private appmods, useful for controller parts in MVC like applications. (Mikael Karlsson)
Haxe. Now compatible with the latest version of haXe. (yarivvv)
New support to start Yaws as in embedded mode without having to fiddle with the boot script (etnt)
patch from Matthew Reilley to handle new backwards non-compatible return value from OTP zlib:deflate/4
patch from anders nygren to handle absolute paths + yssi.
patch from Magnus froberg to get better control over the files generated by 'yaws --check'. This is good if one wants to run i.e. xref and dialyzer also on all the generated .erl files from the --checker.
empty array bug in json parse found by juhani and fixed by gaspar.
appmod '/' was broken (klacke)
Install, netbsd/yaws.sh: NetBSD support from Kuzma Bartosz.
Thu Jul 13 13:07:10 CEST 2006 version 1.64
Fixes from Bengt Kleberg to make smtp.erl useful outside the webmail app.
patch by Sergei Golovan which fixed a CGI bug and made yaws_ctl safe.
install patches for macosX by Eric Baur.
Added a haXe remoting adapter with documentation (yarivvv)
made index.php autoload if it exists (klacke)
added debian /etc startup script (klacke)
Sun Jun 11 16:49:13 CEST 2006 version 1.63
Odd fix for MacOsX make behaviour. make install did not work.
Wed Jun 7 22:10:44 CEST 2006 version 1.62
JSON Ajax code from Gaspar Chilingarov, I added docs describing an example. (klacke)
run_erl and to_erl support patch from Mats Cronquist.
yaws_zlib.erl: some bugs in non used code found by dialyzer.
small fixes in the start script code (klacke)
Fixes from Mikael Karlsson adding an event manager to Yaws whereby it is possible to add user defined gen_event handlers handling different "events" from Yaws. The only event sofar is config changes. This is needed for mikls "yapp" project which is a way to write yaws packages that can be "dropped" into an existing server. (No docs or anything released yet)
Thu Apr 27 21:40:01 CEST 2006 Version 1.61
Started to write the ctl file, the file which contains the portnumber where the daemon is listening for ctl command to - /var/run/yaws/ctl-${ID}. The location is controllable through configure. Install scripts will make the /var/run/yaws dir writable to the world, each individual daemon which creates the ctl file will explicitly set the permissions on the ctl file to 600 - thus making it impossible for unauthorized users to control someone elses daemon. Root can control all daemons.
changed Yaws license to proper BSD (klacke)
Added startup script for FreeBSD
Worked the Makefiles to properly support DESTDIR. This is useful for packagers creating deb, rpm, portage ... packages (klacke)
Removed the ability to change userid. Also stopped writing to /tmp/yaws and started to write to ${HOME}/.yaws instead. This is much better since we cannot now ever get into the situations where file ownership and umask stop us from controlling a daemon. Note, this is a backwards incompatible change, all users that used the feature of letting Yaws change uid need to start using fdsrv instead. There is also a configurable in yaws.conf which makes it possible to write the tmp files to some other directory (klacke)
Cleaned up the start flags to the yaws script, all old flags are still there for backward compatibility. Updated docs and and help output from the yaws script to reflect all new flags.
Wiki fixes. Fixed error printouts; handle https and ftp links; updated READE (mbj)
file descriptor leak bug found by Mats Cronqvist where each call to 'yaws -ls' left an unclosed descriptor in the server (klacke)
Source code cleanup - added and #env record for environment passed to yaws. (klacke)
yaws_ls enhancements by doccarcass@gmail.com
Wed Feb 1 23:28:42 CET 2006 Version 1.58
pam and setuid_drv fixes for BSD by sstrollo
yaws_ls (dir listing) enhancements by doccarcass@gmail.com
RSS updates, more docs, Made month and days in RSS output to consist of two figures instead of just one. Fixed the RSS date format, as suggested by Daniel Kaminski. (Tobbe)
Wiki, Fixed path to the application directory where yaws files are stored. (mikl)
Added feature to not pick first sconf when virthosting. This is essential if we want explicit control over the virt hostnames. A commercial site called http://www.serious.com don't want http://fuckme.serious.com to ship the pages of the serious site :-) (klacke)
DAV - reworked the DAV support a bit - don't use an appmod, instead yaws has built-in support for DAV methods. Added support for missing DAV methods (COPY etc). (mbj)
Added support for the erlmerge/jungerl package 'fdsrv' which makes it possible to bind to privileged ports < 1024 even when we're not running as root. (klacke)
changed so that an arg_rewrite_mod may temporarily change the docroot by changing the Arg#arg.docroot attribute (mikl)
Added "pam" support for HTTP auth. (klacke)
Wed Aug 17 14:54:06 CEST 2005 Version 1.57
rel/abs path patch by Rob Schmersel which fixed a problem in the wiki
Rewrote yaws SSL code to use the packet http and packet line modes that are now supported in the OTP ssl module. Earlier this was all manual (and slow) code in yaws. Thus yaws/SSL servers are now considerably faster. The old yaws_ssl modules is no longer used. (klacke)
Support clients that POST data with Transfer-Encoding chunked. This is used by some models of cellphones. Bug found by ermine@ermine.pp.ru (Klacke)
Tmp dir patch by Karel Ostrovsky to better support tmp dir on Windows
cgi port patch by joe_e_e
Do not send the server port along with the host name in the CGI HTTP_HOST environment variable. Added HTTP_HOST env variable for CGI scripts (was required by sphpblog). (mikl)
Thu Jun 16 13:42:50 CEST 2005, Version 1.56, Security update release.
A bug was found by Daniel Fabian, SEC-Consult Unternehmensberatung GmbH whereby: If a null byte is appended to the filename of a yaws script (.yaws), the yaws webserver returns a page containing the source code of the according script. This flaw allows a malicious attacker to analyse the source code of the entire web application, which might result in the attacker gaining sensitive information like passwords. All versions of yaws older than 1.56 are vulnerable.
For users running old yaws web servers, the following <a href="yaws-1.55_to_1.56.patch"> patch </a> can be applied. The patch is small and can easily be back ported to older yaws releases.
Fri Jun 10 16:09:58 CEST 2005, Version 1.55 released. Feature release.
Concept of redirect maps added. See documentation in yaws.conf man page. This makes it possible to redir entire parts of the docroot to another site (jb)
Removed the forbidden code, the right thing to do when a script type is forbidden and we shall not run an interpreter on the script is to ship the script, but as text/plain instead of actually refusing to ship the data. Otherwise it's not possible to publish .php files at all on the web site. (klacke)
Initial support for Web DAV added. This is as of yet undocumented. (tobbe)
Added the possibility to have multiple docroots, where a page is searched in the list of docroots (klacke)
Tue Apr 12 2005, Version 1.54 released. Bugfix release.
Bug in SSL fixed, Bad line parsing in SSL mode, crashed when client sent headers split up in a certain way. (klacke)
Removed the automatic htmlize on strings in ehtml, it was wrong ... to have it there. It's better for users that want it to explicitly add yaws_api:htmlize() to their strings This breaks code and is non backwards compatible. Be aware !! Also made {Tag, Attr} generate xhtml compliant code. (klacke)
Cleaner shutdown (klacke)
Many improvements to the chat server. (jb)
When clearing the cache, yaws modules would remain loaded but be forgotten, resulting in a memory leak. (cschultz)
Added possibility to name the module in a .yaws file using a syntax of < erl module="foobar"> .... < /erl> to always get a .yaws file named to a special fixed module name instead of the increasing m1,m2 .. modulenames. This is useful if we want to keep API functions in certain .yaws files and call these functions from other .yaws files. (klacke)
Many reverse proxy bugs fixed. Maybe the reverse proxy is actually working now. It was never especially good. Try it. (mikl)
Bug fixed with bindings that got propagated over to other later requests.Yet another put/get bug. Maybe it's time for an acronym there. YAPGB ??? (klacke)
Better looking debug printouts. + dont overwrite trace_to_tty (-x commandline) if set on the commandline and also in the config file. Commandline should have precedense over config file directives. (klacke)
Wrote an internals document. Available at <a href="http://yaws.hyber.org/internals.yaws"> http://yaws.hyber.org/internals.yaws</a> (klacke)
Fri Feb 18, 2005 Bugfix release
Fatso bug found by Fredrik Linder where yaws completely crash on bad URLs that for example contain space chars in the uri. This is the bug which provoked this imideate followup release. (klacke)
Removed old broken URL decode code which was wrong. This code was added befor we actually understood how URLs are en/de coded (klacke, jb)
Added example chat program (jb)
Added new config opt fail_on_bind_err = Bool. The old behaviour was to silently accept (and log) server startup errors. This was due to a request from Tony Rogvall and the behaviour is bad, it's now back to the original behaviour where the entire yaws "application" fails if one virt server fails to gen_tcp:listen().
Mon Feb 14 2005, Version 1.52 released
Minor feature release
error condition bug in revproxy, found by tobbe. Revproxy is still not production quality. Experimental.
embedded bugfix by Michael Arnoldus
connection close bug found by Lennart Ostman
made errorlog actually go out when conf is brokbroke e + daemon (klacke)
Yaws is now RSS capable, see doc/README.rss (tobbe)
Added a new example look and feel for the wiki (jb)
Webmail, Fixed problem with login with empty fields in FireFox. (jb)
wiki, Fixed minor unzip problem triggered when uploading zip archives with names containing spaces. (jb)
Wed Dec 15 2004 Version 1.51 released
Major feature release.
Added support for config changes without stopping the running systems, virt servers can be added, removed and changed without affecting traffic. (klacke)
wiki/searchPage.yaws: Added search code from Jouni Ryno (jb)
Added client IP resolv for access log files (klacke)
Safer make install target. Can't install if yaws is running (klacke)
Updated both mail and wiki according to changed APIs for parse_multipart. (jb)
Sat Dec 11 2004 Version 1.50 released
Bugfix and docs release
Running the wiki at the yaws site. Use it !!. No passwords....
<verbatim> tag added, this tag pretty much works as <pre> _should_ have worked. Nothing needs to be escaped, and code containing <, >, & etc can be entered freely. Writing code examples were driving me crazy. Inside both <pre> and <code> tags all HTML special chars have to be quoted, sucks. (klacke)
Rewamped all docs with CSS and XHTML 1.0, beautiful and nice (klacke)
Attach file problem in wiki (jb)
Form post parameter was still always managed as atoms. This is a backwards incompatible change. It broke the wiki aswell as the upload example in the Yaws docs.However, the change is sound since it was easy to DOS a yaws server by sending file upload posts with new atoms. Eventually the atom table would overflow. However it does break code !!! (mikl)
Added auto-generate all.zip to dir listings. It needs the zip command in the current path to function properly. To turn off, use dir_listsings = true_nozip. This is a feature for all of us that like to share copyrighthed material to friends that can't muster wget -r (mbj)
Added relative path to ssi, ie {ssi, {rel_path, File}, ...} is now possible. (jb)
mail app, Fixed refresh bug. (jb)
Added example docs on how to stream data (klacke)
modded patch by sebastian strollo to let request_url/1 and reformat_url/1 be proper inverses of each other (klacke)
Made upgrading to new style Wiki templates smooth. If no template.html file exists in the WikiPreferences.files directory, then one is created. The same goes for template_info.html. (jb)
Thu Sep 2, 2004 Version 1.49 released
Bugfixrelease.
Webmail fixes by jb, Add original message quoted in reply, Delete email bug fixed, Mailbox already locked bug, Improved attachment handling.
Wiki fixes by jb, Made layout of wiki much more configurable using templates and ssi. You must run the script/updateWiki script after updating to this release.
Bug found by David Welton, url on the form http://www.x.com?foo had yaws_api:queryval/2 return {nokey, "foo"} which is clearly wrong. New correct val is {"foo", undefined}.
two-mode.el contributed by David Welton. Makes it easier to edit files with both erlang and html content. Typically the case for yaws files.
cschultz did lots of stuff, Deflate rehaul: Now works with dynamic pages, Multiple dots in yaws file name caused trouble with pathinfo, fixed silly bug with content-range, cache fixes, Have several processes wait for SSL connections, so that one SSL negotiation in progress does not prevent other connections. Also, for the similar reasons, have use a timeout with SSL accepts. timeout are quite arbitrary. They are ok for my low traffic site. Streaming fixes, Rewrite requests with absolute URI to look like requests with a Host header.
Small fix with embedded mode (it was completely non-working) by Jimmy Olgeni
Addded configure option -with-defaultcharset (klacke)
jb fixed a severe bug in ssi, Fixed bug in ssi code. Multichar delims were not handled properly. When a char of the delim string was found in the text it was deleted.
patch from Paul Mahon to add PEER_ADDR to cgi env
Mon Jun 7, 2004 Version 1.48 released
This release contains both bugfixes as well as som minor new features. There was also a fairly ugly security hole in the example code which describes file uploads found and fixed.
A Bug in yaws_api:request_url/1 was found by Einar Karttunen. The function didn't handle well the case with explicit port numbers in the URI. (klacke)
Fixed the appmod code so that users of yaws_api:setconf/1 doesn't have to bother with the cahnge in internal representation of appmods. (klacke)
Moved phpexe config variable from the sconf to the gconf, it doesn't make sence to have different phpexe paths for different virt servers. Users with old configs will get a warning when tying to specify a phpexe inside a virt server instead of inside the global config area. (klacke)
New feature called "yssi". Yaws server side include. It's now possible to let the out/1 function return a tuple {yssi, PathToYawsFile.yaws"}. The new yaws file will be fully expanded, compiled and in general handled as a yaws file. This feature can probably be used to build all kinds of different cool stuff. (klacke)
yaws_session_server ttl patch from Rob.Schmersel
Patch from Fredrik Linder to make it easier to integrate yaws into apps that don't use the otp application framework at all.
As usual updates both to the wiki and the webmail app by (jb)
Patch from Jocke Grebeno which handles ssi support for ehtml code, not just ascii. We can now return {ssi, "@@", file.html, [{"FOO", "bar"}, {"BAZ", {ehtml, {p, [], "saab"}}}]} and it returns the expected. Documented is ssi.yaws.
Security vulnerability in upload.yaws found by (mbj)
Thu May 27, 2004 Version 1.47 released
Appmods were slightly broken in 1.46
Wed May 26, 2004 Version 1.46 released
Bugfix release. Several fixes to different parts of the web server. No new features.
Debian support (David Welton)
Embedded mode fixes (Jimmy Olgeni)
Don't create no logs at all when logging is turned off bugfix (Jimmy Olgeni)
SSL and large POSTs fix (cschultz)
Compression and keep alive fix (cschultz)
As usual, several fixes to the wiki and the webmail app (jbevemyr)
An XSS vulnerability (lpsmith)
Rewrote the url spliting (again) and also backed off from the redir when we get http://www.a.com/ and index.html exists. It's better to ship the file directly instead of sending a redir. (klacke)
Reworked (and documented) the appmods a bit (klacke)
Added a command line flag (yaws -ls) which lists existing yaws servers and their status on localhost. (klacke)
Fri Apr 16, 2004 Version 1.45 released
Minor bugfix release fixing up the some odd bugs introduced in the 1.43 rewite.
Mar 18, 2004 Version 1.43 released
This is a major release. Not so much for added functionality as for internal rewrites of the code. The release contains the following:
Compression support using zlib. Still experimental. (cschultz)
Minor bugfixes in the reverse proxy. This code is still not ready (klacke)
Added a specific auth log which logs good and bad HTTP auth requests.
QNX port (cschatz@networkadvantage.biz)
Beautification of dir listings (cschultz)
Never let ehtml generate extra spaces where it is not entirely correct (patch from tomas abrahamsson)
Webmail app, Completed support for attachments, proper esacping, faster listing of large mboxes. Added sorting of mails (jb)
Date header bug (chandru)
postvar put/get bug fixed (hal snyder)
Added yaws_api:query_url(Arg) which reconstructs the url from the original GET request.
Added the "id = Key" configuration parameter. Earlier when we were running multiple yaws servers on the same machine, they had to run with different uid since yaws was writing temporary files under /tmp/yaws/${uid}. This is now changed and if we want 2 _different_ yaws servers on the same machine they must be given different "id" in their respective config files. The yaws ctl scripts, such as yaws -s and friends now have an extra (optional) "-j id" flag to control which specific instance of Yaws is ment.
Added explicit support for Content-Length header from .yaws files for applications that require Content-Length instead of chunked encodings.
Changed the #sconf{} and #gconf{} records so that all the booleans in those 2 records are now a bitmask flag. This is a slightly backwards incompatible change and it affects those that use Yaws in embedded mode where the #sconf and #gconf records are explicitly manipulated. It sholdn't be a big deal to change though.
Workaround buggy otp error_logger_file_h which truncates the report file whenever it is reopened.
Removed the calls inside the server that were doing list_to_atom/1 We were suceptible to DOS attacks. This is unfortunately a backwards incompatible change since it affects the return value from API functions yaws_api:parse_query/1 and yaws_api:parse_post/1. They both used to return lists on the form of {Key, Val} tuples where Key was an atom. It is now a string. There is a configuration option for yaws.conf which keeps the old (broken) behaviour.
Optimized url parsing and removed at least one call to lists:flatten/1 in the fast path.
Better support for old Netscape and the Connection: Keep-Alive header.
More beautiful trace output. Try "yaws -i -x -T"
More and better debug support.
New install procedure with a more interesting yaws.conf template generated.
Updated the ssl test certs that come with yaws. The old ones had expired.
Feb 6, 2004 Version1.41 released
Bugfixes and feature release.
Minor bugfixes to the reverse proxy implementation (klacke)
SSI for the ehtml expander as well as for normal usage. (klacke)
Timestamp checks on SSI files (klacke)
Wiki fixes (Johan Bevemyr)
Return 404 instead of 403 when dir listings are disabled (Leon Smith)
Added CGI variable REQUEST_URI (cschultz)
Better dir listings with support for sort methods (Martin Bjorklund)
Redir, bugs (one would thing we'd be able to do correct redirs by now .. ehh) (Leon Smithh)
Support for 301,303, and 307 redirs (Johan Bevemyr)
php executable is configurable (cschultz)
Major feature enhancement, Support for a new concept called bindings, documented at http://yaws.hyber.org as well as in the man pages. (Joakim grebeno)
More redir cleanup as well as introduction of redirect_local, {any_path, URI}} and made yaws_cgi use it. (cschultz)
Made the webmail app able to render attachments (klacke)
Dec 18, 2003 Version 1.40 released
This is a major feature release.
Experimental reverse proxy implementation <klacke@hyber.org>
New feature, server side includes inside ehtml structure with variable expansion <klacke@hyber.org>
yaws_html an HTML parser which produce ehtml output. The ideal tool for all of us who flunked artclass in highscool. Makes it very easy to rip page design from other sites (designed by those who went to the art classes) <jb@bevemyr.com>)
A HTTP cookie parser <jb@bevemyr.com)
A full blown easy to configure web mail application. It keeps no state, thus only requires the IP of the pop3/smtp servers to run. <jb@bevemyr.com)
Some problems with ehtml expansion fixed <jb@bevemyr.com)
Major overhaul of the docs, written description of embedded mode yaws <klacke@hyber.org)
Don't fail fatal when we can't bind() <klacke@hyber.org)
Time zone fix <magnus@nortelnetworks.com>
Mime type fix <Rob Schmersel>
tilde expansion and dir listings turned off by default, not on <jb@bevemyr.com>
Many small fixes to the wiki by <jb@bevemyr.com> and <mikl>
Oct 4, 2003. Version 1.31 released
This is minor bugfix release
Even more redir bugs fixed by Johan Bevemyr
Runs on old erlangs (R7) (klacke)
Compiles and runs nicely under win32 cygwin using native win32 erlang (klacke)
Cosmetic fixes, docs update and return 403 on bad GETs by Leon Smith
Aug 25, 2003. Version 1.30 released
This is major feature release with many new features by in particular Carsten Schultz and Leon Smith plus the normal set of regular bugfixes.
Setuid code had broken (klacke)
Setcookie problem with lynx (Johan Bevemyr)
Wiki: Thumbnail index to slideshow (Johan Bevemyr)
Fixed Cross-Site Scripting vunerability (Leon Smith)
url parsing rewritten in order to normalize the URL path in a
more secure way (Leon Smith)
Log file size for dynamic content also (Carsten Schultz)
Full CGI and PHP support (Carsten Schultz)
Added support for Content-Range, If-Range, If-Match (Carsten Schultz)
HEAD handling rewritten (Carsten Schultz)
Darwin MacOs X support (Eric Baur)
Docs updated describing cgi and php support (Carsten Schultz)
tty trace directly from command line for enhanced debugging
Jun 1, 2003. Version 1.22 released
This is bugfix release.
cosmetic changes in ehtml output
wiki install problems
many fixes to the wiki
ssl config was broken
/etc/rc scripts for redhat/gentoo/suse linux
a redir bug fixed.
ebuild for gentoo added
slideshow support added to the wiki
cosmetic updates to the latex docs
Mar 6, 2003. Version 1.2 released
This is bugfix release.
log fixes by brucefitzsimons
cache bugs for URLs with a query part
erlang compiler bug workaround, The erlang compiler isn't reentrant !!!!!
Makefile cleanup my mikl
Bugs in listdir
May 3, 2003. Version 1.01 released
This is bugfix release.
Bug in ssl config passord parse found by Eric Pearson
Bug in arg rewrite handling found and fixed by Taavi Talvik
Bug with redir for missing trailing slash together with a query part of the url fixed, found by Erik Pearson
Added the option of disabling dir_listings
Added http version to access log messages
Did away with the idiotic calls to id -u as well as the the broken grep in /etc/passwd. Also ensured that .yaws files with a query part don't end up in the cache. They need to be reparsed every time
Fixed probles with paths that had a query part ending up in the cache
Added proper support for 'if-none-match' with etag matching by Johan Bevemyr
Skip empty space after an erl chunk in a .yaws file
Handle http_error which is generated by the inet_drv.c code. This assumes a patch to the inet_drv.c that actually generates a http_error in this case. Default erl hangs there. Here is the inet_drv.c diff
Jan 23, 2003. Version 1.0 released
This is major release. Yaws is now in production quality.
Some minor fixes to yaws_api.
security bug found by jcortner@cvol.net
can compile yaws file produced on win32, that is files with \r\n terminaded lines.
Dec 1, 2002. Version 0.60 released
This is minor maintenance release.
Support to run Yaws first as root, then under a a non privileged user
A bug in listdir together with ~username expansion fixed
Bugs in wraplog fixed
Nov 25, 2002. Version 0.59 released
Lots of fixes and new features in this release. This release of Yaws is fast, it delivers 3000 static/dynamic pages/sec on my 2Ghz home box.
Many fixes in the wiki,
~username expansion now works
embedded mode is now fully implemented and functional
many new configuration directives
some backwards incompatible changes such as ssl config and yaws_api:parse_post_data/1. See the docs for details.
Arg rewrite, customized errors etc.
Lots of new documentation and new examples
Optimized ehtml generation
Oct 7, version 0.56 released.
Improved file editing if in the wiki
New returnvalue from out/1 <tt>break</tt>
The wiki returns w3c compliant code
New return value from out/1 <tt>{ehtml, ErlangTermStructure}</tt>
Multiple users by uid can now run yaws simultaneously.
Support for streamed large content from yaws code
Never cache yaws files that disn't compile properly.
Much more documentation, man page for yaws_api
added a cookie_session-server for persistent cookie sessions
full argument chunking support in Wiki
Install properly on FreeBSD.
Support for embedded mode (finally)
bugfix for empty POST
The shopingcart example is now fully implemented.
Sep 2, version 0.54 released.
Many fixes in the wikiweb by Johan Bevemyr, I'm now running a wikiweb at http://wiki.hyber.org
Support for HTTP Basic authentication by Sean Hinde
Better support for HTTP file upload by Johan and Sean
Support for many more MIME types by compiling a mime.types file by klacke
Support for OPTIONS http request by Johan Bevemyr
Lots of non ready code for a webmail app by klacke.
July 1, version 0.52 released.
It contains a complete wiki web written by Johan Bevemyr with original code
by Joe Armstrong. It also contains a series of minor and major bugfixes.
Jun 19, version 0.51 released. Lot's of fixes.
Return status 303 when browser asks for a dir URL without a trailing / in the http request. I've always wondered why apache does this. Now I know ... otherwise the relative URLs in /dir/index.html will be wrong when the browser tries to get them. Utilize this feature when listing dirs now, generate relative urls instead of absolute.
Removed the default_server_on_this_ip option, the first virthosted server in the config will be default if no Host: header is present
Made the Host: check to check for Host: host:port instead of just host when a server is run on a non-standard port. The browsers seem to set the Host: field to host:port
Tobbe added the -r flag to the startscript
Changed yaws_api:parse_post_data/1 so that it takes an arg struct as argument instead of querydata and added support for multipart form data in the process.
Jun 16, version 0.50 released.
A bug in setcookie fixed
a proper /etc/rc/init.d script written.
New flag, yaws -S which query status of the daemon. bug in cache reload fixed.
Jun 13, version 0.48 released.
It contains a complete rewrite of the API to generate dynamic content which makes it much easier to use.
Furthermore this version accumulates output into larger chunks which makes it much faster the earlier versions. We can now serve 2500 dynamically generated HTML pages per second on a 2GhZ machine.
A bug with iso 8859 chars in urls has been fixed.
Etag header for static content and Cache-Control header for dynamic.
Additional docs in the form of man pages.
Version 0.40 released.
Contains bugfixes and full SSL support as well as an embryo to WWW-Authenticate support.