Skip to content


Subversion checkout URL

You can clone with
Download ZIP
100644 769 lines (699 sloc) 61.005 kb
afdddab @klacke prepare for 1.94
1 Sun Jun 24 23:47:57 CEST 2012
2 Bugfix release for bugs that sneaked into 1.93
3 The random patch for 1.93 wasn't good enough as discovered by Sergei Golovan, we need to cater for non printable chars (Sergei Golovan)
c160d87 @vinoski add news items for upcoming 1.94
vinoski authored
4 add support for W3C Server-Sent Events (Steve)
5 add easy getter/setter functions for #headers records (Steve)
afdddab @klacke prepare for 1.94
6 add reverse proxy intercept module capability (Steve)
38bce37 @klacke prepare for 1.94
7 Patch from Nico Kruber to fix compile issue on OTP R13
afdddab @klacke prepare for 1.94
8a1401b @klacke preparing for 1.93
9 Wed Jun 20 20:22:11 CEST 2012 Yaws 1.93
10 Security release
645c644 @klacke preparing for 1.93
11 Use crypto:rand_bytes() instead of the cryptographically weak random module. Swedish security consultant and cryptographer Kalle Zetterlund discovered a way to - given a sequence of cookies produced by yaws_session_server - predict the next session id. Thus providing a gaping security hole into yaws servers that use the yaws_session_server to maintain cookie based HTTP sessions (klacke/kallez)
8a1401b @klacke preparing for 1.93
12 A denial of service bug has been corrected. Multippart POST processing on the yaws server side contained a list_to_atom/1 call which potentially makes it possible for an attacker to craft a continous list of POSTs, each potentially generating a new atom. This is a backwards incompatible fix since the upload code on the server side is user code. That code now needs to look for strings instead of atoms. For example the upload.yaws code in the www examples is changed. It searches now for the field "filename" instead of 'filename' (klacke)
13 make sure to always send proper strings to file:write() while logging (Nicolas Adiba)
14 default to a tcp queue backlog of 1024 (Nicolas Adiba)
15 log debug messages to the error_logger for embedded mode (Nicolas Adiba)
16 Add support of the 'OPTIONS' method when WebDav is enabled (Christopher Faulet)
17 Several yaws_revproxy improvements and fixes. I think that finally, after many years of badness, Christopher Faulet has finally made the reverse proxy function as it shall.
18 use request content type for SOAP responses (Steve)
19 websocket work (Steve)
20 typo in WWW-Authenticate handling leading to infinite recursion (nicad)
21 add new HTTP status codes from RFC 6585 (Steve)
22 Add support for precompressed static files (Christopher Faulet)
23 Improve how the responses compression is handled (Christopher Faulet)
24 configure ignores --libdir (steve)
25 report uncaught exception as server error 500 (steve)
26 fix yapp exclude_dir paths (Mikael Karlsson)
27 Fix bugs in yaws_api:parse_multipart_post/1,2 for chunked requests (Christopher Faulet)
28 Add options to configure deflate compression behaviour (Christopher Faulet)
29 make handling of cookie names case insensitive According to RFC 2109 (steve)
30 add rebar dependencies needed for SOAP applications (steve)
31 add callback for abnormal websocket close (steve)
32 note IPv4 or IPv6 as appropriate in munin statistics (Olivier Girondel)
33 fix configure's ERTS version checking for file:sendfile/5 (steve)
34 rebar work (tuncer)
35 added soap12 capability (Kaloyan Dimitrov)
36 Added facility for specifying an #auth record when starting embedded (Ulf Wiger)
37 Manage all 'special' headers of #headers{} and #outh{} records (Christopher Faulet)
38 Allow the server signature to be defined per virtual server (Christopher Faulet)
39 fix log rotation on Windows, where fsync() is required to get the actual file size (Garret Smith)
40 fixed wiki app XSS vulnerabilities (Sergei Golovan)
41 Refactor flush/1 function to prevent DoS attack (Christopher Faulet)
b49b6e8 @klacke preparing for 1.93
42 yaws now uses file:sendfile if available (R15B01 or newer) (tuncer/steve)
8a1401b @klacke preparing for 1.93
7b68b2f @klacke prepare for 1.92
44 Fri Dec 23 22:09:03 CET 2011 Yaws 1.92
45 Minor release,
46 changes for OS X Lion for build and test (steve)
47 Incorporation of various fixes from Klarna and Rickard Carlsson, makeing yaws_server upgrade-friendly and work with yaws --check (steve)
48 allow functions to be specified as values in ehtml (steve)
49 add config setting for acceptor pool size (steve)
50 tex/doc work (steve)
51 Populate soap_srv_mods field in yaws:setup_gconf/2 Essien Ita Essien
52 don't setup dirs in embeddded mode (klacke)
53 listen opts must be passed also to SSL sockets, Bug discovered and fixed by per Hedeland
54 fix expires header time when crossing DST boundary (steve)
55 fix CGI redirect HTTP status bug (steve)
56 Lots of rebar/reltool work - steve/Tuncer
57 Allow to pass options to erlsom - Willem de Jong
58 R15B compat work - Tuncer
59 update WebSockets implementation to support RFC 6455 - JD Bothma
60 add support for HTTP PATCH (RFC 5789) - steve
61 handle long HTTP header lines in R15B - steve
467a675 @klacke prepare for 1.91
63 Tue Aug 2 15:16:53 CEST 2011 Yaws 1.91
64 Minor release, with mostly small bugfixes, many tests added.
65 Added support to generate and check strict xhtml output (klacke)
66 Added possibility to turn off yaws log wrapping. This is useful for applications that embedd yaws and do not want that functionality at all (klacke)
67 fix reverse proxy problem (issue #60) (Steve)
68 let configure handle erlang built from git clone (Steve)
69 Float fixes for json2.erl and json.erl (Nico Kruber)
70 Support for halfword emulator (Steve)
71 Several new testcases added by Christopher Faulet
72 Fixes to the capflam patchset by Christopher Faulet
4582480 @klacke starting to prepare for 1.90
74 Tue May 24 21:25:00 CEST 2011 Yaws 1.90
4c2ae80 @vinoski minor corrections to news file
vinoski authored
75 Highlights in this release are the capflam patchset, a really long list of general improvements by Jean-Sebastien Pedron and Christopher Faulet. Also rebar support has been added by Steve and Tuncer. Finally, Steve has added JSON 2.0 support. Thus this is a major release. Lot's of new little features and also lot's of bug fixes.
9dd0990 @klacke publish the contributors list on frontpage
76 always store a tuple in #headers.authorization (Jean-Sebastien Pedron)
4c2ae80 @vinoski minor corrections to news file
vinoski authored
77 improve daemon status output (capflam) (Christopher Faulet)
78 allow Server header customization (capflam) (Christopher Faulet)
79 add shaper directive to control access (capflam) (Christopher Faulet)
80 allow conf file pathname config with app env var (capflam) (Christopher Faulet)
81 soft yaws shutdown (capflam) (Christopher Faulet)
82 arg_rewrite mods can now return HTTP responses (capflam) (Christopher Faulet)
83 support external handler to interpret php scripts (capflam) (Christopher Faulet)
84 add status option to page options (capflam) (Christopher Faulet)
85 allow multiple listen directives per server (capflam) (Christopher Faulet)
86 server-specific logger_mod and auth_mod (capflam) (Christopher Faulet)
87 support parsing of literal IPv6 addresses (capflam) (Christopher Faulet)
88 allow hard reload of conf without stopping (capflam) (Christopher Faulet)
89 add control for "Expires" and "Cache-Control" response headers (capflam) (Christopher Faulet)
90 add "application/javascript" as a compressible mime type (capflam) (Christopher Faulet)
91 use "partial_post_size" for chunked requests (capflam) (Christopher Faulet)
4582480 @klacke starting to prepare for 1.90
92 authorization improvements, including ACLs like apache mod_access (capflam) (Christopher Faulet)
bedbc05 @tuncer add rebar support (Tuncer Ayaz and Steve Vinoski)
tuncer authored
93 Yaws can now be built with rebar (Tuncer Ayaz and Steve Vinoski)
d8cf062 @vinoski augment index.yaws and news
vinoski authored
94 Updated Yaws JSON-RPC support to version 2.0 (Steve Vinoski)
4582480 @klacke starting to prepare for 1.90
95 set HTTP_HOST properly for CGI (Steve)
96 change sendfile driver handler to a gen_server (Steve)
97 update mime.types from recent Apache web server sources (Steve)
98 add binary option to multipart/form-data parsing (Steve)
99 rewrite multipart/form-data POST handling, making memory consuption lower (Steve)
100 add configurable access logging (Steve)
101 Adding access functions for various Yaws records. (tobbe)
102 yaws_session_server fixes for embedded mode (Tobbe)
103 avoid keeping our own copy of ibrowse for testing (Steve)
104 remove support for SOAP DIME attachments (Steve)
105 fix EINTR handling in sendfile driver OSX related (Steve)
106 A long series of dialyzer warnings fixed (klacke, Steve, Tuncer and Kostis)
107 configure ERLBINDIR relative to ERLDIR (James Lee)
108 teach linux build to distinguish 32- and 64-bit erlang (Steve)
109 Pluggable ysession storage with mnesia sample in src/contrib (Nicolas Thauvin)
110 add configure detection of erts bits support, required for websockets (Steve)
111 security vulnerability for win32 reported at
112 bug in upload to file code found by Mojito Sorbet
113 add implementation of X-Forwarded-For header + docs (Fabian Linzberger)
114 --running-config flag to query a running yaws for its config (klacke)
115 fix typos on soap intro page (reported by Wes James)
116 Fixed and updated SSL verify options. Fixed documentation for verify values to correspond to Erlang's SSL implementation. Updated #ssl{} and yaws:ssl_listen_opts/2 to include fail_if_no_peer_cert. (Per Andersson)
d8cf062 @vinoski augment index.yaws and news
vinoski authored
f3bfae3 preparing for 1.89
Claes Wikstrom authored
118 Sat Sep 25 13:39:29 CEST 2010 Yaws 1.89
d8cf062 @vinoski augment index.yaws and news
vinoski authored
119 Maintenance release with a long series of fixes mostly from Steve Vinoski
f3bfae3 preparing for 1.89
Claes Wikstrom authored
120 should not not include .yaws files, nor directories "protected" with an index file, nor directories protected by an auth directive. (Hans-Christian Esperer )
121 adjust to R14B change in gen_tcp:recv for {packet,http} mode Where we handle the return value of gen_tcp:recv while reading headers from the socket (such as with calls to yaws:do_recv), handle new R14B return values as well as existing return values for previous releases. (Steve)
122 for portability, use erlang:md5 rather than crypto md5 Since OpenSSL availability on Windows for working with the crypto module is apparently questionable, use the erlang:md5 function in place of the crypto md5 functions. (Steve)
123 websockets v76 update (Dominique Boucher)
124 several fcgi updates and bugfixes (Steve)
125 Add auth_skip_docroot server config variable (Christian Hennig)
126 Fix use_old_ssl=bool() for R14A (Joseph Wayne Norton)
127 add --umask option to yaws script (Steve)
128 Some yapp work, added a simple example (Mikael Karlsson)
129 performance enhancements (Steve)
130 add support for PHP FCGI applications (Hans-Christian Esperer)
131 fix cached process counter (Hans-Christian Esperer)
132 return part headers from yaws_multipart:read_multipart_form (Steve, based on a patch from Dilshod Temirkhodjaev.
133 patch for no-return-in-nonvoid-function error (Alexander Simonov)
134 two-mode.el now works with emacs 23 (Steve)
135 Allow "stream processes" to close the client socket (Steve)
136 Augment yaws man page with --erlarg argument quoting info (Steve)
137 Use gconf keepalive_timeout for connection lifetime (Brady McCary)
138 handle multi-word arguments for heart restart command (Steve)
139 Fix bug where yaws_api:parse_set_cookie tried to convert a record to lower case. (Anders Nygren)
140 patch by Sergey Shilov to set old_ssl for embedded mode
141 fix socket usage for FCGI authorization (bruno rijsman, steve vinoski)
142 work around an erlang:open_port bug for CGI QUERY_STRING env var (Steve)
143 Added a new configuration parameter called "keepalive_maxuses" which allows the yaws admin to close persistant connections after X number of uses. (Thomas O'Dowd )
144 improved embedded support (Steve)
d57f77c @klacke yaws 1.88 commit
146 Thu Mar 18 21:51:32 CET 2010 Yaws 1.88
147 Highlights in this release are, new SSL implementation is now default, FCGI enhhancements and IPV6 support.
c30bb56 @klacke prepare for 1.88
148 ssl support for websockets, patch by wde
149 Erroneous common log format entries, time should be surrounded by brackets (Klacke)
150 When executing yaws --hup the order of the hosts in a virthost group wans't maintained, thus breaking the feature of pick first virthost on nomatch (Klacke)
151 set nodelay on FCGI TCP connection, and avoid 0-length FCGI gen_tcp:recv (steve)
152 Set {nodelay,true} on the TCP connection to the FCGI server to improve performance of small requests. (steve)
153 The code receives packets from the FCGI server and for some cases was extracting length fields from some packets and then making further gen_tcp:recv calls based on those length values. The code was not checking for length values of 0 before calling recv, and passing 0 to recv means to return all available bytes. For both correctness and performance, the code must avoid the recv calls altogether when the length is 0. (steve)
154 convert error atoms into error strings for fcgi_worker_fail (steve)
155 IpV6 support
156 The default value for partial_post_size was nolimit, not a good default value and also erroneoulsy documented (Klacke)
157 An atempt at having utf8 characters in the host names for yaws servers. Probably not entirely correct, but it works. (Klacke)
158 Anders Dahlin found that yaws log code doesn't delete the gen_event handler it adds error logger when terminating, that means that restarting yaws leaves old processes hanging around
159 dialyzer work (Klacke)
160 Closed Issue #31, made parsing of yaws.conf more tight complaining on e.g allowd_scripts = [ yaws ]
161 fix for FastCGI/PHP Issue ( (davide)
162 auth through .yaws_auth files has become broken, (Klacke)
163 allow caller to set Host header for SOAP requests (Steve)
164 added support for OTP new ssl implementation ,Also set it as default. It's possible through yaws.conf to use the old SSL. The new seems to work well though, I've tested with a wide set of browsers, and in general it seems to work (klacke)
7680b32 @klacke re-prepare for 1.87
166 Mon Jan 11 22:09:00 CET 2010 1.87
9d929ca @klacke prepare for 1.87
167 websocket support (davide and wde)
7680b32 @klacke re-prepare for 1.87
168 conditional compile of websockets, only use if the chosen erl supports it (klacke/steve)
169 patch by Andrei Soroker to strip the port part in #redir_self records - this patch may break some code, users that use redir_self() and unconditionally strip off their optional port number are affected
170 support some extra status codes in code_to_phrase (steve)
171 drop spaces before parsing ints - patch by Colm Dougan
9d929ca @klacke prepare for 1.87
172 proper handling of "/" appmod with excluded paths (patch from wde)
173 Added new unit tests for appmods, with both / and non-/ tests. The / tests include exclude_paths testing. (steve)
174 patch from wde solving a problem with appmod exclude paths and verify_upgrade
175 yaws_server: fixed the test for whether to close the socket. The yaws:outh_get_doclose() doesn't return a boolean and it requires the outh dicionary entry to be set (sometimes it isn't). (davide)
176 do not pass the --id option if the default id is used (steve)
9c63c94 @klacke preparing for 1.86
178 Sun Dec 6 14:35:33 CET 2009 1.86
179 Mostly a bugfix release. Two new features. First the ability to exclude directories from an appmod. This is especially interesting for users that have an appmod at '/' but still want yaws to ship normal static contet such as js files and images. Secondly support for Forward proxying was added. Here is the changes list:
180 It wasn't possible to handle huge files (above 2GIG ?) If sendfile hits EOVERFLOW send the file from Erlang code instead (Steve and klacke)
181 json binary key support (TBBle)
182 Forward proxy functionality added through a patch by Colm Dougan
183 patch from anders dahlin to always populate yaws auth headers
184 Added SSL support to stream_process_* functions. (davide)
185 Added support for passing SSL configurations to start_embedded as a proplist (passing #ssl{} still works). (davide)
186 Added support for excluding dirs from an appmod. (klacke)
187 erasing the connection header must also set doclose to false (steve)
188 Several soap patches by Eric Liang. docs, support on addtional specified prefix when rpc call by method: yaws_soap_lib:call, add the soap_srv_mods support, which can setup soap serve modules while yaws start.
189 prevent crash caused by malicious client sending an empty Host header (steve)
190 Several haXe fixes by Paul Hampson - Add example for haXe returning an error object, Document how to run haXe remoting sample under neko, Export haXe remoting handler function, Add example for JSON-RPC returning an error object, Allow JSON-RPC/haXe remoting handlers to send error objects.
191 yaws_rpc produced non-compliant jsonrpc results. Looking at the JSON-RPC specification at the returned result of a call needs to contain an error field, with value null for the success case. The example json-rpc python client code on the site expects this field to be present. (TBBle)
192 Allow binaries as json values. (Matt Stancliff)
193 mkcert SSL scripts (klacke)
229c5b6 @klacke prepare for 1.85
195 Sat Oct 17 22:56:36 CEST 2009 1.85
196 This is mostly (again) a bugfix/minor enhancement release.
197 redirect bug reported by James Lee (steve)
198 streamcontent_with_timeout bug , git issue #16 fixed (klacke)
199 max number of connections patch by Kinoshita (klacke)
200 updated mime.types from recent Apache web server sources (steve)
201 config of partial_post_size = nolimit was broken (klacke)
202 stopping yaws_sendfile thru supervisor does not hang - by ks (klacke)
203 Major work on the auth code, Auth - unauthorized enhancements, Setup auth rewrite/cleanup, (Embedded) Config enhancements (Anders Dahlin)
204 fix HTTP header case sensitivity problem in yaws_cgi (Bruno Rijsman)
205 fix decode_base64 to return just a tuple in case of error (reported by Gabri
206 add streamcontent_from_pid capability to allow direct streaming to socket (steve)
207 Fixed support for Timeout=infinity in streamcontent_with_timeout. (davide)
208 Use iolists instead of binaries for streamcontent_from_pid data, and add a new test for the streamcontent_from_pid feature (klacke)
209 add --nodebug option (steve)
210 determine gcc flags for 32-bit or 64-bit Erlang on OS X Snow Leopard (steve)
211 add new multipart example yaws_multipart.erl (Praveen Ray)
212 timezone format patch by Per Hedeland
213 Patch from wde with support for virthosting several ssl serveres on the same IP. This makes sense if we have multiple subjectAltName in the ssl cert
214 fixes for FCGI authorization (Bruno Rijsman), plus I cleaned up indentation and comments in yaws_cgi.erl
c30ef89 @klacke prepare for 1.84
216 Sun Jul 5 20:05:00 CEST 2009 1.84
217 patch from anders abramhamson - a bug with multipart posts
20d080c @klacke prepare for 1.83
218 New stats feature added by Olivier Girondel whereby (optionally) stats is collected for a virt server. Stats available from comand line (yaws --stats). There are also plugins for munin to graph the statistics.
219 The authmod code should now be backwards compatible (faal)
220 fixes for traffic tracing in reverse proxy mode (Olivier Girondel)
221 Better error msg if erl is not found for win32 users (klacke)
25028a8 @klacke cleanup
222 eliminate io_lib:format overhead in yaws_log:fmtnow (Steve)
223 handle authdirs search properly when docroot not defined (Olivier Girondel)
224 removed ancient backwards compat flag (klacke)
45ae3b4 @klacke prepare for 1.82
226 Thu May 28 20:17:10 CEST 2009 Yaws 1.82
5e1d1ec @klacke prepare for 1.82
227 Have the yaws script set HOME if unset, this is required since some distros (Ubuntu) don't set HOME for code run under/etc/rc and erlexec requires HOME to be set. (Klacke)
228 add extra cgi vars patch from joe_e_e
229 new ebuild file for gentoo from joe_e_e
3aabdb4 @klacke prepare for 1.82
230 patch by joe_e_e to move all files from /etc to /etc/yaws in the install script. This may cause some troubles for some users when upgrading. By default the make install target doesn't overwrite /etc files. Pay attention.
5e1d1ec @klacke prepare for 1.82
231 added sendfile check for Darwin, since no sendfile is available on OS X Tiger (Steve)
232 RSS fixes, (Steve)
233 Several authentication fixes by Fabian Alenius. Changed the way authentication is done, added support for multiple authentication methods to be used for one directory and changed so that the 401 page can be customized similarly to the 404 page. In general this is a major cleanup of how authentication is done. Much better. One backwards incompat change here. Fabian Renamed yaws_401.erl to yaws_outmod.erl, which is probably a better name considering it's current use(it also displays the crashmsg). We need some better docs describing authentication !!!
234 add date header to OPTIONS response (Steve)
235 fix badmatch calling yaws_server:suffix_type from yaw_server:do_url_type when dav is true (Steve)
236 Added fix and tests for github issue #2. Handle zero values for max_num_cached_files, max_num_cached_bytes, and max_size_cached_file to prevent infinite loops. (Steve)
237 modify time_to_string to avoid slow io_lib:format (Steve)
238 added sendfile check for Darwin, since no sendfile is available on OS X Tiger (Steve)
239 document rss_dir (Steve)
240 add ets-based yapp registry implementation for cases where mnesia is overkill (Steve)
241 Fixed so that the HTTP status is set to 401 explicitly in yaws_server:handle_ut(...), previously out401 needed to return {status, ...} or status would default to 200. (Fabian Alenius)
54139d8 @klacke prepare for 1.81
243 Mon Mar 9 21:48:18 CET 2009 Yaws 1.81
244 Moved the Yaws repository to http://www.github.som. See instructions at on how to git clone Yaws. This is the first yaws release out of the github repo. The default Yaws wiki previously found at has been moved to the wiki at github. New address of wiki is The previous (Erlang based wiki written by Johan Bevemyr) turned ... well unmodern, and was also plagued by spammers.
245 Several cleanups by Hans Ulrich Niedermann, file perms, speling errors etc.
246 remove leading slash in yapp_appmods examples (Tom McNulty)
247 Add DIME support for SOAP Anders Nygren
248 patch by Jouni Ryno finding broken fdsrv support
249 Two patches by Joseph Wayen Norton, one dbg-bug and one providing better cookie support for yaws sesssions
250 When yaws_ctl checks the CTL file to see if any current instance is running, check the socket opened to the port read from the CTL file to verify that the ephemeral port for that socket is not the same as the port read from the CTL file. This avoids a false positive caused by connecting the socket to its own port. (Steve Vinoski)
251 cleaned up the redirect feature. It was poorly implemented and poorly documented. This fix is backwards compatible for users using redirect in confd.conf. However, it is NOT backwards compatible for embedded users that specify the redirect_map explicitly in their #sconf{} records. The required changes for embedded users should be evident from the code. The new required format is documented in the code where #sconf{} is defined (klacke)
253 Thu Feb 12 22:58:16 CET 2009 Yaws 1.80
fdfdd8e @klacke prep for 1.80
254 Full windows support with a proper .exe Windows installer (klacke)
255 Added a timestamp check on the ssl cert/key files making it possible to just upload new cert/key files and do yaws --hup to automatically have the new cert/key files being used (klacke)
5e1d1ec @klacke prepare for 1.82
256 Disgusting DOS attack discovered by Manuel Duran Aguete whereby if a neverendig series of headers are sent to yaws, we die of out of memory. Actual attack not described here. Contact me (klacke) if you're interested in the details and want a backport patch. I'm not really sure this is indeed the right procedure for announcing a DOS bug. (First time !!!)
fdfdd8e @klacke prep for 1.80
257 init_db patch cleanup by Liu Yubao
258 patch by Liu Yubao to remove timeout in ssl accept
259 add pkg-config support contributed by Olivier Girondel
260 add --disable-sendfile option to configure, fix src/Makefile to clean yaws_configure.hrl (Steve)
261 set HEART_COMMAND to allow a maximum of 5 restarts within any 60 second period (Steve)
262 patch for queryparts that contain a question mark
263 Document the --wait-started option for the yaws script (Steve)
264 Fix the yaws script to allow --id ID to be passed after --wait-started (Steve)
265 Allow optional wait time to be specified to yaws via --wait-started=<seconds> (Steve)
266 added kpoll as default
267 fix sendfile socket fd handling problems on 64-bit platforms (Steve)
268 cygwin build patch by Davide marques
269 stream content with a timeout patch from Davide Marques
270 traffic trace was broken for certain types of requsts - found by wde
28d18e8 @klacke git-svn-id:…
272 Tue Jan 20 20:19:16 CET 2009 version 1.79
5e1d1ec @klacke prepare for 1.82
273 This release fixes the completely broken 1.78 release. So at last, we have good sendfile support.
28d18e8 @klacke git-svn-id:…
274 traffic trace was broken for certain types of requsts - found by wde
481b7c4 @klacke prep for 1.79
275 Fixed several sendfile related bugs (vinoski)
276 Improved yaws supervision structure (klacke)
277 apply case-insensitive servername comparison patch from John Webb
ddf3bee @klacke preparing for 1.78
279 Thu Jan 8 22:00:51 CET 2009 version 1.78
280 Added --wait-started option to the yaws script (klacke)
281 Added initial test suites (klacke)
282 wrap log infinity bug found bt Phanikar.K
283 allow keys with multiple values within opaque data
df489ee @vinoski fix name spelling
vinoski authored
284 fix handling of any existing listen_opts when reading listen_backlog conf variable (vinoski)
285 incorporate Lev Walkin's patch for a configurable TCP listen backlog, adding yaws.conf support and documentation as well (vinoski)
286 Added sendfile support, Works on Linux, FreeBSD and MacosX (vinoski)
ddf3bee @klacke preparing for 1.78
287 patch by to let errormod_crash return {content, MimeType, Cont}
288 added support/docs for authbind/privbind (klacke)
289 handle 100 continue with POST patch by Haobu Yu
290 configure/latex support and also slightly nicer listdir output by Hans Ulrich Niedermann
291 better soap docs by Stu Bailey
292 haxe serialization patch by Tomas Abrahamsson
293 proc dict/proc_lib patch by Magnus F
294 mime type patch by Tomas Abrahamsson
295 POST patch for .yaws files (submitted by Tomas Abrahamsson)
df489ee @vinoski fix name spelling
vinoski authored
296 Several new MIME types added (vinoski)
ddf3bee @klacke preparing for 1.78
297 patch from magnus Froberg addressing a sync issue with add-sconf, e.g. dynamic updates that manifested itself when add_sconf was run several times in a row in certain scenarios.
df489ee @vinoski fix name spelling
vinoski authored
298 Implement special handling of the '*' URI for the OPTIONS method as specified in RFC2616 section 9.2. (vinoski)
299 Added more thorough support for the HTTP OPTIONS method. For "active" applications such as appmods and yapps, the OPTIONS method is delivered through to the application for processing. For "passive" resources such as files and directories, OPTIONS returns a canned response just as before. (vinoski)
ddf3bee @klacke preparing for 1.78
300 added redirect_self() to yaws_api (klacke)
301 yaws.rel.src was missing and better error printuts when yaws.conf is missing, patch by Vance Shipley
302 solaris patch by Vance Shipley
303 name of a file sent in a multipart request contains quotes, I get a crash pathh by Michael Slaski
304 Blindly applied soap patch from Vance shipley addressing ... which causes operations to be missed when there are more than one port type in a WSDL.
305 file descriptor leak found by John Fessenden
306 modified patch by Robert David to add a hook to yaws session server when a session is gone
307 Vance Shipley patch to correct error handling in yaws_soap_lib
77aa407 @klacke preparing for 1.77
309 Mon Jun 16 22:44:45 CEST 2008 version 1.77
310 Content-Length chunked patch by Oleg Avdeev
311 eaccess typos in confd_ctl.erl - Sergei Golovan
312 added support for weird utf8 urlencoding
313 Added the cygwin README by Bill Robtersson
314 Added a 'make release' target in the top makefile. The release file picks up the versions of installed applications (erts,kernel, stdlib, sasl and mnesia). The product of this is a release package file (e.g. yaws-1.77.tar.gz) which can be installed on an embedded system using the SASL application release_handler. (Vance Shipley)
315 added mnesia_dir support to the gconf record as per patch BY Richard Bucker
316 The supervisor args were wrong, yaws shall have 1,0 restart strategy. This may break some backwards compat. Sites that ues yaws embedded need to check this.
317 Added debug dump functionality (klacke)
318 cygwin install patch by Bill Robertsson
319 Adding files for Erlware. A very rough packaging of 1.76 has been released at See the doc/overview.edoc for more details. (tobbe)
320 Major general code cleanup, finally got rid of all the export_all statements and in that process removed a bit of code that wasn't used (klacke)
321 Better timeout support in yaws-session_server
322 {page, P} patch by Robert David that handles better the case with a browser POST request
323 patch by oleg avdeev for CRNL in revproxy
324 embedded startup problem solved by Anders Nygren
325 Make crashmsg set status code 500
db30362 @klacke Preparing for 1.76
327 Thu Apr 3 23:13:03 CEST 2008 version 1.76
328 Patch from Lev Walkin to pass HTTP_REFERER as well as the HTTP_IF headers to the cgi script
329 Untabified all code. This is the right thing (TM) I've finally realized after programming for some 20 years with TABS in the files. (klacke)
df489ee @vinoski fix name spelling
vinoski authored
330 redhat /etc/init patch by Steve Vinoski
db30362 @klacke Preparing for 1.76
331 quote patch for mnesiadir by Richard Bucker
332 Added CGI documentation including a new page (klacke)
333 Several cleanups due to dialyzer, also moved the control file into users HOME directory so that we don't have the problem of writing in /var when we're running as non-root
334 Adding support for: imports in the WSDL and support for more than one schema in the WSDL. Committed on behalf of: Willem de Jong.
335 CGI should not just because it sees a Location: header do a 302, it is up the CGI script to set the correct status code (Sebastian strollo)
336 Added some rudimentary docs in yaws.conf.5 for virtual directories. A feature added some time ago by Julian Noble, but never properly documented. (klacke)
6f8d72b @klacke rel 1.75
338 Sun Feb 3 2008 version 1.75
339 Better id handling for embedde startup (Klacke)
340 Reintroduced the SPNEGO/GSSAPI auth support by Mikael Magnusson
341 rpc patch by
342 updated yapp documentation and startup sequence of yapp to avoid deadlock situation when yapp is inncluded in other applications .app files. (Micke)
5875acc @klacke Version 1.74
344 Sat Dec 29 15:18:12 CET 2007 1.74
345 patch to make ssi work inside the crash handler from Michael FIG
346 tidy up patch by Richard Buckner
347 Logging work by Richar Bucker to make yaws work nice together with normal UNIX logrotate.
348 race condition on update counter for a page, a pagecounter could be removed by another process
349 Fixed a problem with heart restarting Yaws in a loop.
350 Fixed a couple of problems with Yaws terminating on purpose when accept() fails.
351 A bindings patch from Richard Bucker.
352 silently discard traffic which isn't even HTTP.
353 multivalued queryval/postval patch by yinso chen
dc3254d @klacke 1.73
355 Thu Sep 20 15:09:35 CEST 2007 1.73
356 Sloppy ssl bug found by John Webb
358 Wed Sep 19 23:17:47 CEST 2007 1.72
5e99346 @klacke version 1.72
359 Even more bad properties found. Now all png, gif and wob (those are for the wiki) files have svn:mime-type application/octet-stream and no other properties. Finally fixed I hope.
7c1a3ed @klacke vsn 1.71
361 Fri Sep 14 21:52:52 CEST 2007 version 1.71
362 Lots of broken png anf gif files found in the wiki due to the cvs->svn conversion (klacke)
db3f6e3 @klacke prep for 1.70
364 Thu Sep 6 19:40:28 CEST 2007 version 1.70
674c8b3 @klacke git-svn-id:…
365 Regular bugfix and small feature release.
db3f6e3 @klacke prep for 1.70
366 Revproxy bug found by igor goryachev.
7c1a3ed @klacke vsn 1.71
367 Started to use the new ssl:transport_accept() function, when accept fails, We now fail yaws entirely and it needs to be restarted by its supervisor or heart. If we have filedescriptor leaks, even outside of yaws, there is no good thing to do when accept fails. (klacke)
db3f6e3 @klacke prep for 1.70
368 A body message patch from Brian Templeton which cleaned up code and improved RFC 2616 compliance
369 Added HTTPS env variable for trac (klacke)
370 added x-javascript as a compressible mime type, patch by anthony shipman
371 added a dir_listing function in yaws_api (klacke)
372 fixed yapp dependencies to vdir handling, added local stylesheet and updated yapp_intro documentation (mikaelk)
373 Virtual Directory support. ARG record and CGI variable changes. This change by Julian Noble was quite extensive. The feature is still completely undocumented - thus it is still experimental.
3abb849 @klacke prepare 1.68
375 Thu Feb 8 16:45:47 CET 2007 version 1.68
376 Forgot to update configure after the patch to for ubuntu edgy users in 1.67
377 Patch by Julian Noble to pass auth info over the CGI interface.
378 Bugfix by Magnus Froberg: binding socket with fd_server now only listens to the specified IP address given in #sconf.listen
aed77d6 @klacke preparing for 1.67
380 Sun Feb 4 16:56:30 CET 2007 version 1.67
381 Bugfix release
382 Removed the urlc_total counter - it didn't provide info which was worth the price of having it - Also Chris NewCombe reported troubles with the counter. (klacke)
383 Added install of the priv/*.xsd files for the SOAP server (tobbe)
384 Fixing yaws_api:find_cookie_val/2 which was broken (tobbe)
385 Made the examples SOAP look prettier. (tobbe)
386 Adding missing description on call to yaws_soap_srv:setup/2. (tobbe)
387 patch from Dimitriy Kargapolov for tmpdir handling (klacke)
388 Bugfix by Fredrik Thulin: The (undocumented) http_uri:parse/1 return format was changed between Erlang/OTP R11B-1 and R11B-2. (tobbe)
389 Patch from Fredrik Thulin to make setuid_drv work better under ubuntu where gcc with some stack smashing tech is used to build, then we cannot use ld, we need to use ggc to greate the shared object.
390 Appmod </, Mod> didn't work properly. Should be fixed now again !!!!!
391 RSS The generated content was not valid RSS 2.0 content (tobbe)
392 added ability to have config files in several files, patch from Sergei Golovan.
393 Added call to callback function: M:F(cookie_expire) which is expected to return a proper cookie expire string. If non-existant, the default behaviour will prevail, i.e a session bases cookie lifetime. (tobbe)
394 Extending yaws_api:find_cookie_val/2 to accept an #arg record as second argument as well. (tobbe)
395 tweaked the haXe documentation (yariv)
330cb31 @klacke vsn 1.66
399 Sun Dec 17 20:58:21 CET 2006 version 1.66
400 Followup to the previous soap release.
401 Adding entry for the yaws_soap_lib man-page (tobbe)
402 pam fixes (made pam_wheel/pam_group work) (klacke)
184735d @klacke *** empty log message ***
404 Tue Dec 12 10:51:18 CET 2006 version 1.66
405 pam fixes, e.g make work (klacke)
406 Full SOAP server/client implementation in Yaws
407 bug found in path handling for yaws_dir by CEAN guys
408 suppress dead client error msgs (klacke)
409 shutdown fixes from Danile Luna
410 added env DOCUMENT_ROOT to cgi env vars Michael FIG
411 the pathinfo elem in #arg got wrong when appmod was / (klacke)
412 start_embedded default flags patch by Jason Andersson
413 Added option for having a module for handling authentication. (jb)
414 Fix to yapp for starting dependencies, patch from Michael Leonhard
415 added the client IP address to the #arg record
416 added config flag 'use_large_ssl_pool = bool()' (klacke)
0277691 @klacke preparing for 1.65
418 Mon Sep 11 19:59:57 CEST 2006 version 1.65
419 patch by Chris NewCombeto handle PUT method better.
420 Yapp added. Yaws application (Yapp) handler in yaws/applications/yapp directory "Drops" web applications independently of each other into an existing server where they get the default URL http://servername/application_name/. Yapps are simply Erlang/OTP applications with web pages in their priv/docroot directory (default). One can also configure private appmods, useful for controller parts in MVC like applications. (Mikael Karlsson)
421 Haxe. Now compatible with the latest version of haXe. (yarivvv)
422 New support to start Yaws as in embedded mode without having to fiddle with the boot script (etnt)
423 patch from Matthew Reilley to handle new backwards non-compatible return value from OTP zlib:deflate/4
424 patch from anders nygren to handle absolute paths + yssi.
425 patch from Magnus froberg to get better control over the files generated by 'yaws --check'. This is good if one wants to run i.e. xref and dialyzer also on all the generated .erl files from the --checker.
426 empty array bug in json parse found by juhani and fixed by gaspar.
427 appmod '/' was broken (klacke)
428 Install, netbsd/ NetBSD support from Kuzma Bartosz.
37a6db2 @klacke *** empty log message ***
430 Thu Jul 13 13:07:10 CEST 2006 version 1.64
431 Fixes from Bengt Kleberg to make smtp.erl useful outside the webmail app.
432 patch by Sergei Golovan which fixed a CGI bug and made yaws_ctl safe.
433 install patches for macosX by Eric Baur.
434 Added a haXe remoting adapter with documentation (yarivvv)
435 made index.php autoload if it exists (klacke)
436 added debian /etc startup script (klacke)
7fb2673 @klacke tiny followup rel
438 Sun Jun 11 16:49:13 CEST 2006 version 1.63
439 Odd fix for MacOsX make behaviour. make install did not work.
441 Wed Jun 7 22:10:44 CEST 2006 version 1.62
11a8274 @klacke mikl hup fixes
442 JSON Ajax code from Gaspar Chilingarov, I added docs describing an example. (klacke)
053dd41 @klacke *** empty log message ***
443 run_erl and to_erl support patch from Mats Cronquist.
444 yaws_zlib.erl: some bugs in non used code found by dialyzer.
11a8274 @klacke mikl hup fixes
445 small fixes in the start script code (klacke)
446 Fixes from Mikael Karlsson adding an event manager to Yaws whereby it is possible to add user defined gen_event handlers handling different "events" from Yaws. The only event sofar is config changes. This is needed for mikls "yapp" project which is a way to write yaws packages that can be "dropped" into an existing server. (No docs or anything released yet)
053dd41 @klacke *** empty log message ***
e3f436d @klacke preparing for 1.61
448 Thu Apr 27 21:40:01 CEST 2006 Version 1.61
11a8274 @klacke mikl hup fixes
449 Started to write the ctl file, the file which contains the portnumber where the daemon is listening for ctl command to - /var/run/yaws/ctl-${ID}. The location is controllable through configure. Install scripts will make the /var/run/yaws dir writable to the world, each individual daemon which creates the ctl file will explicitly set the permissions on the ctl file to 600 - thus making it impossible for unauthorized users to control someone elses daemon. Root can control all daemons.
e3f436d @klacke preparing for 1.61
450 changed Yaws license to proper BSD (klacke)
6d1af83 @klacke *** empty log message ***
451 Added startup script for FreeBSD
452 Worked the Makefiles to properly support DESTDIR. This is useful for packagers creating deb, rpm, portage ... packages (klacke)
453 Removed the ability to change userid. Also stopped writing to /tmp/yaws and started to write to ${HOME}/.yaws instead. This is much better since we cannot now ever get into the situations where file ownership and umask stop us from controlling a daemon. Note, this is a backwards incompatible change, all users that used the feature of letting Yaws change uid need to start using fdsrv instead. There is also a configurable in yaws.conf which makes it possible to write the tmp files to some other directory (klacke)
11a8274 @klacke mikl hup fixes
454 Cleaned up the start flags to the yaws script, all old flags are still there for backward compatibility. Updated docs and and help output from the yaws script to reflect all new flags.
a30ca88 @klacke ""
455 Wiki fixes. Fixed error printouts; handle https and ftp links; updated READE (mbj)
11a8274 @klacke mikl hup fixes
456 file descriptor leak bug found by Mats Cronqvist where each call to 'yaws -ls' left an unclosed descriptor in the server (klacke)
a30ca88 @klacke ""
457 Source code cleanup - added and #env record for environment passed to yaws. (klacke)
458 yaws_ls enhancements by
b9aefb3 @klacke *** empty log message ***
460 Wed Feb 1 23:28:42 CET 2006 Version 1.58
cb23516 @klacke ""
461 pam and setuid_drv fixes for BSD by sstrollo
462 yaws_ls (dir listing) enhancements by
b9aefb3 @klacke *** empty log message ***
463 RSS updates, more docs, Made month and days in RSS output to consist of two figures instead of just one. Fixed the RSS date format, as suggested by Daniel Kaminski. (Tobbe)
464 Wiki, Fixed path to the application directory where yaws files are stored. (mikl)
11a8274 @klacke mikl hup fixes
465 Added feature to not pick first sconf when virthosting. This is essential if we want explicit control over the virt hostnames. A commercial site called don't want to ship the pages of the serious site :-) (klacke)
b9aefb3 @klacke *** empty log message ***
466 DAV - reworked the DAV support a bit - don't use an appmod, instead yaws has built-in support for DAV methods. Added support for missing DAV methods (COPY etc). (mbj)
11a8274 @klacke mikl hup fixes
467 Added support for the erlmerge/jungerl package 'fdsrv' which makes it possible to bind to privileged ports < 1024 even when we're not running as root. (klacke)
b9aefb3 @klacke *** empty log message ***
468 changed so that an arg_rewrite_mod may temporarily change the docroot by changing the Arg#arg.docroot attribute (mikl)
469 Added "pam" support for HTTP auth. (klacke)
f883777 @klacke ""
471 Wed Aug 17 14:54:06 CEST 2005 Version 1.57
472 rel/abs path patch by Rob Schmersel which fixed a problem in the wiki
473 Rewrote yaws SSL code to use the packet http and packet line modes that are now supported in the OTP ssl module. Earlier this was all manual (and slow) code in yaws. Thus yaws/SSL servers are now considerably faster. The old yaws_ssl modules is no longer used. (klacke)
474 Support clients that POST data with Transfer-Encoding chunked. This is used by some models of cellphones. Bug found by (Klacke)
475 Tmp dir patch by Karel Ostrovsky to better support tmp dir on Windows
476 cgi port patch by joe_e_e
477 Do not send the server port along with the host name in the CGI HTTP_HOST environment variable. Added HTTP_HOST env variable for CGI scripts (was required by sphpblog). (mikl)
651369d @klacke ""
480 Thu Jun 16 13:42:50 CEST 2005, Version 1.56, Security update release.
11a8274 @klacke mikl hup fixes
481 A bug was found by Daniel Fabian, SEC-Consult Unternehmensberatung GmbH whereby: If a null byte is appended to the filename of a yaws script (.yaws), the yaws webserver returns a page containing the source code of the according script. This flaw allows a malicious attacker to analyse the source code of the entire web application, which might result in the attacker gaining sensitive information like passwords. All versions of yaws older than 1.56 are vulnerable.
482 For users running old yaws web servers, the following <a href="yaws-1.55_to_1.56.patch"> patch </a> can be applied. The patch is small and can easily be back ported to older yaws releases.
59245fb @klacke ""
2cb1ac9 @klacke ""
484 Fri Jun 10 16:09:58 CEST 2005, Version 1.55 released. Feature release.
485 Concept of redirect maps added. See documentation in yaws.conf man page. This makes it possible to redir entire parts of the docroot to another site (jb)
11a8274 @klacke mikl hup fixes
486 Removed the forbidden code, the right thing to do when a script type is forbidden and we shall not run an interpreter on the script is to ship the script, but as text/plain instead of actually refusing to ship the data. Otherwise it's not possible to publish .php files at all on the web site. (klacke)
487 Initial support for Web DAV added. This is as of yet undocumented. (tobbe)
488 Added the possibility to have multiple docroots, where a page is searched in the list of docroots (klacke)
2cb1ac9 @klacke ""
ebb94d8 @klacke 1.54
490 Tue Apr 12 2005, Version 1.54 released. Bugfix release.
11a8274 @klacke mikl hup fixes
491 Bug in SSL fixed, Bad line parsing in SSL mode, crashed when client sent headers split up in a certain way. (klacke)
ebb94d8 @klacke 1.54
492 Removed the automatic htmlize on strings in ehtml, it was wrong ... to have it there. It's better for users that want it to explicitly add yaws_api:htmlize() to their strings This breaks code and is non backwards compatible. Be aware !! Also made {Tag, Attr} generate xhtml compliant code. (klacke)
493 Cleaner shutdown (klacke)
494 Many improvements to the chat server. (jb)
495 When clearing the cache, yaws modules would remain loaded but be forgotten, resulting in a memory leak. (cschultz)
11a8274 @klacke mikl hup fixes
496 Added possibility to name the module in a .yaws file using a syntax of < erl module="foobar"> .... < /erl> to always get a .yaws file named to a special fixed module name instead of the increasing m1,m2 .. modulenames. This is useful if we want to keep API functions in certain .yaws files and call these functions from other .yaws files. (klacke)
ebb94d8 @klacke 1.54
497 Many reverse proxy bugs fixed. Maybe the reverse proxy is actually working now. It was never especially good. Try it. (mikl)
498 Bug fixed with bindings that got propagated over to other later requests.Yet another put/get bug. Maybe it's time for an acronym there. YAPGB ??? (klacke)
499 Better looking debug printouts. + dont overwrite trace_to_tty (-x commandline) if set on the commandline and also in the config file. Commandline should have precedense over config file directives. (klacke)
500 Wrote an internals document. Available at <a href=""></a> (klacke)
73527b7 @klacke ""
502 Fri Feb 18, 2005 Bugfix release
503 Fatso bug found by Fredrik Linder where yaws completely crash on bad URLs that for example contain space chars in the uri. This is the bug which provoked this imideate followup release. (klacke)
504 Removed old broken URL decode code which was wrong. This code was added befor we actually understood how URLs are en/de coded (klacke, jb)
505 Added example chat program (jb)
506 Added new config opt fail_on_bind_err = Bool. The old behaviour was to silently accept (and log) server startup errors. This was due to a request from Tony Rogvall and the behaviour is bad, it's now back to the original behaviour where the entire yaws "application" fails if one virt server fails to gen_tcp:listen().
8d4d36f @klacke ""
508 Mon Feb 14 2005, Version 1.52 released
509 Minor feature release
510 error condition bug in revproxy, found by tobbe. Revproxy is still not production quality. Experimental.
511 embedded bugfix by Michael Arnoldus
512 connection close bug found by Lennart Ostman
513 made errorlog actually go out when conf is brokbroke e + daemon (klacke)
514 Yaws is now RSS capable, see doc/README.rss (tobbe)
515 Added a new example look and feel for the wiki (jb)
516 Webmail, Fixed problem with login with empty fields in FireFox. (jb)
517 wiki, Fixed minor unzip problem triggered when uploading zip archives with names containing spaces. (jb)
fa3f148 @klacke preparing for 1.51
519 Wed Dec 15 2004 Version 1.51 released
520 Major feature release.
9468fb3 @klacke ""
521 Added support for config changes without stopping the running systems, virt servers can be added, removed and changed without affecting traffic. (klacke)
522 wiki/searchPage.yaws: Added search code from Jouni Ryno (jb)
523 Added client IP resolv for access log files (klacke)
524 Safer make install target. Can't install if yaws is running (klacke)
fa3f148 @klacke preparing for 1.51
525 Updated both mail and wiki according to changed APIs for parse_multipart. (jb)
e2fe310 @klacke ""
527 Sat Dec 11 2004 Version 1.50 released
98e228d @klacke preparing for 1.50
528 Bugfix and docs release
e2fe310 @klacke ""
529 Running the wiki at the yaws site. Use it !!. No passwords....
98e228d @klacke preparing for 1.50
530 <verbatim> tag added, this tag pretty much works as <pre> _should_ have worked. Nothing needs to be escaped, and code containing <, >, & etc can be entered freely. Writing code examples were driving me crazy. Inside both <pre> and <code> tags all HTML special chars have to be quoted, sucks. (klacke)
531 Rewamped all docs with CSS and XHTML 1.0, beautiful and nice (klacke)
532 Attach file problem in wiki (jb)
e2fe310 @klacke ""
533 Form post parameter was still always managed as atoms. This is a backwards incompatible change. It broke the wiki aswell as the upload example in the Yaws docs.However, the change is sound since it was easy to DOS a yaws server by sending file upload posts with new atoms. Eventually the atom table would overflow. However it does break code !!! (mikl)
98e228d @klacke preparing for 1.50
534 Added auto-generate to dir listings. It needs the zip command in the current path to function properly. To turn off, use dir_listsings = true_nozip. This is a feature for all of us that like to share copyrighthed material to friends that can't muster wget -r (mbj)
535 Added relative path to ssi, ie {ssi, {rel_path, File}, ...} is now possible. (jb)
536 mail app, Fixed refresh bug. (jb)
537 Added example docs on how to stream data (klacke)
538 modded patch by sebastian strollo to let request_url/1 and reformat_url/1 be proper inverses of each other (klacke)
539 Made upgrading to new style Wiki templates smooth. If no template.html file exists in the WikiPreferences.files directory, then one is created. The same goes for template_info.html. (jb)
ea84f9a @klacke ""
541 Thu Sep 2, 2004 Version 1.49 released
542 Bugfixrelease.
543 Webmail fixes by jb, Add original message quoted in reply, Delete email bug fixed, Mailbox already locked bug, Improved attachment handling.
544 Wiki fixes by jb, Made layout of wiki much more configurable using templates and ssi. You must run the script/updateWiki script after updating to this release.
545 Bug found by David Welton, url on the form had yaws_api:queryval/2 return {nokey, "foo"} which is clearly wrong. New correct val is {"foo", undefined}.
546 two-mode.el contributed by David Welton. Makes it easier to edit files with both erlang and html content. Typically the case for yaws files.
24fbcd3 @carsten3347 s/cshultz/cschultz/ :-)
carsten3347 authored
547 cschultz did lots of stuff, Deflate rehaul: Now works with dynamic pages, Multiple dots in yaws file name caused trouble with pathinfo, fixed silly bug with content-range, cache fixes, Have several processes wait for SSL connections, so that one SSL negotiation in progress does not prevent other connections. Also, for the similar reasons, have use a timeout with SSL accepts. timeout are quite arbitrary. They are ok for my low traffic site. Streaming fixes, Rewrite requests with absolute URI to look like requests with a Host header.
ea84f9a @klacke ""
548 Small fix with embedded mode (it was completely non-working) by Jimmy Olgeni
549 Addded configure option -with-defaultcharset (klacke)
550 jb fixed a severe bug in ssi, Fixed bug in ssi code. Multichar delims were not handled properly. When a char of the delim string was found in the text it was deleted.
551 patch from Paul Mahon to add PEER_ADDR to cgi env
3834150 @klacke gearing up to 1.48 release
553 Mon Jun 7, 2004 Version 1.48 released
554 This release contains both bugfixes as well as som minor new features. There was also a fairly ugly security hole in the example code which describes file uploads found and fixed.
555 A Bug in yaws_api:request_url/1 was found by Einar Karttunen. The function didn't handle well the case with explicit port numbers in the URI. (klacke)
556 Fixed the appmod code so that users of yaws_api:setconf/1 doesn't have to bother with the cahnge in internal representation of appmods. (klacke)
557 Moved phpexe config variable from the sconf to the gconf, it doesn't make sence to have different phpexe paths for different virt servers. Users with old configs will get a warning when tying to specify a phpexe inside a virt server instead of inside the global config area. (klacke)
558 New feature called "yssi". Yaws server side include. It's now possible to let the out/1 function return a tuple {yssi, PathToYawsFile.yaws"}. The new yaws file will be fully expanded, compiled and in general handled as a yaws file. This feature can probably be used to build all kinds of different cool stuff. (klacke)
559 yaws_session_server ttl patch from Rob.Schmersel
560 Patch from Fredrik Linder to make it easier to integrate yaws into apps that don't use the otp application framework at all.
561 As usual updates both to the wiki and the webmail app by (jb)
562 Patch from Jocke Grebeno which handles ssi support for ehtml code, not just ascii. We can now return {ssi, "@@", file.html, [{"FOO", "bar"}, {"BAZ", {ehtml, {p, [], "saab"}}}]} and it returns the expected. Documented is ssi.yaws.
563 Security vulnerability in upload.yaws found by (mbj)
4970e06 @klacke 1.47
565 Thu May 27, 2004 Version 1.47 released
566 Appmods were slightly broken in 1.46
9c5b959 @klacke ""
568 Wed May 26, 2004 Version 1.46 released
569 Bugfix release. Several fixes to different parts of the web server. No new features.
570 Debian support (David Welton)
571 Embedded mode fixes (Jimmy Olgeni)
572 Don't create no logs at all when logging is turned off bugfix (Jimmy Olgeni)
8d47e3d @carsten3347 Fixed spelling of my name :-)
carsten3347 authored
573 SSL and large POSTs fix (cschultz)
574 Compression and keep alive fix (cschultz)
9c5b959 @klacke ""
575 As usual, several fixes to the wiki and the webmail app (jbevemyr)
576 An XSS vulnerability (lpsmith)
577 Rewrote the url spliting (again) and also backed off from the redir when we get and index.html exists. It's better to ship the file directly instead of sending a redir. (klacke)
578 Reworked (and documented) the appmods a bit (klacke)
579 Added a command line flag (yaws -ls) which lists existing yaws servers and their status on localhost. (klacke)
fa1dd81 @klacke ""
581 Fri Apr 16, 2004 Version 1.45 released
582 Minor bugfix release fixing up the some odd bugs introduced in the 1.43 rewite.
83407e4 @klacke ""
3cd9794 @klacke *** empty log message ***
584 Mar 18, 2004 Version 1.43 released
615c465 @klacke ""
585 This is a major release. Not so much for added functionality as for internal rewrites of the code. The release contains the following:
8d47e3d @carsten3347 Fixed spelling of my name :-)
carsten3347 authored
586 Compression support using zlib. Still experimental. (cschultz)
615c465 @klacke ""
587 Minor bugfixes in the reverse proxy. This code is still not ready (klacke)
588 Added a specific auth log which logs good and bad HTTP auth requests.
589 QNX port (
8d47e3d @carsten3347 Fixed spelling of my name :-)
carsten3347 authored
590 Beautification of dir listings (cschultz)
615c465 @klacke ""
591 Never let ehtml generate extra spaces where it is not entirely correct (patch from tomas abrahamsson)
592 Webmail app, Completed support for attachments, proper esacping, faster listing of large mboxes. Added sorting of mails (jb)
593 Date header bug (chandru)
594 postvar put/get bug fixed (hal snyder)
595 Added yaws_api:query_url(Arg) which reconstructs the url from the original GET request.
596 Added the "id = Key" configuration parameter. Earlier when we were running multiple yaws servers on the same machine, they had to run with different uid since yaws was writing temporary files under /tmp/yaws/${uid}. This is now changed and if we want 2 _different_ yaws servers on the same machine they must be given different "id" in their respective config files. The yaws ctl scripts, such as yaws -s and friends now have an extra (optional) "-j id" flag to control which specific instance of Yaws is ment.
597 Added explicit support for Content-Length header from .yaws files for applications that require Content-Length instead of chunked encodings.
598 Changed the #sconf{} and #gconf{} records so that all the booleans in those 2 records are now a bitmask flag. This is a slightly backwards incompatible change and it affects those that use Yaws in embedded mode where the #sconf and #gconf records are explicitly manipulated. It sholdn't be a big deal to change though.
599 Workaround buggy otp error_logger_file_h which truncates the report file whenever it is reopened.
600 Removed the calls inside the server that were doing list_to_atom/1 We were suceptible to DOS attacks. This is unfortunately a backwards incompatible change since it affects the return value from API functions yaws_api:parse_query/1 and yaws_api:parse_post/1. They both used to return lists on the form of {Key, Val} tuples where Key was an atom. It is now a string. There is a configuration option for yaws.conf which keeps the old (broken) behaviour.
601 Optimized url parsing and removed at least one call to lists:flatten/1 in the fast path.
602 Better support for old Netscape and the Connection: Keep-Alive header.
603 More beautiful trace output. Try "yaws -i -x -T"
604 More and better debug support.
605 New install procedure with a more interesting yaws.conf template generated.
606 Updated the ssl test certs that come with yaws. The old ones had expired.
8f8f6d0 @klacke release 1.41
608 Feb 6, 2004 Version1.41 released
609 Bugfixes and feature release.
610 Minor bugfixes to the reverse proxy implementation (klacke)
611 SSI for the ehtml expander as well as for normal usage. (klacke)
612 Timestamp checks on SSI files (klacke)
613 Wiki fixes (Johan Bevemyr)
614 Return 404 instead of 403 when dir listings are disabled (Leon Smith)
8d47e3d @carsten3347 Fixed spelling of my name :-)
carsten3347 authored
615 Added CGI variable REQUEST_URI (cschultz)
8f8f6d0 @klacke release 1.41
616 Better dir listings with support for sort methods (Martin Bjorklund)
617 Redir, bugs (one would thing we'd be able to do correct redirs by now .. ehh) (Leon Smithh)
618 Support for 301,303, and 307 redirs (Johan Bevemyr)
8d47e3d @carsten3347 Fixed spelling of my name :-)
carsten3347 authored
619 php executable is configurable (cschultz)
8f8f6d0 @klacke release 1.41
620 Major feature enhancement, Support for a new concept called bindings, documented at as well as in the man pages. (Joakim grebeno)
8d47e3d @carsten3347 Fixed spelling of my name :-)
carsten3347 authored
621 More redir cleanup as well as introduction of redirect_local, {any_path, URI}} and made yaws_cgi use it. (cschultz)
8f8f6d0 @klacke release 1.41
622 Made the webmail app able to render attachments (klacke)
612490d @klacke ""
624 Dec 18, 2003 Version 1.40 released
625 This is a major feature release.
626 Experimental reverse proxy implementation <>
627 New feature, server side includes inside ehtml structure with variable expansion <>
628 yaws_html an HTML parser which produce ehtml output. The ideal tool for all of us who flunked artclass in highscool. Makes it very easy to rip page design from other sites (designed by those who went to the art classes) <>)
629 A HTTP cookie parser <
630 A full blown easy to configure web mail application. It keeps no state, thus only requires the IP of the pop3/smtp servers to run. <
631 Some problems with ehtml expansion fixed <
632 Major overhaul of the docs, written description of embedded mode yaws <
633 Don't fail fatal when we can't bind() <
634 Time zone fix <>
635 Mime type fix <Rob Schmersel>
636 tilde expansion and dir listings turned off by default, not on <>
637 Many small fixes to the wiki by <> and <mikl>
6584f33 @klacke ""
639 Oct 4, 2003. Version 1.31 released
640 This is minor bugfix release
641 Even more redir bugs fixed by Johan Bevemyr
642 Runs on old erlangs (R7) (klacke)
643 Compiles and runs nicely under win32 cygwin using native win32 erlang (klacke)
644 Cosmetic fixes, docs update and return 403 on bad GETs by Leon Smith
646 Aug 25, 2003. Version 1.30 released
647 This is major feature release with many new features by in particular Carsten Schultz and Leon Smith plus the normal set of regular bugfixes.
648 Setuid code had broken (klacke)
649 Setcookie problem with lynx (Johan Bevemyr)
650 Wiki: Thumbnail index to slideshow (Johan Bevemyr)
651 Fixed Cross-Site Scripting vunerability (Leon Smith)
652 url parsing rewritten in order to normalize the URL path in a
653 more secure way (Leon Smith)
654 Log file size for dynamic content also (Carsten Schultz)
655 Full CGI and PHP support (Carsten Schultz)
656 Added support for Content-Range, If-Range, If-Match (Carsten Schultz)
657 HEAD handling rewritten (Carsten Schultz)
658 Darwin MacOs X support (Eric Baur)
659 Docs updated describing cgi and php support (Carsten Schultz)
660 tty trace directly from command line for enhanced debugging
662 Jun 1, 2003. Version 1.22 released
663 This is bugfix release.
664 cosmetic changes in ehtml output
665 wiki install problems
666 many fixes to the wiki
667 ssl config was broken
668 /etc/rc scripts for redhat/gentoo/suse linux
669 a redir bug fixed.
670 ebuild for gentoo added
671 slideshow support added to the wiki
672 cosmetic updates to the latex docs
674 Mar 6, 2003. Version 1.2 released
675 This is bugfix release.
676 log fixes by brucefitzsimons
677 cache bugs for URLs with a query part
678 erlang compiler bug workaround, The erlang compiler isn't reentrant !!!!!
679 Makefile cleanup my mikl
680 Bugs in listdir
682 May 3, 2003. Version 1.01 released
683 This is bugfix release.
684 Bug in ssl config passord parse found by Eric Pearson
685 Bug in arg rewrite handling found and fixed by Taavi Talvik
686 Bug with redir for missing trailing slash together with a query part of the url fixed, found by Erik Pearson
687 Added the option of disabling dir_listings
688 Added http version to access log messages
689 Did away with the idiotic calls to id -u as well as the the broken grep in /etc/passwd. Also ensured that .yaws files with a query part don't end up in the cache. They need to be reparsed every time
690 Fixed probles with paths that had a query part ending up in the cache
691 Added proper support for 'if-none-match' with etag matching by Johan Bevemyr
692 Skip empty space after an erl chunk in a .yaws file
693 Handle http_error which is generated by the inet_drv.c code. This assumes a patch to the inet_drv.c that actually generates a http_error in this case. Default erl hangs there. Here is the inet_drv.c diff
695 Jan 23, 2003. Version 1.0 released
696 This is major release. Yaws is now in production quality.
697 Some minor fixes to yaws_api.
698 security bug found by
699 can compile yaws file produced on win32, that is files with \r\n terminaded lines.
701 Dec 1, 2002. Version 0.60 released
702 This is minor maintenance release.
703 Support to run Yaws first as root, then under a a non privileged user
704 A bug in listdir together with ~username expansion fixed
705 Bugs in wraplog fixed
707 Nov 25, 2002. Version 0.59 released
708 Lots of fixes and new features in this release. This release of Yaws is fast, it delivers 3000 static/dynamic pages/sec on my 2Ghz home box.
709 Many fixes in the wiki,
710 ~username expansion now works
711 embedded mode is now fully implemented and functional
712 many new configuration directives
713 some backwards incompatible changes such as ssl config and yaws_api:parse_post_data/1. See the docs for details.
714 Arg rewrite, customized errors etc.
715 Lots of new documentation and new examples
716 Optimized ehtml generation
718 Oct 7, version 0.56 released.
719 Improved file editing if in the wiki
720 New returnvalue from out/1 <tt>break</tt>
721 The wiki returns w3c compliant code
722 New return value from out/1 <tt>{ehtml, ErlangTermStructure}</tt>
723 Multiple users by uid can now run yaws simultaneously.
724 Support for streamed large content from yaws code
725 Never cache yaws files that disn't compile properly.
726 Much more documentation, man page for yaws_api
d02b965 @klacke qnx port + docs overhaul by
727 added a cookie_session-server for persistent cookie sessions
6584f33 @klacke ""
728 full argument chunking support in Wiki
729 Install properly on FreeBSD.
730 Support for embedded mode (finally)
731 bugfix for empty POST
732 The shopingcart example is now fully implemented.
734 Sep 2, version 0.54 released.
735 Many fixes in the wikiweb by Johan Bevemyr, I'm now running a wikiweb at
736 Support for HTTP Basic authentication by Sean Hinde
737 Better support for HTTP file upload by Johan and Sean
738 Support for many more MIME types by compiling a mime.types file by klacke
739 Support for OPTIONS http request by Johan Bevemyr
740 Lots of non ready code for a webmail app by klacke.
742 July 1, version 0.52 released.
743 It contains a complete wiki web written by Johan Bevemyr with original code
744 by Joe Armstrong. It also contains a series of minor and major bugfixes.
746 Jun 19, version 0.51 released. Lot's of fixes.
747 Return status 303 when browser asks for a dir URL without a trailing / in the http request. I've always wondered why apache does this. Now I know ... otherwise the relative URLs in /dir/index.html will be wrong when the browser tries to get them. Utilize this feature when listing dirs now, generate relative urls instead of absolute.
748 Removed the default_server_on_this_ip option, the first virthosted server in the config will be default if no Host: header is present
749 Made the Host: check to check for Host: host:port instead of just host when a server is run on a non-standard port. The browsers seem to set the Host: field to host:port
750 Tobbe added the -r flag to the startscript
751 Changed yaws_api:parse_post_data/1 so that it takes an arg struct as argument instead of querydata and added support for multipart form data in the process.
753 Jun 16, version 0.50 released.
754 A bug in setcookie fixed
755 a proper /etc/rc/init.d script written.
756 New flag, yaws -S which query status of the daemon. bug in cache reload fixed.
758 Jun 13, version 0.48 released.
759 It contains a complete rewrite of the API to generate dynamic content which makes it much easier to use.
760 Furthermore this version accumulates output into larger chunks which makes it much faster the earlier versions. We can now serve 2500 dynamically generated HTML pages per second on a 2GhZ machine.
761 A bug with iso 8859 chars in urls has been fixed.
762 Etag header for static content and Cache-Control header for dynamic.
763 Additional docs in the form of man pages.
765 Version 0.40 released.
766 Contains bugfixes and full SSL support as well as an embryo to WWW-Authenticate support.
Something went wrong with that request. Please try again.