news

Sat Sep 25 13:39:29 CEST 2010 Yaws 1.89
Maintenance release with a long series of fixes mostly from Steve Vinoski./yaws
all.zip should not not include .yaws files, nor directories "protected" with an index file, nor directories protected by an auth directive. (Hans-Christian Esperer )
adjust to R14B change in gen_tcp:recv for {packet,http} mode Where we handle the return value of gen_tcp:recv while reading headers from the socket (such as with calls to yaws:do_recv), handle new R14B return values as well as existing return values for previous releases. (Steve)
for portability, use erlang:md5 rather than crypto md5  Since OpenSSL availability on Windows for working with the crypto module is apparently questionable, use the erlang:md5 function in place of the crypto md5 functions. (Steve)
websockets v76 update (Dominique Boucher)
several fcgi updates and bugfixes (Steve)
Add auth_skip_docroot server config variable (Christian Hennig)
Fix use_old_ssl=bool() for R14A  (Joseph Wayne Norton)
add --umask option to yaws script  (Steve)
Some yapp work, added a simple example (Mikael Karlsson)
performance enhancements (Steve)
add support for PHP FCGI applications (Hans-Christian Esperer)
fix cached process counter (Hans-Christian Esperer)
return part headers from yaws_multipart:read_multipart_form  (Steve, based on a patch from Dilshod Temirkhodjaev.
patch for no-return-in-nonvoid-function error  (Alexander Simonov)
two-mode.el now works with emacs 23 (Steve)
Allow "stream processes" to close the client socket  (Steve)
Augment yaws man page with --erlarg argument quoting info  (Steve)
Use gconf keepalive_timeout for connection lifetime (Brady McCary)
handle multi-word arguments for heart restart command (Steve)
Fix bug where yaws_api:parse_set_cookie tried to convert a record to lower case. (Anders Nygren)
patch by Sergey Shilov to set old_ssl for embedded mode
fix socket usage for FCGI authorization (bruno rijsman, steve vinoski)
work around an erlang:open_port bug for CGI QUERY_STRING env var (Steve)
Added a new configuration parameter called "keepalive_maxuses" which allows the yaws admin to close persistant connections after X number of uses. (Thomas O'Dowd )
improved embedded support (Steve)

Thu Mar 18 21:51:32 CET 2010 Yaws 1.88
Highlights in this release are, new SSL implementation is now default, FCGI enhhancements and IPV6 support.
ssl support for websockets, patch by wde
Erroneous common log format entries, time should be surrounded by brackets (Klacke)
When executing yaws --hup the order of the hosts in a virthost group wans't maintained, thus breaking the feature of pick first virthost on nomatch (Klacke)
set nodelay on FCGI TCP connection, and avoid 0-length FCGI gen_tcp:recv (steve)
Set {nodelay,true} on the TCP connection to the FCGI server to improve performance of small requests. (steve)
The code receives packets from the FCGI server and for some cases was extracting length fields from some packets and then making further gen_tcp:recv calls based on those length values. The code was not checking for length values of 0 before calling recv, and passing 0 to recv means to return all available bytes. For both correctness and performance, the code must avoid the recv calls altogether when the length is 0. (steve)
convert error atoms into error strings for fcgi_worker_fail (steve)
IpV6 support
The default value for partial_post_size was nolimit, not a good default value and also erroneoulsy documented (Klacke)
An atempt at having utf8 characters in the host names for yaws servers. Probably not entirely correct, but it works. (Klacke)
Anders Dahlin found that yaws log code doesn't delete the gen_event handler it adds error logger when terminating, that means that restarting yaws leaves old processes hanging around
dialyzer work (Klacke)
Closed Issue #31, made parsing of yaws.conf more tight complaining on e.g allowd_scripts = [ yaws ]
 fix for FastCGI/PHP Issue (http://github.com/klacke/yaws/issues#issue/30) (davide)
auth through .yaws_auth files has become broken, (Klacke)
allow caller to set Host header for SOAP requests (Steve)
added support for OTP new ssl implementation ,Also set it as default. It's possible through yaws.conf to use the old SSL. The new seems to work well though, I've tested with a wide set of browsers, and in general it seems to work (klacke)

Mon Jan 11 22:09:00 CET 2010 1.87
websocket support (davide and wde)
conditional compile of websockets, only use if the chosen erl supports it (klacke/steve)
patch by Andrei Soroker to strip the port part in #redir_self records - this patch may break some code, users that use redir_self() and unconditionally strip off their optional port number are affected
support some extra status codes in code_to_phrase (steve)
drop spaces before parsing ints - patch by Colm Dougan
proper handling of "/" appmod with excluded paths (patch from wde)
Added new unit tests for appmods, with both / and non-/ tests. The / tests include exclude_paths testing. (steve)
patch from wde solving a problem with appmod exclude paths and verify_upgrade
yaws_server: fixed the test for whether to close the socket. The yaws:outh_get_doclose() doesn't return a boolean and it requires the outh dicionary entry to be set (sometimes it isn't). (davide)
do not pass the --id option if the default id is used (steve)

Sun Dec  6 14:35:33 CET 2009 1.86
Mostly a bugfix release. Two new features. First the ability to exclude directories from an appmod. This is especially interesting for users that have an appmod at '/' but still want yaws to ship normal static contet such as js files and images. Secondly support for Forward proxying was added. Here is the changes list:
It wasn't possible to handle huge files (above 2GIG ?) If sendfile hits EOVERFLOW send the file from Erlang code instead (Steve and klacke)
json binary key support (TBBle)
Forward proxy functionality added through a patch by Colm Dougan
patch from anders dahlin to always populate yaws auth headers
Added SSL support to stream_process_* functions. (davide)
Added support for passing SSL configurations to start_embedded as a proplist (passing #ssl{} still works). (davide)
Added support for excluding dirs from an appmod.  (klacke)
erasing the connection header must also set doclose to false (steve)
Several soap patches by Eric Liang. docs, support on addtional specified prefix when rpc call by method: yaws_soap_lib:call, add the soap_srv_mods support, which can setup soap serve modules while yaws start.
prevent crash caused by malicious client sending an empty Host header (steve)
Several haXe fixes by Paul Hampson - Add example for haXe returning an error object, Document how to run haXe remoting sample under neko, Export haXe remoting handler function, Add example for JSON-RPC returning an error object, Allow JSON-RPC/haXe remoting handlers to send error objects.
yaws_rpc produced non-compliant jsonrpc results. Looking at the JSON-RPC specification at http://json-rpc.org/wiki/specification the returned result of a call needs to contain an error field, with value null for the success case. The example json-rpc python client code on the json-rpc.org site expects this field to be present. (TBBle)
Allow binaries as json values. (Matt Stancliff)
mkcert SSL scripts (klacke)

Sat Oct 17 22:56:36 CEST 2009 1.85
This is mostly (again) a bugfix/minor enhancement release.
redirect bug reported by James Lee (steve)
streamcontent_with_timeout bug , git issue #16 fixed (klacke)
max number of connections patch by Kinoshita (klacke)
updated mime.types from recent Apache web server sources (steve)
config of partial_post_size = nolimit was broken (klacke)
stopping yaws_sendfile thru supervisor does not hang - by ks (klacke)
Major work on the auth code, Auth - unauthorized enhancements, Setup auth rewrite/cleanup, (Embedded) Config enhancements (Anders Dahlin)
fix HTTP header case sensitivity problem in yaws_cgi (Bruno Rijsman)
fix decode_base64 to return just a tuple in case of error (reported by Gabri
add streamcontent_from_pid capability to allow direct streaming to socket (steve)
Fixed support for Timeout=infinity in streamcontent_with_timeout. (davide)
Use iolists instead of binaries for streamcontent_from_pid data, and add a new test for the streamcontent_from_pid feature (klacke)
add --nodebug option  (steve)
determine gcc flags for 32-bit or 64-bit Erlang on OS X Snow Leopard (steve)
add new multipart example yaws_multipart.erl (Praveen Ray)
timezone format patch by Per Hedeland
Patch from wde with support for virthosting several ssl serveres on the same IP. This makes sense if we have multiple subjectAltName in the ssl cert
fixes for FCGI authorization (Bruno Rijsman), plus I cleaned up indentation  and comments in yaws_cgi.erl

Sun Jul  5 20:05:00 CEST 2009 1.84
patch from anders abramhamson - a bug with multipart posts
New stats feature added by Olivier Girondel whereby (optionally) stats is collected for a virt server. Stats available from comand line (yaws --stats). There are also plugins for munin to graph the statistics.
The authmod code should now be backwards compatible (faal)
fixes for traffic tracing in reverse proxy mode (Olivier Girondel)
Better error msg if erl is not found for win32 users (klacke)
eliminate io_lib:format overhead in yaws_log:fmtnow (Steve)
handle authdirs search properly when docroot not defined (Olivier Girondel)
removed ancient backwards compat flag (klacke)

Thu May 28 20:17:10 CEST 2009 Yaws 1.82
Have the yaws script set HOME if unset, this is required since some distros (Ubuntu) don't set HOME for code run under/etc/rc and erlexec requires HOME to be set.  (Klacke)
add extra cgi vars patch from joe_e_e
new ebuild file for gentoo from joe_e_e
patch by joe_e_e to move all files from /etc to /etc/yaws in the install script. This may cause some troubles for some users when upgrading. By default the make install target doesn't overwrite /etc files. Pay attention.
added sendfile check for Darwin, since no sendfile is available on OS X Tiger (Steve)
RSS fixes, (Steve)
Several authentication fixes by Fabian Alenius. Changed the way authentication is done, added support for multiple authentication methods to be used for one directory and changed so that the 401 page can be customized similarly to the 404 page. In general this is a major cleanup of how authentication is done. Much better. One backwards incompat change here. Fabian Renamed yaws_401.erl to yaws_outmod.erl, which is probably a better name considering it's current use(it also displays the crashmsg).   We need some better docs describing authentication !!!
add date header to OPTIONS response (Steve)
fix badmatch calling yaws_server:suffix_type from yaw_server:do_url_type when dav is true (Steve)
Added fix and tests for github issue #2. Handle zero values for max_num_cached_files, max_num_cached_bytes, and max_size_cached_file to prevent infinite loops. (Steve)
modify time_to_string to avoid slow io_lib:format (Steve)
added sendfile check for Darwin, since no sendfile is available on OS X Tiger (Steve)
document rss_dir (Steve)
add ets-based yapp registry implementation for cases where mnesia is overkill (Steve)
Fixed so that the HTTP status is set to 401 explicitly in yaws_server:handle_ut(...), previously out401 needed to return    {status, ...} or status would default to 200.  (Fabian Alenius)

Mon Mar  9 21:48:18 CET 2009 Yaws 1.81
Moved the Yaws repository to http://www.github.som. See instructions at http://yaws.hyber.org/configuration.yaws on how to git clone Yaws. This is the first yaws release out of the github repo. The default Yaws wiki previously found at http://yaws.hyber.org/wiki has been moved to the wiki at github. New address of wiki is http://wiki.github.com/klacke/yaws. The previous (Erlang based wiki written by Johan Bevemyr) turned ... well unmodern, and was also plagued by spammers. 
Several cleanups by Hans Ulrich Niedermann, file perms, speling errors etc.
remove leading slash in yapp_appmods examples (Tom McNulty)
Add DIME support for SOAP Anders Nygren
patch by Jouni Ryno finding broken fdsrv support
Two patches by Joseph Wayen Norton, one dbg-bug and one providing better cookie support for yaws sesssions
When yaws_ctl checks the CTL file to see if any current instance is running, check the socket opened to the port read from the CTL file to verify that the ephemeral port for that socket is not the same as the port read from the CTL file. This avoids a false positive caused by connecting the socket to its own port. (Steve Vinoski)
cleaned up the redirect feature. It was poorly implemented and poorly documented. This fix is backwards compatible for users using redirect in confd.conf. However, it is NOT backwards compatible for embedded users that specify the redirect_map explicitly in their #sconf{} records. The required changes for embedded users should be evident from the code. The new required format is documented in the code where #sconf{} is defined (klacke)

Thu Feb 12 22:58:16 CET 2009 Yaws 1.80
Full windows support with a proper .exe Windows installer (klacke)
Added a timestamp check on the ssl cert/key files making it possible to just upload new cert/key files and do yaws --hup to automatically have the new cert/key files being used (klacke)
Disgusting DOS attack discovered by Manuel Duran Aguete whereby if a neverendig series of headers are sent to yaws, we die of out of memory. Actual attack not described here. Contact me (klacke) if you're interested in the details and want a backport patch. I'm not really sure this is indeed the right procedure for announcing a DOS bug. (First time !!!) 
init_db patch cleanup by Liu Yubao 
patch by Liu Yubao to remove timeout in ssl accept
add pkg-config support contributed by Olivier Girondel
add --disable-sendfile option to configure, fix src/Makefile to clean yaws_configure.hrl (Steve)
set HEART_COMMAND to allow a maximum of 5 restarts within any 60 second period (Steve)
patch for queryparts that contain a question mark
Document the --wait-started option for the yaws script (Steve)
Fix the yaws script to allow --id ID to be passed after --wait-started (Steve)
Allow optional wait time to be specified to yaws via --wait-started=<seconds> (Steve)
added kpoll as default
fix sendfile socket fd handling problems on 64-bit platforms (Steve)
cygwin build patch by Davide marques
stream content with a timeout patch from Davide Marques
traffic trace was broken for certain types of requsts - found by wde

Tue Jan 20 20:19:16 CET 2009 version 1.79
This release fixes the completely broken 1.78 release. So at last, we have good sendfile support. 
traffic trace was broken for certain types of requsts - found by wde
Fixed several sendfile related bugs (vinoski)
Improved yaws supervision structure (klacke)
apply case-insensitive servername comparison patch from John Webb

Thu Jan  8 22:00:51 CET 2009 version 1.78
Added --wait-started option to the yaws script (klacke)
Added initial test suites (klacke)
wrap log infinity bug found bt Phanikar.K 
allow keys with multiple values within opaque data
fix handling of any existing listen_opts when reading listen_backlog conf variable (vinoski)
incorporate Lev Walkin's patch for a configurable TCP listen backlog, adding yaws.conf support and documentation as well (vinoski)
Added sendfile support, Works on Linux, FreeBSD and MacosX (vinoski)
patch by wde@free.fr to let errormod_crash return {content, MimeType, Cont} 
added support/docs for authbind/privbind  (klacke)
handle 100 continue with POST patch by Haobu Yu
configure/latex support and also slightly nicer listdir output by Hans Ulrich Niedermann
better soap docs by Stu Bailey
haxe serialization patch by Tomas Abrahamsson
proc dict/proc_lib patch by Magnus F
mime type patch by Tomas Abrahamsson
POST patch for .yaws files (submitted by Tomas Abrahamsson)
Several new MIME types added (vinoski)
patch from magnus Froberg addressing a sync issue with add-sconf, e.g. dynamic updates that manifested itself when add_sconf was run several times in a row in certain scenarios.
Implement special handling of the '*' URI for the OPTIONS method as specified in RFC2616 section 9.2. (vinoski)
Added more thorough support for the HTTP OPTIONS method. For "active" applications such as appmods and yapps, the OPTIONS method is delivered through to the application for processing. For "passive" resources such as files and directories, OPTIONS returns a canned response just as before. (vinoski)
added redirect_self() to yaws_api (klacke)
yaws.rel.src was missing and better error printuts when yaws.conf is missing, patch by Vance Shipley
solaris patch by Vance Shipley
name of a file sent in a multipart request contains quotes, I get a crash pathh by Michael Slaski
Blindly applied soap patch from Vance shipley addressing ... which causes operations to be missed when there are more than one port type in a WSDL.
file descriptor leak found by John Fessenden
modified patch by Robert David to add a hook to yaws session server when a session is gone
Vance Shipley patch to correct error handling in yaws_soap_lib

Mon Jun 16 22:44:45 CEST 2008 version 1.77
Content-Length chunked patch by Oleg Avdeev
eaccess typos in confd_ctl.erl - Sergei Golovan
added support for weird utf8 urlencoding
Added the cygwin README by Bill Robtersson
Added a 'make release' target in the top makefile. The release file picks up the versions of installed applications (erts,kernel, stdlib, sasl and mnesia). The product of this is a release package file (e.g. yaws-1.77.tar.gz) which can be installed on an embedded system using the SASL application release_handler. (Vance Shipley)
added mnesia_dir support to the gconf record as per patch BY Richard Bucker
The supervisor args were wrong, yaws shall have 1,0 restart strategy. This may break some backwards compat. Sites that ues yaws embedded need to check this. 
Added debug dump functionality (klacke)
cygwin install patch by Bill Robertsson
Adding files for Erlware. A very rough packaging of 1.76 has been released at erlware.org. See the doc/overview.edoc for more details. (tobbe)
Major general code cleanup, finally got rid of all the export_all statements and in that process removed a bit of code that wasn't used (klacke)
Better timeout support in yaws-session_server 
{page, P} patch by Robert David that handles better the case with a browser POST request
patch by oleg avdeev for CRNL in revproxy
embedded startup problem solved by Anders Nygren
Make crashmsg set status code 500

Thu Apr  3 23:13:03 CEST 2008 version 1.76
Patch from Lev Walkin to pass HTTP_REFERER as well as the HTTP_IF headers to the cgi script
Untabified all code. This is the right thing (TM) I've finally realized after programming for some 20 years with TABS in the files. (klacke)
redhat /etc/init patch by Steve Vinoski
quote patch for mnesiadir by Richard Bucker
Added CGI documentation including a new page http://yaws.hyber.org/cgi.yaws  (klacke)
Several cleanups due to dialyzer, also moved the control file into users HOME directory so that we don't have the problem of writing in /var when we're running as non-root
Adding support for: imports in the WSDL and support for more than one schema in the WSDL. Committed on behalf of: Willem de Jong.
CGI should not just because it sees a Location: header do a 302, it is up the CGI script to set the correct status code (Sebastian strollo)
Added some rudimentary docs in yaws.conf.5 for virtual directories. A feature added some time ago by Julian Noble, but never properly documented. (klacke)

Sun Feb  3 2008 version 1.75
Better id handling for embedde startup (Klacke)
Reintroduced the SPNEGO/GSSAPI auth support by Mikael Magnusson
rpc patch by adam.boz@gmail.com
updated yapp documentation and startup sequence of yapp to avoid deadlock situation when yapp is inncluded in other applications .app files. (Micke)

Sat Dec 29 15:18:12 CET 2007 1.74
patch to make ssi work inside the crash handler from Michael FIG
tidy up patch by Richard Buckner
Logging work by Richar Bucker to make yaws work nice together with normal UNIX logrotate.
race condition on  update counter for a page, a pagecounter could be removed by another process
Fixed a problem with heart restarting Yaws in a loop.
Fixed a couple of problems with Yaws terminating on purpose when accept() fails.
A bindings patch from Richard Bucker.
silently discard traffic which isn't even HTTP.
multivalued queryval/postval patch by yinso chen

Thu Sep 20 15:09:35 CEST 2007 1.73
Sloppy ssl bug found by John Webb

Wed Sep 19 23:17:47 CEST 2007 1.72
Even more bad properties found. Now all png, gif and wob (those are for the wiki) files have svn:mime-type application/octet-stream and no other properties. Finally fixed I hope.

Fri Sep 14 21:52:52 CEST 2007 version 1.71
Lots of broken png anf gif files found in the wiki due to the cvs->svn conversion (klacke)

Thu Sep  6 19:40:28 CEST 2007 version 1.70
Regular bugfix and small feature release.
Revproxy bug found by igor goryachev.
Started to use the new ssl:transport_accept()  function, when accept fails, We now fail yaws entirely and it needs to be restarted by its supervisor or heart. If we have filedescriptor leaks, even outside of  yaws, there is no good thing to do when accept fails. (klacke)
A body message patch from Brian Templeton which cleaned up code and improved RFC 2616 compliance
Added HTTPS env variable for trac (klacke)
added x-javascript as a compressible mime type, patch by anthony shipman 
added a dir_listing function in yaws_api (klacke)
fixed yapp dependencies to vdir handling, added local stylesheet and updated yapp_intro documentation (mikaelk)
Virtual Directory support. ARG record and CGI variable changes. This change by Julian Noble was quite extensive. The feature is still completely undocumented - thus it is still experimental. 

Thu Feb  8 16:45:47 CET 2007 version 1.68
Forgot to update configure after the patch to configure.in for ubuntu edgy users in 1.67
Patch by Julian Noble to pass auth info over the CGI interface.
Bugfix by Magnus Froberg: binding socket with fd_server now only listens to the specified IP address given in #sconf.listen

Sun Feb  4 16:56:30 CET 2007 version 1.67
Bugfix release
Removed the urlc_total counter - it didn't provide info which was worth the price of having it - Also Chris NewCombe reported troubles with the counter. (klacke)
Added install of the priv/*.xsd files for the SOAP server (tobbe)
Fixing yaws_api:find_cookie_val/2 which was broken (tobbe)
Made the examples SOAP look prettier. (tobbe)
Adding missing description on call to yaws_soap_srv:setup/2. (tobbe)
patch from Dimitriy Kargapolov for tmpdir handling (klacke)
Bugfix by Fredrik Thulin: The (undocumented) http_uri:parse/1 return format was changed between Erlang/OTP R11B-1 and R11B-2. (tobbe)
Patch from Fredrik Thulin to make setuid_drv work better under ubuntu where gcc with some stack smashing tech is used to build, then we cannot use ld, we need to use ggc to greate the shared object.
Appmod </, Mod> didn't work properly. Should be fixed now again !!!!!
RSS The generated content was not valid RSS 2.0 content (tobbe)
added ability  to have config files in several files, patch from Sergei Golovan.
Added call to callback  function: M:F(cookie_expire) which is expected to return a proper cookie expire string. If non-existant, the default behaviour will prevail, i.e a session bases cookie lifetime. (tobbe)
Extending yaws_api:find_cookie_val/2 to accept an #arg record as second argument as well. (tobbe)
tweaked the haXe documentation (yariv)



Sun Dec 17 20:58:21 CET 2006 version 1.66
Followup to the previous soap release.
Adding entry for the yaws_soap_lib man-page (tobbe)
pam fixes (made pam_wheel/pam_group work) (klacke)

Tue Dec 12 10:51:18 CET 2006 version 1.66
pam fixes, e.g make pam_group.so/pam_wheel.so work (klacke)
Full SOAP server/client implementation in Yaws 
bug found in path handling for yaws_dir by CEAN guys
suppress dead client error msgs (klacke)
shutdown fixes from Danile Luna
added env DOCUMENT_ROOT to cgi env vars  Michael FIG
the pathinfo elem in #arg got wrong when appmod was / (klacke)
start_embedded default flags patch by Jason Andersson
Added option for having a module for handling authentication. (jb)
Fix to yapp for starting dependencies, patch from Michael Leonhard
added the client IP address to the #arg record
added config flag 'use_large_ssl_pool =  bool()'   (klacke)

Mon Sep 11 19:59:57 CEST 2006 version 1.65
patch by Chris NewCombeto handle PUT method better.
Yapp added. Yaws application (Yapp) handler in yaws/applications/yapp directory "Drops" web applications independently of each other into an existing server where they get the default URL http://servername/application_name/. Yapps are simply Erlang/OTP applications with web pages in their priv/docroot directory (default). One can also configure private appmods, useful for controller parts in MVC like applications. (Mikael Karlsson)
Haxe. Now compatible  with the latest version of haXe. (yarivvv)
New support to start Yaws as in embedded mode without having to fiddle with the boot script (etnt)
patch from Matthew Reilley to handle new backwards non-compatible return value from OTP zlib:deflate/4
patch from anders nygren to handle absolute paths + yssi.
patch from Magnus froberg to get better control over the files generated by 'yaws --check'. This is good if one wants to run i.e. xref and dialyzer also on all the generated .erl files from the --checker.
empty array bug in json parse found by juhani and fixed by gaspar.
appmod '/' was broken (klacke)
Install, netbsd/yaws.sh: NetBSD support from Kuzma Bartosz.

Thu Jul 13 13:07:10 CEST 2006 version 1.64
Fixes from Bengt Kleberg to make smtp.erl useful outside the webmail app.
patch by Sergei Golovan which fixed a CGI bug and made yaws_ctl safe.
install patches for  macosX by Eric Baur.
Added a haXe remoting adapter with documentation (yarivvv)
made index.php autoload if it exists (klacke)
added debian /etc startup script (klacke)

Sun Jun 11 16:49:13 CEST 2006 version 1.63
Odd fix for MacOsX make behaviour. make install did not work.

Wed Jun  7 22:10:44 CEST 2006 version 1.62
JSON Ajax code from Gaspar Chilingarov, I added docs describing an example. (klacke)
run_erl and to_erl support patch from Mats Cronquist. 
yaws_zlib.erl: some bugs in non used code found by dialyzer.
small fixes in the start script code (klacke)
Fixes from Mikael Karlsson adding an event manager to Yaws whereby it is possible to add user defined gen_event handlers handling different "events" from Yaws. The only event sofar is config changes. This is needed for mikls "yapp" project which is a way to write yaws packages that can be "dropped" into an existing server. (No docs or anything released yet)

Thu Apr 27 21:40:01 CEST 2006 Version 1.61
Started to write the ctl file, the file which contains the portnumber where the daemon is listening for ctl command to - /var/run/yaws/ctl-${ID}. The location is controllable through configure. Install scripts will make the /var/run/yaws dir writable to the world, each individual daemon which creates the ctl file will explicitly set the permissions on the ctl file to 600 - thus making it impossible for unauthorized users to control someone elses daemon. Root can control all daemons.
changed Yaws license to proper BSD (klacke)
Added startup script for FreeBSD
Worked the Makefiles to properly support DESTDIR. This is useful for packagers creating deb, rpm, portage ... packages  (klacke)
Removed the ability to change userid. Also stopped writing to /tmp/yaws and started to write to ${HOME}/.yaws instead. This is much better since we cannot now ever get into the situations where file ownership and umask stop us from controlling a daemon. Note, this is a backwards incompatible change, all users that used the feature of letting Yaws change uid need to start using fdsrv instead. There is also a configurable in yaws.conf which makes it possible to write the tmp files to some other directory  (klacke)
Cleaned up the start flags to the yaws script, all old flags are still there for backward compatibility. Updated docs and and help output from the yaws script to reflect all new flags. 
Wiki fixes.  Fixed error printouts; handle https and        ftp links; updated READE (mbj)
file descriptor leak bug found by Mats Cronqvist where each call to 'yaws -ls' left an unclosed descriptor in the server (klacke)
Source code cleanup - added and #env record for environment passed to yaws. (klacke)
yaws_ls enhancements by        doccarcass@gmail.com

Wed Feb  1 23:28:42 CET 2006 Version 1.58
pam and setuid_drv fixes for BSD by sstrollo
yaws_ls (dir listing) enhancements by doccarcass@gmail.com
RSS updates, more docs, Made month and days in RSS output to consist of	two figures instead of just one. Fixed the RSS date format, as	suggested by Daniel Kaminski. (Tobbe)
Wiki, Fixed path to the application directory where yaws files are stored. (mikl)
Added feature to not pick first sconf when virthosting. This is essential if we want explicit control over the virt hostnames. A commercial site called http://www.serious.com don't want http://fuckme.serious.com to ship the pages of the serious site :-) (klacke)
DAV - reworked the DAV support a bit - don't use an appmod, instead yaws	has built-in support for DAV methods.  Added support for missing	DAV methods (COPY etc). (mbj)
Added support for the erlmerge/jungerl package 'fdsrv' which makes it possible to bind to privileged ports < 1024 even when we're not running as root. (klacke)
changed so that an arg_rewrite_mod may	temporarily change the docroot by changing the Arg#arg.docroot	attribute (mikl)
Added "pam" support for HTTP auth. (klacke)

Wed Aug 17 14:54:06 CEST 2005 Version 1.57
rel/abs path patch by Rob Schmersel which fixed	a problem in the wiki
Rewrote yaws SSL code to use the packet http and packet line modes that are now supported in the OTP	ssl module. Earlier this was all manual (and slow) code in yaws.	Thus yaws/SSL servers are now considerably faster. The old yaws_ssl modules is no longer used. (klacke)
Support clients that POST data with Transfer-Encoding chunked. This is used by some models of cellphones. Bug found by ermine@ermine.pp.ru (Klacke)
Tmp dir patch by Karel Ostrovsky to better support tmp dir on Windows
cgi port patch by joe_e_e
Do not send the server	port along with the host name in the CGI HTTP_HOST environment	variable. Added HTTP_HOST env variable for CGI 	scripts (was required by sphpblog). (mikl)


Thu Jun 16 13:42:50 CEST 2005, Version 1.56, Security update release.
A bug was found by Daniel Fabian, SEC-Consult Unternehmensberatung GmbH whereby: If a null byte is appended to the filename of a yaws script (.yaws), the yaws webserver returns a page containing the source code of the  according script. This flaw allows a malicious attacker to analyse the source code of the entire web application, which might result in the attacker gaining sensitive information like passwords. All versions of yaws older than 1.56 are vulnerable.
For users running old yaws web servers, the following <a href="yaws-1.55_to_1.56.patch"> patch </a> can be applied. The patch is small and can easily be back ported to older yaws releases.

Fri Jun 10 16:09:58 CEST 2005, Version 1.55 released. Feature release.
Concept of redirect maps added. See documentation in yaws.conf man page. This makes it possible to redir entire parts of the docroot to another site (jb)
Removed the forbidden code, the right thing	to do when a script type is forbidden and we shall not run an	interpreter on the script is to ship the script, but as text/plain	instead of actually refusing to ship the data. Otherwise it's not	possible to publish .php files at all on the web site. (klacke)
Initial support for Web DAV added. This is as of yet undocumented. (tobbe)
Added the possibility to have multiple	docroots, where a page is searched in the list of docroots (klacke)

Tue Apr 12 2005, Version 1.54 released. Bugfix release.
Bug in SSL fixed, Bad line parsing in SSL mode, crashed when client sent headers split up in a certain way. (klacke)
Removed the automatic htmlize on strings in  ehtml, it was wrong ... to have it there. It's better for users that want it to explicitly add yaws_api:htmlize() to their strings This breaks code and is non backwards compatible.  Be aware !!  Also made {Tag, Attr} generate xhtml compliant code. (klacke)
Cleaner shutdown (klacke)
Many improvements to the chat server. (jb)
When clearing the cache, yaws modules would remain loaded but be forgotten, resulting in a memory leak. (cschultz)
Added possibility to name the module in a .yaws file using a syntax of < erl module="foobar"> .... < /erl> to always get a .yaws file named to a special fixed module name instead of the increasing m1,m2 .. modulenames. This is useful if we want to keep API functions in certain .yaws files and call these functions from other .yaws files. (klacke)
Many reverse proxy bugs fixed. Maybe the reverse proxy is actually working now. It was never especially good. Try it. (mikl)
Bug fixed with bindings that        got propagated over to other later requests.Yet another put/get bug. Maybe it's time for an acronym there. YAPGB ??? (klacke)
Better looking debug printouts.  + dont overwrite trace_to_tty (-x commandline) if set on the        commandline and also in the config file.  Commandline should have        precedense over config file directives. (klacke)
Wrote an internals document. Available at <a href="http://yaws.hyber.org/internals.yaws"> http://yaws.hyber.org/internals.yaws</a> (klacke)

Fri Feb 18, 2005 Bugfix release
Fatso bug found by Fredrik Linder where	yaws completely crash on bad URLs that for example contain space chars in the uri. This is the bug which provoked this imideate followup release. (klacke)
Removed old broken URL decode code which was wrong. This code was added befor we actually understood how URLs are en/de coded (klacke, jb)
Added example chat program (jb)
Added new config opt fail_on_bind_err = Bool. The old behaviour was to silently accept (and log) server startup errors. This was due to a request from Tony Rogvall and the behaviour is bad, it's now back to the original behaviour where the entire yaws "application" fails if one virt server fails to gen_tcp:listen(). 

Mon Feb 14 2005, Version 1.52 released
Minor feature release
error condition bug in revproxy, found by tobbe. Revproxy is still not production quality. Experimental.
embedded bugfix by Michael Arnoldus
connection close bug found by Lennart Ostman
made errorlog actually go out when conf is brokbroke e + daemon (klacke)
Yaws is now RSS capable, see doc/README.rss (tobbe)
Added a new example look and feel for the wiki (jb)
Webmail, Fixed problem 	with login with empty fields in FireFox. (jb)
wiki, Fixed minor unzip problem triggered when uploading zip archives with names containing spaces. (jb)

Wed Dec 15 2004 Version 1.51 released
Major feature release.
Added support for config changes without stopping the running systems, virt servers can be added, removed and changed without affecting traffic. (klacke)
wiki/searchPage.yaws: Added search code from Jouni Ryno (jb)
Added client IP resolv for access log files (klacke)
Safer make install target. Can't install if yaws is running (klacke)
Updated both mail and wiki according to changed	APIs for parse_multipart. (jb)

Sat Dec 11  2004 Version 1.50 released
Bugfix and docs release
Running the wiki at the yaws site. Use it !!. No passwords.... 
<verbatim> tag added, this tag pretty much works as <pre> _should_ have worked. Nothing needs to be escaped,  and code containing <, >, & etc can be entered freely.  Writing code examples were driving me crazy. Inside both <pre> and <code> tags all HTML special chars have to be quoted, sucks. (klacke)
Rewamped all docs with CSS and XHTML 1.0, beautiful and nice (klacke)
Attach file problem in wiki (jb)
Form post parameter was still always managed as atoms. This is a backwards incompatible change. It broke the wiki aswell as the upload example in the Yaws docs.However, the change is sound since it was easy to DOS a yaws server by sending file upload posts with new atoms. Eventually the atom table would overflow. However it does break code !!!  (mikl)
Added auto-generate all.zip to dir listings.  It needs the zip command in  the current path to function properly. To turn off, use    dir_listsings = true_nozip. This is a feature for all of us that like to share copyrighthed material to friends that can't muster wget -r (mbj)
Added relative path to ssi, ie {ssi,  {rel_path, File}, ...} is now possible. (jb)
mail app, Fixed refresh bug. (jb)
Added example docs on how to stream data (klacke)
modded patch by sebastian strollo to let  request_url/1 and reformat_url/1 be proper inverses of each other (klacke)
 Made upgrading to   new style Wiki templates smooth. If no template.html file exists in  the WikiPreferences.files directory, then one is created. The same   goes for template_info.html. (jb)

Thu Sep  2, 2004 Version 1.49 released
Bugfixrelease.
Webmail fixes by jb, Add original message quoted in reply, Delete email bug fixed, Mailbox already locked bug, Improved attachment handling.
Wiki fixes by jb, Made layout of wiki much more configurable using templates and ssi. You must run the script/updateWiki script after updating to this release.
Bug found by David Welton, url on the form	http://www.x.com?foo had yaws_api:queryval/2 return {nokey, "foo"}	which is clearly wrong. New correct val is {"foo", undefined}.
two-mode.el contributed by David Welton. Makes it easier to edit files with both erlang and html content. Typically the case for yaws files.
cschultz did lots of stuff, Deflate rehaul:  Now works with dynamic pages, Multiple dots in yaws file name	caused trouble with pathinfo, fixed silly bug with content-range, cache fixes, Have several processes wait for SSL	connections, so that one SSL negotiation in progress does not	prevent other connections.  Also, for the similar reasons, have use	a timeout with SSL accepts.	timeout are quite arbitrary.  They are ok for my low traffic site. Streaming fixes, Rewrite requests with absolute URI to look	like requests with a Host header.
Small fix with embedded mode (it was completely non-working) by Jimmy Olgeni
Addded configure option	-with-defaultcharset (klacke)
jb fixed a severe bug in ssi, Fixed bug in ssi code. Multichar delims were 	not handled properly. When a char of the delim string was found in	the text it was deleted.
patch from  Paul Mahon to	add PEER_ADDR to cgi env

Mon Jun 7, 2004 Version 1.48 released
This release contains both bugfixes as well as som minor new features. There was also a fairly ugly security hole in the example code which describes file uploads found and fixed.
A Bug in yaws_api:request_url/1 was found by Einar Karttunen. The function didn't handle well the case with explicit port numbers in the URI. (klacke)
Fixed the appmod code so that users of yaws_api:setconf/1 doesn't have to bother with the cahnge in internal representation of appmods. (klacke)
Moved phpexe config variable from the sconf to the gconf, it doesn't make sence to have different phpexe paths for different virt servers. Users with old configs will get a warning when tying to specify a phpexe inside a virt server instead of inside the global config area. (klacke)
New feature called "yssi". Yaws server side include. It's now possible to let the out/1 function return a tuple {yssi, PathToYawsFile.yaws"}.  The new yaws file will be fully expanded, compiled and in general handled as a yaws file. This feature can probably be used to build all kinds of different cool stuff. (klacke)
yaws_session_server ttl patch from Rob.Schmersel
Patch from  Fredrik Linder to make it easier to integrate yaws into apps that don't use the otp application framework at all. 
As usual updates both to the wiki and the webmail app by (jb)
Patch from Jocke Grebeno which handles ssi support for ehtml code, not just ascii. We can now return  {ssi, "@@", file.html, [{"FOO", "bar"}, {"BAZ", {ehtml, {p, [], "saab"}}}]}  and it returns the expected. Documented is ssi.yaws.
Security vulnerability in upload.yaws found by (mbj) 

Thu May 27, 2004 Version 1.47 released
Appmods were slightly broken in 1.46

Wed May 26, 2004 Version 1.46 released
Bugfix release. Several fixes to different parts of the web server. No new features.
Debian  support (David Welton)
Embedded mode fixes (Jimmy Olgeni)
Don't create no logs at all when logging is turned off bugfix (Jimmy Olgeni)
SSL and large POSTs fix (cschultz)
Compression and keep alive fix (cschultz)
As usual, several fixes to the wiki and the webmail app (jbevemyr)
An XSS vulnerability (lpsmith)
Rewrote the url spliting (again) and also backed off from the redir when we get http://www.a.com/ and index.html exists. It's better to ship the file directly instead of sending a redir. (klacke)
Reworked (and documented) the appmods a bit (klacke)
Added a command line flag (yaws -ls) which lists existing yaws servers and their status on localhost. (klacke)

Fri Apr 16, 2004 Version 1.45 released
Minor bugfix release fixing up the some odd bugs introduced in the 1.43 rewite.

Mar 18, 2004 Version 1.43 released
This is a major release. Not so much for added functionality as for internal rewrites of the code. The release contains the following:
Compression support using zlib. Still experimental. (cschultz)
Minor bugfixes in the reverse proxy. This code is still not ready (klacke)
Added a specific auth log which logs good and bad HTTP auth requests.
QNX port (cschatz@networkadvantage.biz)
Beautification of dir listings (cschultz)
Never let ehtml generate extra spaces where it is not entirely correct (patch from tomas abrahamsson)
Webmail app, Completed support for attachments, proper esacping, faster listing of large mboxes. Added sorting of mails (jb)
Date header bug (chandru)
postvar put/get bug fixed (hal snyder)
Added yaws_api:query_url(Arg) which reconstructs the url from the original GET request.
Added the "id = Key" configuration parameter. Earlier when we were running multiple yaws servers on the same machine, they had to run with different uid since yaws was writing temporary files under /tmp/yaws/${uid}. This is now changed and if we want 2 _different_ yaws servers on the same machine they must be given different "id" in their respective config files. The yaws ctl scripts, such as yaws -s and friends now have an extra (optional) "-j id" flag to control which specific instance of Yaws is ment.
Added explicit support for Content-Length header from .yaws files for applications that require Content-Length instead of chunked encodings.
Changed the #sconf{} and #gconf{} records so that all the booleans in those 2 records are now a bitmask flag. This is a slightly backwards incompatible change and it affects those that use Yaws in embedded mode where the #sconf and #gconf records are explicitly manipulated. It sholdn't be a big deal to change though.
Workaround buggy otp error_logger_file_h which truncates the report file whenever it is reopened. 
Removed the calls inside the server that were doing list_to_atom/1 We were suceptible to DOS attacks. This is unfortunately a backwards incompatible change since it affects the return value from API functions yaws_api:parse_query/1 and yaws_api:parse_post/1. They both used to return lists on the form of {Key, Val} tuples where Key was an atom. It is now a string. There is a configuration option for yaws.conf which keeps the old (broken) behaviour. 
Optimized url parsing and removed at least one call to lists:flatten/1 in the fast path. 
Better support for old Netscape and the Connection: Keep-Alive header.
More beautiful trace output. Try "yaws -i -x -T"
More and better debug support.
New install procedure with a more interesting yaws.conf template generated.
Updated the ssl test certs that come with yaws. The old ones had expired.

Feb 6, 2004 Version1.41 released
Bugfixes and feature release.
Minor bugfixes to the reverse proxy implementation (klacke)
SSI for the ehtml expander as well as for normal usage. (klacke)
Timestamp checks on SSI files (klacke)
Wiki fixes (Johan Bevemyr)
Return 404 instead of 403 when dir listings are disabled (Leon Smith)
Added CGI variable REQUEST_URI (cschultz)
Better dir listings with support for sort methods (Martin Bjorklund)
Redir, bugs (one would thing we'd be able to do correct redirs by now .. ehh) (Leon Smithh)
Support for 301,303, and 307 redirs (Johan Bevemyr)
php executable is configurable (cschultz)
Major feature enhancement, Support for a new concept called bindings, documented at http://yaws.hyber.org as well as in the man pages. (Joakim grebeno)
More redir cleanup as well as introduction of redirect_local, {any_path, URI}} and made yaws_cgi use it. (cschultz)
Made the webmail app able to render attachments (klacke)

Dec 18, 2003  Version 1.40 released
This is a major feature release.
Experimental reverse proxy implementation <klacke@hyber.org>
New feature, server side includes inside ehtml structure with variable expansion <klacke@hyber.org>
yaws_html an HTML parser which produce ehtml output. The ideal tool for all of us who flunked artclass in highscool. Makes it very easy to rip page design from other sites (designed by those who went to the art classes) <jb@bevemyr.com>)
A HTTP cookie parser <jb@bevemyr.com)
A full blown easy to configure web mail application. It keeps no state, thus only requires the IP of the pop3/smtp servers to run. <jb@bevemyr.com)
Some problems with ehtml expansion fixed <jb@bevemyr.com)
Major overhaul of the docs, written description of embedded mode yaws <klacke@hyber.org)
Don't fail fatal when we can't bind()  <klacke@hyber.org)
Time zone fix <magnus@nortelnetworks.com>
Mime type fix <Rob Schmersel>
tilde expansion and dir listings turned off by default, not on <jb@bevemyr.com>
Many small fixes to the wiki by <jb@bevemyr.com> and <mikl>

Oct 4, 2003.  Version 1.31 released
This is minor bugfix release
Even more redir bugs fixed by Johan Bevemyr
Runs on old erlangs (R7)  (klacke)
Compiles and runs nicely under win32 cygwin using native win32 erlang (klacke)
Cosmetic fixes, docs update and return 403 on bad GETs by Leon Smith

Aug  25, 2003.  Version 1.30 released
This is major feature release with many new features by in particular Carsten Schultz and Leon Smith plus the normal set of regular bugfixes.
Setuid code had broken  (klacke)
Setcookie problem with lynx (Johan Bevemyr)
Wiki: Thumbnail index to slideshow (Johan Bevemyr)
Fixed Cross-Site Scripting vunerability (Leon Smith)
url parsing rewritten in order to normalize the URL path in a
more secure way (Leon Smith)
Log file size for dynamic content also (Carsten Schultz)
Full CGI and PHP support (Carsten Schultz)
Added support for Content-Range, If-Range, If-Match (Carsten Schultz)
HEAD handling rewritten (Carsten Schultz)
Darwin MacOs X support (Eric Baur)
Docs updated describing cgi and php support (Carsten Schultz)
tty trace directly from command line for enhanced debugging

Jun 1, 2003.  Version 1.22 released  
This is bugfix release. 
cosmetic changes in ehtml output
wiki install problems
many fixes to the wiki
ssl config was broken
/etc/rc scripts for redhat/gentoo/suse linux
a redir bug fixed.
ebuild for gentoo added
slideshow support added to the wiki
cosmetic updates to the latex docs

Mar 6, 2003.  Version 1.2 released  
This is bugfix release. 
log fixes by  brucefitzsimons
cache bugs for URLs with a query part
erlang compiler bug workaround, The erlang compiler isn't reentrant !!!!!
Makefile cleanup my mikl
Bugs in listdir

May 3, 2003.  Version 1.01 released 
This is bugfix release. 
Bug in ssl config passord parse found by Eric Pearson
Bug in arg rewrite handling found and fixed by Taavi Talvik
Bug with redir for missing trailing slash together with a query part of the url fixed, found by Erik Pearson
Added the option of disabling dir_listings
Added http version to access log messages
Did away with the idiotic calls to id -u as well as the the broken grep in /etc/passwd. Also ensured that .yaws files with a query part don't end up in the cache. They need to be reparsed every time
Fixed probles with paths that had a query part ending up in the cache
Added proper support for 'if-none-match' with etag matching by Johan Bevemyr
Skip empty space after an erl chunk in a .yaws file
Handle http_error which is generated by the inet_drv.c code. This assumes a patch to the inet_drv.c that actually generates a http_error in this case. Default erl hangs there. Here is the inet_drv.c diff

Jan 23, 2003.  Version 1.0 released 
This is major release. Yaws is now in production quality.
Some minor fixes to yaws_api.
security bug found by jcortner@cvol.net
can compile yaws file produced on win32, that is files with \r\n terminaded lines.

Dec 1, 2002.  Version 0.60 released 
This is minor maintenance release.
Support to run Yaws first as root, then under a a non privileged user
A bug in listdir together with ~username expansion fixed
Bugs in wraplog fixed

Nov 25, 2002.  Version 0.59 released  
Lots of fixes and new features in this release. This release of Yaws is fast, it delivers 3000 static/dynamic pages/sec on my 2Ghz home box.
Many fixes in the wiki, 
~username expansion now works
embedded mode is now fully implemented and functional
many new configuration directives
some backwards incompatible changes such as ssl config and yaws_api:parse_post_data/1. See the docs for details.
Arg rewrite, customized errors etc.
Lots of new documentation and new examples
Optimized ehtml generation

Oct 7, version 0.56 released. 
Improved file editing if in the wiki
New returnvalue from out/1 <tt>break</tt>
The wiki returns w3c compliant code
New return value from out/1 <tt>{ehtml, ErlangTermStructure}</tt>
Multiple users by uid can now run yaws simultaneously.
Support for streamed large content from yaws code
Never cache yaws files that disn't compile properly.
Much more documentation, man page for yaws_api
added a cookie_session-server for persistent cookie sessions
full argument chunking support in Wiki
Install properly on FreeBSD.
Support for embedded mode (finally)
bugfix for empty POST
The shopingcart example is now fully implemented.

Sep 2, version 0.54 released.
Many fixes in the wikiweb by Johan Bevemyr, I'm now running a wikiweb at http://wiki.hyber.org
Support for HTTP Basic authentication by Sean Hinde
Better support for HTTP file upload by Johan and Sean
Support for many more MIME types by compiling a mime.types file by klacke
Support for OPTIONS http request by Johan Bevemyr
Lots of non ready code for a webmail app by klacke.

July 1, version 0.52 released.
It contains a complete wiki web written by Johan Bevemyr with original code
by Joe Armstrong. It also contains a series of minor and major  bugfixes.

Jun 19, version 0.51 released. Lot's of fixes.
Return status 303 when browser asks for a dir URL without a trailing / in the http request. I've always wondered why apache does this. Now I know ... otherwise the relative URLs in /dir/index.html will be wrong when the browser tries to get them.   Utilize this feature when listing dirs now, generate relative urls instead of absolute.
Removed the default_server_on_this_ip option, the first virthosted server  in the config will be default if no Host: header is present
Made the Host: check to check for Host: host:port instead of just host when a server is run on a non-standard port. The browsers seem to set the Host: field to host:port
Tobbe added the -r flag to the startscript
Changed yaws_api:parse_post_data/1 so that it takes an arg struct as argument instead of querydata and added support for multipart form data in the process.

Jun 16, version 0.50 released. 
A bug in setcookie fixed 
a proper /etc/rc/init.d script written. 
New flag, yaws -S which query status of the daemon. bug in cache reload fixed.

Jun 13, version 0.48 released. 
It contains a complete rewrite of the API to generate dynamic content which makes it much easier  to use. 
Furthermore this version accumulates output into larger chunks which makes it much faster the earlier versions. We can now serve 2500 dynamically generated HTML pages per second on a 2GhZ machine.
A bug with  iso 8859 chars in urls has been fixed.
Etag header for static content and Cache-Control header for dynamic.
Additional docs in the form of man pages.

Version 0.40 released. 
Contains bugfixes and full SSL support as well as an embryo to WWW-Authenticate support.