Merge pull request #103 from edicl/revert-102-session-validation

[hunchentoot.git] / CHANGELOG

Version 1.2.32
2015-05-03
Adds the session-regenerate-cookie-value function (Florian Margaine)
Bugfix: using variables within with-accessors (Dmitry Igrishin)
Added Gitter link (The Gitter Badger)
Add "charset" property to Content-Type HTTP header (Dmitry Igrishin)
"Connection: close" on unthreaded builds (Philipp Marek)
Make the RFC 6585 status constants external (Grim Schjetne)
Add HTTP status codes described in RFC 6585 (Grim Schjetne)
Add charset to Content-Type when serving static (Dmitry Igrishin)
Fix to PROCESS-CONNECTION leaking socket fds (Jussi Lahdenniemi)

Version 1.2.31
2015-03-06
Adds HttpOnly and remove cookie on remove-session (Florian MARGAINE)

Version 1.2.30
2015-02-25
Clear content-length before emitting 304 (Jason Miller)
Treat errors during url decoding as bad requests. (Stas Boukarev)

Version 1.2.29
2014-11-30
temporarily revert ipv6 changes (Hans Huebner)

Version 1.2.28
2014-11-28
Remove dead links and update support information (Hans Huebner)
restore listening to usocket:*wildcard-host* (Hans Huebner)
deal with IPv6 addresses from usocket (Hans Huebner)
eliminate duplicate logging of warnings (reported by loke) (Hans Huebner)
add DETACH-SOCKET function (Hans Huebner)
Add the ability to prevent the sockets from being closed after a request has been processed. (Elias Mårtenson)
document *FINISH-PROCESSING-SOCKET* (Hans Huebner)
Make check for stream timeouts more robust (Raymond Wiker)

Version 1.2.27
2014-05-18
fix warning about missing NAME keyword arg at start-thread (Mark H. David)
remove tbnl-announce list (Hans Huebner)
correct speling eror (Hans Huebner)
Update request.lisp (muyinliu)
file upload file name encoding error fixed (muyinliu)
support use of logical file names for document-root and error-template-directory (Hans Huebner)
Generate www/hunchentoot-doc.html. (Stas Boukarev)
Remove mentions of asdf-install and the darcs mirror from docs. (Stas Boukarev)

Version 1.2.26
2014-01-18
Optimize get-peer/local-address-and-port. (Stas Boukarev)
Close SSL streams after processing connection. (Stas Boukarev)

Version 1.2.25
2014-01-17
allow for handler setting of the "connection" header (William Halliburton)

Version 1.2.24
2014-01-07
Use version number from ASDF system definition, not special var (Hans Huebner)

Version 1.2.23
2014-01-05
Don't set the Connection header to Close if it's already set (AndrejSuc/Stas Boukarev)

Version 1.2.22
2013-12-09
Print header value (if number) in base 10 (Chaitanya Gupta)
Fix for CLISP compilation (Anton Vodonosov)

Version 1.2.21
2013-10-04
Fix capitalization inconsistencies in docs (reported by Stas Boukarev)

Version 1.2.20
2013-10-04
Don't rely on asdf to find default document directory
Add m4v mime type (Wes Henderson)

Version 1.2.19
2013-07-28
Fix ACCEPTOR-REMOVE-SESSION default implementation (Stas Boukarev, Mathieu Lemoine)

Version 1.2.18
2013-05-03
Prevent errors when basic auth user or password contains colon
Add missing implementation for client-as-string for Lispworks, contributed by Raymond Wiker

Version 1.2.17
2013-04-01
New START-THREAD API function (Faré Rideau)

Version 1.2.16
2013-03-31
Fix bug that caused error when requesting nonexistent page.

Version 1.2.15
2013-03-17
Fix race condition in acceptor shutdown (Faré Rideau)

Version 1.2.14
2013-03-08
Call ACCEPTOR-STATUS-MESSAGE in a saner and more useful fashion (sponsored by Ron Garret)

Version 1.2.13
2013-03-03
fix wrong documented signature in acceptor-status-message (reported by Zach Beane)

Version 1.2.12
2013-03-03
Various documentation updates
Fix bug in static file handling that caused Safari to hang on 304 responses by Hunchentoot (reported by Wim Oudshoorn)

Version 1.2.11
2013-01-27
Fix bug in MD5-HEX that could cause session keys to be reused

Version 1.2.10
2013-01-19
Add local-addr* and local-port* functions

Version 1.2.9
2012-12-28
Fix test script to accomodate for Drakma fix regarding redirect from POST to GET
Fix range handling once again

Version 1.2.8
2012-12-19
ECL fixes (Juan Jose Giarcia-Ripoll)

Version 1.2.7
2012-10-19
Fix documentation for COOKIE-IN, which returns a string, not a cookie.
Hunchentoot could not deal with / pointing to a static file directory (Stas Boukarev).
Fixes to pathname sanitizing when handling static files.
Further Range: header handling fixes
Fix some export names relating to taskmaster thread count (Faré Rideau)

Version 1.2.6
2012-09-02
Doc fixes, add .pre-release.sh script

Version 1.2.5
2012-09-02
High-load multithread stability fixes (Mathieu Lemoine)

Version 1.2.4
2012-08-16
Remove dead code & style fixes (Ala'a Mohammad)
Bug fix: setting *print-base* / *print-radix* caused invalid cookie values (Scott L. Burson)
Various documentation and style updates
Fix documentation bug found (Mathieu Lemoine)
Fix bug that could hang Hunchentoot under load (Mathieu Lemoine)

Version 1.2.3
2012-03-03
Fix crash when error occurs while logging error (reported by Xu Jingtao)
Fix compilation with :hunchentoot-no-ssl feature (Mark Evenson)
Fix Range header handling (Simon Sandlund)
Export acceptor-remove-session
ECL timeout support (Juan Jose Giarcia-Ripoll)
Changed cookie handling - Hunchentoot no longer encodes cookies
automatically.  Applications must make sure that they only set cookies
to permitted values (refer to RFC6265 for the details, thanks to Ralf
Stoye for debugging help)

Version 1.2.2
2011-11-30
Fix warning on LispWorks (Nico de Jager)
Documentation updates
Remove obsolete symbols from export list
Add easy-ssl-acceptor
Document acceptor-remove-session, remove obsolete *session-removal-hook* export (Issue #15)
Added :description to asdf system definition
Add documentation section describing how to bind to privileged ports

Version 1.2.1
2011-11-04
Use FINISH-OUTPUT instead of FORCE-OUTPUT at connection end (I. Perminov)
Documentation updates
External format EOL style fixes for Windows (Anton Kovalenko)

Version 1.2.0
2011-10-30
Fix to allow send-service-unavailable-reply to work (Faré Rideau)
Make sure we always have a cooked message to send in case of error (Faré Rideau)
Add www/ directory with default file tree that is being served
Add error template mechanism and improve error reporting in general.
Improve automatic testing, SBCL kludge to support asdf:test-op
Allegro CL modern mode fixes
Fix bugs in serving partial responses
Limit maximum number of threads that Hunchentoot creates (Dan Weinreb, Scott McKay)
Export fixes (Gordon Sims, Andrey Moskvitin, Faré Rideau)
Factor out easy-handler logic into separate acceptor subclass
Export two session functions (Nico de Jager)
Allow no Content-Type header (Chaitanya Gupta)
Patch for compilation with ECL (Sohail Somani)
Fix DEFINE-EASY-HANDLER for multiple acceptors (Nicolas Neuss)
Revived *SHOW-LISP-BACKTRACES-P*
Made sure "100 Continue" is returned even if the client sends "Expect: 100-continue" twice (reported by Gordon Sims)
Fixed typo in code which interprets transfer encodings

Version 1.1.1
2010-08-24
Exported WITHIN-REQUEST-P (Faré Rideau)
Safeguard measures against XSS attacks (J.P. Larocque)
Prevent potential leak when closing stream (Matt Lamari, Martin Simmons)
Change some occurrences of HANDLER-CASE* to HANDLER-CASE (Hans Hübner, Allan Dee)

Version 1.1.0
2010-01-08
Architectural changes - see HANDLE-REQUEST (thanks to Andreas Fuchs and Frode Fjeld)
Re-introduced *CATCH-ERRORS-P* and MAYBE-INVOKE-DEBUGGER
Integration with trivial-backtrace (see *LOG-LISP-BACKTRACES-P*)
Treat :UNSPECIFIC like NIL in pathname components (reported by Frode Fjeld)
Fixed RESET-SESSIONS
Prepared for LispWorks 6 (Nico de Jager)
Fixed reading of post parameters (Peter Seibel and Stephen P. Compall)
Fixed STOP by supplying the :READY-ONLY keyword to USOCKET:WAIT-FOR-INPUT
Enabled SSL key passwords for Lisps other than LW (Vsevolod)

Version 1.0.0
2009-02-19
Complete architectural redesign (together with Hans Hübner)
Lots of small fixes and improvements, too many to enumerate here

Version 0.15.6
2008-04-09
Fixed embarrassingly mis-placed parentheses (thanks to Hans Hübner)

Version 0.15.5
2008-04-08
Removed FORCE-OUTPUT* and thus the ACL-COMPAT dependency (thanks to Hans Hübner)
Support for MP-less CMUCL (thanks to Hans Hübner)

Version 0.15.4
2008-03-27
Fixed unportable LOOP usage (caught by "C S S")

Version 0.15.3
2008-03-17
Added CODE parameter to REDIRECT (thanks to Michael Weber)

Version 0.15.2
2008-03-06
Fixed typo in test.lisp (thanks to Ben Hyde)
Changed wrong usage of EQ to EQL (thanks to Ariel Badichi)
Fixed typo in default handler (thanks to Eugene Ossintsev)

Version 0.15.1
2008-02-13
Uses CL-FAD for HANDLE-STATIC-FILE now
Better error reporting for CREATE-FOLDER-DISPATCHER-AND-HANDLER (suggested by Cyrus Harmon)
Faster version of WRITE-HEADER-LINE (thanks to V. Segu�)

Version 0.15.0
2007-12-29
Added support for CLISP (thanks to Anton Vodonosov)

Version 0.14.7
2007-11-15
Replace ENOUGH-NAMESTRING with ENOUGH-URL (patch by Kilian Sprotte and Hans Hübner)

Version 0.14.6
2007-11-08
Fix compilation order (thanks to Tiarnan O'Corrain and Chris Dean)

Version 0.14.5
2007-10-21
Robustified MAKE-SOCKET-STREAM against potential leak (thanks to Alain Picard)
Replaced #-FOO #-FOO constructs for OpenMCL (patch by Michael Weber)
Updated tutorial links

Version 0.14.4
2007-10-20
Made log stream shared on OpenMCL (thanks to Gary Byers)

Version 0.14.3
2007-10-07
Enabled GET-GID-FROM-NAME for newer versions of SBCL (patch by Cyrus Harmon)

Version 0.14.2
2007-09-26
Better handling of PORT parameter in REDIRECT (thanks to Vladimir Sedach)

Version 0.14.1
2007-09-24
Fixed bug where you couldn't set "Server" header (caught by Ralf Mattes)
Documentation clarification for HEADER-OUT function

Version 0.14.0
2007-09-18
Added support for "HttpOnly" cookie attribute

Version 0.13.0
2007-09-14
Added *METHODS-FOR-POST-PARAMETERS* (suggested by Jonathon McKitrick)

Version 0.12.1
2007-09-13
Better support for WITH-TIMEOUT on SBCL/Win32 (thanks to Anton Vodonosov)

Version 0.12.0
2007-09-07
Now uses bound for flexi stream returned by RAW-POST-DATA
Needs FLEXI-STREAMS 0.12.0 or higher

Version 0.11.2
2007-09-05
Fixed typo in docs
Added declaration in server.lisp to appease SBCL

Version 0.11.1
2007-05-25
Fixes for OpenMCL (thanks to Lennart Staflin and Tiarnan O'Corrain)

Version 0.11.0
2007-05-25
Added server names and coupled them with easy handlers (suggested by Mac Chan)
Exported SESSION-COOKIE-VALUE instead of SESSION-STRING (suggested by Slava Akhmechet)
Documentation fixes (thanks to Victor Kryukov and Igor Plekhov)

Version 0.10.0
2007-05-12
Made MAYBE-INVOKE-DEBUGGER a generic function and exported it (suggested by Vladimir Sedach)

Version 0.9.3
2007-05-08
Fixed CREATE-FOLDER-DISPATCHER-AND-HANDLER in the presence of URL-encoded URLs (bug caught by Nicolas Lamirault)

Version 0.9.2
2007-05-01
Made DEF-HTTP-RETURN-CODE more flexible (suggested by Jong-won Choi)

Version 0.9.1
2007-04-29
Added PORT parameter to REDIRECT (suggested by Cyrus Harmon)
Exported REMOVE-SESSION (suggested by Vamsee Kanakala)

Version 0.9.0
2007-04-19
Added socket timeouts for AllegroCL
Catch IO timeout conditions for AllegroCL, SBCL and CMUCL (suggested by Red Daly and others)
Added per-server dispatch tables (suggested by Robert Synnott and Andrei Stebakov)

Version 0.8.6
2007-04-18
USE the CL package explicitly when defining HUNCHENTOOT-MP (bug report by Joel Boehland)

Version 0.8.5
2007-04-10
Correct behaviour for "100 Continue" responses

Version 0.8.4
2007-04-09
Cleanup

Version 0.8.3
2007-04-07
Don't use chunked encoding for empty (NIL) bodies

Version 0.8.2
2007-04-05
Really exported REASON-PHRASE this time (and also *CURRENT-PROCESS*)

Version 0.8.1
2007-04-04
Added HUNCHENTOOT-MP package (suggested by Cyrus Harmon)
Only invoke MARK-AND-SWEEP for 32-bit versions of LW (thanks to Chris Dean)
Exported REASON-PHRASE

Version 0.8.0
2007-03-31
Added *APPROVED-RETURN-CODES*, *HEADER-STREAM*, and +HTTP-FAILED-DEPENDENCY+
Exported MIME-TYPE and SSL-P
Some minor changes

Version 0.7.3
2007-03-28
Added +HTTP-MULTI-STATUS+

Version 0.7.2
2007-03-09
Fix test suite to properly handle non-base characters in LW (bug caught by Jong-won Choi)

Version 0.7.1
2007-03-09
Fixed last change (thanks to Marko Kocic)

Version 0.7.0
2007-03-09
Development port (no threads) to SBCL/Win32 (patch by Marko Kocic)
Support for compilation without SSL

Version 0.6.2
2007-02-22
Don't use NSTRING-UPCASE for outgoing headers (bug caught by Saurabh Nanda)
Changed ProxyPass example in docs from /lisp to /hunchentoot

Version 0.6.1
2007-01-24
Reset to "faithful" external format on each iteration (bug caught by Viljo Marrandi and Ury Marshak)

Version 0.6.0
2007-01-23
Accept chunked transfer encoding for mod_lisp request bodies (thanks to Hugh Winkler's mod_lisp additions)
Robustify against erroneous form-data submissions (caught by Ury Marshak)

Version 0.5.1
2007-01-18
Even more flexible behaviour of RAW-POST-DATA

Version 0.5.0
2007-01-17
More flexible behaviour of RAW-POST-DATA
Robustified PARSE-CONTENT-TYPE

Version 0.4.14
2007-01-17
More meaningful results for RAW-POST-DATA

Version 0.4.13
2007-01-14
Added favicon.ico to example website (thanks to Yoni Rabkin Katzenell, Toby, and Uwe von Loh)

Version 0.4.12
2006-12-27
Added Hunchentoot logo by Uwe von Loh

Version 0.4.11
2006-12-01
Exported symbols related to session GC (suggested by Nico de Jager)

Version 0.4.10
2006-11-19
Added *HANDLE-HTTP-ERRORS-P* (thanks to Marijn Haverbeke)
Remove duplicate headers when reading from mod_lisp

Version 0.4.9
2006-11-12
Fixed HEADER-OUT (thanks to Robert J. Macomber)

Version 0.4.8
2006-11-06
Fixed bug in START-OUTPUT which confused mod_lisp

Version 0.4.7
2006-11-06
Changed behaviour of REAL-REMOTE-ADDR (as suggested by Robert J. Macomber)
Fixed COOKIE-OUT (thanks to Robert J. Macomber)

Version 0.4.6
2006-11-05
Don't bind *DISPATCH-TABLE* too early (thanks to Marijn Haverbeke)

Version 0.4.5
2006-10-25
Fixed bug in AUTHORIZATION function (reported by Michael J. Forster)

Version 0.4.4
2006-10-12
Correct SSL check in REDIRECT function
LOG-MESSAGE now checks for (BOUNDP '*SERVER*)

Version 0.4.3
2006-10-11
OpenMCL fixes (by Ralf Stoye)

Version 0.4.2
2006-10-10
No timeouts for mod_lisp servers (as in Hunchentoot 0.3.x)

Version 0.4.1
2006-10-10
Fixed a typo in easy-handlers.lisp (caught by Travis Cross)

Version 0.4.0
2006-10-10
Ported to CMUCL, SBCL, OpenMCL, and AllegroCL
Merged with TBNL
Tons of small changes, too many to list them individually

Version 0.3.2
2006-09-14
Uses TBNL's WITH-DEBUGGER now

Version 0.3.1
2006-09-14
Added *CATCH-ERRORS-P* (from TBNL)

Version 0.3.0
2006-09-05
Accept HTTP requests with chunked transfer encoding
Use Chunga for chunking

Version 0.2.2
2006-08-31
Skip START-OUTPUT advice completely if working for TBNL

Version 0.2.1
2006-08-28
Added write timeouts for LW 5.0
Updated LW links in documentation

Version 0.2.0
2006-08-28
Serves as infrastructure for TBNL now (to replace KMRCL)
For HTTP/1.1 only send 'Keep-Alive' headers if explicitly requested

Version 0.1.5
2006-08-23
Connection headers are separated by commas, not semicolons

Version 0.1.4
2006-08-22
Refactored streams.lisp to appease LW compiler (thanks to Martin Simmons)
Changed handling of version string
Changed package handling in system definition (thanks to Christophe Rhodes)

Version 0.1.3
2006-02-08
Removed KMRCL workaround

Version 0.1.2
2006-01-03
Mention TBNL version number in server name header

Version 0.1.1
2005-12-31
Fixed package stuff and HYPERDOC support

Version 0.1.0
2005-12-31
Initial public release

[For earlier changes see the file "CHANGELOG_TBNL" that is included with the release.]