WebServer-specific changes
Important notes on upgrading existing installations:
Changes in MySQL reconnect handling
The MySQL connector has changed its reconnect behavior. It is crucial that server modules do not keep long-lived
connections when idling since they will be unavailable for reuse. If you run the server with --debug you
will see extra warnings in the debug log if incorrect behavior is encountered.
Java on Mac OS X 10.7
Users of Mac OS X 10.7 Lion should be aware that Apple no longer installs a Java runtime by default. Instead
there is a stub library that will present a dialog box when it detects an invocation of a Java command; the intention
of this dialog box is to let administrators download the Java package when needed. However, this strategy will fail
if the Roxen server is running in background mode (there is no window context to show the dialog box) and Roxen will
then terminate. A simple solution to this is to open a Terminal window and type the command java to force
Mac OS X to present the dialog box in an interactive session.
Administration Interface improvements:
- Fix recursive lock issue in Tasks > Debug > Pike Memory Usage Information wizard.
- Fixed minor overcaching issue in Debug > List Fonts.
- Various fixes in the Debug > Open Files wizard.
- Solved permission issue when unpacking Roxen patches.
- Add collapsible levels and restyle Debug > Resolve Path output.
- Add proper quoting to module names in Debug > Resolve Path.
[Bug
6034]
- Various internal fixes to the crunch box widget.
[Bug
6007]
- Better error catching in DB browser.
- Fix string quoting, whitespace washing and wide text in DB browser.
- DB browser queries can now be disabled with a line containing --.
- Fixed browser redirects in some DB browser actions.
- Make it easier to check/uncheck all databases when dropping site.
- Request tracing of <set>, <append> and <unset> now show variable name.
- Improved support for Internet Explorer 9 and dropped old Internet Explorer 6 kludges.
- Make configuration interface more robust against double submits.
- Fixed a quoting issue with settings fields.
[Bug
6131]
- Better robustness in port handling with hostname glob.
[Bug
6174]
- Prevent repeated shutdown/restart requests.
[Bug
6169]
Database Manager improvements:
- Set connection charset after releasing global cache lock.
[Bug
5961]
- Shorten connection timeout to 1 minute (override with -DDB_CONNECTION_TIMEOUT).
[Bug
5964]
- Keep connections with errors out of the connection pool.
[Bug
5969]
- Disable automatic reconnect for cached connections.
[Bug
5964]
Patch management improvements:
- Roxen patches with header in git format is now supported.
[Bug
6166]
- Roxen Patch now works better across filesystems.
[Bug
5924]
Modules improvements:
- Host Redirect module now supports %q (URL query) expansion.
[Bug
5930]
- Added Argcache GC module.
- Added Memory Logger module.
- Added Perodic Fetcher module.
- Improve XML byte-order mark support in XML DB Mirror.
- Disable YUI2 resources with known security issues.
[Bug
6210]
RXML improvements:
- Preserve RXML context when evaluating subrequests.
[Bug
5940]
- Setting HTTP headers in certain ways should work in p-code.
- Implemented global constants for Boolean and NULL values (&roxen.true;, &roxen.false; and &roxen.null;).
- Reject empty src attributes in various graphics tags (e.g. <cimg src=""/>).
[Bug
5791]
- Avoid rounding errors when comparing compatibility level.
[Bug
3877]
- Fixed path encoding issue in p-code on Windows.
- More RXML API types (t_str_or_int, t_num_array, t_str_array, t_map_array).
- Make the &var.data:js; encoding safe inside <script> tags.
- Added MD5, SHA1 and SHA256 variable encodings (e.g. &var.data:utf8.md5.hex;).
- Added &var.data:json; encoding for JSON output.
[Bug
6056]
- The JS library method selectFirstInputField() won't focus a field if the user already focused elsewhere.
[Bug
6228]
- Support Content-Encoding header in <insert#href>.
[Bug
6041]
- Avoid memory garbage from lingering HTTP connections in <insert#href>.
- Add caching in various expression forms (e.g. <set expr="..."/>).
- Add subindexing, var(), index(), min() and max() in variable expressions.
- Added filename attribute to <gxml>.
- <emit#languages> now emits the currently selected language.
- Fix multiple bugs in <format-number>.
[Bug
4901]
[Bug
6055]
- <email> now gives each attachment a unique Content-ID.
[Bug
5136]
- Avoid memory garbage from circular references in <insert#cached-href>.
- Removed possibility to override quiet RXML errors via URL prestate.
- Added <emit#imgs> as companion to <imgs>.
[Bug
5427]
[Bug
6097]
- Fixed broken use of Vary callbacks.
[Bug
5365]
- <debug> needs on attribute to turn on debug mode.
- <emit#values> with CSV advancing now handled postprocessing.
[Bug
5926]
[Bug
5777]
- Better error handling in <charset> and <recode>.
- Added <hash-hmac/> (Hash-based Message Authentication Code).
- Added <json-format> and <json-parse>.
- Fix issue with user overrides in roxen/page scopes together with <use/>.
[Bug
6130]
- Added option to <session> to use shared database.
[Bug
5915]
- P-code with huge number of compiled statements should now work correctly.
[Bug
6146]
- Added secure and httponly attributes to the <set-cookie/> tag.
Core improvements:
- Removed old RAM cache implementation.
- Log errors during argcache sync.
- Changed strategy for argcache sync to run in dedicated thread.
[Bug
6014]
- Handle duplicate argcache keys by replacing instead of flagging an error.
- Return 503 response code for requests waiting too long.
[Bug
5886]
- Corrected problem with data corruption in chunked transfer encoding.
- Fixed RAM cache expire to only expire the requested cache.
[Bug
5861]
- Added SNMP probes for protocol cache, Pike memory usage and gc.
- Destroy protocol cache keys when entires expire to reduce garbage.
- Don't attempt to start modules that failed to load.
- Support variables (e.g. $LOGDIR) in e.g. font and module settings.
- Avoid backtrace for closed connection when configuration loads.
[Bug
4832]
- URL registration/unregistration fixes.
[Bug
5982]
[Bug
6037]
- Handle some situations of ANY/specific IPs better.
[Bug
5982]
- Avoid stale argcache database connections.
[Bug
5964]
- Fix backtrace during shutdown.
- ABS now dumps handler queue after thread backtrace.
- Internal server errors now get more prominent appearance in server log.
- Thread dumps now display thread names and thread busy time information.
- Speed up image cache flushing through new database index.
- Threading fixes to image cache metadata syncing.
- Set image/argument cache access time no more than once a day.
- Remove unneeded thread lock in image/argument key creation.
- Less serious warning for harmless log/security pattern decoding issue.
- Added experimental fork optimization (enable with ROXEN_USE_FORKD).
[Bug
6043]
- bin/create_configif should use current compatibility level.
- Set TMPDIR to a non-user-specific directory to avoid uid issues on OS X.
- Added support for bytea encoding.
[Bug
5377]
- Support --valgrind.
- Ensure correct locale before running ifconfig.
[Bug
5898]
- Updated compatibility with Cacti 0.8.7h.
- Use privileged access to filesystem in Roxen Patch.
[Bug
6036]
- Make start script more robust against various errors involving Roxen/MySQL PID files.
- Added robustness to detect already running myisamchk.
- Memory logger can now report more low-level information.
[Bug
6275]
- Incorporated ActionFS API.
- Apply URL quoting to data in WebDAV directory listings.
- Avoid recursion in 404 reply on WebDAV requests from OS X clients.
- Generate SSL shadow certificates for bundled certificates.
[Bug
268]
- Disable single DES in SSL due to known weakness.
- Fixed a broken Xerces Java archive.
[Bug
4252]
Pike-specific changes
Modules improvements:
- Array: Fix infinite recursion with non-numeric input in oid_sort_func().
- Calendar: dwim_time() should know how to parse ISO 8601 timestamps.
- Calendar: Updates to timezone data.
- Debug: Added memory_usage() fields on more internal state.
[Bug
6275]
- Filesystem.Tar: Fix for Windows issue with permission bits.
- Filesystem.Tar: Don't abort when directory timestamp can't be set on Windows.
- Gmp: Added functions to access the numerator and the denominator of an mpq.
- Gmp: Fixed bugs in the formatting of mpz as floats.
- Gmp: Fixed strange bug where mpq were initialized as mpz from strings.
- Image.JPEG: Recompiled with libjpeg-turbo to Mac OS X and RHEL to get significant performance improvements.
- Image.JPEG: Fix broken detection of libjpeg lossless transformation support.
- Image.PNG: fix tRNS handling in decoder.
- Image.X: Fixed typo in encode_pseudocolor().
- Java: Restore Java support on OS X 10.6.
- Locale.Charset: GB2312 should typically be treated as EUC-CN.
- Locale.Charset: Fixed NULL-dereferencing in the decoder for EUC-CN and EUC-KR.
- MIME: Join adjacent decoded words with the same character set.
- Parser.RCS: Avoid recursion and reduce memory when extracting revision content.
- Parser.XML.NSTree: diff_namespaces() needs to return its return value.
- Parser.XML.Tree: Bugfixed implementation and documentation.
- Process: Added support for spawning processes via forkd.
[Bug
6043]
- Process: spawn(), popen() and system() et al now use Process.Process.
- Protocols.DNS: Support A6 replies in Protocols.DNS.Server.
- Protocols.DNS: Improved detection of IPv6 support.
- Protocols.DNS: Abort active requests in close().
[Bug
6031]
- Protocols.DNS: Fixed issue where async_client objects became garbage even after close().
- Protocols.DNS: Made safe_bind() less verbose in the common failure case.
- Protocols.DNS: Simple hack to allow literal ipv6 in /etc/hosts.
- Protocols.HTTP: Increased robustness in close() against connection not being open.
- Protocols.HTTP: Set the Content-Length header for zero-length data.
[Bug
5936]
- Protocols.HTTP: Some keep-alive handling fixes for async_request().
- Protocols.HTTP: Support proxying of HTTPS.
- Protocols.HTTP: Support keep-alive for proxied requests.
- Protocols.HTTP: Proxy methods now support falling back to no proxy.
- Protocols.HTTP: Use set_callbacks() to clear the callbacks.
- Protocols.HTTP: Include a more complete list of response codes and descriptions.
- Protocols.HTTP.Query: Clean up closing of the connection.
- Protocols.HTTP.Query: Filter weak SSL ciphers rather than list strong.
- Protocols.HTTP.Query: Fixed broken state when open_socket() has thrown an error.
- Protocols.HTTP.Server: Multiple multipart file submissions will be preserved as suggested by HTML5.
- Protocols.HTTP.Server: Use better response descriptions.
- Protocols.XMLRPC: Added boolean support using Val.true and Val.false.
- Protocols.XMLRPC: Fix parsing of requests that wrap values in CDATA directives.
- Regexp.PCRE: Fixed return value from exec() to always have entries for all submatches.
- Regexp.PCRE: Add support for capture groups in replace().
- SSL: Implement the renegotiation_info extension from RFC 5746.
[Bug
5840]
- SSL: Various fixes for client mode.
- SSL: Added set_callbacks() and query_callbacks() to sslfile as per Stdio.File.
- SSL: Ensure that queued alerts are sent if the connection hasn't been shutdown by the alert callback.
- SSL: Convert ALERT_no_renegotiation to ALERT_handshake_failure for SSL 3.0.
- SSL: Throw an error from create() in client blocking mode on handshake failure.
- Search: Add database indexes.
[Bug
5844]
- Search: Fixed compatibility with old MySQL.
- Search: Support optional watchdog script for external filter binaries.
- Search: Replaced publication date sorting with one that uses a better field.
- Sql: Added wrappers for is_open() and ping().
- Sql.Sql: Added typed_query() for convenience.
- Sql.pgsql: sendterminate() implies close().
- Sql.Mysql: Improved typed mode for DECIMAL and BIT fields.
- Sql.Mysql: Added option to disable automatic reconnect, and force the default to on.
- Sql.Mysql: Removed all remains of the Pike C-level reconnect code.
[Bug
5964]
- Sql.Mysql: set_charset() and create() now set the charset option.
- Sql.Mysql: Update the stored connection charset only if the charset change is successful.
- Sql.Mysql: Improved support for Blastwave.
- Sql.Mysql: Fixed a refcount bug.
- Sql.Mysql: fetch_json_result() now quotes U+2028 and U+2029.
[Bug
6103]
- Standards.JSON: Improved escaping of U+2028 and U+2029 to help buggy parsers.
- Standards.JSON: Handle \u encoded surrogate pairs in decode().
- Standards.JSON: Made string escaping accessible by itself through escape_string().
- Standards.JSON: Check that \u escapes produce valid Unicode chars in validate().
- Standards.JSON: Use surrogate pairs for chars above U+FFFF in ASCII_ONLY output.
- Standards.URI: The authority section may be undefined.
[Bug
5859]
- Stdio: Fixed cp() to work on directory trees on Windows.
- Stdio: Set the mode bits last in cp() in case they remove write bits.
- Stdio: Added documentation for recursive_mv() on some behavior inherited from cp().
- Stdio: Added set_callbacks() and query_callbacks() to handle several callbacks at once.
- Stdio: Avoid warning when System.cp() exists (e.g. on Windows).
- Stdio: Fix file length handling in sendfile().
[Bug
6118]
- Stdio: Improved file descriptor capability handling.
- Stdio: Throw errors in ALL failure modes for write_file() and append_file().
[Bug
6052]
- Stdio.Fd: Fixed several cases where the flag FILE_HAVE_RECV_FD was lost.
- Stdio.Fd_ref now supports subtyped Stdio.Fd objects.
- Stdio.File: Added send_fd() and receive_fd().
- Stdio.File: Deregister events properly when the fd is closed.
- Stdio.File: Fixed bogus errno from query_address() when given a socket with an invalid protocol family.
- Stdio.File: Added robustness in rm() for EINTR.
- Stdio.UDP: Improved support for IPv6.
- Stdio.UDP: query_address() now knows about IPv6-mapped IPv4 addresses.
- System.getgrent: The group member list can be NULL on Mac OS X.
[Bug
6187]
- Tools.X509: Use a unique serial number for each self-signed certificate.
- Tools.X509: Added lower level functions dsa_sign_key() and rsa_sign_key().
- Val: Added a new Val module for various global constant values.
- Web.Crawler: Support for URLs containing Unicode characters.
[Bug
5958]
Core improvements:
- Added kludge for function_name().
[Bug
6156]
- Avoid relying on stale pointers in getters/setters.
- Disabled an unsafe optimization.
- Fix profiling of recursive functions by tracking recursion level.
[Bug
5131]
- Fixed overoptimization of time() calls.
- Fixed potential memory clobbering in special cases when dividing the empty array with a float number.
- Fixed resolving of external symbols in deep inherits.
[Bug
6063]
- Fixed typo that could cause fatal when comparing objects with equal().
- Fixed multiset masking typo.
- Fixed fallback order for master compatibility resolver.
- Forward compatibility with 64-bit line numbers from Pike 7.9.
- IPv6: Added support for generating mapped IPv4 addesses on getaddrinfo() failure.
- IPv6: Enable IPv4 mapped adresses explicitly.
- IPv6: Support giving hints about IPv6 to get_inet_addr().
- Patch cmod precompiler to support negative int(low..high) bounds.
- Update current_time returned by time(1) after sleeping.
- Workaround for call_c_initializers() creating broken frames.
[Bug
6156]
- Survive crypt(3C) failing.
[Bug
6013]
MySQL-specific changes
No changes to the bundled MySQL server.
Documentation-specific changes
Major restructuring and reformatting of PDF documentation.