Recent Releases
5.1.513 Oct 2021 13:05
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
Use constant time password comparison.
.
Download.
Documentation.
5.1.414 Aug 2021 03:16
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
Use constant time password comparison.
.
Download.
Documentation.
5.1.308 Jun 2021 06:45
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
building on Arm 64 #.
Make Digest authentication nonce duration configurable.
decoding 00 characters in URLs.
To build, requires MakeMe 1.0.2 or later.
To install packages, use Pak 1.0.4 or later.
.
Download.
Documentation.
5.1.117 Jan 2020 06:45
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
VxWorks compilation cast.
To build, requires MakeMe 1.0.2 or later.
To install packages, use Pak 1.0.4 or later.
.
Download.
Documentation.
5.1.009 Sep 2019 06:45
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
File upload use after free.
High CPU use during file upload.
To build, requires MakeMe 1.0 or later.
To install packages, use Pak 1.0 or later.
.
Download.
Documentation.
5.0.114 Jun 2019 07:45
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
header parsing causing OOB reference and potential DOS.
To build, requires MakeMe 1.0 or later.
To install packages, use Pak 1.0 or later.
.
Download.
Documentation.
4.1.123 Dec 2018 03:15
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
Support both OpenSSL 1.0 and 1.1 streams.
Improve windows building.
Support VS 2017 professional and community editions.
multiple response cookies.
To build, requires MakeMe 1.0 or later.
To install packages, use Pak 1.0 or later.
.
Download.
Documentation.
4.1.014 Dec 2018 03:15
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
Support both OpenSSL 1.0 and 1.1 streams.
Improve windows building.
Support VS 2017 professional and community editions.
multiple response cookies.
To build, requires MakeMe 1.0 or later.
To install packages, use Pak 1.0 or later.
.
Download.
Documentation.
4.0.218 Apr 2018 05:45
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
Upgrade to match new Pak release (0.12.4) and using pak.json instead of package.json.
Update for OpenSSL 1.1.0 and Mbedtls 2.8.0.
Update for Alpine linux.
To build, requires MakeMe 0.10.8 or later.
To install packages, use Pak 0.12.4 or later.
.
Download.
Documentation.
4.0.114 Feb 2018 03:15
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
denial of service #264.
To build, requires MakeMe 0.10.6 or later.
To install packages, use Pak 0.12.2 or later.
.
Download.
Documentation.
4.0.022 Sep 2017 11:45
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
Remove deprecated APIs.
Strengthen read-only API parameters by changing "char*" to "const char*".
Add limit for number of CGI args.
upload requests missing the "name" field that caused a DoS for malformed requests.
invalid memory reference upload handler.
Support Visual Studio 2017.
Documentation updates.
To build, requires MakeMe 0.10.6 or later.
To install packages, use Pak 0.12.2 or later.
.
Download.
Documentation.
3.6.513 Jun 2017 11:05
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
remote code injection into dynamically linked CGI programs on Linux.
crash when pruning sessions that have been recreated.
Add CGI variable precgiVarPrein main.me.
memory leak with SSL load test.
To build, requires MakeMe 0.10.4 or later.
To install packages, use Pak 0.12.1 or later.
.
Download.
Documentation.
3.6.409 Jun 2017 23:25
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
Upgrade to mbedtls 2.2.1.
importing openssl libraries when building.
Add openssl renegotiation controls via main.me: ssl.handshakes.
missing va_end in jsArgs.
Add missing initializer to websRomIndex.
Improve BPUT macros.
Add websSetLogLevel and snclone APIs.
Add template.
busy wait on socket disconnect.
handling negative timezones and offsets.
Add VxWorks 7 support.
cross compiling sleuthing the cross compiler options.
using --set compiler.has configuration options.
Added fortification to compiler options and ASLR.
To build, requires MakeMe 0.10.4 or later.
To install packages, use Pak 0.12.1 or later.
.
Download.
Documentation.
3.6.303 Jun 2016 14:05
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
Upgrade to mbedtls 2.2.1.
importing openssl libraries when building.
Add openssl renegotiation controls via main.me: ssl.handshakes.
missing va_end in jsArgs.
Add missing initializer to websRomIndex.
Improve BPUT macros.
Add websSetLogLevel and snclone APIs.
Add template.
busy wait on socket disconnect.
handling negative timezones and offsets.
Add VxWorks 7 support.
cross compiling sleuthing the cross compiler options.
using --set compiler.has configuration options.
Added fortification to compiler options and ASLR.
To build, requires MakeMe 0.10.4 or later.
To install packages, use Pak 0.12.1 or later.
.
Download.
Documentation.
3.6.202 Jan 2016 02:25
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
unportable websGetRandomBytes.
conditional compilation with various configure options.
Don't log file handle if using stdout.
To build, requires MakeMe 0.10.0 or later.
To install packages, use Pak 0.12.0 or later.
.
Download.
Documentation.
3.6.107 Dec 2015 09:05
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
memory leaks on error paths.
handling requests on the error path.
ROM (no file system) support.
CPU hog handling some invalid requests.
Update API stability classifications.
Prototype Blowfish password encryption APIs.
Other.
To build, requires MakeMe 0.10.0 or later.
To install packages, use Pak 0.12.0 or later.
.
Download.
Documentation.
3.6.002 Dec 2015 03:16
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
memory leaks on error paths.
handling requests on the error path.
ROM (no file system) support.
CPU hog handling some invalid requests.
Update API stability classifications.
Prototype Blowfish password encryption APIs.
Other.
To build, requires MakeMe 0.10.0 or later.
To install packages, use Pak 0.12.0 or later.
.
Download.
Documentation.
3.5.024 Sep 2015 04:45
minor feature:
Add MbedTLS support for 2.1.1.
event handling for past due events.
Improve checking of memory allocations.
memory leaks with some error paths.
checking negative time delays.
Improve wfree and assert.
To build, requires MakeMe 0.10.0 or later.
To install packages, use Pak 0.12.0 or later.
3.4.1227 Aug 2015 11:05
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
Add configure.bat so windows users can just "configure".
Update documentation about GoAhead handlers.
Convert unit tests to use TestMe.
CGI on windows.
String conversion API: itosbuf.
To build, requires MakeMe 0.9.3 or later.
To install paks, use Pak 0.11.3 or later.
.
Download.
Documentation.
3.4.1114 Aug 2015 05:45
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
3.4.1021 Jul 2015 07:45
minor feature:
Essential Upgrade -- All users strongly advised to upgrade.
Recommended Upgrade -- Upgrade recommended but not essential.
Optional Upgrade -- Upgrade only if convenient.
3.4.924 Jun 2015 09:45
minor feature:
Fix memory leak websError with no log option.
3.4.818 Jun 2015 03:15
minor feature:
Fix memory leak in digest authentication.
Improve documentation sidebar.
Add documentation stability classifications.
3.4.713 Jun 2015 07:05
minor feature:
Fix file upload rejecting the client-side filename.
Group SSL configuration into one main.me paragraph.
3.4.609 Jun 2015 09:45
minor feature:
Configure SSL.
3.4.506 Jun 2015 03:15
minor feature:
Fix empty Webs.ipaddr and Webs.ifaddr fields for keep-alive requests.
Convert to use SSL packages mpr-openssl, mpr-matrixssl, mpr-nanossl, mpr-mbedtls.
Improve configurable makefiles.
Update CA root certificate bundle.
Fix masterSecret in digest authentication.
Fix memory leak in digest authentication.
Fix response error for huge files when output socket is saturated.
Fix socketInfo for VxWorks when IP is null.
Fix unwanted asserts.
3.4.411 Apr 2015 21:05
minor feature:
Fix CGI memory leak.
3.4.304 Dec 2014 03:15
minor feature:
Fix CGI memory leak.
.
Change Log.
Download.
Documentation.
3.4.230 Nov 2014 03:15
minor feature:
Fix for POODLE threat
Add trace for release builds
.
Change Log
Download
Documentation
3.4.127 Nov 2014 00:26
minor bugfix:
Security patch release to address the POODLE SSL vulnerability.