Softpedia >Mac >Internet Utilities >Hiawatha >  Changelog

Hiawatha Changelog

What's new in Hiawatha 10.3

Jun 27, 2016
  • PreventCSRF, PreventSQLi and PreventXSS improved.
  • Prevention of MySQL data mining via SQL injection. Thanks to Esmaeil Rahimian .
  • Added revoke option to Let's Encrypt script.
  • Hiawatha ignores RequireTLS for Let's Encrypt authentication requests.
  • Small bugfixes and improvements.
  • Bugfix: possible HTTP request pipelining error after CSRF prevented.

New in Hiawatha 10.2 (Jun 27, 2016)

  • Added Let's Encrypt script (see extra/letsencrypt).
  • Added support for requesting Let's Encrypt certificates (see AccessList and PasswordFile settings in manual page).
  • Small improvements.
  • Bugfix: HideProxy not working for Forwarded header.

New in Hiawatha 10.1 (Jun 27, 2016)

  • Added Extensions setting.
  • Added support for X-Sendfile header.
  • mbed TLS updated to 2.2.1.
  • Improved SQL injection detection.
  • Small bugfixes and improvements.

New in Hiawatha 10.0 (Jun 27, 2016)

  • Usage of Directory sections changed.
  • Added support for RFC 5785.
  • Added support for GZip compression. Removed the UseGZfile option.
  • Added ECDSA support for TLS 1.0 and TLS 1.1.
  • Replaced UrlToolkit Expire option with ExpirePeriod in Directory section.
  • Replaced IgnoreDotHiawatha option with UseLocalConfig.
  • Removed the VolatileObject option.
  • Improved SQL injection detection.
  • mbed TLS updated to 2.2.0.
  • Small improvements.

New in Hiawatha 10.0 Beta (Nov 13, 2015)

  • Usage of Directory sections changed.
  • Added support for RFC 5785.
  • Added support for GZip compression. Removed the UseGZfile option.
  • Added ECDSA support for TLS 1.0 and TLS 1.1.
  • Replaced UrlToolkit Expire option with ExpirePeriod in Directory section.
  • Replaced IgnoreDotHiawatha option with UseLocalConfig.
  • Removed the VolatileObject option.
  • Improved SQL injection detection.
  • mbed TLS updated to 2.2.0.

New in Hiawatha 9.14 (Aug 15, 2015)

  • mbed TLS updated to 2.0.0.
  • Small bug fixes.
  • Bug fix: crash when sending very large request to FastCGI server.

New in Hiawatha 9.13 (May 12, 2015)

  • Renamed SSLcertFile to TLScertFile.
  • Renamed RequireSSL to RequireTLS.
  • Renamed SSL_* CGI environment variables to TLS_*.
  • Renamed UrlToolkit option UseSSL to UseTLS.
  • Replaced MinSSLversion by MinTLSversion.
  • LogTimeouts option added.
  • Added 'skip directories' parameter to reverse proxy.
  • Failed logins sent to Hiawatha Monitor.
  • Small bugfix and improvements.

New in Hiawatha 9.5 (Apr 24, 2014)

  • Added support for CGI statistics in Hiawatha Monitor.
  • MonitorRequests and MonitorStatsInterval option removed.
  • Added support for Origin HTTP header to prevent CSRF.
  • EnforceFirstHostname option added.
  • ScriptAlias option added.
  • PolarSSL updated to version 1.3.6.
  • Dropped support for PolarSSL 1.2.

New in Hiawatha 9.2 (Jun 24, 2013)

  • Added support for compiling Hiawatha against the system's default version (>=1.2.0) of the PolarSSL library.
  • PolarSSL updated to version 1.2.8.
  • Small bugfixes (memory leaks in error situations).
  • Bugfix: virtual hostname selection for IPv6 with non-standard port.

New in Hiawatha 9.1 (Apr 16, 2013)

  • FileHashes option added.
  • PolarSSL updated to version 1.2.7. Enabled ciphersuite selection based on protocol version.
  • Enabled accf_http support for FreeBSD. Thanks to Martin Tournoij.
  • Better handling of previous installed configuration files under MacOS X. Thanks to Sander Niemeijer.
  • ImageReferer option removed.
  • Bugfix: incorrect BanOnFlooding behavior.
  • Small improvements.

New in Hiawatha 9.0 (Mar 28, 2013)

  • Clients handled via thread pool instead of creating threads on the fly.
  • ThreadPoolSize option added.
  • Header option added to URL Toolkit.
  • Improved client SSL certificate handling. Environment variables renamed.
  • PolarSSL updated to version 1.2.6.
  • Improved Reverse Proxy caching support for requests with URL parameters.
  • CacheMinFilesize option removed.
  • DenyBot option removed. Use UrlToolkit's Header option instead.
  • OldBrowser option removed from URL Toolkit. Use Header option instead.
  • Improved UrlToolkit rule testing in wigwam.
  • Small bugfixes and improvements.

New in Hiawatha 8.8 (Feb 21, 2013)

  • Caching for Reverse Proxy. CacheRProxyExtensions option added.
  • Basic HTTP authentication now supports the glibc2 version of crypt().
  • Hostname in ImageReferer can now contain a wildcard.
  • DenyBody matching is now case insensitive.
  • PolarSSL updated to version 1.2.5.
  • Small improvements.

New in Hiawatha 8.7 (Jan 10, 2013)

  • Support for HTTP Strict Transport Security (RFC 6797). Integrated in RequireSSL option.
  • DHsize option added.
  • PolarSSL updated to version 1.2.3.
  • CloudFlare headers placed in environment variables.
  • Removed php-fcgi.
  • Small improvements.
  • Bugfix: slow page loading via Reverse Proxy.

New in Hiawatha 8.6 (Nov 2, 2012)

  • PolarSSL updated to version 1.2. Added support for TLS 1.2 and secure renegotiation.
  • Added support for Server Name Indication.
  • MinSSLversion option added.
  • ServerRoot option removed.
  • Improved MacOS X package building script.
  • Marked php-fcgi as deprecated. Use php-fpm instead.
  • Small bugfixes and improvements.

New in Hiawatha 8.5 (Sep 10, 2012)

  • Improved Reverse Proxy.
  • Changed error message style.
  • Renamed Command Channel to Tomahawk.
  • Return 403 instead of 401 upon correct password for HTTP authentication but user not in right group.
  • Small improvements.
  • Bugfix: replaced select() with poll() to prevent crashes in case of large amount of simultaneous connections. Thanks to Peter Bex.

New in Hiawatha 8.4 (Jun 9, 2012)

  • MaxServerLoad option added.
  • Bugfix: invalid reverse proxy request when URL parameters are present.
  • PolarSSL updated to version 1.1.4.
  • Small bugfixes and improvements.

New in Hiawatha 8.3.2 (Jun 5, 2012)

  • Bugfix: memory leak in SSL library.

New in Hiawatha 8.2 (May 3, 2012)

  • WebDAVapp option added. Enables support for WebDAV applications like ownCloud (http://owncloud.org/).
  • Removed support for the OPTIONS method.
  • AllowDotFiles option added.
  • Global forks setting in php-fcgi.conf moved to Server setting.
  • Small bug fixes and improvements.

New in Hiawatha 8.1 (Feb 27, 2012)

  • BanOnInvalidURL option added.
  • PolarSSL updated to version 1.1.1.
  • Small improvements in Windows packaging script.
  • Bug fix: paths missing in default values and examples in manual pages.

New in Hiawatha 8.0 (Feb 6, 2012)

  • Replaced Autoconf with CMake. Many thanks to Sander Niemeijer.
  • Replaced OpenSSL with PolarSSL. Many thanks to Paul Bakker.
  • AllowedCiphers and DHparameters options removed.
  • Added IE7 to UrlToolkit's OldBrowser list, removed IE5.
  • MaxUrlLength option added, can return 414 Request-URI Too Long.
  • Changed default value of TriggerOnCGIstatus to 'no'.
  • Equalized format of logfiles.
  • Extra checks added to php-fcgi.
  • Small improvements.

New in Hiawatha 7.8.1 (Nov 12, 2011)

  • Small improvements.
  • Bugfix: null byte in HTTP header of cached CGI content.

New in Hiawatha 7.8 (Nov 1, 2011)

  • Control CGI output cache via X-Hiawatha-Cache and X-Hiawatha-Cache-Remove CGI headers. See the CGI OUTPUT CACHE section in the manual page.
  • BanOnWrongPassword now also triggers on wrong username.
  • Small improvements.
  • Bug fix: timeout issue with large POST requests on SSL connections.

New in Hiawatha 7.7 (Oct 6, 2011)

  • First parameter of Alias can now contain subdirectories.
  • Improved stability for connections with SSL client authentication.
  • Bugfix: BanOnFlooding was broken.

New in Hiawatha 7.6 (Aug 22, 2011)

  • PreventSQLi option rewritten.

New in Hiawatha 7.5 (May 31, 2011)

  • OldBrowser option added to URL toolkit.
  • Improved mimetype configuration.
  • Do-not-track HTTP header support.
  • Password file entries can now be created with Wigwam.
  • Small bugfixes and improvements.
  • Bugfix: sent one byte too few for Range -XX.
  • Bugfix: possible crash when using PreventSQLi.

New in Hiawatha 7.4 (Nov 9, 2010)

  • Connections per IP added to RequestLimitMask.
  • NoExtensionAs made a per-host setting.
  • Small bugfixes and improvements.
  • Bugfix: usage of HideProxy caused Hiawatha to refuse new connections after ConnectionsTotal connections.
  • Bugfix: memory leak in XSLT module.

New in Hiawatha 7.3 (Jun 7, 2010)

  • RequestLimitMask option added.
  • URL parameters for ErrorHandler.
  • Support for Haiku OS.
  • Small security bugfixes.

New in Hiawatha 7.2 (Apr 22, 2010)

  • URL toolkit code restructured.
  • UseSSL option added to URL toolkit.
  • Digest HTTP authentication works with htdigest(1) created password files.
  • Small improvements.

New in Hiawatha 7.1 (Mar 29, 2010)

  • Small bugfixes.
  • Bugfix: deny access and redirect result via toolkit subroutine.
  • Bugfix: broken flooding protection.

New in Hiawatha 7.0 (Feb 15, 2010)

  • Remote Monitoring support. MonitorServer, MonitorRequests and MonitorStatsInterval options added.
  • IPv6 support for Windows version, due to IPv6 support in Cygwin 1.7.
  • XSLT support turned on by default.
  • All directory listings are done via XSLT. The internal index layout has been removed. IndexStyle option removed.
  • ServerRoot option has been made available via configure parameter.
  • Small improvements.

New in Hiawatha 6.19 (Dec 7, 2009)

  • Expire option added to URL toolkit.
  • HideProxy option added.
  • UNIX socket support for connections to FastCGI daemons.
  • ExploitLogfile option added.
  • Small bugfixes.

New in Hiawatha 6.17.1 (Sep 7, 2009)

  • Bugfix: possible crash due to bug in log.c

New in Hiawatha 6.17 (Aug 31, 2009)

  • Directory index via XSLT.
  • Small bugfixes and improvements.
  • Bugfix: incorrect SCRIPT_NAME value with PathInfo.

New in Hiawatha 6.14 (Jun 4, 2009)

  • Platform independent read-timeout handlers.
  • RequiredCA option added.
  • UseSSL option removed, ServerKey option renamed to UseSSL and made available only in Binding section.
  • Small bugfixes and improvements.
  • Bugfix: fork-mutex issue when executing CGI.

New in Hiawatha 6.13 (May 7, 2009)

  • LSB style header added to init script.
  • SSL initialization improved for cross compiling.
  • Change in signal handling (HUP and USR2 signal).
  • Small bugfixes and improvements.
  • Bugfix: incorrect MD5 hashing on 64bit machines.

New in Hiawatha 6.12 (Mar 30, 2009)

  • Compile errors under the latest Ubuntu release fixed.
  • Small bugfixes and improvements.

New in Hiawatha 6.11 (Dec 29, 2008)

  • Duplicate hostname check included in Wigwam.
  • All HTTP headers starting with X- are added to CGI environment and set as XSLT parameter.
  • Non-present HTTP/CGI variable set as empty XSLT parameter.
  • Bugfix: toolkit's FastCGI setting issues.
  • Small bugfixes and improvements.

New in Hiawatha 6.10 (Oct 30, 2008)

  • Prevention of cross-site request forgery. PreventCSRF option added.
  • A start and stop preference pane has been added to the MacOS X package.
  • A new dedicated website for Hiawatha has been launched. Please, visit http://www.hiawatha-webserver.org/. The welcome webpage inside the package has been updated to match the new design.
  • Small bugfixes and improvements.

New in Hiawatha 6.9 (Oct 14, 2008)

  • NoExtensionAs option added.
  • Tool added to the Windows package to start Hiawatha as a service under Windows (see Installation.txt in Windows package for more information).
  • Small bugfixes and improvements.
  • Bugfix: URL encoding of links in directory listing.

New in Hiawatha 6.8 (Jul 23, 2008)

  • XSLT parameter support.
  • 'URL rewriting' has been renamed to 'URL toolkit' (because rewriting is just one of the four options of this feature).
  • FastCGI option added to URL toolkit.
  • WaitForCGI option added.
  • Small bugfixes and improvements.

New in Hiawatha 6.7 (May 29, 2008)

  • BanOnWrongPassword option added.
  • Workaround to handle non-compliant CGI headers.
  • Updated Debian package building files.
  • Small bugfixes and improvements.

New in Hiawatha 6.6 (Apr 29, 2008)

  • XSLT support (compile with --enable-xslt).
  • Bugfix: possible crash when using HTTPS.

New in Hiawatha 6.5 (Mar 14, 2008)

  • Small bugfixes and improvements.
  • Bugfix: integer overflow in str2int().
  • Bugfix: compile error with --disable-ssl.