Hey all,
As a way to celebrate YAPC::NA, here is a fresh new release of Dancer 1.
:-) It's a fairly small release, but it takes care of a security issue
with cookie names (it was possible to inject \r\n in the names, and thus
do evil things with the response headers), and has a patch that make
possible to have non-'/'-based apps behind proxies.
1.3114 02.06.2013
[ ENHANCEMENTS ]
* GH #919: 'dancer' script exits with code 255 if application
name is invalid. (ppisar)
* GH #871: now recognize HTTP_X_FORWARDED_PROTO. (mlbarrow)
* GH #926: make messages from fatal warnings show up in the logs.
(Max Maischein)
* GH #930: speed improvement. (ichesnokov)
* GH #859: strip illegal characters from cookie name. (Colin Keith)
* GH #924: non-'/' apps behind proxies now possible using
'request-base' header. (Mikolaj Kucharski)
[ BUG FIXES ]
* GH #724: app.pl obeys --confdir. (Yanick Champoux)
* GH #927: logging format using 'h' now play nicely if no header
present.
(ironcamel)
[ DOCUMENTATION ]
* GH #922: Add example of request parameters. (Gabor Szabo)
* Add scheme line for ngnix config in D::Deployment.
Enjoy (and, as usual, a big thank to all bug reporters and patchers, and
PRers)!
`/anick
_______________________________________________
dancer-users mailing list
[email protected]
http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
