Roxen WebServer 6.1.200 is now available from http://download.roxen.com/.
Note: This is a major release, and as such there are more structural
changes than usual which have larger effects on compatibility.
WebServer-specific changes
Core improvments:
o Moved to Pike version 8.0, which among other things gives
a much improved SSL/TLS implementation, with support for
eg elliptic curves.
COMPAT NOTE: There are a number of incompatibilities between Pike
7.8 and 8.0, but that is of no concern if you do not have your
own custom modules. Roxen module developers should take a look
at the Pike release notes for Pike 8.0. Many incompatibilities
may be mitigated by running in 7.8 compatibility mode, which is
enabled by simply putting "#pike 7.8" at the top of each pike
(and pmod) file. Note also that the compatibility layers for
pike 7.4 and earlier have been removed (it's been ~8 years
since the switch to Pike 7.8).
o Changed database from MySQL to MariaDB 10.1.12.
o Changed MySQL/MariaDB client library from mysql 3.23.49 to
mariadb-connector-c 2.2.
o Updated Nettle version to Nettle 3.0 or later.
o Speed up scanning for module and pike-module directories by
excluding some more items (e.g. ".git" and "node_modules").
o Core: Load demand-loaded modules from handler threads. [bug 7782]
o Threads: Improved robustness for describe_all_threads(). [bug 7642]
o Start: Added --without-daemon. [bug 7488]
o Config: If the primary configuration file is lost, try the backups.
o Config: Flush configuration files to disc before renaming them.
o Logging: Modify debug log timestamps to always print absolute time,
and to display uptime every 5 lines.
o Logging: Default to dated access logfiles.
o Logging: Default to compressing log files.
o DBManager: Add an innodb-data-file-path entry to my.cfg.
o MySQL: Detect and support MariaDB.
o MySQL: Bump the required MySQL version to 5.5.
o Site-Templates: Added support for packages.
o Pike 8.0: Upgrade old automatic X.509v1 certs to X.509v3.
APIs improvements:
o DBManager.SqlFileSplitIterator: Improved performance.
o Add language-aware imploding of string lists.
o New module: HTTPClient.
o Variable.MultipleChoice: Added multiselect mode.
o Variable.MultipleChoice: Support conversion to/from multiselect.
o Added ROXEN.basename().
o ImageCache: Cast atime as SIGNED to avoid errors with some MySQL
versions.
o JS-support: Added deepCompare() that checks two JavaScript values
recursively for equality.
o JS-support: Added ROXEN.arrayUnique().
o JS-support: Added ROXEN.AFS.post_files() which can send FileList
objects directly to the server.
o JS-support: Added ROXEN.dirname().
o JS-support: Added simple YUI style combo loader
o JS-support: Allow ROXEN.AFS.post() to send a form ID to YUI for
encoding.
o JS-support: AFS: Add code for throttling and duplicate removal,
o JS-support: AFS: Added function to detect if init() has been called.
o JS-Support: Improve protocol caching for static resources.
o New logging feature: JSON logging.
o New module: REST API for Administration Interface.
o Add a few (custom and glibc-inspired) modifiers to strftime.
o Protocol Cache: Assume that vary is supported by all.
o Protocols: Added StartTLSProtocol.
o ImageCache: Add an expires header.
Administation Interface improvements:
o Compat: Add compat level for Roxen 6.1
o Only show the selected SNMP sub-tree
o RoxenPatch: New files may now force overwrites
o FSGC: Added support for quarantining instead of deleting
o Make various input fields larger.
o Logging: Added log pattern $cipher-suite.
o Logging: Added log pattern $link-layer.
o Logging: Remove log notices after 7 days. Fixes [bug 6950].
o Logging: Don't use <imgs> for site/module log entry icons since that
scales badly with long logs.
o Include protocol cache stats in Cache Status wizard. Improve wizard
presentation to make it easier to interpret data.
o Config IF: Fixed a redirect loop.
o Config IF: Join the tabs "Auto {Restart,Patching}" to "Auto
Maintenance".
o SSL: Generate RSA/SHA256 certificates.
o Display (direct) object memory usage on memory usage page.
o DB-browser: Support queries returning multiple result sets.
o DB-browser: Default the copy or rename action to rename.
o DB-browser: Reorder Ok/Cancel buttons.
Modules improvements:
o New module: Filesystem Proxy.
o XML DB Mirror: Now also a feed import backend.
o UserDB: Support UTF8 in the user database.
o UserDB: Cache user name lookups for 60 seconds.
o Relay2: Added the possibillity to add additional response headers.
o auth_httpcookie: Support year 2037 and beyond.
o auth_httpcookie: Timeout cookies after a year.
o auth_httpcookie: Use SHA1 to generate the cookie.
o CGI: Send Connection: close.
o CGI: Support HEAD. Fixes [bug 4616].
o Email: Improved support for Unicode attachments.
o Perform negative caching of (typically) htaccess files for
5 seconds.
Patch system improvements:
o Complain but proceed when the CA list is empty.
o Use HTTPS to fetch the patch cluster.
o Rename the "Update Client" permission to "Apply Patches".
o Added option to automatically install patches on restart.
o Added support for automatic fetch of patch clusters.
Protocols improvements:
o Extensions: *.gz and *.bz2 et al are content-types. [bug 7691]
o Attempt to use protocol cache for certain authenticated resources
as well.
o Init: Make sure that the default certificates don't use SHA1.
o Init: Create the default certificates in the correct place.
o SSL: Hide the "SSL key file" variable if empty.
o SSL: Change default minimum suite to TLS 1.0.
o Pike 8.0 [SSL]: Support ipless with https.
o Pike 8.0 [SSL]: Support multiple certificates with the same key.
o SSL: Updated estimated cipher strengths.
o FTP: Enable handler threads by default.
o FTP: Allow anonymous ftp without TLS even when TLS required.
o FTP: Added support for the CCC command.
o FTP: Default to PROT P for FTPS.
o FTP: Allow FEAT before login.
o FTP: Extended AUTH TLS config option.
o FTP: Support ending the TLS control connection with REIN.
o FTP: Added configuration flag to require AUTH TLS.
o FTP: Support AUTH TLS (RFC 4217).
RXML improvements:
o Session tag: Fixed failure to set session cookie
o Add :base64url and :-base64url RXML encoding/decoding.
o <force-session-id/> now supports httponly and secure flags.
o Wizards: Added RoxenWizardId cookie to protect against CSRF.
o <expire-time/>: Set Cache-Control: max-age. [bug 7535]
o Added quite a few predicate functions to sexpr.
o SqlTags: Support queries returning multiple result sets.
o <emit#values>: Use a stable output order.
o <insert#href>: Added support for PUT and DELETE [bug 7179].
o Allow RXML expressions to call basename() and dirname() for faster
path manipulation.
Enjoy!
--
Henrik Grubbström [email protected]
Roxen Internet Software AB
