Appweb Changelog

New in version 4.4.4

February 5th, 2014
  • Fixes:
  • Windows directory traversal [issue 246]
  • Chunk filter for split boundary packets [issue 247]
  • Windows single core systems [issue 248]
  • Cache service initialization of "shared" [issue 249]
  • Linux 2.4 compilation [issue 245]
  • Legacy-mvc application fails to compile because default.esp uses renderFlash with too many args. [issue 251]
  • Fix httpStealConn freeing of connection socket. [issue 252]

New in version 4.4.3 (December 5th, 2013)

  • This version adds a minor fix for flow control in the HTTP pipeline.

New in version 4.4.2 (November 20th, 2013)

  • This is a minor update, fixing ESP database migrations when using SQLite.

New in version 4.4.1 (November 9th, 2013)

  • This minor bugfix release addresses an issue with the location of ESP generator component files.

New in version 4.4.0 (October 4th, 2013)

  • Major Features:
  • Major performance optimizations. [issue 224]
  • Added security defensive counter measures. Added Monitor and Defense directives. [issue 213]
  • Add Angularjs support in ESP. [issue 196]
  • Enhance "esp" generator application to generate application components including Angular applications. [issue 197]
  • Change password hashing algorithm to use Blowfish encryption [issue 198]
  • Minor Features:
  • Update ESP jquery support [issue 179]
  • Update EspApp directive with new syntax. [issue 180]
  • Add ESP src/app.c. This is invoked at Appweb startup. [issue 181]
  • Add lessjs support for ESP. Replace old layout/theme style sheets with a theme.less. [issue 182]
  • Add ESP html5shiv for generated apps [issue 183]
  • Add support for multi-line strings in ESP templates via back-tick. [issue 185]
  • Add StreamInput directive to control request body input streaming or buffering. [issue 199]
  • Add Map directive for transparent content extension mapping. Deprecate Compress directive. [issue 200]
  • Add httpLogout API. [issue 201]
  • Add httpAddAuthStore and HttpAddAuthType APIs to permit overriding the password verification scheme. [issue 202]
  • Add httpAddParamsFromJsonBody API. [issue 203]
  • Enhanced MPR APIs for: mprGetRandomString, mprGetCacheStats, mprCryptPassword, mprMakeSalt, mprAddKeyWithType, mprQueryJsonString, mprQueryJsonValue, stitle, mprGlobPathFiles. [issue 204]
  • Replace Method, PutMethod and TraceMethod directives with AddMethods, RemoveMethods and SetMethods. [issue 208]
  • Add SessionCookie directive to control the visibility of the session cookie. Default now is "httponly". [issue 210]
  • Rename EspShowErrors as ShowErrors to make available to all handlers. [issue 211]
  • Added Stealth directive to control stealth mode. Stealth mode hides the Server header in responses. [issue 212]
  • Added Header directive to define response headers. [issue 215]
  • Used "Header set" to define important security directives to the default appweb.conf. [issue 216]
  • Optimized file upload. [issue 218]
  • Tightened WebSockets compliance. Passing Autobahn test suite. [issue 217]
  • Add palloc APIs for permanent memory allocations [issue 226]
  • Add JSON query API [issue 230]
  • Enhance esp generator to generate applications using different client-side frameworks. [issue 231]
  • Fixes:
  • Fixes for ESP controls. [issue 184]
  • Update ESP tabs to fix tab order [issue 186]
  • Update ESP flash messages - were not clearing. [issue 187]
  • Remove EspLoad directive. Now integrated into EspApp. [issue 188]
  • Remove leading "-" from all ESP CSS classes. [issue 189]
  • Fix HTTP streaming request body input in http core engine. [issue 205]
  • Fix Http sessions. Aggregate all session state data in one object. [issue 206]
  • Make loading SSL provider thread-safe. [issue 207]
  • Make loading SSL provider thread-safe. [issue 207]
  • Fix Socket and SSL return codes when socket is full. [issue 214]
  • Fix Source directive to be relative to route home rather than route documents. [issue 219]
  • Fix for windows when time goes backwards [issue 227]
  • Fix esp recompiling on windows [issue 228]
  • Modify ESP cache module naming to include the appname as an ingredient into the MD5 name. This is necessary to support multiple applications with controllers of the same name. [issue 234]
  • Incompatible Changes:
  • The ESP HTML control generators are deprecated. The recommended approach is to use a client-side framework like Angular for HTML controls.
  • The EspApp directive now has a new format. See the ESP documentation for details. The old format is enabled but deprecated.
  • The ESP flash mechanism now preserves flash messages into the next controller and they are then erased before the view after that. Flash should not be used for feedback into the view.
  • The ESP setFlash() function is now renamed flash().
  • The ESP flash() function is renamed renderFlash(). This is to be consistent with other render methods.
  • The ESP espGetFlashMessage() function is renamed espGetFlash()
  • ESP controller module initialization functions have a new naming convention: esp_controller_APP_NAME instead of esp_module_NAME. This permits multiple applications with controllers of the same name.
  • The ESP src/*.c files must now be named src/app.c
  • ESP cache modules names are different and now include the app name as an ingredient in the MD5 name.
  • The ESP function stylesheet() now generates by default a reference to "static/css/all.css" instead of "layout.css" and "theme/default.css". This is to support the use of Less and SCCS which aggregate style sheets.
  • If a Route directive uses the same pattern as a previously created route, it will open and modify the previous route.
  • The Header directive is renamed RequestHeader. Use SetHeader to set response headers.
  • The Compress directive is present but deprecated. Use "Map compressed" instead. Map is a more generalized facility that embraces compression.
  • The httpHandleOptionsTrace() function is deprecated. The API is present but deprecated.
  • LimitRequestBody does not file upload size. Use LimitUpload to limit file upload size.
  • Changed the field HttpRoute.dir to HttpRoute.documents. This is to avoid confusion with HttpRoute.home.
  • The Appweb default configuration is now secure-by-default. The security sandbox limits are set fairly low and the default responses now include headers to limit cross-site-scripting vulnerabilities. See Security Defaults for more information.
  • The httpAddResourceGroup, httpAddResource, httpAddClientRoute and httpAddRouteSet have changed signatures to accommodate a URI prefix for server-side controller URIs.

New in version 4.3.5 (August 8th, 2013)

  • Minor bugs were fixed, including problems with the MDB in-memory database, and there were performance optimizations for SSL requests.

New in version 4.3.4 (June 26th, 2013)

  • This version adds minor fixes for calculating HTTP session sandbox limits and updated support for jQuery 1.9.

New in version 4.3.3 (April 24th, 2013)

  • Updates to the ESP "C" web framework and ESP application MVC generator.
  • Fixes for SQLite database support and ESP templates. JQuery updated to 1.9.

New in version 4.3.2 (April 13th, 2013)

  • This is a major push with documentation and the addition of 30 stand-alone samples demonstrating the ESP C Language Web framework.