April 24th, 2013· FileHashes option added.
· PolarSSL updated to version 1.2.7. Enabled ciphersuite selection based on protocol version.
· Enabled accf_http support for FreeBSD. Thanks to Martin Tournoij.
· Better handling of previous installed configuration files under MacOS X. Thanks to Sander Niemeijer.
· ImageReferer option removed.
· Bugfix: incorrect BanOnFlooding behavior.
· Small improvements.
March 29th, 2013· Clients handled via thread pool instead of creating threads on the fly.
· ThreadPoolSize option added.
· Header option added to URL Toolkit.
· Improved client SSL certificate handling. Environment variables renamed.
· PolarSSL updated to version 1.2.6.
· Improved Reverse Proxy caching support for requests with URL parameters.
· CacheMinFilesize option removed.
· DenyBot option removed. Use UrlToolkit's Header option instead.
· OldBrowser option removed from URL Toolkit. Use Header option instead.
· Improved UrlToolkit rule testing in wigwam.
· Small bugfixes and improvements.
February 21st, 2013· Caching for Reverse Proxy. CacheRProxyExtensions option added.
· Basic HTTP authentication now supports the glibc2 version of crypt().
· Hostname in ImageReferer can now contain a wildcard.
· DenyBody matching is now case insensitive.
· PolarSSL updated to version 1.2.5.
· Small improvements.
January 10th, 2013· Support for HTTP Strict Transport Security (RFC 6797). Integrated in RequireSSL option.
· DHsize option added.
· PolarSSL updated to version 1.2.3.
· CloudFlare headers placed in environment variables.
· Removed php-fcgi.
· Small improvements.
· Bugfix: slow page loading via Reverse Proxy.
November 5th, 2012· PolarSSL updated to version 1.2. Added support for TLS 1.2 and secure renegotiation.
· Added support for Server Name Indication.
· MinSSLversion option added.
· ServerRoot option removed.
· Improved MacOS X package building script.
· Marked php-fcgi as deprecated. Use php-fpm instead.
· Small bugfixes and improvements.
September 14th, 2012· Improved Reverse Proxy.
· Changed error message style.
· Renamed Command Channel to Tomahawk.
· Return 403 instead of 401 upon correct password for HTTP authentication but user not in right group.
· Small improvements.
· Bugfix: replaced select() with poll() to prevent crashes in case of large amount of simultaneous connections. Thanks to Peter Bex.
June 9th, 2012· MaxServerLoad option added.
· Bugfix: invalid reverse proxy request when URL parameters are present.
· PolarSSL updated to version 1.1.4.
· Small bugfixes and improvements.
May 3rd, 2012· WebDAVapp option added. Enables support for WebDAV applications like ownCloud (http://owncloud.org/).
· Removed support for the OPTIONS method.
· AllowDotFiles option added.
· Global forks setting in php-fcgi.conf moved to Server setting.
· Small bugfixes and improvements.
February 27th, 2012· BanOnInvalidURL option added.
· PolarSSL updated to version 1.1.1.
· Small improvements in Windows packaging script.
· Bugfix: paths missing in default values and examples in manual pages.
January 30th, 2012· Replaced Autoconf with CMake. Many thanks to Sander Niemeijer.
· Replaced OpenSSL with PolarSSL. Many thanks to Paul Bakker.
· AllowedCiphers and DHparameters options removed.
· Added IE7 to UrlToolkit's OldBrowser list, removed IE5.
· MaxUrlLength option added, can return 414 Request-URI Too Long.
· Changed default value of TriggerOnCGIstatus to 'no'.
· Equalized format of logfiles.
· Extra checks added to php-fcgi.
· Small improvements.
January 5th, 2012· Improved SQL injection detection.
· Bugfix: memory leak in PreventSQLi routine.
· Bugfix: potential server freeze with 100% CPU in CGI output caching.
November 1st, 2011· Control CGI output cache via X-Hiawatha-Cache and X-Hiawatha-Cache-Remove CGI headers. See the CGI OUTPUT CACHE section in the manual page.
· BanOnWrongPassword now also triggers on wrong username.
· Small improvements.
· Bugfix: timeout issue with large POST requests on SSL connections.
October 6th, 2011· First parameter of Alias can now contain subdirectories.
· Improved stability for connections with SSL client authentication.
· Bugfix: BanOnFlooding was broken.
May 31st, 2011· This version contains small bugfixes and improvements.
November 9th, 2010· This version contains two important bugfixes, one related to HideProxy and a memory leak in the XSLT module.
· There are no new features.
September 7th, 2009· This release contains a fix for a bug in 6.17, which can lead to a crash.
August 31st, 2009· This version allows you to change the layout of a directory index via XSLT.
July 27th, 2009· This release contains several bugfixes, so it's definitely worth the update. The main Hiawatha configuration file called httpd.conf has been renamed to hiawatha.conf. With that step, the last resemblance with the webserver-that-must-not-be-named is gone.
June 4th, 2009· Platform independent read-timeout handlers.
· RequiredCA option added.
· UseSSL option removed, ServerKey option renamed to UseSSL and made available only in Binding section.
· Small bugfixes and improvements.
· Bugfix: fork-mutex issue when executing CGI.
May 7th, 2009· LSB style header added to init script.
· SSL initialization improved for cross compiling.
· Change in signal handling (HUP and USR2 signal).
· Small bugfixes and improvements.
· Bugfix: incorrect MD5 hashing on 64bit machines.
March 30th, 2009· This is only a bugfix release.
December 29th, 2008· Minor bugfixes.
October 30th, 2008· CSRF prevention and a Mac OS X preference pane have been added
September 25th, 2008· Small bugfixes and improvements.
· A tool to run Hiawatha as a service under Windows.
Find us on Google+
