Changes in Caudium 1.5.1 since Caudium 1.4.1
- Decoded queries with empty variables should now use properly decoded
names for those variables.
- Fix bugs in cimg, business_graphics, auth_sqluserdb identified when
running under Pike 8.0
- Fix prestate bug in 123sessions
- SMF (illumos/Solaris) support
- MD5 passwords verify correctly using auth_sqldb
- Caudium works with Pike 8.0
- SSL should play more nicely with streaming responses whose data isn't
immediately available (such as CGI).
- Added some "new" content types.
- Un-harcoded cookie expiration time.
(Closes Google issue #11)
- Impliment an additional ABS check that should catch blocked servers
while running in threaded mode that traditional ABS would not detect.
- Better handling of AJP containers that don't keep track of POST data
they've already received, as well as better indications of situations
where a POST size limitation has occurred.
- Fix a bug that causes Request_Id->site_id to not be updated when using
ip-less virtual hosting. Should fix odd behavior problems when using
try_get_file(), such as <insert file> and many other situations.
- Removed a number of unsupported modules:
- Response generation and sending for HTTP and SSL protocols have been
consolidated, resulting in (hopefully) much more consistent results
- Add support for not URL encoding requests when using AJP. This should
allow AJP to work better for containers that expec this (newer
Tomcats, flup on Python, etc)
- Add checks to prevent a user from deleting the Configuration Interface
virtual server (a config named "ConfigurationInterface") from within
- Fixes for running Caudium using Pike 7.8
- Added --dtruss support (MacOS X 10.5)
- Fixed a bug in gtext that would try to parse the empty tag (<>) if list of
tags to get colors from was left empty in the CIF. This used to break
(Closes Google issue #4)
(Bertrand LUPART and Bill Welliver)
- Make the watchdog more verbose in case it has to kick in in GET mode.
- CIF documentation about module priorities made more clear.
Reversed order of the select list: highest priority now on top.
(Bertrand LUPART and Benjamin GANDON)
- Caudium now display the error code and message when it can't talk to the
- Caudium RC script now display Caudium startup error if any and just tell if
- Redirects from 123session module should mangle the original URL less
when browsing without cookies.
(Bill Welliver with Dave Walton)
- Caudium modules now use pike -x module for building.
- Caudium.HTTP.set_cookie() added for setting a cookie to the browser.
<set_cookie> now use it.
- Caudium.sexpr_eval("10 + 1") and Caudium.sexpr_eval("1+1") now produce the
(Closes Google issue #2)
- install app should get proper executable permissions
- install app starts caudium in --once mode, which is more friendly if
there's a problem starting up.
- configvar is no more (script is in bin but is non-working)
- Proxies: Relay module (relay2.pike) now passes X-Forwarded-For
header to destination.
- Added new upgrade support system. Allows multiple installation or
virtual server upgrade tasks to be performed per version.
- Fixed encoding generated by _Caudium.*_encode_mapping() and
- Fixed _Caudium.http_encode_url test (we were testing behavior that wasn't
documented and may be undesirable)
- Only consider specified pike when using --with-pike rather than also
checking a list of possible pike locations.
(Bill Welliver and Martin Baehr)
- Added --with-any-pike-version to disable standard version compatibility
(Bill Welliver and Martin Baehr)
- file_stat() is now just standard Pike (returns Stdio.Stat object)
rather than an array.
- Xenofarm builds can be modified using:
CONFIGURE_ARGS (already present)
MAKE_ARGS (just added)
These arguments can be passed on the action line in your xenofarm
project cfg file.
- Data returned from a scope entity will be cast to a string, allowing
potentially mixed datasets to be returned for use by emit and friends.
- New demo certificate with extended expiration date.
- Fixed some rimage plugins with wrong Colors.parse_color() calls.
- Fixed a bug in rimage.pike than prevented plugins to be loaded.
Available modules and currently loaded modules are now shown in module status.
- Avoid a backtrace when <cimg> is called without src atrribute.
- Using <insert file="foo.php"> and setting up Uniscript to parse RXML in PHP's
result won't freeze your server anymore.
This feature should be still discussed.
- PATH_INFO how allows to pass variables into URL like:
Those are stored into id->misc->path_info_variables and
- Added CAUDIUM_SITE_ID environment variables for being able to get it
from external scripts.
- Added RequestID()->get_canonical_url(), which should be used
by any code attempting to determine the "official" url of the
current virtual server.
- Fix for using domain cookies with 123session and ports that are non-
standard (ie other than 80 and 443).
- Fix XML encoding of strings in _Caudium.xml_encode_mapping and friends.
(Bill Welliver with Bertrand LUPART)
- Add missing characters to HTML encoding list.
(Bill Welliver with Bertrand LUPART)
- Fix CGI processing for POSTs when running under Shuffler.
- Testing out a new cache expiration technique that doesn't involve
large amounts of I/O. This should reduce occurances of runaway
cache expiration as well as file descriptor shortages.
- Error Log tab now only stores the most recent 250 items. This should
prevent a source of constantly growing memory usage.
- New option --with-pike-module in start-caudium allows to specify some more
Pike modules to load at start time.
- Added randomization to cache and storage jobs to prevent surges.
- We now store cache item sizes, which should reduce fd usage and
improve startup times.
- Removed a double read on cache items, which should improve performance.
- Cache tuning to prevent runaway cache expiration.
- Default maximum POST size is now 5MB for new virtual servers.
- An error 413 is returned for requests crossing the maximum POST size,
even though it may be interpreted as a "premature close".
- Config interface variables pertaining to cache storage engine now use
SQL instead of MySQL.
- Storage.Methods.MySQL is now Storage.Methods.SQL in honor of its newly
found cross-databasiness, which includes support for SQLite.
- User listing toggle in User Filesystem works more properly.
- Fixes for authentication providers that don't support user listings
- Added a "null" slow storage backend for cache.
- Fix color selector for wizards.
- Make running with Shuffler the default.
- Rework the module add page to make it load faster and look better.
- Reverting to Pike language prestate parser; disable use of "internal"
- CIF pages using the wizard form now sport a unique identifier in the request
so that the page is still up to date, even with browsers that caches a lot.
- The CIF can now show if the server is running with Shuffler or nbio.
- Fixed a bug where empty variables passed in the URL would totally mess up the
other variables and empty variables in the request id object.
- Client certificate request support added. We can specify a set of issuers
and a root authority chain. We still need a module to equate the client
certificate with a user.
- Multi-User aware configuration interface.
User authentication is handled by the standard Caudium authentication
system using authentication providers configured in the "Configuration
Interface" virtual server. A new authentication provider is available,
called "Authentication Provider: Configuration Interface" that knows
about 1 user. A user configured using this provider will be a "superuser",
with rights to do anything in the server. More than 1 superuser can be
defined by adding additional "Authentication Provider: Configuration
Interface" modules to the Configuration Interface virtual server.
You can also set up other auth providers that provide non-superusers
(users whose user info mapping has no "superuser" element. These users
can access the configuration interface in read-only mode, and can only
access those configurations which they have been granted access using
Configuration->yourVirtualServer->Server Variables->Admin Users.
Non-superusers do NOT have permission to change anything in their
virtual server's "Server Variables" section. This is to prevent folks
from fiddling with ports and so on.
Functions reserved for superusers:
restart, shutdown, delete virtual server, new virtual server, changing
global variables and virtual server "server variables".
config interface actions need to be made "multi-user" aware by checking for:
id->misc->read_only (a non-super user acting on a server config node)
id->misc->cif_superuser (a superuser who should be able to do anything)
Things that need to be done:
1. provide an upgrade mechanism
2. perhaps allow groups to be specified in a given configuration
3. protect any necessary cif actions (wizards)
4. ponder the situation surrounding "save" (ie, it's a global save in the CIF)
- Configuration Interface is now a regular virtual server.
- Added PAM Authentication provider; requires System.PAM module.
- Requests on the same 1st level virtual host can now be splitted into
different logfiles given the virtual host domain used in the HTTP request.
(Bertrand LUPART / Olivier CHENEL)
- <scut cut_on_whites="1"></scut> ask scut to only cut on whitespaces. The
goal is not to cut words.
The module can be configured to do this by default in the CIF.
Not enabled by default for backward compatibility.
- <scut htmlencode="1"></scut> won't encode string in HTML. Volontary not
documented on the user side, since that's not percieved as a good practice.
See scut.pike source code for enabling this.
- Fix to destroy file objects after the request is sent when using shuffler.
This should fix a problem with running out of file descriptors. Also, a
patch was applied to Pike 7.6 CVS to fix a crash caused by using shuffler.
- <cimg> now append the original image filename to the internal path, so that
the webcrawlers can still index a <cimg> processed image.
- The CIF can now show the system limits set for Caudium.
See http://bertrand.gotpike.org/space/start/2006-02-27/1 for more
- Fixed cgi when USE_SHUFFLER is used.
- Added quiet option to EMIT SQL, so that sql backtraces don't get
sent to the browser.
- Added quoting capabilities to EMIT, so that you can do &foo.bar:mysql;
to get your entity replacements properly quoted.
- 123sessions: added force_include_urls to be able to specify urls you
wish to trigger a redirect to include the session identifier. if left
empty, normal behavior is used. this augments include_urls and exclude
urls, which are used to specify url subtrees where session processing
is either performed or not performed.
- Fixed a few leaks in Caudium.make_tag_attributes() and encode_mapping()
and optimized them a bit, which should plug a fast growing leak when
- Added --with-shuffler and --shuffler options for running with
- Fixed a bug where some CGI/uniscript pages where not fully displayed to the
client. See http://bertrand.gotpike.org/space/start/2006-02-15/1 for more
- Fixed a Virtual Host Matcher bug where the port number was not properly
identified from the hostname.
- Fixed some Caudium.nbio code that where still used in socket.pike
- Properly decode UTF-8 requests that have been HTTP encoded.
- Fix for the 2GB file limit in Caudium.nbio, which should allow
big files to be transmitted now.
- Fix in protocols/http that inadvertantly caused modules using
HTTP.pipe_in_progress() to drop the connection with the client.
In particular, this should fix problems in proxy modules,
but other modules may see an impact as well.
- Streaming mode now works in HTTP Relay Module.
- Added support for Bonjour Advertisement of virtual servers.
Available under Virtual Server Global Variables. Uses either
the virtual server config name, or the "virtual server name"
setting under Global Variables (click on "More Options to
show this option.) Available when Pike is compiled with
DNS_SD support, available on MacOSX/Darwin and systems with
- Added new showcolumns argument for <sqltable> (Caudium bug id #19, patch
- Fixed errors in russian translations (Caudium bug id #18)
- Fixed _Caudium C module to compile with a non threaded Pike.
(Xavier Beaudouin / Michel Luczak)
- FastCGI module automatically kills any FastCGIs it created when
the module stops. This should eliminate "stranded" FCGIs.
- Fixes for <user> tag when working with new authentication system.
- Group functionality can be disabled in SQL Authentication Provider
- Added vhs_syslogger module to log using Syslog to local or distant host
- Fixed bug #17 (ultralog not working on 1.5)
- Fixed syslog to work as it is advertized on CIF
- Fixed emit->maxrows and emit->skiprows
- Added emit->sort_function and emit->sort_key to sort query results
Example usage: sort_function="Array.oid_sort_func" sort_key="version"
where sort_function is the name of a function compatible with
Array.sort_array, and sort_key is the name of a field in the resultset
to sort by.
- Backported VHS SQLogger from 1.2. Same warnings as for 1.4 branch....
- Fixed bug #11
- Because of changes in Pike 7.6.24+ that have been not compatible with
it self, we requires now 7.6.24 now.
- Fix installation script that has been stop to work with pike 7.6.24+
- Add Index redirect files option that allow people that use L7 load balancers
to redirect to files that have been specified instead of listing the
- Fix error on vhs_dirparser when there is no files on directory and that
option "show dot files" is set to no
- The watchdog now really take care of the port configuration for each virtual
server instead of guessing it from the server URI. As a consequence, the
watchdog can now check multiple HTTP ports for a virtual server.
Checks are made on the protocol used as well as on the binded interface
before adding a new virtual server/port to the watch list.
This fixes a bug where the watchdog would restart Caudium ever and ever on a
fresh install until some virtual server binds to the port 80.
- Fixed a watchdog backtrace on fresh install when there are no virtual server
set up in the CIF, yet.
- Starting Caudium with --gdb now turns the watchdog off.
- Some work on accessed-sql:
- now 2nd level virtual hosting safe
- fix for a first loading bug that required to restart Caudium
- now possible to use <counter add="0"> for not incrementing the counter
- _Caudium.getip() call to get interfaces names and ips for *BSD flavors.
- <if> no longer evaluates true if using the "element is value" syntax and the
element is not present.
- Fixed a backtrace during load of the WebApp module.
- Watchdog debug can be enabled using --watchdog-debug
- If set using HTTP GET, the watchdog can now be set up either to check every
1st level virtual server or either only the first one.
- The watchdog can now check virtual servers using HTTP GET
- The id->variables isn't set as before regarding variables with emtpy values,
this broke the screen for adding a new virtual server.
- Watchdog PID check can now be disabled with --without-watchdog-pidcheck
It is disabled by default on Linuxes < 2.6, since their threads
implementations assigned different PIDs for each thread.
- Fixed backtrace when using <accessed since> or <accessed help> when accessed
was handled by accessed-sql or accessed-memory.
- Not using strftime on solaris as it does not support the POSIX %z flag
which rendered Caudium.cern_http_date() unusable.
- The id->variables wasn't set as before regarding empty values, this broke
some applications and most notably lead to internal server error when
reseting a variable in the configuration interface.
- Comparing of empty strings didn't work in RXML so this lead to wrong
- Fix for the RXML parsers sending the wrong content-type header when parsing
a non-html document.
- Pikegraphy now likes filenames with spaces.
- Watchdog should now work with servers that change uid.
- Stopping/restarting of server should work properly now, especially for servers that change uid.
- Fix a backtrace in Config-Action openports when there is no lsof located
on the hosted machine.
- Fixed loading of Crypto related Configuration Actions in CIF.
- Fixed a segfault in Caudium C module when broken variable assignments
in the query part of the url are parsed (eg ?foo=too&hop=&gazon=zz - hop=
is the invalid syntax), SF bug #1028622