All Versions
13
Latest Version
Avg Release Cycle
110 days
Latest Release
285 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v6.18
May 21, 2020- ๐ Allow OpenSSL session reuse on 2-way SSL
- โก๏ธ Updated certs for OpenSSL tests
- ๐ Fixed OpenSSL error status issue
- โ Added HTTP proxy client example
- Fixed deferencing mg_http_free_proto_data_endpoints
- ๐ Fixed typedef bool for MSC
-
v6.17
February 11, 2020๐ Bug fixes
- ๐ An integer overflow bug in
parse_mqtt(), CVE-2019-19307 - MQTT ping logic improved
- Leak fix for invalid CA
- ๐ Make SSL and non-SSL build binary compatible
- ๐ Make 30x replies keep opened HTTP/1.1 connection
- ๐ An integer overflow bug in
-
v6.16
September 30, 2019๐ Bug fixes
- A bug in
mg_http_parse()is fixed. Associated fuzzer test added.
- A bug in
-
v6.15
June 13, 2019๐ Bug fixes
- ๐ A critical MQTT heap-based overflow in
parse_mqtt()fixed - credit goes to Yakun Zhang and Zheng Huang of Baidu Security Labs for discovering and reporting the issue - ๐
mg_resolve2()incorrect memory init fixed - Fixed locking in
lwip_net_if - Fixed callback invocation in
mg_net_if_lwip
๐ Features
- Added new platform rs14100, a multi-protocol wireless chip from Redpine Signals
- Deliver EV_CLOSE to the last endpoint handler
- Allow NULL handler for mg_bind and mg_connect
- ๐ A critical MQTT heap-based overflow in
-
v6.14
March 04, 2019API changes
- Added
MG_MK_STR_N(),mg_str_starts_with(),mg_strfree() - Added
mbuf_clear(),mbuf_append_and_free(),mbuf_move() - โ Added ability for multipart data handler to provide pushback
- Made
MG_CTL_MSG_MESSAGE_SIZEoverridable
๐ Bug fixes
- ๐ Fixed digest auth result comparison
- ๐ Read all available data during recv poll
- ๐ Ensure that user sees all the data before connection is closed
- Check for NULL in
tcp_recved_tcpip() - Send extra options with OPTIONS
- ๐ Properly support MQTT wildcards when matching topics
- ๐ Fix handling of WS handshake error response
Other changes
- ๐ฒ Log file:line instead of function; add cs_log_set_file_level()
- Added
-
v6.13
October 08, 2018- When processing chunked response, make sure chunk size is reasonable
- ๐ Open uploaded file in binary mode (Windows)
- โป๏ธ Refactored polling, cleaned up net_if interface somewhat
- LwIP: Trim recv_mbuf when we know the size of the data
- ๐ Fix unused variable warnings when build w/o logging
- Added net_if_null
- โก๏ธ Minor doc updates
-
v6.12
August 13, 2018๐ Security fix
๐ This release fixes a security issue, reported at https://www.cvedetails.com/cve/CVE-2018-10945/
๐ ( Fix body length calculation in
mg_handle_cgi)๐ Change List:
Add
mg_url_encode_opt()- a parametrized version ofmg_url_encode()Add
MG_HIDE_SERVER_INFOmg_file_upload_handler: Support multiple files
โ Add host name verification for OpenSSL
โ Add
mg_strstrip: trims whitespace at both ends of a string๐ Fix http pipelining
๐ Fix buffer size passed to inet_ntop()
๐ Fix an edge case in multipart HTTP upload parsing
Fix
mg_http_parse_header(treat;as a delimiter)mg_lwip: Fix race during clean connection teardown
Fix a bug in mg_mgr_init_opt with opts.num_ifaces
Fix build with
CS_ENABLE_STDIO=0๐ Fix warnings on newer versions of GCC
๐ Fix body length calculation in
mg_handle_cgiDon't touch send_mbuf when sending MQTT messages
-
v6.11
February 08, 2018- ๐ Fix socket leak when there are too many open file descriptors
- ๐ Fix publish-subscribe example
- ๐ Fix mg_parse_multipart in case of malformed request
- Websocket: Respond to Ping with Pong
- Websocket: Properly close a connection with Close frame (in response to a client's close and when protocol failure is detected)
- ๐ Websocket: Fix support of fragmented messages
- ๐ Websocket: Add support for control frames interjected in the middle of a fragmented message
- Digest authentication: Fix nonce validity check (expired nonce or nonce from the future did not cause the the check to fail)
- Digest authentication: Fix nonce request value; it worked before because nonce validity check was broken as well
- Digest authentication: Add
nonceargument tomg_http_create_digest_auth_header(): clients should use the value received from the server's authentication request. - Fail if passed a NULL handler to
mg_bindormg_bind_opt. - โ Publish sources and tests
- โ Remove tunneling functionality which was used by nobody
- โ Add UDP client example
- Don't use user_data in mqtt server
- Deprecate
mg_http_parse_header()and implementmg_http_parse_header2()instead, which allocates a new buffer if the client-provided one is not large enough (similarly toasprintf). - ๐ Fix limitations of header value lengths, e.g. when parsing authentication headers such as nonce, etc.
-
v6.10
October 31, 2017API changes
- ๐ SOCKS5 client and server support
- Timer value is no longer cleared after
MG_EV_TIMERevent if it was not changed. User's handler must set it to 0 explicitly to avoid repeated invocation.
๐ FIxes
- SSL/TLS listener fix for TI SimpleLink networking interface
- ๐ง Double-counting of recved bytes in LWIP interface caused issues
- ๐ MQTT SUBSCRIBE command parsing in the broker code could cause crashes
- ๐ FIxed CGI script connection lifetime management
-
v6.9
September 13, 2017API changes:
MG_ENABLE_CALLBACK_USERDATA- if set, changes signature of event handler function to include user_data argument. Disabled by default for now, in the future this will become the default.mg_set_nameserver()- specify DNS server to usemg_assemble_uri()- assemble a URI from partsmg_connect_ws()now acceptshttp://URLs
๐ Bug fixes:
- ๐ Fix parsing of MQTT QoS > 0 PUBLISH messages
- ๐ Fix MQTT PUB{ACK,REC,REL,COMP} and UNSUBACK flags
- Properly shut down the SSL connection (send "close notify" TLS message)
- Fix
mg_get_http_var()return value - ๐ Fix MQTT handshake; change client protocol to version 3.1.1
- ๐ Fix Handling of multiple MQTT messages per RECV event
- Update to make lwip_net_if thread-safe
- ๐ Use DhcpNameServer on Windows
- ๐ Fix MQTT message parsing issues
- ๐ Fix DNS name uncompression that could lead to infinite loop
- ๐ Fix WS frame reassembly issues