Changelog History
Page 1
-
v6.18 Changes
May 21, 2020- ๐ Allow OpenSSL session reuse on 2-way SSL
- โก๏ธ Updated certs for OpenSSL tests
- ๐ Fixed OpenSSL error status issue
- โ Added HTTP proxy client example
- Fixed deferencing mg_http_free_proto_data_endpoints
- ๐ Fixed typedef bool for MSC
-
v6.17 Changes
February 11, 2020๐ Bug fixes
- ๐ An integer overflow bug in
parse_mqtt()
, CVE-2019-19307 - MQTT ping logic improved
- Leak fix for invalid CA
- ๐ Make SSL and non-SSL build binary compatible
- ๐ Make 30x replies keep opened HTTP/1.1 connection
- ๐ An integer overflow bug in
-
v6.16 Changes
September 30, 2019๐ Bug fixes
- A bug in
mg_http_parse()
is fixed. Associated fuzzer test added.
- A bug in
-
v6.15 Changes
June 13, 2019๐ Bug fixes
- ๐ A critical MQTT heap-based overflow in
parse_mqtt()
fixed - credit goes to Yakun Zhang and Zheng Huang of Baidu Security Labs for discovering and reporting the issue - ๐
mg_resolve2()
incorrect memory init fixed - Fixed locking in
lwip_net_if
- Fixed callback invocation in
mg_net_if_lwip
๐ Features
- Added new platform rs14100, a multi-protocol wireless chip from Redpine Signals
- Deliver EV_CLOSE to the last endpoint handler
- Allow NULL handler for mg_bind and mg_connect
- ๐ A critical MQTT heap-based overflow in
-
v6.14 Changes
March 04, 2019API changes
- Added
MG_MK_STR_N()
,mg_str_starts_with()
,mg_strfree()
- Added
mbuf_clear()
,mbuf_append_and_free()
,mbuf_move()
- โ Added ability for multipart data handler to provide pushback
- Made
MG_CTL_MSG_MESSAGE_SIZE
overridable
๐ Bug fixes
- ๐ Fixed digest auth result comparison
- ๐ Read all available data during recv poll
- ๐ Ensure that user sees all the data before connection is closed
- Check for NULL in
tcp_recved_tcpip()
- Send extra options with OPTIONS
- ๐ Properly support MQTT wildcards when matching topics
- ๐ Fix handling of WS handshake error response
Other changes
- ๐ฒ Log file:line instead of function; add cs_log_set_file_level()
- Added
-
v6.13 Changes
October 08, 2018- When processing chunked response, make sure chunk size is reasonable
- ๐ Open uploaded file in binary mode (Windows)
- ๐จ Refactored polling, cleaned up net_if interface somewhat
- LwIP: Trim recv_mbuf when we know the size of the data
- ๐ Fix unused variable warnings when build w/o logging
- Added net_if_null
- โก๏ธ Minor doc updates
-
v6.12 Changes
August 13, 2018๐ Security fix
๐ This release fixes a security issue, reported at https://www.cvedetails.com/cve/CVE-2018-10945/
๐ ( Fix body length calculation in
mg_handle_cgi
)๐ Change List:
Add
mg_url_encode_opt()
- a parametrized version ofmg_url_encode()
Add
MG_HIDE_SERVER_INFO
mg_file_upload_handler: Support multiple files
โ Add host name verification for OpenSSL
โ Add
mg_strstrip
: trims whitespace at both ends of a string๐ Fix http pipelining
๐ Fix buffer size passed to inet_ntop()
๐ Fix an edge case in multipart HTTP upload parsing
Fix
mg_http_parse_header
(treat;
as a delimiter)mg_lwip: Fix race during clean connection teardown
Fix a bug in mg_mgr_init_opt with opts.num_ifaces
Fix build with
CS_ENABLE_STDIO=0
๐ Fix warnings on newer versions of GCC
๐ Fix body length calculation in
mg_handle_cgi
Don't touch send_mbuf when sending MQTT messages
-
v6.11 Changes
February 08, 2018- ๐ Fix socket leak when there are too many open file descriptors
- ๐ Fix publish-subscribe example
- ๐ Fix mg_parse_multipart in case of malformed request
- Websocket: Respond to Ping with Pong
- Websocket: Properly close a connection with Close frame (in response to a client's close and when protocol failure is detected)
- ๐ Websocket: Fix support of fragmented messages
- ๐ Websocket: Add support for control frames interjected in the middle of a fragmented message
- Digest authentication: Fix nonce validity check (expired nonce or nonce from the future did not cause the the check to fail)
- Digest authentication: Fix nonce request value; it worked before because nonce validity check was broken as well
- Digest authentication: Add
nonce
argument tomg_http_create_digest_auth_header()
: clients should use the value received from the server's authentication request. - Fail if passed a NULL handler to
mg_bind
ormg_bind_opt
. - โ Publish sources and tests
- โ Remove tunneling functionality which was used by nobody
- โ Add UDP client example
- Don't use user_data in mqtt server
- Deprecate
mg_http_parse_header()
and implementmg_http_parse_header2()
instead, which allocates a new buffer if the client-provided one is not large enough (similarly toasprintf
). - ๐ Fix limitations of header value lengths, e.g. when parsing authentication headers such as nonce, etc.
-
v6.10 Changes
October 31, 2017API changes
- ๐ SOCKS5 client and server support
- Timer value is no longer cleared after
MG_EV_TIMER
event if it was not changed. User's handler must set it to 0 explicitly to avoid repeated invocation.
๐ FIxes
- SSL/TLS listener fix for TI SimpleLink networking interface
- ๐ง Double-counting of recved bytes in LWIP interface caused issues
- ๐ MQTT SUBSCRIBE command parsing in the broker code could cause crashes
- ๐ FIxed CGI script connection lifetime management
-
v6.9 Changes
September 13, 2017API changes:
MG_ENABLE_CALLBACK_USERDATA
- if set, changes signature of event handler function to include user_data argument. Disabled by default for now, in the future this will become the default.mg_set_nameserver()
- specify DNS server to usemg_assemble_uri()
- assemble a URI from partsmg_connect_ws()
now acceptshttp://
URLs
๐ Bug fixes:
- ๐ Fix parsing of MQTT QoS > 0 PUBLISH messages
- ๐ Fix MQTT PUB{ACK,REC,REL,COMP} and UNSUBACK flags
- Properly shut down the SSL connection (send "close notify" TLS message)
- Fix
mg_get_http_var()
return value - ๐ Fix MQTT handshake; change client protocol to version 3.1.1
- ๐ Fix Handling of multiple MQTT messages per RECV event
- Update to make lwip_net_if thread-safe
- ๐ Use DhcpNameServer on Windows
- ๐ Fix MQTT message parsing issues
- ๐ Fix DNS name uncompression that could lead to infinite loop
- ๐ Fix WS frame reassembly issues