Changelog History
Page 1
-
v6.18 Changes
May 21, 2020- 👍 Allow OpenSSL session reuse on 2-way SSL
- ⚡️ Updated certs for OpenSSL tests
- 🛠 Fixed OpenSSL error status issue
- ➕ Added HTTP proxy client example
- Fixed deferencing mg_http_free_proto_data_endpoints
- 🛠 Fixed typedef bool for MSC
-
v6.17 Changes
February 11, 2020🐛 Bug fixes
- 📜 An integer overflow bug in
parse_mqtt()
, CVE-2019-19307 - MQTT ping logic improved
- Leak fix for invalid CA
- 🏗 Make SSL and non-SSL build binary compatible
- 👉 Make 30x replies keep opened HTTP/1.1 connection
- 📜 An integer overflow bug in
-
v6.16 Changes
September 30, 2019🐛 Bug fixes
- A bug in
mg_http_parse()
is fixed. Associated fuzzer test added.
- A bug in
-
v6.15 Changes
June 13, 2019🐛 Bug fixes
- 🚑 A critical MQTT heap-based overflow in
parse_mqtt()
fixed - credit goes to Yakun Zhang and Zheng Huang of Baidu Security Labs for discovering and reporting the issue - 🛠
mg_resolve2()
incorrect memory init fixed - Fixed locking in
lwip_net_if
- Fixed callback invocation in
mg_net_if_lwip
🔋 Features
- Added new platform rs14100, a multi-protocol wireless chip from Redpine Signals
- Deliver EV_CLOSE to the last endpoint handler
- Allow NULL handler for mg_bind and mg_connect
- 🚑 A critical MQTT heap-based overflow in
-
v6.14 Changes
March 04, 2019API changes
- Added
MG_MK_STR_N()
,mg_str_starts_with()
,mg_strfree()
- Added
mbuf_clear()
,mbuf_append_and_free()
,mbuf_move()
- ➕ Added ability for multipart data handler to provide pushback
- Made
MG_CTL_MSG_MESSAGE_SIZE
overridable
🐛 Bug fixes
- 🛠 Fixed digest auth result comparison
- 📊 Read all available data during recv poll
- 👀 Ensure that user sees all the data before connection is closed
- Check for NULL in
tcp_recved_tcpip()
- Send extra options with OPTIONS
- 👍 Properly support MQTT wildcards when matching topics
- 🛠 Fix handling of WS handshake error response
Other changes
- 🌲 Log file:line instead of function; add cs_log_set_file_level()
- Added
-
v6.13 Changes
October 08, 2018- When processing chunked response, make sure chunk size is reasonable
- 🏁 Open uploaded file in binary mode (Windows)
- 🔨 Refactored polling, cleaned up net_if interface somewhat
- LwIP: Trim recv_mbuf when we know the size of the data
- 🛠 Fix unused variable warnings when build w/o logging
- Added net_if_null
- ⚡️ Minor doc updates
-
v6.12 Changes
August 13, 2018🔒 Security fix
🚀 This release fixes a security issue, reported at https://www.cvedetails.com/cve/CVE-2018-10945/
🖐 ( Fix body length calculation in
mg_handle_cgi
)🔄 Change List:
Add
mg_url_encode_opt()
- a parametrized version ofmg_url_encode()
Add
MG_HIDE_SERVER_INFO
mg_file_upload_handler: Support multiple files
➕ Add host name verification for OpenSSL
➕ Add
mg_strstrip
: trims whitespace at both ends of a string🛠 Fix http pipelining
🛠 Fix buffer size passed to inet_ntop()
🛠 Fix an edge case in multipart HTTP upload parsing
Fix
mg_http_parse_header
(treat;
as a delimiter)mg_lwip: Fix race during clean connection teardown
Fix a bug in mg_mgr_init_opt with opts.num_ifaces
Fix build with
CS_ENABLE_STDIO=0
🛠 Fix warnings on newer versions of GCC
🖐 Fix body length calculation in
mg_handle_cgi
Don't touch send_mbuf when sending MQTT messages
-
v6.11 Changes
February 08, 2018- 🛠 Fix socket leak when there are too many open file descriptors
- 🛠 Fix publish-subscribe example
- 📜 Fix mg_parse_multipart in case of malformed request
- Websocket: Respond to Ping with Pong
- Websocket: Properly close a connection with Close frame (in response to a client's close and when protocol failure is detected)
- 👍 Websocket: Fix support of fragmented messages
- 👍 Websocket: Add support for control frames interjected in the middle of a fragmented message
- Digest authentication: Fix nonce validity check (expired nonce or nonce from the future did not cause the the check to fail)
- Digest authentication: Fix nonce request value; it worked before because nonce validity check was broken as well
- Digest authentication: Add
nonce
argument tomg_http_create_digest_auth_header()
: clients should use the value received from the server's authentication request. - Fail if passed a NULL handler to
mg_bind
ormg_bind_opt
. - ✅ Publish sources and tests
- ✂ Remove tunneling functionality which was used by nobody
- ➕ Add UDP client example
- Don't use user_data in mqtt server
- Deprecate
mg_http_parse_header()
and implementmg_http_parse_header2()
instead, which allocates a new buffer if the client-provided one is not large enough (similarly toasprintf
). - 🛠 Fix limitations of header value lengths, e.g. when parsing authentication headers such as nonce, etc.
-
v6.10 Changes
October 31, 2017API changes
- 👍 SOCKS5 client and server support
- Timer value is no longer cleared after
MG_EV_TIMER
event if it was not changed. User's handler must set it to 0 explicitly to avoid repeated invocation.
🛠 FIxes
- SSL/TLS listener fix for TI SimpleLink networking interface
- 🚧 Double-counting of recved bytes in LWIP interface caused issues
- 📜 MQTT SUBSCRIBE command parsing in the broker code could cause crashes
- 🛠 FIxed CGI script connection lifetime management
-
v6.9 Changes
September 13, 2017API changes:
MG_ENABLE_CALLBACK_USERDATA
- if set, changes signature of event handler function to include user_data argument. Disabled by default for now, in the future this will become the default.mg_set_nameserver()
- specify DNS server to usemg_assemble_uri()
- assemble a URI from partsmg_connect_ws()
now acceptshttp://
URLs
🐛 Bug fixes:
- 🛠 Fix parsing of MQTT QoS > 0 PUBLISH messages
- 🛠 Fix MQTT PUB{ACK,REC,REL,COMP} and UNSUBACK flags
- Properly shut down the SSL connection (send "close notify" TLS message)
- Fix
mg_get_http_var()
return value - 🛠 Fix MQTT handshake; change client protocol to version 3.1.1
- 🛠 Fix Handling of multiple MQTT messages per RECV event
- Update to make lwip_net_if thread-safe
- 🏁 Use DhcpNameServer on Windows
- 🛠 Fix MQTT message parsing issues
- 🛠 Fix DNS name uncompression that could lead to infinite loop
- 🛠 Fix WS frame reassembly issues