Releases: cesanta/mongoose
Mongoose 7.5
- Add
MG_HTTP_INDEXbuild var, default to "index.html", to let user to change directory index file - Added
MG_CUSTOM_TLSbuild flag, to enable any 3rd party TLS library integration (or make tweaks to existing integrations) - Added example for mg_http_bauth()
- Added documentation for mg_http_get_header_var()
- Added CIFuzz integration
- Fixed captive portal example
- Added json-rpc-via-ws example
- Fixed FD_CLOEXEC handling
- Added Add examples/mqtt-client-aws-iot
- Add user and pass to struct mg_mqtt_opts
- Fixed comma handling in mg_http_get_header_var()
- Fixed UDP handling on Windows
- Added mbedTLS CRL support
- Fixed mg_random() on ESP32
Mongoose 7.4
- Added example for NXP RT1020 on Microsoft AzureOS
- Added support for Microsoft AzureOS
- Better diagnostics in mg_open_listener, #1359
- Including ipv6 wrapping brackets [] in the result of mg_url_host()
- Support multiple serving directories (web roots):
opts.root_dir = "/path1,/uri1=/some/other/path". See 2139fbc - Security enhancement in MQTT codepath
- Removed
realpath()from the virtualised FS API - Enhanced OpenSSL handshake codepath
- API change mg_iobuf_{append,delete} -> mg_iobuf_{add,del}
- Added WS defragmentation logic
- Added Add mg_check_ip_acl()
- API change: mg_next_comma_entry() -> mg_commalist()
- Added stm32-nucleo-f746z example
- Fixed HTTP chunk handling for larger chunks
- Enhanced FREERTOS + LWIP support - works out of the box!
- Refactored mg_mkpipe() and multithreading support
- Sending MG_EV_WS_OPEN to server connections, too
- Added MQTT over Websocket example
- Added virtualised FS support and built-in ability to pack static files into server binary and serve files without a "real" FS
- Added RISCV target to unit test
Mongoose 7.3
- Improved SSI file serving: added Content-Type header
- Improved compiler compatibility, using traditional header guards instead of
#pragma one - When listening on port 0, exposing the actual port
- Disabled SSL 1.1 for OpenSSL
- Fixed C++ mg_str constructor shadowing
- Using FD_CLOEXEC on opened sockets on UNIX-like systems
- Support for new mbedtls 3.x
- Improved C++ interop with
#ifdef __cplusplus - Improved MQTT API: added
qosandretainparams tomg_mqtt_{pub,sub} - Optimised RAM usage -
mg_iobuf_append() - Added MG_ARCH_FREERTOS_LWIP
- Added stm32f7 example with FreeRTOS+TCP stack
- Re-enabled Range header support (partial downloads)
- Multiple documentation fixes
- Improved
mg_random()for Espressif builds - Added multiple unit tests
- Added an ability to load mbedTLS certs from memory
- Added multipart form upload
Mongoose 7.2
- Added
mg_mqtt_next_unsub() - Added chunked HTTP client support and
MG_EV_HTTP_CHUNKevent - Restored
mg_mqtt_{ping,pong,disconnect}functions - Fixed Cygwin and QNX builds
- Added
struct mg_mgr::userdatapointer - Added
struct mg_http_message::headwhich contains HTTP line and all headers - Add ability to use in-memory CA PEM for mbedtls
- Improved unicode handling on Win32
- Improved ESP32 example to use SPIFFS and static serving
- Improved TLS SNI
Mongoose 7.1
Overview
This is a bugfix and cleanup release after the major version 7.0 release. A significant number of small issues were fixed, and some new examples added.
- Continuous integration test switched from CircleCI to Github Actions
- Added socks5 example
- Added esp32 example
- Added esp8266 example
- Added mingw test
- Added mbedtls test
- Added openssl test
- Added reverse proxy example
- Added proxy client example
- Added MQTT server example
- Many TLS related fixes
- Fixed DNS resolution timeout
- Added SSI to
mg_http_serve_dir() - Fixed file descriptor leak for local cache codepath
Mongoose 7.0
Overview
This is a major release, aimed primarily at refactoring and cleanup of the codebase. The main focus is made on the embedded usage.
The documentation has been fully revamped, and published at https://cesanta.com/docs. Porting from the 6.x version is not straightforward, despite all concepts stayed intact. The major changes include:
-
CGI support has been removed
-
WebDAV support has been removed
-
Socks5 support has been factored to the example
-
Digest auth support has been removed. The anticipated usage is Basic + TLS
Non-amalgamated sources
The non-amalgamated sources are kept in src/, and amalgamation is performed by Makefile. Set -DMG_ENABLE_LINES compiler option to enable non-amalgamated diagnostics.
CI tests and coverage
A Circle CI tests are established, to test on the common platforms and compilers, for both ISO C and ISO C++ mode. Also, an automatic test coverage tracking is performed.
The plan for the next releases is to add platform-specific examples (like for ESP32, STM32, etc) and integrate them into CI, to ensure they do not break as development continues.
Continuous fuzzing test
Mongoose is integrated into Google's https://oss-fuzz.com/ service, to enable continuous fuzzing code tests. This helps to find security issues early on.
Mongoose 6.18
- Allow OpenSSL session reuse on 2-way SSL
- Updated certs for OpenSSL tests
- Fixed OpenSSL error status issue
- Added HTTP proxy client example
- Fixed deferencing mg_http_free_proto_data_endpoints
- Fixed typedef bool for MSC
Mongoose 6.17
Bug fixes
- An integer overflow bug in
parse_mqtt(), CVE-2019-19307 - MQTT ping logic improved
- Leak fix for invalid CA
- Make SSL and non-SSL build binary compatible
- Make 30x replies keep opened HTTP/1.1 connection
Mongoose 6.16
Bug fixes
- A critical issue in mg_http_parse() is fixed. Associated fuzzer test added.
This is a fix for the CVE-2019-13503 in the Common Vulnerability and Exposure database: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13503
Mongoose 6.15
Bug fixes
- A critical MQTT heap-based overflow in
parse_mqtt()fixed - credit goes to Yakun Zhang and Zheng Huang of Baidu Security Labs for discovering and reporting the issue mg_resolve2()incorrect memory init fixed- Fixed locking in
lwip_net_if - Fixed callback invocation in
mg_net_if_lwip
Features
- Added new platform rs14100, a multi-protocol wireless chip from Redpine Signals
- Deliver EV_CLOSE to the last endpoint handler
- Allow NULL handler for mg_bind and mg_connect