Skip to content

Releases: cesanta/mongoose

Mongoose 6.15

13 Jun 08:54
@cpq cpq
Compare
Choose a tag to compare

Bug fixes

  • A critical MQTT heap-based overflow in parse_mqtt() fixed - credit goes to Yakun Zhang and Zheng Huang of Baidu Security Labs for discovering and reporting the issue
  • mg_resolve2() incorrect memory init fixed
  • Fixed locking in lwip_net_if
  • Fixed callback invocation in mg_net_if_lwip

Features

Mongoose 6.14

04 Mar 15:25
Compare
Choose a tag to compare

API changes

  • Added MG_MK_STR_N(), mg_str_starts_with(), mg_strfree()
  • Added mbuf_clear(), mbuf_append_and_free(), mbuf_move()
  • Added ability for multipart data handler to provide pushback
  • Made MG_CTL_MSG_MESSAGE_SIZE overridable

Bug fixes

  • Fixed digest auth result comparison
  • Read all available data during recv poll
  • Ensure that user sees all the data before connection is closed
  • Check for NULL in tcp_recved_tcpip()
  • Send extra options with OPTIONS
  • Properly support MQTT wildcards when matching topics
  • Fix handling of WS handshake error response

Other changes

  • Log file:line instead of function; add cs_log_set_file_level()

Mongoose 6.13

08 Oct 13:12
95afa32
Compare
Choose a tag to compare
  • When processing chunked response, make sure chunk size is reasonable
  • Open uploaded file in binary mode (Windows)
  • Refactored polling, cleaned up net_if interface somewhat
  • LwIP: Trim recv_mbuf when we know the size of the data
  • Fix unused variable warnings when build w/o logging
  • Added net_if_null
  • Minor doc updates

Mongoose 6.12

13 Aug 16:39
Compare
Choose a tag to compare

Security fix

This release fixes a security issue, reported at https://www.cvedetails.com/cve/CVE-2018-10945/

( Fix body length calculation in mg_handle_cgi)

Change List:

  • Add mg_url_encode_opt() - a parametrized version of mg_url_encode()

  • Add MG_HIDE_SERVER_INFO

  • mg_file_upload_handler: Support multiple files

  • Add host name verification for OpenSSL

  • Add mg_strstrip: trims whitespace at both ends of a string

  • Fix http pipelining

  • Fix buffer size passed to inet_ntop()

  • Fix an edge case in multipart HTTP upload parsing

  • Fix mg_http_parse_header (treat ; as a delimiter)

  • mg_lwip: Fix race during clean connection teardown

  • Fix a bug in mg_mgr_init_opt with opts.num_ifaces

  • Fix build with CS_ENABLE_STDIO=0

  • Fix warnings on newer versions of GCC

  • Fix body length calculation in mg_handle_cgi

  • Don't touch send_mbuf when sending MQTT messages

Mongoose 6.11

08 Feb 18:38
Compare
Choose a tag to compare
  • Fix socket leak when there are too many open file descriptors
  • Fix publish-subscribe example
  • Fix mg_parse_multipart in case of malformed request
  • Websocket: Respond to Ping with Pong
  • Websocket: Properly close a connection with Close frame (in response to a client's close and when protocol failure is detected)
  • Websocket: Fix support of fragmented messages
  • Websocket: Add support for control frames interjected in the middle of a fragmented message
  • Digest authentication: Fix nonce validity check (expired nonce or nonce from the future did not cause the the check to fail)
  • Digest authentication: Fix nonce request value; it worked before because nonce validity check was broken as well
  • Digest authentication: Add nonce argument to mg_http_create_digest_auth_header(): clients should use the value received from the server's authentication request.
  • Fail if passed a NULL handler to mg_bind or mg_bind_opt.
  • Publish sources and tests
  • Remove tunneling functionality which was used by nobody
  • Add UDP client example
  • Don't use user_data in mqtt server
  • Deprecate mg_http_parse_header() and implement mg_http_parse_header2() instead, which allocates a new buffer if the client-provided one is not large enough (similarly to asprintf).
  • Fix limitations of header value lengths, e.g. when parsing authentication headers such as nonce, etc.

Mongoose 6.10

31 Oct 10:49
Compare
Choose a tag to compare

API changes

  • SOCKS5 client and server support
  • Timer value is no longer cleared after MG_EV_TIMER event if it was not changed. User's handler must set it to 0 explicitly to avoid repeated invocation.

FIxes

  • SSL/TLS listener fix for TI SimpleLink networking interface
  • Double-counting of recved bytes in LWIP interface caused issues
  • MQTT SUBSCRIBE command parsing in the broker code could cause crashes
  • FIxed CGI script connection lifetime management

Mongoose 6.9

13 Sep 12:01
Compare
Choose a tag to compare

API changes:

  • MG_ENABLE_CALLBACK_USERDATA - if set, changes signature of event handler function to include user_data argument. Disabled by default for now, in the future this will become the default.
  • mg_set_nameserver() - specify DNS server to use
  • mg_assemble_uri() - assemble a URI from parts
  • mg_connect_ws() now accepts http:// URLs

Bug fixes:

  • Fix parsing of MQTT QoS > 0 PUBLISH messages
  • Fix MQTT PUB{ACK,REC,REL,COMP} and UNSUBACK flags
  • Properly shut down the SSL connection (send "close notify" TLS message)
  • Fix mg_get_http_var() return value
  • Fix MQTT handshake; change client protocol to version 3.1.1
  • Fix Handling of multiple MQTT messages per RECV event
  • Update to make lwip_net_if thread-safe
  • Use DhcpNameServer on Windows
  • Fix MQTT message parsing issues
  • Fix DNS name uncompression that could lead to infinite loop
  • Fix WS frame reassembly issues

#855

Mongoose 6.8

19 May 09:41
@cpq cpq
Compare
Choose a tag to compare

Mongoose 6.7

16 Jan 15:09
Compare
Choose a tag to compare

New platforms supported

A bunch of new platforms are now supported by Mongoose:

  • Windows CE 6.0: See example;
  • TI Tiva TM4C129: See example;
  • PIC32 Harmony TCP/IP: In addition to "bare metal", Mongoose is now able to use PIC32 Harmony TCP/IP Stack. Checkout example here;
  • nRF 51/52: Find example for nRF 51 here and for nRF52 here;
  • mbed: Mongoose is now can be a part of a project based on mbed. Checkout example here;
  • ESP32: Mongoose 6.7 can be compiled for ESP32 platform.

Other new features

  • NXP Kinetis K64 support improved: New example is here;
  • mbedTLS native support: In addition to OpenSSL, Mongoose 6.7 can use mbedTLS;
  • SNTP client added: Mongoose 6.7 for working with Internet time servers.

A lot of improvements and bugfixes

See a list of closed issues here.

Mongoose 6.6

12 Oct 08:18
Compare
Choose a tag to compare

Changes

STM32 support added

Mongoose 6.6 can be built and run on STM32 microcontrollers. Check out the new example here for an MQTT Client for STM32. The example runs through how to build an MQTT client for STM32 with TI CC3100 WIFI as network module.

PIC32 support added

We’ve also added PIC32 support to Mongoose. And just as for STM32, we have a new example here for you to follow here. It runs through how an MQTT Client is intended for running on PIC32 (MX series with TI CC3100 as a network module).

TI CC3200 support improved

We have improved the already support TI CC3200. Here, the TI Compiler on docker image was updated to version 5.8.2.

New API introductions

We want to make Mongoose as simple as possible to use. Check out the new API we’ve added in 6.6:

  • mg_http_send_redirect - sends a redirect response
  • mg_http_serve_file - serves a specific file with a given MIME type and optional extra headers.
  • MG_F_ENABLE_BROADCAST - new flag, allows to send broadcast messages
  • MG_EV_SSI_CALL_CTX - new event, the variant of MG_EV_SSI_CALL with context of the SSI call being processed in addition to the tag argument.

New Examples

We mentioned the STM32 an PIC32 examples already, but they are not all! Check out these additional examples to help you get started with your embedded project:

Bugfixes

We always improve bugs along the way between releases. If you come across anything, let us know in our forum.

  • Use gethostbyname to resolve hocalhost if resolving via /etc/hosts failed. (especially useful for Windows users)
  • Fixed a lot of errors and warning in MSVC compilation
  • Fixed bug in multithreaded mode support:
    • Copy flags for accepted connection
    • Use user timeout in multithreading polling
  • Smaller bug fixes

Documentation

We want you to be able to find all the answers you need in our documentation. That’s why we try to improve it as best we can. So you’ll see that we have more clear and structured documentation available as well as explanations for each example added directly in our documentation section.

Binaries

Windows and Mac binaries are available for download from the website.

Licensing

Mongoose is available under GPLv2. Commercial use requires a license, please contact us for terms.

Support

Community support can be found on our forum. Commercial support options are available separately by contacting us.