Releases: cesanta/mongoose
Mongoose 6.15
Bug fixes
- A critical MQTT heap-based overflow in
parse_mqtt()
fixed - credit goes to Yakun Zhang and Zheng Huang of Baidu Security Labs for discovering and reporting the issue mg_resolve2()
incorrect memory init fixed- Fixed locking in
lwip_net_if
- Fixed callback invocation in
mg_net_if_lwip
Features
- Added new platform rs14100, a multi-protocol wireless chip from Redpine Signals
- Deliver EV_CLOSE to the last endpoint handler
- Allow NULL handler for mg_bind and mg_connect
Mongoose 6.14
API changes
- Added
MG_MK_STR_N()
,mg_str_starts_with()
,mg_strfree()
- Added
mbuf_clear()
,mbuf_append_and_free()
,mbuf_move()
- Added ability for multipart data handler to provide pushback
- Made
MG_CTL_MSG_MESSAGE_SIZE
overridable
Bug fixes
- Fixed digest auth result comparison
- Read all available data during recv poll
- Ensure that user sees all the data before connection is closed
- Check for NULL in
tcp_recved_tcpip()
- Send extra options with OPTIONS
- Properly support MQTT wildcards when matching topics
- Fix handling of WS handshake error response
Other changes
- Log file:line instead of function; add cs_log_set_file_level()
Mongoose 6.13
- When processing chunked response, make sure chunk size is reasonable
- Open uploaded file in binary mode (Windows)
- Refactored polling, cleaned up net_if interface somewhat
- LwIP: Trim recv_mbuf when we know the size of the data
- Fix unused variable warnings when build w/o logging
- Added net_if_null
- Minor doc updates
Mongoose 6.12
Security fix
This release fixes a security issue, reported at https://www.cvedetails.com/cve/CVE-2018-10945/
( Fix body length calculation in mg_handle_cgi
)
Change List:
-
Add
mg_url_encode_opt()
- a parametrized version ofmg_url_encode()
-
Add
MG_HIDE_SERVER_INFO
-
mg_file_upload_handler: Support multiple files
-
Add host name verification for OpenSSL
-
Add
mg_strstrip
: trims whitespace at both ends of a string -
Fix http pipelining
-
Fix buffer size passed to inet_ntop()
-
Fix an edge case in multipart HTTP upload parsing
-
Fix
mg_http_parse_header
(treat;
as a delimiter) -
mg_lwip: Fix race during clean connection teardown
-
Fix a bug in mg_mgr_init_opt with opts.num_ifaces
-
Fix build with
CS_ENABLE_STDIO=0
-
Fix warnings on newer versions of GCC
-
Fix body length calculation in
mg_handle_cgi
-
Don't touch send_mbuf when sending MQTT messages
Mongoose 6.11
- Fix socket leak when there are too many open file descriptors
- Fix publish-subscribe example
- Fix mg_parse_multipart in case of malformed request
- Websocket: Respond to Ping with Pong
- Websocket: Properly close a connection with Close frame (in response to a client's close and when protocol failure is detected)
- Websocket: Fix support of fragmented messages
- Websocket: Add support for control frames interjected in the middle of a fragmented message
- Digest authentication: Fix nonce validity check (expired nonce or nonce from the future did not cause the the check to fail)
- Digest authentication: Fix nonce request value; it worked before because nonce validity check was broken as well
- Digest authentication: Add
nonce
argument tomg_http_create_digest_auth_header()
: clients should use the value received from the server's authentication request. - Fail if passed a NULL handler to
mg_bind
ormg_bind_opt
. - Publish sources and tests
- Remove tunneling functionality which was used by nobody
- Add UDP client example
- Don't use user_data in mqtt server
- Deprecate
mg_http_parse_header()
and implementmg_http_parse_header2()
instead, which allocates a new buffer if the client-provided one is not large enough (similarly toasprintf
). - Fix limitations of header value lengths, e.g. when parsing authentication headers such as nonce, etc.
Mongoose 6.10
API changes
- SOCKS5 client and server support
- Timer value is no longer cleared after
MG_EV_TIMER
event if it was not changed. User's handler must set it to 0 explicitly to avoid repeated invocation.
FIxes
- SSL/TLS listener fix for TI SimpleLink networking interface
- Double-counting of recved bytes in LWIP interface caused issues
- MQTT SUBSCRIBE command parsing in the broker code could cause crashes
- FIxed CGI script connection lifetime management
Mongoose 6.9
API changes:
MG_ENABLE_CALLBACK_USERDATA
- if set, changes signature of event handler function to include user_data argument. Disabled by default for now, in the future this will become the default.mg_set_nameserver()
- specify DNS server to usemg_assemble_uri()
- assemble a URI from partsmg_connect_ws()
now acceptshttp://
URLs
Bug fixes:
- Fix parsing of MQTT QoS > 0 PUBLISH messages
- Fix MQTT PUB{ACK,REC,REL,COMP} and UNSUBACK flags
- Properly shut down the SSL connection (send "close notify" TLS message)
- Fix
mg_get_http_var()
return value - Fix MQTT handshake; change client protocol to version 3.1.1
- Fix Handling of multiple MQTT messages per RECV event
- Update to make lwip_net_if thread-safe
- Use DhcpNameServer on Windows
- Fix MQTT message parsing issues
- Fix DNS name uncompression that could lead to infinite loop
- Fix WS frame reassembly issues
Mongoose 6.8
- Client support for TLS PSK
- Multipart handling fixes
- LWIP driver fixes
- UDP crashes on LWIP fixes
- Removed mg_enable_multithreading. Added example for multithreaded usage, https://github.com/cesanta/mongoose/tree/dev/examples/multithreaded
Mongoose 6.7
New platforms supported
A bunch of new platforms are now supported by Mongoose:
- Windows CE 6.0: See example;
- TI Tiva TM4C129: See example;
- PIC32 Harmony TCP/IP: In addition to "bare metal", Mongoose is now able to use PIC32 Harmony TCP/IP Stack. Checkout example here;
- nRF 51/52: Find example for nRF 51 here and for nRF52 here;
- mbed: Mongoose is now can be a part of a project based on mbed. Checkout example here;
- ESP32: Mongoose 6.7 can be compiled for ESP32 platform.
Other new features
- NXP Kinetis K64 support improved: New example is here;
- mbedTLS native support: In addition to OpenSSL, Mongoose 6.7 can use mbedTLS;
- SNTP client added: Mongoose 6.7 for working with Internet time servers.
A lot of improvements and bugfixes
See a list of closed issues here.
Mongoose 6.6
Changes
STM32 support added
Mongoose 6.6 can be built and run on STM32 microcontrollers. Check out the new example here for an MQTT Client for STM32. The example runs through how to build an MQTT client for STM32 with TI CC3100 WIFI as network module.
PIC32 support added
We’ve also added PIC32 support to Mongoose. And just as for STM32, we have a new example here for you to follow here. It runs through how an MQTT Client is intended for running on PIC32 (MX series with TI CC3100 as a network module).
TI CC3200 support improved
We have improved the already support TI CC3200. Here, the TI Compiler on docker image was updated to version 5.8.2.
New API introductions
We want to make Mongoose as simple as possible to use. Check out the new API we’ve added in 6.6:
mg_http_send_redirect
- sends a redirect responsemg_http_serve_file
- serves a specific file with a given MIME type and optional extra headers.MG_F_ENABLE_BROADCAST
- new flag, allows to send broadcast messagesMG_EV_SSI_CALL_CTX
- new event, the variant of MG_EV_SSI_CALL with context of the SSI call being processed in addition to the tag argument.
New Examples
We mentioned the STM32 an PIC32 examples already, but they are not all! Check out these additional examples to help you get started with your embedded project:
- DLL/SO building example
- Simple SSL Web Server: shows how to build a http server with SSL support
- A cookie auth and session management example
- Multicast server demo
Bugfixes
We always improve bugs along the way between releases. If you come across anything, let us know in our forum.
- Use gethostbyname to resolve
hocalhost
if resolving via /etc/hosts failed. (especially useful for Windows users) - Fixed a lot of errors and warning in MSVC compilation
- Fixed bug in multithreaded mode support:
- Copy flags for accepted connection
- Use user timeout in multithreading polling
- Smaller bug fixes
Documentation
We want you to be able to find all the answers you need in our documentation. That’s why we try to improve it as best we can. So you’ll see that we have more clear and structured documentation available as well as explanations for each example added directly in our documentation section.
Binaries
Windows and Mac binaries are available for download from the website.
Licensing
Mongoose is available under GPLv2. Commercial use requires a license, please contact us for terms.
Support
Community support can be found on our forum. Commercial support options are available separately by contacting us.