- Update to version 0.9.36: * Fixed: Its possible to issue a PUT request without a CONTENT-TYPE. Assume an octet-stream in that case. ( CVE-2021-29133 ) * Change the Prefix for variables to be the REQUEST_METHOD (PUT/DELETE/GET/POST) THIS IS A BREAKING CHANGE * Mitigations vs running haserl to get access to files not available to the user.
- Update to version 0.9.35: + Fixed a possible segfault if CONTENT_TYPE is not specified. - Changes from version 0.9.34: + Haserl is now compatible with Lua 5.3 (in addition to 5.1, and 5.2). + Fix processing of headers in rfc2388.c.
- Update to version 0.9.33 * Fix various security vulnerabilities - most serious is a Heap Overflow Vulnerability in sliding_buffer.c * Allow PUT and DELETE method (But prefix is still POST/GET) * On POST/PUT, Content-Type is not x-www-urlencoded, then the body of the message is stored verbatim in POST_body= - Remove obsolete fix-make.diff - Remove autoreconf calling; not needed anymore - Use %configure instead of./configure
- add automake as buildrequire to avoid implicit dependency
- add patch to fix makefile syntax
- add pkg-config to buildrequires
- Update to haserl-0.9.24: * bash extensions * regression tests (make check) * docu updates * myputenv enhancements * observe CONTENT_LENGTH
- Update to haserl-0.9.21: * Command line option handling reworked * major refactoring * various little bugs killed * lua support * custom handler for uploading large files * new comment tag
- Initial creation of package haserl-0.8.0