Yaws is a HTTP high perfomance 1.1 webserver particularly well suited for dynamic-content web applications. Two separate modes of operations are supported:
Standalone mode where Yaws runs as a regular webserver daemon. This is the default mode.
Embedded mode where Yaws runs as an embedded webserver in another Erlang application.
Yaws is entirely written in Erlang, and furthermore it is a multithreaded webserver where one Erlang lightweight process is used to handle each client.
The main advantages of Yaws compared to other Web technologies are performance and elegance. The performance comes from the underlying Erlang system and its ability to handle concurrent processes in an efficent way. Its elegance comes from Erlang as well. Web applications don't have to be written in ugly ad hoc languages.
The www page for Yaws is yaws.hyber.org. The documentation, examples as well as releases can be found there, and of course, yaws.hyber.org is itself powered by Yaws.
Code is on : github.com/klacke/yaws
A mailing list exists at: https://lists.sourceforge.net/lists/listinfo/erlyaws-list
A lot of excellent engineers have contributed to Yaws over the years, we keep a list of all contributors
A high resolution logo created by Tomas Selander exists at yaws.eps
To see all the most recent changes and activity in Yaws development, please visit the Yaws github repository.
Major release, many enhancenements and bugfixes. Too many to list actually, see the git logs. The major ones though:
combine multiple Accept-Encoding headers (steve)
Massive autotools refactoring & cleanup (Christopher Faulet)
Add SSL protocol_version configuration element (steve)
Add 'honor_cipher_order' option in ssl part (Christopher Faulet)
Bad HTTP 3.0 message sent to yaws, crashed the server entirely. Note this is crucial for yaws servers deployed on internet. (klacke)
Use Yaws linked-in driver by default to send large file (capflam)
Rebar work (Steve, Joseph Wayne Norton)
Wed Oct 16 05:40:25 CEST 2013 Yaws 1.97
Webdav work, all webdav is now an appmod (tjeerd)
New serveralias directive. Now it is possible to set alternate names for a virtual host. A server alias may contain wildcards. Inside a server definition wecan now have e.g serveralias = *.server.domain.com *.server?.domain.com (capflam)
pam bug found by Jari Hellman
optimized ssi code by storing binaries as the data chunks instead of lists of chars (klacke)
Support message body in DELETE requests (capflam)
Group automatically the server configurations in embedded mode. Now, Yaws groups the server configurations by itself when it is started in embedded mode. This is done when yaws_api:setconf/2 is called. (capflam)
Use crypto:hash instead of crypto:sha to be compatible with R16B1. (Karolis Petrauskas )
Use proper linker command for drivers on OpenBSD (Francis Joanis )
Try to make the log directory if it doesn't exist. This happens only if logdir has a plus sign in front of it. E.g logdir = +path/to/log. (capflam, James Lee)
Incorrect X-Forwarded-For header (Manuel Durán Aguete)
Redhat /etc script bug fix by flavio-fernans
Install procedure for FreeBSD wasn't correct (klacke)
More rebar support (Steve, Tuncer)
Fix option to enable/disable sendfile support in the configure script. file:sendfile/5 implementation is buggy (in R15 & R16). When async-threads are enabled, in efile driver, the tcp socket is set in blocking mode and thesendfile syscall is executed on an async-thread. So an unresponsive client could block it for a very long time and therefore block the async-thread. In this way, all async-threads could be easily blocked. So, by default, the use of sendfile is disable. (capflam)
Add support of many options for tcp/ssl sockets (capflam)
Fix mime_types.erl generation for a local installation of Yaws, (capflam)
Tue Mar 19 17:53:00 CET 2013 Yaws 1.96
Websocket release, lots of work and rewrites of the websocket code which is now topnotch.
Handle relative paths when Yaws is started in embedded mode (capflam)
ensure compatibility with Erlang R13B04 (steve)
Handle case with DOS attack towards pam login with embedded NUL chars in username or password. The protocol cannot handle NUL chars and Yaws dies (klacke)
Extend syntax of redirect block to allow an optional status code. (capflam)
Support multipart/form-data "name" with backslash at the end. (Johannes Weißl)
Make be possible to chain appmods (capflam)
Flush remaining data in case of 3xx redirect (capflam)
Add support of the 'Vary' header in response (capflam)
Add access functions for #gconf{} and #sconf{} records (capflam)
Refactor WebSockets and add support of optional callback functions (capflam)
Feature relase,
The --heart option didn't work as expected when yaws ran out of filedescriptors - capflam
Major webdav overhaul by Tjeerd van der Laan. Lot's of improvements and general bugfixes.
Added sorting of subconfigdir - Tjeerd van der Laan
Added a fast dispatch module. This is for applications that only want the HTTP portion of yaws, i.e applications with very high performance requirements. A lot of the normal book keeping, tracing etc is ignored.
Added RFC6265 compliant variant of yaws_api:set_cookie/3 - serge
Fix SSL socket wrapping - capflam/Jean-Charles Campagne
Parse extensions and trailing headers of chunked transfer encoded requests - capflam
Optimize the ACL checks during the request's authentication -capflam
Added support to configure ciphers in ssl - klacke
dialyzer cleanup/improvements - Kenji Rikitake
makefile / mime_type_c.beam cleanup - Kenji Rikitake
add startup script for FreeBSD 9 (Thomas Elsgaard)
make sure "rebar eunit" passes - steve
new yaws_api:reformat_header/2 function - steve
support Raspberry Pi in configure.in (Anders Nygren)
Add basic websocket test - JD Bothma
Make the mime types mappings configurable - capflam
Add index_files directive into the server part configuration - capflam
Refactor Set-Cookie/Cookie header parsing to follow RFC6265 - capflam
enabled http client library options customization - Kaloyan Dimitrov
Bugfix release for bugs that sneaked into 1.93
The random patch for 1.93 wasn't good enough as discovered by Sergei Golovan, we need to cater for non printable chars (Sergei Golovan)
add support for W3C Server-Sent Events (Steve)
add easy getter/setter functions for #headers records (Steve)
add reverse proxy intercept module capability (Steve)
Patch from Nico Kruber to fix compile issue on OTP R13
Security release
Use crypto:rand_bytes() instead of the cryptographically weak random module. Swedish security consultant and cryptographer Kalle Zetterlund discovered a way to - given a sequence of cookies produced by yaws_session_server - predict the next session id. Thus providing a gaping security hole into yaws servers that use the yaws_session_server to maintain cookie based HTTP sessions (klacke/kallez)
A denial of service bug has been corrected. Multippart POST processing on the yaws server side contained a list_to_atom/1 call which potentially makes it possible for an attacker to craft a continous list of POSTs, each potentially generating a new atom. This is a backwards incompatible fix since the upload code on the server side is user code. That code now needs to look for strings instead of atoms. For example the upload.yaws code in the www examples is changed. It searches now for the field "filename" instead of 'filename' (klacke)
make sure to always send proper strings to file:write() while logging (Nicolas Adiba)
default to a tcp queue backlog of 1024 (Nicolas Adiba)
log debug messages to the error_logger for embedded mode (Nicolas Adiba)
Add support of the 'OPTIONS' method when WebDav is enabled (Christopher Faulet)
Several yaws_revproxy improvements and fixes. I think that finally, after many years of badness, Christopher Faulet has finally made the reverse proxy function as it shall.
use request content type for SOAP responses (Steve)
websocket work (Steve)
typo in WWW-Authenticate handling leading to infinite recursion (nicad)
add new HTTP status codes from RFC 6585 (Steve)
Add support for precompressed static files (Christopher Faulet)
Improve how the responses compression is handled (Christopher Faulet)
configure ignores --libdir (steve)
report uncaught exception as server error 500 (steve)
fix yapp exclude_dir paths (Mikael Karlsson)
Fix bugs in yaws_api:parse_multipart_post/1,2 for chunked requests (Christopher Faulet)
Add options to configure deflate compression behaviour (Christopher Faulet)
make handling of cookie names case insensitive According to RFC 2109 (steve)
add rebar dependencies needed for SOAP applications (steve)
add callback for abnormal websocket close (steve)
note IPv4 or IPv6 as appropriate in munin statistics (Olivier Girondel)
fix configure's ERTS version checking for file:sendfile/5 (steve)
rebar work (tuncer)
added soap12 capability (Kaloyan Dimitrov)
Added facility for specifying an #auth record when starting embedded (Ulf Wiger)
Manage all 'special' headers of #headers{} and #outh{} records (Christopher Faulet)
Allow the server signature to be defined per virtual server (Christopher Faulet)
fix log rotation on Windows, where fsync() is required to get the actual file size (Garret Smith)
fixed wiki app XSS vulnerabilities (Sergei Golovan)
Refactor flush/1 function to prevent DoS attack (Christopher Faulet)
yaws now uses file:sendfile if available (R15B01 or newer) (tuncer/steve)
Minor release,
changes for OS X Lion for build and test (steve)
Incorporation of various fixes from Klarna and Rickard Carlsson, makeing yaws_server upgrade-friendly and work with yaws --check (steve)
allow functions to be specified as values in ehtml (steve)
add config setting for acceptor pool size (steve)
tex/doc work (steve)
Populate soap_srv_mods field in yaws:setup_gconf/2 Essien Ita Essien
don't setup dirs in embeddded mode (klacke)
listen opts must be passed also to SSL sockets, Bug discovered and fixed by per Hedeland
fix expires header time when crossing DST boundary (steve)
fix CGI redirect HTTP status bug (steve)
Lots of rebar/reltool work - steve/Tuncer
Allow to pass options to erlsom - Willem de Jong
R15B compat work - Tuncer
update WebSockets implementation to support RFC 6455 - JD Bothma
add support for HTTP PATCH (RFC 5789) - steve
handle long HTTP header lines in R15B - steve
Minor release, with mostly small bugfixes, many tests added.
Added support to generate and check strict xhtml output (klacke)
Added possibility to turn off yaws log wrapping. This is useful for applications that embedd yaws and do not want that functionality at all (klacke)
fix reverse proxy problem (issue #60) (Steve)
let configure handle erlang built from git clone (Steve)
Float fixes for json2.erl and json.erl (Nico Kruber)
Support for halfword emulator (Steve)
Several new testcases added by Christopher Faulet
Fixes to the capflam patchset by Christopher Faulet
Highlights in this release are the capflam patchset, a really long list of general improvements by Jean-Sebastien Pedron and Christopher Faulet. Also rebar support has been added by Steve and Tuncer. Finally, Steve has added JSON 2.0 support. Thus this is a major release. Lot's of new little features and also lot's of bug fixes.
always store a tuple in #headers.authorization (Jean-Sebastien Pedron)
improve daemon status output (capflam) (Christopher Faulet)
allow Server header customization (capflam) (Christopher Faulet)
add shaper directive to control access (capflam) (Christopher Faulet)
allow conf file pathname config with app env var (capflam) (Christopher Faulet)
soft yaws shutdown (capflam) (Christopher Faulet)
arg_rewrite mods can now return HTTP responses (capflam) (Christopher Faulet)
support external handler to interpret php scripts (capflam) (Christopher Faulet)
add status option to page options (capflam) (Christopher Faulet)
allow multiple listen directives per server (capflam) (Christopher Faulet)
server-specific logger_mod and auth_mod (capflam) (Christopher Faulet)
support parsing of literal IPv6 addresses (capflam) (Christopher Faulet)
allow hard reload of conf without stopping (capflam) (Christopher Faulet)
add control for "Expires" and "Cache-Control" response headers (capflam) (Christopher Faulet)
add "application/javascript" as a compressible mime type (capflam) (Christopher Faulet)
use "partial_post_size" for chunked requests (capflam) (Christopher Faulet)
authorization improvements, including ACLs like apache mod_access (capflam) (Christopher Faulet)
Yaws can now be built with rebar (Tuncer Ayaz and Steve Vinoski)
Updated Yaws JSON-RPC support to version 2.0 (Steve Vinoski)
set HTTP_HOST properly for CGI (Steve)
change sendfile driver handler to a gen_server (Steve)
update mime.types from recent Apache web server sources (Steve)
add binary option to multipart/form-data parsing (Steve)
rewrite multipart/form-data POST handling, making memory consuption lower (Steve)
add configurable access logging (Steve)
Adding access functions for various Yaws records. (tobbe)
yaws_session_server fixes for embedded mode (Tobbe)
avoid keeping our own copy of ibrowse for testing (Steve)
remove support for SOAP DIME attachments (Steve)
fix EINTR handling in sendfile driver OSX related (Steve)
A long series of dialyzer warnings fixed (klacke, Steve, Tuncer and Kostis)
configure ERLBINDIR relative to ERLDIR (James Lee)
teach linux build to distinguish 32- and 64-bit erlang (Steve)
Pluggable ysession storage with mnesia sample in src/contrib (Nicolas Thauvin)
add configure detection of erts bits support, required for websockets (Steve)
security vulnerability for win32 reported at cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4181
bug in upload to file code found by Mojito Sorbet
add implementation of X-Forwarded-For header + docs (Fabian Linzberger)
--running-config flag to query a running yaws for its config (klacke)
fix typos on soap intro page (reported by Wes James)
Fixed and updated SSL verify options. Fixed documentation for verify values to correspond to Erlang's SSL implementation. Updated #ssl{} and yaws:ssl_listen_opts/2 to include fail_if_no_peer_cert. (Per Andersson)
Maintenance release with a long series of fixes mostly from Steve Vinoski
all.zip should not not include .yaws files, nor directories "protected" with an index file, nor directories protected by an auth directive. (Hans-Christian Esperer )
adjust to R14B change in gen_tcp:recv for {packet,http} mode Where we handle the return value of gen_tcp:recv while reading headers from the socket (such as with calls to yaws:do_recv), handle new R14B return values as well as existing return values for previous releases. (Steve)
for portability, use erlang:md5 rather than crypto md5 Since OpenSSL availability on Windows for working with the crypto module is apparently questionable, use the erlang:md5 function in place of the crypto md5 functions. (Steve)
websockets v76 update (Dominique Boucher)
several fcgi updates and bugfixes (Steve)
Add auth_skip_docroot server config variable (Christian Hennig)
Fix use_old_ssl=bool() for R14A (Joseph Wayne Norton)
add --umask option to yaws script (Steve)
Some yapp work, added a simple example (Mikael Karlsson)
performance enhancements (Steve)
add support for PHP FCGI applications (Hans-Christian Esperer)
fix cached process counter (Hans-Christian Esperer)
return part headers from yaws_multipart:read_multipart_form (Steve, based on a patch from Dilshod Temirkhodjaev.
patch for no-return-in-nonvoid-function error (Alexander Simonov)
two-mode.el now works with emacs 23 (Steve)
Allow "stream processes" to close the client socket (Steve)
Augment yaws man page with --erlarg argument quoting info (Steve)
Use gconf keepalive_timeout for connection lifetime (Brady McCary)
handle multi-word arguments for heart restart command (Steve)
Fix bug where yaws_api:parse_set_cookie tried to convert a record to lower case. (Anders Nygren)
patch by Sergey Shilov to set old_ssl for embedded mode
fix socket usage for FCGI authorization (bruno rijsman, steve vinoski)
work around an erlang:open_port bug for CGI QUERY_STRING env var (Steve)
Added a new configuration parameter called "keepalive_maxuses" which allows the yaws admin to close persistant connections after X number of uses. (Thomas O'Dowd )
improved embedded support (Steve)
Highlights in this release are, new SSL implementation is now default, FCGI enhhancements and IPV6 support.
ssl support for websockets, patch by wde
Erroneous common log format entries, time should be surrounded by brackets (Klacke)
When executing yaws --hup the order of the hosts in a virthost group wans't maintained, thus breaking the feature of pick first virthost on nomatch (Klacke)
set nodelay on FCGI TCP connection, and avoid 0-length FCGI gen_tcp:recv (steve)
Set {nodelay,true} on the TCP connection to the FCGI server to improve performance of small requests. (steve)
The code receives packets from the FCGI server and for some cases was extracting length fields from some packets and then making further gen_tcp:recv calls based on those length values. The code was not checking for length values of 0 before calling recv, and passing 0 to recv means to return all available bytes. For both correctness and performance, the code must avoid the recv calls altogether when the length is 0. (steve)
convert error atoms into error strings for fcgi_worker_fail (steve)
IpV6 support
The default value for partial_post_size was nolimit, not a good default value and also erroneoulsy documented (Klacke)
An atempt at having utf8 characters in the host names for yaws servers. Probably not entirely correct, but it works. (Klacke)
Anders Dahlin found that yaws log code doesn't delete the gen_event handler it adds error logger when terminating, that means that restarting yaws leaves old processes hanging around
dialyzer work (Klacke)
Closed Issue #31, made parsing of yaws.conf more tight complaining on e.g allowd_scripts = [ yaws ]
fix for FastCGI/PHP Issue (github.com/klacke/yaws/issues#issue/30) (davide)
auth through .yaws_auth files has become broken, (Klacke)
allow caller to set Host header for SOAP requests (Steve)
added support for OTP new ssl implementation ,Also set it as default. It's possible through yaws.conf to use the old SSL. The new seems to work well though, I've tested with a wide set of browsers, and in general it seems to work (klacke)
websocket support (davide and wde)
conditional compile of websockets, only use if the chosen erl supports it (klacke/steve)
patch by Andrei Soroker to strip the port part in #redir_self records - this patch may break some code, users that use redir_self() and unconditionally strip off their optional port number are affected
support some extra status codes in code_to_phrase (steve)
drop spaces before parsing ints - patch by Colm Dougan
proper handling of "/" appmod with excluded paths (patch from wde)
Added new unit tests for appmods, with both / and non-/ tests. The / tests include exclude_paths testing. (steve)
patch from wde solving a problem with appmod exclude paths and verify_upgrade
yaws_server: fixed the test for whether to close the socket. The yaws:outh_get_doclose() doesn't return a boolean and it requires the outh dicionary entry to be set (sometimes it isn't). (davide)
do not pass the --id option if the default id is used (steve)
Mostly a bugfix release. Two new features. First the ability to exclude directories from an appmod. This is especially interesting for users that have an appmod at '/' but still want yaws to ship normal static contet such as js files and images. Secondly support for Forward proxying was added. Here is the changes list:
It wasn't possible to handle huge files (above 2GIG ?) If sendfile hits EOVERFLOW send the file from Erlang code instead (Steve and klacke)
json binary key support (TBBle)
Forward proxy functionality added through a patch by Colm Dougan
patch from anders dahlin to always populate yaws auth headers
Added SSL support to stream_process_* functions. (davide)
Added support for passing SSL configurations to start_embedded as a proplist (passing #ssl{} still works). (davide)
Added support for excluding dirs from an appmod. (klacke)
erasing the connection header must also set doclose to false (steve)
Several soap patches by Eric Liang. docs, support on addtional specified prefix when rpc call by method: yaws_soap_lib:call, add the soap_srv_mods support, which can setup soap serve modules while yaws start.
prevent crash caused by malicious client sending an empty Host header (steve)
Several haXe fixes by Paul Hampson - Add example for haXe returning an error object, Document how to run haXe remoting sample under neko, Export haXe remoting handler function, Add example for JSON-RPC returning an error object, Allow JSON-RPC/haXe remoting handlers to send error objects.
yaws_rpc produced non-compliant jsonrpc results. Looking at the JSON-RPC specification at json-rpc.org/wiki/specification the returned result of a call needs to contain an error field, with value null for the success case. The example json-rpc python client code on the json-rpc.org site expects this field to be present. (TBBle)
Allow binaries as json values. (Matt Stancliff)
mkcert SSL scripts (klacke)
This is mostly (again) a bugfix/minor enhancement release.
redirect bug reported by James Lee (steve)
streamcontent_with_timeout bug , git issue #16 fixed (klacke)
max number of connections patch by Kinoshita (klacke)
updated mime.types from recent Apache web server sources (steve)
config of partial_post_size = nolimit was broken (klacke)
stopping yaws_sendfile thru supervisor does not hang - by ks (klacke)
Major work on the auth code, Auth - unauthorized enhancements, Setup auth rewrite/cleanup, (Embedded) Config enhancements (Anders Dahlin)
fix HTTP header case sensitivity problem in yaws_cgi (Bruno Rijsman)
fix decode_base64 to return just a tuple in case of error (reported by Gabri
add streamcontent_from_pid capability to allow direct streaming to socket (steve)
Fixed support for Timeout=infinity in streamcontent_with_timeout. (davide)
Use iolists instead of binaries for streamcontent_from_pid data, and add a new test for the streamcontent_from_pid feature (klacke)
add --nodebug option (steve)
determine gcc flags for 32-bit or 64-bit Erlang on OS X Snow Leopard (steve)
add new multipart example yaws_multipart.erl (Praveen Ray)
timezone format patch by Per Hedeland
Patch from wde with support for virthosting several ssl serveres on the same IP. This makes sense if we have multiple subjectAltName in the ssl cert
fixes for FCGI authorization (Bruno Rijsman), plus I cleaned up indentation and comments in yaws_cgi.erl
patch from anders abramhamson - a bug with multipart posts
New stats feature added by Olivier Girondel whereby (optionally) stats is collected for a virt server. Stats available from comand line (yaws --stats). There are also plugins for munin to graph the statistics.
The authmod code should now be backwards compatible (faal)
fixes for traffic tracing in reverse proxy mode (Olivier Girondel)
Better error msg if erl is not found for win32 users (klacke)
eliminate io_lib:format overhead in yaws_log:fmtnow (Steve)
handle authdirs search properly when docroot not defined (Olivier Girondel)
removed ancient backwards compat flag (klacke)
Have the yaws script set HOME if unset, this is required since some distros (Ubuntu) don't set HOME for code run under/etc/rc and erlexec requires HOME to be set. (Klacke)
add extra cgi vars patch from joe_e_e
new ebuild file for gentoo from joe_e_e
patch by joe_e_e to move all files from /etc to /etc/yaws in the install script. This may cause some troubles for some users when upgrading. By default the make install target doesn't overwrite /etc files. Pay attention.
added sendfile check for Darwin, since no sendfile is available on OS X Tiger (Steve)
RSS fixes, (Steve)
Several authentication fixes by Fabian Alenius. Changed the way authentication is done, added support for multiple authentication methods to be used for one directory and changed so that the 401 page can be customized similarly to the 404 page. In general this is a major cleanup of how authentication is done. Much better. One backwards incompat change here. Fabian Renamed yaws_401.erl to yaws_outmod.erl, which is probably a better name considering it's current use(it also displays the crashmsg). We need some better docs describing authentication !!!
add date header to OPTIONS response (Steve)
fix badmatch calling yaws_server:suffix_type from yaw_server:do_url_type when dav is true (Steve)
Added fix and tests for github issue #2. Handle zero values for max_num_cached_files, max_num_cached_bytes, and max_size_cached_file to prevent infinite loops. (Steve)
modify time_to_string to avoid slow io_lib:format (Steve)
added sendfile check for Darwin, since no sendfile is available on OS X Tiger (Steve)
document rss_dir (Steve)
add ets-based yapp registry implementation for cases where mnesia is overkill (Steve)
Fixed so that the HTTP status is set to 401 explicitly in yaws_server:handle_ut(...), previously out401 needed to return {status, ...} or status would default to 200. (Fabian Alenius)
Moved the Yaws repository to www.github.som. See instructions at yaws.hyber.org/configuration.yaws on how to git clone Yaws. This is the first yaws release out of the github repo. The default Yaws wiki previously found at yaws.hyber.org/wiki has been moved to the wiki at github. New address of wiki is wiki.github.com/klacke/yaws. The previous (Erlang based wiki written by Johan Bevemyr) turned ... well unmodern, and was also plagued by spammers.
Several cleanups by Hans Ulrich Niedermann, file perms, speling errors etc.
remove leading slash in yapp_appmods examples (Tom McNulty)
Add DIME support for SOAP Anders Nygren
patch by Jouni Ryno finding broken fdsrv support
Two patches by Joseph Wayen Norton, one dbg-bug and one providing better cookie support for yaws sesssions
When yaws_ctl checks the CTL file to see if any current instance is running, check the socket opened to the port read from the CTL file to verify that the ephemeral port for that socket is not the same as the port read from the CTL file. This avoids a false positive caused by connecting the socket to its own port. (Steve Vinoski)
cleaned up the redirect feature. It was poorly implemented and poorly documented. This fix is backwards compatible for users using redirect in confd.conf. However, it is NOT backwards compatible for embedded users that specify the redirect_map explicitly in their #sconf{} records. The required changes for embedded users should be evident from the code. The new required format is documented in the code where #sconf{} is defined (klacke)
Full windows support with a proper .exe Windows installer (klacke)
Added a timestamp check on the ssl cert/key files making it possible to just upload new cert/key files and do yaws --hup to automatically have the new cert/key files being used (klacke)
Disgusting DOS attack discovered by Manuel Duran Aguete whereby if a neverendig series of headers are sent to yaws, we die of out of memory. Actual attack not described here. Contact me (klacke) if you're interested in the details and want a backport patch. I'm not really sure this is indeed the right procedure for announcing a DOS bug. (First time !!!)
init_db patch cleanup by Liu Yubao
patch by Liu Yubao to remove timeout in ssl accept
add pkg-config support contributed by Olivier Girondel
add --disable-sendfile option to configure, fix src/Makefile to clean yaws_configure.hrl (Steve)
set HEART_COMMAND to allow a maximum of 5 restarts within any 60 second period (Steve)
patch for queryparts that contain a question mark
Document the --wait-started option for the yaws script (Steve)
Fix the yaws script to allow --id ID to be passed after --wait-started (Steve)
Allow optional wait time to be specified to yaws via --wait-started=
added kpoll as default
fix sendfile socket fd handling problems on 64-bit platforms (Steve)
cygwin build patch by Davide marques
stream content with a timeout patch from Davide Marques
traffic trace was broken for certain types of requsts - found by wde
This release fixes the completely broken 1.78 release. So at last, we have good sendfile support.
traffic trace was broken for certain types of requsts - found by wde
Fixed several sendfile related bugs (vinoski)
Improved yaws supervision structure (klacke)
apply case-insensitive servername comparison patch from John Webb
Added --wait-started option to the yaws script (klacke)
Added initial test suites (klacke)
wrap log infinity bug found bt Phanikar.K
allow keys with multiple values within opaque data
fix handling of any existing listen_opts when reading listen_backlog conf variable (vinoski)
incorporate Lev Walkin's patch for a configurable TCP listen backlog, adding yaws.conf support and documentation as well (vinoski)
Added sendfile support, Works on Linux, FreeBSD and MacosX (vinoski)
patch by wde@free.fr to let errormod_crash return {content, MimeType, Cont}
added support/docs for authbind/privbind (klacke)
handle 100 continue with POST patch by Haobu Yu
configure/latex support and also slightly nicer listdir output by Hans Ulrich Niedermann
better soap docs by Stu Bailey
haxe serialization patch by Tomas Abrahamsson
proc dict/proc_lib patch by Magnus F
mime type patch by Tomas Abrahamsson
POST patch for .yaws files (submitted by Tomas Abrahamsson)
Several new MIME types added (vinoski)
patch from magnus Froberg addressing a sync issue with add-sconf, e.g. dynamic updates that manifested itself when add_sconf was run several times in a row in certain scenarios.
Implement special handling of the '*' URI for the OPTIONS method as specified in RFC2616 section 9.2. (vinoski)
Added more thorough support for the HTTP OPTIONS method. For "active" applications such as appmods and yapps, the OPTIONS method is delivered through to the application for processing. For "passive" resources such as files and directories, OPTIONS returns a canned response just as before. (vinoski)
added redirect_self() to yaws_api (klacke)
yaws.rel.src was missing and better error printuts when yaws.conf is missing, patch by Vance Shipley
solaris patch by Vance Shipley
name of a file sent in a multipart request contains quotes, I get a crash pathh by Michael Slaski
Blindly applied soap patch from Vance shipley addressing ... which causes operations to be missed when there are more than one port type in a WSDL.
file descriptor leak found by John Fessenden
modified patch by Robert David to add a hook to yaws session server when a session is gone
Vance Shipley patch to correct error handling in yaws_soap_lib
Content-Length chunked patch by Oleg Avdeev
eaccess typos in confd_ctl.erl - Sergei Golovan
added support for weird utf8 urlencoding
Added the cygwin README by Bill Robtersson
Added a 'make release' target in the top makefile. The release file picks up the versions of installed applications (erts,kernel, stdlib, sasl and mnesia). The product of this is a release package file (e.g. yaws-1.77.tar.gz) which can be installed on an embedded system using the SASL application release_handler. (Vance Shipley)
added mnesia_dir support to the gconf record as per patch BY Richard Bucker
The supervisor args were wrong, yaws shall have 1,0 restart strategy. This may break some backwards compat. Sites that ues yaws embedded need to check this.
Added debug dump functionality (klacke)
cygwin install patch by Bill Robertsson
Adding files for Erlware. A very rough packaging of 1.76 has been released at erlware.org. See the doc/overview.edoc for more details. (tobbe)
Major general code cleanup, finally got rid of all the export_all statements and in that process removed a bit of code that wasn't used (klacke)
Better timeout support in yaws-session_server
{page, P} patch by Robert David that handles better the case with a browser POST request
patch by oleg avdeev for CRNL in revproxy
embedded startup problem solved by Anders Nygren
Make crashmsg set status code 500
Patch from Lev Walkin to pass HTTP_REFERER as well as the HTTP_IF headers to the cgi script
Untabified all code. This is the right thing (TM) I've finally realized after programming for some 20 years with TABS in the files. (klacke)
redhat /etc/init patch by Steve Vinoski
quote patch for mnesiadir by Richard Bucker
Added CGI documentation including a new page yaws.hyber.org/cgi.yaws (klacke)
Several cleanups due to dialyzer, also moved the control file into users HOME directory so that we don't have the problem of writing in /var when we're running as non-root
Adding support for: imports in the WSDL and support for more than one schema in the WSDL. Committed on behalf of: Willem de Jong.
CGI should not just because it sees a Location: header do a 302, it is up the CGI script to set the correct status code (Sebastian strollo)
Added some rudimentary docs in yaws.conf.5 for virtual directories. A feature added some time ago by Julian Noble, but never properly documented. (klacke)
Better id handling for embedde startup (Klacke)
Reintroduced the SPNEGO/GSSAPI auth support by Mikael Magnusson
rpc patch by adam.boz@gmail.com
updated yapp documentation and startup sequence of yapp to avoid deadlock situation when yapp is inncluded in other applications .app files. (Micke)
patch to make ssi work inside the crash handler from Michael FIG
tidy up patch by Richard Buckner
Logging work by Richar Bucker to make yaws work nice together with normal UNIX logrotate.
race condition on update counter for a page, a pagecounter could be removed by another process
Fixed a problem with heart restarting Yaws in a loop.
Fixed a couple of problems with Yaws terminating on purpose when accept() fails.
A bindings patch from Richard Bucker.
silently discard traffic which isn't even HTTP.
multivalued queryval/postval patch by yinso chen
Sloppy ssl bug found by John Webb
Even more bad properties found. Now all png, gif and wob (those are for the wiki) files have svn:mime-type application/octet-stream and no other properties. Finally fixed I hope.
Lots of broken png anf gif files found in the wiki due to the cvs->svn conversion (klacke)
Regular bugfix and small feature release.
Revproxy bug found by igor goryachev.
Started to use the new ssl:transport_accept() function, when accept fails, We now fail yaws entirely and it needs to be restarted by its supervisor or heart. If we have filedescriptor leaks, even outside of yaws, there is no good thing to do when accept fails. (klacke)
A body message patch from Brian Templeton which cleaned up code and improved RFC 2616 compliance
Added HTTPS env variable for trac (klacke)
added x-javascript as a compressible mime type, patch by anthony shipman
added a dir_listing function in yaws_api (klacke)
fixed yapp dependencies to vdir handling, added local stylesheet and updated yapp_intro documentation (mikaelk)
Virtual Directory support. ARG record and CGI variable changes. This change by Julian Noble was quite extensive. The feature is still completely undocumented - thus it is still experimental.
Forgot to update configure after the patch to configure.in for ubuntu edgy users in 1.67
Patch by Julian Noble to pass auth info over the CGI interface.
Bugfix by Magnus Froberg: binding socket with fd_server now only listens to the specified IP address given in #sconf.listen
Bugfix release
Removed the urlc_total counter - it didn't provide info which was worth the price of having it - Also Chris NewCombe reported troubles with the counter. (klacke)
Added install of the priv/*.xsd files for the SOAP server (tobbe)
Fixing yaws_api:find_cookie_val/2 which was broken (tobbe)
Made the examples SOAP look prettier. (tobbe)
Adding missing description on call to yaws_soap_srv:setup/2. (tobbe)
patch from Dimitriy Kargapolov for tmpdir handling (klacke)
Bugfix by Fredrik Thulin: The (undocumented) http_uri:parse/1 return format was changed between Erlang/OTP R11B-1 and R11B-2. (tobbe)
Patch from Fredrik Thulin to make setuid_drv work better under ubuntu where gcc with some stack smashing tech is used to build, then we cannot use ld, we need to use ggc to greate the shared object.
Appmod didn't work properly. Should be fixed now again !!!!!
RSS The generated content was not valid RSS 2.0 content (tobbe)
added ability to have config files in several files, patch from Sergei Golovan.
Added call to callback function: M:F(cookie_expire) which is expected to return a proper cookie expire string. If non-existant, the default behaviour will prevail, i.e a session bases cookie lifetime. (tobbe)
Extending yaws_api:find_cookie_val/2 to accept