hiawatha (4.3.2) stable; urgency=medium

  * Bugfix: client/time information missing in unbanned-logmessage.

 -- Hugo Leisink <hugo@leisink.net>  Tue,  6 Jun 2006 21:10:55 +0200

hiawatha (4.3.1) stable; urgency=high

  * Bugfix: HTTP authentication was broken.

 -- Hugo Leisink <hugo@leisink.net>  Mon, 15 May 2006 10:12:55 +0200

hiawatha (4.3) stable; urgency=low

  * Speed improvement (real improvement for static content).
  * Reason for 403 HTTP error added to access logfile (not for wrapped CGIs).
  * X-Forwarded-For header field also used for AccessList.
  * Code cleanup: Uniform variablename format.
  * Bugfix: removed double Content-Type for HTTP error messages.
  * Small bugfixes.

 -- Hugo Leisink <hugo@leisink.net>  Thu, 07 May 2006 23:03:37 +0200

hiawatha (4.2) stable; urgency=low

  * Seperate keyfile for every SSL binding.
  * ErrorLogfile option added.
  * LogFile option renamed to AccessLogfile.
  * Prevention of command injection. PreventCMDi and BanOnCMDi options added.
  * Seperate manualpage for the CGI-wrapper: cgi_wrapper(1).

 -- Hugo Leisink <hugo@leisink.net>  Thu, 23 Feb 2006 19:57:14 +0100

hiawatha (4.1) stable; urgency=low

  * Chroot functionality for wrapped CGIs.
  * New section boundaries (section{...}).
  * Bugfix: fixed ImageReferer for HTTPS connections.
  * Bugfix: directories with the beginning of its name equal to an Alias now
    accessible again.
  * Small bugfixes.

 -- Hugo Leisink <hugo@leisink.net>  Sun, 22 Jan 2006 16:31:24 +0100

hiawatha (4.0) stable; urgency=low

  * BindHTTP and BindHTTPS options replaced by Binding sections.
  * CGI-wrapper replaced the HostId options. See the CGI WRAPPER section in
    the manualpage for more information.
  * TimeForRequest option improved.
  * ServerId option improved.
  * BanOnTimeout option added.
  * ReconnectDelay option added.
  * Improved FollowSymlink check: symlinks are always followed if they stay
    inside the webroot.
  * Number of bytes sent per request added to the requestlog.
  * Configuration-reload removed. Gave to much trouble.
  * Customizable stylesheet for directory listings. IndexStyle option added.
  * New layout for the errormessages.
  * Small bugfixes.

 -- Hugo Leisink <hugo@leisink.net>  Tue, 18 Dec 2005 21:04:37 +0100

hiawatha (3.7) stable; urgency=low

  * SSLv2 has been removed from HTTPS. Only SSLv3 en TLSv1 are available.
  * HomedirSource option added.
  * Multiple presence of BindHTTP, BindHTTPS, AccessList, BanlistMask
    and LogfileMask in configurationfile now allowed.
  * get_hostrecord() rewritten: the wildcard in the Hostname now also matches
    the domainname. Example: 'Hostname = www.domainname.com, *.domainname.com'
    now also matches 'http://domainname.com/'.
  * RequireBinding option renamed to RequiredBinding. RequireBinding has become
    a temporary alias.
  * TRACE method added. EnableTRACE option added.
  * Small bugfixes and improvements.

 -- Hugo Leisink <hugo@leisink.net>  Tue, 12 Nov 2005 22:36:06 +0100

hiawatha (3.6.1) stable; urgency=medium

  * HTTP_GENERATED_ERROR environment variable added for ErrorHandler.
  * ErrorHandler from a Virtual Host ignored when handling a userwebsite.
  * Bugfix: gzip Content-Encoding was broken.
  * Bugfix: logfile got flooded with warnings in case of a configuration reload
    and an error in the configurationfile.

 -- Hugo Leisink <hugo@leisink.net>  Tue, 23 Aug 2005 08:45:43 +0200

hiawatha (3.6) stable; urgency=medium

  * Prevention of SQL injection. PreventSQLi and BanOnSQLi options added.
  * Prevention of cross-site scripting. PreventXSS option added.
  * Alias option added.
  * FollowSymlinks option added.
  * Use of variables in configurationfile via 'set'.
  * Path option changed, PathMatch option removed.
  * Removal of dangerous characters (ASCII-values 0..31) from the URL.
  * Manualpage updated.
  * Improved Debian package.
  * Small bugfixes and improvements.
  * Bugfix: filethrottling and UploadSpeed were broken.

 -- Hugo Leisink <hugo@leisink.net>  Sun, 14 Aug 2005 18:43:57 +0200

hiawatha (3.5) stable; urgency=low

  * HTTP_CLIENT_IP and HTTP_VIA variable passed thru to CGI programs.
  * Case-insensitive HTTP-header matching.
  * Small bugfixes.

 -- Hugo Leisink <hugo@leisink.net>  Sat, 16 Apr 2005 22:31:14 +0100

hiawatha (3.4) stable; urgency=low

  * Specify the returncode of an ErrorHandler.
  * DenyBot option added.
  * BindHTTP and BindHTTPS options added (BindAddress option has been removed).
  * ServerPort and SSLPort have become an alias for BindHTTP and BindHTTPS.
  * RequireBinding option added.
  * CGIextension and CGIhandler options updated.
  * Include dependencies re-organized.
  * BSD autoconf errors fixed (Thanks to Sander Niemeijer).

 -- Hugo Leisink <hugo@leisink.net>  Sun, 23 Jan 2005 22:36:13 +0100
 
hiawatha (3.3) stable; urgency=low

  * CGIhandler option added (PHPextension, PHPprogram and ExecutePHP options
    have been removed).
  * Support for HTTP/1.0 proxies (No chunked Transfer-Encoding, so no
    keep-alive connections for CGI).
  * Username of HTTP authentication logged.
  * Escape characters removed from logfile.
  * BanlistMask option added.
  * LogAccess option renamed to LogfileMask.
  * HTTP pipelining support.
  * Bugfix: GarbageLogfile was not created on startup.
  * Bugfix: removed double Content-Type for CGI ErrorHandler.

 -- Hugo Leisink <hugo@leisink.net>  Fri, 26 Nov 2004 00:16:40 +0100

hiawatha (3.2) stable; urgency=medium

  * Gentoo ebuild script.
  * Bugfix: incorrect Chunked Transfer-Encoding.
  * Bugfix: wrong hostname on 301.

 -- Hugo Leisink <hugo@leisink.net>  Wed,  3 Nov 2004 18:51:52 +0100

hiawatha (3.1) stable; urgency=low

  * Small bugfixes and improvements.
  * Start and stop script (extra/hiawatha).
  * CommandChannel made optional.
  * ServerString moved from host to main section in the configuration file.
  * Compile errors fixed (under Cygwin for example).
  * Bugfix: SERVER_PORT was set to ServerPort instead of SSLPort on HTTPS
    connections.
  * Bugfix: 301 via HTTPS used ServerPort instead of SSLPort.

 -- Hugo Leisink <hugo@leisink.net>  Mon, 20 Sep 2004 00:12:30 +0200

hiawatha (3.0) stable; urgency=low

  * SSL support: SSLPort, ServerKey and RequireSSL option added.
    (Many thanks to Denis de Leeuw Duarte).
  * SetEnvir option added.
  * RequiredGroup option added.
  * Case-insensitive configuration options.
  * Directory independent installation support.
    (Many thanks to Sander Niemeijer).

 -- Hugo Leisink <hugo@leisink.net>  Wed,  1 Sep 2004 23:54:46 +0200

hiawatha (2.8) stable; urgency=low

  * gzip Content-Encoding support (see manpage for more information).
  * BanOnMaxReqSize option added.
  * Some 400 and 413 returncode fixes.
  * Garbage log for 400.
  * Faster restart.
  * Configuration reload stable (USR1 signal).
  * Small bugfixes and improvements.

 -- Hugo Leisink <hugo@leisink.net>  Thu, 26 Aug 2004 18:28:17 +0200

hiawatha (2.7) stable; urgency=low

  * RequestBuffer option added.
  * Binary upload support.
  * AccessList option improved with 'pwd'.
  * Bugfix: incorrect Content-Length for HTTP code screens.

 -- Hugo Leisink <hugo@leisink.net>  Wed, 18 Aug 2004 12:32:40 +0200

hiawatha (2.6) stable; urgency=low

  * log.c rewritten.
  * Connect attempts during ban counted (to prefent long logfiles).
  * Bugfix: netmask 0 for AccessList didn't work.
  * Bugfix: Directory record ended configfile.

 -- Hugo Leisink <hugo@leisink.net>  Fri,  6 Aug 2004 15:37:46 +0200

hiawatha (2.5) stable; urgency=high

  * Range header field (single range support).
  * 206 Partial Content.
  * 416 Requested Range Not Satisfiable.
  * Date header field.
  * Modified-Since header field.
  * Bugfix: memory-leak fixed (free(error_line) in target.c).
  * Bugfix: thread-record problem fixed.

 -- Hugo Leisink <hugo@leisink.net>  Mon, 26 Jul 2004 09:09:18 +0200

hiawatha (2.4.1) stable; urgency=medium

  * Bugfix: use of <Directory> without UploadSpeed always resulted in a 503.
    (Thanks to Stefan Thoolen).

 -- Hugo Leisink <hugo@leisink.net>  Mon, 24 May 2004 13:38:06 +0200

hiawatha (2.4) stable; urgency=high

  * 503 Service Unavailable.
  * Access option removed.
  * AccessList option added.
  * AccessLog option added.
  * BindAddresses option added.
  * GarbageLogfile option added.
  * ImageReferer option added.
  * PathMatch option added.
  * UploadSpeed option extended.
  * Global change: extention -> extension.
  * exePHP/CGI option renamed to ExecutePHP/CGI.
  * Bugfix: only the first Directory record could be used.
  * Bugfix: If-Modified-Since time converted to GMT.
  * Bugfix: filedescriptor to .hiawatha left open.

 -- Hugo Leisink <hugo@leisink.net>  Fri, 16 Apr 2004 23:29:09 +0100

hiawatha (2.3.2) stable; urgency=low

  * Include option added.
  * Log requestresult code.
  * Code improvement.

 -- Hugo Leisink <hugo@leisink.net>  Sun, 28 Mar 2004 23:03:09 +0100

hiawatha (2.3.1) stable; urgency=low

  * Extra CGI environment variables.
  * Bugfix: incorrect Content-Type for multipart/form-data CGI data.
  * Bugfix: pidfile problem.

 -- Hugo Leisink <hugo@leisink.net>  Sun, 28 Mar 2004 12:33:06 +0100

hiawatha (2.3) stable; urgency=low

  * OPTIONS method improved.
  * A .hiawatha configurationfile will also be active in all the
    subdirectories.
  * CGI errors are logged to the SystemLogfile.
  * PHPextension option added.
  * ServerName option renamed to Hostname.
  * ReconnectDelay option renamed to BanOnMaxPerIP.
  * BanOnGarbage option added.
  * BanOnFlooding option added.
  * KickOnBan option added.
  * Manualpage updated.
  * Small bugfixes.

 -- Hugo Leisink <hugo@leisink.net>  Wed, 24 Mar 2004 20:10:17 +0100

hiawatha (2.2) stable; urgency=low

  * Improved directory listing (ShowIndex) and errorcode layout.
  * 405 response for PUT, DELETE, TRACE and CONNECT methods changed to 501
    Method Not Implemented.
  * POST request for a non CGI script results in a 405.
  * If-Modified-Since and If-Unmodigied-Since header fields.
  * 304 Not Modified.
  * 408 Request Timeout.
  * 412 Precondition Failed.

 -- Hugo Leisink <hugo@leisink.net>  Wed, 17 Mar 2004 20:25:50 +0100

hiawatha (2.1.1) stable; urgency=high

  * Bugfix: HTTP Basic authentication fixed. Also full path for
    PasswordFile allowed in chroot environment.

 -- Hugo Leisink <hugo@leisink.net>  Sun, 14 Mar 2004 11:58:56 +0100

hiawatha (2.1) stable; urgency=high

  * CommandChannel.
  * UserWebsite option added. (UserDirectory option removed, userwebsites.conf
    added to /etc/hiawatha).
  * UploadSpeed option for Directory sections added.
  * Improved error checking.
  * Traffic throttling for CGI scripts.
  * SystemLogfile option added.
  * Bugfix: CONTENT_LENGTH was set incorrectly for POST requests.
  * Bugfix: reloading throttleconfiguration.
  * Bugfix: zombie CGI scripts. A kill (9) signal is send to all CGI processes
    after finishing. Just to be sure. :)
  * Small bugfixes.

 -- Hugo Leisink <hugo@leisink.net>  Thu, 11 Mar 2004 18:11:26 +0100

hiawatha (2.0) stable; urgency=low

  * Multi-threading instead of forking
    (Many thanks to Sander Niemeijer).
  * Configuration reloading (USR1 signal).
  * Disconnect all clients (USR2 signal).
  * Mimetype and throttletype checking case unsensitive.
  * Improved URI checking.
  * run_script() rewritten: faster and bugfix (also using select()).
  * ServerId option added.
  * UserId and GroupId option combined to HostId.
  * Access option for Directory sections added.
  * Some code improvements.
  * Small bugfixes.

 -- Hugo Leisink <hugo@leisink.net>  Sun,  7 Mar 2004 14:51:27 +0100

hiawatha (1.7) stable; urgency=low

  * nanny_thread() removed. select() timeout used to check childs.
  * fetch_request() rewritten: it's much faster now (using select()).
  * RootDirectory option renamed to WebsiteRoot.
  * ServerRoot option added (Hiawatha will chroot() to that directory).

 -- Hugo Leisink <hugo@leisink.net>  Sat, 24 Feb 2004 14:06:53 +0100

hiawatha (1.6.1) stable; urgency=medium

  * Source-plugin support.
  * Bugfix: problem with reading directory configurationfile (.hiawatha).
  * Bugfix: several realloc() fixes.
  * Bugfix: config->directory set to NULL on init.

 -- Hugo Leisink <hugo@leisink.net>  Tue, 26 Jan 2004 10:13:26 +0100

hiawatha (1.6) stable; urgency=low
  
  * URL checked for special characters (%20 = ' ', etc).
  * Remarks on every line in configuration file allowed.
  * Added some MIME-types.

 -- Hugo Leisink <hugo@leisink.net>  Fri, 19 Dec 2003 13:23:08 +0100

hiawatha (1.5.1) stable; urgency=high

  * Bugfix: CGI server hang-up bug fixed.
  * ServerString option added.

 -- Hugo Leisink <hugo@leisink.net>  Mon, 15 Sep 2003 11:13:12 +0100

hiawatha (1.5) stable; urgency=low

  * Improved 301: first ServerName may now contain a wildcard.
  * 302 Found (when a CGI script prints Location).
  * 413 Request Entity Too Large.
  * CGI scripts can now output binary data.
  * Automake script (Many thanks to Sander Niemeijer and Denis de Leeuw
    Duarte). Compilation tested on FreeBSD and MacOS X.
  * Small bugfixes.

 -- Hugo Leisink <hugo@leisink.net>  Sun, 17 Aug 2003 14:13:17 +0100

hiawatha (1.4) stable; urgency=low

  * Multiple ServerName options.
  * Wildcard allowed in ServerName.
  * Ownership logfiles set to UserId:GroupId from configurationfile.
  * Small bugfixes.

 -- Hugo Leisink <hugo@leisink.net>  Tue, 22 Jul 2003 09:44:12 +0100

hiawatha (1.3) stable; urgency=low

  * <Directory> settings.
  * Flooding protection.
  * Volatile object support.
  * Bugfixes: some potential segmentation faults.

 -- Hugo Leisink <hugo@leisink.net>  Thu, 17 Oct 2002 20:40:00 +0100

hiawatha (1.2) stable; urgency=low

  * <VirtualHost> settings.
  * Check for errors in configurationfile.
  * Manpage updated.

 -- Hugo Leisink <hugo@leisink.net>  Sat, 28 Sep 2002 18:13:21 +0100

hiawatha (1.1.1) stable; urgency=high

  * Bugfix: server lock-up for POST request with Content-length = 0
    (Thanks to Frans Dondorp).

 -- Hugo Leisink <hugo@leisink.net>  Thu, 26 Sep 2002 10:46:55 +0100

hiawatha (1.1) stable; urgency=low

  * Traffic throttling.

 -- Hugo Leisink <hugo@leisink.net>  Sat, 21 Sep 2002 23:04:19 +0100

hiawatha (1.0) stable; urgency=low

  * 405 Method not allowed.
  * 505 HTTP version not supported.
  * Logrotate script added to the package.
  * Bugfix: no Content-type for directorylisting.
  * Bugfix: chunks didn't end with CRLF.
  * Bugfix: a PHP script couldn't be used as an ErrorHandler.
  * Bugfix: logfile problem.
  * Bugfix: StartFile from .hiawatha didn't work.

 -- Hugo Leisink <hugo@leisink.net>  Thu, 17 Sep 2002 18:12:35 +0100

hiawatha (1.0b) stable; urgency=low

  * HTTP Basic authentication & authorization.
  * 401 Unauthorized.
  * Support for PHP.
  * Chunked Transfer-encoding.
  * Directorylisting in HTML for directories without a startfile.
  * Main request-handling routine splitted in seperate functions.
  * parse_request() rewritten.
  * Bugfix: setuid() security issue fixed.
  * Some minor bugfixes.

 -- Hugo Leisink <hugo@leisink.net>  Thu, 16 Sep 2002 23:21:26 +0100

hiawatha (0.9) stable; urgency=low

  * Keep-alive connections.
  * Some minor bugfixes.

 -- Hugo Leisink <hugo@leisink.net>  Thu,  5 Sep 2002 19:36:04 +0100

hiawatha (0.8) stable; urgency=low

  * Size HTTP request limited to 64 kilobytes.
  * Better Content-Length handling for incoming HTTP requests.
  * Number of connections per IP address can be limited.
  * Filelock on logfile.
  * More actions are being logged.
  * Manpage added to the package.
  * Finally got rid of the root group. :)
  * User configurationfile.
  * Bugfix: When the ErrorHandler was set a 301 error was not returned
    correctly.
  * Some minor bugfixes.

 -- Hugo Leisink <hugo@leisink.net>  Fri, 28 Jun 2002 11:55:26 +0100

hiawatha (0.7.1) stable; urgency=low

  * Bugfix: the local IP address was logged instead of the remote IP address.
  * Bugfix: when CGI was disabled and the ErrorHandler was needed, the server
    crashed.

 -- Hugo Leisink <hugo@leisink.net>  Wed, 19 Jun 2002 11:55:26 +0100

hiawatha (0.7) stable; urgency=low

  * StartFile added to the configurationfile.
  * ErrorHandler added to the configurationfile.
  * The number of total connections can be limited.
  * The processortime for a CGI process can be limited.
  * Cookie support.
  * HTTP_USER_AGENT, HTTP_X_FORWARDED_FOR and HTTP_REFERER variables are passed
    thru to a CGI script.
  * Bugfix: the zombie problem has been fixed.
  * Bugfix: child quits when client disconnects.

 -- Hugo Leisink <hugo@leisink.net>  Wed, 19 Jun 2002 10:33:41 +0100

hiawatha (0.6) stable; urgency=low

  * 400 Bad request.
  * HEAD method added.
  * POST method added.
  * OPTIONS method added.
  * User directories.
  * Improved security.

 -- Hugo Leisink <hugo@leisink.net>  Sat, 18 May 2002 13:57:50 +0100

hiawatha (0.5) stable; urgency=low

  * Content-type header field (Mimetypes).
  * Logfile.

 -- Hugo Leisink <hugo@leisink.net>  Thu, 16 May 2002 12:41:28 +0100

hiawatha (0.4) stable; urgency=low

  * Server can execute scripts.
  * Server information in header.
  * 403 Forbidden.
  * 500 Internal server error.

 -- Hugo Leisink <hugo@leisink.net>  Thu, 18 May 2002 13:57:50 +0100

hiawatha (0.3) stable; urgency=low

  * 200 OK.
  * 301 Redirect.
  * 404 File not found.

 -- Hugo Leisink <hugo@leisink.net>  Sat, 27 Apr 2002 17:21:42 +0100

hiawatha (0.2) stable; urgency=low

  * Configurationfile (/etc/hiawatha.conf).

 -- Hugo Leisink <hugo@leisink.net>  Sat, 20 Apr 2002 18:48:09 +0100

hiawatha (0.1) stable; urgency=low

  * Initial release.
  * GET method implemented.

 -- Hugo Leisink <hugo@leisink.net>  Sun, 27 Jan 2002 12:06:10 +0100
