https://www.hiawatha-webserver.org/changelog
--------------------------------------------
hiawatha (10.8.4) stable; urgency=high
Bugfix: Directory traversal when AllowDotFiles is enabled.
-- Hugo Leisink <hugo at leisink.net> Tue, 12 Feb 2018 21:37:04 +0100
init script updated to new OpenRC style
'need net' does not work in LXC containers so changed to 'need firewall'
CMAKE option ENABLE_SSL was not used so removed. SSL connections still work
without it.
Changelog since 9.1:
hiawatha (9.6) stable; urgency=medium
Logfile rotation for access logfiles.
HTTP Strict Transport Security header made optional for RequireSSL.
Support for chunked transfer encoded requests (not for PUT).
Support for improved server statistics in Hiawatha Monitor.
The Hiawatha Monitor is now supported without the need for XSLT.
PolarSSL updated to version 1.3.7.
A few bugfixes as reported by Coverity.
Bugfix: SQL injection detection was broken since 8.6.
Bugfix: XSS detection didn't work for reverse proxy.
Small bugfixes.
hiawatha (9.5) stable; urgency=low
Added support for CGI statistics in Hiawatha Monitor.
MonitorRequests and MonitorStatsInterval option removed.
Added support for Origin HTTP header to prevent CSRF.
EnforceFirstHostname option added.
ScriptAlias option added.
PolarSSL updated to version 1.3.6.
Dropped support for PolarSSL 1.2.
hiawatha (9.4) stable; urgency=low
Keep-Alive connections for reverse proxy made optional.
ErrorXSLTfile option added.
IgnoreDotHiawatha option added.
RandomHeader option added.
Dropped support for RC4.
PolarSSL updated to version 1.3.4.
Added support for Hyper Text Coffee Pot Control Protocol (RFC2324).
Added SSL_CIPHER to CGI environment.
Added Public/Private to UrlToolkit expire option.
Small improvements.
hiawatha (9.3.1) stable; urgency=low
Several bugfixes in reverse proxy.
hiawatha (9.3) stable; urgency=low
PolarSSL updated to version 1.3.2.
Added support for Elliptic Curve Cryptography.
TunnelSSH option added.
AnonymizeIP option added. Thanks to Klemens Scholhorn.
Keep-alive connections for reverse proxy.
Small improvements.
hiawatha (9.2) stable; urgency=low
Added support for compiling Hiawatha against the system's default version (>=1.2.0) of the PolarSSL library.
PolarSSL updated to version 1.2.8.
Small bugfixes (memory leaks in error situations).
Bugfix: virtual hostname selection for IPv6 with non-standard port.
