1 Inets Release Notes

1.1  Inets 6.4.5

Fixed Bugs and Malfunctions

  • CGI environment variable CONTENT_LENGTH shall be a string

    Own Id: OTP-14679

  • In relaxed mode disregard Content-Length header if there is also a Transfer-Encoding header.

    Own Id: OTP-14727

  • Eliminated race condition, that could cause http request to sporadically fail to complete successfully, when keep-alive connections are used.

    Own Id: OTP-14783

1.2  Inets 6.4.4

Fixed Bugs and Malfunctions

  • Correct the handling of location headers so that the status code is not hard coded. This should have been fixed by commit 2cc5ba70cbbc6b3ace81a2a0324417c3b65265bb but unfortunately was broken during a code refactoring and unnoticed due to a faulty placed test case.

    Own Id: OTP-14761

1.3  Inets 6.4.3

Improvements and New Features

  • Fix broken handling of POST requests

    New chunk mechanism of body data in POST requests added in 5d01c70ca399edf28e99dc760506329689fab6ba broke handling of POST body data not using the new mechanism.

    Own Id: OTP-14656

  • Make sure ints:stop/2 of the service httpd is synchronous

    Own Id: OTP-14696

  • Honor status code returned by ESI script and modernize "location" header handling.

    Own Id: OTP-14716

1.4  Inets 6.4.2

Fixed Bugs and Malfunctions

  • Make sure mod_log uses the correct status code

    Own Id: OTP-14510

  • Correct behaviour of mod_disk_log to proparly handle repair options

    Own Id: OTP-14530

1.5  Inets 6.4.1

Fixed Bugs and Malfunctions

  • http_uri aligned to follow RFC 3986 and not convert "+" to space when decoding URIs.

    Own Id: OTP-14573

Improvements and New Features

  • Added new option max_client_body_chunk to httpd server to allow chunked delivery of PUT and POST data to mod_esi callback. Note, new mod_esi callback implementation is required.

    Also correct value provided by server_name environment variable

    Own Id: OTP-14450

1.6  Inets 6.4

Fixed Bugs and Malfunctions

  • httpd_util:rfc1123_date/1 gracefully handle invalid DST dates by returning the original time in the expected rfc1123 format.

    Own Id: OTP-14394

Improvements and New Features

  • Add unicode binary support to http_uri functions

    Own Id: OTP-14404

  • httpc - Change timeout handling so the redirects cause a new timer to be set. This means that a simple redirected request could return after 2*timeout milliseconds.

    Own Id: OTP-14429

1.7  Inets 6.3.9

Fixed Bugs and Malfunctions

  • The close of a chunked file reception crashed in a certain timing sequence.

    Own Id: OTP-14391 Aux Id: seq13306

1.8  Inets 6.3.8

Improvements and New Features

  • Added missing release note for inets-6.3.7

    Own Id: OTP-14383

1.9  Inets 6.3.7

Fixed Bugs and Malfunctions

  • Fixed a bug in ftp that made further operations after a recv_chunk operation impossible.

    Own Id: OTP-14242

  • Make default port, 80 and 443, implicit in automatic redirection.

    Own Id: OTP-14301

1.10  Inets 6.3.6

Fixed Bugs and Malfunctions

  • Chunk size decoding could fail. The symptom was that chunk decoding sometimes failed depending on timing of the received stream. If chunk size was split into two different packets decoding would fail.

    Own Id: OTP-13571 Aux Id: ERL-116

  • Prevent httpc user process to hang if httpc_handler process terminates unexpectedly

    Own Id: OTP-14091

  • Correct Host header, to include port number, when redirecting requests.

    Own Id: OTP-14097

  • Shutdown gracefully on connection or TLS handshake errors

    Own Id: OTP-14173 Aux Id: seq13262

1.11  Inets 6.3.5

Fixed Bugs and Malfunctions

  • Correct misstakes in ftp client introduced in inets-6.3.4

    Own Id: OTP-14203 Aux Id: OTP-13982

1.12  Inets 6.3.4

Fixed Bugs and Malfunctions

  • Fixes a bug that makes the ftp client end up in bad state if there is a multi line response from the server and the response number is in the message being sent.

    Own Id: OTP-13960 Aux Id: PR1196

  • The ftp client could stop consuming messages when the multiline response handling was corrected.

    Own Id: OTP-13967

  • Fix keep-alive https through proxy connections so that all requests, following the first one, will run as expected instead of failing.

    Own Id: OTP-14041

  • Fix bug from commit fdfda2fab0921d409789174556582db28141448e that could make listing of group members in mod_auth callbacks fail.

    Own Id: OTP-14082

Improvements and New Features

  • Update behavior of httpc:request to match RFC-7231

    Own Id: OTP-13902

  • Fixed dialyzer warnings as well as some white-space issues. Thanks to Kostis.

    Own Id: OTP-13982 Aux Id: PR-1207

1.13  Inets 6.3.3

Fixed Bugs and Malfunctions

  • The legacy option 'inet6fb4' for inets had stopped working. This bug has now been corrected. Fix by Edwin Fine in bugs.erlang.org ERL-200 and Github PR#1132.

    Own Id: OTP-13776 Aux Id: ERL-200 PR-1132

1.14  Inets 6.3.2

Improvements and New Features

  • PUT and DELETE support has been added to mod_esi

    Own Id: OTP-13688 Aux Id: seq13149

1.15  Inets 6.3.1

Fixed Bugs and Malfunctions

  • A debug message was accidently left enabled in the ftp client.

    Own Id: OTP-13712 Aux Id: seq13143

1.16  Inets 6.3

Fixed Bugs and Malfunctions

  • Ftp client fixes: 1) Corrected a bug that the ftp client gen_server crashed if the listening data socket was closed.

    2) Corrections of ftp client error codes so they are as defined in the reference manual

    Own Id: OTP-13644

Improvements and New Features

  • Remove usage of erlang:now().

    Own Id: OTP-12441

  • Add handling of DELETE Body to http client.

    Own Id: OTP-13383 Aux Id: PR-972

  • Removed references to mod_include and webtool from examples and tests.

    Own Id: OTP-13445 Aux Id: PR-988

  • Remove module inets_regexp. Module re should be used instead.


    Own Id: OTP-13561

1.17  Inets 6.2.4

Improvements and New Features

  • Handle multiple \t in mime types file

    Own Id: OTP-13663 Aux Id: seq13132

1.18  Inets 6.2.3

Improvements and New Features

  • Put back unused module inets_regexp and remove it in OTP 19 instead as it is an incompatibility, although it is an undocumented module and should not affect other applications.

    Own Id: OTP-13533

1.19  Inets 6.2.2

Improvements and New Features

  • Add environment information item peer_cert to mod_esi

    Own Id: OTP-13510

1.20  Inets 6.2.1

Fixed Bugs and Malfunctions

  • Mend ipv6_host_with_brackets option in httpc

    Own Id: OTP-13417

1.21  Inets 6.2

Fixed Bugs and Malfunctions

  • The TFTP client/server has been fixed to allow file sizes larger than 32MB block by allowing the 16 bit block counter to wrap. Since this is a commonly accepted behavior we regard it as a bug fix.

    Own Id: OTP-13403

Improvements and New Features

  • Handle HTTP PATCH method in client.

    Own Id: OTP-13286

  • Expected termination should not be logged as an application error.

    Own Id: OTP-13389

1.22  Inets

Fixed Bugs and Malfunctions

  • Mend ipv6_host_with_brackets option in httpc

    Own Id: OTP-13417

1.23  Inets 6.1.1

Fixed Bugs and Malfunctions

  • mod_alias now traverses all aliases picking the longest match and not the first match.

    Own Id: OTP-13248

1.24  Inets 6.1

Fixed Bugs and Malfunctions

  • Replace obs-folds with spaces instead of failing

    Own Id: OTP-13069

  • Add validation fun for URI scheme to http_uri API

    Own Id: OTP-13071

  • Handle stream bodies as documented.

    Own Id: OTP-13093

  • Correct error handling of mod_esi generated chunks. Send warning headers in chunk trailers instead of generating an unexpected additional 500 request response, when problems, such as a timeout occurs.

    Own Id: OTP-13110

  • HTTP client terminates gracefully when an invalid chunked length header is encountered.

    Own Id: OTP-13117

Improvements and New Features

  • Add default for SNI (Server Name Indication) when running https using the inets HTTP-client.

    Own Id: OTP-12985

  • Be forgiving to chunked sizes that have trailing whitespaces as prior implementation was. Also some legacy embedded devices does actually have trailing whitespaces even though this in not according to the spec.

    Own Id: OTP-13116

1.25  Inets 6.0.3

Fixed Bugs and Malfunctions

  • Improved error handling and gracfully termination when an invalid chunked length header is encountered.

    Own Id: OTP-13061

Improvements and New Features

  • Add possibility to set socket options, such as nodelay, for httpd. Also phase out legacy option value inet6bf4 for the ipfamily option. This value will be translated to the value inet.


    Own Id: OTP-13062

1.26  Inets 6.0.2

Fixed Bugs and Malfunctions

  • Avoid crash in mod_auth_server and mod_security_server due to using an atom instead of a string when creating a name.

    Own Id: OTP-13022

Improvements and New Features

  • Add function response_default_headers/0 to httpd customize API, to allow user to specify default values for HTTP response headers.

    Own Id: OTP-13013

1.27  Inets 6.0.1

Fixed Bugs and Malfunctions

  • Fix broken socket feature, that is on Linux systems a socket may be opened before starting Erlang and then passed to Erlang's httpd daemon. This is useful as the wrap program can open a privileged port and Erlang does not have to be run as root.

    Own Id: OTP-12875 Aux Id: seq12878

  • Fix broken socket feature, that is on Linux systems a socket may be opened before starting Erlang and then passed to Erlangs tftp daemon. This is useful as the wrap program can open a privileged port and Erlang does not have to be run as root.

    Own Id: OTP-12898 Aux Id: seq12900

  • httpc_handler should react properly to cancel requests even when the request to be canceled was already finished but httpc_manager did not get notified about that yet.

    Own Id: OTP-12922

Improvements and New Features

  • Added format_status function to httpd process to avoid sensitive information to be printed in supervisor logs.

    Own Id: OTP-12976

  • Return meaningful error reason disregarding whether a http proxy is used or not.

    Own Id: OTP-12984

1.28  Inets 6.0

Fixed Bugs and Malfunctions

  • Fix race condition in httpc. If the socket is closed by the peer do not try to close it again.

    Own Id: OTP-11845

  • Avoid process leak by gracefully terminating httpc request handler process when send operation fails.

    Own Id: OTP-12362

  • Reject messages with a Content-Length less than 0

    Own Id: OTP-12739 Aux Id: seq12860

  • Let gen_tcp:controlling_process/2 and inet_sctp:connect/[45] propagate prim_inet:setopt/3 errors instead of having them generate badmatch exceptions.

    Own Id: OTP-12798

Improvements and New Features

  • Remove Server Side Include support from inets, as this is an old technic that has security issues and was not well tested.


    Own Id: OTP-12156

  • New value in server_tokens config for limiting banner grabbing attempts.

    By setting {server_tokens, none} in ServiceConfig for inets:start(httpd, ServiceConfig), the "Server:" header will not be set in messages from the server.

    Own Id: OTP-12661 Aux Id: seq12840

  • To enable the HTTP server to run in a virtualized environment, where there can be more that one server that has the same ip-address and port, we add a new option profile.

    Own Id: OTP-12674

  • httpc: Fix implementation of gracefull shudown to work as intended for keep alive connections not using pipelining.

    Own Id: OTP-12803

  • Correct handling of proxy options when using persistent connections.

    Own Id: OTP-12822

1.29  Inets 5.10.9

Improvements and New Features

  • Add behaviour with optional callbacks to customize the inets HTTP server.

    Own Id: OTP-12776

1.30  Inets 5.10.8

Fixed Bugs and Malfunctions

  • Reject messages with a Content-Length less than 0

    Own Id: OTP-12739 Aux Id: seq12860

1.31  Inets 5.10.7

Improvements and New Features

  • New value in server_tokens config for limiting banner grabbing attempts.

    By setting {server_tokens, none} in ServiceConfig for inets:start(httpd, ServiceConfig), the "Server:" header will not be set in messages from the server.

    Own Id: OTP-12661 Aux Id: seq12840

1.32  Inets 5.10.6

Fixed Bugs and Malfunctions

  • inets: parse correctly 'Set-Cookie' header with empty value

    httpc_cookie should parse cookies with empty values and no attributes set in the 'Set-Cookie' headers.

    Own Id: OTP-12455

Improvements and New Features

  • Add parsing of URI fragments to http_uri:parse

    This fixes a bug in httpc where redirection URIs could lead to bad requests if they contained fragments.

    Own Id: OTP-12398

  • httpc: http client now ignores invalid set-cookie headers

    Own Id: OTP-12430

1.33  Inets 5.10.5

Fixed Bugs and Malfunctions

  • mod_alias now handles https-URIs properly

    Consistent view of configuration parameter keep_alive_timeout, should be presented in the httpd:info/[1,2] function in the same unit as it is inputted.

    Own Id: OTP-12436 Aux Id: seq12786

Improvements and New Features

  • Gracefully handle invalid content-length headers instead of crashing in list_to_integer.

    Own Id: OTP-12429

1.34  Inets 5.10.4

Fixed Bugs and Malfunctions

  • Fixed a spelling mistake in httpc documentation.

    Own Id: OTP-12221

Improvements and New Features

  • Add option {ftp_extension, boolean} to enable use of extended commands EPSV and EPRT, as specified in RFC 2428, for IPv4 instead of using the legacy commands. Ipv6 can not be supported without the extended commands.

    Own Id: OTP-12255

1.35  Inets 5.10.3

Fixed Bugs and Malfunctions

  • Fix some spelling mistakes in documentation

    Own Id: OTP-12152

Improvements and New Features

  • httpd: Seperate timeout for TLS/SSL handshake from keepalive timeout

    Own Id: OTP-12013

  • Warning: this is experimental and may disappear or change without previous warning.

    Experimental support for running Quickcheck and PropEr tests from common_test suites is added to common_test. See the reference manual for the new module ct_property_testing.

    Experimental property tests are added under lib/{inet,ssh}/test/property_test. They can be run directly or from the commont_test suites inet/ftp_property_test_SUITE.erl and ssh/test/ssh_property_test_SUITE.erl.

    See the code in the test directories and the man page for details.

    (Thanks to Tuncer Ayaz for a patch adding Triq)

    Own Id: OTP-12119

1.36  Inets 5.10.2

Fixed Bugs and Malfunctions

  • httpc: Fix streaming bugs when handling small responses

    Own Id: OTP-11992

1.37  Inets 5.10.1

Fixed Bugs and Malfunctions

  • Correct distirbing mode for httpd:reload_config/2

    Own Id: OTP-11914

Improvements and New Features

  • Improved handling of invalid strings in the HTTP request line.

    Impact: May improve memory consumption

    Own Id: OTP-11925 Aux Id: Sequence 12601

1.38  Inets 5.10

Fixed Bugs and Malfunctions

  • Fixed a spelling mistake in httpc doc (Thanks to Wasif Riaz Malik)

    Own Id: OTP-11538

  • Application upgrade (appup) files are corrected for the following applications:

    asn1, common_test, compiler, crypto, debugger, dialyzer, edoc, eldap, erl_docgen, et, eunit, gs, hipe, inets, observer, odbc, os_mon, otp_mibs, parsetools, percept, public_key, reltool, runtime_tools, ssh, syntax_tools, test_server, tools, typer, webtool, wx, xmerl

    A new test utility for testing appup files is added to test_server. This is now used by most applications in OTP.

    (Thanks to Tobias Schlager)

    Own Id: OTP-11744

  • ftp now sanitize file name, user name and passwords from <CR> and <LF> tags (Thanks to Sergei Golovan)

    Own Id: OTP-11750

  • Corrected error handling in the HTTP client, making it behave more graceful.

    Thanks to Kirilll Zaborsky

    Own Id: OTP-11794

  • Support identity transfer-encoding in httpc.

    Thanks to Anthony Ramine

    Own Id: OTP-11802

  • Ignore empty Set-Cookie headers to increase interoperability with servers that violate the RFC.

    Thanks to Kirilll Zaborsky

    Own Id: OTP-11803

Improvements and New Features

  • The commit 6189bc07 "inets: httpc improve pipelining" has been reverted, as it turned out to break things rather than improve pipelining utilization. It is instead up to the user to configure httpc and use it wisely to be able to get the most out of pipelining.

    Own Id: OTP-11756

  • Handle all response codes in httpd_util:message/3

    Own Id: OTP-11838

1.39  Inets 5.9.8

Improvements and New Features

  • Mend max_clients check that was broken and avoid too extensive logging that could cause memory problems.

    Own Id: OTP-11557 Aux Id: seq12478

1.40  Inets 5.9.7

Fixed Bugs and Malfunctions

  • Fix httpd config option 'script_timeout' and fixed httpd config option 'keep_alive_timeout'. Thanks to Johannes Weissl.

    Own Id: OTP-11276

  • Make httpc:request_cancel/[1,2] asynchronous. Previously these functions tried to guarantee request answer would not reach the client, which only worked for some of the use cases. Now these functions are totally asynchronous which makes it the clients responsibility to disregard possible answers to canceled requests.

    Also pipelining implementation has been changed to improve the utilization factor. Further investigation of possible enhancements in this area are planned for later.


    Own Id: OTP-11312

  • [httpd] Add handling of new response for mod_head (otherwise causing case_clause crash). Also updated logging: Removed logging for keep-alive connections timeout (this is a normal occurrence and not an error) and some access-log body size corrections.

    Own Id: OTP-11328

Improvements and New Features

  • The ftp client now supports ftp over tls (ftps).

    Own Id: OTP-11037

1.41  Inets 5.9.6

Improvements and New Features

  • httpc: Allow content body in DELETE requests. Thanks to James Wheare.

    Own Id: OTP-11190

  • Add missing brackets to report formatting on ftp_progress process exit. Thanks to Artur Wilniewczyc.

    Own Id: OTP-11202

  • Fix some errors in the inets documentation. Thanks to Johannes Weissl.

    Own Id: OTP-11210

  • Fix various typos in httpd, inets. Thanks to Tomohiko Aono.

    Own Id: OTP-11226

  • Fix httpd config option 'erl_script_nocache'. Thanks to Johannes Weissl.

    Own Id: OTP-11260

1.42  Inets 5.9.5

Fixed Bugs and Malfunctions

  • Reverted incorrect commit that broke cookie handling when using httpc-profiles.

    Own Id: OTP-10956

Improvements and New Features

  • Fix http_request:http_headers/1 to send content-length when length is zero. Thanks to CA Meijer.

    Own Id: OTP-10934

  • Integrate elliptic curve contribution from Andreas Schultz

    In order to be able to support elliptic curve cipher suites in SSL/TLS, additions to handle elliptic curve infrastructure has been added to public_key and crypto.

    This also has resulted in a rewrite of the crypto API to gain consistency and remove unnecessary overhead. All OTP applications using crypto has been updated to use the new API.

    Impact: Elliptic curve cryptography (ECC) offers equivalent security with smaller key sizes than other public key algorithms. Smaller key sizes result in savings for power, memory, bandwidth, and computational cost that make ECC especially attractive for constrained environments.

    Own Id: OTP-11009

  • Fix {stream, {self, once}} in httpc to work as expected. Thanks to Masatake Daimon

    Own Id: OTP-11122

1.43  Inets 5.9.4

Improvements and New Features

  • httpd: The modules option now defaults to the documented value.

    Own Id: OTP-10844

  • httpc: Fixed persistent connection implementation that was broken by a patch to R13. The patch made persisten connections behaved the same way as pipelining.

    Own Id: OTP-10845

  • httpd: Simplified configuration of ssl in httpd, this also enables all ssl options to be configured. The old and limited way is no longer documented but will be supported for backwards comatibility for some time.

    Own Id: OTP-10846

  • Handle correctly the "No files found or file unavailable" error code. Thanks to Serge Aleynikov

    Own Id: OTP-10886

1.44  Inets 5.9.3

Improvements and New Features

  • httpc: The HTTP client now supports HTTPS through proxies

    Own Id: OTP-10256 Aux Id: kunagi-2 [ce2e800e-c99f-4050-a1c4-f47023d9c7aa-1]

  • Some examples overflowing the width of PDF pages have been corrected.

    Own Id: OTP-10665

  • Fix autoredirect for POST requests responding 303. Thanks to Hans Svensson.

    Own Id: OTP-10765

1.45  Inets

Improvements and New Features

  • Make log_alert configurable as option in ssl, SSLLogLevel added as option to inets conf file

    Own Id: OTP-11259

1.46  Inets

Improvements and New Features

  • Fixed obsolete error report in inets.

    Own Id: OTP-11185 Aux Id: seq12357

1.47  Inets 5.9.2

Improvements and New Features

  • Minimum bytes per second

    New option to http server, {minimum_bytes_per_second, integer()}, for a connection, if it is not reached the socket will close for that specific connection. Can be used to prevent hanging requests from faulty clients.

    Own Id: OTP-10392

1.48  Inets 5.9.1

Improvements and New Features

  • Better handling of errorI(s) during update of the session database.

    Also added and updated some debugging functions which_sessions/[0,1] and info/0.

    Own Id: OTP-10093

    Aux Id: Seq 12062

  • Removed R14B compatible version of (inets-service and tftp) behaviour definition.

    Own Id: OTP-10095

  • [httpc] Documentation of KeepAlive and Pipeline timeout options have been improved.

    Own Id: OTP-10114

Fixed Bugs and Malfunctions

  • [httpc] Cancel request does not work due to incorrect handler table creation (wrong keypos).

    Vyacheslav Vorobyov

    Own Id: OTP-10092



1.49  Inets 5.9

Improvements and New Features

  • [httpd] Make the server header configurable with new config option server_tokens. The value of the server header, which was previously hard-coded (at compile time), is now possible to manipulate through the means of the server_tokens config option.

    Own Id: OTP-9805

  • Improve inets support for inets as an included application.

    inets_app calls supervisor:start_link/3 directly rather than calling the root supervisor function inets_sup:start_link/0. This precludes using included_applications to start inets without having a wrapper function.

    Jay Nelson

    Own Id: OTP-9960

  • [httpc] Add function for retrieving current options, get_options/[1,2].

    Own Id: OTP-9979

  • Utility module http_uri now officially supported.

    Also, the parse function has been extended with more scheme support and a way to provide your own scheme info.

    Own Id: OTP-9983

    Aux Id: Seq 12022

Fixed Bugs and Malfunctions


1.50  Inets 5.8.1

Improvements and New Features


Fixed Bugs and Malfunctions

  • [ftp] Fails to open IPv6 connection due to badly formatted IPv6 address in EPRT command. The address part of the command incorrectly contained decimal elements instead of hexadecimal.

    Own Id: OTP-9827

    Aux Id: Seq 11970

  • [httpc] Bad Keep Alive Mode. When selecting a session, the "state" of the session (specifically if the server has responded) was not taken into account.

    Own Id: OTP-9847

  • [httpc] The client incorrectly streams 404 responses. The documentation specifies that only 200 and 206 responses shall be streamed.

    Shane Evens

    Own Id: OTP-9860

1.51  Inets 5.8

Improvements and New Features

  • [ftpc] Add a config option to specify a data connect timeout. That is how long the ftp client will wait for the server to connect to the data socket. If this timeout occurs, an error will be returned to the caller and the ftp client process will be terminated.

    Own Id: OTP-9545

  • [httpc] Wrong Host header in IPv6 HTTP requests. When a URI with a IPv6 host is parsed, the brackets that encapsulates the address part is removed. This value is then supplied as the host header. This can cause problems with some servers. A workaround for this is to use headers_as_is and provide the host header with the requst call. To solve this a new option has been added, ipv6_host_with_brackets. This option specifies if the host value of the host header shall include the brackets or not. By default, it does not (as before).

    Own Id: OTP-9628

Fixed Bugs and Malfunctions

  • [httpd] Fix logging of content length in mod_log.

    Garrett Smith

    Own Id: OTP-9715

  • [httpd] Sometimes entries in the transfer log was written with the message size as list of numbers. This list was actually the size as a string, e.g. "123", written with the control sequence ~w. This has now been corrected so that any string is converted to an integer (if possible).

    Own Id: OTP-9733

  • Fixed various problems detected by Dialyzer.

    Own Id: OTP-9736


  • [httpc] Deprecated interface module http has been removed. It has (long) been replaced by http client interface module httpc.

    Own Id: OTP-9359

  • [httpc|httpd] The old ssl implementation (based on OpenSSL), has been deprecated. The config option that specified usage of this version of the ssl app, ossl, has been removed.

    Own Id: OTP-9522

1.52  Inets 5.7.2

Improvements and New Features


Fixed Bugs and Malfunctions

  • [httpd] XSS prevention did not work for hex-encoded URL's.

    Own Id: OTP-9655

  • [httpd] GET request with malformed header date caused server crash (non-fatal) with no reply to client. Will now result in a reply with status code 400.

    Own Id: OTP-9674

    Aux Id: seq11936

1.53  Inets 5.7.1

Improvements and New Features


Fixed Bugs and Malfunctions

  • [httpc] Parsing of a cookie expire date should be more forgiving. That is, if the parsing fails, the date should be ignored. Also added support for (yet another) date format: "Tue Jan 01 08:00:01 2036 GMT".

    Own Id: OTP-9433

  • [httpc] Rewrote cookie parsing. Among other things solving cookie processing from www.expedia.com.

    Own Id: OTP-9434

  • [httpd] Fix httpd directory traversal on Windows. Directory traversal was possible on Windows where backward slash is used as directory separator.

    András Veres-Szentkirályi.

    Own Id: OTP-9561

1.54  Inets 5.7

Improvements and New Features

  • [httpc|httpd] Added support for IPv6 with ssl.

    Own Id: OTP-5566

Fixed Bugs and Malfunctions

  • [httpc] Remove unnecessary usage of iolist_to_binary when processing body (for PUT and POST).

    Filipe David Manana

    Own Id: OTP-9317

  • [ftp] FTP client doesn't work with IPv6 host.

    Attila Rajmund Nohl

    Own Id: OTP-9342 Aux Id: seq11853

  • [httpd] Peer/sockname resolv doesn't work with IPv6 addrs in HTTP.

    Attila Rajmund Nohl.

    Own Id: OTP-9343

  • [httpc] Clients started stand-alone not properly handled. Also it was not documented how to use them, that is that once started, they are represented by a pid() and not by their profile().

    Own Id: OTP-9365

1.55  Inets 5.6

Improvements and New Features

  • [httpc] Add support for upload body streaming (PUT and POST).

    For more info, see the definition of the Body argument of the request/[4,5] function.

    Filipe David Manana

    Own Id: OTP-9094

  • [ftp] Added (type) spec for all exported functions.

    Own Id: OTP-9114 Aux Id: seq11799

  • [httpd] mod_esi:deliver/2 made to accept binary data.

    Bernard Duggan

    Own Id: OTP-9123

  • [httpd] Prevent XSS in error pages. Prevent user controlled input from being interpreted as HTML in error pages by encoding the reserved HTML characters.

    Michael Santos

    Own Id: OTP-9124

  • [httpd] Improved error messages.

    Ricardo Catalinas Jiménez

    Own Id: OTP-9157

  • [httpd] Extended support for file descriptors. In order to be able to bind to a privileged port without running the erlang VM as root, the support for using file descriptors has been improved. It is now possible to add the file descriptor to the config (option fd) when calling the inets:start(httpd, ...) function.

    Attila Rajmund Nohl

    Own Id: OTP-9202

    Aux Id: seq11819

  • The default ssl kind has now been changed to essl.

    ossl will work for as long as the ssl application supports it.

    See the httpd socket_type communication property or the httpc request/[4,5] function for more info.

    Own Id: OTP-9230


Fixed Bugs and Malfunctions

  • [httpd] Wrong security property names used in documentation.

    security_data_file used instead of data_file.

    security_max_retries used instead of max_retries.

    security_block_time used instead of block_time.

    security_fail_expire_time used instead of fail_expire_time.

    security_auth_timeout used instead of auth_timeout.

    Garrett Smith

    Own Id: OTP-9131

  • [httpd] Fix timeout message generated by mod_esi. When a mod_esi request times out, the code to send a timeout response was incorrect and generated an internal server error as well as an invalid response line.

    Bernard Duggan

    Own Id: OTP-9158

  • [httpc] httpc manager crashes. When a request results in a retry, the request id will be "reused" in the previous implementation a race condition could occur causing the manager to crash.

    This is now avoided by using proc_lib:init_ack and gen_server:enter_loop to allow mor advanced initialization of httpc_handlers without blocking the httpc_manger and eliminating extra processes that can cause race conditions.

    Own Id: OTP-9246

  • [httpc] Issuing a request (httpc:request) to an host with the ssl option {ip, {127,0,0,1}} results in an handler crash. The reason was that the connect call resulted in an exit with reason badarg (this was the same for both ssl and gen_tcp).

    Exits was not catched. This has now been improved.

    Own Id: OTP-9289

    Aux Id: seq11845

1.56  Inets 5.5.2

Improvements and New Features


Fixed Bugs and Malfunctions

  • [httpd] httpd_response:send_chunk handles empty list and empty binary - i.e. no chunk is sent, but it does not handle a list with an empty binary [<<>>]. This will be sent as an empty chunk - which in turn will be encoded by http_chunk to the same as a final chunk, which will make the http client believe that the end of the page is reached.

    Own Id: OTP-8906

1.57  Inets 5.5.1

Improvements and New Features

  • Miscellaneous inet6 related problems.

    Own Id: OTP-8927

  • Updated http-server to make sure URLs in error-messages are URL-encoded. Added support in http-client to use URL-encoding. Also added the missing include directory for the inets application.

    Own Id: OTP-8940

    Aux Id: seq11735

Fixed Bugs and Malfunctions

  • Fix format_man_pages so it handles all man sections and remove warnings/errors in various man pages.

    Own Id: OTP-8600

  • [httpc] Pipelined and queued requests not processed when connection closed remotelly.

    Own Id: OTP-8906

1.58  Inets 5.5

Fixed Bugs and Malfunctions

  • [httpc] If a request times out (not connect timeout), the handler process exited (normal) but neglected to inform the manager process. For this reason, the manager did not clean up the request table., resulting in a memory leak. Also the manager did not create a monitor for the handler, so in an unforseen handler crash, this could also create a memory leak.

    Own Id: OTP-8739

  • The service tftp was spelled wrong in documentation and in some parts of the code. It should be tftp.

    Own Id: OTP-8741 Aux Id: seq11635

  • [httpc] Replaced the old http client api module (http) with the new, httpc in the users guide.

    Own Id: OTP-8742

Improvements and New Features

  • Eliminated warnings for auto-imported BIF clashes.

    Own Id: OTP-8840

1.59  Inets 5.4

Improvements and New Features

  • [httpc|httpd] - Now allow the use of the "new" ssl, by using the essl tag instead.

    See the http_option option in the request/[4,5] or the socket-type section of the Communication properties chapter for more info,

    Own Id: OTP-7907

  • Deprecated functions designated to be removed in R14 has been removed. Also, some new functions has been marked as deprecated (the old http client api module).

    Own Id: OTP-8564


  • [httpd] - Improved mod_alias. Now able to do better URL rewrites.

    See URL aliasing properties and the CGI properties section(s) for more info,

    Own Id: OTP-8573

Fixed Bugs and Malfunctions


1.60  Inets 5.3.3

Improvements and New Features


Fixed Bugs and Malfunctions

  • [httpc] - Made cookie handling more case insensitive.

    Own Id: OTP-8609

    Nicolas Thauvin

  • [httpc|httpd] - Netscape cookie dates can also be given with a 2-digit year (e.g. 06 = 2006).

    Own Id: OTP-8610

    Nicolas Thauvin

  • [httpd] - Added support (again) for the documented debugging features. See the User's Guide Configuration chapter for more info.

    Own Id: OTP-8624

1.61  Inets 5.3.2

Improvements and New Features


Fixed Bugs and Malfunctions

  • [httpc] - Memory leak plugged. The profile manager never cleaned up in its handler database. This meant that with each new request handler, another entry was created that was never deleted. Eventually the request id counter (used as a key) would wrap, but the machine would most likely run out of memory before that happened.

    Own Id: OTP-8542

    Lev Walkin

  • [httpc] - https requests with default port (443) not handled properly.

    Own Id: OTP-8607

    jebu ittiachen

1.62  Inets 5.3.1

Improvements and New Features


Fixed Bugs and Malfunctions

  • [httpc] - Badly formated error reason for errors occuring during initial connect to a server. Also, the possible error reasons was not properly documented.

    Own Id: OTP-8508

    Aux Id: seq11407

  • [httpd] - Issues with ESI erl_script_timeout.

    • The erl_script_timeout config option is ducumented as a number of seconds. But when parsing the config, in the new format (not a config file), it was handled as if in number of milliseconds.

    • When the erl-script-timeout time was exceeded, the server incorrectly marked the answer as sent, thereby leaving client hanging (with an incomplete answer). This has been changed, so that now the socket will be closed.

    Own Id: OTP-8509

1.63  Inets 5.3

Improvements and New Features

  • [httpc] - Allow users to pass socket options to the transport module when making requests.

    See the socket_opts option in the request/4 or set_options/[1,2] for more info,

    Own Id: OTP-8352

  • [httpc] Fix bug crafting Host header when port is not 80.

    The host header should include the port number as well as the host name when making a request to a server listening on a port other than the HTTP default of 80. Currently, only the host name is included. This is important to make the http client more compliant with the HTTP specification.

    Own Id: OTP-8371

    Kelly McLaughlin

  • [httpc|httpd] http_chunk data handling/passing improvement.

    This is a modification to the http_chunk module to forward any full chunk received, regardless of whether the size field for the following chunk has been received yet. This allows http_chunk to be used in situations where a long term HTTP connection is used to send periodic status updates as individual chunks. Previously a given chunk would not be forwarded to the client process until the size for the next chunk had been read which rendered the module difficult to use for the scenario described.

    Bernard Duggan

    Own Id: OTP-8351

  • Include the inets test suite in the release of the application.

    Own Id: OTP-8349

  • [httpc] - It is now possible to configure the client to deliver an async reply to more receivers then the calling process.

    See the receiver option for more info,

    Own Id: OTP-8106

  • [httpd] - Methods "PUT" and "DELETE" now allowed.


    Own Id: OTP-8103

  • [httpc] Several more or less critical fixes:

    • Initial call between the httpc manager and request handler was synchronous.

      When the manager starts a new request handler, this is no longer a synchronous operation. Previously, the new request handler made the connection to the server and issuing of the first request (the reason for starting it) in the gen_server init function. If the connection for some reason "took some time", the manager hanged, leaving all other activities by that manager also hanging.

    As a side-effect of these changes, some modules was also renamed, and a new api module, httpc, has been introduced (the old module http is not removed, but is now just wrapper for httpc).

    Own Id: OTP-8016


Fixed Bugs and Malfunctions

  • [httpd] The server did not fully support the documented module callback api. Specifically, the load function should be able to return the atom ok, but this was not accepted.

    Own Id: OTP-8359

  • Fixing various documentation-related bugs (bad quotes).

    Own Id: OTP-8327

  • Fixing minor Dialyzer and copyright problem(s).

    Own Id: OTP-8315

  • [httpc] - Added basic sanity check of option value combinations.


    Own Id: OTP-8056

1.64  Inets 5.2

Improvements and New Features

  • [ftpc] - Start of the FTP client has been changed in the following way:

    • It is now also possible to start a standalone FTP client process using the re-introduced ftp:open function.

      This is an alternative to starting the client using the inets service framework.

      The old ftp:open/1, undocumented, function, caused the client to be hooken into the inets service supervision framework. This is no longer the case.


    • Previously, the FTP client attempted to use IPv6, unless otherwise instructed (the ip_v6_disabled flag), and only used IPv4 if this did not work. This has now been changed.

      A new option, ipfamily, has been introduced, with the default value inet (IPv4).

      See ftp:open for more info.


    Own Id: OTP-8258

  • The documentation is now built with open source tools (xsltproc and fop) that exists on most platforms. One visible change is that the frames are removed.

    Own Id: OTP-8249

Fixed Bugs and Malfunctions

  • [httpc] - Streaming to file did not work.


    Own Id: OTP-8204

  • [ftpc] - The ls/2 function (LIST command) and the nlist/2 function (NLST command) with wildcards did not work properly.

    These functions is documented as working on directories, but this is actually not according the standard. The LIST and NLST commands are specified to operate on a directory or other group of files, or a file.

    Previously, an attempt was made to check if the listing returned by the server was actually an error message. This was done by changing remote directory (cd) into the (assumed) "directory". This may work if Pathname was actually a directory, but as this is not always the case, this test does not work. Instead, we now return the actual server result and leave the interpretation to the caller.


    Own Id: OTP-8247

    Aux Id: seq11407

  • [httpc] - Fixes various bugs in timeout and keep-alive queue handling.

    • When a queued request times, out the error mssage is sent the owner of the active request.

    • Requests in the keep-alive queue is forgotten when handler terminates.

    • Timeout out requests are retried.

    Jean-Sébastien Pédron

    Own Id: OTP-8248

  • [httpd] - Unnecessarily strict matching when handling closing sockets.

    Own Id: OTP-8280

1.65  Inets 5.1.3

Improvements and New Features


Fixed Bugs and Malfunctions

  • [httpc] - Raise condition. When http:request is called and httpc_manager selects a session where there's already a pending request, then the connection handler for that session effectively resets its parser, readying it for the response to the second request. But if there are still some inbound packets for the response to the first request, things get confused.


    Own Id: OTP-8154

1.66  Inets 5.1.2

Improvements and New Features

  • [httpc] - Added http option connect_timeout for http client request. The connect_timeout option is used for the initial request, when the client connects to the server. Default value is that of the timeout option.

    See the request/[4,5] function for more info.

    Own Id: OTP-7298

Fixed Bugs and Malfunctions

  • [httpd] - Failed to create listen socket with invalid option combo. The http-server failed to create its listen socket when the bind-address was an IPv4-address (a tuple of size 4) and the ipfamily option was inet6fb4.

    Own Id: OTP-8118

    Aux Id: seq11321

  • [httpd] - Removed documentation for non-existing function (httpd_util:header/2,3,4).

    Own Id: OTP-8101

1.67  Inets 5.1.1

Improvements and New Features

  • [httpd] - When starting inets (the web-server) and supplying a descriptor on the command line (example: erl -httpd_8888 <descriptor>) it is now possible to specify which ip-family to use: inet | inet6 | inet6fb4.

    Example: erl -httpd_8888 10|inet6

    When starting the web-server either using a file with property list (the proplist_file) or a an property list, using the ipfamily option: {ipfamily, inet | inet6 | inet6fb4}.

    Finally, when starting the web-server using the classical apache-style config file, the BindAddress directive has been augmented to allow the specification of the IpFamily: BindAddress blirk.ericsson.se|inet

    Default is inet6fb4 which emulates the behaviour of the previous version.

    See the Communication properties section for more info.

    Own Id: OTP-8069

    Aux Id: seq11086

Fixed Bugs and Malfunctions

  • [httpc] - Reception of unexpected data causes handler crash.

    Own Id: OTP-8052

1.68  Inets 5.1

Improvements and New Features

  • [httpc] Added support for web services using only basic auth, with a token as the user part and no password part.


    Own Id: OTP-7998

  • [httpc] - Bind HTTP client to IP-addr. It is now possible to specify an alternate ip-address and port to be used when the client connects to the server.

    As a side-effect of this, the option ipv6 has been removed and replaced by the ipfamily option.

    See http:set_options/[1,2] for more info.


    Own Id: OTP-8004

Fixed Bugs and Malfunctions

  • Updated guard tests (i.e. is_list(L) instead of list(L) and possibly andalso/orelse instead of ","/";").

    Own Id: OTP-7994

  • [httpc] - Remove use of the deprecated regexp module.

    Own Id: OTP-8001

  • [httpc] - The option max_keep_alive_length was not handled properly.

    Own Id: OTP-8005