• Improved SSI file serving: added Content-Type header
• Improved compiler compatibility, using traditional header guards instead of #pragma one
• When listening on port 0, exposing the actual port
• Disabled SSL 1.1 for OpenSSL
• Fixed C++ mg_str constructor shadowing
• Using FD_CLOEXEC on opened sockets on UNIX-like systems
• Support for new mbedtls 3.x
• Improved C++ interop with #ifdef __cplusplus
• Improved MQTT API: added qos and retain params to mg_mqtt_{pub,sub}
• Optimised RAM usage - mg_iobuf_append()
• Added MG_ARCH_FREERTOS_LWIP
• Added stm32f7 example with FreeRTOS+TCP stack
• Re-enabled Range header support (partial downloads)
• Multiple documentation fixes
• Improved mg_random() for Espressif builds
• Added multiple unit tests
• Added an ability to load mbedTLS certs from memory
• Added multipart form upload

• Added mg_mqtt_next_unsub()
• Added chunked HTTP client support and MG_EV_HTTP_CHUNK event
• Restored mg_mqtt_{ping,pong,disconnect} functions
• Fixed Cygwin and QNX builds
• Added struct mg_mgr::userdata pointer
• Added struct mg_http_message::head which contains HTTP line and all headers
• Add ability to use in-memory CA PEM for mbedtls
• Improved unicode handling on Win32
• Improved ESP32 example to use SPIFFS and static serving
• Improved TLS SNI

Overview

This is a bugfix and cleanup release after the major version 7.0 release. A significant number of small issues were fixed, and some new examples added.

• Continuous integration test switched from CircleCI to Github Actions
• Added socks5 example
• Added esp32 example
• Added esp8266 example
• Added mingw test
• Added mbedtls test
• Added openssl test
• Added reverse proxy example
• Added proxy client example
• Added MQTT server example
• Many TLS related fixes
• Fixed DNS resolution timeout
• Added SSI to mg_http_serve_dir()
• Fixed file descriptor leak for local cache codepath

Overview

This is a major release, aimed primarily at refactoring and cleanup of the codebase. The main focus is made on the embedded usage. The documentation has been fully revamped, and published at https://cesanta.com/docs. Porting from the 6.x version is not straightforward, despite all concepts stayed intact. The major changes include:

• CGI support has been removed

• WebDAV support has been removed

• Socks5 support has been factored to the example

• Digest auth support has been removed. The anticipated usage is Basic + TLS

• Mongoose documentation

Non-amalgamated sources

The non-amalgamated sources are kept in src/, and amalgamation is performed by Makefile. Set -DMG_ENABLE_LINES compiler option to enable non-amalgamated diagnostics.

CI tests and coverage

A Circle CI tests are established, to test on the common platforms and compilers, for both ISO C and ISO C++ mode. Also, an automatic test coverage tracking is performed.

• Mongoose CI tests
• Mongoose test coverage

The plan for the next releases is to add platform-specific examples (like for ESP32, STM32, etc) and integrate them into CI, to ensure they do not break as development continues.

Continuous fuzzing test

Mongoose is integrated into Google's https://oss-fuzz.com/ service, to enable continuous fuzzing code tests. This helps to find security issues early on.

• Allow OpenSSL session reuse on 2-way SSL
• Updated certs for OpenSSL tests
• Fixed OpenSSL error status issue
• Added HTTP proxy client example
• Fixed deferencing mg_http_free_proto_data_endpoints
• Fixed typedef bool for MSC

Bug fixes

• An integer overflow bug in parse_mqtt(), CVE-2019-19307
• MQTT ping logic improved
• Leak fix for invalid CA
• Make SSL and non-SSL build binary compatible
• Make 30x replies keep opened HTTP/1.1 connection

Bug fixes

• A critical issue in mg_http_parse() is fixed. Associated fuzzer test added. This is a fix for the CVE-2019-13503 in the Common Vulnerability and Exposure database: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13503

Bug fixes

• A critical MQTT heap-based overflow in parse_mqtt() fixed - credit goes to Yakun Zhang and Zheng Huang of Baidu Security Labs for discovering and reporting the issue
• mg_resolve2() incorrect memory init fixed
• Fixed locking in lwip_net_if
• Fixed callback invocation in mg_net_if_lwip

Features

• Added new platform rs14100, a multi-protocol wireless chip from Redpine Signals
• Deliver EV_CLOSE to the last endpoint handler
• Allow NULL handler for mg_bind and mg_connect

API changes

• Added MG_MK_STR_N(), mg_str_starts_with(), mg_strfree()
• Added mbuf_clear(), mbuf_append_and_free(), mbuf_move()
• Added ability for multipart data handler to provide pushback
• Made MG_CTL_MSG_MESSAGE_SIZE overridable

Bug fixes

• Fixed digest auth result comparison
• Read all available data during recv poll
• Ensure that user sees all the data before connection is closed
• Check for NULL in tcp_recved_tcpip()
• Send extra options with OPTIONS
• Properly support MQTT wildcards when matching topics
• Fix handling of WS handshake error response

Other changes

• Log file:line instead of function; add cs_log_set_file_level()

• When processing chunked response, make sure chunk size is reasonable
• Open uploaded file in binary mode (Windows)
• Refactored polling, cleaned up net_if interface somewhat
• LwIP: Trim recv_mbuf when we know the size of the data
• Fix unused variable warnings when build w/o logging
• Added net_if_null
• Minor doc updates