May 15, 2004 - Version 1.21 for beta testing

- Fixed problem with FTP login not showing custom welcome text in proper place
- Some wording changes in menu and cosmetic enhancements

April 15, 2004 - Version 1.20 in house testing completed

Feb 16, 2004, v1.20
- Add support for virtual hosts (serve more than one hostname from different virutal roots)
- Add support for "Content-Range"
- which enables resume downloading and multipart download (ala GetRight, FastGet, etc)
- Add support for "Content-Enconding" (defalte) which allows for sending compressed data across the wire
- Modified code to handle file sizes > 2 GB
- Corrected HTTP header "sever" ==> "server"
- Added "Ban IP" to popup menu on HTTP log
- The ability to stop all HTTP logging from local IP addresses
- Add option to hide "Server" HTTP header response
- Added more debug logging
- Modified the default binding to be any IP Address
- Changed address 0.0.0.0 to "Any IP Address" to make it explicit
- Fixed defect in the restart routine after changing config options, sometime it wouldn't restart
- Fixed defect in sending error codes without sending content length
- Minor tweaks to FTP server
- Fixed directory browsing defect when directory names had periods in them
- Fixed options dialog for virtual hosts home directory
- Fixed default MIME types
- Fixed cross site scripting vulnerability in ISAPI handling



Nov 2, 2003, v1.07
- Fixed FTP Server bug that didn't allow sub-directory listings
- Fix bug where IP address wasn't displayed in 414 error responses
- Modified HTTP auto startup to solve auto start problems
- Modified "Banned IP" address check to use RegEx expression matching
- Log entry before actually sending it - so that we have a record of it
- Modified "If-Modified" request handling
- Add "localhost" to list of available IP Addresses
- Fixed bug where multiple Options dialog could be shown


Aug 4, 2003, v1.06
- Fixed Perl CGI command line invoke (broken in 1.05)
- Fixed problem identifying the pathinfo on a cgi/isapi request
- Improved the way CGI apps are identified
- Fixed problem when minimizing WebWeaver on startup
- Change CGI environment variables to conform with Apache 2.0
- Fixed a hole in realm security introduced in v1.05
- Fixed compatibility with PHP > 4.3.1 (including PHP 5)
- Correct Support Forum link in about box
- Added more logging to FTP output

Jun 24, 2003, v1.05
- Fixed Error Page Cross-Site Scripting vulnerablity (http://www.secunia.com)
- Fixed FTP problem where you couldn't change to valid lower level directories
- Fixed FTP Denial of Service security hole related to RETR
- Fixed FTP Denial of Service security hole in Windows9x
- Fixed problem with not sending pages when the IfModifiedTime was in the future
- Changed the way MIME types are populated (now from Registry + well known set)
- Now send REQUEST_URI in CGI enviroment
- Fixed sending PATH_INFO to PHP requests
- Improve identification of PHP, CGI, Perl, DLL's, etc. scripts
- Fixed a problem with SSI "FLASTMOD" directive
- Added trailing / to directory names in directory listing
- Added a couple more default MIME types (.ogg, etc)
- Sending files via TransmitFile rather than chunking it myself
- Fix RemoteAdmin functionality
- Fixed hole in realm security


Apr 16, 2003 v1.04
- Fixed problem with "IP Security" where it would block Addresses that were valid to some URLs.
- Fixed Denial of Service security hole in Windows9x
(see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-017.asp)
- Fixed Denial of Service security hole related to long URLs
- Modified password encryption to use MD5
- Fixed "Path disclosure" security hole in FTP server
- Fixed "Directory Traversal" security hole in FTP Server
- Modified Directory Listing to sort directories first
- Modified Directory Listing to be user sortable (ascending or descending)
- Changed to new TrayIcon component
- Replaced corrupted .ico file
- Added the ability to specify directory listing icons
- Change from Common Log Format (CLF) to Extended Common Log Format
- "Users" list view is now sorted alphabetically
- Added horizontal scrollbar to HTTP Log window
- Added virtual host functionality (but hidden in this release)
- Modified "Documentation" menu item to start on whatever port WebWeaver is running on
- Respond with "Authorization Required" if the cancel from an authentication dialog
- CGI StdErr output is now captured and returned
- Add Server status to status bar
- Fixed problem where logging to the file also logged to the window
- Fixed pre-loading thread cache twice
- Fixed problem where the server would occasionally fail to restart


Dec 12, 2002 - Version 1.03
- Fixed ISAPI defect - correct handling redirect
- Fixed ISAPI defect - was not sending Content-Length header when length was 0
- Fixed ISAPI handling of IntraWeb applications
- Fixed ISAPI handling of headers in HSE_REQ_SEND_RESPONSE_HEADER
- Add the ability to control WebWeaver with windows messages
- Fixed CGI Content-Length header ( was sending incorrect value )
- Fixed ISAPI.WriteClient problem that could cause 100% utilization
- Fixed a problem where CGI data may be truncated
- Fixed problem adding http headers to CGI & ISAPI apps


Oct 20, 2002 - Version 1.02
- Added exporting of HTTP headers to CGI ( thanks Vatche Demirjian )
- Modified ISAPI Server Variables to be compatible with IIS ( thanks Christof Lange )
- Changed ISAPI version loading from 4 to 6
- Fixed bug where redirects from CGI may not occur
- Minor fixes in executing PHP scripts
- Remote Admin Port can now be set below 10000
- Began compiling with Delphi 7

Jun 02, 2002 - Version 1.01
- Added Ban IP functionality
- Fixed a defect in Group handling ( thanks John Rachide )
- Fixed logging to make it CLF compliant ( thanks Vatche Demirjian )

Apr 12, 2002 - Version 1.00
- Fix a security hole in CGI Handler
- Fix security hole in directory browsing

Feb 15, 2002 - Version 0.69 BETA
- Mostly a documentation update. Huge thanks to Ted for
writting the user docs. - Ted@bluwall.com
- Fix limitation on FTP window logging
- Logging windows now scroll to latest entry
- Tweaks to CGI handling
* QUERY_STRING is not decoded before passing to CGI - Aryeh Eiderman
* The working directory is now set to where the script resides
* modified routines to identify CGI App requests to make them faster.
* Post data is handled much faster. ( ~900% faster )
- Fixed bug in ISAPI Post command - Stephen Wong
- Fixed exception in ISAPI handling
- Fixed mutli-threading issue that would cause an occasional
exception on startup or problems shutting down.
- Fixed problem with FTP clients sending arguments in LIST
command - Sebastian Schuberth
- Started compiling with Delphi 6



Dec 27, 2001 - Version 0.68 BETA
- Modified AdminThread to log with LOG_DEBUG rather than LOG_ALL
- Fixed bug in ISAPI handling
- Fixed bug where enabling RemoteAdmin would cause exception in some cases
- Rewrite the AdminThread, so that it is only created if you enable it
- Fixed directory browsing icons. Some where not displayed properly (.EXE)
- Directory browsing listings are now alphabetical, rather than disk ordered
- Removed "Parent Directory" from virtual directory listing
- Added timestamp to FTP messages
- Added the ability to "clear" and "copy" HTTP & FTP logs
- Forgot to mention that a new error log was added in version 0.67
- Complete rewrite of thread pool
- Rewrite worker threads to work with new thread pool
- Fix SSI directive FLASTMOD to work with File= correctly
- Fix CGI Post to handle large files


11 Aug 2001 - Version 0.67 BETA
- Fixed logging to file problem (it now logs - broken in 0.66)
- Now appends to the end of a log file if it previously existed
- Change to logging now take effect without having to exit and start WebWeaver
- After fixing items above, decided to rewrite the entire logging
I wrote a generic logging class with lots of new stuff. Like:
* Ability to read logs from another process (previously locked)
* Ability to specify logging level - now I don't need seperate debug routines
* Optional buffered logging
* optional callback to handle output to GUI


6 July 2001 - Version 0.66 BETA
- Removed 0.61 INI upgrade
- Fixed HTTP Post to CGI problems
- Added ISAPI support for HSE_REQ_SEND_RESPONSE_HEADER_EX
- Added Help/Home Page menu item
- Corrected spelling errors
- Now users are removed from the FTP users list and the protected realm list if they are deleted.
- Added PHP support (via CGI gateway)
- Added the ability to execute .pl and .cgi files as perl cgi
- Rewites of logging routines


20 June 2001 - Version 0.65 BETA
- Fixed a problem where CGI rewrite (in 0.64) didn't work on Win9x/ME
- Fixed a bug where CGI would fail it the terminated in #10#10 instead of #10#13#10#13
- Fixed a bug where ISAPI would post two log entries - one of which didn't have content-length
- Fixed bug introduced in 0.64 that where I no longer decoded the URL (file names with spaces didn't work)
- Fixed bug where CGITimeout was never used. It always timedout after 5 seconds.


05 May 2001 - Version 0.64 BETA
- Fixed bug in ISAPI Handler that could cause exeception
- Add fix to TranslatePath to fix problem when URL specifies a directory,
but doesn't end in a / so alias translation doesn't work
- Rewrite AddDefaultMIMETypes to read defaults from registry
- Add Event Objects to threads (HTTP, Admin & FTP) to that we
wait on the threads until the create the socket in the .Execute method.
- Fixed a memory leak in log object
- Fixed a second memory leak in log object
- Fixed bug in HTMLCache which may cause an exception in removing objects
- Fixed bug not decreasing the HTMLCache size when removing objects
- Complete rewrite of CGI Handler
- Fixed bug in not being able to saving "Debug Modules" setting
- Fixed a bug in ISAPI handler that would return ACCEPT_LANG:, ACCEPT_TYPE:, etc. when ACCEPT: was requested.
- Added a seperate ISAPI.ini file
- Modified ISAPI Handler to be able to handle version 4 of the Extensions
- Fixed bug where ISAPI extensions would crash if they didn't termintate in CRLF rather than just a #0
- Modifed default perl path to be blank (some users thought it was installed by default)
- Modified TranslatePath to disallow alias translations which result in shorter paths than the aliased dir.
For example a URL of /hack/../../file.zip where /hack/ aliased c:\www\hackstuff\ it use to return
/file.zip, which is a security breach, because they get outside of the aliased dir. Now it returns
403 Access denied.
- Added to function SendError - which centralizes all error returns and get the return HTML to send as the message
- Moved LogHTTPStatus to Response.Send so that it always gets called, and doesn't have to be called explictly
- Fixed security hole where the physical path might be displayed in FTP


19 Mar 2001 - Version 0.63 BETA
- Fixed where gDLLManager was freed when the server was stopped. Caused exception when next ISAPI attempted to load
- Fixed bug where the file handle of SSI parsed documents was not freed.
- Fixed problem here SSI documents were not sending MIME types
- Modified Splash/About screen
- Improved FTP Server file transfer performance by 460%
- Fixed memory leak in FTP Server
- Changed anonymous access (anonymous can get/put in own directory, can not delete)
- Fixed FTP Server bug, where users could list directories outside of their home directory
- Added option to never send 304 response - some users were getting blank pages when their browser cache was not cleared
- Fixed problem with CGI Parsed Header programs (not returning correct content type)
- Converted all TStringList storage objects to custom hash objects.
- Fixed the ability to start and stop remote admin thread without restarting the server
- Added BuildOptions.inc file so that I could do custom builds
- Added CompanyStrings.inc that is loaded if CUSTOM_BUILD is defined.
- Fixed bug that caused an exception if user had blank password
- Users with blank passwords are no longer prompted at FTP login for a password
- Modified SSI output of several echo vars
- Modified SSI output to include CRLF of original document (it was previously striped)
- Added SSI <include virtual=URL> support (but alias substitution in URLis not supported)
- Added the ability to specify wildcards in IP Address filtering
- Added the ability to have multiple IP Address masks restrict map to protected URL
(before it was on IP address mask per URL)
- Rewrite realm validation routines to be more efficient
- Fixed bug where CGI scripts returning large amounts of data was handled in correctly


06 Mar 2001 - Version 0.62 BETA
- Fixed problem with HtmlSendDocument - only occured when not using the file cache with large files.
- Fixed problem identifing perl cgi scripts
- Added the ability to "AutoUpdate" using proxy info retrieved from Registry
- Replace 'content-type:' with HTTP_CONTENT_TYPE etc.
- Added debug dump of ISAPI & CGI info to text file
- Now report error when a file can't be opened.
- Added error reporting on failure to load ISAPI module
- Fixed a problem where very large files might not be sent do to lack of memory - now large files are send in 64K chuncks
- Added Bytes Served to Statistics
- Fixed problem with not sending mime type header
- Fixed problem with not sending Content Length header
- Added log entry when HTTP Server or FTP Server fails to start
- Seperated INI files for storage rather than a single INI file
- Added the ability to upgrade to new ini format
- Store user passwords encrypted (it's week, but better than clear text)
- Added a configurable Default MIME type
- Fixed problem where CGI would not send correct Content-Length header
- Added debug logging ability via command line /d at startup (DEBUG.TXT)
- Remove HTTP Server Pause function (it was never used)
- Created a MIMEHash object that handles retrieving mime types
- Fixed problem where 'HEAD' and 'POST' would return directory list
- Fixed problem where some documents were treated as SSI when they were not