Version 1.33 of BRS WebWeaver has been released.

Changes in this release:

Dec 02, 2005 - Version 1.33

     * Another "head" request fix to return 404 on missing files
     * Fixed not displaying correct value for HTTP Log Window "Max
Lines to Display"
     * Fixed deleting unused groups from the groups.ini file
     * Complete re-write of the CGI handler code
     * Fixed HTTP Version handling (replied HTTP/1.1 to HTTP/1.0 requests)
     * Add the ability to redirect CGI timeouts to an error page
     * Fixed docs that said "POST" wasn't supported (it is)
     * Fixed problems on Win9X, where client disconnects didn't stop
WebWeaver from loading the file into memory.
     * Fixed tray "Restart Server" menu option (it was never enabled)
     * Fixed multiple calls to cleanup routines
     * Fixed possible memory when overflowing thread pool
     * Added sending Server Busy response when server reach max thread
count
     * Fixed handling of "Last-Modified" header not being sent in some
cases
     * Removed the need to use "cgi.force_redirect=0" for php
     * Fixed quit sending "Content-Length=0" when length is unknown
     * Remove using "TransmitFile" Windows Winsock API
     * Fixed sending very large files (> 2GB)
     * Added the ability to throttle download bandwidth
     * "Banned IP" addresses dropped as soon as they attempt to connect
- rather than processing the headers and then drop it
     * Fixed group handling which could unintentionally move users from
one group to another when adding a new group
     * Modified buffering of data sent on socket (introduced in Beta1)
     * Fixed small memory leak in Throttling code
     * Added adding users to groups by double clicking on user (before
you could only use the arrows)
     * Fixed small memory leak in thread destruction
     * Fixed small memory leak in loading configuration files
     * Switched to use FastMM4 as underlying Memory Manager
     * Modified reqeust header handling to reduce repeat look ups
     * Complete rewrite of User/Group internal handeling (not
externally visisble, but considerably simplified the code)
     * Modified FTP Server to only bind to designated port rather than
any port
     * Fixed small memory leak in options dialog
     * Added the ability to append \public_html to user redirects
     * Fixed cache memory leak if compression was turned on



As always - you can get the latest version from
http://www.brswebweaver.com/

Enjoy,
-Blaine

Version 1.32 of BRS WebWeaver has been released.


I didn't send out and e-mail with the release of 1.31, so I'll detail
the changes here as well.  The update is avaiable now.

Fixes in 1.32:

May, 07, 2005
     * Fixed FTP rename
     * Fixed "head" request - should return 404, but is returning 200
     * Fixed cgi query string - ?a=1?b=2 would only return ?a=1
     * Added the ability for the Options page to open to the same page
when it was last closed
     * Fixed the ability to leave off drive letters in paths




Fixes in 1.31

Apr, 16, 2005
     * Made dirctory listing output HTML 4.01 valid
     * Fixed SSI handling for "TIMEFMT" tag
     * Change security check for DOS attack to affected windows versions
     * Directory browsing output now always sends output as "text/html"
rather than the default MIME type
     * Fix CGI vars passed to to fix inconsistencies with PHP
     * Fix PHP_SELF PHP variable (now correctly includes default filenames)
     * Add server statistics optionally available /stats/
     * Use "referrer" header if "HOST" is a local ip address (fixes dns
redirectors that don't comply with HTTP spec)
     * Fix HEAD request to return correct content-length (would always
return 0)
     * Compile with D7 - seems to be a bug in D2005, that causes
listviews on the options page to delete all entries mysteriously
     * allow URL line length to be 2048 chars (old limit was 512)
     * fix the /quit command line
     * Fix handling of multiple extensions for php filenames (eg. .php
and .php3)


As always - you can get the latest version from
http://www.brswebweaver.com/

Enjoy,
-Blaine

Version 1.30 of BRS WebWeaver has been released.

The main change in the release is that you can now install BRS
WebWeaver as a service.  This allows to to have WebWeaver running even
when a user is not logged in.  Services are only supported in WinNT,
Win2000, WinXP and Server 2003 (no Win9X support).

There were also a number of fixes:

- fixed "HEAD" where it didn't return content-length
- fixed "HEAD" where it wouldn't process "default docs"
- fixed not printing error msg in dialog window on startup error
- add ability to run as a service
- fixed the command line messaging capability
- fixed autostart from service
- fixed FTP RETR command
- fixed FTP for some clients that sent the fully qualified path
- fixed ISAPI pathinfo parsing problems (didn't handle pathinfo's with
period correctly)
- add support for Windows XP Themes in GUI
- fixed Perl handling (broken in RC1)

As always - you can get the latest version from
http://www.brswebweaver.com/

Enjoy,
-Blaine

Version 1.26 of BRS WebWeaver has been released.

- Allow for case sensitive user passwords
- Fix "HEAD" request handling for directory listings.
- Add the ability to Ban Requests
- Added the ability to specify FTP PASV IP Address
- Added the ability to specify FTP PASV ports
- Added the dynamically redirect "user" directory requests
(e.g. /~bill)
- Fixed Anonymous FTP users create directories
- Fixed Anonymous FTP users remove directories
- Fixed Anonymous FTP users can't upload files
- Fixed Anonymous FTP users can't rename files
- Modified server signiture from "BRS WebWeaver" to "BRS-WebWeaver"
- Clients that request "Banned requests", are added to the "Banned
IP" list
- Protected gBanIP with a multiReaderSingleWriter
- Fixed where "Realm Security" would require authentication when it
was disabled
- Modified CGI Environment to remove duplicate entries
- Modified the Startup and Install check to check for the class name
and the window name
- Modified WebWeaver to allow to be run as non-Admin user
- Fixed log format by removing outputting 0 (zero) for content
length instead of "" in HTTP Headers
- No longer write "HTTP Server Started/Stopped" to Access Log
- Fixed startup problem on Windows 2003 (Events start as signaled
rather than reset)

As always - you can get the latest version from
http://www.brswebweaver.com/

Enjoy,
-Blaine

Version 1.25 of BRS WebWeaver has been released.

- Here is a list of features/fixes for this release:
- Fixed defect that the HTTP server would not start if error log
could not be opened
- Fixed ftp client compatibility (some clients didn't work)
- Fixed ftp server "welcome message" can now be changed without
having to exit the entire program
- Modified HTTP server to be able to serve "open" files
- Fixed HTTP Encoding to use %20 rather than +
- Fixed logging when a file can not be served (before quit quietly)
- Fixed defect in serving multiple hosts did not serve default docs
- Fixed defect in serving multiple hosts if not running on port 80
- Added the ability to not specify drive letters in paths
- Added the ability for the Main form now "remembers" it's last size
and position
- Modified server restarts so that the main form doesn't "hang" for
several seconds
- Added the ability to run external programs when WebWeaver starts

As always - you can get the latest version from
http://www.brswebweaver.com/

Enjoy,
-Blaine

After several rounds of test releases for 1.21 - the final version
has now been released.

Here is a list of features/fixes for this release:
- Add command line handling (/stop /start /quit)
- Added "Flush Cache Contents" button
- Fixed defect overrunning the cache with large files
- Fixed defect with directory browsing files with "+" in the -
filename
- Fixed defect in 302 redirects
- Fixed compressing already compressed files in file cache
- Modified MaxWindowLines default to 500 (to reduce problem on
Win9X)
- Fixed problem with unknown method type
- Limit max display line length to 512 chars

As always - you can get the latest version from
http://www.brswebweaver.com/

Enjoy,
-Blaine

After several rounds of beta release for 1.20 - the final version
has now been released.

Here is a list of features/fixes for this release:
   - Add support for virtual hosts (serve more than one hostname from
different virutal roots)
   - Add support for "Content-Range"
which enables resume downloading and multipart download (ala
GetRight, FastGet, etc)
   - Add support for "Content-Enconding" (defalte) which allows for
sending compressed data across the wire
   - Modified code to handle file sizes > 2 GB
   - Corrected HTTP header "sever" ==> "server"
   - Added "Ban IP" to popup menu on HTTP log
   - The ability to stop all HTTP logging from local IP addresses
   - Add option to hide "Server" HTTP header response
   - Added more debug logging
   - Modified the default binding to be any IP Address
   - Changed address 0.0.0.0 to "Any IP Address" to make it explicit
   - Fixed defect in the restart routine after changing config
options, sometime it wouldn't restart
   - Fixed defect in sending error codes without sending content
length
   - Minor tweaks to FTP server
   - Fixed directory browsing defect when directory names had periods
in them
   - Fixed options dialog for virtual hosts home directory
   - Fixed default MIME types
   - Fixed cross site scripting vulnerability in ISAPI handling

As always - you can get the latest version from
http://www.brswebweaver.com/

Enjoy,
-Blaine

After several rounds of beta release for 1.07 - the final version
has now been released.

Here is a list of fixes for this release:
   - Fixed FTP Server bug that didn't allow sub-directory listings
   - Fix bug where IP address wasn't displayed in 414 error responses
   - Modified HTTP auto startup to solve auto start problems
   - Modified "Banned IP" address check to use RegEx expression
matching
   - Log entry before actually sending it - so that we have a record
of it
   - Modified "If-Modified" request handling
   - Add "localhost" to list of available IP Addresses
   - Fixed bug where multiple Options dialog could be shown


In addition - there is a beta release of WebWeaver 1.20 which
includes significant new features.  Details for 1.20 beta can be
found here:
http://www.brswebweaver.com/forums/index.php?showtopic=113


As always - you can get the latest version from
http://www.brswebweaver.com/

Enjoy,
-Blaine

After several rounds of beta releases for 1.06 - the final version
has now been released.

The big news is that previous compatibility problems with PHP > 4.31
have been fixed.  BRS WebWeaver now functions with all versions of
PHP - including the new PHP 5.0 Betas.

Here is a list of fixes for this release:

- Fixed Perl CGI command line invoke (broken in 1.05)
- Fixed problem identifying the pathinfo on a cgi/isapi request
- Improved the way CGI apps are identified
- Fixed problem when minimizing WebWeaver on startup
- Change CGI environment variables to conform with Apache 2.0
- Fixed a hole in realm security introduced in v1.05
- Fixed compatibility with all versions of PHP (including PHP 5)
- Correct Support Forum link in about box


You can get the latest version from
http://www.brswebweaver.com

-Blaine

After several rounds of beta releases for 1.05 - the final version
has now been released.

Here is a list of fixes for this release:

   - Fixed Error Page Cross-Site Scripting vulnerability
(http://www.secunia.com)
   - Fixed FTP problem where you couldn't change to valid lower level
directories
   - Fixed FTP Denial of Service security hole related to RETR
   - Fixed FTP Denial of Service security hole in Windows9x
   - Fixed problem with not sending pages when the IfModifiedTime was
in the future
   - Changed the way MIME types are populated (now from Registry +
well known set)
   - Now send REQUEST_URI in CGI environment
   - Fixed sending PATH_INFO to PHP requests
   - Improve identification of PHP, CGI, Perl, DLL's, etc. scripts
   - Fixed a problem with SSI "FLASTMOD" directive
   - Added trailing / to directory names in directory listing
   - Added a couple more default MIME types (.ogg, etc.)
   - Sending files via TransmitFile rather than chunking it myself
   - Fix RemoteAdmin functionality
   - Fixed hole in realm security


There are two known issues that have not yet been addressed.  They
are:
   - Incompatibility with PHP 4.3.2 (use 4.3.1)
   - Denial of Service security hole in Windows9x (Win95 and Win98)


You can get the latest version from
http://www.brswebweaver.com

-Blaine

I just wanted to let everyone that there is a new dedicated home for
BRS WebWeaver.  The new site has a support forum that allows you to
see what support problems other people are having - and the
resolution to those problems.

I would prefer all BRS WebWeaver support is now performed through
the support form rather than via e-mail.


You can also download the latest version of BRS WebWeaver from the
site as well.

The new site is http://www.brswebweaver.com

Enjoy,
-Blaine

Here is a list of fixes for this release:

- Fixed ISAPI defect - correct handling redirect
- Fixed ISAPI defect - was not sending Content-Length header when
length was 0
- Fixed ISAPI handling of IntraWeb applications
- Fixed ISAPI handling of headers in HSE_REQ_SEND_RESPONSE_HEADER
- Add the ability to control WebWeaver with windows messages
- Fixed CGI Content-Length header ( was sending incorrect value )
- Fixed ISAPI.WriteClient problem that could cause 100% utilization
- Fixed a problem where CGI data may be truncated
- Fixed problem adding http headers to CGI & ISAPI apps


You can get the latest version from
http://www.bsoutham.org

BRS WebWeaver 1.02 has been released

Here is a list of fixes for this release:

- Added exporting of HTTP headers to CGI ( thanks Vatche Demirjian )
- Modified ISAPI Server Variables to be compatible with IIS ( thanks
Christof Lange )
- Changed ISAPI version loading from 4 to 6
- Fixed bug where redirects from CGI may not occur
- Minor fixes in executing PHP scripts
- Remote Admin Port can now be set below 10000
- Began compiling with Delphi 7

You can get the latest version from
http://www.bsoutham.org


During testing of PHP functionality I verified that PHP-Nuke (
http://phpnuke.org/ ) and phpbb ( http://www.phpbb.com ) both work
correctly.  Both are very nice projects.


Thanks,
Blaine

BRS WebWeaver 1.01 has been released.


Here is a list of fixes for this release:

- Added Ban IP functionality
- Fixed a defect in Group handling ( thanks John Rachide )
- Fixed logging to make it CLF compliant ( thanks Vatche Demirjian )


You can get the latest version from
http://bsoutham.home.dhs.org

Thanks,
Blaine

BRS WebWeaver 1.00 has been released.

Bump version number to 1.00 and removed the BETA tag.

Here is a list of fixes for this release:

-  Fixed a security vulnerability that allowed a user to browse
outside of the virtual root directory ( and either view files, or
browser directories ).
-  Fixed a security vulnerability that allowed script commands to be
passed to a CGI program, and the script would be executed by the
browser.


You can get the latest version from
http://bsoutham.home.dhs.org

Thanks,
Blaine

BRS WebWeaver 0.69 BETA has been released.

Here is a list of fixes for this release:
   - Mostly a documentation update.  Huge thanks to Ted for writting
the user docs. - Ted at http://www.bluwall.com
   - Fix limitation on FTP window logging
   - Logging windows now scroll to latest entry
   - Tweaks to CGI handling
     * QUERY_STRING is not decoded before passing to CGI - Aryeh
Eiderman
     * The working directory is now set to where the script resides
     * modified routines to identify CGI App requests to make them
faster.
     * Post data is handled much faster. ( ~900% faster )
   - Fixed bug in ISAPI Post command - Stephen Wong
   - Fixed exception in ISAPI handling
   - Fixed mutli-threading issue that would cause an occasional
exception on startup or problems shutting down.
   - Fixed problem with FTP clients sending arguments in LIST
command - Sebastian Schuberth
   - Started compiling with Delphi 6


You can get the latest version from
http://bsoutham.home.dhs.org

Thanks,
Blaine

Sorry for the second e-mail on WebWeaver 0.68 but there was a
problem with the initial release.  If you downloaded
WebWeaver068.exe prior to 01/01/02 - then it still reports it self
to be version 0.67.  All functionality is identical - but I have
posted a new version that reflected the correct version number in
the splash screen and about box.

Sorry for the inconvenience.

Blaine

BRS WebWeaver 0.68 BETA has been released.

Here is a list of fixes for this release:
   * Modified AdminThread to log with LOG_DEBUG rather than LOG_ALL
   * Fixed bug in ISAPI handling
   * Fixed bug where enabling RemoteAdmin would cause exception in
some cases
   * Rewrite the AdminThread, so that it is only created if you
enable it
   * Fixed directory browsing icons. Some where not displayed
properly (.EXE)
   * Directory browsing listings are now alphabetical, rather than
disk ordered
   * Removed "Parent Directory" from virtual directory listing
   * Added timestamp to FTP messages
   * Added the ability to "clear" and "copy" HTTP & FTP logs
   * Forgot to mention that a new error log was added in version 0.67
   * Complete rewrite of thread pool
   * Rewrite worker threads to work with new thread pool
   * Fix SSI directive FLASTMOD to work with File= correctly
   * Fix CGI Post to handle large files
   * Corrected param handling on request URL

Enter your vote today!  A new poll has been created for the
webweaver group:

What you be the top priority for the
next release of WebWeaver?

   o Get rid of all the existing bug
   o Add more features
   o Add ASP support
   o Finish documentation
   o Finish remote admin functionality


To vote, please visit the following web page:

http://groups.yahoo.com/group/webweaver/polls

Note: Please do not reply to this message. Poll votes are
not collected via email. To vote, you must go to the Yahoo! Groups
web site listed above.

Thanks!

BRS WebWeaver 0.67 BETA has been released.

Here is a list of fixes for this release:
   - Fixed logging to file problem (it now logs - broken in 0.66)
   - Now appends to the end of a log file if it previously existed
   - Change to logging now take effect without having to exit and
start WebWeaver
   - After fixing items above, decided to rewrite the entire logging
     I wrote a generic logging class with lots of new stuff.
       * Ability to read logs from another process (previously locked)
       * Ability to specify logging level - now I don't need seperate
debug routines
       * Optional buffered logging
       * Optional callback to handle output to GUI

Thanks to Kv Vaughan for pointing out the bug.

BRS WebWeaver 0.66 BETA has been released.

The encryption routines for storing the user passwords has changed.
You must re-enter all user passwords before they will work!  If this
is a huge problem for anyone let me know, and I can work on a routine
that converts them to the new format.

Please use webweaver@... for questions about BRS
WebWeaver.  You can also signup for a support mailing list at
http://groups.yahoo.com/group/webweaver-support


Here is a list of fixes for this release:
   - Removed 0.61 INI upgrade
   - Fixed HTTP Post to CGI problems
   - Added ISAPI support for HSE_REQ_SEND_RESPONSE_HEADER_EX
   - Added Help/Home Page menu item
   - Corrected spelling errors
   - Now users are removed from the FTP users list and the
     protected realm list if they are deleted.
   - Added PHP support (via CGI gateway)
   - Added the ability to execute .pl and .cgi files as perl cgi
   - Rewites of logging routines
   - Trimed the leading space from CGI variables passed in
     the environment
   - Modifed hidden password length to reflect real password
     length in "Server/Users" option page
   - Changed encryption routines to correctly handle non-alpha
     chars in passwords.