What's new? cFos Personal Net --------------------------------------------------------------------------- Legend: * New feature + Improvement ! Software change requires modification of your configuration x Bugfix - Information only Revision history: --------------------------------------------------------- cFos Personal Net 3.07 x Fixed a crash when UPnP server tried to access an invalid URL. cFos Personal Net 3.06 - Added code to disallow empty public and private directory settings in GLOBAL.INI. x the sidebar Gadget vor Windows Vista and Windows 7 should work again. Thanks to Stef. x Changed encoding UPnP media url, so they are compatible with more devices. Using spaces, etc. in file names could cause problems. x If authenticated HTTP requests resulted in an error, then the error response errorneously required an authentication, even if no ErrorHandler file was configured. This resulted in the wrong HTTP responses. Fixed. x Fixed a bug which could cause strange HTTP response codes to appear in the log file. cFos Personal Net 3.02 + From the data we see in the crash reports you send us, we see a lot of crashes, caused by viruses or malfunction of security software. So from now on the crash handler will try to report if the crash was causes by a virus or malfunctioning software (which installs "hooks"). So you can take measures to increase system stability, e.g. clean your system, update your security software, etc. x Fixed crash when the Windows firewall is not accessible. cFos Personal Net 3.00 + Added support for PHP. In mode cases, PHP is not used like normal CGI scripts. Instead PHP scripts may also contain HTML code and no first line specifying the interpreter. Therefore you can now specify a new file type in the AddHandler directive, named php-file. cFos Personal Net will use the key "php_interpreter" in the [param] section of GLOBAL.INI to start the php interpreter with the php script file as parameter. + Added paramter in global.ini, section [param] to control cleanup of threads. thread_cleanup_interval in msec specifies the interval at which unused threads are cleaned from the pool in msec, default is 2000. + Reduced the memory load on the system in case of lots of connections. + Added pnet_redirect_host directive to allow easy mapping of HTTP requests to a canonical host, like requests to cfos.de to www.cfos.de. + PROPFIND are not redirected from a directory to a file anymore. x Fixed slight compatibility problem with Apache in Redirect directive. x Under rare conditions cFos Personal Net could cause a script to never terminate. Fixed. cFos Personal Net 2.10 build 2300 Beta + Added a little sendmail.exe program. If you use CGI scripts, you should put it into the path, so your scripts can find and start it. It accepts rfc822 messages in UTF-8 encoding and uses the smtp parameters in the GLOBAL.INI file of cFos Personal Net to send the mail. + cFos Personal Net now regards the Connection: Close header. Also closes the connection after completing HTTP 1.0 requests without Connection header. + When the length of a HTTP response cannot be determined in advance, cFosSpeed uses chunked data transfer. But, since old HTTP 1.0 programs cannot handle chunked data transfer, cFosSpeed now closes the connection after the response body was sent. This is a requirement of the HTTP 1.0 specification. Now old programs, like wget should work better with cFos Personal Net. + smpt_server, smtp_username, smtp_password and smtp_use_ssl settings in GLOBAL.INI can now be changed without starting the server. + added smtp_port parameter. -1 means default. Other values specify the SMTP port, e.g. 25. ! renamed 'www' directory in pub to 'private', because it contains private files for the users. Please check, if you have private user content. x Fixed a bug where cFos Personal Net sometimes did not disconnect properly after processing the HTTP request. x HTTP Digest authentication failed if no qop field was given. Fixed. x Changed the authorization of the /www directory, so the admin can access it. Subdirectories of /www can be accessed by their respective users by means of the Require actual-user directive. x Fixed one more bug with creating caldav_personal / carddav_personal directories. x Fixed a bug where non-existent calendar or addressbook entries weren't reported with the correct 404 response. x Fixed several bugs, which caused the webserver and/or sendmail.exe to use incorrect passwords when sending mail. cFos Personal Net 2.08 build 2200 Beta * New context menu entries: display the public directory show the current server connections start configuration start connectivity test show the user administration page start the publish file dialog * New Publish File dialog. It allows to select a file to publish for others to download and also lets you select the user for whom the file is. * The cFos Personal Net standard dialogs now include help and links to user administration, current connections and DynDNS settings. + Fixed several problems with CGI scripting. + Fixed problems with spaces and ' in file names. + You can now use the key enable_kernel_streaming=0 in GLOBAL.INI, section [param] to disable HTTP kernel streaming. Default is enabled. Kernel streaming is used under Windows Vista SP1+. x Fixed a crash when executing server shutdown scripts. x Fixed automatic creation of caldav_personal/carddav_personal directory. cFos Personal Net 2.06 build 2100 Beta * Added experimental uPnP media server support. By setting the key enable_media_server=1 in the [param] section of global.ini in the programdata\cfos\cfospnet directory, you can enable the uPnP media server function. The root directory for media (audio, video, images) is by default 'media' in the public directory. You can change it with the key media_dir=... in the [param] section of global.ini. It should be a subdirectory of public. cFos Personal Net checks the media directory and subdirectories against HTTP authentication settings and only reports files or directories with unrestricted public access by the HTTP GET method. * Added connectivitiy test in the setup. The installer can now check, if cFos Personal Net is reachable as "localhost", with your private ip address and with your public ip address. This should help reduce problems with unreachable URLs. * Added a watchdog which checks if a program uses a port already in use by cFos Personal Net, e.g. port 80. - Added more audio and video mime types. cFos Personal Net 2.04 build 2006 Beta x Fixed a bug where the installer would rename .htaccess files to .htaccess.bak even if no relation to files in the installation exists. cFos Personal Net 2.04 build 2004 Beta + Added new Require type: actual-user
. Pnet takes the current request path after each directory in and checks the next url path fragment against the current authenticated user, e.g. Require actual-user / in a .htaccess file located in /www would allow the user 'test' access to the directories /www/test/ and below. Directories in the are always relative to the location of the current .htaccess file they appear in. x Fixed authentication problems as non-admin for CalDAV/CardDAV with the new Require type. cFos Personal Net 2.02 build 2002 Beta x Changed location of personal calendar/addressbook for CalDAV/CardDAV access to the /www/ / directory, instead of the /users/ / directory. This solves authentication problems for non-admin users. + cFos Personal Net now support uPnP NAT port forwarding. If you have a uPnP capable router, cFos Personal Net can now add port forwarding rules for the HTTP and HTTPS port on startup and remove the port forwarding rule on shutdown. You can disable this feature in the during installation. For example, if you only want to use cFos Personal Net in your LAN, you would not want it to use port forwarding. Note: NAT Port forwarding only applies to IPv4. + cFos Personal Net now uses the .NET MailMessage Class to send mail, instead of CDO. This allows sending encrypted mail via STARTTLS. The webserver -> sendmail object was updated accordingly. Please check the documentation and update your scripts. cFos Personal Net still uses the GLOBAL.INI settings smtp_server, smtp_user, smtp_pwd so that the credentials need not be in the scripts. In addition the key smtp_use_ssl=1 now enables SSL/STARTTLS encryption. cFos Personal Net 2.00 build 2000 -- 04-Dec-2012 x Under some operating systems HTTP DELETE could not always delet directories. Fixed. x CalDAV can now process requests with time-range filtering without start and/or end date, used by iOS (iPhone, iPad, etc.). cFos Personal Net 1.33 build 1502 Beta ! Removed the pnet_no_auth, pnet_limitput and pnet_limitdelete directive, because cFos Personal Net now supports the and Require directive, which are far better suited to configure access control. Adapted the .htaccess files accordingly. You should check it this still meets your access configuration requirements. See the directive below... Also the webserver authenticate scripting method now needs a verb which can be checked against the directive as an additional parameter. * Added CARDDAV support, according to RFC 6352. cFos Personal Net can now be used to synchronise address book data. Similar to the CALDAV calendar data, address book data is stored in a subdirectoy in the authenticated users home directory. Address book directories begin with a configurable prefix (default is "carddav_"). You can either create such a directory manually (e.g. with Windows Explorer) or cFos Personal Net will create a carddav_personal directory by default when it detects a CARDDAV address book query for the current authenticated user. If your CARDDAV software cannot find address books automatically you can configure the calendar at /pub/users/ /carddav_personal. * Added directive. .htaccess directives between andare only processed if the current HTTP method is in the space separated list of methods. For example: ...directiveslimits certain directives to HTTP POST's only. * Updated the Require directive. It now also supports Require all granted Require all denied Require method Require env x Improved handling of junctions (directory hard links) in makedir2.jss. Thanks to Stef. x Removed 404 error document entry in private .htaccess, because it is handled by all_errors.shtml x Improved handling of DAV:REPORT for unsupported commands. PROPFIND can now report CALDAV/CARDDAV resourcetypes and content-types. x Improved handling of DAV:current-user-principal property, which is used for calendar/addressbook auto-detection. - Moved most parts of the public .htaccess to the private .htaccess. This should simplify modifying .htaccess files in the public tree. cFos Personal Net 1.33 build 1500 * cFos Personal Net now supports CALDAV calendars, according to RFC 4791 with some support for extensions so calenders can automatically found for authenticated users. This allows you to synchronize your calendar software with the calendar data on the cFos Personal Net server. Calendars are stored in a subdirectoy in the authenticated users home directory. These begin with a configurable prefix (default is "caldav_"). You can either create such a directory manually (e.g. with Windows Explorer) or cFos Personal Net will create a caldav_personal directory by default when it detects a calendar query for the current authenticated user. If your CALDAV software cannot find calendars automatically you can configure the calendar at /pub/users/ /caldav_personal. + Added pnet_lock directive. You can use pnet_lock on or pnet_lock off in your .htaccess files. This causes cFos Personal Net to acquire a global named lock. The name is the full path of the respective .htaccess file. This prevents concurrent HTTP requests to the same directory. This is useful to prevent concurrent WEBDAV / CALDAV requests from overwriting data. It is also recommended when there may be concurrent PUT requests an certain URLs. x Fixed a bug in cfospnet.gadget, which prevented it from accessing cFos Personal Net. Thanks to Cody. cFos Personal Net 1.32 Build 1400 -- 10-Oct-2012 ! pnet_no_auth directive is no longer inherited by sub-directories. This caused a potential security risk where un-authorized users could read data which required authorization. We strongly recommend to update cFos Personal Net to V1.32. + makedir2.jss now has exception handling code to prevent "access denied" script errors. Thanks to Stef for the reports. - The cFos Personal Net installer now also collects installation/usage statistics. cFos Personal Net 1.30 Build 1300 -- 18-Sep-2012 + Added cFos WMI Monitor package cFos Personal Net 1.21 Build 1250 -- 07-Sep-2012 + Added support for add-on packages. Our first add-on package will be released shortly. ! Added pnet_no_auth directive. Use it to specify for which HTTP methods you don't need authorization, e.g. pnet_no_auth GET HEAD This allows to add HTTP authorisation for public folders, but still allow access to unauthorized users. We changed the default .htaccess file so that Digest authorization is now always required, but not for GET HEAD OPTIONS POST. This enables admins write access to public folders with authorization, while normal users still can read files. + cFos PNet now displays the *local* IP addresses in the context menu. This should help to configure NAT port forwarding and to reach the cFos PNet from within your LAN. + Added text/calendar mime type + Work-around for WebDAV Navigator + Added WebDAV element as returned property for PROPFIND. x Fixed a bug where If-Match and If-None-Match headers would not be handled correcty for HTTP requests other than GET and POST. cFos Personal Net 1.00 Build 1100 -- 07-Aug-2012 * Added WebDAV support! This allows to manage cFos Personal Net folders from remote locations by using Windows Explorer (Windows 7) and also the use of file synchronization tools, for example on smartphones. To open your cFos Personal Net folders from remote type \\www.yourdomain.com\DavWWWRoot\dav in the address bar of windows Explorer. Windows Explorer will then access your dav subfolder in the public folder. For write/delete access remove the commented section in .htaccess in your public folder. Please also modify the access rights / HTTP auth. Otherwise everybody has write/delete access to your dav folder. WebDav in cFos Personal Net currently treats all resources as files and directories in the public folder tree, using RFC 4918, including exclusive LOCKs. It supports the following methods: PROPFIND, PROPPATCH, DELETE, PUT, MKCOL, COPY, MOVE, LOCK, UNLOCK. PROPPATCH is used to modify file attributes and file times. + cFos Personal Net now comes with a litte sidebar gadget. It displays the number of current connections and the progress of current file transfers. So you always see what's going on :-) Windows 8 users can use the HTML version pub/users/gadget.htm. + Added and directive. The directives between andare only used for a URL which matches exp. is the regular expression version of it. The location directive matches the whole URL beginning with / of the request and is not tied to particular files or directories in your file system. The and directives are useful if you want to keep certain directories free of .htacces files. In this case you can place your needed .htaccess directives in the .htaccess file of the upper directory in a or block. cFos Personal Net 0.94 Build 1020 -- 24-Jul-2012 (Release Candidate 2) x Fixed a long-standing bug, where Digest Authentication caused the browsers to re-ask for user/password after a few request. x Fixed a bug where the URL caching got confused when files or directory existence changed after the HTTP request. cFos Personal Net 0.92 Build 1010 -- 26-Jun-2012 + Added support for COM event sinks in scripts. The webserver object now has a new function CreateObject, which works like the CreateObject function of the Windows Scripting Host. You can specify a prefix for script functions to receive COM events. This allows an event driven programming model for server scripts. + To support event driven programming, added function create_event() which returns a waitable event. The event object has the methods set(), reset() and is_set() to set, reset and query the state of the evennt. There is also a new function wait_for_events(), so you can wait for one or more events. This allows for far better response times that using sleep. See documentation for details. + Added stop_impersonation() and restart_impersonation() to allow scripts to run with elevated rights (for a short time). This allows cFos Personal Net to perform admin tasks in scripts. You need to configure which scripts are allowed to stop impersonation in the GLOBAL.INI file. See documentation for details. cFos Personal Net 0.90 Build 1006 -- 23-Apr-2012 x Fixed a bug where the user authentication didn't work when the public directory was not at the default location. cFos Personal Net 0.90 Build 1004 -- 05-Apr-2012 x Fixed a bug where larger files could cause send problems. - Changed the style of the pnet directory web pages. cFos Personal Net 0.90 Build 1002 -- 28-Feb-2012 + The master password is now copied into the registry to survive an uninstall. Also you can backup master_pwd.ini and store it into the same folder as setup.exe before installation. Thereby your let cFos PNet use this master password for the new installation. + The admin password dialog is now always visible, so you can easily change it during installation. cFos Personal Net 0.90 -- 03-Feb-2012 - Initial release. Note: Pre-purchase life-time license for 9.90 € (50% off until Release Version 1.0).