Recent Releases
10.8.108 May 2018 01:45
minor feature:
mbed TLS updated to 2.8.0.
Removed support for secp192r1 and secp192k1 curves, to make it PCI DSS compliant out of the box.
Small improvements to Let's Encrypt ACMEv2 script.
10.724 Oct 2017 06:45
minor feature:
Connect to a Unix socket via a reverse proxy.
Added BlockExtensions setting.
mbed TLS updated to 2.6.0.
Small improvements.
error in handling renewal scripts in Let's Encrypt script.
10.602 May 2017 07:45
minor feature:
Added PublicKeyPins option.
Added renewal-scripts to Let's Encrypt script.
mbed TLS updated to 2.4.2.
Small changes to CMake build system.
Small improvements.
SCSV in mbed TLS.
10.528 Jan 2017 19:05
minor feature:
mbed TLS updated to 2.4.0, using GPL version.
Added CustomHeaderBackend option.
Renamed CustomHeader option to CustomHeaderClient. Old name still works.
Hiawatha ignores FileHashes and ReverseProxy for Let's Encrypt
authentication requests.
Small.
10.429 Oct 2016 16:10
minor feature:
mbed TLS updated to 2.3.0. SkipCacheCookie option added. Added Systemd init script to Debian package. Small improvements and bugfixes.
10.317 Jul 2016 06:22
minor feature:
PreventCSRF, PreventSQLi and PreventXSS improved. Prevention of MySQL data mining via SQL injection. Added revoke option to Let's Encrypt script. Hiawatha ignores RequireTLS for Let's Encrypt authentication requests. Small bugfixes and improvements. Bugfix: possible HTTP request pipelining error after CSRF prevented.
10.202 May 2016 23:05
minor feature:
Added Let's Encrypt script (see extra/letsencrypt).
Added support for requesting Let's Encrypt certificates (see AccessList
and PasswordFile settings in manual page).
Small improvements.
HideProxy not working for Forwarded header.
9.1529 Oct 2015 02:05
minor feature:
Mbed TLS updated to 2.0.0.
Crash when sending very large request to FastCGI server.
9.1303 Jun 2015 11:19
minor feature:
hiawatha (9.13) stable; urgency=low
* Renamed SSLcertFile to TLScertFile.
* Renamed RequireSSL to RequireTLS.
* Renamed SSL_* CGI environment variables to TLS_*.
* Renamed UrlToolkit option UseSSL to UseTLS.
* Replaced MinSSLversion by MinTLSversion.
* LogTimeouts option added.
* Added 'skip directories' parameter to reverse proxy.
* Failed logins sent to Hiawatha Monitor.
* Small bugfix and improvements.
-- Hugo Leisink Sun, 10 May 2015 09:47:41 +0200