Release Notes: This is primarily a "clean up" release, which means that most of the changes made are to improve the overall quality of the code, without introducing many new features. Some bugfixes were made and some new features were added, but the main changes were made to improve error checking for system calls and memory allocations.
Release Notes: Lots of changes, some bugfixes, and some new features.
Release Notes: This release prevents the encoding of / and .. in pathnames, wraps execution of gunzip in cgi.c if defined, and no longer parses when a fragment is found in the URL ('#').
Release Notes: Fixes for the temporary file permissions and POST problems, pipes are now closed in the child fork, minor changes to the Debian package, HTTP_REFERER variable is now implemented in cgi.c, and a maximum number of active connections has been implemented to prevent running out of file descriptors.
Release Notes: Removal of doc++ commenting and erroneous debugging statments, moved some stuff out of config.c (read_config_file) to boa.c, alterations to fixup_server_root(), and a bugfix in get.c regarding automatic gunzip.
Release Notes: Fixes for buffer overflow in alias.c, buffer underflow in util.c, and alteration of most of the comments and such for doc++ use.
Release Notes: Better escaping of data to user, both for HTTP headers and HTML body (as per CERT advisory CA-2000-02), and proper escaping of output in CGI example Perl scripts.
Release Notes: Fixed bad interaction between keepalive (pipelined) requests and some HTTP error messages.
Release Notes: Fixed pipeline bug causing potential corruption. Some Debian GNU/Linux specific changes (init script) Added code for (requires compile-time tweak) for *BSD systems.