[dancer-users] Dancer 1 v1.1334 on its way to CPAN

Yanick Champoux yanick at babyl.dyndns.org
Sun Jun 2 17:57:32 BST 2013

Hey all,

As a way to celebrate YAPC::NA, here is a fresh new release of Dancer 1. 
:-)  It's a fairly small release, but it takes care of a security issue 
with cookie names (it was possible to inject \r\n in the names, and thus 
do evil things with the response headers), and has a patch that make 
possible to have non-'/'-based apps behind proxies.

1.3114 02.06.2013

     * GH #919: 'dancer' script exits with code 255 if application
         name is invalid. (ppisar)
     * GH #871: now recognize HTTP_X_FORWARDED_PROTO. (mlbarrow)
     * GH #926: make messages from fatal warnings show up in the logs.
         (Max Maischein)
     * GH #930: speed improvement. (ichesnokov)
     * GH #859: strip illegal characters from cookie name. (Colin Keith)
     * GH #924: non-'/' apps behind proxies now possible using 		
	'request-base' header. (Mikolaj Kucharski)

     [ BUG FIXES ]
     * GH #724: app.pl obeys --confdir. (Yanick Champoux)
     * GH #927: logging format using 'h' now play nicely if no header 

     * GH #922: Add example of request parameters. (Gabor Szabo)
     * Add scheme line for ngnix config in D::Deployment.

Enjoy (and, as usual, a big thank to all bug reporters and patchers, and 

More information about the dancer-users mailing list