versions.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!-- vim: set tw=100: -->
<articles>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.13.4</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2024-09-15">2024-09-15</time>
		</header>
		<aside>
			<div>
				Adding CORS request and response headers:
				<code>Access-Control-Allow-Credentials</code>,
				<code>Access-Control-Allow-Headers</code>,
				<code>Access-Control-Allow-Methods</code>,
				<code>Access-Control-Allow-Origin</code>,
				<code>Access-Control-Expose-Headers</code>,
				<code>Access-Control-Max-Age</code>,
				<code>Origin</code>,
				<code>Access-Control-Request-Headers</code>,
				and
				<code>Access-Control-Request-Method</code>.
				While here, also add a brief tutorial on handling CORS
				pre-flight requests.
			</div>
			<div>
				Fix a big in handling <code>POST</code> forms
				with parameters passed in with the
				<code>application/x-www-form-urlencoded</code>
				content type.  These are now correctly
				processed.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.13.3</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2023-12-02">2023-12-02</time>
		</header>
		<aside>
			<div>
				Fix shared library on Mac OS X.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.13.2</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2023-11-25">2023-11-25</time>
		</header>
		<aside>
			<div>
				Un-break seccomp for i386.
			</div>
			<div>
				Start installing shared libraries alongside the static archives.
				Also restrict symbol visibility to the contents of the public header
				files.
			</div>
			<div>
				Decouple writer libraries (<a href="kcgihtml.3.html">kcgihtml(3)</a>
				and such) from reaching into private functions of 
				<a href="libkcgi.3.html">libkcgi(3)</a>.  This meant moving some
				writer functions (e.g., 
				<a href="kcgi_writer_write.3.html">kcgi_writer_write(3)</a> into the
				public header file.
				This also allows for creating external writer routines.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.13.1</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2023-11-19">2023-11-19</time>
		</header>
		<aside>
			<div>
				Re-enable seccomp by default after introducing
				<a href="https://github.com/kristapsdz/kcgi/actions">GitHub actions</a>
				to test on
				alternate architectures (armv7, aarch64, etc.).
			</div>
			<div>
				Add
				<a href="khttp_fcgi_getfd.3.html">khttp_fcgi_getfd(3)</a>, which
				allows for asynchronous applications (those with a descriptor
				polling loop) to incorporate <span class="nm">kcgi</span>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.13.0</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2021-09-23">2021-09-23</time>
		</header>
		<aside>
			<div>
				<strong>Disable Linux's seccomp by default.</strong>
				I'm just not able to maintain this facility in a reliable way.  For
				future work, it looks like <a href="https://landlock.io">landlock</a>
				might be a better solution.  Maintainers can enable seccomp by
				editing the Makefile to re-add support.  (This will also add
				debugging.)  I'll continue to add patches for those running with
				seccomp, but don't have the bandwidth to test them.
			</div>
			<div>
				Allow
				<a href="khttpbasic_validate.3.html">khttpbasic_validate(3)</a>
				to validate both <q>bearer</q> and <q>basic</q> requests.
				This follows from conventional usage of bearer tokens.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.12.5</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2021-05-08">2021-05-08</time>
		</header>
		<aside>
			<div>
				Add support for <q>bearer</q> authorisation tokens.  These are
				described in 
				<a href="https://tools.ietf.org/html/rfc6750">RFC 6750</a>.
				Fix <a href="khttp_fcgi_test.3.html">khttp_fcgi_test(3)</a> to work
				properly when in variable-pool mode.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.12.4</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2021-03-02">2021-03-02</time>
		</header>
		<aside>
			<div>
				Add some attributes and elements for
				<a href="https://www.w3.org/TR/html52/">HTML5.2</a>, which is the
				standard supported by <a href="kcgihtml.3.html">kcgihtml(3)</a>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.12.3</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2021-01-20">2021-01-20</time>
		</header>
		<aside>
			<div>
				<b>Bug fix</b>: fix some bad pointer arithmetic on a regression test
				on Linux.  While here, fix how <code>make regress</code> would spam
				some systems with erroneous warning messages.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.12.2</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2020-07-24">2020-07-24</time>
		</header>
		<aside>
			<div>
				<b>Bug fix</b>: some errors encountered writing connection
				file-descriptors to child processors in FastCGI were accidentally
				ignored.
				This came because the function returned success, failure, or hangup,
				while the caller was testing for failure/success.
				No such error has ever been reported in the wild&#8212;it would
				probably signify much larger issues that would soon be caught
				anyway&#8212;but the fix is still valid.
			</div>
			<div>
				Significant simplification of the back-end in removing several
				crufty interfaces.
				Back-end logging now uses the front-end logging functions for
				consistency and to avoid having separate loggers.
				The same applies to the <code>debugging</code> parameter passed into
				<a href="khttp_parse.3.html">khttp_parse(3)</a>.
			</div>
			<div>
				<b>Bug fix</b> for FreeBSD with Capsicum when logging to a file
				opened with <a href="kutil_openlog.3.html">kutil_openlog(3)</a>.
				Same goes with the Linux and Darwin sandboxes.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.12.1</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2020-05-11">2020-05-11</time>
		</header>
		<aside>
			<div>
				Deprecate
				<code>kutil_date2epoch</code>,
				<code>kutil_date_check</code>,
				<code>kutil_datetime2epoch</code>, and
				<code>kutil_datetime_check</code>
				in favour of
				<a href="khttp_datetime2epoch.3.html">khttp_datetime2epoch(3)</a> and
				<a href="khttp_datetime2epoch.3.html">khttp_date2epoch(3)</a>.
				These variants use portable implementations of
				<a href="https://man.openbsd.org/gmtime">gmtime(3)</a> and
				<a href="https://man.openbsd.org/timegm">timegm(3)</a> 
				that are not
				encumbered by per-system constraints such as FreeBSD not accepting
				years prior to 1900 and of course the 32-bit problem.
			</div>
			<div>
				Add 
				<a href="khttp_epoch2datetime.3.html">khttp_epoch2datetime(3)</a>
				to symmetrise
				<a href="khttp_datetime2epoch.3.html">khttp_datetime2epoch(3)</a>.
			</div>
			<div>
				Further deprecate <code>kutil_epoch2str</code>, 
				<code>kutil_epoch2utcstr</code>, 
				<code>kutil_epoch2tmvals</code>, and
				<code>KUTIL_EPOCH2TM</code> as
				<a href="khttp_epoch2str.3.html">khttp_epoch2str</a>, 
				<a href="khttp_epoch2str.3.html">khttp_epoch2ustr</a>, 
				<a href="khttp_epoch2tms.3.html">khttp_epoch2tms</a>, and
				<a href="khttp_epoch2tms.3.html">KHTTP_EPOCH2TM</a>, respectively.
				The new forms, besides having consistent naming, specifically
				account for corner cases like negative dates, years with more than
				four digits, etc.
				These no longer use the system
				<a href="https://man.openbsd.org/strtime">strtime(3)</a>
				due to inconsistencies between implementations (e.g., Oracle Solaris
				not printing &gt;4 digit years) and the 32-bit problem.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.12.0</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2020-04-10">2020-04-10</time>
		</header>
		<aside>
			<div>
				Add the <a href="khttp_urlpart.3.html">khttp_urlpart(3)</a> family
				to replace the now-deprecated <code>kutil_urlpart</code> functions.
				These are for the most part a re-name of the old functions that
				remove the unused <code>struct kreq</code> argument.
				There are some small behaviour changes from the original in corner
				case usage: they have an empty suffix (not just <code>NULL</code>)
				inhibit printing the dot-suffix, allow a <code>NULL</code> page, and
				have an empty or <code>NULL</code> page also inhibit the suffix.
				This way, these functions only produce valid URLs, and also allow
				for some previously-disallowed (but valid) forms such as
				<code>/?foo=bar</code>.
			</div>
			<div>
				The previous functions have been retained with the original
				behaviour <strong>with one exception</strong>: before, an empty
				suffix would still print the period separator.  Now, this is
				suppressed.
			</div>
			<div>
				The <code>khttp_vurlpart</code> and <code>khttp_vurlpartx</code>
				forms, which accept a variable-length type, are also now exposed for
				use.
			</div>
			<div>
				Add the <a href="khttp_urlabs.3.html">khttp_urlabs(3)</a> function,
				which is similar to the earlier <code>kutil_urlabs</code> but
				significantly more robust and accepts query string arguments.
				The earlier <code>kutil_urlabs</code> is retained, but deprecated.
			</div>
			<div>
				Add <a href="khttp_urlencode.3.html">khttp_urlencode(3)</a> and
				<a href="khttp_urldecode.3.html">khttp_urldecode(3)</a>,
				replacing the legacy <code>kutil_urlencode</code> and
				<code>kutil_urldecode</code>.  They're identical
				except in how <code>NULL</code> values are handled, in the first
				case returning them as empty strings instead of <code>NULL</code>,
				in the second regarding them as errors.
				For the encoder, this allows all URL formatting tools to pass
				<code>NULL</code> values as query string values without errors.
				The earlier functions have been retained with the original behaviour
				<strong>with one exception</strong>, in that a <code>NULL</code>
				destination argument for <code>kutil_urldecode</code> triggers a
				<code>KCGI_FORM</code> return.
			</div>
			<div>
				Have <a href="kxml_puts.3.html">kxml_puts(3)</a>
				and <a href="kxml_write.3.html">kxml_write(3)</a>
				handle <code>NULL</code> pointers as content.
			</div>
			<div>
				Verify and fix that all scope-opening functions in
				<a href="kcgixml.3.html">kcgixml(3)</a> and
				<a href="kcgihtml.3.html">kcgihtml(3)</a>
				properly close variable arguments contexts on error.
			</div>
			<div>
				Instead of aborting when the maximum number of scopes in
				<a href="kcgijson.3.html">kcgijson(3)</a>,
				<a href="kcgihtml.3.html">kcgihtml(3)</a>, or
				<a href="kcgixml.3.html">kcgixml(3)</a>
				has been reached, return <code>KCGI_ENOMEM</code>.
			</div>
			<div>
				Check that the element index passed to
				<a href="kxml_pushnull.3.html">kxml_pushnull(3)</a> is valid.
			</div>
			<div>
				<strong>Behaviour change</strong>: previously, several
				<a href="kcgixml.3.html">kcgixml(3)</a> functions would return 
				<code>KCGI_FORM</code>, such as when popping from an empty stack.
				To prevent other <code>KCGI_FORM</code> errors from being masked,
				use <code>KCGI_WRITER</code> to handle these situations.
			</div>
			<div>
				Split apart <a href="kcgixml.3.html">kcgixml(3)</a> into one manpage
				per function.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.11.0</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2020-03-27">2020-03-27</time>
		</header>
		<aside>
			<div>
				Bumping minor number due to some API and behaviour changes.
			</div>
			<div>
				<strong>API change</strong>: previously,
				<a href="khtml_ncr.3.html">khtml_ncr(3)</a> accepted a 
				<code>uint16_t</code> for its entity value.
				However, these values can legitimately be 32 bits.
				It has been changed to <code>uint32_t</code>.
			</div>
			<div>
				<strong>API change</strong>: the <code>struct khtmlreq</code>
				pointer passed into
				<a href="khtml_elemat.3.html">khtml_elemat(3)</a> is now
				<code>const</code>.
			</div>
			<div>
				<strong>Behaviour change</strong>: previously,
				<a href="khtml_closeto.3.html">khtml_closeto(3)</a> would return
				<code>KCGI_FORM</code> if given a stack position greater than the
				current stack.
				This is inconsistent with other functions, so such values are now
				simply ignored.
				It also masks other problems that cause <code>KCGI_FORM</code> to
				return.
				Furthermore, if this function was invoked at the current depth, it
				would close all scopes instead of none.
				This has also been fixed.
			</div>
			<div>
				<strong>Behaviour change</strong>: previously, many
				<a href="kcgijson.3.html">kcgijson(3)</a> functions would return
				<code>KCGI_FORM</code> if used out-of-context, for example, trying
				to open a named object in an array context.
				To prevent other <code>KCGI_FORM</code> errors from being masked,
				introduce a new error code <code>KCGI_WRITER</code> to handle these
				situations.
			</div>
			<div>
				Passing a
				<code>NULL</code> pointer value to the string writing functions of
				<a href="khttp_puts.3.html">khttp_puts(3)</a>,
				<a href="khttp_write.3.html">khttp_write(3)</a>,
				<a href="kcgihtml.3.html">kcgihtml(3)</a> or
				<a href="kcgijson.3.html">kcgijson(3)</a> would cause undefined
				behaviour.
				Now these are noops.
			</div>
			<div>
				Add 
				<a href="khtml_printf.3.html">khtml_printf(3)</a>.
				Split apart
				<a href="kcgihtml.3.html">kcgihtml(3)</a> into one manpage per function.
				Split apart
				<a href="kcgijson.3.html">kcgijson(3)</a> into one manpage per function.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.18</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2020-03-22">2020-03-22</time>
		</header>
		<aside>
			<div>
				Add 
				<a href="khttp_printf.3.html">khttp_printf(3)</a> and
				<a href="kcgi_buf_printf.3.html">kcgi_buf_printf(3)</a>.
				Split out manual pages for
				<a href="khttp_putc.3.html">khttp_putc(3)</a>,
				<a href="khttp_puts.3.html">khttp_puts(3)</a>,
				<a href="khttp_printf.3.html">khttp_printf(3)</a>, and
				<a href="khttp_write.3.html">khttp_write(3)</a>; and also
				<a href="kcgi_buf_putc.3.html">kcgi_buf_putc(3)</a>,
				<a href="kcgi_buf_puts.3.html">kcgi_buf_puts(3)</a>,
				<a href="kcgi_buf_printf.3.html">kcgi_buf_printf(3)</a>, and
				<a href="kcgi_buf_write.3.html">kcgi_buf_write(3)</a>.
				Add many more regression tests for the behaviour of these functions.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.16</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2020-03-17">2020-03-17</time>
		</header>
		<aside>
			<div>
				System now works out-of-the-box on OpenBSD, FreeBSD, NetBSD, Linux, 
				SunOS, OmniOS (IllumOS), Darwin.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.15</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2020-03-11">2020-03-11</time>
		</header>
		<aside>
			<div>
				Portability updates to the build system.
				Bring in the newest 
				<a href="https://github.com/kristapsdz/oconfigure">oconfigure</a>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.14</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2020-02-27">2020-02-27</time>
		</header>
		<aside>
			<div>
				Start using 
				<a href="https://man.openbsd.org/pkg-config">pkg-config</a> for all
				<span class="nm">kcgi</span> libraries.
				This makes it much easier to use the system without knowing
				installation details.
				All documentation has been upgraded to note the fact.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.13</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2020-02-17">2020-02-17</time>
		</header>
		<aside>
			<div>
				Re-write the internal logging function so that it does not use a
				static buffer, lifting the previous 1024 byte limit.
				This means that log messages might exhaust memory, but that seems
				the lesser of two evils.
			</div>
			<div>
				Relax <a href="kvalid_string.3.html">kvalid_email(3)</a> so that it
				accepts three-byte e-mails (e.g., <code>a@b</code>) but tighten it
				to require not starting or ending with a <code>@</code>.
			</div>
			<div>
				Add a new user-visible wrapper function, <a
					href="kmalloc.3.html">kvasprintf(3)</a>.
			</div>
			<div>
				Protect against <code>NULL</code> format strings being passed to the
				logging functions.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.12</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2020-01-12">2020-01-12</time>
		</header>
		<aside>
			<div>
				Fix regression framework.
				This was failing for FastCGI tests because the framework wasn't
				properly prefixing the HTTP version as it was for CGI tests.
				This now allows all tests to run under the new curl.
			</div>
			<div>
				Use the proper Capsicum header for FreeBSD.
			</div>
			<div>
				Bring in the latest <a
					href="https://github.com/kristapsdz/oconfigure">oconfigure</a>
				and also merge dependent changes for seccomp on Linux.
				Then enable seccomp protection for aarch64 on Linux.
			</div>
			<div>
				Bring in optimisations and corrections in URL decoding by Dapeng
				Gao, thanks!
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.11</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2019-07-05">2019-07-05</time>
		</header>
		<aside>
			<div>
				Maintenance release: 
				bring up to date with latest <a
					href="https://github.com/kristapsdz/oconfigure">oconfigure</a>,
				merge pending <a href="https://github.com/kristapsdz/kcgi">GitHub</a> pulls.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.10</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2018-12-27">2018-12-27</time>
		</header>
		<aside>
			<div>
				A lot of work for functioning on FreeBSD (specifically, breakage 
				with the sandbox) and musl libc.
				Thanks to <code>href@random.sh</code> for access to a FreeBSD
				machine for testing and solving this issue!
			</div>
			<div>
				Add <a href="kutil_urlencode.3.html">kutil_urldecode(3)</a> and
				<a href="kutil_urlencode.3.html">kutil_urldecode_inplace(3)</a>,
				which are the reverse of the existing encode functions.
			</div>
			<div>
				Also, revert to using BSD Makefile instead of GNU.
				Linux downstream will need to adjust to use <code>bmake</code> for 
				the build sequence.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.8</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2018-12-18">2018-12-18</time>
		</header>
		<aside>
			<div>
				Good-bye, systrace(4)&#8230;
			</div>
			<div>
				Many minor documentation fixes from the GitHub pulls and issues page.
				Thank you for everybody's submissions!
			</div>
			<div>
				Many thanks to Valentin Pistol for verifying that the regressions
				suite works properly on newer (Majove) builds of MacOS.
			</div>
			<div>
				Allow compilation on 
				<a href="https://www.musl-libc.org/">musl</a> 
				by bringing in latest 
				<a href="https://github.com/kristapsdz/oconfigure">oconfigure</a>
				and making some tweaks.
				This also makes building without zlib to complete without compiler
				warnings.
			</div>
			<div>
				Fix transmitting certain UTF-8 characters via JSON.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.7</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2018-06-19">2018-06-19</time>
		</header>
		<aside>
			<div>
				Some excellent fixes from <a
					href="https://github.com/mk-f">mk-f@</a> in getting better
				support for <a href="https://kristaps.bsd.lv/kcaldav">kcaldav</a>: 
				fixing the <code>nc</code> value in digest authentication to be hex
				and adding support for <code>application/xml</code> to the list of
				supported MIME types.
				Thanks!
			</div>
			<div>
				Remove <strong>-lbsd</strong> requirement for Linux regression
				tests.
				Fix another issue where <a
					href="https://man.openbsd.org/fpclassify.3">fpclassify(3)</a>
				on Linux requires <strong>-lm</strong>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.6</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2018-04-19">2018-04-19</time>
		</header>
		<aside>
			<div>
				Quick fix from Ross Richardson regarding URL encoding with the high bit set.
				Thank you so much!
				Also push in some small fixes from the <a
					href="https://github.com/kristapsdz/kcgi">GitHub</a> list.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.5</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2018-04-19">2018-04-19</time>
		</header>
		<aside>
			<div>
				Add <a href="kcgi_strerror.3.html">kcgi_strerror(3)</a> for a string
				representation of the error codes.  Split <a
					href="kutil_invalidate.3.html">kutil_invalidate(3)</a> into
				its own manpage.
				Fix up some corner cases in template handling: trailing delimiters,
				empty key sequences, and so on.
				Also allow for escaping delimeters, <code>\@@</code>, allowing for
				the existence of delimeters as opaque text.
			</div>
			<div>
				These fixes were implemented or suggested by Ingo Schwarze
				(<q>schwarze@</q>) in an audit generously funded by CAPEM Solutions,
				Inc.  
				Thank you so much!
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.3</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2018-04-10">2018-04-10</time>
		</header>
		<aside>
			<div>
				The <q>FastCGI release</q>: when running <span
					class="nm">kcgi</span>'s FastCGI mode on nginx, processes
				were being mysteriously killed under high load.
				This was due to the end-point closing the connection before all data
				was being read or written.
				To wit, I now establish a difference (in FastCGI) between the
				connection closing (which is a recoverable error) and the manager
				killing the connection or the control socket exiting, which are not
				recoverable.
				Since most of this development was on Linux/ARM with nginx, the
				sandbox for Linux has also been tooled up.
				A <strong>big</strong> thanks to Elouan Pignet, who was kind enough
				to diagnose the problem and provide access to his system for a fix,
				including several failed attempts.
				Thanks, Elouan!
			</div>
			<div>
				To this end (<strong>API change</strong>), <a
					href="khttp_fcgi_parse.3.html">khttp_fcgi_parse(3)</a> now
				returns the <code>KCGI_EXIT</code> when the system has exited.
				The <code>KCGI_HUP</code> is reserved for when the output channel
				has closed (after parsing) and the current connection is no longer
				valid.
				The documentation has been updated for relevant functions.
			</div>
			<div>
				While studying these code paths, make sure that a sequence of writes
				(using <a href="khttp_write.3.html">khttp_write(3)</a> or any of the
				writing front-ends) won't fail if <a
					href="khttp_body.3.html">khttp_body(3)</a> wasn't able to
				complete due to the connection closing.
				Specifically, if the connection closes during  <a
					href="khttp_body.3.html">khttp_body(3)</a> (returning
				<code>KCGI_HUP</code>), the system will still expect headers.
				Earlier, it would assert with subsequent <a
					href="khttp_write.3.html">khttp_write(3)</a> if the error
				were not caught and the 
				In the modified behaviour, it will return <code>KCGI_FORM</code> to
				indicate that the system is out of state.
			</div>
			<div>
				Make <a href="khttp_fcgi_parse.3.html">khttp_fcgi_parse(3)</a> only
				require that callers invoke <a
					href="khttp_free.3.html">khttp_free(3)</a> if exiting with success.
				This mirrors <a href="khttp_parse.3.html">khttp_parse(3)</a>.
			</div>
			<div>
				Merge a set of tutorial fixes from <a
					href="https://github.com/cyball">cyball</a>, thanks!
			</div>
			<div>
				Allow the <a href="kutil_log.3.html">kutil_log(3)</a> functions to
				accept a <code>NULL</code> request.
				This makes it possible to use these functions for consistent logging
				without a request.
			</div>
			<div>
				Lastly, run through all code snippets, apply <a
					href="https://man.openbsd.org/style.9">style(9)</a>, and
				make sure that the MIME type is properly checked.
				And add a new tutorial, <a href="tutorial6.html">Best practises for
					pledge(2) security</a>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.2</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2018-03-24">2018-03-24</time>
		</header>
		<aside>
			<div>
				Merge a set of patches from <a
					href="https://github.com/kristapsdz/kcgi/pull/26">pull/26</a>.
				These fix the digest authorisation in <q>auth-int</q> mode, most
				often used by CalDAV systems.
				Thanks to Charles Collicutt for the contribution!
			</div>
			<div>
				While raising <a href="https://kristaps.bsd.lv/kcaldav">kcaldav</a>
				from the dead, fix where the XML writer wasn't returning the correct
				error code and causing strange errors.
			</div>
			<div>
				Lastly, fix the Linux sandbox when running on ARM machines, enable
				building for C++ applications, and add a tutorial and sample file.
				Pull in most recent <a href="https://github.com/kristapsdz/oconfigure">oconfigure</a>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.1</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2018-03-06">2018-03-06</time>
		</header>
		<aside>
			<div>
				Many of the improvements and fixes in this release were implemented or
				suggested by Ingo Schwarze (<q>schwarze@</q>) in an audit generously
				funded by CAPEM Solutions, Inc.  
				Thank you so much!
			</div>
			<div>
				Proper versioning in the header file as documented in <a
					href="kcgi.3.html">kcgi(3)</a>.
			</div>
			<div>
				Fix <a href="kcgijson.3.html">kcgijson_string_write(3)</a> and
				friends to not emit a superfluous quote before each invocation.
			</div>
			<div>
				Add <a href="kcgi_buf_write.3.html">kcgi_buf_write(3)</a> and
				friends to make working with
				<a href="khttp_template.3.html">khttp_templatex(3)</a> easier.
				(I also use it for <a
					href="https://curl.haxx.se/libcurl">libcurl(3)</a> in-memory
				buffers.)
			</div>
			<div>
				<strong>API change</strong>: complete the change-over to writing
				functions returning values by modifying <a
					href="khttp_template.3.html">khttp_template(3)</a> and
				friends to return a proper error code.
				While here, significantly improve the manpage.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.10.0</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2018-01-18">2018-01-18</time>
		</header>
		<aside>
			<div>
				A minor bump here due to API changes, along with a plethora of
				improvements: date handling, simplification of general code, and
				getting error codes exported in the write sequence.
				Many of the improvements and fixes in this release were implemented or
				suggested by Ingo Schwarze (<q>schwarze@</q>) in an audit generously
				funded by CAPEM Solutions, Inc.  
				Thank you so much!
			</div>
			<div>
				<strong>Memory leak fix</strong>: fix <a
					href="khttp_free.3.html">khttp_free(3)</a> to free a
				forgotten allocation.
				Probably only affects FastCGI processes at 16 bytes lost per request
				parsed.
			</div>
			<div>
				<strong>Feature</strong>: add the <a
					href="kcgi_writer_disable.3.html">kcgi_writer_disable(3)</a>
				function, which allows callers to
				determine which front-end writers (e.g.,
				<a href="kcgixml.3.html">kcgixml(3)</a>)
				are allowed to exist.
				This locks down the output formatting mechanism.
			</div>
			<div>
				<strong>API change</strong>: the <a
					href="kcgixml.3.html">kcgixml(3)</a> library now no longer
				prints the XML prologue with <code>kxml_open()</code>.
				This must be manually printed with <code>kxml_prologue()</code>.
			</div>
			<div>
				<strong>API change</strong>: the 
				<a href="kcgijson.3.html">kcgijson(3)</a>,
				<a href="kcgihtml.3.html">kcgihtml(3)</a>, and
				<a href="kcgixml.3.html">kcgixml(3)</a> now return a consistent
				error code for all operations.
				The <code>khtml_text</code> function has been removed (it was deprecated).
			</div>
			<div>
				<strong>API change</strong>: the 
				<a href="kutil_urlencode.3.html">kutil_urlencode(3)</a> family of
				functions now all return <code>NULL</code> on memory failure.
				Earlier, this was inconsistent.
			</div>
			<div>
				<strong>API change</strong>: the
				<a href="khttp_write.3.html">khttp_write(3)</a> family of
				functions now all return <code>enum kcgi_err</code> to indicate a
				failure condition.
			</div>
			<div>
				<strong>API change</strong>: the <a
					href="khttp_body.3.html">khttp_body(3)</a> function now
				returns <code>enum kcgi_err</code> to indicate a failure condition
				<strong>instead of</strong> whether compression was enabled.
			</div>
			<div>
				<strong>API change</strong>: the <a
					href="khttp_body.3.html">khttp_body_compress(3)</a> function
				now returns <code>enum kcgi_err</code> to indicate a failure
				condition <strong>instead of</strong> whether compression was
				enabled.
				Furthermore, the <code>comp</code> argument simply dictates whether
				compression should be enabled or not, preventing confusion.
			</div>
			<div>
				<strong>API change</strong>: the <a
					href="khttp_head.3.html">khttp_head(3)</a> function now
				returns <code>enum kcgi_err</code> to indicate a failure condition.
				Furthermore, this function now dynamically allocates header lengths,
				removing prior bounds on header length.
			</div>
			<div>
				While here, improve <a href="khttp_head.3.html">khttp_head(3)</a>,
				<a href="khttp_body.3.html">khttp_body(3)</a>,
				<a href="kvalid_string.3.html">kvalid_string(3)</a>, and
				<a href="kmalloc.3.html">kmalloc(3)</a> manpages.
			</div>
			<div>
				Lastly, the <a href="kvalid_string.3.html">kvalid_date(3)</a>
				function has been generalised for arbitrary dates, prompting the
				addition of <a href="kutil_epoch2str.3.html">kutil_date_valid(3)</a>
				and <a href="kutil_epoch2str.3.html">kutil_datetime_valid(3)</a>
				functions to validate broken-down dates.
				And bring up to date with latest <a
					href="https://github.com/kristapsdz/oconfigure">oconfigure</a>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.9.10</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2017-11-21">2017-11-21</time>
		</header>
		<aside>
			<div>
				Many internal small issues (allocation catches, better logging,
				simplifying logic) fixed as found by Ingo Schwarze
				(<q>schwarze@</q>) in an extensive audit generously funded by CAPEM
				Solutions, Inc.  None of these change application behaviour except
				that standalone query parts are let through.  For example,
				<code>localhost/foo?bar=baz&amp;xyzzy</code> now passes
				<code>xyzzy</code> as a key-pair with a zero-length pair.
			</div>
			<div>
				Note that parsing <code>text/plain</code> enctypes is now
				deprecated, as I'm yet to see this ever used.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.9.9</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2017-10-30">2017-10-30</time>
		</header>
		<aside>
			<div>
				Switch to using <a
					href="https://github.com/kristapsdz/oconfigure">oconfigure</a>.
				Add the <a href="kvalid_string.3.html">kvalid_bit(3)</a> function
				for bit fields.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.9.8</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2017-10-18">2017-10-18</time>
		</header>
		<aside>
			<div>
				<strong>API changes</strong>: use the appropriate
				<code>uint32_t</code> size for the HTTP digest authorisation nonce
				count.  This follows <a
					href="https://tools.ietf.org/html/rfc7616">RFC 7616</a>,
				sec. 3.4.  Also add the <a href="kutil_log.3.html">kutil_err(3)</a>
				family of functions, which report an error and exit.  Split that
				into <a href="kutil_openlog.3.html">kutil_openlog(3)</a> as well.
				Lastly, commit considerable improvements to the <a
					href="khttp_parse.3.html">khttp_parse(3)</a> and other
				manpages, as well as some extra warning messages due to RFC
				violations during HTTP parse.  Most of these were found and patched
				by Ingo Schwarze (<q>schwarze@</q>) in an extensive audit generously
				funded by CAPEM Solutions, Inc.  Thank you!
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.9.7</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2017-09-23">2017-09-23</time>
		</header>
		<aside>
			<div>
				Fix C headers in the documentation to be more minimal and
				standards-compliant.
			</div>
			<div>
				Add Ross Richardson's <a href="tutorial4.html">Using Pages</a>
				tutorial.  Ross developed the new <a
					href="https://undeadly.org">Undeadly Journal</a>!
			</div>
			<div>
				Bug fixes&#8230; Clarify some function elements in <a
					href="khttp_parse.3.html">khttp_parse(3)</a>.  Fixed
				undefined behaviour caused when <a
					href="khttp_template.3.html">khttp_templatex_buf(3)</a> is
				passed a fallback function and mis-reports the input key length.
				(If you use templating with a fallback function, you <strong>must
					update</strong>.) Fix all instances of zero-length
				allocations.  These are non-portable and might cause erroneous
				failure on some systems.  Fix an error where using digest
				authentication via <a
					href="khttpdigest_validate.3.html">khttpdigest_validate(3)</a>
				might crash with an unknown HTTP method.  Most of these were found
				by Ingo Schwarze (<q>schwarze@</q>) in an extensive audit generously
				funded by CAPEM Solutions, Inc.  Thank you!
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.9.6</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2017-08-31">2017-08-31</time>
		</header>
		<aside>
			<div>
				Add the <a href="khttp_template.3.html">khttp_template_fd(3)</a>
				functions for passing a file descriptor into the template utility
				instead of an open file or buffer.  (Also clean up that
				documentation.)
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.9.5</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2017-05-31">2017-05-31</time>
		</header>
		<aside>
			<div>
				Clarify documentation for <a href="kcgijson.3.html">kcgijson(3)</a>
				and add an <code>uninstall</code> rule to the GNUmakefile for those
				not using a package-managed version of the library.  No code
				changes.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.9.4</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2017-03-12">2017-03-12</time>
		</header>
		<aside>
			<div>
				Add a feature inspired by Ross Richardson: a fallback function for
				templates.  As described for the <a
					href="khttp_template.3.html">khttp_template(3)</a> family of
				functions, a fallback function is invoked if none of the fixed keys
				are found.  This is handy because you can provide parsed template
				keys, e.g., <code>foo[bar]</code> and <code>foo[baz]</code>, which
				would be parsed for a type <code>foo</code> that's passed a dynamic
				value <code>bar</code> or <code>baz</code>.
			</div>
			<div>
				<strong>Nota bene</strong>: this required the <a
					href="khttp_template.3.html">khttp_templatex(3)</a> and <a
					href="khttp_template.3.html">khttp_templatex_buf(3)</a>
				functions to have an argument change.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.9.3</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2017-01-25">2017-01-25</time>
		</header>
		<aside>
			<div>
				Numerous spelling errors fixed (no functional change) and added <a
					href="kutil_epoch2str.3.html">kutil_epoch2utcstr(3)</a> for
				formatting ISO 8601 dates.  Also fixed <a
					href="kutil_epoch2str.3.html">KUTIL_EPOCH2TM(3)</a> macro to
				set correct fields.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.5.9</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-06-17">2015-06-17</time>
		</header>
		<aside>
			<div>
				Add ability to retrieve HTTP headers from the request.  This adds
				several fields to the structure filled in by <a
					href="khttp_parse.3.html">khttp_parse(3)</a> that allow for
				mapped (indexed by known header) and listed header fields.  The HTTP
				headers are reconstituted from the CGI environmental variables
				according to the RFC.  These fields existed in earlier releases, but
				were not documented and, moreover, did not reconstitute the HTTP
				header name from the CGI environment variable name.  A regression
				test has been added to test this behaviour.  While adding this
				documentation, clean up the type list in <a
					href="khttp_parse.3.html">khttp_parse(3)</a>.
			</div>
			<div>
				Add <a href="khttp_body.3.html">khttp_body_compress(3)</a>, which
				allows for stipulating auto-compression (the default for <a
					href="khttp_body.3.html">khttp_body(3)</a>), compression
				without emitting the appropriate header (for applications providing
				the <q>Content-Encoding</q> parameter themselves), and no
				compression (for applications taking full control of output
				themselves).  While there, make the test for requested compression
				be sensitive to the <a
					href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">RFC
					2616</a> <q>qvalue</q>.  Both functions now return whether
				compression has been enabled.  This functionality augments existing
				behaviour: it does not change it.
			</div>
			<div>
				Add HTTP error codes described by <a
					href="https://tools.ietf.org/html/rfc6585">RFC 6585</a>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.4.2</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2014-11-30">2014-11-30</time>
		</header>
		<aside>
			<div>
				Implement the <a href="kcgijson.3.html">kcgijson(3)</a> library for
				convenient JSON functions, remove function prototype names as per
				OpenBSD's <a
					href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/style.9?query=style">style(9)</a>,
				polish documentation.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.4.3</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2014-12-03">2014-12-03</time>
		</header>
		<aside>
			<div>
				Make sure that <a href="khttp_parse.3.html">khttp_parse(3)</a>
				returns an error code indicating what actually went wrong.  This is
				a minor API change because the function no longer returns 0, but an
				enumeration (where 0, incidentally, means success).  Also audit the
				parsing trailer to make sure that the parent doesn't exit in the
				event of memory exhaustion.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.4.4</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2014-12-15">2014-12-15</time>
		</header>
		<aside>
			<div>
				Add the Boolean and NULL types to <a
					href="kcgijson.3.html">kcgijson(3)</a>.  Fix control code
				serialisation in the same.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.5</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2014-12-18">2014-12-18</time>
		</header>
		<aside>
			<div>
				Expand the functionality of the template system with <a
					href="khttp_template.3.html">khttp_templatex(3)</a> and <a
					href="khttp_template.3.html">khttp_templatex_buf(3)</a>,
				which allow the writing function to be overriden.  This allows
				templates to play nicely with other systems such as <a
					href="kcgijson.3.html">kcgijson(3)</a> and general dynamic
				buffer creation.  I use this for creating mails for sending with <a
					href="http://curl.haxx.se/libcurl/">libcurl</a>.  Also
				create an automated test harness <a
					href="kcgi_regress.3.html">kcgi_regress(3)</a> that, for
				internal automated regression testing, uses <a
					href="http://curl.haxx.se/libcurl/">libcurl</a> to create
				and parse HTTP messages over a local socket and a small server to
				translate the requests into CGI variables for <span
					class="nm">kcgi</span>.  The internal tests can be run with
				<code>make regress</code>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.5.1</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-03-14">2015-03-14</time>
		</header>
		<aside>
			<div>
				Allow <a href="kcgi_regress.3.html">kcgi_regress(3)</a> to handle
				query strings and forms for validation testing.  Pick out one
				assertion failure in the parser by using the <a
					href="http://lcamtuf.coredump.cx/afl/">American fuzzy
					lop</a>.  Add an a test harness for AFL as well.  Recognise
				CONNECT, DELETE, HEAD, TRACE, PUT, and OPTIONS methods.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.5.2</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-04-05">2015-04-05</time>
		</header>
		<aside>
			<div>
				Allow for opaque HTTP message bodies: if our content type isn't
				<code>application/x-www-form-urlencoded</code>,
				<code>multipart/form-data</code>, or <code>text/plain</code> (during
				a POST only), then accept the HTTP body as a single object and
				validate it against the empty-key validator.  Add HTTP methods and
				headers stipulated by <a
					href="http://tools.ietf.org/html/rfc4918">HTTP Extensions
					for Web Distributed Authoring and Versioning (WebDAV)</a>
				and <a href="http://tools.ietf.org/html/rfc4791">Calendaring
					Extensions to WebDAV (CalDAV)</a>.  Allow for the HTTP
				request headers to be exported to the <code>struct kreq</code>
				object as both a list and, for common HTTP headers, an indexed map.
				Added <a href="kcgixml.3.html">kcgixml(3)</a> bits for some simple
				XML support and added <code>khtml_putc()</code> and
				<code>khtml_puts()</code> to <a
					href="kcgihtml.3.html">kcgihtml(3)</a> for consistency.
				Specify that a <code>NULL</code> template passed to the <a
					href="khttp_template.3.html">khttp_template(3)</a> functions
				simply causes the named file or buffer to be outputted without any
				processing.  Lastly, recognise <a
					href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2">getentropy(2)</a>
				as a white-listed system call in the <a
					href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/systrace.4">systrace(4)</a>
				sandbox.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.5.3</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-04-10">2015-04-10</time>
		</header>
		<aside>
			<div>
				Fully process the <code>Authentication</code> header, implementing
				<a href="https://tools.ietf.org/html/rfc2617">RFC 2617</a>.  This
				was originally developed in <a
					href="http://kristaps.bsd.lv/kcaldav">kcaldav</a>, but makes
				more sense to be run here inside of the untrusted child.  Values are
				stored in the <code>struct khttpauth</code> field documented in <a
					href="khttp_parse.3.html">khttp_parse(3)</a>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.5.4</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-04-12">2015-04-12</time>
		</header>
		<aside>
			<div>
				Single bug-fix: the nonce count parsed from an HTTP digest was not
				being correctly recorded.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.5.5</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-04-12">2015-04-12</time>
		</header>
		<aside>
			<div>
				Bug-fix when linking to <a href="kcgihtml.3.html">kcgihtml(3)</a>.
				Added the access scheme (HTTP or HTTPS) to <code>struct kreq</code>.
				Have validation for document body correctly set the
				<code>ctypepos</code> prior to validation.  While there, properly
				decode the content-type field (i.e., discarding parameters) when
				looking up the type in the known types.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.5.6</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-04-23">2015-04-23</time>
		</header>
		<aside>
			<div>
				Bug-fix for Capsicum sandbox, found by Baptiste Daroussin.  (Thanks!)
				Also fix passing a zero-length buffer into the template buffer functions.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.5.7</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-04-27">2015-04-27</time>
		</header>
		<aside>
			<div>
				Rename <code>khtml_close</code> to <code>khtml_closeelem</code> in <a href="kcgihtml.3.html">kcgihtml(3)</a>, then re-add the
				close function and an open function to harmonise with <a href="kcgijson.3.html">kcgijson(3)</a> and <a
					href="kcgixml.3.html">kcgixml(3)</a>.
				In the process, allow the closing functions in all libraries to unwind any remaining context, and have the closing functions
				return whether the request was out of bounds.
				Prevent some bogus calls to <a href="kcgihtml.3.html">kcgihtml(3)</a> from aborting.
				Bug-fix for detecting zlib on FreeBSD, found by Baptiste Daroussin.  (Thanks!)
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.5.8</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-05-11">2015-05-11</time>
		</header>
		<aside>
			<div>
				Update the included sample file and correct the documentation regarding its compilation.
				Fix noted by Jan Schreiber &#8212; thanks!
				While doing so, add some documentation bits to the manpages and considerable documentation to the webpage.
				No functional changes.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.6</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-07-07">2015-07-07</time>
		</header>
		<aside>
			<div>
				Import initial Linux <a href="http://man7.org/linux/man-pages/man2/seccomp.2.html">seccomp(2)</a> (via <a
					href="http://man7.org/linux/man-pages/man2/prctl.2.html">prctl(2)</a>) sandbox!
				This uses the implementation of <a href="http://www.openssh.com/">OpenSSH</a>, tweaked to work within the <span
					class="nm">kcgi</span> framework.
				For now, it only allows arm, i386, and x86_64: if you're using another architecture, please let me know your <code>uname -m</code>, 
				as the sandbox (ridiculously) needs to know the system architecture.
				(Better yet: also send me the relevant <code>AUDIT_ARCH_xxx</code> from <code>/usr/include/linux/audit.h</code>.)
				While here, allow for compilation on <a href="http://www.musl-libc.org/">musl</a>.
				I've also moved the tutorial into a separate file and fleshed it out a little.
				I'll probably add more tutorials in time.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.6.1</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-07-09">2015-07-09</time>
		</header>
		<aside>
			<div>
				One-line bug-fix to include new Linux seccomp patch into source archive.  Ouch.  Noted by James Turner&#8212;thanks!
			</div>
		</aside>
	</article>

	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.6.3</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-07-18">2015-07-18</time>
		</header>
		<aside>
			<div>
				More FastCGI: move control socket handling into its own process.
				The control socket is a UNIX socket (or similar) bound by the FastCGI runner, which is either the web server or an
				application like <a href="kfcgi.8.html">kfcgi(8)</a>, then passed as <code>STDIN_FILENO</code> to the FastCGI
				application.
				<span class="nm">kcgi</span> will then wait on this socket for incoming connections, which are acted upon with <a
					href="khttp_fcgi_parse.3.html">khttp_fcgi_parse(3)</a>.
				In this release, this logic has been moved into its own process instead of being managed by the web application itself
				during calls to <a href="khttp_fcgi_parse.3.html">khttp_fcgi_parse(3)</a>.
				While here, I cleaned up and simplified a lot of the sandbox and inter-process socket logic.
				The control socket is not yet sandboxed: that will come with later releases.
				Again, the FastCGI implementation is <strong>experimental</strong>!
			</div>
			<div>
				Patches for deployment on FreeBSD contributed by Baptiste Daroussin&#8212;thanks!
				In analysis, found that the <code>argfree</code> function to <a href="khttp_parse.3.html">khttp_parse(3)</a> wasn't
				being invoked if the <code>arg</code> was itself NULL.
				(This is clearly bad behaviour&#8212;not all functions need that argument!)
				This has been fixed as well.
			</div>
		</aside>
	</article>

	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.6.2</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-07-15">2015-07-15</time>
		</header>
		<aside>
			<div>
				This release includes an initial implementation of <a href="http://www.fastcgi.com">FastCGI</a>.
				While the existing functionality wasn't logically altered, it was shuffled around quite a lot and abstracted to
				accomodate for the new FastCGI functions.
				The implementation is documented in <a href="kfcgi.8.html">kfcgi(8)</a>, <a
					href="khttp_fcgi_init.3.html">khttp_fcgi_init(3)</a>, and <a
					href="khttp_fcgi_parse.3.html">khttp_fcgi_parse(3)</a>, and <a
					href="khttp_fcgi_free.3.html">khttp_fcgi_free(3)</a>.
				<strong>This functionality is experimental</strong>, and needs strong analysis before casual deployment.
				It is also not quite feature-complete: HTTP compression is not yet functional for FastCGI applications.
				The <a href="kfcgi.8.html">kfcgi(8)</a> launcher is also very bare-bones&#8212;this will be improved in subsequent releases.
				Again: this functionality is <strong>experimental</strong> and under development!
			</div>
			<div>
				Also fixed a bug where calling <a href="khttp_free.3.html">khttp_free(3)</a> after a prior <a
					href="khttp_parse.3.html">khttp_parse(3)</a> failure would cause a NULL dereference.
				Added the missing <code>txt</code> and <code>xml</code> suffixes to the suffix table.
				Fix that the request port number was erroneously disallowed to be &gt;80.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.6.4</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-08-01">2015-08-01</time>
		</header>
		<aside>
			<div>
				Add some proper security to <a href="kfcgi.8.html">kfcgi(8)</a>: place child FastCGI processes in a file-system jail,
				drop privileges, and ensure proper ownership of the socket.
				While here, begin sandbox mechanisms for the FastCGI control process.
				This only works for Mac OSX for now, but will expand to others.
				Again, until the next minor version bump, <strong>FastCGI support is experimental</strong>.
			</div>
			<div>
				On that note, finalise the API for FastCGI calls.
				This involved moving most function arguments previously in <a href="khttp_fcgi_parse.3.html">khttp_fcgi_parse(3)</a>
				into <a href="khttp_fcgi_init.3.html">khttp_fcgi_init(3)</a>.
				To wit, the <code>khttp_fcgi_parsex()</code> function has been removed: all of the logic has been moved to the
				initialisation function, making the parse function much simpler.
				Cement this by adding several new regression tests that exercise the FastCGI functionality.
				These, of course, required that FastCGI functionality be added to the regression suite.
				This is documented in <a href="kcgiregress.3.html">kcgiregress(3)</a> (the manpage was renamed from <code>kcgi_regress</code>).
			</div>
			<div>
				In adding the regression suite, one critical FastCGI bug was found (and fixed) for forms &gt;1 kB.
				Fix another critical bug when writing large contiguous blocks, which would be silently truncated.
				(A regression test has been added for this.)
				The same would trigger a failure on Linux due to the sandbox: this has also been fixed.
				Internally, the behaviour of read and write sockets is consistently non-blocking.
				There has been a report of large compressed output failing on FreeBSD, but this has not yet been verified.
			</div>
			<div>
				Lastly, incorporate a patch from Baptiste Daroussin (thanks!) for a tighter Capsicum sandbox for the parser process.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.7.0</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-08-07">2015-08-07</time>
		</header>
		<aside>
			<div>
				Implement the <a href="http://www.fastcgi.com/drupal/node/6?q=node/22">FastCGI</a> control process's sandbox for all
				supported operating systems.
				(The FastCGI control process is forked from each application process, and is responsible for accepting new FastCGI
				connections and passing the descriptors to the application for output and worker process for parsing.)
				This is the last <q>feature</q> for the FastCGI implementation: it now has the same protection as the CGI implementation
				for all child processes.
				Add sandbox for OpenBSD's <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2">tame(2)</a>,
				although this technically isn't supported yet (in snapshots, anyway) and returns <code>ENOSYS</code>.
				On OpenBSD machines with both sandboxes, this is tried first.
				This effort derives from a patch submitted by Reyk Floeter&#8212;thanks!
			</div>
			<div>
				The FastCGI interface is no longer an experimental feature, but baked into the system.
			</div>
			<div>
				In addition to the above, some variables were added to the manpages (which were also cleaned up a bit) and the AFL
				system was updated with the socket re-write.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.7.1</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-08-11">2015-08-11</time>
		</header>
		<aside>
			<div>
				Fix: forgot to install <a href="kfcgi.8.html">kfcgi(8)</a>.
				Add flag to <a href="kfcgi.8.html">kfcgi(8)</a> to specify the connection backlog.
				Add <a href="khttp_fcgi_test.3.html">khttp_fcgi_test(3)</a> to see if an application should use the FastCGI or regular
				CGI functions.
				A regression noted by James Turner (thanks!): re-add the CGI sample, <span class="file">sample.c</span>, into the
				distributed source.
				There is also a FastCGI sample, <span class="file">sample-fcgi.c</span>.
				There is also a non-<span class="nm">kcgi</span> sample, <span class="file">sample-cgi.c</span>, used in creating the
				performance graphs.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.7.2</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-09-04">2015-09-04</time>
		</header>
		<aside>
			<div>
				If a FastCGI connection closes, don't make
				failing writes to that connection bring down the
				application.
				Also work around a very weird Mac OS X bug
				wherein a poll will return a timeout even though
				the poll request is blocking.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.7.3</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-09-30">2015-09-30</time>
		</header>
		<aside>
			<div>
				Fix for proper FastCGI support on <a href="http://www.nginx.org">nginx</a>.
				This work was prompted by Daniel Sinclair, who fixed a read type mismatch (when reading the padding length) that inspired
				a further fix to serialise the response FastCGI header properly.
				Lastly, a latent Apache2 FastCGI bug was fixed in incorrectly reporting the return code status.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.7.4</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2015-11-12">2015-11-12</time>
		</header>
		<aside>
			<div>
				Replace support for tame(2) (which was never enabled in the operating system) with the renamed <a
					href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/pledge.2">pledge(2)</a>.
				From a patch by James Turner&#8212;thank you!
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.7.5</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2016-01-04">2016-01-04</time>
		</header>
		<aside>
			<div>
				Added ability to easily perform HTTP digest authentication, <a
					href="khttpdigest_validate.3.html">khttpdigest_validate(3)</a>, which is heavily used in <a
					href="http://kristaps.bsd.lv/kcaldav">kcaldav</a> and a few other systems.
				This manages all of the aspects of the sequences, from the child process performing an MD5 hash on the full data stream
				to the end check against a hash.
				While there, also add <a href="khttpbasic_validate.3.html">khttpbasic_validate(3)</a> for completeness.
			</div>
			<div>
				Add an experimental feature for debugging input and output streams.
				One can set debugging fields with <a href="khttp_parse.3.html">khttp_parsex(3)</a> or <a
					href="khttp_fcgi_init.3.html">khttp_fcgi_initx(3)</a> and have request reads or response writes logged to
				standard output.
				<strong>Note</strong>: this changes the system API, so make sure any systems calling the above functions are upgraded to
				account for the extra argument!
				Also merged a thorough documentation patch by Svyatoslav Mishyn&#8212;thanks!
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.7.6</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2016-01-25">2016-01-25</time>
		</header>
		<aside>
			<div>
				Push read-only repository to <a href="https://github.com/kristapsdz/kcgi.git">GitHub</a>.
				<span class="nm">kcgi</span> has been accepted as a <a href="https://scan.coverity.com/projects/kcgi">Coverity</a>
				project.
				The initial scan revealed a pair of error-path resource links and some false positives.
				(All of these are visible on the Coverity project site.)
				It also found one legitimate bug in the newly-installed HTTP basic authentication code.
				This, obviously, has been fixed.
				Thanks, <a href="http://coverity.com">Coverity</a>!
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.7.7</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2016-02-10">2016-02-10</time>
		</header>
		<aside>
			<div>
				Allow for the developer to set a write buffer size when invoking <a href="khttp_parse.3.html">khttp_parsex(3)</a> or <a
					href="khttp_fcgi_init.3.html">khttp_fcgi_initx(3)</a>.
				The write buffer hooks into <a href="khttp_write.3.html">khttp_write(3)</a> and, if set to a non-zero size, will cause
				writes to be buffered.
				This changes existing behaviour where writes were never buffered.
				Note that this function is invoked by all writing functions, both within <a href="kcgi.3.html">kcgi(3)</a> and its
				libraries such as <a href="kcgijson.3.html">kcgijson(3)</a>.
				The buffer is flushed when its size is exceeded or when <a href="khttp_free.3.html">khttp_free(3)</a> is invoked.
				If not provided, the default is 8 KiB for CGI and 65 KiB for FastCGI.
				Also renamed the <code>xmalloc</code>-style internal functions so as not to override weak symbols in any interfacing
				applications.
				This was noted by Okan Demirmen&#8212;thanks!
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.7.8</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2016-03-02">2016-03-02</time>
		</header>
		<aside>
			<div>
				Use <a
					href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/strtonum.3">strtonum(3)</a> whenever possible,
				inspired by a patch from Jan Schreiber&#8212;thanks!
				Add <a href="khttpdigest_validate.3.html">khttpdigest_validatehash(3)</a>, which authenticates an HTTP digest session using a pre-computed hash.
				(The existing function builds the hash from a password.)
				This is required by <a href="http://kristaps.bsd.lv/kcaldav">kCalDAV</a>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.8.1</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2016-03-15">2016-03-15</time>
		</header>
		<aside>
			<div>
				Significantly update the FastCGI handling.
				There were two foci to this effort:
				first, to make the existing FastCGI
				system more robust in terms of starting
				and stopping; the second, to extend
				FastCGI so that <a
					href="kfcgi.8.html">kfcgi(8)</a>
				can handle variable-sized pools of
				workers instead of a fixed number.
				The method of extending FastCGI is
				described in <a
					href="extending01.html">FastCGI
					Extensions for Management
					Control</a>, and is implemented
				by the -<span class="flag">r</span> flag
				in <a href="kfcgi.8.html">kfcgi(8)</a>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.8.2</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2016-04-06">2016-04-06</time>
		</header>
		<aside>
			<div>
				Fix the -<span class="flag">l</span> flag in <a href="kfcgi.8.html">kfcgi(8)</a> as dictated in <a
					href="https://github.com/kristapsdz/kcgi/pull/1">pull/1</a> on the <a
					href="https://github.com/kristapsdz/kcgi">GitHub</a>.
				Thanks, <a href="https://github.com/cornett">cornett</a>!
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.8.3</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2016-04-19">2016-04-19</time>
		</header>
		<aside>
			<div>
				Work around an <a href="https://marc.info/?l=openbsd-tech&amp;m=144571751203238&amp;w=2">old but fatal FastCGI
					problem</a> only found on OpenBSD's <a href="https://github.com/reyk/httpd">httpd</a>.
				This assumes that HTTP headers are only on the first FastCGI packet, which is not part of the standard.
				The workaround is to have HTTP headers buffer just like the HTTP body, which will cause multiple headers to lump
				into (hopefully) one packet.
				Headers are still flushed when the HTTP body begins, however, although I'm still unsure whether this is a good
				idea.
				(It pushes the status code to the web server faster, but incurs an extra trip on the wire.)
				If you've disabled buffering in <a href="khttp_fcgi_init.3.html">khttp_fcgi_init(3)</a>, or you have so many
				headers that the output buffer is flushed before the last header, <a
					href="https://github.com/reyk/httpd">httpd</a> will intermix your body with headers.
				Ew.
				This problem was raised as <a href="https://github.com/kristapsdz/kcgi/issues/2">issues/2</a> by <a
					href="https://github.com/cornett">@cornett</a>&#8212;thanks!
				Also fix <a href="https://github.com/kristapsdz/kcgi/issues/3">issues/3</a>, raised by the same&#8212;thanks
				again!
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.8.4</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2016-06-14">2016-06-14</time>
		</header>
		<aside>
			<div>
				Fix several documentation bugs that erroneously noted values can be NULL when they would instead by empty
				strings.
				Also fixed some broken links.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.8.5</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2016-08-19">2016-08-19</time>
		</header>
		<aside>
			<div>
				Some documentation fixes and clarifications as suggested by Ross Richardson&#8212;thanks!
				Also added a <a href="tutorial3.html">custom validation tutorial</a>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.9.0</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2016-10-10">2016-10-10</time>
		</header>
		<aside>
			<div>
				Regressions, regressions, regressions, regressions.
				Fix <a href="kcgiregress.3.html">kcgiregress(3)</a> to work in a more general fashion, adding an example usage
				along the way.
				Regression tests are (sadly) not used often for web applications, so this tool should be a welcome one!
				Also add two useful functions: <a href="kutil_epoch2str.3.html">kutil_epoch2str(3)</a> for converting from
				integral (epoch) UNIX time into an HTTP date and <a href="kutil_date2epoch.3.html">kutil_date2epoch(3)</a> and <a
					href="kutil_date2epoch.3.html">kutil_datetime2epoch(3)</a> for converting from dates to integral time.
				Lastly, clarify that <a href="khttp_parse.3.html">khttp_parse(3)</a> requires a call to <a
					href="khttp_free.3.html">khttp_free(3)</a> if and only if it returns success.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.9.1</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2016-10-17">2016-10-17</time>
		</header>
		<aside>
			<div>
				Get rid of BSD make in favour of <a href="https://www.gnu.org/software/make/">GNU make</a>.
				I generally don't like GNU software, so let me explain: portability and readability.
				The original Makefile was almost 500 lines; the new one is 350.
				While this software isn't exactly a moving target, it's still annoying to add the same lines over and over
				again.
				If you can think of a better way, please let me know.
			</div>
			<div>
				Next, add some logging functions: <a href="kutil_log.3.html">kutil_log(3)</a> and friends.
				Why?
				I find myself re-rolling these same routines over and over again.
				They're similar (enough) to the NCSA format, sanitise (and bound) output, and time-stamp without tripping <a
					href="http://man.openbsd.org/pledge.2">pledge(2)</a>.
			</div>
			<div>
				Lastly, add an index of all <a href="functions.html">functions</a>.
			</div>
		</aside>
	</article>
	<article data-sblg-article="1" data-sblg-tags="version">
		<header>
			<h1>0.9.2</h1>
			<address>Kristaps Dzonsons</address>
			<time datetime="2016-11-27">2016-11-27</time>
		</header>
		<aside>
			<div>
				Following a report by Ross Richardson (thanks!), fix cookie handling.
				Before, cookie values (and keys) were being handled as URL-encoded strings.
				Now they're correctly handled as opaque values; and moreover, they use a stricter check against <a
					href="https://tools.ietf.org/html/rfc6265">RFC 6265</a>.
				While there, update some spelling and typos (thanks Svyatoslav!).
			</div>
		</aside>
	</article>
</articles>