5 October 2016, 22:53

Not much has changed in this release, but it's been some time since the last release. So, I decided to release what I have now.

5 October 2016, 23:01
Successfully installed on OpenBSD, Raspbian and macOS Sierra. Thank you Hugo.
6 October 2016, 02:01
Good to know it runs on OpenBSD. I do apreciate your work, your license is what bothers me. Why don't you release this fine piece of software under MIT or BSD? Trust me, you wouldn't get any richer, nor poorer.
Hugo Leisink
6 October 2016, 14:01
In what way does GPL not allow you to do things with Hiawatha you want to do?
Stavros Kapageridis
6 October 2016, 15:01
Successfully installed on Debian 8. Thank you Hugo.
Chris Wadge
7 October 2016, 06:29
Built for Debian-LTS, US apt repo and direct-download links are up to date.
7 October 2016, 14:11
Hugo, your project is wonderful! Thank you!
Stavros Kapageridis
7 October 2016, 15:57
Thank you , Chris Wadge.
8 October 2016, 04:52
Thanks a lot for the new SkipCacheCookie feature! I will be using it a lot
Nick Leibert
9 October 2016, 01:37
Thank you Hugo!!! I love Hiawatha
13 October 2016, 15:44

I cannot find the documentation of "SkipCacheCookie".
Hugo Leisink
13 October 2016, 17:47
It's in the manual, which can be found in the package and here.
16 October 2016, 20:29
Thank you for the release. I must try to punch myself in order to remember to make more use of your software.

Best wishes,
17 October 2016, 00:13
Thank you, I love Hiawatha. This project is awesome, including a great documentation :-)
25 November 2016, 18:05
Ken Aaker
1 December 2016, 23:18
Hi Hugo,
I think I've found something that might be a bug. In a configuration that does no logging, I've seen the server socket get allocated to file descriptor 0. Then when I try to use a plain old CGI program, the CGI fails because stdin (fd 0) is closed. I think the dup2() call that copies the pipe connection into stdin silently closes the socket and it's downhill from there. I don't know if it's a supported configuration, but it was interesting to track down.
Hugo Leisink
4 December 2016, 08:12
Thanks. I'll take a look at it.
Hugo Leisink
6 December 2016, 10:28
@Ken Acker: Can you send me your configuration? I can't reproduce your issue. And there is no configuration that does no logging at all. There's always the system logfile and error logfile.
Ken Aaker
12 December 2016, 18:09
Hi Hugo,

Sorry for the delay. Here's the configuration that I am using in the environment where I see fd 0 opened as the web server socket. I'm not certain that the logging settings affect whether fd 0 is used for the web server socket (that's speculation on my part). There aren't any patches that I'm applying to hiawatha when I build it for this environment.
Since you're certain about the basic logging setup. I dug around in the environment code some more. In this particular environment, someone apparently decided they new better and put a wrapper around processes that they wanted to keep track up that (taa-daa) closes stdin, stdout, stderr, and connects stdout and stderr to another logging facility socket. I don't know if you want to deal with that sort of sillyness or not...

Anyway, there's the config file that is used...

ConnectionsTotal = 1000
ConnectionsPerIP = 100
Binding {
Port = 80
MaxRequestSize = 13312

# This defines the FastCGI interface to the WebStaX JSON/CGI server
FastCGIserver {
ConnectTo = /tmp/json.socket
FastCGIid = JSON
Extension = cgi
UrlToolkit {
ToolkitID = webstax
RequestURI isfile Return
Match / UseFastCGI JSON
Hostname =
WebsiteRoot = /var/www/webstax
StartFile = login.htm
AccessLogfile = none
SystemLogfile = /dev/null
GarbageLogfile = /dev/null
ErrorLogfile = /dev/null
UseToolkit = webstax
UseLocalConfig = no
WorkDirectory = /tmp/hiawatha
HTTPAuthToCGI = yes
CGIhandler = /var/www/webstax/ION/www/cgi:cgi
ExecuteCGI = yes
NoExtensionAs = cgi
TimeForCGI = 60
CustomHeader = X-Frame-Options: sameorigin
PreventSQLi = yes
PreventXSS = yes
MinTLSversion = TLS1.0
CustomHeader = Vary: Accept-Encoding