Skip to content

v9.1.0

Latest
Latest

Choose a tag to compare

View all tags
@dev-embedthis dev-embedthis released this 03 Nov 02:55
· 1 commit to main since this release
v9.1.0
736ac8c

Appweb 9.1.0 Release Notes

Release Date: November 3, 2025

Overview

Appweb 9.1.0 is a recommended upgrade maintenance release focusing on security hardening, test infrastructure modernization, and documentation improvements. This release incorporates the results of an extensive security audit using static analysis tools, fuzzing, and AI-supported scanning. While no security issues with relevant risk were discovered, the update significantly tightens the codebase in many places.

This release maintains full API compatibility with Appweb 9.0.x while improving security posture and the development experience.

Important: Appweb remains in maintenance mode with ongoing security updates and critical bug fixes. For new projects, consider migrating to Ioto Device Agent.

Recommended Action

✓ Recommended Upgrade — Upgrade recommended but not essential

While this is not an essential security update, the comprehensive security hardening makes this a recommended upgrade for all users.

What's New in 9.1.0

Test Infrastructure Modernization

  • Migrated to TestMe: Complete transition from legacy test framework to modern TestMe testing tool
  • NPM Integration: TestMe now installable via NPM for improved CI/CD workflows
  • Enhanced Test Organization: Streamlined test structure with improved test discovery and execution
  • CI/CD Improvements: Extensive continuous integration and deployment pipeline enhancements
  • Ejscript Updates: Updated Ejscript (ejs) test support with improved Windows compatibility
  • Test Consolidation: Moved prep-test logic into prep.sh for better maintainability

Security Enhancements

This release includes comprehensive security hardening based on extensive security auditing using static analysis tools, fuzzing, and AI-supported scanning:

  • NULL Tolerance Hardening: Enhanced NULL pointer handling throughout the codebase for improved robustness
  • Integer Overflow Protection: Extended integer overflow protection across critical code paths
  • Safe String APIs: Replaced standard string APIs with MPR alternatives and safe string APIs to prevent buffer overflows
  • OpenSSL Configuration: Updated OpenSSL configuration for enhanced security
  • URL Character Validation: Improved URL character validation to prevent injection attacks
  • Header Validation: Enhanced whitespace tolerance in HTTP headers while maintaining security boundaries
  • Debug Log Cleanup: Improved debug trace output to reduce information leakage
  • SSL/TLS Updates: Updated SSL/TLS integration for modern security standards

Security Audit Results: No security issues with relevant risk were discovered during the audit. All findings were preventative hardening improvements.

Bug Fixes

  • FIX: Enhanced whitespace tolerance in HTTP header parsing
  • FIX: Resolved Windows-specific test failures
  • FIX: Corrected TestMe linking issues
  • FIX: Fixed various CI/CD pipeline issues

Documentation

  • Extensive Documentation Updates: Comprehensive improvements across all documentation
  • README Updates: Improved project documentation and getting started guides
  • API Documentation: Enhanced API reference documentation
  • AI Context: Added comprehensive AI/Claude Code documentation structure
  • Documentation Formatting: Improved consistency and readability across documentation

Development Experience

  • Upload-Ajax: Added AJAX-based file upload example
  • Project Regeneration: Updated MakeMe project files for all platforms
  • Build System: Updated Makefiles for improved cross-platform compatibility
  • Updater Module: Enhanced updater component with latest improvements
  • Code Formatting: Applied consistent code formatting across codebase

Upgrade Notes

From 9.0.x to 9.1.0

Appweb 9.1.0 is backward compatible with 9.0.x releases. No configuration or code changes are required.

Testing Changes

If you maintain custom tests:

  • Consider migrating to TestMe framework for better integration
  • TestMe is now available via NPM: npm install -g @embedthis/testme
  • Review test examples in test/ directory for updated patterns

Compatibility

  • Platform Support: Linux, macOS, Windows (native and WSL), ESP32, FreeRTOS
  • Compilers: GCC 7+, Clang 10+, Visual Studio 2022+
  • HTTP Protocols: HTTP/1.0, HTTP/1.1, HTTP/2
  • TLS Support: OpenSSL 1.1.1+, OpenSSL 3.x, MbedTLS 2.x/3.x
  • API Compatibility: Fully compatible with Appweb 9.0.x

Detailed Changes

Features & Enhancements

  • DEV: Extensive documentation updates across all modules
  • DEV: Switched to new TestMe testing framework
  • DEV: Updated Ejscript (ejs) to latest version
  • DEV: Added upload-ajax example for AJAX file uploads
  • DEV: Enhanced updater module
  • DEV: Improved build system and Makefiles
  • DEV: Added comprehensive AI context documentation structure

Bug Fixes

  • FIX: Hardened NULL tolerance throughout the codebase
  • FIX: Extended integer overflow protection
  • FIX: Replaced unsafe string APIs with MPR safe string alternatives
  • FIX: Updated OpenSSL configuration
  • FIX: Improved URL character validation
  • FIX: Enhanced whitespace tolerance in HTTP header parsing while maintaining security
  • FIX: Cleaned up debug log trace to reduce information exposure
  • FIX: Resolved Windows-specific test failures
  • FIX: Fixed TestMe linking issues in test builds
  • FIX: Corrected various CI/CD pipeline configuration issues

Testing

  • TEST: Complete migration to TestMe framework
  • TEST: TestMe now available via NPM
  • TEST: Added paks/ejs for Ejscript test support
  • TEST: Extensive CI/CD workflow testing and improvements
  • TEST: Consolidated test preparation scripts
  • TEST: Created web/tmp directory for test artifacts

Documentation

  • DOC: Extensive documentation updates across all modules
  • DOC: Updated README with current project status
  • DOC: Enhanced API documentation
  • DOC: Improved code formatting and consistency
  • DOC: Added AI/Claude Code context documentation

Maintenance

  • CLEAN: Code cleanup and formatting improvements
  • CHORE: Project file regeneration
  • CHORE: Build system updates

Migration to Ioto

Appweb is in maintenance mode. For new projects or future upgrades, consider Ioto Device Agent:

Benefits:

  • Modern fiber-based architecture (vs thread-based)
  • Integrated IoT capabilities (MQTT, cloud management, OTA updates)
  • Active feature development
  • Comprehensive device management and monitoring

Contact: support@embedthis.com for migration assistance

Resources

Acknowledgments

Thank you to the Appweb community for continued support and feedback. Special thanks to all contributors who reported issues and tested pre-release versions.

License

Appweb is distributed under a dual license model:

  • Commercial license for proprietary applications
  • GPL v2+ for open source projects

See https://www.embedthis.com/licensing/ for details.

Previous Release: 9.0.4
Next Release: TBD

Assets 2
Loading