Whats New? The Webalizer

April 16, 2002 Version 2.01-10 has been released. This version is only a bug fix release with no new features added. It corrects some problems with extended characters, mismatched KByte totals, blank hostname weirdness and a very obscure buffer overflow. The buffer overflow was incorrectly reported to BugTraq as a remote buffer overflow that allows a root compromise. Unless you believe that any buffer overflow allows root access to a box, this is quite a stretch. Anyway, I took the opportunity to not only fix the obscure buffer overflow, but some of the other minor buglets that have surfaced in the last month or so.
December 1, 2001 I would like to thank everyone who responded to my request for help in locating a new home for the Webalizer site. I was overwhelmed with the amount of offers and support that I received, and I want everyone to know that it really is appreciated. I cannot thank everyone enough. The site was switched to it's new home at midnight last night, which was graciously donated by the fine folks over at AirWire.net. Anyone looking for a top notch facility staffed by quality professionals should give them a ring.
October 23, 2001 Version 2.01-09 has been released, which fixes several known bugs, as well as a cross-site scripting vulnerability (discovered by Flavio Veloso of Magnux Software), that could allow malicious HTML tags to be injected in the reports generated by the Webalizer. This release also includes several new and updated language files. All users are encouraged to upgrade as soon as possible.

Related Links:
Magnux Software Advisory describing the vulnerability
BugTraq Security Advisory as submitted by Magnux Software
BugTraq Vulnererability Discussion specific to the Webalizer
CERT Advisory CA-2001-02 - "Malicious HTML Tags Embedded in Client Web Requests

October 5, 2001 Notice: Webalizer versions 1.30 through 2.00 calculated timestamps in a way that cause the value to overflow on October 5th, 2001, causing the stats to 'stop' at midnight October 4th. Version 2.01 does not suffer from this problem, and has been available for over a year. If you cannot upgrade to the current version, a patch is available on the ftp site to fix the old versions.
June 15, 2001 Segfault bug discovered. There is a bug that can cause the Webalizer to crash when some malformed user agent strings are encountered. This only occurs when using a MangleAgent level of one (1).. the workaround is to change the level to anything other than one. It will be corrected in the next release. If you can't wait, a patch can be found on our ftp site.
October 8, 2000 Version 2.01 offically released. This is now the current stable release of the Webalizer and fixes all known problems as well as adding a few new features / options over the 2.00 code. Check the CHANGES file for an overview of what has changed.
July 1, 2000 I'm still alive, honest! I've just been slightly busy with a job change and relocation to a different city.. it's hard working on personal projects when you're moving furniture and trying to settle into a new job. However, the dust should soon be clearing. I've received quite a few patches that need to be merged into the main code base, such as support for IIS/W3C extended logs, fixes for the DNS code and a few other odds and ends, so be patient and the code shall soon be yours.
March 5, 2000 Version 2.00 now available for testing. This is a major upgrade that adds many new features, such as Squid proxy log support, GZip compressed log support, reverse DNS lookups, ability to display all objects on a seperate HTML page, ability to export the processed data to other programs and a lot more. Check the CHANGES file for a complete description of changes made since V1.30.
February 12, 2000 For those who have been looking for PNG support, there is a pre-release version, 1.30-05 available. This version supports PNG images, adds a few minor code tweaks and allows forcing input from standard input. A new release with additional features is in the works which will include all the above and more, so this is just a stop-gap version until a full release is ready. Source and an intel linux binary version can be found in the pre-release directory.
July 30, 1999 Just wanted everyone to know that if you have sent me any mail, patches or language updates lately, I haven't forgotten about you! My development machine took a hardware nosedive, and then was lost by the shipping company in transit back from being fixed... I have been doing everything I can to get back up to speed, but with the amount of mail that I receive in a day, not being able to read any for a couple of days on top of working on a flakey platform has pretty much swamped me... I'll get there, just give me time :) Thanks!
July 11, 1999 Version 1.30-04 released. This release fixes several small problems found, including the invalid "Error adding Search String..." error message some people were getting when using incremental mode, and a few other minor code changes. It is a drop-in replacement for 1.30-02, and all users are encouraged to upgrade.
June 30, 1999 Version 1.30 is now available. This version adds many long missing features, such as page and visit totals, entry and exit page totals, search string analysis, support for wu-ftpd type xferlogs and much more. Check the CHANGES file for additional information on changes made since version 1.22. Users who are upgrading from a previous version should read this first!
March 22, 1999 Version 1.22 is released. This version adds many new features as well as some cleaned up incremental processing code to increase reliability. See the file CHANGES for a brief summary of changes made from previous versions.
December 23, 1998 Version 1.20-11 has been released. I haven't had the time to do any new code, so this is just a bug fix release. It can be found in the Pre-Release directory. A patch for users with netscape web servers can be found there as well. It is a kludge to handle the newer servers inability to produce chronological log files.
October 30, 1998 The mrunix.net domain will be changing IP addresses and it physical location over the weekend, as a direct result of the recent activities concerning its current hosting situation (see below). Because of this, there may be some minimal downtime and/or inavilability due to IP address propagation issues.
Nov 3 - Update: The server has been moved to it's temporary home at it's new IP address. Things should settle down over the next few days.
October 17, 1998 Version 1.20-10 has been placed in the pre-release directory for general distribution and testing. It is primarly a maintenance release that corrects a few bugs and adds some changes to better support larger sites. See the CHANGES file in that directory for information on the changes made.
October 15, 1998 Today, the organization that was hosting this site, and my job, decided to close down operations. Unfortunately, this means that I'm now out of a job, and a place to host the web and ftp sites (or will be shortly). The European Mirror Site will remain available until I can re-locate.
September 12, 1998 New web site placed on line. Hopefully, things are arranged a little better so you you don't have to scroll through miles of text looking for what you want.
July 26, 1998 Version 1.20 Released. This version adds incremental processing capability, which allows the use of partial logs without the loss of statistical detail. Check the CHANGES file to see what has been changed since the last few versions.

Last modified April 16, 2002 by B. Barrett