Dancer2 0.204001 restores 5.8 support, fixes Test::Perl::Critic dependencies

Dancer2 0.204001 is on its way to a CPAN mirror near you. There are several important updates in this release that are worth noting:

  • Support for Perl 5.8 support has been restored. We used a named capture in a regex in resolving an issue in Dancer2 0.204000 and in the process, made Dancer2 unusable on Perl 5.8. This has been fixed. Thanks veryrusty!

  • Dancer2 0.204000 unintentionally required that Test::Perl::Critic be installed, and that we pass Perl::Critic tests to install properly. This has been reverted. We apologize for the inconvenience.

The full changelog is here:

0.204001  2016-10-17 08:29:00-05:00 America/Chicago

* Restore 5.8 support (fix test which required captures).
  (Russell @veryrusty Jenkins)
* PR #1271: fix wrong regex check against $_ (Mickey Nasriachi)

* GH #1262: Add 'encode_json' and 'decode_json' DSL, which are
  recommended instead of 'to_json' and 'from_json'.
  (Dennis @episodeiv lichtenthäler)

* Fix some typos.(Dennis @episodeiv lichtenthäler)
* GH #1031: Remove D2::Core::Context remnants from docs.
  (Sawyer X)

* GH #1273: Do not require Test::Perl::Critic to install.
  (Dennis lichtenthäler)

Thanks to Dennis @episodeiv Lichtenthäler for contributing to this release.

Happy Dancing!

Dancer2 0.204000 improves app config, content caching, and dependency management

Fresh off of Perl.Dance 2016 is Dancer2 0.204000. The latest version of Dancer2 is on its way to a CPAN mirror near you.

This version brings some compelling enhancements and features:

  • Improved configuration handling (Jonathan Duff):

You can now create a local version of your configuration files which you then do not need to commit to any repository. If you create a file called config_local.yml, you will have a local config.yml. You can do the same with any configuration file, just change the filename to end with _local.

You can now set the DANCER_CONFIG_EXT environment variable in order to only load configuration files of a particular type (such as JSON). For example: DANCER_CONFIG_EXT=json plackup bin/app.psgi

You can now get some diagnostics information about loaded conifguration files by setting the DANCER_CONFIG_VERBOSE environment variable to a true value.

  • Improved static content caching:

Plack::Middleware::Static does not, out of the box, send a 304 Not Modified status for static resources that have not changed since they were last requested. By using Plack::Middleware::Conditional and Plack::Middleware::ConditionalGET, we were able to improve caching for users without a front-end static proxy (Theo van Hoesel).

  • Dependencies have been moved from dist.ini to cpanfile, allowing developers to use [Carton] ( to easily deploy and run Dancer2 apps entirely from a local or deployment directory.

  • If you want to create a sample application skeleton that uses Template Toolkit-style variable markers ([% %]), you can now do so. App skeletons now use [d2% %2d] for variables that Dancer2 needs to produce new application skeletons. Thanks, Jason Lewis!

  • If you need full control of the evals run by Dancer2 (if, for example, you write an eval frame unrolling code), you can now provide your own code to be run via $EVAL_SHIM. Thanks to Yves Orton (demerphq) for contributing!

  • Numerous bug fixes and documentation improvements.

The full changelog is as follows:

0.204000  2016-10-10 20:56:51-05:00 America/Chicago

* GH #1255: Fix hook overriding in plugin. (Yves Orton)
* GH #1191: Named capture prior to dispatch breaks dispatch.
  (Yves Orton)
* GH #1235: Clean up descriptions for HTTP codes 303 and 305.
  (Yanick Champoux)
* Remove duplicate (and errornous) 451 error message.
  (Sawyer X)
* GH #1116, #1245: Ensure cached Hash::MultiValue parameters are cloned
  into the new request. (Russell @veryrusty Jenkins)
* You can now provide a $EVAL_SHIM to Dancer2::Core::App in order
  to have custom code run on eval{} calls. One example of this
  is to handle proper counting of stack frames when you want to
  unwind/unroll the stack for custom error reporting.
  (Yves Orton)
* Added a cpanfile to allow installing local dependencies with 
  carton. (Mickey Nasriachi)
* GH #1260: Specify optional charset to send_file and send_as
  (Russell @veryrusty Jenkins)
* PR #1162: Change skeleton template tags so skeletons can generate
  applications that use Template Toolkit default tags (Jason Lewis)
* GH #1149: Fix config loading inconsistencies, support local config
  files in addition to standard Dancer conf files (Jonathan Scott Duff)
* PR #1269: Stash decoded body_parameters separately from those 
  in Plack::Request (Russell @veryrusty Jenkins)
* GH #1253: Static middleware should send 304 Not Modified to enable
  intermediate level caching. (Russell @veryrusty Jenkins)
* GH #608: Remove extra general COPYRIGHT notice in Tutorial.
  (Sawyer X)
* Simplify upload example. (Alberto Simões, Sawyer X)

Thanks to all the sponsors, attendees, and speakers who participated in this year’s Dancer conference, Perl.Dance 2016. It was another highly successful conference, and we are already looking forward to next year’s gathering. We are currently working on the videos of this year’s talks, and hope to have them uploaded shortly.

If you have any questions, please find us at Happy Dancing!

Dancer2 0.203001 improves speed of apps, fixes missing dependency

Dancer2 0.203001 is on its way to a CPAN mirror near you. It is essentially a maintenance release, with only two minor changes:

  • Class::Load was replaced by Module::Runtime. This will result in a slightly faster execution time for your Dancer2 apps. This had been applied previously, but was erroneously undone by another commit. Thanks to veryrusty for noticing and fixing!

  • The minimum version of List::Util needed by Dancer2 was omitted from 0.203000, causing some headaches for users of older versions of List::Util.

The full changelog follows:

0.203001  2016-09-03 20:59:47-05:00 America/Chicago

* GH #1237: Specify minimum version of List::Util required for pair*
  functionals. (Russell @veryrusty Jenkins)

* PR #1242: Replace Class::Load with Module::Runtime (Russell 
  Jenkins - @veryrusty)

You can always find us at if you have any questions.

The Perl Dancer 2016 conference is just a few short weeks away! It’s not too late to attend. Check out the conference website for more information.

Happy Dancing!

Dancer2 0.203000 improves session security, fixes decoding bugs

Dancer2 0.203000 is on its way to a CPAN mirror near you. This version brings some important security improvements and bugfixes:

  • It is considered good security practice to change a session ID whenever any change in privilege level occurs (such as logging into an app). Not only is this a good practice, but it is a requirement of some established security standards. To account for this, a new method, change_session_id() was added to make it easy for developers to issue a new session ID on privilege change.

At some point in the not-too-distant future, session drivers will be required to implement a _change_id() method to support this. In the meantime, Dancer2 will perform the operation for session drivers that lack this method.

Thanks to Ctrl O and InfoSaaS for sponsoring SysPete’s work on this important functionality!

  • An error made it possible for a request to have serialized data that wouldn’t be deserialized into body_parameters if any middleware had previously created a Plack::Request object and parsed the request body. A bugfix by veryrusty forces deserialization of body data even when an existing Plack::Request object has already parsed the request body.

  • A bug introduced in Dancer2 0.200000 was double-decoding deserialized data. This has been fixed.

  • Three functions were introduced for developer convenience: code_mapping(), status_mapping() and all_mappings(). These methods allow your code to access copies of Dancer’s HTTP_CODES table, rather than having to copy the table for your own use. See the docs for Dancer2::Core::HTTP for more information.

  • Several documentation improvements were made by Racke, including documentation of a session’s data() method.

The full changelog is as follows:

0.203000  2016-08-24 22:09:56-05:00 America/Chicago

* GH #1232: Force deserialization of body data even when an existing 
  Plack::Request object has already parsed request body. Don't double
  decode deserialized data. (Russell Jenkins - @veryrusty)

* GH #1195: Add change_session_id() method - both as a good security 
  practice and to comply with other established security standards.
  (Peter Mottram)
* GH #1234: Add convenience functions to access Dancer's HTTP_CODES
  table. (Yanick Champoux)

* Fix Typo (Stefan Hornburg - Racke)
* Document $session->data (Stefan Hornburg - Racke)

If you have any questions, please find us at

Just a reminder, the Dancer conference in Vienna, Austria is quickly approaching (it’s just a month away!). If you are interested in attending or giving a talk, please visit the conference website.

Happy Dancing!

Dancer 0.202000 allows plugins to call DSL (even of other plugins!) and fixes unicode support for parameter methods

Dancer2 0.202000 is on its way to a CPAN mirror near you, and brings several important bug fixes and enhancements.

Plugins may now easily call the application’s DSL using $self->dsl. For example, logging a debugging message is as easy as $self->dsl->debug( “I’m in your plugin!” ); Plugins can now also call the syntax of plugins that they have loaded. Consider this example:

Your Dancer2 application (MyApp) uses plugin Foo. Plugin Foo uses plugin Bar. Plugin Bar adds baz() to the DSL. Plugin Foo can now access baz() (just like the DSL in Dancer2 works), however, baz() is only accessible to the Foo plugin, not MyApp.

Please keep in mind that if plugin Bar adds any hooks, those hooks are added to MyApp, but Bar’s DSL is not available to MyApp.

The parameter methods in Dancer2 (body_parameters(), etc.) were not decoding Unicode values passed to them. All parameter methods are now decoding Unicode characters.

There have been several maintenance issues regarding Type::Tiny::XS, and these were causing compilation and runtime failures for users of Dancer2 on Strawberry Perl. Until these issues are resolved, we have returned to using MooX::Types::MooseLike for type checking. If you’re a plugin author, please check your plugin against this release as this change may require some reworking on your part. Please find us on with any questions or help you may need.

A memory leak was uncovered in Dancer2::Plugin, and has been patched in this release. A test has been added to check for this in the future.

If you have HTTP::XSCookies installed, we will now use it, and cookie operations will be substantially faster.

The full changelog is as follows:

0.202000  2016-08-13 13:50:30-05:00 America/Chicago

* Fix memory leak in plugins. (Sawyer X)
* GH #1180, #1220: Revert (most of) GH #1120. Change back to using
  MooX::Types::MooseLike until issues around Type::Tiny are resolved.
  Peter (@SysPete) Mottram
* GH #1192: Decode body|query|request_parameters (Peter Mottram)
* GH #1224: Plugins defined with :PluginKeyword attribute are now 
  exported. (Yanick Champoux)
* GH #1226: Plugins can now call the DSL of the app via $self->dsl
  (Sawyer X)

* PR #1223: Add YAML::XS to Recommends (Peter Mottram)
* PR #1117: If installed, use HTTP::XSCookies and all cookie operations 
  will be faster (Peter Mottram)
* PR #1228: Allow register_plugin() to pass @_ properly (Sawyer X)
* PR #1231: Plugins can now call the syntax of plugins they loaded 
  (Sawyer X)

* PR #1151: Note that config is immutable after first read (Peter Mottram)
* PR #1222: Update list of files generated by `dancer2 -a`, make name of 
  sample app consistent (Daniel Perrett)

If you have any questions, please find us at

Thank you to our amazing community and plugin developers for your continued support. Your questions, contributions, and the support you give the core team and each other continue to make the Dancer2 community great.

Just a reminder, the Dancer conference in Vienna, Austria is quickly approaching. If you are interested in attending or giving a talk, please visit the conference website.

Happy dancing!