Dancer2 0.203000 is on its way to a CPAN mirror near you. This version brings some important security improvements and bugfixes:

• It is considered good security practice to change a session ID whenever any change in privilege level occurs (such as logging into an app). Not only is this a good practice, but it is a requirement of some established security standards. To account for this, a new method, change_session_id() was added to make it easy for developers to issue a new session ID on privilege change.

At some point in the not-too-distant future, session drivers will be required to implement a _change_id() method to support this. In the meantime, Dancer2 will perform the operation for session drivers that lack this method.

Thanks to Ctrl O and InfoSaaS for sponsoring SysPete’s work on this important functionality!

• An error made it possible for a request to have serialized data that wouldn’t be deserialized into body_parameters if any middleware had previously created a Plack::Request object and parsed the request body. A bugfix by veryrusty forces deserialization of body data even when an existing Plack::Request object has already parsed the request body.

• A bug introduced in Dancer2 0.200000 was double-decoding deserialized data. This has been fixed.

• Three functions were introduced for developer convenience: code_mapping(), status_mapping() and all_mappings(). These methods allow your code to access copies of Dancer’s HTTP_CODES table, rather than having to copy the table for your own use. See the docs for Dancer2::Core::HTTP for more information.

• Several documentation improvements were made by Racke, including documentation of a session’s data() method.

The full changelog is as follows:

0.203000  2016-08-24 22:09:56-05:00 America/Chicago

[ BUG FIXES ]
* GH #1232: Force deserialization of body data even when an existing 
  Plack::Request object has already parsed request body. Don't double
  decode deserialized data. (Russell Jenkins - @veryrusty)

[ ENHANCEMENTS ]
* GH #1195: Add change_session_id() method - both as a good security 
  practice and to comply with other established security standards.
  (Peter Mottram)
* GH #1234: Add convenience functions to access Dancer's HTTP_CODES
  table. (Yanick Champoux)

[ DOCUMENTATION ]
* Fix Typo (Stefan Hornburg - Racke)
* Document $session->data (Stefan Hornburg - Racke)

If you have any questions, please find us at irc.perl.org#dancer.

Just a reminder, the Dancer conference in Vienna, Austria is quickly approaching (it’s just a month away!). If you are interested in attending or giving a talk, please visit the conference website.

Happy Dancing!

Dancer2 0.202000 is on its way to a CPAN mirror near you, and brings several important bug fixes and enhancements.

Plugins may now easily call the application’s DSL using $self->dsl. For example, logging a debugging message is as easy as $self->dsl->debug( “I’m in your plugin!” ); Plugins can now also call the syntax of plugins that they have loaded. Consider this example:

Your Dancer2 application (MyApp) uses plugin Foo. Plugin Foo uses plugin Bar. Plugin Bar adds baz() to the DSL. Plugin Foo can now access baz() (just like the DSL in Dancer2 works), however, baz() is only accessible to the Foo plugin, not MyApp.

Please keep in mind that if plugin Bar adds any hooks, those hooks are added to MyApp, but Bar’s DSL is not available to MyApp.

The parameter methods in Dancer2 (body_parameters(), etc.) were not decoding Unicode values passed to them. All parameter methods are now decoding Unicode characters.

There have been several maintenance issues regarding Type::Tiny::XS, and these were causing compilation and runtime failures for users of Dancer2 on Strawberry Perl. Until these issues are resolved, we have returned to using MooX::Types::MooseLike for type checking. If you’re a plugin author, please check your plugin against this release as this change may require some reworking on your part. Please find us on irc.perl.org#dancer with any questions or help you may need.

A memory leak was uncovered in Dancer2::Plugin, and has been patched in this release. A test has been added to check for this in the future.

If you have HTTP::XSCookies installed, we will now use it, and cookie operations will be substantially faster.

The full changelog is as follows:

0.202000  2016-08-13 13:50:30-05:00 America/Chicago

[ BUG FIXES ]
* Fix memory leak in plugins. (Sawyer X)
* GH #1180, #1220: Revert (most of) GH #1120. Change back to using
  MooX::Types::MooseLike until issues around Type::Tiny are resolved.
  Peter (@SysPete) Mottram
* GH #1192: Decode body|query|request_parameters (Peter Mottram)
* GH #1224: Plugins defined with :PluginKeyword attribute are now 
  exported. (Yanick Champoux)
* GH #1226: Plugins can now call the DSL of the app via $self->dsl
  (Sawyer X)

[ ENHANCEMENTS ]
* PR #1223: Add YAML::XS to Recommends (Peter Mottram)
* PR #1117: If installed, use HTTP::XSCookies and all cookie operations 
  will be faster (Peter Mottram)
* PR #1228: Allow register_plugin() to pass @_ properly (Sawyer X)
* PR #1231: Plugins can now call the syntax of plugins they loaded 
  (Sawyer X)

[ DOCUMENTATION ]
* PR #1151: Note that config is immutable after first read (Peter Mottram)
* PR #1222: Update list of files generated by `dancer2 -a`, make name of 
  sample app consistent (Daniel Perrett)

If you have any questions, please find us at irc.perl.org#dancer.

Thank you to our amazing community and plugin developers for your continued support. Your questions, contributions, and the support you give the core team and each other continue to make the Dancer2 community great.

Just a reminder, the Dancer conference in Vienna, Austria is quickly approaching. If you are interested in attending or giving a talk, please visit the conference website.

Happy dancing!