Mojolicious-0.999930

Security Advisories (12)

CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

https://github.com/mojolicious/mojo/pull/1791

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

https://github.com/mojolicious/mojo/commit/a815d4797145f872ef6e9f1270841eda1d410afb

CVE-2011-1841 (2011-03-10)

Mojolicious is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by link_to helper. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

CVE-2011-1841 (2011-05-03)

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

Changes for version 0.999930 - 2010-10-18

Code name "Hot Beverage", this is a major release.
Removed Mojo::Server::Daemon::Prefork due to unfixable design flaws regarding WebSocket support, please use a PSGI server instead for HTTP production setups. For scalable WebSocket deployment we will introduce a whole new server in one of the next releases!
Deprecated old Mojo::Template block syntax and added a very pretty replacement. (See documentation for more)
Deprecated helper method in Mojolicious::Controller.
Deprecated all *_cb methods (and finished/receive_message) in favor of on_* methods.
Deprecated process method in Mojo::Client and added new start method.
Replaced the "mojolicious" command with "mojo", for convenience.
Removed Mojo::Command::Generate::App.
Renamed the methods name and replace_content to type and replace_inner in Mojo::DOM.
Added EXPERIMENTAL support for indented Perl lines in Mojo::Template.
Added EXPERIMENTAL support for --mode and --home options to all Mojolicious commands.
Added EXPERIMENTAL support for helper methods.
Added EXPERIMENTAL helper method to Mojolicious.
Added EXPERIMENTAL support for inline rendering to Mojolicious.
Added EXPERIMENTAL memorize helper to Mojolicious::Plugin::DefaultHelpers. (ptomli)
Added EXPERIMENTAL write, write_chunk and rendered methods to Mojolicious::Controller.
Added EXPERIMENTAL support for loading of plugins by full module name.
Added EXPERIMENTAL tag helpers to Mojolicious.
Added EXPERIMENTAL support for radio buttons and select fields to Mojolicious::Plugin::TagHelpers. (kvorg)
Added EXPERIMENTAL is_limit_exceeded, max_line_size and max_message_size methods to Mojo::Message.
Added EXPERIMENTAL automatic relaxed parsing support for HTTP responses.
Added while, until and inner_xml methods for Mojo::DOM collections. (vti)
Added b function to all Mojo::Template templates.
Added selector support to the dom method of Mojo::Message. (marcus)
Added x function to ojo. (DaTa)
Added failed request warnings to ojo. (marcus)
Added support for selector groups to Mojo::DOM.
Added more attribute selectors, pseudo classes and combinators to Mojo::DOM.
Added support for mode specific config files to Mojolicious::Plugin::JsonConfig. (marcus)
Added reserved route name current.
Simplified transaction pausing by replacing it with an automatism.
Improved RFC3986 compliance of Mojo::Path. (janus)
Improved Mojo::Server::PSGI to preload applications.
Improved FastCGI detection for Dreamhost. (garu)
Improved keep alive timeout handling in Mojo::Client.
Improved documentation. (rhaen)
Improved Mojo::ByteStream performance. (mons)
Improved Mojo::Parameters performance. (kimoto)
Improved Mojo::Message::Response parser resilience.
Improved template class handling in MojoX::Renderer. (vti)
Fixed a serious design flaw in Mojo::Message and made long poll much easier.
Fixed a bug where Mojo::IOLoop connections could be closed too early.
Fixed a bug where a broken renderer could cause a fatal exception.
Fixed HTTPS support for CGI environments.
Fixed a auto rendering bug related to bridges.
Fixed Mojo::IOLoop Windows support.
Fixed Mojo::DOM class selector bug. (tempire)
Fixed small render bug. (skaurus)
Fixed a small renderer bug.
Fixed automatic reloading for external templates.
Fixed after_build_tx plugin hook callback order.
Fixed a small under bug in Mojolicious::Lite.
Fixed logging of UTF-8 errors. (und3f)
Fixed Mojo::DOM parser bug. (esskar)
Fixed TLS handshake bug in Mojo::IOLoop. (und3f)
Fixed a small Test::Mojo bug.
Fixed multiple route condition bugs. (esskar)
Fixed a small relative path bug in Mojo::URL.
Fixed pod renderer bug. (vti)
Fixed a multipart parser bug affecting mostly file uploads.
Fixed input tag helper escaping. (vti)
Fixed url_for WebSocket support.
Fixed url_for format handling.

Documentation

README

Mojolicious::Guides

Mojolicious Guide To The Galaxy

Mojolicious::Guides::Cheatsheet

Reference

Mojolicious::Guides::CodingGuidelines

Coding Guidelines

Mojolicious::Guides::Cookbook

Cookbook

Mojolicious::Guides::FAQ

Frequently Asked Questions

Mojolicious::Guides::Rendering

Rendering

Mojolicious::Guides::Routing

Routing

mojo

The Mojolicious Command System

Modules

Mojo

The Box!

Mojo::Asset

Asset Base Class

Mojo::Asset::File

File Asset

Mojo::Asset::Memory

In-Memory Asset

Mojo::Base

Minimal Base Class For Mojo Projects

Mojo::ByteStream

ByteStream

Mojo::Client

Async IO HTTP 1.1 And WebSocket Client

Mojo::Command

Command Base Class

Mojo::Command::Cgi

CGI Command

Mojo::Command::Daemon

Daemon Command

Mojo::Command::Fastcgi

FastCGI Command

Mojo::Command::Get

Get Command

Mojo::Command::Psgi

PSGI Command

Mojo::Command::Test

Test Command

Mojo::Command::Version

Version Command

Mojo::Commands

Commands

Mojo::Content

HTTP 1.1 Content Base Class

Mojo::Content::MultiPart

HTTP 1.1 MultiPart Content Container

Mojo::Content::Single

HTTP 1.1 Content Container

Mojo::Cookie

HTTP 1.1 Cookie Base Class

Mojo::Cookie::Request

HTTP 1.1 Request Cookie Container

Mojo::Cookie::Response

HTTP 1.1 Response Cookie Container

Mojo::CookieJar

Cookie Jar For HTTP 1.1 User Agents

Mojo::DOM

Minimalistic XML/HTML5 DOM Parser With CSS3 Selectors

Mojo::Date

HTTP 1.1 Date Container

Mojo::Exception

Exceptions With Context

Mojo::Headers

Headers

Mojo::HelloWorld

Hello World!

Mojo::Home

Detect And Access The Project Root Directory In Mojo

Mojo::IOLoop

Minimalistic Reactor For TCP Clients And Servers

Mojo::JSON

Minimalistic JSON

Mojo::Loader

Loader

Mojo::Log

Simple Logger For Mojo

Mojo::Message

HTTP 1.1 Message Base Class

Mojo::Message::Request

HTTP 1.1 Request Container

Mojo::Message::Response

HTTP 1.1 Response Container

Mojo::Parameters

Parameter Container

Mojo::Path

Path

Mojo::Server

HTTP Server Base Class

Mojo::Server::CGI

CGI Server

Mojo::Server::Daemon

Async IO HTTP 1.1 And WebSocket Server

Mojo::Server::FastCGI

FastCGI Server

Mojo::Server::PSGI

PSGI Server

Mojo::Template

Perlish Templates!

Mojo::Transaction

Transaction Base Class

Mojo::Transaction::HTTP

HTTP 1.1 Transaction Container

Mojo::Transaction::WebSocket

WebSocket Transaction Container

Mojo::URL

Uniform Resource Locator

Mojo::Upload

Upload Container

MojoX::Controller

Controller Base Class

MojoX::Dispatcher::Routes

Routes Dispatcher

MojoX::Dispatcher::Routes::Controller

Controller Base Class

MojoX::Dispatcher::Static

Serve Static Files

MojoX::Renderer

MIME Type Based Renderer

MojoX::Routes

Always Find Your Destination With Routes

MojoX::Routes::Match

Routes Visitor

MojoX::Routes::Pattern

Routes Pattern

MojoX::Session::Cookie

Signed Cookie Based Sessions

MojoX::Session::Cookie::Controller

Controller Base Class

MojoX::Types

MIME Types

Mojolicious

The Web In A Box!

Mojolicious::Command::Generate

Generator Command

Mojolicious::Command::Generate::App

App Generator Command

Mojolicious::Command::Generate::Gitignore

Gitignore Generator Command

Mojolicious::Command::Generate::LiteApp

Lite App Generator Command

Mojolicious::Command::Generate::Makefile

Makefile Generator Command

Mojolicious::Command::Inflate

Inflate Command

Mojolicious::Command::Routes

Routes Command

Mojolicious::Commands

Commands

Mojolicious::Controller

Controller Base Class

Mojolicious::Lite

Micro Web Framework

Mojolicious::Plugin

Plugin Base Class

Mojolicious::Plugin::AgentCondition

Agent Condition Plugin

Mojolicious::Plugin::Charset

Charset Plugin

Mojolicious::Plugin::DefaultHelpers

Default Helpers Plugin

Mojolicious::Plugin::EpRenderer

EP Renderer Plugin

Mojolicious::Plugin::EplRenderer

EPL Renderer Plugin

Mojolicious::Plugin::HeaderCondition

Header Condition Plugin

Mojolicious::Plugin::I18n

Intenationalization Plugin

Mojolicious::Plugin::JsonConfig

JSON Configuration Plugin

Mojolicious::Plugin::PodRenderer

POD Renderer Plugin

Mojolicious::Plugin::PoweredBy

Mojolicious::Plugin::RequestTimer

Request Timer Plugin

Mojolicious::Plugin::TagHelpers

Tag Helpers Plugin

Mojolicious::Plugins

Plugins

Test::Mojo

Testing Mojo!

ojo

Fun Oneliners With Mojo!

Provides

Mojo::DOM::_Collection

in lib/Mojo/DOM.pm

Mojo::JSON::_Bool

in lib/Mojo/JSON.pm

Mojo::Server::PSGI::_Handle

in lib/Mojo/Server/PSGI.pm

Mojolicious::Plugin::I18n::_Handler

in lib/Mojolicious/Plugin/I18n.pm

Examples

Other files

To install Mojolicious, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Mojolicious

CPAN shell

perl -MCPAN -e shell
install Mojolicious

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.999930 - 2010-10-18

Documentation

Modules

Provides

Examples

Other files

Module Install Instructions

Keyboard Shortcuts