Mojolicious-3.78

Security Advisories (10)

CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

https://github.com/mojolicious/mojo/pull/1791

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CVE-2020-36829 (2020-11-10)

Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.

https://github.com/mojolicious/mojo/pull/1601

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

https://github.com/mojolicious/mojo/commit/a815d4797145f872ef6e9f1270841eda1d410afb

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

Changes for version 3.78 - 2013-01-13

Added to_dir method to Mojo::Path.
Improved documentation.
Improved tests.
Fixed domain and path detection bugs in Mojo::UserAgent::CookieJar.
Fixed IDNA support in Mojo::UserAgent::CookieJar.

Documentation

Mojolicious::Guides

Mojolicious guide to the galaxy

Mojolicious::Guides::Contributing

Contributing to Mojolicious

Mojolicious::Guides::Cookbook

Cookbook

Mojolicious::Guides::FAQ

Frequently Asked Questions

Mojolicious::Guides::Growing

Growing

Mojolicious::Guides::Rendering

Rendering

Mojolicious::Guides::Routing

Routing

hypnotoad

Hypnotoad HTTP and WebSocket server

mojo

The Mojolicious command system

morbo

Morbo HTTP and WebSocket development server

Modules

Mojo

Duct tape for the HTML5 web!

Mojo::Asset

HTTP content storage base class

Mojo::Asset::File

File storage for HTTP content

Mojo::Asset::Memory

In-memory storage for HTTP content

Mojo::Base

Minimal base class for Mojo projects

Mojo::ByteStream

ByteStream

Mojo::Cache

Naive in-memory cache

Mojo::Collection

Collection

Mojo::Content

HTTP content base class

Mojo::Content::MultiPart

HTTP multipart content

Mojo::Content::Single

HTTP content

Mojo::Cookie

HTTP cookie base class

Mojo::Cookie::Request

HTTP request cookie

Mojo::Cookie::Response

HTTP response cookie

Mojo::DOM

Minimalistic HTML/XML DOM parser with CSS selectors

Mojo::DOM::CSS

CSS selector engine

Mojo::DOM::HTML

HTML/XML engine

Mojo::Date

HTTP date

Mojo::EventEmitter

Event emitter base class

Mojo::Exception

Exceptions with context

Mojo::Headers

Headers

Mojo::HelloWorld

Hello World!

Mojo::Home

Home sweet home!

Mojo::IOLoop

Minimalistic event loop

Mojo::IOLoop::Client

Non-blocking TCP client

Mojo::IOLoop::Delay

Control the flow of events

Mojo::IOLoop::Server

Non-blocking TCP server

Mojo::IOLoop::Stream

Non-blocking I/O stream

Mojo::JSON

Minimalistic JSON

Mojo::JSON::Pointer

JSON Pointers

Mojo::Loader

Loader

Mojo::Log

Simple logger

Mojo::Message

HTTP message base class

Mojo::Message::Request

HTTP request

Mojo::Message::Response

HTTP response

Mojo::Parameters

Parameters

Mojo::Path

Path

Mojo::Reactor

Low level event reactor base class

Mojo::Reactor::EV

Low level event reactor with libev support

Mojo::Reactor::Poll

Low level event reactor with poll support

Mojo::Server

HTTP server base class

Mojo::Server::CGI

CGI server

Mojo::Server::Daemon

Non-blocking I/O HTTP and WebSocket server

Mojo::Server::Hypnotoad

ALL GLORY TO THE HYPNOTOAD!

Mojo::Server::Morbo

DOOOOOOOOOOOOOOOOOOM!

Mojo::Server::PSGI

PSGI server

Mojo::Template

Perl-ish templates!

Mojo::Transaction

Transaction base class

Mojo::Transaction::HTTP

HTTP transaction

Mojo::Transaction::WebSocket

WebSocket transaction

Mojo::URL

Uniform Resource Locator

Mojo::Upload

Upload

Mojo::UserAgent

Non-blocking I/O HTTP and WebSocket user agent

Mojo::UserAgent::CookieJar

Cookie jar for HTTP user agents

Mojo::UserAgent::Transactor

User agent transactor

Mojo::Util

Portable utility functions

Mojolicious

Real-time web framework

Mojolicious::Command

Command base class

Mojolicious::Command::cgi

CGI command

Mojolicious::Command::cpanify

Cpanify command

Mojolicious::Command::daemon

Daemon command

Mojolicious::Command::eval

Eval command

Mojolicious::Command::generate

Generator command

Mojolicious::Command::generate::app

App generator command

Mojolicious::Command::generate::lite_app

Lite app generator command

Mojolicious::Command::generate::makefile

Makefile generator command

Mojolicious::Command::generate::plugin

Plugin generator command

Mojolicious::Command::get

Get command

Mojolicious::Command::inflate

Inflate command

Mojolicious::Command::psgi

PSGI command

Mojolicious::Command::routes

Routes command

Mojolicious::Command::test

Test command

Mojolicious::Command::version

Version command

Mojolicious::Commands

Command line interface

Mojolicious::Controller

Controller base class

Mojolicious::Lite

Real-time micro web framework

Mojolicious::Plugin

Plugin base class

Mojolicious::Plugin::Charset

Charset plugin

Mojolicious::Plugin::Config

Perl-ish configuration plugin

Mojolicious::Plugin::DefaultHelpers

Default helpers plugin

Mojolicious::Plugin::EPLRenderer

Embedded Perl Lite renderer plugin

Mojolicious::Plugin::EPRenderer

Embedded Perl renderer plugin

Mojolicious::Plugin::HeaderCondition

Header condition plugin

Mojolicious::Plugin::JSONConfig

JSON configuration plugin

Mojolicious::Plugin::Mount

Application mount plugin

Mojolicious::Plugin::PODRenderer

POD renderer plugin

Mojolicious::Plugin::PoweredBy

Mojolicious::Plugin::RequestTimer

Request timer plugin

Mojolicious::Plugin::TagHelpers

Tag helpers plugin

Mojolicious::Plugins

Plugin manager

Mojolicious::Renderer

Generate dynamic content

Mojolicious::Routes

Always find your destination with routes!

Mojolicious::Routes::Match

Routes visitor

Mojolicious::Routes::Pattern

Routes pattern engine

Mojolicious::Routes::Route

Route

Mojolicious::Sessions

Signed cookie based session manager

Mojolicious::Static

Serve static files

Mojolicious::Types

MIME types

Test::Mojo

Testing Mojo!

ojo

Fun oneliners with Mojo!

Provides

Mojo::JSON::_Bool

in lib/Mojo/JSON.pm

Mojo::Server::PSGI::_IO

in lib/Mojo/Server/PSGI.pm

Examples

Other files

To install Mojolicious, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Mojolicious

CPAN shell

perl -MCPAN -e shell
install Mojolicious

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)