From f9f3ab3056d94292adb4ab2e1451645bee989769 Mon Sep 17 00:00:00 2001
From: Lorry Tar Creator <lorry-tar-importer@lorry>
Date: Tue, 16 Jun 2015 06:44:29 +0000
Subject: CGI-4.21

---
 Changes | 2132 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 2132 insertions(+)
 create mode 100644 Changes

(limited to 'Changes')

diff --git a/Changes b/Changes
new file mode 100644
index 0000000..8301d6d
--- /dev/null
+++ b/Changes
@@ -0,0 +1,2132 @@
+4.21 2015-06-16
+
+    [ RELEASE NOTES ]
+    - CGI.pm is now considered "done". See also "mature" and "legacy"
+      Features requests and none critical issues will be outright rejected.
+      The module is now in maintenance mode for critical issues only.
+
+    - This release removes the AUTOLOAD and compile optimisations from CGI.pm
+      that were introduced into CGI.pm twenty (20) years ago as a response to
+      its large size, which meant there was a significant compile time penalty.
+
+    - This optimisation is no longer relevant and makes the code difficult to
+      deal with as well as making test coverage metrics incorrect. Benchmarks
+      show that advantages of AUTOLOAD / lazy loading / deferred compile are
+      less than 0.05s, which will be dwarfed by just about any meaningful code
+      in a cgi script. If this is an issue for you then you should look at
+      running CGI.pm in a persistent environment (FCGI, etc)
+
+    - To offset some of the time added by removing the AUTOLOAD functionality
+      the dependencies have been made runtime rather than compile time. The
+      POD has also been split into its own file. CGI.pm now contains around
+      4000 lines of code, which compared to some modules on CPAN isn't really
+      that much
+
+    - This essentially deprecates the -compile pragma and ->compile method. The
+      -compile pragma will no longer do anything, whereas the ->compile method
+      will raise a deprecation warning. More importantly this also REMOVES the
+      -any pragma because as per the documentation this pragma needed to be
+      "used with care or not at all" and allowing arbitrary HTML tags is almost
+      certainly a bad idea. If you are using the -any pragma and using arbitrary
+      tags (or have typo's in your code) your code will *BREAK*
+
+    - Although this release should be back compatible (with the exception of any
+      code using the -any pragma) you are encouraged to test it throughly as if
+      you are doing anything out of the ordinary with CGI.pm (i.e. have bugs
+      that may have been masked by the AUTOLOAD feature) you may see some issues.
+
+    - References: GH #162, GH #137, GH #164
+
+    [ SPEC / BUG FIXES ]
+    - make the list context warning in param show the filename rather than
+      the package so we have more information on exactly where the warning
+      has been raised from (GH #171)
+    - correct self_url when PATH_INFO and SCRIPT_NAME are the same but we
+      are not running under IIS (GH #176)
+    - Add the multi_param method to :cgi export (thanks to xblitz for the patch
+      and tests. GH #167)
+    - Fix warning for lack of HTTP_USER_AGENT in CGI::Carp (GH #168)
+    - Fix imports when called from CGI::Fast, restores the import of CGI functions
+      into the callers namespace for users of CGI::Fast (GH leejo/cgi-fast#11 and
+      GH leejo/cgi-fast#12)
+    - Fix regression of tmpFileName when calling with a plain string (GH #178,
+      thanks to Simon McVittie for the report and fix)
+
+    [ FEATURES ]
+    - CGI::Carp now has $CGI::Carp::FULL_PATH for displaying the full path to the
+      offending script in error messages
+    - CGI now has env_query_string() for getting the value of QUERY_STRING from
+      the environment and not that fiddled with by CGI.pm (which is what
+      query_string() does) (GH #161)
+    - CGI::ENCODE_ENTITIES var added to control which chracters are encoded by
+      the call to the HTML::Entities module - defaults to &<>"' (GH #157 - the
+      \x8b and \x9b chars have been removed from this list as we are concerned
+      more about unicode compat these days than old browser support.)
+
+    [ DOCUMENTATION ]
+    - Fix some typos (GH #173, GH #174)
+    - All *documentation* for HTML functionality in CGI has been moved into
+      its own namespace: CGI::HTML::Functions - although the functionality
+      continues to exist within CGI.pm so there are no code changes required
+      (GH #142)
+    - Add missing documentation for env variable fetching routines (GH #163)
+
+    [ TESTING ]
+    - Increase test coverage (GH #3)
+
+    [ INTERNALS ]
+    - Cwd made a TEST_REQUIRES rather than a BUILD_REQUIRES in Makefile.PL
+      (GH #170)
+    - AutoloadClass variables have been removed as AUTOLOAD was removed in
+      v4.14 so these are no longer necessary (GH #172 thanks to alexmv)
+    - Remove dependency on constant - internal DEBUG, XHTML_DTD and EBCDIC
+      constants changes to $_DEBUG, $_XHTML_DTD, and $_EBCDIC
+
+4.13 2014-12-18
+
+    [ RELEASE NOTES ]
+    - CGI::Pretty is now DEPRECATED and will be removed in a future release.
+      Please see GH #162 (https://github.com/leejo/CGI.pm/issues/162) for more
+      information and discussion (also GH #140 for HTML function deprecation
+      discussion: https://github.com/leejo/CGI.pm/issues/140)
+
+    [ TESTING ]
+    - fix t\rt-84767.t for failures on Win32 platforms related to file paths
+
+4.11 2014-12-02
+
+    [ SPEC / BUG FIXES ]
+    - more hash key ordering bugs fixed in HTML attribute output (GH #158,
+      thanks to Marcus Meissner for the patch and test case)
+
+    [ REFACTORING ]
+    - escapeHTML (and unescapeHTML) have been refactored to use the functions
+      exported by the HTML::Entities module (GH #157)
+    - change BUILD_REQUIRES to TEST_REQUIRES in Makefile.PL as these are test
+      dependencies not build dependencies (GH #159)
+
+    [ DOCUMENTATION ]
+    - replace any remaining uses of indirect object notation (new Object) with
+      the safer Object->new syntax (GH #156)
+
+4.10 2014-11-27
+
+    [ SPEC / BUG FIXES ]
+    - favour -content-type arg in header if -type and -charset options are also
+      passed in (GH #155, thanks to kaoru for the test case). this change also
+      sorts the hash keys in the rearrange method in CGI::Util meaning the order
+      of the arrangement will always be the same for params that have multiple
+      aliases. really you shouldn't be passing in multiple aliases, but this will
+      make it consistent should you do that
+
+    [ DOCUMENTATION ]
+    - fix some typos
+
+4.09 2014-10-21
+
+    [ RELEASE NOTES ]
+    - with this release the large backlog of issues against CGI.pm has been
+      cleared. All fixes have been made in the versions 4.00 and above so if
+      you are upgrading from 3.* you should thoroughly test your code against
+      recent versions of CGI.pm
+    - an effort has been made to retain back compatibility against previous
+      versions of CGI.pm for any fixes made, however some changes related to
+      the handling of temporary files may have consequences for your code
+    - please refer to the RELEASE NOTES for version 4.00 and above for all
+      recent changes and file an issue on github if there has been a regression.
+    - please do *NOT* file issues regarding HTML generating functions, these
+      are no longer being maintained (see perldoc for rationale)
+
+    [ SPEC / BUG FIXES ]
+    - tweak url to DTRT when the web server is IIS (RT #89827 / GH #152)
+    - fix temporary file handling when dealing with multiple files in MIME uploads
+      (GH #154, thanks to GeJ for the test case)
+
+4.08 2014-10-18
+
+    [ DOCUMENTATION ]
+    - note that calling headers without a -charset may lead to a nonsensical
+      charset being added to certain content types due to the default and the
+      workaround
+    - remove documentation stating that calls to escapeHTML with a changed
+      charset force numeric encoding of all characters, because that does not
+      happen
+    - documentation tweaks for calling param() in list context and the addition
+      of multi_param()
+
+    [ SPEC / BUG FIXES ]
+    - don't sub out PATH_INFO in url if PATH_INFO is the same as SCRIPT_NAME
+      (RT #89827)
+    - add multi_param() method to allow calling of param() in list context
+      without having to disable the $LIST_CONTEXT_WARN flag (see RELEASE NOTES
+      for version 4.05 on why calling param() in list context could be a bad
+      thing)
+
+4.07 2014-10-12
+
+    [ RELEASE NOTES ]
+    - please see changes for v4.05
+
+    [ TESTING ]
+    - typo and POD fixes, add test to check POD and compiles
+
+4.06 2014-10-10
+
+    [ RELEASE NOTES ]
+    - please see changes for v4.05
+
+    [ DOCUMENTATION ]
+    - make warning on list context call of ->param more lenient and don't
+      warn if called with no arguments
+
+4.05 2014-10-08
+
+    [ RELEASE NOTES ]
+    - this release includes *significant* refactoring of temporary file
+      handling in CGI.pm. See "Changes in temporary file handling" in perldoc
+
+    - this release adds a warning for when the param method is called
+      in list context, see the Warning in the perldoc for the section
+      "Fetching the value or values of a single named parameter" for why
+      this has been added and how to disable this warning
+
+    [ DOCUMENTATION ]
+    - change AUTHOR INFORMATION to LICENSE to please Kwalitee
+
+    [ TESTING ]
+    - t/arbitrary_handles.t to check need for patch in RT #54055, it
+      turns out there is no need - the first argument to CGI->new can
+      be an arbitrary handle
+    - add test case for incorrect unescaping of redirect headers
+      (RT #61120)
+    - add tests for the handle method (RT #85074, thanks to TONYC@cpan.org)
+
+    [ SPEC / BUG FIXES ]
+    - don't set binmode on STDOUT/STDERR/STDIN if a none standard layer
+      is already set on them on none UNIX platforms (RT #57524)
+    - make XForms:Model data accesible through POSTDATA/PUTDATA param
+      (RT #75628)
+    - prevent corruption of POSTDATA/PUTDATA when -utf8 flag is used and use
+      tempfiles to handle this data (RT #79102, thanks anonymous)
+    - unescape request URI *after* having removed the query string to prevent
+      removal of ? chars that are part of the original URI (and were encoded)
+      (RT #83265)
+    - fix q( to qq( in CGI::Carp so $@ is correct interpolated (RT #83360)
+    - don't call ->query_string in url unless -query is passed (RT #87790)
+      (optimisation and fits the current documented behaviour)
+
+4.04 2014-09-04
+
+    [ RELEASE NOTES ]
+    - this release removes some long deprecated modules/functions and
+      includes refactoring to the temporary file handling in CGI.pm. if
+      you are doing anything out of the ordinary with regards to temp
+      files you should test your code before deploying this update as
+      temp files may no longer be stored in previously used locations
+
+    [ REMOVED / DEPRECATIONS ]
+    - startform and endform methods removed (previously deprecated, you
+      should be using the start_form and end_form methods)
+    - both CGI::Apache and CGI::Switch have been removed as these modules
+      1) have been deprecated for *years*, and 2) do nothing whatsoever
+
+    [ SPEC / BUG FIXES ]
+    - handle multiple values in X-Forwarded-Host header, we follow the
+      logic in most other frameworks and take the last value from the list
+      (RT #54487)
+    - reverse the order of TEMP dir placement for WINDOWS: TEMP > TMP > WINDIR
+      (RT #71799, thanks to jeff@math.tntech.edu), this returns the behaviour
+      to pre e24d04e9bc5fda7722444b02fec135d8cc2ff488 but with the undefined
+      fix still in place
+    - refactor CGITempFile::find_tempdir to use File::Spec->tmpdir
+      (related: RT #71799)
+    - fix warnings when QUERY_STRING has empty key=value pairs (RT #54511)
+    - pad custom 500 status response messages to > 512 for MSIE (RT #81946)
+    - make Vars tied hash delete method return the value deleted from the hash
+      making it act like perl's delete (RT #51020)
+
+    [ TESTING ]
+    - add .travis.yml (https://travis-ci.org)
+    - test case for RT #53966 - disallow filenames with ~ char
+    - test case for RT #55166 - calling Vars to get the filename does not return
+      a filehandle, so this cannot be used in the call to uploadinfo, also
+      update documentation for the uploadInfo to show that ->Vars should not be
+      used to get the filename for this method
+    - fix t/url.t to pass on Win32 platforms that have the SCRIPT_NAME env
+      variable set (RT #89992)
+    - add procedural call tests for upload and uploadInfo to confirm these work
+      as should (RT #91136)
+
+    [ DOCUMENTATION ]
+    - tweak perldoc for -utf8 option (RT #54341, thanks to Helmut Richter)
+    - explain the HTML generation functions should no longer be used and that
+      they may be deprecated in a future release
+
+4.03 2014-07-02
+
+    [ REMOVED / DEPRECATIONS ]
+    - the -multiple option to popup_menu is now IGNORED as this did not
+      function correctly. If you require a menu with multiple selections
+      use the scrolling_list method. (RT #30057)
+
+    [ SPEC / BUG FIXES ]
+    - support redirects in mod_perl2, or fall back to using env variable
+      for up to 5 redirects, when getting the query string (RT #36312)
+    - CGI::Cookie now correctly supports the -max-age argument, previously
+      if this was passed the value of the -expires argument would be used
+      meaning there was no way to supply *only* this argument (RT #50576)
+    - make :all actually import all methods, except for :cgi-lib, and add
+      :ssl to the :standard import (RT #70337)
+
+    [ DOCUMENTATION ]
+    - clarify documentation regarding query_string method (RT #48370)
+    - links fixed in some perldoc (Thanks to Michiel Beijen)
+
+    [ TESTING ]
+    - add t/changes.t for testing this Changes file
+    - test case for RT #31107 confirming multipart parsing is to spec
+    - improve t/rt-52469.t by adding a timeout check
+
+4.02 2014-06-09
+
+    [ NEW FEATURES ]
+    - CGI::Carp learns noTimestamp / $CGI::Carp::NO_TIMESTAMP to prevent
+      timestamp in messages (RT #82364, EDAVIS@cpan.org)
+    - multipart_init and multipart_start learn -charset option (RT #22737)
+
+    [ SPEC / BUG FIXES ]
+    - Support multiple cookies when passing an ARRAY ref with -set-cookie
+      (RT #15065, JWILLIAMS@cpan.org)
+
+    [ DOCUMENTATION ]
+    - Made licencing information consistent and remove duplicate comments
+      about licence details, corrected location to report bugs (RT #38285)
+
+4.01 2014-05-27
+
+    [ DOCUMENTATION ]
+    - CGI.pm hasn't been removed from core *just* yet, but will be soon:
+      http://perl5.git.perl.org/perl.git/commitdiff/e9fa5a80 
+
+4.00 2014-05-22
+
+    [ INTERNALS ]
+    - CGI::Fast split out into its own distribution, related files and tests removed
+    - developer test added for building with perlbrew
+
+    [ DOCUMENTATION ]
+    - Update perldoc to explain that CGI.pm has been removed from perl core
+    - Make =head2 perldoc less shouty (RT #91140)
+    - Tickets migrated from RT to github issues (both CGI and CGI.pm distributions)
+    - Repointing bugtracker at newly forked github repo and note that Lee Johnson
+      is the current maintainer.
+    - Bump version to 4.00 for clear boundary of above changes
+
+Version 3.65 Feb 11, 2014
+
+    [INTERNALS]
+    - Update Makefile to refine where CGI.pm gets installed 
+      (Thanks to bingo, rjbs: https://github.com/markstos/CGI.pm/pull/30)
+
+Version 3.64 Nov 23, 2013
+
+    [BUG FIXES]
+    - Avoid warning about "undefined variable in user_agent in some cases (RT#72882)
+
+    [INTERNALS]
+    - Avoiding warning about "unitialized value" in when calling user_agent() in some cases. (RT#72882, perl@max-maurer.de)
+    - Update minimum required version in Makefile.PL to 5.8.1. It had already been
+      updated to 5.8.1 in the CGI.pm module in 3.53.
+    - Fix POD errors reported by newer pod2man (Thanks to jmdh)
+    - Typo fixes, (dsteinbrunner).
+    - use deprecate.pm on perls 5.19.0 and later. (rjbs).
+
+    [DOCUMENTATION]    
+    - Update CGI::Cookie docs to reflect that HttpOnly is widely supported now.
+
+
+Version 3.63 Nov 12, 2012
+
+    [SECURITY]
+    - CR escaping for Set-Cookie and P3P headers was improved. There was potential
+      for newline injection in these headers. 
+      (Thanks to anazawa, https://github.com/markstos/CGI.pm/pull/23)
+
+Version 3.62, Nov 9th, 2012
+
+    [INTERNALS]
+    - Changed how the deprecated endform function was defined for compatibility
+      with the development version of Perl. 
+    - Fix failures in t/tmpdir.t when run as root
+      https://github.com/markstos/CGI.pm/issues/22, RT#80659)
+
+    - Made it possible to force a sorted order for things like hash
+      attributes so that tests are not dependent on a particular hash
+      ordering. This will be required in modern perls which will
+      change the ordering per process. (Yves, RT#80659)
+
+Version 3.61 Nov 2nd, 2012
+
+  (No code changes)
+
+  [INTERNALS]
+   - formatting of CGI::Carp documentation was improved. Thanks to benkasminbullock.
+   - un-TODO some tests in t/tmpdir.t that were passing in most cases. 
+     More on this:
+       https://github.com/markstos/CGI.pm/issues/19#
+       https://github.com/markstos/CGI.pm/commit/cc73dc9807b0fabb56b3cdf1a9726588b2eda0f7
+
+Version 3.60 Aug 15th, 2012
+
+  [BUG FIXES]  
+  - In some caes, When unescapeHTML() hit something it didn't recognize with an ampersand and
+    and semicolon, it would throw away the semicolon and ampersand. It now does a better job.
+    of preserving content it doesn't recognize. Thanks to CEBJYRE@cpan.org (RT#75595)
+  - Remove trailing newline after <form> tag inserted by startform and start_form. It can
+    cause rendering problems in some cases. Thanks to SJOHNSTON@cpan.org (RT#67719)
+  - Workaround "Insecure Dependency" warning generated by some versions of Perl (RT#53733).
+    Thanks to degatcpan@ntlworld.com, klchu@lbl.gov and Anonymous Monk 
+
+  [DOCUMENTATION] 
+  - Clarify that when -status is used, the human-readable phase should be included, per RFC 2616.
+    Thanks to SREZIC@cpan.org (RT#76691). 
+
+  [INTERNALS]
+  - More tests for header(), thanks to Ryo Anazawa.
+  - t/url.t has been fixed on VMS. Thanks to cberry@cpan.org (RT#72380)
+  - MANIFEST patched so that t/multipart_init.t is included again. Thanks to shay@cpan.org (RT#76189)
+
+Version 3.59 Dec 29th, 2011
+
+ [BUG FIXES]
+ - We no longer read from STDIN when the Content-Length is not set, preventing
+   requests with no Content-Length from freezing in some cases. This is consistent
+   with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old
+   behavior may have been expected by some command-line uses of CGI.pm.
+   Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details:
+   https://rt.cpan.org/Public/Bug/Display.html?id=52469
+
+ [INTERNALS]
+ - remove tmpdirs more aggressively. Thanks to rjbs (RT#73288)
+ - use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio.
+ - remove use of define(@arr). Thanks to rjbs.
+ - spelling fixes. Thanks to Gregor Herrmann and Alessandro Ghedini.
+ - fix test count and warning in t/fast.t. Thanks to Yanick.
+
+Version 3.58 Nov 11th, 2011
+
+    [DOCUMENTATION]
+    - Clarify that using query_string() only has defined behavior when using the GET method. (RT#60813)
+
+Version 3.57 Nov 9th, 2011
+    [INTERNALS]
+    - test failure in t/fast.t introduced in 3.56 is fixed. (Thanks to zefram and chansen).
+    - Test::More requirement has been bumped to 0.98
+
+Version 3.56 Nov 8th, 2011
+
+    [SECURITY]
+    Use public and documented FCGI.pm API in CGI::Fast
+        CGI::Fast was using an FCGI API that was deprecated and removed from
+        documentation more than ten years ago. Usage of this deprecated API with
+        FCGI >= 0.70 or FCGI <= 0.73 introduces a security issue.
+        <https://rt.cpan.org/Public/Bug/Display.html?id=68380>
+        <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766>
+        (Thanks to chansen)
+
+    [INTERNALS]
+    - tmp files are now cleaned up on VMS ( RT#69210, thanks to cberry@cpan.org )
+    - Fixed test failure: done_testing() added to url.t (Thanks to Ryan Jendoubi)
+    - Clarify preferred bug submission location in docs, and note that Mark Stosberg
+      is the current maintainer.
+
+Version 3.55 June 3rd, 2011
+
+    [THINGS THAT MAY BREAK YOUR CODE]
+    url() was fixed to return "PATH_INFO" when it is explicitly requested 
+    with either the path=>1 or path_info=>1 flag. 
+
+    If your code is running under mod_rewrite (or compatible) and you are calling self_url() or
+    you are calling url() and passing path_info=>1, These methods will actually be
+    returning PATH_INFO now, as you have explicitly requested, or has self_url()
+    has requested on your behalf.
+
+    The PATH_INFO has been omitted in such URLs since the issue was introduced
+    in the 3.12 release in December, 2005. 
+
+    This bug is so old your application may have come to depend on it or
+    workaround it. Check for application before upgrading to this release. 
+
+    Examples of affected method calls:
+
+     $q->url(-absolute => 1, -query => 1, -path_info => 1 ) 
+     $q->url(-path=>1)
+     $q->url(-full=>1,-path=>1) 
+     $q->url(-rewrite=>1,-path=>1)
+     $q->self_url();
+
+Version 3.54, Apr 28, 2011
+   No code changes
+
+   [INTERNALS]
+   - Address test failures in t/tmpdir.t, thanks to Niko Tyni.
+     Some tests here are failing on some platforms and have been marked as TODO.
+
+Version 3.53, Apr 25, 2011
+  
+  [NEW FEATURES]
+  - The DELETE HTTP verb is now supported. 
+    (RT#52614, James Robson, Eduardo Ari�o de la Rubia) 
+
+  [INTERNALS]  
+  - Correct t/tmpdir.t MANIFEST entry. (RT#64949)
+  - Update minimum required Perl version to be Perl 5.8.1, which
+    has been out since 2003. This allows us to drop some hacks
+    and exceptions (Mark Stosberg)
+
+Version 3.52, Jan 24, 2011
+  
+  [DOCUMENTATION]
+  - The documentation for multi-line header handling was been updated to reflect
+    the changes in 3.51. (Mark Stosberg, ntyni@iki.fi) 
+
+  [INTERNALS]
+  - Add missing t/tmpfile.t file. (RT#64949)  
+  - Fix warning in t/cookie.t (RT#64570, Chris Williams, Rainer Tammer, Mark Stosberg)     
+  - Fixed logic bug in t/multipart_init.t (RT#64261, Niko Tyni)
+
+Version 3.51, Jan 5, 2011
+
+  [NEW FEATURES]  
+  - A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to explicitly  
+    exclude a particular scope from triggering printing to the browser when
+    fatatlsToBrowser is set. (RT#62783, Thanks to papowell) 
+  - The <script> tag now supports the "charset" attribute. 
+    (RT#62907, Thanks to Fabrice Metge)
+  - In CGI::Cookie, "Max-Age" is now supported for better spec compliance. 
+    (Mark Stosberg)
+
+  [BUG FIXES]  
+  - Setting charset() now works for all content types, not just "text/*". 
+    (RT#57945, Thanks to Yanick and Gerv.)
+  - support for user temporary directories ($HOME/tmp) was commented out
+    in 2.61 but the documentation wasn't updated (Peter Gervai, Niko Tyni)
+  - setting $CGITempFile::TMPDIRECTORY before loading CGI.pm has been
+    working but undocumented since 3.12 (which listed it in Changes as
+    $CGI::TMPDIRECTORY) (Peter Gervai, Niko Tyni)
+  - unfortunately the previous change broke the runtime check for looking
+    for a new temporary directory if the current one suddenly became
+    unwritable (Peter Gervai, Niko Tyni)
+  - A bug was fixed in CGI::Carp triggered by certain death cases in
+    the BEGIN phase of parent classes. 
+    (RT#57224, Thanks to UNERA, Yanick Champoux, Mark Stosberg)
+  - CGI::Cookie->new() now follows the documentation and returns undef 
+    if the -name and -value args aren't provided. This new behavior is also
+    consistent with the docs and code of CGI::Simple::Cookie. (Mark Stosberg)
+  - CGI::Cookie->parse() now trims leading and trailing whitespace from cookie  
+    elements as intended. The change also makes this part of the parsing 
+    identical to CGI::Simple::Cookie (Mark Stosberg) 
+  - Temp file handling was improved (RT#62762)  
+
+  [SECURITY]
+  - Further improvements have been made to guard against newline injections
+    in headers. (Thanks to Max Kanat-Alexander, Yanick Champoux, Mark Stosberg)
+
+  [PERFORMANCE]
+  - Make EBCDIC a compile-time constant so there's zero overhead (and less
+    compiled code) in subroutines that test for it. (Tim Bunce) 
+  - If you just want to use CGI::Cookie, CGI.pm will no longer be loaded
+    unless you call the bake() method, which requires it. (Mark Stosberg)
+
+  [DOCUMENTATION]
+  - quit referring to the <link> tag as being "rarely used".  (Victor Sanders)
+  - typo and whitespace fixes (RT#62785, thanks to  scop@cpan.org) 
+  - The -dtd argument to start_html() is now documented 
+    (RT#60473, Thanks to giecrilj and steve@fisharerojo.org) 
+  - CGI::Carp doc are updated to reflect that it can work with mod_perl 2.0. 
+  - when creating a temporary file in the directory fails, the error message
+    could indicate the root of the problem better (Peter Gervai, Niko Tyni)
+
+  [INTERNALS]
+  - Re-fixing https test in http.t. (RT#54768, thanks to SPROUT)
+  - param_fetch no longer triggers a warning when called with no arguments (ysth, Mark Stosberg)
+
+Version 3.50, Nov 8, 2010
+  
+  [SECURITY]
+  1. The MIME boundary in multipart_init is now random. 
+     Thanks to Byron Jones, Masahiro Yamada, Reed Loden, and  Mark Stosberg
+  2. Further improvements to handling of newlines embedded in header values. 
+     An exception is thrown if header values contain invalid newlines. 
+     Thanks to Michal Zalewski, Max Kanat-Alexander, Yanick Champoux,
+     Lincoln Stein, Fr�d�ric Buclin and Mark Stosberg
+
+  [DOCUMENTATION]
+  1. Correcting/clarifying documentation for param_fetch(). Thanks to 
+        Ren�e B�cker. (RT#59132)
+
+  [INTERNALS]
+  1. Fixing https test in http.t. (RT#54768)
+  2. Tests were added for multipart_init(). Thanks to Mark Stosberg and CGI::Simple. 
+
+Version 3.49, Feb 5th, 2010
+
+  [BUG FIXES]
+  1. Fix a regression since 3.44 involving a case when the header includes "Content-Length: 0". 
+     Thanks to Alex Vandiver (RT#51109)
+  2. Suppress uninitialized warnings under -w. Thanks to burak.  (RT#50301)
+  3. url() now uses virtual_port() instead of server_port(). Thanks to MKANAT and Yanick Champoux. (RT#51562)
+  4. CGI::Carp now properly handles stringifiable objects, like Exception::Class throws (RT#39904)
+
+  [SECURITY]
+  1. embedded newlines are now filtered out of header values in header(). 
+     Thanks to Mark Stosberg and Yanick Champoux.
+
+  [DOCUMENTATION]
+  1. README was updated to reflect that CGI.pm was moved under ./lib. 
+     Thanks to Alex Vandiver.
+
+  [INTERNALS]
+  1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
+  2. Attempt to avoid test failures with t/fast, thanks to Steve Hay. (RT#49599)
+
+Version 3.48, Sep 25, 2009
+
+  [BUG FIXES]
+  1. <optgroup> default values are now properly escaped.
+     Thanks to #raleigh.pm and Mark Stosberg. (RT#49606)
+  2. The change to exception handling in CGI::Carp introduced in 3.47 has been
+     reverted for now. It caused regressions reported in RT#49630. 
+     Thanks to mkanat for the report.
+
+  [DOCUMENTATION]
+  1. Documentation for upload() has been overhauled, thanks to Mark Stosberg. 
+  2. Documentation for tmpFileName has been added. Thanks to Mark Stosberg and Nathaniel K. Smith.
+  3. URLS were updated, thanks to Leon Brocard and Yanick Champoux. (RT#49770)
+
+  [INTERNALS]
+  1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
+
+Version 3.47,  Sep 9, 2009
+
+  No code changes. 
+
+  [INTERNALS]
+    Re-release of 3.46, which did not contain a proper MANIFEST
+
+Version 3.46
+
+  [BUG FIXES]
+  1. In CGI::Pretty, we no longer add line breaks after tags we claim not to format. Thanks to rrt, Bob Kuo and
+     and Mark Stosberg. (RT#42114).
+  2. unescapeHTML() no longer falsely recognizes certain text as entities. Thanks to Pete Gamanche, Mark Stosberg
+     and Bob Kuo. (RT#39122)
+  3. checkbox_group() now correctly includes a space before the "checked" attribute.
+     Thanks to Andrew Speer and Bob Kuo. (RT#36583)
+  4. Fix case-sensitivity in http() and https() according to docs. Make https()
+     return list of keys in list context. Thanks to riQyRoe and Rhesa Rozendaal. (RT#12909)
+  5. XHTML is now automatically disabled for HTML 4, as well as HTML 2 and HTML 3. Thanks to
+     Dan Harkless and Yanick Champoux. (RT#27907)
+  6. Pre-compiling 'end_form' with ':form' switch now works. Thanks to ryochin and Yanick Champoux. (RT#41530)
+  7. Empty name/values pairs are now properly saved and restored from filehandles. Thanks to rlucas and
+     Rhesa Rozendaal (RT#13158)
+  8. Some differences between startform() and start_form() have been fixed. Thanks to Slaven Rezic and
+     Shawn Corey. (RT#22046)
+  9. url_param() has been updated to be more consistent with the documentation and param().
+     Thanks to Britton Kerin and Yanick Campoux. (RT#43587)
+  10.hidden() now correctly supports multiple default values.
+     Thanks to david@dierauer.net and Russell Jenkins. (RT#20436)
+  11.Calling CGI->new() no longer clobbers the value of $_ in the current scope.
+     Thanks to Alexey Tourbin, Bob Kuo and Mark Stosberg. (RT#25131)
+  12.UTF-8 params should not get double-decoded now.
+     Thanks to Yves, Bodo, Burak G�rsoy, and Michael Schout. (RT#19913)
+  13.We now give objects passed to CGI::Carp::die a chance to be stringified.
+     Thanks to teek and Yanick Champoux (RT#41530)
+  14.Turning off autoEscape() now only affects the behavior of built-in HTML
+     generation fuctions. Explicit calls to escapeHTML() always escape HTML regardless
+     of the setting. Thanks to vindex, Bob Kuo and Mark Stosberg (RT#40748)
+  15.In CGI::Fast, preferences set via pragmas are now preserved.
+     Thanks to heinst and Mark Stosberg (RT#32119)
+
+  [DOCUMENTATION]
+  1. remote_addr() is now documented. Thanks to Yanick Champoux. (RT#38884)
+  2. In CGI::Pretty in the list of tags left unformatted was updated to match the code. Thanks to Mark Stosberg. (RT#42114)
+  3. In CGI::Pretty, performance concerns are now documented. Thanks to Jochen, Rhesa Rozendaal and Mark Stosberg (RT#13223)
+  4. A number of outdated Netscape references have been removed. Thanks to Mark Stosberg.
+  5. The documentation has been purged of examples of using indirect object notation. Thanks to Mark Stosberg.
+  6. Some POD formatting was fixed. Thanks to Dave Mitchell (RT#48935).
+  7. Docs and examples were updated to highlight start_form instead of startform.
+     Thanks to Slaven Rezic.
+  8. Note that CGI::Carp::carpout() doesn't work with in-memory filehandles. 
+     Thanks to rhubbell and Mark Stosberg. 
+  9. The documentation for the -newstyle_urls is now less confusing.
+     Thanks to Ryan Tate and Mark Stosberg (RT#49454)
+
+  [INTERNALS]
+  1. Quit bundling an ancient copy of Test::More and and using a custom 'lib' path for the tests. Instead, Test::More
+     is now a dependency. Thanks to Ansgar and Mark Stosberg (RT#48811)
+  2. Automated tests for hidden() have been added, thanks to Russel Jenkins and Mark Stosberg (RT#20436)
+  3. t/util.t has been updated to use Test::More instead of a home-grown test function. Thanks to Bob Kuo.
+
+Version 3.45, Aug 14, 2009
+
+  [BUG FIXES]
+  1. Prevent warnings about "uninitialized values" for REQUEST_URI, HTTP_USER_AGENT and other environment variables.
+     Patches by Callum Gibson, heiko and Mark Stosberg. (RT#24684, RT#29065)
+  2. Avoid death in some cases when running under Taint mode on Windows.
+     Patch by Peter Hancock (RT#43796)
+  3. Allow 0 to be used as a default value in popup_menu(). This was broken starting in 3.37.
+     Thanks to Haze, who was the first to report this and supply a patch, and pfschill, who pinpointed
+     when the bug was introduced. A regression test for this was also added. (RT#37908)
+  4. Allow "+" as a valid character in file names, which fixes temp file creation on OS X Leopard.
+     Thanks to Andy Armstrong, and alech for patches. (RT#30504)
+  5. Set binmode() on the Netware platform, thanks to Guenter Knauf (RT#27455)
+  6. Don't allow a CGI::Carp error handler to die recursively. Print a warning and exit instead.
+     Thanks to Marc Chantreux. (RT#45956)
+  7. The Dump() method now is fixed to escape HTML properly. Thanks to Mark Stosberg (RT#21341)
+  8. Support for <optgroup> with scrolling_list() now works the same way as it does for popup_menu().
+     Thanks to Stuart Johnston (RT#30097)
+  9. CGI::Pretty now works properly when $" is set to ''. Thanks to Jim Keenan (RT#12401)
+ 10. Fix crash when used in combination with PerlEx::DBI. Thanks to Burak G�rsoy (RT#19902)
+
+  [DOCUMENTATION]
+  1. Several typos were fixed, Thanks to ambs. (RT#41105)
+  2. A typo related to the nosticky pragma was fixed, thanks to Britton Kerin. (RT#43220)
+  3. examples/nph-clock.cgi is now more portable, by calling localtime() rather than `/bin/date`,
+     thanks to Guenter Knauf. (RT#27456).
+  4. In CGI::Carp, the SEE ALSO section was cleaned up, thanks to Slaven Rezic. (RT#32769)
+  5. The docs for redirect() were updated to reflect that most headers are
+     ignored during redirection. Thanks to Mark Stosberg (RT#44911)
+
+  [INTERNALS]
+  1. New t/unescapeHTML.t test script has been added. It includes a TODO test for a pre-existing
+     bug which could use a patch. Thanks to Pete Gamache and Mark Stosberg (RT#39122)
+  2. New test scripts have been added for user_agent(), popup_menu() and query_string(), scrolling_list() and Dump()
+     Thanks to Mark Stosberg and Stuart Johnston. (RT#37908, RT#43006, RT#21341, RT#30097)
+  3. CGI::Carp and CGI::Util have been updated to have non-developer version numbers.
+     Thanks to Slaven Rezic. (RT#48425)
+  4. CGI::Switch and CGI::Apache now properly set their VERSION in their own name space.
+     Thanks to Alexey Tourbin (RT#11941,RT#11942)
+
+Version 3.44, Jul 30, 2009
+
+  1. Patch from Kurt Jaeger to allow HTTP PUT even if the content length is unknown.
+  2. Patch from Pavel merdin to fix a problem for one of the FireFox addons.
+  3. Fixed issue in mod_perl & fastCGI environment of cookies returned from
+     CGI->cookie() leaking from one session to another.
+
+Version 3.43, Apr 06, 2009
+
+  1. Documentation patch from MARKSTOS@cpan.org to replace all occurrences of
+  "new CGI" with CGI->new()" to reflect best perl practices.
+  2. Patch from Stepan Kasal to fix utf-8 related problems in perl 5.10
+
+Version 3.42, Sep 08, 2008
+
+  1. Added patch from Renee Baecker that makes it possible to subclass
+  CGI::Pretty.
+  2. Added patch from Nicholas Clark to allow ~ characters in temporary directories.
+  3. Added patch from Renee Baecker that fixes the inappropriate escaping of fields
+     in multipart headers.
+
+Version 3.41, Aug 25, 2008
+
+  1. Fix url() returning incorrect path when query string contains escaped newline.
+  2. Added additional windows temporary directories and environment variables, courtesy patch from Renee Baecker
+  3. Added a handle() method to the lightweight upload
+  filehandles. This method returns a real IO::Handle object.
+  4. Added patch from Tony Vanlingen to fix deep recursion warnings in CGI::Pretty.
+
+Version 3.40, Aug 06, 2008
+
+  1. Fixed CGI::Fast docs to eliminate references to a "special"
+  version of Perl.
+  2. Makefile.PL now depends on FCGI so that CGI::Fast installs properly.
+  3. Fix script_name() call from Stephane Chazelas.
+
+Version 3.39, Jun 29, 2008
+
+  1. Fixed regression in "exists" function when using tied interface to CGI via $q->Vars.
+
+Version 3.38, Jun 25, 2008
+
+  1. Fix annoying warning in http://rt.cpan.org/Ticket/Display.html?id=34551
+  2. Added nobr() function http://rt.cpan.org/Ticket/Display.html?id=35377
+  3. popup_menu() allows multiple items to be selected by default, satisfying
+   http://rt.cpan.org/Ticket/Display.html?id=35376
+  4. Patch from Renee Backer to avoid doubled <http-equiv> headers.
+  5. Fixed documentation bug that describes what happens when a
+  parameter is empty (e.g. "?test1=").
+  6. Fixed minor warning described at http://rt.cpan.org/Public/Bug/Display.html?id=36435
+  7. Fixed overlap of attribute and parameter space described in http://rt.perl.org/rt3//Ticket/Display.html?id=24294
+
+Version 3.37, Apr 22, 2008
+
+  1. Fix pragmas so that they persist over modperl invocations (e.g. RT 34761)
+  2. Fixed handling of chunked multipart uploads; thanks to Michael Bernhardt
+     who reported and fixed the problem.
+
+Version 3.36
+
+  1. Fix CGI::Cookie to support cookies that are separated by "," instead of ";".
+
+Version 3.35, Mar 27, 2008
+
+  1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames.
+
+Version 3.34, Mar 18, 2008
+
+  1. Handle Unicode %uXXXX  escapes properly -- patch from DANKOGAI@cpan.org
+  2. Fix url() method to not choke on path names that contain regex characters.
+
+Version 3.33, Jan 02, 2008
+
+  1. Remove uninit variable warning when calling url(-relative=>1)
+  2. Fix uninit variable warnings for two lc calls
+  3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10
+
+Version 3.32, Dec 27, 2007
+
+  1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0
+
+Version 3.31, Nov 30, 2007
+
+  1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code.
+  2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works.
+  3. Possibly fixed "wrapped pack" error on 5.10 and higher.
+
+Version 3.30 
+
+  1. Patch from Mike Barry to handle POSTDATA in the same way as PUT.
+  2. Patch from Rafael Garcia-Suarez to correctly reencode unicode values as byte values.
+
+Version 3.29, Apr 16, 2007
+
+  1. The position of file handles is now reset to zero when CGI->new is called.
+    (Mark Stosberg)
+  2. uploadInfo() now works across multiple object instances. Also, the first
+     tests for uploadInfo() were added as part of the fix. (CPAN bug 11895, with
+     contributions from drfrench and Mark Stosberg).
+
+Version 3.28, Mar 29, 2007
+
+  1. Applied patch from Allen Day that makes Cookie parsing RFC2109 compliant
+	(attribute/values can be separated by commas as well as semicolons).
+  2. Applied patch from Stephan Struckmann that allows script_name() to be set correctly.
+  3. Fixed problem with url(-full) in which port number appears twice.
+
+Version 3.27, Feb 27, 2007
+
+  1. Applied patch from Steve Taylor that allows checkbox_groups to be
+  disabled with a new -disabled=> option.
+
+Version 3.26
+
+  1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations.
+  2. Patch from John Binns to allow users to provide a callback to CGI::Carp.
+  3. Added "~" as an unreserved character in escape().
+  4. Patch from Chris Fedde to prevent HTTP_HOST from inhibiting SERVER_PORT in url() generation.
+  5. Fixed outdated documentation (and behavior) of -language in start_html -script option.
+  6. Fixed bug in seconds calculation in CGI::Util::expire_calc.
+
+Version 3.25, Sep 28, 2006
+
+  1. Fixed the link to the Netscape frames page.
+  2. Added ability to specify an alternate stylesheet.
+  3. Add support for XForms POST submssion both as application/xml or as multipart/related
+
+Version 3.24
+
+  1. In startform(), if request_uri() returns undef, then falls back
+  to self_url(). This should rarely happen except when run outside of
+  the CGI environment.
+  2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail.
+
+Version 3.23, Aug 23, 2006
+
+  1. Typo in upload() persisted, now fixed for real. Thanks to
+  Emanuele Zeppieri for correct patch and regression test.
+
+Version 3.22, Aug 23, 2006
+
+  1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126).
+
+Version 3.21, Aug 21, 2006
+
+  1. Don't try to read data at all when POST > $POST_MAX.
+  2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely.
+  3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694).
+  4. Incorporated patch from BURAK@cpan.org to support HTTPcookies (CPAN bug 21019).
+
+Version 3.20
+
+  1. Patch from David Wheeler for CGI::Cookie->bake(). Uses mod_perl headers_out->add()
+	rather than headers_out->set().
+  2. Fixed problem identified by Andrei Voronkov in which start_form() output was screwed
+	up when initial argument begins with a dash and subsequent arguments do not.
+  3. Quashed uninitialized variable warnings coming from script_name(), url() and other
+        functions that require access to the PATH_INFO environment variable.
+
+Version 3.19
+
+  1. Added patch from Stephen Frost that allows one to suppress use of the temp file that is
+	created during uploads.
+  2. Fixed problem noted by Martin Foster in which regular expression meta-character terms
+	in the path information were not quoted, causing URL parsing
+	to fail on URLs that contained metacharacters (such as +).
+  3. More fixes to the url() method.
+  4. Removed "hack to fix broken PATH_INFO in MSII".
+
+Version 3.18
+
+  1.  Doc typo fixes.
+  2.  Patch from Steve Peters to default the document type to match the charset.
+  3.  Fixed param() so that param(-name=>'foo',-values=>[]) sets the parameter to empty list.
+
+Version 3.17, Feb 24, 2006
+
+   1. Added patch from Mike Hanafey which caused 0 arguments to CGI::Cookie->new() to
+	be treated as empty.
+   2. Patch to CGI::Carp from Peter Whaite to fix the unfixable problem of CGI::Carp
+     not behaving correctly in an eval() context.
+   3. CGI::Fast->new() calls CGI->_reset_globals to avoid contamination of one session
+	with another's variables.
+   4. Fixed upload failure on files that contain semicolons in their names.
+
+Version 3.16, Feb 8, 2006
+
+   1. header() -charset option now works even when the MIME type is not "text".
+   2. Fixed documentation for cookie() function and fastCGI.
+   3. Upload filehandles now only closed automatically on Windows systems.
+   4. Apache::Cookie compatibility fix from David Wheeler
+   5. CGI::Carp->fatalsToBrowser() does not work correctly with
+	mod_perl 2. No workaround is known.
+   6. Fixed text status code associated with 302 redirects. Should be "Found"
+	but was "Moved".
+   7. Fixed charset in start_html() and header() to be in synch.
+
+Version 3.15, Dec 7, 2005
+
+   1. Remove extraneous "?" from self_url() when URI contains a ? but no query string.
+
+Version 3.14, Dec 6,  2005
+
+   1. Fixed broken scrolling_list() select attribute.
+
+Version 3.13, Dec 4, 2005
+
+    1. Removed extraneous empty "?" from end of self_url().
+
+Version 3.12, Dec 4, 2005
+
+    1. Fixed virtual_port so that it works properly with https protocol.
+    2. Fixed documentation for upload_hook().
+    3. Added POSTDATA documentation.
+    4. Made upload_hook() work in function-oriented mode.
+    5. Fixed POST_MAX behavior so that it doesn't cause client to hang.
+    6. Disabled automatic tab indexes and added new -tabindex pragma to
+	turn automatic indexes back on.
+    7. The url() and self_url() methods now work better in the context of Apache
+       mod_rewrite. Be advised that path_info() may give you confusing results
+       when mod_rewrite is active because Apache calculates the path info *after*
+       rewriting. This is mostly worked around in url() and self_url(), but you
+       may notice some anomalies.
+    8. Removed empty (and non-validating) <div> from code emitted by end_form().
+    9. Fixed CGI::Carp to work correctly with Mod_perl 1.29 in an Apache 2 environment.
+   10. Setting $CGI::TMPDIRECTORY should now be effective.
+
+Version 3.11, Aug 3, 2005
+
+    1. Killed warning in CGI::Cookie about MOD_PERL_API_VERSION
+    2. Fixed append() so that it works in function mode.
+    3. Workaround for a bug that appears in Apache2 versions through 2.0.54
+       in which SCRIPT_NAME and PATH_INFO are incorrect if the additional path_info
+       contains a double slash. This workaround will handle the common case of
+       http://mysite.com/cgi-bin/log.cgi/http://www.some.other.site/args, but will
+       not handle the uncommon case of a ScriptAlias directive that adds additional
+       path information to the end of the translated URI.
+
+Version 3.10, May 13, 2005
+
+    1. Added Apache2::RequestIO, which is necessary for mp2 interoperability.
+
+Version 3.09, May 5, 2005
+
+    1. Fixed tabindex="0" when using CGI to create forms without a prior start_html
+    2. Removed warning about non-numeric MOD_PERL_API_VERSION.
+
+Version 3.08, Apr 20, 2005
+
+    1. update support for mod_perl 2.0.  versions prior to
+       mod_perl 1.999_22 (2.0.0-RC5) are no longer supported.
+
+Version 3.07, Mar 14, 2005
+
+    1. Fixed typo in mod_perl detection.
+
+Version 3.06, Mar 09, 2005
+
+    1. Fixed bare call to script() in start_html
+    2. Moved Fh::DESTROY out of autoloaded functions so as to avoid
+       clobbering $@ when CGI functions are executed in an eval{}
+       context.
+    3. mod_perl 2.0 version detection patch in CGI::Cookie provided by
+       Allen Day.
+    4. autoEscape() flag is now respected when generating extra
+       attributes.
+    5. Tests for *tag start/end generation from Shlomi Fish.
+    6. Support for can() method provided by Ron Savage.
+    7. Fix for lang='' when outputting XHTML.
+    8. Added support for chunked transfer encoding, as suggested by
+	Hakan Ardo
+    9. Fixed clobbering of row and column headers in tableized radio
+	and checkbox groups, as reported by Nicolas Thierry-Mieg.
+   10. <Label> tags are now associated with form elements, as suggested
+	by accessibility guidelines.
+   11. The <?xml> directive produced by start_html is now turned off by
+        default and the charset is specified in a <meta> directive.  Apparently
+        IE6 (and maybe some versions of Opera) were getting confused by this.
+   12. Support for tab indexes.
+   13. Retired the HTML docs.  The POD docs are now primary documentation.
+   14. CGI::Carp now correctly detects and handles Apache::Dispatch.
+   15. CGI::Util::utf8_chr now correctly sets the UTF8 flag on 5.006 or
+	higher perls (fix courtesy Slaven Rezic).
+
+
+Version 3.05, Apr 12, 2004
+
+    1. Fixed uninitialized variable warning on start_form() when running
+       from command line.
+    2. Fixed CGI::_set_attributes so that attributes with a - are handled
+       correctly.
+    3. Fixed CGI::Carp::die() so as to avoid problems from _longmess()
+       clobbering @_.
+    4. If HTTP_X_FORWARDED_HOST is defined (i.e. running under a proxy),
+       the various functions that return HOST will use that instead.
+    5. Fix for undefined utf8() call in CGI::Util.
+    6. Changed the call to warningsToBrowser() in
+       CGI::Carp::fatalsToBrowser to call only after HTTP header is sent
+       (thanks to Didier Lebrun for noticing).
+    7. Patches from Dan Harkless to make CGI.pm validatable against HTML
+       3.2.
+    8. Fixed an extraneous "foo=bar" appearing when extra style
+       parameters passed to start_html;
+    9. Fixed cross-site scripting bug in startform() pointed out by Dan
+       Harkless.
+   10. Fixed documentation to discuss list context behavior of
+       form-element generators explicitly.
+   11. Fixed incorrect results from end_form() when called in OO manner.
+   12. Fixed query string stripping in order to handle URLs containing
+       escaped newlines.
+   13. During server push, set NPH to 0 rather than 1. This is supposed
+       to fix problems with Apache.
+   14. Fixed incorrect processing of multipart form fields that contain
+       embedded quotes. There's still the issue of how to handle ones
+       that contain embedded semicolons, but no one has complained (yet).
+   15. Fixed documentation bug in -style argument to start_html()
+   16. Added -status argument to redirect().
+
+Version 3.04, Jan 18, 2004
+
+    1. Fixed the problem with mod_perl crashing when "defaults" button
+       pressed.
+
+Version 3.03, Jan 13, 2004
+
+    1. Fix upload hook functionality
+    2. Workaround for CGI->unescape_html()
+    3. Bumped version numbers in CGI::Fast and CGI::Util for 5.8.3-tobe
+
+Version 3.02
+
+    1. Bring in Apache::Response just in case.
+    2. File upload on EBCDIC systems now works.
+
+Version 3.01, Dec 10, 2003
+
+    1. No fix yet for upload failures when running on EBCDIC server.
+    2. Fixed uninitialized glob warnings that appeared when file
+       uploading under perl 5.8.2.
+    3. Added patch from Schlomi Fish to allow debugging of PATH_INFO from
+       command line.
+    4. Added patch from Steve Hay to correctly unlink tmp files under
+       mod_perl/windows
+    5. Added upload_hook functionality from Jamie LeTaul
+    6. Workarounds for mod_perl 2 IO issues. Check that file upload and
+       state saving still working.
+    7. Added code for underreads.
+    8. Fixed misleading description of redirect() and relative URLs in
+       the POD docs.
+    9. Workaround for weird interaction of CGI::Carp with Safe module
+       reported by William McKee.
+   10. Added patches from Ilmari Karonen to improve behavior of
+       CGI::Carp.
+   11. Fixed documentation error in -style argument.
+   12. Added virtual_port() method for finding out what port server is
+       listening on in a virtual-host aware fashion.
+
+Version 3.00, Aug 18, 2003
+
+    1. Patch from Randal Schwartz to fix bug introduced by cross-site
+       scripting vulnerability "fix."
+    2. Patch from JFreeman to replace UTF-8 escape constant of 0xfe with
+       0xfc. Hope this is right!
+
+  Version 2.99
+
+    1. Patch from Steve Hay to fix extra Content-type: appearing on
+       browser screen when FatalsToBrowser invoked.
+    2. Patch from Ewann Corvellec to fix cross-site scripting
+       vulnerability.
+    3. Fixed tmpdir routine for file uploading to solve problem that
+       occurs under mod_perl when tmpdir is writable at startup time, but
+       not at session time.
+
+  Version 2.98
+
+    1. Fixed crash in Dump() function.
+
+  Version 2.97
+
+    1. Sigh. Uploaded wrong 2.96 to CPAN.
+
+  Version 2.96
+
+    1. More bugfixes to the -style argument.
+
+  Version 2.95
+
+    1. Fixed bugs in start_html(-style=>...) support introduced in 2.94.
+
+  Version 2.94
+
+    1. Removed warning from reset() method.
+    2. Moved
+
+   and tags into the :html3 group. Hope this removes undefined CGI::Area
+   errors.
+
+     Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore
+   reporting of compile-time errors.
+
+     Fixed potential deadlock between web server and CGI.pm when aborting
+   a read due to POST_MAX (reported by Antti Lankila).
+
+     Fixed issue with tag-generating function not incorporating content
+   when first variable undef.
+
+     Fixed cross-site scripting bug reported by obscure.
+
+     Fixed Dump() function to return correctly formed XHTML - bug
+   reported by Ralph Siemsen.
+
+  Version 2.93
+
+    1. Fixed embarassing bug in mp1 support.
+
+  Version 2.92
+
+    1. Fix to be P3P compliant submitted from MPREWITT.
+    2. Added CGI->r() API for mod_perl1/mod_perl2.
+    3. Fixed bug in redirect() that was corrupting cookies.
+    4. Minor fix to behavior of reset() button to make it consistent with
+       submit() button (first time this has been changed in 9 years).
+    5. Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher.
+    6. Patch from Steve Hay to make CGI::Carp's error messages appear on
+       MSIE browsers.
+    7. Added Yair Lenga's patch for non-urlencoded postings.
+    8. Added Stas Bekman's patches for mod_perl 2 compatibility.
+    9. Fixed uninitialized escape behavior submitted by William Campbell.
+   10. Fixed tied behavior so that you can pass arguments to tie()
+   11. Fixed incorrect generation of URLs when the path_info contains +
+       and other odd characters.
+   12. Fixed redirect(-cookies=>$cookie) problem.
+   13. Fixed tag generation bug that affects -javascript passed to
+       start_html().
+
+  Version 2.91
+
+    1. Attribute generation now correctly respects the value of
+       autoEscape().
+    2. Fixed endofrm() syntax error introduced by Ben Edgington's patch.
+
+  Version 2.90
+
+    1. Fixed bug in redirect header handling.
+    2. Added P3P option to header().
+    3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with
+       object-oriented exceptions.
+    4. Removed inaccurate description of how to set multiple cookies from
+       CGI::Cookie pod file.
+    5. Patch from Kevin Mahony to prevent running out of filehandles when
+       uploading lots of files.
+    6. Documentation enhancement from Mark Fisher to note that the
+       import_names() method transforms the parameter names into valid
+       Perl names.
+    7. Patch from Dan Harkless to suppress lang attribute in <html> tag
+       if specified as a null string.
+    8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0
+       validation on endform().
+    9. Custom html header fix from Steffen Beyer (first letter correctly
+       upcased now)
+   10. Added a -verbatim option to stylesheet generation from Michael
+       Dickson
+   11. Faster delete() method from Neelam Gupta
+   12. Fixed broken Cygwin support.
+   13. Added empty charset support from Bradley Baetz
+   14. Patches from Doug Perham and Kevin Mahoney to fix file upload
+       failures when uploaded file is a multiple of 4096.
+
+  Version 2.89
+
+    1. Fixed behavior of ACTION tag when POSTING to a URL that has a
+       query string.
+    2. Added Patch from Michael Rommel to handle multipart/mixed uploads
+       from Opera
+
+  Version 2.88
+
+    1. Fixed problem with uploads being refused under Perl 5.8 when under
+       Taint mode.
+    2. Fixed uninitialized variable warnings under Perl 5.8.
+    3. Fixed CGI::Pretty regression test failures.
+
+  Version 2.87
+
+    1. Security hole patched: when processing multipart/form-data
+       postings, most arguments were being untainted silently. Returned
+       arguments are now tainted correctly. This may cause some scripts
+       to fail that used to work (thanks to Nick Cleaton for pointing
+       this out and persisting until it was fixed).
+    2. Update for mod_perl 2.0.
+    3. Pragmas such as -no_xhtml are now respected in mod_perl
+       environment.
+
+  Version 2.86
+
+    1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84.
+
+  Version 2.85
+
+    1. Fix for broken autoEscape function introduced in 2.84.
+
+  Version 2.84
+
+    1. Fix for failed file uploads on Cygwin platforms.
+    2. HTML escaping code now replaced 0x8b and 0x9b with unicode
+       references < and *#8250;
+
+  Version 2.83
+
+    1. Fixed autoEscape() documentation inconsistencies.
+    2. Patch from Ville Skytt� to fix a number of XHTML inconsistencies.
+    3. Added Max-Age to list of CGI::Cookie headers.
+
+  Version 2.82
+
+    1. Patch from Rudolf Troller to add attribute setting and option
+       groups to form fields.
+    2. Patch from Simon Perreault for silent crashes when using CGI::Carp
+       under mod_perl.
+    3. Patch from Scott Gifford allows you to set the program name for
+       CGI::Carp.
+
+  Version 2.81
+
+    1. Removed extraneous slash from end of stylesheet tags generated by
+       start_html in non-XHTML mode.
+    2. Changed behavior of CGI::Carp with respect to eval{} contexts so
+       that output behaves properly in mod_perl environments.
+    3. Fixed default DTD so that it validates with W3C validator.
+
+  Version 2.80
+
+    1. Fixed broken messages in CGI::Carp.
+    2. Changed checked="1" to checked="checked" for real XHTML
+       compatibility.
+    3. Resurrected REQUEST_URI code so that url() works correctly with
+       multiviews.
+
+  Version 2.79
+
+    1. Changes to CGI::Carp to avoid "subroutine redefined" error
+       messages.
+    2. Default DTD is now XHTML 1.0 Transitional
+    3. Patches to support all HTML4 tags.
+
+  Version 2.78
+
+    1. Added ability to change encoding in <?xml> assertion.
+    2. Fixed the old escapeHTML('CGI') ne "CGI" bug
+    3. In accordance with XHTML requirements, there are no longer any
+       minimized attributes, such as "checked".
+    4. Patched bug which caused file uploads of exactly 4096 bytes to be
+       truncated to 4094 (thanks to Kevin Mahony)
+    5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern).
+
+  Version 2.77
+
+    1. No new features, but released in order to fix an apparent CPAN
+       bug.
+
+  Version 2.76
+
+    1. New esc.t regression test for EBCDIC translations courtesy Peter
+       Prymmer.
+    2. Patches from James Jurach to make compatible with FCGI-ProcManager
+    3. Additional fields passed to header() (like -Content_disposition)
+       now honor initial capitalization.
+    4. Patch from Andrew McNaughton to handle utf-8 escapes (%uXXXX
+       codes) in URLs.
+
+  Version 2.752
+
+    1. Syntax error in the autoloaded Fh::new() subroutine.
+    2. Better error reporting in autoloaded functions.
+
+  Version 2.751
+
+    1. Tiny tweak to filename regular expression function on line 3355.
+
+  Version 2.75
+
+    1. Fixed bug in server push boundary strings (CGI.pm and CGI::Push).
+    2. Fixed bug that occurs when uploading files with funny characters
+       in the name
+    3. Fixed non-XHTML-compliant attributes produced by textfield()
+    4. Added EPOC support, courtesy Olaf Flebbe
+    5. Fixed minor XHTML bugs.
+    6. Made escape() and unescape() symmetric with respect to EBCDIC,
+       courtesy Roca, Ignasi <ignasi.roca@fujitsu.siemens.es>
+    7. Removed uninitialized variable warning from CGI::Cookie, provided
+       by Atipat Rojnuckarin <rojnuca@yahoo.com>
+    8. Fixed bug in CGI::Pretty that causes it to print partial end tags
+       when the $INDENT global is changed.
+    9. Single quotes are changed to character entity ' for compatibility
+       with URLs.
+
+  Version 2.74
+
+   September 13, 2000
+    1. Quashed one-character bug that caused CGI.pm to fail on file
+       uploads.
+
+  Version 2.73
+
+   September 12, 2000
+    1. Added -base to the list of arguments accepted by url().
+    2. Fixes to XHTML support.
+    3. POST parameters no longer show up in the Location box.
+
+  Version 2.72
+
+   August 19, 2000
+    1. Fixed the defaults button so that it works again
+    2. Charset is now correctly saved and restored when saving to files
+    3. url() now works correctly when given scripts with %20 and other
+       escapes in the additional path info. This undoes a patch
+       introduced in version 2.47 that I no longer understand the
+       rationale for.
+
+  Version 2.71
+
+   August 13, 2000
+    1. Newlines in the value attributes of hidden fields and other form
+       elements are now escaped when using ISO-Latin.
+    2. Inline script and style sections are now protected as CDATA
+       sections when XHTML mode is on (the default).
+
+  Version 2.70
+
+   August 4, 2000
+    1. Fixed bug in scrolling_list() which omitted a space in front of
+       the "multiple" attribute.
+    2. Squashed the "useless use of string in void context" message from
+       redirects.
+
+  Version 2.69
+
+    1. startform() now creates default ACTION for POSTs as well as GETs.
+       This may break some browsers, but it no longer violates the HTML
+       spec.
+    2. CGI.pm now emits XHTML by default. Disable with -no_xhtml.
+    3. We no longer interpret &#ddd sequences in non-latin character
+       sets.
+
+  Version 2.68
+
+    1. No longer attempts to escape characters when dealing with non
+       ISO-8861 character sets.
+    2. checkbox() function now defaults to using -value as its label,
+       rather than -name. The current behavior is what has been
+       documented from the beginning.
+    3. -style accepts array reference to incorporate multiple stylesheets
+       into document.
+
+    1. Fixed two bugs that caused the -compile pragma to fail with a
+       syntax error.
+
+  Version 2.67
+
+    1. Added XHTML support (incomplete; tags need to be lowercased).
+    2. Fixed CGI/Carp when running under mod_perl. Probably broke in
+       other contexts.
+    3. Fixed problems when passing multiple cookies.
+    4. Suppress warnings from _tableize() that were appearing when using
+       -w switch with radio_group() and checkbox_group().
+    5. Support for the header() -attachment argument, which can give
+       pages a default file name when saving to disk.
+
+  Version 2.66
+
+    1. 2.65 changes in make_attributes() broke HTTP header functions
+       (including redirect), so made it context sensitive.
+
+  Version 2.65
+
+    1. Fixed regression tests to skip tests that require implicit fork on
+       machines without fork().
+    2. Changed make_attributes() to automatically escape any HTML
+       reserved characters.
+    3. Minor documentation fix in javascript example.
+
+  Version 2.64
+
+    1. Changes introduced in 2.63 broke param() when retrieving parameter
+       lists containing only a single argument. This is now fixed.
+    2. self_url() now defaults to returning parameters delimited with
+       semicolon. Use the pragma -oldstyle_urls to get the old "&"
+       delimiter.
+
+  Version 2.63
+
+    1. Fixed CGI::Push to pull out parameters correctly.
+    2. Fixed redirect() so that it works with default character set
+    3. Changed param() so as to returned empty string '' when referring
+       to variables passed in query strings like 'name1=&name2'
+
+  Version 2.62
+
+    1. Fixed broken ReadParse() function, and added regression tests
+    2. Fixed broken CGI::Pretty, and added regression tests
+
+  Version 2.61
+
+    1. Moved more functions from CGI.pm proper into CGI/Util.pm.
+       CGI/Cookie should now be standalone.
+    2. Disabled per-user temporary directories, which were causing grief.
+
+  Version 2.60
+
+    1. Fixed junk appearing in autogenerated HTML functions when using
+       object-oriented mode.
+
+  Version 2.59
+
+    1. autoescape functionality breaks too much existing code, removed
+       it.
+    2. use escapeHTML() manually
+
+  Version 2.58
+
+   This is the release version of 2.57.
+
+  Version 2.57
+
+    1. Added -debug pragma and turned off auto reading of STDIN.
+    2. Default DTD updated to HTML 4.01 transitional.
+    3. Added charset() method and the -charset argument to header().
+    4. Fixed behavior of escapeHTML() to respect charset() and to escape
+       nasty Windows characters (thanks to Tom Christiansen).
+    5. Handle REDIRECT_QUERY_STRING correctly.
+    6. Removed use_named_parameters() because of dependency problems and
+       general lameness.
+    7. Fixed problems with bad HREF links generated by url(-relative=>1)
+       when the url is like /people/.
+    8. Silenced a warning on upload (patch provided by Jonas Liljegren)
+    9. Fixed race condition in CGI::Carp when errors occur during parsing
+       (patch provided by Maurice Aubrey).
+   10. Fixed failure of url(-path_info=>1) when path contains % signs.
+   11. Fixed warning from CGI::Cookie when receiving foreign cookies that
+       don't use name=value format.
+   12. Fixed incompatibilities with file uploading on VMS systems.
+
+  Version 2.56
+
+    1. Fixed bugs in file upload introduced in version 2.55
+    2. Fixed long-standing bug that prevented two files with identical
+       names from being uploaded.
+
+  Version 2.55
+
+    1. Fixed cookie regression test so as not to produce an error.
+    2. Fixed path_info() and self_url() to work correctly together when
+       path_info() modified.
+    3. Removed manify warnings from CGI::{Switch,Apache}.
+
+  Version 2.54
+
+    1. This will be the last release of the monolithic CGI.pm module.
+       Later versions will be modularized and optimized.
+    2. DOMAIN tag no longer added to cookies by default. This will break
+       some versions of Internet Explorer, but will avoid breaking
+       networks which use host tables without fully qualified domain
+       names. For compatibility, please always add the -domain tag when
+       creating cookies.
+    3. Fixed escape() method so that +'s are treated correctly.
+    4. Updated CGI::Pretty module.
+
+  Version 2.53
+
+    1. Forgot to upgrade regression tests before releasing 2.52. NOTHING
+       ELSE HAS CHANGED IN LIBRARY
+
+  Version 2.52
+
+    1. Spurious newline in checkbox() routine removed. (courtesy John
+       Essen)
+    2. TEXTAREA linebreaks now respected in dump() routine. (courtesy
+       John Essen)
+    3. Patches for DOS ports (courtesy Robert Davies)
+    4. Patches for VMS
+    5. More fixes for cookie problems
+    6. Fix CGI::Carp so that it doesn't affect eval{} blocks (courtesy
+       Byron Brummer)
+
+  Version 2.51
+
+    1. Fixed problems with cookies not being remembered when sent to IE
+       5.0 (and Netscape 5.0 too?)
+    2. Numerous HTML compliance problems in cgi_docs.html; fixed thanks
+       to Michael Leahy
+
+  Version 2.50
+
+    1. Added a new Vars() method to retrieve all parameters as a tied
+       hash.
+    2. Untainted tainted tempfile name so that script doesn't fail on
+       terminal unlink.
+    3. Made picking of upload tempfile name more intelligent so that
+       doesn't fail in case of name collision.
+    4. Fixed handling of expire times when passed an absolute timestamp.
+    5. Changed dump() to Dump() to avoid name clashes.
+
+  Version 2.49
+
+    1. Fixes for FastCGI (globals not getting reset)
+    2. Fixed url() to correctly handle query string and path under
+       MOD_PERL
+
+  Version 2.48
+
+    1. Reverted detection of MOD_PERL to avoid breaking PerlEX.
+
+  Version 2.47
+
+    1. Patch to fix file upload bug appearing in IE 3.01 for
+       Macintosh/PowerPC.
+    2. Replaced use of $ENV{SCRIPT_NAME} with $ENV{REQUEST_URI} when
+       running under Apache, to fix self-referencing URIs.
+    3. Fixed bug in escapeHTML() which caused certain constructs, such as
+       CGI->image_button(), to fail.
+    4. Fixed bug which caused strong('CGI') to fail. Be careful to use
+       CGI::strong('CGI') and not CGI->strong('CGI'). The latter will
+       produce confusing results.
+    5. Added upload() function, as a preferred replacement for the
+       "filehandle as string" feature.
+    6. Added cgi_error() function.
+    7. Rewrote file upload handling to return undef rather than dieing
+       when an error is encountered. Be sure to call cgi_error() to find
+       out what went wrong.
+
+  Version 2.46
+
+    1. Fix for failure of the "include" tests under mod_perl
+    2. Added end_multipart_form to prevent failures during qw(-compile
+       :all)
+
+  Version 2.45
+
+    1. Multiple small documentation fixes
+    2. CGI::Pretty didn't get into 2.44. Fixed now.
+
+  Version 2.44
+
+    1. Fixed file descriptor leak in upload function.
+    2. Fixed bug in header() that prevented fields from containing double
+       quotes.
+    3. Added Brian Paulsen's CGI::Pretty package for pretty-printing
+       output HTML.
+    4. Removed CGI::Apache and CGI::Switch from the distribution.
+    5. Generated start_* shortcuts so that start_table(), end_table(),
+       start_ol(), end_ol(), and so forth now work (see the docs on how
+       to enable this feature).
+    6. Changed accept() to Accept(), sub() to Sub(). There's still a
+       conflict with reset(), but this will break too many existing
+       scripts!
+
+  Version 2.43
+
+    1. Fixed problem with "use strict" and file uploads (thanks to Peter
+       Haworth)
+    2. Fixed problem with not MSIE 3.01 for the power_mac not doing file
+       uploads right.
+    3. Fixed problem with file upload on IIS 4.0 when authorization in
+       use.
+    4. -content_type and '-content-type' can now be provided to header()
+       as synonyms for -type.
+    5. CGI::Carp now escapes the ampersand BEFORE escaping the > and <
+       signs.
+    6. Fixed "not an array reference" error when passing a hash reference
+       to radio_group().
+    7. Fixed non-removal of uploaded TMP files on NT platforms which
+       occurs when server runs on non-C drive (thanks to Steve Kilbane
+       for finding this one).
+
+  Version 2.42
+
+    1. Too many screams of anguish at changed behavior of url(). Is now
+       back to its old behavior by default, with options to generate all
+       the variants.
+    2. Added regression tests. "make test" now works.
+    3. Documentation fixes.
+    4. Fixes for Macintosh uploads, but uploads STILL do not work pending
+       changes to MacPerl.
+
+  Version 2.41
+
+    1. url() method now includes the path info. Use script_name() to get
+       it without path info().
+    2. Changed handling of empty attributes in HTML tag generation. Be
+       warned! Use table({-border=>undef}) rather than
+       table({-border=>''}).
+    3. Changes to allow uploaded filenames to be compared to other
+       strings with "eq", "cmp" and "ne".
+    4. Changes to allow CGI.pm to coexist more peacefully with
+       ActiveState PerlEX.
+    5. Changes to prevent exported variables from clashing when importing
+       ":all" set in combination with cookies.
+
+  Version 2.40
+
+    1. CGI::Carp patched to work better with mod_perl (thanks to Chris
+       Dean).
+    2. Uploads of files whose names begin with numbers or the Windows
+       \\UNC\shared\file nomenclature should no longer fail.
+    3. The <STYLE> tag (for cascading style sheets) now generates the
+       required TYPE attribute.
+    4. Server push primitives added, thanks to Ed Jordan.
+    5. Table and other HTML3 functions are now part of the :standard set.
+    6. Small documentation fixes.
+
+   TO DO:
+    1. Do something about the DTD mess. The module should generate
+       correct DTDs, or at least offer the programmer a way to specify
+       the correct one.
+    2. Split CGI.pm into CGI processing and HTML-generating modules.
+    3. More robust file upload (?still not working on the Macintosh?).
+    4. Bring in all the HTML4 functionality, particular the accessibility
+       features.
+
+  Version 2.39
+
+    1. file uploads failing because of VMS patch; fixed.
+    2. -dtd parameter was not being properly processed.
+
+  Version 2.38
+
+   I finally got tired of all the 2.37 betas and released 2.38. The main
+   difference between this version and the last 2.37 beta (2.37b30) are
+   some fixes for VMS. This should allow file upload to work properly on
+   all VMS Web servers.
+
+  Version 2.37, various beta versions
+
+    1. Added a CGI::Cookie::parse() method for lucky mod_perl users.
+    2. No longer need separate -values and -labels arguments for
+       multi-valued form elements.
+    3. Added better interface to raw cookies (fix courtesy Ken Fox,
+       kfox@ford.com)
+    4. Added param_fetch() function for direct access to parameter list.
+    5. Fix to checkbox() to allow for multi-valued single checkboxes
+       (weird problem).
+    6. Added a compile() method for those who want to compile without
+       importing.
+    7. Documented the import pragmas a little better.
+    8. Added a -compile switch to the use clause for the long-suffering
+       mod_perl and Perl compiler users.
+    9. Fixed initialization routines so that FileHandle and type globs
+       work correctly (and hash initialization doesn't fail!).
+   10. Better deletion of temporary files on NT systems.
+   11. Added documentation on escape(), unescape(), unescapeHTML() and
+       unescapeHTML() subroutines.
+   12. Added documentation on creating subclasses.
+   13. Fixed problem when calling $self->SUPER::foo() from inheriting
+       subclasses.
+   14. Fixed problem using filehandles from within subroutines.
+   15. Fixed inability to use the string "CGI" as a parameter.
+   16. Fixed exponentially growing $FILLUNIT bug
+   17. Check for undef filehandle in read_from_client()
+   18. Now requires the UNIVERSAL.pm module, present in Perl 5.003_7 or
+       higher.
+   19. Fixed problem with uppercase-only parameters being ignored.
+   20. Fixed vanishing cookie problem.
+   21. Fixed warning in initialize_globals() under mod_perl.
+   22. File uploads from Macintosh versions of MSIE should now work.
+   23. Pragmas now preceded by dashes (-nph) rather than colons (:nph).
+       Old style is supported for backward compatibility.
+   24. Can now pass arguments to all functions using {} brackets,
+       resolving historical inconsistencies.
+   25. Removed autoloader warnings about absent MultipartBuffer::DESTROY.
+   26. Fixed non-sticky checkbox() when -name used without -value.
+   27. Hack to fix path_info() in IIS 2.0. Doesn't help with IIS 3.0.
+   28. Parameter syntax for debugging from command line now more
+       straightforward.
+   29. Added $DISABLE_UPLOAD to disable file uploads.
+   30. Added $POST_MAX to error out if POSTings exceed some ceiling.
+   31. Fixed url_param(), which wasn't working at all.
+   32. Fixed variable suicide problem in s///e expressions, where the
+       autoloader was needed during evaluation.
+   33. Removed excess spaces between elements of checkbox and radio
+       groups
+   34. Can now create "valueless" submit buttons
+   35. Can now set path_info as well as read it.
+   36. ReadParse() now returns a useful function result.
+   37. import_names() now allows you to optionally clear out the
+       namespace before importing (for mod_perl users)
+   38. Made it possible to have a popup menu or radio button with a value
+       of "0".
+   39. link() changed to Link() to avoid overriding native link function.
+   40. Takes advantage of mod_perl's register_cleanup() function to clear
+       globals.
+   41. <LAYER> and <ILAYER> added to :html3 functions.
+   42. Fixed problems with private tempfiles and NT/IIS systems.
+   43. No longer prints the DTD by default (I bet no one will complain).
+   44. Allow underscores to replace internal hyphens in parameter names.
+   45. CGI::Push supports heterogeneous MIME types and adjustable delays
+       between pages.
+   46. url_param() method added for retrieving URL parameters even when a
+       fill-out form is POSTed.
+   47. Got rid of warnings when radio_group() is called.
+   48. Cookies now moved to their very own module.
+   49. Fixed documentation bug in CGI::Fast.
+   50. Added a :no_debug pragma to the import list.
+
+  Version 2.36
+
+    1. Expanded JavaScript functionality
+    2. Preliminary support for cascading stylesheets
+    3. Security fixes for file uploads:
+          + Module will bail out if its temporary file already exists
+          + Temporary files can now be made completely private to avoid
+            peeking by other users or CGI scripts.
+    4. use CGI qw/:nph/ wasn't working correctly. Now it is.
+    5. Cookie and HTTP date formats didn't meet spec. Thanks to Mark
+       Fisher (fisherm@indy.tce.com) for catching and fixing this.
+
+   p
+
+  Version 2.35
+
+    1. Robustified multipart file upload against incorrect syntax in
+       POST.
+    2. Fixed more problems with mod_perl.
+    3. Added -noScript parameter to start_html().
+    4. Documentation fixes.
+
+  Version 2.34
+
+    1. Stupid typo fix
+
+  Version 2.33
+
+    1. Fixed a warning about an undefined environment variable.
+    2. Doug's patch for redirect() under mod_perl
+    3. Partial fix for busted inheritence from CGI::Apache
+    4. Documentation fixes.
+
+  Version 2.32
+
+    1. Improved support for Apache's mod_perl.
+    2. Changes to better support inheritance.
+    3. Support for OS/2.
+
+  Version 2.31
+
+    1. New uploadInfo() method to obtain header information from uploaded
+       files.
+    2. cookie() without any arguments returns all the cookies passed to a
+       script.
+    3. Removed annoying warnings about $ENV{NPH} when running with the -w
+       switch.
+    4. Removed operator overloading throughout to make compatible with
+       new versions of perl.
+    5. -expires now implies the -date header, to avoid clock skew.
+    6. WebSite passes cookies in $ENV{COOKIE} rather than
+       $ENV{HTTP_COOKIE}. We now handle this, even though it's O'Reilly's
+       fault.
+    7. Tested successfully against new sfio I/O layer.
+    8. Documentation fixes.
+
+  Version 2.30
+
+    1. Automatic detection of operating system at load time.
+    2. Changed select() function to Select() in order to avoid conflict
+       with Perl built-in.
+    3. Added Tr() as an alternative to TR(); some people think it looks
+       better that way.
+    4. Fixed problem with autoloading of MultipartBuffer::DESTROY code.
+    5. Added the following methods:
+          + virtual_host()
+          + server_software()
+    6. Automatic NPH mode when running under Microsoft IIS server.
+
+  Version 2.29
+
+    1. Fixed cookie bugs
+    2. Fixed problems that cropped up when useNamedParameters was set to
+       1.
+    3. Prevent CGI::Carp::fatalsToBrowser() from crapping out when
+       encountering a die() within an eval().
+    4. Fixed problems with filehandle initializers.
+
+  Version 2.28
+
+    1. Added support for NPH scripts; also fixes problems with Microsoft
+       IIS.
+    2. Fixed a problem with checkbox() values not being correctly saved
+       and restored.
+    3. Fixed a bug in which CGI objects created with empty string
+       initializers took on default values from earlier CGI objects.
+    4. Documentation fixes.
+
+  Version 2.27
+
+    1. Small but important bug fix: the automatic capitalization of tag
+       attributes was accidentally capitalizing the VALUES as well as the
+       ATTRIBUTE names (oops).
+
+  Version 2.26
+
+    1. Changed behavior of scrolling_list(), checkbox() and
+       checkbox_group() methods so that defaults are honored correctly.
+       The "fix" causes endform() to generate additional <INPUT
+       TYPE="HIDDEN"> tags -- don't be surpised.
+    2. Fixed bug involving the detection of the SSL protocol.
+    3. Fixed documentation error in position of the -meta argument in
+       start_html().
+    4. HTML shortcuts now generate tags in ALL UPPERCASE.
+    5. start_html() now generates correct SGML header:
+      <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+
+    6. CGI::Carp no longer fails "use strict refs" pragma.
+
+  Version 2.25
+
+    1. Fixed bug that caused bad redirection on destination URLs with
+       arguments.
+    2. Fixed bug involving use_named_parameters() followed by
+       start_multipart_form()
+    3. Fixed bug that caused incorrect determination of binmode for
+       Macintosh.
+    4. Spelling fixes on documentation.
+
+  Version 2.24
+
+    1. Fixed bug that caused generation of lousy HTML for some form
+       elements
+    2. Fixed uploading bug in Windows NT
+    3. Some code cleanup (not enough)
+
+  Version 2.23
+
+    1. Fixed an obscure bug that caused scripts to fail mysteriously.
+    2. Fixed auto-caching bug.
+    3. Fixed bug that prevented HTML shortcuts from passing taint checks.
+    4. Fixed some -w warning problems.
+
+  Version 2.22
+
+    1. New CGI::Fast module for use with FastCGI protocol. See pod
+       documentation for details.
+    2. Fixed problems with inheritance and autoloading.
+    3. Added TR() (<tr>) and PARAM() (<param>) methods to list of
+       exported HTML tag-generating functions.
+    4. Moved all CGI-related I/O to a bottleneck method so that this can
+       be overridden more easily in mod_perl (thanks to Doug MacEachern).
+    5. put() method as substitute for print() for use in mod_perl.
+    6. Fixed crash in tmpFileName() method.
+    7. Added tmpFileName(), startform() and endform() to export list.
+    8. Fixed problems with attributes in HTML shortcuts.
+    9. Functions that don't actually need access to the CGI object now no
+       longer generate a default one. May speed things up slightly.
+   10. Aesthetic improvements in generated HTML.
+   11. New examples.
+
+  Version 2.21
+
+    1. Added the -meta argument to start_html().
+    2. Fixed hidden fields (again).
+    3. Radio_group() and checkbox_group() now return an appropriate
+       scalar value when called in a scalar context, rather than
+       returning a numeric value!
+    4. Cleaned up the formatting of form elements to avoid unesthetic
+       extra spaces within the attributes.
+    5. HTML elements now correctly include the closing tag when
+       parameters are present but null: em('')
+    6. Added password_field() to the export list.
+
+  Version 2.20
+
+    1. Dumped the SelfLoader because of problems with running with taint
+       checks and rolled my own. Performance is now significantly
+       improved.
+    2. Added HTML shortcuts.
+    3. import() now adheres to the Perl module conventions, allowing
+       CGI.pm to import any or all method names into the user's name
+       space.
+    4. Added the ability to initialize CGI objects from strings and
+       associative arrays.
+    5. Made it possible to initialize CGI objects with filehandle
+       references rather than filehandle strings.
+    6. Added the delete_all() and append() methods.
+    7. CGI objects correctly initialize from filehandles on NT/95 systems
+       now.
+    8. Fixed the problem with binary file uploads on NT/95 systems.
+    9. Fixed bug in redirect().
+   10. Added '-Window-target' parameter to redirect().
+   11. Fixed import_names() so that parameter names containing funny
+       characters work.
+   12. Broke the unfortunate connection between cookie and CGI parameter
+       name space.
+   13. Fixed problems with hidden fields whose values are 0.
+   14. Cleaned up the documentation somewhat.
+
+  Version 2.19
+
+    1. Added cookie() support routines.
+    2. Added -expires parameter to header().
+    3. Added cgi-lib.pl compatibility mode.
+    4. Made the module more configurable for different operating systems.
+    5. Fixed a dumb bug in JavaScript button() method.
+
+  Version 2.18
+
+    1. Fixed a bug that corrects a hang that occurs on some platforms
+       when processing file uploads. Unfortunately this disables the
+       check for bad Netscape uploads.
+    2. Fixed bizarre problem involving the inability to process uploaded
+       files that begin with a non alphabetic character in the file name.
+    3. Fixed a bug in the hidden fields involving the -override directive
+       being ignored when scalar defaults were passed.
+    4. Added documentation on how to disable the SelfLoader features.
+
+  Version 2.17
+
+    1. Added support for the SelfLoader module.
+    2. Added oodles of JavaScript support routines.
+    3. Fixed bad bug in query_string() method that caused some parameters
+       to be silently dropped.
+    4. Robustified file upload code to handle premature termination by
+       the client.
+    5. Exported temporary file names on file upload.
+    6. Removed spurious "uninitialized variable" warnings that appeared
+       when running under 5.002.
+    7. Added the Carp.pm library to the standard distribution.
+    8. Fixed a number of errors in this documentation, and probably added
+       a few more.
+    9. Checkbox_group() and radio_group() now return the buttons as
+       arrays, so that you can incorporate the individual buttons into
+       specialized tables.
+   10. Added the '-nolabels' option to checkbox_group() and
+       radio_group(). Probably should be added to all the other
+       HTML-generating routines.
+   11. Added the url() method to recover the URL without the entire query
+       string appended.
+   12. Added request_method() to list of environment variables available.
+   13. Would you believe it? Fixed hidden fields again!
+
+  Version 2.16
+
+    1. Fixed hidden fields yet again.
+    2. Fixed subtle problems in the file upload method that caused
+       intermittent failures (thanks to Keven Hendrick for this one).
+    3. Made file upload more robust in the face of bizarre behavior by
+       the Macintosh and Windows Netscape clients.
+    4. Moved the POD documentation to the bottom of the module at the
+       request of Stephen Dahmen.
+    5. Added the -xbase parameter to the start_html() method, also at the
+       request of Stephen Dahmen.
+    6. Added JavaScript form buttons at Stephen's request. I'm not sure
+       how to use this Netscape extension correctly, however, so for now
+       the form() method is in the module as an undocumented feature. Use
+       at your own risk!
+
+  Version 2.15
+
+    1. Added the -override parameter to all field-generating methods.
+    2. Documented the user_name() and remote_user() methods.
+    3. Fixed bugs that prevented empty strings from being recognized as
+       valid textfield contents.
+    4. Documented the use of framesets and added a frameset example.
+
+  Version 2.14
+
+   This was an internal experimental version that was never released.
+
+  Version 2.13
+
+    1. Fixed a bug that interfered with the value "0" being entered into
+       text fields.
+
+  Version 2.01
+
+    1. Added -rows and -columns to the radio and checkbox groups. No
+       doubt this will cause much grief because it seems to promise a
+       level of meta-organization that it doesn't actually provide.
+    2. Fixed a bug in the redirect() method -- it was not truly HTTP/1.0
+       compliant.
+
+  Version 2.0
+
+   The changes seemed to touch every line of code, so I decided to bump
+   up the major version number.
+    1. Support for named parameter style method calls. This turns out
+       to be a big win for extending CGI.pm when Netscape adds new HTML
+       "features".
+    2. Changed behavior of hidden fields back to the correct "sticky"
+       behavior. This is going to break some programs, but it is for
+       the best in the long run.
+    3. Netscape 2.0b2 broke the file upload feature. CGI.pm now handles
+       both 2.0b1 and 2.0b2-style uploading. It will probably break again
+       in 2.0b3.
+    4. There were still problems with library being unable to distinguish
+       between a form being loaded for the first time, and a subsequent
+       loading with all fields blank. We now forcibly create a default
+       name for the Submit button (if not provided) so that there's
+       always at least one parameter.
+    5. More workarounds to prevent annoying spurious warning messages
+       when run under the -w switch. -w is seriously broken in perl
+       5.001!
+
+  Version 1.57
+
+    1. Support for the Netscape 2.0 "File upload" field.
+    2. The handling of defaults for selected items in scrolling lists and
+       multiple checkboxes is now consistent.
+
+  Version 1.56
+
+    1. Created true "pod" documentation for the module.
+    2. Cleaned up the code to avoid many of the spurious "use of
+       uninitialized variable" warnings when running with the -w switch.
+    3. Added the autoEscape() method. v
+    4. Added string interpolation of the CGI object.
+    5. Added the ability to pass additional parameters to the <BODY> tag.
+    6. Added the ability to specify the status code in the HTTP header.
+
+  Bug fixes in version 1.55
+
+    1. Every time self_url() was called, the parameter list would grow.
+       This was a bad "feature".
+    2. Documented the fact that you can pass "-" to radio_group() in
+       order to prevent any button from being highlighted by default.
+
+  Bug fixes in version 1.54
+
+    1. The user_agent() method is now documented;
+    2. A potential security hole in import() is now plugged.
+    3. Changed name of import() to import_names() for compatibility with
+       CGI:: modules.
+
+  Bug fixes in version 1.53
+
+    1. Fixed several typos in the code that were causing the following
+       subroutines to fail in some circumstances
+         1. checkbox()
+         2. hidden()
+    2. No features added
+
+  New features added in version 1.52
+
+    1. Added backslashing, quotation marks, and other shell-style escape
+       sequences to the parameters passed in during debugging off-line.
+    2. Changed the way that the hidden() method works so that the default
+       value always overrides the current one.
+    3. Improved the handling of sticky values in forms. It's now less
+       likely that sticky values will get stuck.
+    4. If you call server_name(), script_name() and several other methods
+       when running offline, the methods now create "dummy" values to
+       work with.
+
+  Bugs fixed in version 1.51
+
+    1. param() when called without arguments was returning an array of
+       length 1 even when there were no parameters to be had. Bad bug!
+       Bad!
+    2. The HTML code generated would break if input fields contained the
+       forbidden characters ">< or &. You can now use these characters
+       freely.
+
+  New features added in version 1.50
+
+    1. import() method allows all the parameters to be imported into a
+       namespace in one fell swoop.
+    2. Parameters are now returned in the same order in which they were
+       defined.
+
+  Bugs fixed in version 1.45
+
+    1. delete() method didn't work correctly. This is now fixed.
+    2. reset() method didn't allow you to set the name of the button.
+       Fixed.
+
+  Bugs fixed in version 1.44
+
+    1. self_url() didn't include the path information. This is now fixed.
+
+  New features added in version 1.43
+
+    1. Added the delete() method.
+
+  New features added in version 1.42
+
+    1. The image_button() method to create clickable images.
+    2. A few bug fixes involving forms embedded in <PRE> blocks.
+
+  New features added in version 1.4
+
+    1. New header shortcut methods
+          + redirect() to create HTTP redirection messages.
+          + start_html() to create the HTML title, complete with the
+            recommended <LINK> tag that no one ever remembers to include.
+          + end_html() for completeness' sake.
+    2. A new save() method that allows you to write out the state of an
+       script to a file or pipe.
+    3. An improved version of the new() method that allows you to restore
+       the state of a script from a file or pipe. With (2) this gives you
+       dump and restore capabilities! (Wow, you can put a "121,931
+       customers served" banner at the bottom of your pages!)
+    4. A self_url() method that allows you to create state-maintaining
+       hypertext links. In addition to allowing you to maintain the state
+       of your scripts between invocations, this lets you work around a
+       problem that some browsers have when jumping to internal links in
+       a document that contains a form -- the form information gets lost.
+    5. The user-visible labels in checkboxes, radio buttons, popup menus
+       and scrolling lists have now been decoupled from the values sent
+       to your CGI script. Your script can know a checkbox by the name of
+       "cb1" while the user knows it by a more descriptive name. I've
+       also added some parameters that were missing from the text fields,
+       such as MAXLENGTH.
+    6. A whole bunch of methods have been added to get at environment
+       variables involved in user verification and other obscure
+       features.
+
+  Bug fixes
+
+    1. The problems with the hidden fields have (I hope at last) been
+       fixed.
+    2. You can create multiple query objects and they will all be
+       initialized correctly. This simplifies the creation of multiple
+       forms on one page.
+    3. The URL unescaping code works correctly now.
-- 
cgit v1.2.1