Whats New? The Webalizer

August 26, 2013 Version 2.23-08 released. This is a maintenance release that fixes a possible buffer overflow condition in the Webalizer (DNS) Cache file manager (wcmgr). It also fixes a bug discovered in connection with the "GroupDomains" option. This version is considered the latest most stable release and users are encouraged to upgrade when possible.
April 20, 2012 Server Outage. For the past 10 years, the main Webalizer server had been co-located at AirWire.net in Florida. Unfortunately, last month (March 2012) they decided to close their doors for good, which left us looking for a new home. The server was unavilable for almost a month while new arrangements could be made to get it back online. A special thanks to everyone who wrote in with their good wishes and offers of support. A new home has been found, and hopefully we will not have to go through this again for at least another 10 years!
October 12, 2010 Version 2.23 released. This is a cleanup release that fixes a few buglets and provides a modest speed improvement as a bonus! All users are encouraged to upgrade to this release when possible. No new features have been added; see the CHANGES file for specifics.
March 31, 2009 Server Crash! At around 10:00am EST, our main server crashed due to a hard drive failure, resulting in several days of downtime until a replacement server could be obtained and configured (and the fact that the server is a good 3 hour drive away!). Actually, it is amazing that it took so long! It was a machine purchased in 1996 which had been in continuous service since that time without any significant upgrades (it was a 200Mhz pentium-pro machine with only 128Mb of memory and around 4Gb of disk space). The new server should provide a significant increase in performance and response times, however as we work the bugs out of it's configuration there may be some intermittent outages, and we do apologize for them in advance.
January 13, 2009 Version 2.21-02 released. Added yearly stat totals to the main index page which somehow did not get included in the main release. Totals will be automatically generated unless supressed via the "YearTotals" configuration option. This is still a drop in replacement for sites running 2.01, and all sites are recommended to upgrade to this release when possible.
December 15, 2008 Version 2.20-03 released. This fixes a missing memory dealocation call in the DNS lookup code, a kludge to handle largefile support in the current zlib compression code on some platforms, and some minor configure script corrections.
July 12, 2008 Version 2.20-01 has been released. This is a drop in replacement for sites running v2.01 with no additional changes required, and all users are encouraged to upgrade when possible. Many new and exciting features have been added in this release. See the CHANGES file for a list of what's been changed/added/fixed. Go to the download page to obtain a copy in your preferred format.
April 16, 2002 Version 2.01-10 has been released. This version is only a bug fix release with no new features added. It corrects some problems with extended characters, mismatched KByte totals, blank hostname weirdness and a very obscure buffer overflow. The buffer overflow was incorrectly reported to BugTraq as a remote buffer overflow that allows a root compromise. Unless you believe that any buffer overflow allows root access to a box, this is quite a stretch. Anyway, I took the opportunity to not only fix the obscure buffer overflow, but some of the other minor buglets that have surfaced in the last month or so.
December 1, 2001 I would like to thank everyone who responded to my request for help in locating a new home for the Webalizer site. I was overwhelmed with the amount of offers and support that I received, and I want everyone to know that it really is appreciated. I cannot thank everyone enough. The site was switched to it's new home at midnight last night, which was graciously donated by the fine folks over at AirWire.net. Anyone looking for a top notch facility staffed by quality professionals should give them a ring.
October 23, 2001 Version 2.01-09 has been released, which fixes several known bugs, as well as a cross-site scripting vulnerability (discovered by Flavio Veloso of Magnux Software), that could allow malicious HTML tags to be injected in the reports generated by the Webalizer. This release also includes several new and updated language files. All users are encouraged to upgrade as soon as possible.

Related Links:
Magnux Software Advisory describing the vulnerability
BugTraq Security Advisory as submitted by Magnux Software
BugTraq Vulnererability Discussion specific to the Webalizer
CERT Advisory CA-2001-02 - "Malicious HTML Tags Embedded in Client Web Requests

October 5, 2001 Notice: Webalizer versions 1.30 through 2.00 calculated timestamps in a way that cause the value to overflow on October 5th, 2001, causing the stats to 'stop' at midnight October 4th. Version 2.01 does not suffer from this problem, and has been available for over a year. If you cannot upgrade to the current version, a patch is available on the ftp site to fix the old versions.
June 15, 2001 Segfault bug discovered. There is a bug that can cause the Webalizer to crash when some malformed user agent strings are encountered. This only occurs when using a MangleAgent level of one (1).. the workaround is to change the level to anything other than one. It will be corrected in the next release. If you can't wait, a patch can be found on our ftp site.
October 8, 2000 Version 2.01 offically released. This is now the current stable release of the Webalizer and fixes all known problems as well as adding a few new features / options over the 2.00 code. Check the CHANGES file for an overview of what has changed.
July 1, 2000 I'm still alive, honest! I've just been slightly busy with a job change and relocation to a different city.. it's hard working on personal projects when you're moving furniture and trying to settle into a new job. However, the dust should soon be clearing. I've received quite a few patches that need to be merged into the main code base, such as support for IIS/W3C extended logs, fixes for the DNS code and a few other odds and ends, so be patient and the code shall soon be yours.
March 5, 2000 Version 2.00 now available for testing. This is a major upgrade that adds many new features, such as Squid proxy log support, GZip compressed log support, reverse DNS lookups, ability to display all objects on a seperate HTML page, ability to export the processed data to other programs and a lot more. Check the CHANGES file for a complete description of changes made since V1.30.
February 12, 2000 For those who have been looking for PNG support, there is a pre-release version, 1.30-05 available. This version supports PNG images, adds a few minor code tweaks and allows forcing input from standard input. A new release with additional features is in the works which will include all the above and more, so this is just a stop-gap version until a full release is ready. Source and an intel linux binary version can be found in the pre-release directory.
July 30, 1999 Just wanted everyone to know that if you have sent me any mail, patches or language updates lately, I haven't forgotten about you! My development machine took a hardware nosedive, and then was lost by the shipping company in transit back from being fixed... I have been doing everything I can to get back up to speed, but with the amount of mail that I receive in a day, not being able to read any for a couple of days on top of working on a flakey platform has pretty much swamped me... I'll get there, just give me time :) Thanks!
July 11, 1999 Version 1.30-04 released. This release fixes several small problems found, including the invalid "Error adding Search String..." error message some people were getting when using incremental mode, and a few other minor code changes. It is a drop-in replacement for 1.30-02, and all users are encouraged to upgrade.
June 30, 1999 Version 1.30 is now available. This version adds many long missing features, such as page and visit totals, entry and exit page totals, search string analysis, support for wu-ftpd type xferlogs and much more. Check the CHANGES file for additional information on changes made since version 1.22. Users who are upgrading from a previous version should read this first!
March 22, 1999 Version 1.22 is released. This version adds many new features as well as some cleaned up incremental processing code to increase reliability. See the file CHANGES for a brief summary of changes made from previous versions.
December 23, 1998 Version 1.20-11 has been released. I haven't had the time to do any new code, so this is just a bug fix release. It can be found in the Pre-Release directory. A patch for users with netscape web servers can be found there as well. It is a kludge to handle the newer servers inability to produce chronological log files.
October 30, 1998 The mrunix.net domain will be changing IP addresses and it physical location over the weekend, as a direct result of the recent activities concerning its current hosting situation (see below). Because of this, there may be some minimal downtime and/or inavilability due to IP address propagation issues.
Nov 3 - Update: The server has been moved to it's temporary home at it's new IP address. Things should settle down over the next few days.
October 17, 1998 Version 1.20-10 has been placed in the pre-release directory for general distribution and testing. It is primarly a maintenance release that corrects a few bugs and adds some changes to better support larger sites. See the CHANGES file in that directory for information on the changes made.
October 15, 1998 Today, the organization that was hosting this site, and my job, decided to close down operations. Unfortunately, this means that I'm now out of a job, and a place to host the web and ftp sites (or will be shortly). The European Mirror Site will remain available until I can re-locate.
September 12, 1998 New web site placed on line. Hopefully, things are arranged a little better so you you don't have to scroll through miles of text looking for what you want.
July 26, 1998 Version 1.20 Released. This version adds incremental processing capability, which allows the use of partial logs without the loss of statistical detail. Check the CHANGES file to see what has been changed since the last few versions.

Last modified August 26, 2013 by B. Barrett