File: Changes

package info (click to toggle)
libcgi-pm-perl 4.44-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 1,016 kB
  • sloc: perl: 5,932; makefile: 9
file content (2311 lines) | stat: -rw-r--r-- 94,967 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
4.44 2019-06-03

    [ ENHANCEMENT ]
    - Replace only use of "base" with "parent" (GH #235)

4.43 2019-05-01

    [ FIX / TESTING ]
    - support unquoted multipart/form-data name values (GH #234)

4.42 2019-03-26

    [ DOCUMENTATION ]
    - clarify licence also in Makefile.PL (GH #232)

4.41 2019-03-26

    [ DOCUMENTATION ]
    - clarify licence (GH #232)

4.40 2018-08-15

    [ FIX / TESTING ]
    - support perls < 5.10.1 in Makefile.PL by being more dynamic
      (GH #229, GH #230, thanks to Aristotle)

4.39 2018-08-13

    [ FIX / TESTING ]
    - specify CONFIGURE_REQUIRES in Makefile.PL so can use TEST_REQUIRES
      to build with older perls (GH #228)

4.38 2017-12-01

    [ TESTING ]
    - command_line.t: Avoid -I for libs (GH #224, thanks to cpansprout)

4.37 2017-11-01

    [ FIX ]
    - Fix incorrect quoting of ? in ->url (GH #112, GH #222, with
      thanks to Reuben Thomas)

4.36 2017-03-29

    [ ENHANCEMENT ]
    - Support PATCH HTTP method (thanks to GovtGeek for the... patch)
    - pass through max_age and samesite to CGI::Cookie->new in the call
      in CGI->cookie (GH #220)

    [ FIX ]
    - skip t/command_line.t on windows as it doesn't work

4.35 2016-10-13

    [ FIX ]
    - revert changes from 4.34 as they broke stuff


4.34 2016-10-13

    [ ENHANCEMENT ]
    - If running from the command line, url_param now picks up
      parameters given on then command line or on stdin (GH #210)

    [ DOCUMENTATION ]
    - documentation for above addition

4.33 2016-09-16

    [ DOCUMENTATION ]
    - clarify that ->param will return the first value if there are
      multiple values (when not called in list context)

4.32 2016-07-19

    [ DOCUMENTATION ]
    - make perldoc CGI object consistent (GH #205)
    - clarify reason for absolute URLs (GH #206)

    [ INTERNALS ]
    - tweak dependency defs in Makefile.PL (GH #207, GH #208)
    - (thanks to karenetheridge and kentfredric)

4.31 2016-06-14

    [ FEATURES ]
    - Add SameSite support to Cookie handling (thanks to pangyre)

    [ INTERNALS ]
    - The MultipartBuffer package has been renamed to CGI::MultipartBuffer.
      This has been done in a way to ensure any $MultipartBuffer package
      variables are still set correctly in CGI::MultipartBuffer. if you are
      explicitly using MultipartBuffer in a form such as:

        MultipartBuffer->new

      your code will break. you should be calling:

        CGI->new->new_MultipartBuffer( $boundary,$length );

      to ensure the correctly package is called. if you are extending the
      MultipartBuffer package though use of ISA or base (or parent) then you
      will need to update your code to use CGI::MultipartBuffer

    - fake using strict and warnings to appease CPANTS Kwalitee

    - require File::Temp v0.17+ to get seekable file handles (GH #204)

4.28 2016-03-14

    [ RELEASE NOTES ]
    - please see v4.21 Changes for any potentially impacting changes

    [ SPEC / BUG FIXES ]
    - undef %QUERY_PARAM in initialize_globals to clean mod_perl env

    [ TESTING ]
    - improve test coverage on request types (GH #199, GH #200)
    - improve test coverage on CGI::Carp

4.27 2016-03-02

    [ RELEASE NOTES ]
    - please see v4.21 Changes for any potentially impacting changes

    [ INTERNALS ]
    - fix a couple of warnings in test harness
    - add taint flag to example file_upload
    - fix a warnings in STORE subroutine

4.26 2016-02-04

    [ RELEASE NOTES ]
    - please see v4.21 Changes for any potentially impacting changes

    [ SPEC / BUG FIXES ]
    - sort HTML attributes by default (GH #106, GH #196)

    [ DOCUMENTATION ]
    - clarifications about HTML function non removal

4.25 2015-12-17

    [ RELEASE NOTES ]
    - please see v4.21 Changes for any potentially impacting changes

    [ DOCUMENTATION ]
    - fix link to CONTRIBUTING file (thanks to Manwar for the fix)
    - clarify that "soft" deprecation means that the HTML functions
      are deprecated but will not raise any deprecation warnings

    [ SPEC / BUG FIXES ]
    - make the list context warning only happen once per process (or
      thread) to prevent excessive log noise in long running or in
      persistent processes (thanks to @dadamail for the suggestion)

4.23 2015-12-17

    [ RELEASE NOTES ]
    - Documentation fixes only - please see v4.21 Changes for any potentially
      impacting changes

    [ DOCUMENTATION ]
    - add LICENSE file and LICENSE info to Makefile.PL

4.22 2015-10-16

    [ RELEASE NOTES ]
    - Documentation fixes only - please see v4.21 Changes for any potentially
      impacting changes

    [ DOCUMENTATION ]
    - fix typos in CONTRIBUTING file
    - links to docs, stackoverflow and perlmonks
    - clarify deprecation policy on HTML functions (GH #188)
    - mention HTML::Tiny in CGI::HTML::Functions (thanks to osfameron for
      the suggestion)

4.21 2015-06-16

    [ RELEASE NOTES ]
    - CGI.pm is now considered "done". See also "mature" and "legacy"
      Features requests and non-critical issues will be outright rejected.
      The module is now in maintenance mode for critical issues only.

    - This release removes the AUTOLOAD and compile optimisations from CGI.pm
      that were introduced into CGI.pm twenty (20) years ago as a response to
      its large size, which meant there was a significant compile time penalty.

    - This optimisation is no longer relevant and makes the code difficult to
      deal with as well as making test coverage metrics incorrect. Benchmarks
      show that advantages of AUTOLOAD / lazy loading / deferred compile are
      less than 0.05s, which will be dwarfed by just about any meaningful code
      in a cgi script. If this is an issue for you then you should look at
      running CGI.pm in a persistent environment (FCGI, etc)

    - To offset some of the time added by removing the AUTOLOAD functionality
      the dependencies have been made runtime rather than compile time. The
      POD has also been split into its own file. CGI.pm now contains around
      4000 lines of code, which compared to some modules on CPAN isn't really
      that much

    - This essentially deprecates the -compile pragma and ->compile method. The
      -compile pragma will no longer do anything, whereas the ->compile method
      will raise a deprecation warning. More importantly this also REMOVES the
      -any pragma because as per the documentation this pragma needed to be
      "used with care or not at all" and allowing arbitrary HTML tags is almost
      certainly a bad idea. If you are using the -any pragma and using arbitrary
      tags (or have typo's in your code) your code will *BREAK*

    - Although this release should be back compatible (with the exception of any
      code using the -any pragma) you are encouraged to test it throughly as if
      you are doing anything out of the ordinary with CGI.pm (i.e. have bugs
      that may have been masked by the AUTOLOAD feature) you may see some issues.

    - References: GH #162, GH #137, GH #164

    [ SPEC / BUG FIXES ]
    - make the list context warning in param show the filename rather than
      the package so we have more information on exactly where the warning
      has been raised from (GH #171)
    - correct self_url when PATH_INFO and SCRIPT_NAME are the same but we
      are not running under IIS (GH #176)
    - Add the multi_param method to :cgi export (thanks to xblitz for the patch
      and tests. GH #167)
    - Fix warning for lack of HTTP_USER_AGENT in CGI::Carp (GH #168)
    - Fix imports when called from CGI::Fast, restores the import of CGI functions
      into the callers namespace for users of CGI::Fast (GH leejo/cgi-fast#11 and
      GH leejo/cgi-fast#12)
    - Fix regression of tmpFileName when calling with a plain string (GH #178,
      thanks to Simon McVittie for the report and fix)

    [ FEATURES ]
    - CGI::Carp now has $CGI::Carp::FULL_PATH for displaying the full path to the
      offending script in error messages
    - CGI now has env_query_string() for getting the value of QUERY_STRING from
      the environment and not that fiddled with by CGI.pm (which is what
      query_string() does) (GH #161)
    - CGI::ENCODE_ENTITIES var added to control which chracters are encoded by
      the call to the HTML::Entities module - defaults to &<>"' (GH #157 - the
      \x8b and \x9b chars have been removed from this list as we are concerned
      more about unicode compat these days than old browser support.)

    [ DOCUMENTATION ]
    - Fix some typos (GH #173, GH #174)
    - All *documentation* for HTML functionality in CGI has been moved into
      its own namespace: CGI::HTML::Functions - although the functionality
      continues to exist within CGI.pm so there are no code changes required
      (GH #142)
    - Add missing documentation for env variable fetching routines (GH #163)

    [ TESTING ]
    - Increase test coverage (GH #3)

    [ INTERNALS ]
    - Cwd made a TEST_REQUIRES rather than a BUILD_REQUIRES in Makefile.PL
      (GH #170)
    - AutoloadClass variables have been removed as AUTOLOAD was removed in
      v4.14 so these are no longer necessary (GH #172 thanks to alexmv)
    - Remove dependency on constant - internal DEBUG, XHTML_DTD and EBCDIC
      constants changes to $_DEBUG, $_XHTML_DTD, and $_EBCDIC

4.13 2014-12-18

    [ RELEASE NOTES ]
    - CGI::Pretty is now DEPRECATED and will be removed in a future release.
      Please see GH #162 (https://github.com/leejo/CGI.pm/issues/162) for more
      information and discussion (also GH #140 for HTML function deprecation
      discussion: https://github.com/leejo/CGI.pm/issues/140)

    [ TESTING ]
    - fix t\rt-84767.t for failures on Win32 platforms related to file paths

4.11 2014-12-02

    [ SPEC / BUG FIXES ]
    - more hash key ordering bugs fixed in HTML attribute output (GH #158,
      thanks to Marcus Meissner for the patch and test case)

    [ REFACTORING ]
    - escapeHTML (and unescapeHTML) have been refactored to use the functions
      exported by the HTML::Entities module (GH #157)
    - change BUILD_REQUIRES to TEST_REQUIRES in Makefile.PL as these are test
      dependencies not build dependencies (GH #159)

    [ DOCUMENTATION ]
    - replace any remaining uses of indirect object notation (new Object) with
      the safer Object->new syntax (GH #156)

4.10 2014-11-27

    [ SPEC / BUG FIXES ]
    - favour -content-type arg in header if -type and -charset options are also
      passed in (GH #155, thanks to kaoru for the test case). this change also
      sorts the hash keys in the rearrange method in CGI::Util meaning the order
      of the arrangement will always be the same for params that have multiple
      aliases. really you shouldn't be passing in multiple aliases, but this will
      make it consistent should you do that

    [ DOCUMENTATION ]
    - fix some typos

4.09 2014-10-21

    [ RELEASE NOTES ]
    - with this release the large backlog of issues against CGI.pm has been
      cleared. All fixes have been made in the versions 4.00 and above so if
      you are upgrading from 3.* you should thoroughly test your code against
      recent versions of CGI.pm
    - an effort has been made to retain back compatibility against previous
      versions of CGI.pm for any fixes made, however some changes related to
      the handling of temporary files may have consequences for your code
    - please refer to the RELEASE NOTES for version 4.00 and above for all
      recent changes and file an issue on github if there has been a regression.
    - please do *NOT* file issues regarding HTML generating functions, these
      are no longer being maintained (see perldoc for rationale)

    [ SPEC / BUG FIXES ]
    - tweak url to DTRT when the web server is IIS (RT #89827 / GH #152)
    - fix temporary file handling when dealing with multiple files in MIME uploads
      (GH #154, thanks to GeJ for the test case)

4.08 2014-10-18

    [ DOCUMENTATION ]
    - note that calling headers without a -charset may lead to a nonsensical
      charset being added to certain content types due to the default and the
      workaround
    - remove documentation stating that calls to escapeHTML with a changed
      charset force numeric encoding of all characters, because that does not
      happen
    - documentation tweaks for calling param() in list context and the addition
      of multi_param()

    [ SPEC / BUG FIXES ]
    - don't sub out PATH_INFO in url if PATH_INFO is the same as SCRIPT_NAME
      (RT #89827)
    - add multi_param() method to allow calling of param() in list context
      without having to disable the $LIST_CONTEXT_WARN flag (see RELEASE NOTES
      for version 4.05 on why calling param() in list context could be a bad
      thing)

4.07 2014-10-12

    [ RELEASE NOTES ]
    - please see changes for v4.05

    [ TESTING ]
    - typo and POD fixes, add test to check POD and compiles

4.06 2014-10-10

    [ RELEASE NOTES ]
    - please see changes for v4.05

    [ DOCUMENTATION ]
    - make warning on list context call of ->param more lenient and don't
      warn if called with no arguments

4.05 2014-10-08

    [ RELEASE NOTES ]
    - this release includes *significant* refactoring of temporary file
      handling in CGI.pm. See "Changes in temporary file handling" in perldoc

    - this release adds a warning for when the param method is called
      in list context, see the Warning in the perldoc for the section
      "Fetching the value or values of a single named parameter" for why
      this has been added and how to disable this warning

    [ DOCUMENTATION ]
    - change AUTHOR INFORMATION to LICENSE to please Kwalitee

    [ TESTING ]
    - t/arbitrary_handles.t to check need for patch in RT #54055, it
      turns out there is no need - the first argument to CGI->new can
      be an arbitrary handle
    - add test case for incorrect unescaping of redirect headers
      (RT #61120)
    - add tests for the handle method (RT #85074, thanks to TONYC@cpan.org)

    [ SPEC / BUG FIXES ]
    - don't set binmode on STDOUT/STDERR/STDIN if a none standard layer
      is already set on them on none UNIX platforms (RT #57524)
    - make XForms:Model data accesible through POSTDATA/PUTDATA param
      (RT #75628)
    - prevent corruption of POSTDATA/PUTDATA when -utf8 flag is used and use
      tempfiles to handle this data (RT #79102, thanks anonymous)
    - unescape request URI *after* having removed the query string to prevent
      removal of ? chars that are part of the original URI (and were encoded)
      (RT #83265)
    - fix q( to qq( in CGI::Carp so $@ is correct interpolated (RT #83360)
    - don't call ->query_string in url unless -query is passed (RT #87790)
      (optimisation and fits the current documented behaviour)

4.04 2014-09-04

    [ RELEASE NOTES ]
    - this release removes some long deprecated modules/functions and
      includes refactoring to the temporary file handling in CGI.pm. if
      you are doing anything out of the ordinary with regards to temp
      files you should test your code before deploying this update as
      temp files may no longer be stored in previously used locations

    [ REMOVED / DEPRECATIONS ]
    - startform and endform methods removed (previously deprecated, you
      should be using the start_form and end_form methods)
    - both CGI::Apache and CGI::Switch have been removed as these modules
      1) have been deprecated for *years*, and 2) do nothing whatsoever

    [ SPEC / BUG FIXES ]
    - handle multiple values in X-Forwarded-Host header, we follow the
      logic in most other frameworks and take the last value from the list
      (RT #54487)
    - reverse the order of TEMP dir placement for WINDOWS: TEMP > TMP > WINDIR
      (RT #71799, thanks to jeff@math.tntech.edu), this returns the behaviour
      to pre e24d04e9bc5fda7722444b02fec135d8cc2ff488 but with the undefined
      fix still in place
    - refactor CGITempFile::find_tempdir to use File::Spec->tmpdir
      (related: RT #71799)
    - fix warnings when QUERY_STRING has empty key=value pairs (RT #54511)
    - pad custom 500 status response messages to > 512 for MSIE (RT #81946)
    - make Vars tied hash delete method return the value deleted from the hash
      making it act like perl's delete (RT #51020)

    [ TESTING ]
    - add .travis.yml (https://travis-ci.org)
    - test case for RT #53966 - disallow filenames with ~ char
    - test case for RT #55166 - calling Vars to get the filename does not return
      a filehandle, so this cannot be used in the call to uploadinfo, also
      update documentation for the uploadInfo to show that ->Vars should not be
      used to get the filename for this method
    - fix t/url.t to pass on Win32 platforms that have the SCRIPT_NAME env
      variable set (RT #89992)
    - add procedural call tests for upload and uploadInfo to confirm these work
      as should (RT #91136)

    [ DOCUMENTATION ]
    - tweak perldoc for -utf8 option (RT #54341, thanks to Helmut Richter)
    - explain the HTML generation functions should no longer be used and that
      they may be deprecated in a future release

4.03 2014-07-02

    [ REMOVED / DEPRECATIONS ]
    - the -multiple option to popup_menu is now IGNORED as this did not
      function correctly. If you require a menu with multiple selections
      use the scrolling_list method. (RT #30057)

    [ SPEC / BUG FIXES ]
    - support redirects in mod_perl2, or fall back to using env variable
      for up to 5 redirects, when getting the query string (RT #36312)
    - CGI::Cookie now correctly supports the -max-age argument, previously
      if this was passed the value of the -expires argument would be used
      meaning there was no way to supply *only* this argument (RT #50576)
    - make :all actually import all methods, except for :cgi-lib, and add
      :ssl to the :standard import (RT #70337)

    [ DOCUMENTATION ]
    - clarify documentation regarding query_string method (RT #48370)
    - links fixed in some perldoc (Thanks to Michiel Beijen)

    [ TESTING ]
    - add t/changes.t for testing this Changes file
    - test case for RT #31107 confirming multipart parsing is to spec
    - improve t/rt-52469.t by adding a timeout check

4.02 2014-06-09

    [ NEW FEATURES ]
    - CGI::Carp learns noTimestamp / $CGI::Carp::NO_TIMESTAMP to prevent
      timestamp in messages (RT #82364, EDAVIS@cpan.org)
    - multipart_init and multipart_start learn -charset option (RT #22737)

    [ SPEC / BUG FIXES ]
    - Support multiple cookies when passing an ARRAY ref with -set-cookie
      (RT #15065, JWILLIAMS@cpan.org)

    [ DOCUMENTATION ]
    - Made licencing information consistent and remove duplicate comments
      about licence details, corrected location to report bugs (RT #38285)

4.01 2014-05-27

    [ DOCUMENTATION ]
    - CGI.pm hasn't been removed from core *just* yet, but will be soon:
      http://perl5.git.perl.org/perl.git/commitdiff/e9fa5a80 

4.00 2014-05-22

    [ INTERNALS ]
    - CGI::Fast split out into its own distribution, related files and tests removed
    - developer test added for building with perlbrew

    [ DOCUMENTATION ]
    - Update perldoc to explain that CGI.pm has been removed from perl core
    - Make =head2 perldoc less shouty (RT #91140)
    - Tickets migrated from RT to github issues (both CGI and CGI.pm distributions)
    - Repointing bugtracker at newly forked github repo and note that Lee Johnson
      is the current maintainer.
    - Bump version to 4.00 for clear boundary of above changes

Version 3.65 Feb 11, 2014

    [INTERNALS]
    - Update Makefile to refine where CGI.pm gets installed 
      (Thanks to bingo, rjbs: https://github.com/markstos/CGI.pm/pull/30)

Version 3.64 Nov 23, 2013

    [BUG FIXES]
    - Avoid warning about "undefined variable in user_agent in some cases (RT#72882)

    [INTERNALS]
    - Avoiding warning about "unitialized value" in when calling user_agent() in some cases. (RT#72882, perl@max-maurer.de)
    - Update minimum required version in Makefile.PL to 5.8.1. It had already been
      updated to 5.8.1 in the CGI.pm module in 3.53.
    - Fix POD errors reported by newer pod2man (Thanks to jmdh)
    - Typo fixes, (dsteinbrunner).
    - use deprecate.pm on perls 5.19.0 and later. (rjbs).

    [DOCUMENTATION]    
    - Update CGI::Cookie docs to reflect that HttpOnly is widely supported now.


Version 3.63 Nov 12, 2012

    [SECURITY]
    - CR escaping for Set-Cookie and P3P headers was improved. There was potential
      for newline injection in these headers. 
      (Thanks to anazawa, https://github.com/markstos/CGI.pm/pull/23)

Version 3.62, Nov 9th, 2012

    [INTERNALS]
    - Changed how the deprecated endform function was defined for compatibility
      with the development version of Perl. 
    - Fix failures in t/tmpdir.t when run as root
      https://github.com/markstos/CGI.pm/issues/22, RT#80659)

    - Made it possible to force a sorted order for things like hash
      attributes so that tests are not dependent on a particular hash
      ordering. This will be required in modern perls which will
      change the ordering per process. (Yves, RT#80659)

Version 3.61 Nov 2nd, 2012

  (No code changes)

  [INTERNALS]
   - formatting of CGI::Carp documentation was improved. Thanks to benkasminbullock.
   - un-TODO some tests in t/tmpdir.t that were passing in most cases. 
     More on this:
       https://github.com/markstos/CGI.pm/issues/19#
       https://github.com/markstos/CGI.pm/commit/cc73dc9807b0fabb56b3cdf1a9726588b2eda0f7

Version 3.60 Aug 15th, 2012

  [BUG FIXES]  
  - In some caes, When unescapeHTML() hit something it didn't recognize with an ampersand and
    and semicolon, it would throw away the semicolon and ampersand. It now does a better job.
    of preserving content it doesn't recognize. Thanks to CEBJYRE@cpan.org (RT#75595)
  - Remove trailing newline after <form> tag inserted by startform and start_form. It can
    cause rendering problems in some cases. Thanks to SJOHNSTON@cpan.org (RT#67719)
  - Workaround "Insecure Dependency" warning generated by some versions of Perl (RT#53733).
    Thanks to degatcpan@ntlworld.com, klchu@lbl.gov and Anonymous Monk 

  [DOCUMENTATION] 
  - Clarify that when -status is used, the human-readable phase should be included, per RFC 2616.
    Thanks to SREZIC@cpan.org (RT#76691). 

  [INTERNALS]
  - More tests for header(), thanks to Ryo Anazawa.
  - t/url.t has been fixed on VMS. Thanks to cberry@cpan.org (RT#72380)
  - MANIFEST patched so that t/multipart_init.t is included again. Thanks to shay@cpan.org (RT#76189)

Version 3.59 Dec 29th, 2011

 [BUG FIXES]
 - We no longer read from STDIN when the Content-Length is not set, preventing
   requests with no Content-Length from freezing in some cases. This is consistent
   with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old
   behavior may have been expected by some command-line uses of CGI.pm.
   Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details:
   https://rt.cpan.org/Public/Bug/Display.html?id=52469

 [INTERNALS]
 - remove tmpdirs more aggressively. Thanks to rjbs (RT#73288)
 - use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio.
 - remove use of define(@arr). Thanks to rjbs.
 - spelling fixes. Thanks to Gregor Herrmann and Alessandro Ghedini.
 - fix test count and warning in t/fast.t. Thanks to Yanick.

Version 3.58 Nov 11th, 2011

    [DOCUMENTATION]
    - Clarify that using query_string() only has defined behavior when using the GET method. (RT#60813)

Version 3.57 Nov 9th, 2011
    [INTERNALS]
    - test failure in t/fast.t introduced in 3.56 is fixed. (Thanks to zefram and chansen).
    - Test::More requirement has been bumped to 0.98

Version 3.56 Nov 8th, 2011

    [SECURITY]
    Use public and documented FCGI.pm API in CGI::Fast
        CGI::Fast was using an FCGI API that was deprecated and removed from
        documentation more than ten years ago. Usage of this deprecated API with
        FCGI >= 0.70 or FCGI <= 0.73 introduces a security issue.
        <https://rt.cpan.org/Public/Bug/Display.html?id=68380>
        <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766>
        (Thanks to chansen)

    [INTERNALS]
    - tmp files are now cleaned up on VMS ( RT#69210, thanks to cberry@cpan.org )
    - Fixed test failure: done_testing() added to url.t (Thanks to Ryan Jendoubi)
    - Clarify preferred bug submission location in docs, and note that Mark Stosberg
      is the current maintainer.

Version 3.55 June 3rd, 2011

    [THINGS THAT MAY BREAK YOUR CODE]
    url() was fixed to return "PATH_INFO" when it is explicitly requested 
    with either the path=>1 or path_info=>1 flag. 

    If your code is running under mod_rewrite (or compatible) and you are calling self_url() or
    you are calling url() and passing path_info=>1, These methods will actually be
    returning PATH_INFO now, as you have explicitly requested, or has self_url()
    has requested on your behalf.

    The PATH_INFO has been omitted in such URLs since the issue was introduced
    in the 3.12 release in December, 2005. 

    This bug is so old your application may have come to depend on it or
    workaround it. Check for application before upgrading to this release. 

    Examples of affected method calls:

     $q->url(-absolute => 1, -query => 1, -path_info => 1 ) 
     $q->url(-path=>1)
     $q->url(-full=>1,-path=>1) 
     $q->url(-rewrite=>1,-path=>1)
     $q->self_url();

Version 3.54, Apr 28, 2011
   No code changes

   [INTERNALS]
   - Address test failures in t/tmpdir.t, thanks to Niko Tyni.
     Some tests here are failing on some platforms and have been marked as TODO.

Version 3.53, Apr 25, 2011
  
  [NEW FEATURES]
  - The DELETE HTTP verb is now supported. 
    (RT#52614, James Robson, Eduardo Ari�o de la Rubia) 

  [INTERNALS]  
  - Correct t/tmpdir.t MANIFEST entry. (RT#64949)
  - Update minimum required Perl version to be Perl 5.8.1, which
    has been out since 2003. This allows us to drop some hacks
    and exceptions (Mark Stosberg)

Version 3.52, Jan 24, 2011
  
  [DOCUMENTATION]
  - The documentation for multi-line header handling was been updated to reflect
    the changes in 3.51. (Mark Stosberg, ntyni@iki.fi) 

  [INTERNALS]
  - Add missing t/tmpfile.t file. (RT#64949)  
  - Fix warning in t/cookie.t (RT#64570, Chris Williams, Rainer Tammer, Mark Stosberg)     
  - Fixed logic bug in t/multipart_init.t (RT#64261, Niko Tyni)

Version 3.51, Jan 5, 2011

  [NEW FEATURES]  
  - A new option to set $CGI::Carp::TO_BROWSER = 0, allows you to explicitly  
    exclude a particular scope from triggering printing to the browser when
    fatatlsToBrowser is set. (RT#62783, Thanks to papowell) 
  - The <script> tag now supports the "charset" attribute. 
    (RT#62907, Thanks to Fabrice Metge)
  - In CGI::Cookie, "Max-Age" is now supported for better spec compliance. 
    (Mark Stosberg)

  [BUG FIXES]  
  - Setting charset() now works for all content types, not just "text/*". 
    (RT#57945, Thanks to Yanick and Gerv.)
  - support for user temporary directories ($HOME/tmp) was commented out
    in 2.61 but the documentation wasn't updated (Peter Gervai, Niko Tyni)
  - setting $CGITempFile::TMPDIRECTORY before loading CGI.pm has been
    working but undocumented since 3.12 (which listed it in Changes as
    $CGI::TMPDIRECTORY) (Peter Gervai, Niko Tyni)
  - unfortunately the previous change broke the runtime check for looking
    for a new temporary directory if the current one suddenly became
    unwritable (Peter Gervai, Niko Tyni)
  - A bug was fixed in CGI::Carp triggered by certain death cases in
    the BEGIN phase of parent classes. 
    (RT#57224, Thanks to UNERA, Yanick Champoux, Mark Stosberg)
  - CGI::Cookie->new() now follows the documentation and returns undef 
    if the -name and -value args aren't provided. This new behavior is also
    consistent with the docs and code of CGI::Simple::Cookie. (Mark Stosberg)
  - CGI::Cookie->parse() now trims leading and trailing whitespace from cookie  
    elements as intended. The change also makes this part of the parsing 
    identical to CGI::Simple::Cookie (Mark Stosberg) 
  - Temp file handling was improved (RT#62762)  

  [SECURITY]
  - Further improvements have been made to guard against newline injections
    in headers. (Thanks to Max Kanat-Alexander, Yanick Champoux, Mark Stosberg)

  [PERFORMANCE]
  - Make EBCDIC a compile-time constant so there's zero overhead (and less
    compiled code) in subroutines that test for it. (Tim Bunce) 
  - If you just want to use CGI::Cookie, CGI.pm will no longer be loaded
    unless you call the bake() method, which requires it. (Mark Stosberg)

  [DOCUMENTATION]
  - quit referring to the <link> tag as being "rarely used".  (Victor Sanders)
  - typo and whitespace fixes (RT#62785, thanks to  scop@cpan.org) 
  - The -dtd argument to start_html() is now documented 
    (RT#60473, Thanks to giecrilj and steve@fisharerojo.org) 
  - CGI::Carp doc are updated to reflect that it can work with mod_perl 2.0. 
  - when creating a temporary file in the directory fails, the error message
    could indicate the root of the problem better (Peter Gervai, Niko Tyni)

  [INTERNALS]
  - Re-fixing https test in http.t. (RT#54768, thanks to SPROUT)
  - param_fetch no longer triggers a warning when called with no arguments (ysth, Mark Stosberg)

Version 3.50, Nov 8, 2010
  
  [SECURITY]
  1. The MIME boundary in multipart_init is now random. 
     Thanks to Byron Jones, Masahiro Yamada, Reed Loden, and  Mark Stosberg
  2. Further improvements to handling of newlines embedded in header values. 
     An exception is thrown if header values contain invalid newlines. 
     Thanks to Michal Zalewski, Max Kanat-Alexander, Yanick Champoux,
     Lincoln Stein, Fr�d�ric Buclin and Mark Stosberg

  [DOCUMENTATION]
  1. Correcting/clarifying documentation for param_fetch(). Thanks to 
        Ren�e B�cker. (RT#59132)

  [INTERNALS]
  1. Fixing https test in http.t. (RT#54768)
  2. Tests were added for multipart_init(). Thanks to Mark Stosberg and CGI::Simple. 

Version 3.49, Feb 5th, 2010

  [BUG FIXES]
  1. Fix a regression since 3.44 involving a case when the header includes "Content-Length: 0". 
     Thanks to Alex Vandiver (RT#51109)
  2. Suppress uninitialized warnings under -w. Thanks to burak.  (RT#50301)
  3. url() now uses virtual_port() instead of server_port(). Thanks to MKANAT and Yanick Champoux. (RT#51562)
  4. CGI::Carp now properly handles stringifiable objects, like Exception::Class throws (RT#39904)

  [SECURITY]
  1. embedded newlines are now filtered out of header values in header(). 
     Thanks to Mark Stosberg and Yanick Champoux.

  [DOCUMENTATION]
  1. README was updated to reflect that CGI.pm was moved under ./lib. 
     Thanks to Alex Vandiver.

  [INTERNALS]
  1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)
  2. Attempt to avoid test failures with t/fast, thanks to Steve Hay. (RT#49599)

Version 3.48, Sep 25, 2009

  [BUG FIXES]
  1. <optgroup> default values are now properly escaped.
     Thanks to #raleigh.pm and Mark Stosberg. (RT#49606)
  2. The change to exception handling in CGI::Carp introduced in 3.47 has been
     reverted for now. It caused regressions reported in RT#49630. 
     Thanks to mkanat for the report.

  [DOCUMENTATION]
  1. Documentation for upload() has been overhauled, thanks to Mark Stosberg. 
  2. Documentation for tmpFileName has been added. Thanks to Mark Stosberg and Nathaniel K. Smith.
  3. URLS were updated, thanks to Leon Brocard and Yanick Champoux. (RT#49770)

  [INTERNALS]
  1. More tests were added for autoescape, thanks to Bob Kuo. (RT#25485)

Version 3.47,  Sep 9, 2009

  No code changes. 

  [INTERNALS]
    Re-release of 3.46, which did not contain a proper MANIFEST

Version 3.46

  [BUG FIXES]
  1. In CGI::Pretty, we no longer add line breaks after tags we claim not to format. Thanks to rrt, Bob Kuo and
     and Mark Stosberg. (RT#42114).
  2. unescapeHTML() no longer falsely recognizes certain text as entities. Thanks to Pete Gamanche, Mark Stosberg
     and Bob Kuo. (RT#39122)
  3. checkbox_group() now correctly includes a space before the "checked" attribute.
     Thanks to Andrew Speer and Bob Kuo. (RT#36583)
  4. Fix case-sensitivity in http() and https() according to docs. Make https()
     return list of keys in list context. Thanks to riQyRoe and Rhesa Rozendaal. (RT#12909)
  5. XHTML is now automatically disabled for HTML 4, as well as HTML 2 and HTML 3. Thanks to
     Dan Harkless and Yanick Champoux. (RT#27907)
  6. Pre-compiling 'end_form' with ':form' switch now works. Thanks to ryochin and Yanick Champoux. (RT#41530)
  7. Empty name/values pairs are now properly saved and restored from filehandles. Thanks to rlucas and
     Rhesa Rozendaal (RT#13158)
  8. Some differences between startform() and start_form() have been fixed. Thanks to Slaven Rezic and
     Shawn Corey. (RT#22046)
  9. url_param() has been updated to be more consistent with the documentation and param().
     Thanks to Britton Kerin and Yanick Campoux. (RT#43587)
  10.hidden() now correctly supports multiple default values.
     Thanks to david@dierauer.net and Russell Jenkins. (RT#20436)
  11.Calling CGI->new() no longer clobbers the value of $_ in the current scope.
     Thanks to Alexey Tourbin, Bob Kuo and Mark Stosberg. (RT#25131)
  12.UTF-8 params should not get double-decoded now.
     Thanks to Yves, Bodo, Burak G�rsoy, and Michael Schout. (RT#19913)
  13.We now give objects passed to CGI::Carp::die a chance to be stringified.
     Thanks to teek and Yanick Champoux (RT#41530)
  14.Turning off autoEscape() now only affects the behavior of built-in HTML
     generation fuctions. Explicit calls to escapeHTML() always escape HTML regardless
     of the setting. Thanks to vindex, Bob Kuo and Mark Stosberg (RT#40748)
  15.In CGI::Fast, preferences set via pragmas are now preserved.
     Thanks to heinst and Mark Stosberg (RT#32119)

  [DOCUMENTATION]
  1. remote_addr() is now documented. Thanks to Yanick Champoux. (RT#38884)
  2. In CGI::Pretty in the list of tags left unformatted was updated to match the code. Thanks to Mark Stosberg. (RT#42114)
  3. In CGI::Pretty, performance concerns are now documented. Thanks to Jochen, Rhesa Rozendaal and Mark Stosberg (RT#13223)
  4. A number of outdated Netscape references have been removed. Thanks to Mark Stosberg.
  5. The documentation has been purged of examples of using indirect object notation. Thanks to Mark Stosberg.
  6. Some POD formatting was fixed. Thanks to Dave Mitchell (RT#48935).
  7. Docs and examples were updated to highlight start_form instead of startform.
     Thanks to Slaven Rezic.
  8. Note that CGI::Carp::carpout() doesn't work with in-memory filehandles. 
     Thanks to rhubbell and Mark Stosberg. 
  9. The documentation for the -newstyle_urls is now less confusing.
     Thanks to Ryan Tate and Mark Stosberg (RT#49454)

  [INTERNALS]
  1. Quit bundling an ancient copy of Test::More and and using a custom 'lib' path for the tests. Instead, Test::More
     is now a dependency. Thanks to Ansgar and Mark Stosberg (RT#48811)
  2. Automated tests for hidden() have been added, thanks to Russel Jenkins and Mark Stosberg (RT#20436)
  3. t/util.t has been updated to use Test::More instead of a home-grown test function. Thanks to Bob Kuo.

Version 3.45, Aug 14, 2009

  [BUG FIXES]
  1. Prevent warnings about "uninitialized values" for REQUEST_URI, HTTP_USER_AGENT and other environment variables.
     Patches by Callum Gibson, heiko and Mark Stosberg. (RT#24684, RT#29065)
  2. Avoid death in some cases when running under Taint mode on Windows.
     Patch by Peter Hancock (RT#43796)
  3. Allow 0 to be used as a default value in popup_menu(). This was broken starting in 3.37.
     Thanks to Haze, who was the first to report this and supply a patch, and pfschill, who pinpointed
     when the bug was introduced. A regression test for this was also added. (RT#37908)
  4. Allow "+" as a valid character in file names, which fixes temp file creation on OS X Leopard.
     Thanks to Andy Armstrong, and alech for patches. (RT#30504)
  5. Set binmode() on the Netware platform, thanks to Guenter Knauf (RT#27455)
  6. Don't allow a CGI::Carp error handler to die recursively. Print a warning and exit instead.
     Thanks to Marc Chantreux. (RT#45956)
  7. The Dump() method now is fixed to escape HTML properly. Thanks to Mark Stosberg (RT#21341)
  8. Support for <optgroup> with scrolling_list() now works the same way as it does for popup_menu().
     Thanks to Stuart Johnston (RT#30097)
  9. CGI::Pretty now works properly when $" is set to ''. Thanks to Jim Keenan (RT#12401)
 10. Fix crash when used in combination with PerlEx::DBI. Thanks to Burak G�rsoy (RT#19902)

  [DOCUMENTATION]
  1. Several typos were fixed, Thanks to ambs. (RT#41105)
  2. A typo related to the nosticky pragma was fixed, thanks to Britton Kerin. (RT#43220)
  3. examples/nph-clock.cgi is now more portable, by calling localtime() rather than `/bin/date`,
     thanks to Guenter Knauf. (RT#27456).
  4. In CGI::Carp, the SEE ALSO section was cleaned up, thanks to Slaven Rezic. (RT#32769)
  5. The docs for redirect() were updated to reflect that most headers are
     ignored during redirection. Thanks to Mark Stosberg (RT#44911)

  [INTERNALS]
  1. New t/unescapeHTML.t test script has been added. It includes a TODO test for a pre-existing
     bug which could use a patch. Thanks to Pete Gamache and Mark Stosberg (RT#39122)
  2. New test scripts have been added for user_agent(), popup_menu() and query_string(), scrolling_list() and Dump()
     Thanks to Mark Stosberg and Stuart Johnston. (RT#37908, RT#43006, RT#21341, RT#30097)
  3. CGI::Carp and CGI::Util have been updated to have non-developer version numbers.
     Thanks to Slaven Rezic. (RT#48425)
  4. CGI::Switch and CGI::Apache now properly set their VERSION in their own name space.
     Thanks to Alexey Tourbin (RT#11941,RT#11942)

Version 3.44, Jul 30, 2009

  1. Patch from Kurt Jaeger to allow HTTP PUT even if the content length is unknown.
  2. Patch from Pavel merdin to fix a problem for one of the FireFox addons.
  3. Fixed issue in mod_perl & fastCGI environment of cookies returned from
     CGI->cookie() leaking from one session to another.

Version 3.43, Apr 06, 2009

  1. Documentation patch from MARKSTOS@cpan.org to replace all occurrences of
  "new CGI" with CGI->new()" to reflect best perl practices.
  2. Patch from Stepan Kasal to fix utf-8 related problems in perl 5.10

Version 3.42, Sep 08, 2008

  1. Added patch from Renee Baecker that makes it possible to subclass
  CGI::Pretty.
  2. Added patch from Nicholas Clark to allow ~ characters in temporary directories.
  3. Added patch from Renee Baecker that fixes the inappropriate escaping of fields
     in multipart headers.

Version 3.41, Aug 25, 2008

  1. Fix url() returning incorrect path when query string contains escaped newline.
  2. Added additional windows temporary directories and environment variables, courtesy patch from Renee Baecker
  3. Added a handle() method to the lightweight upload
  filehandles. This method returns a real IO::Handle object.
  4. Added patch from Tony Vanlingen to fix deep recursion warnings in CGI::Pretty.

Version 3.40, Aug 06, 2008

  1. Fixed CGI::Fast docs to eliminate references to a "special"
  version of Perl.
  2. Makefile.PL now depends on FCGI so that CGI::Fast installs properly.
  3. Fix script_name() call from Stephane Chazelas.

Version 3.39, Jun 29, 2008

  1. Fixed regression in "exists" function when using tied interface to CGI via $q->Vars.

Version 3.38, Jun 25, 2008

  1. Fix annoying warning in http://rt.cpan.org/Ticket/Display.html?id=34551
  2. Added nobr() function http://rt.cpan.org/Ticket/Display.html?id=35377
  3. popup_menu() allows multiple items to be selected by default, satisfying
   http://rt.cpan.org/Ticket/Display.html?id=35376
  4. Patch from Renee Backer to avoid doubled <http-equiv> headers.
  5. Fixed documentation bug that describes what happens when a
  parameter is empty (e.g. "?test1=").
  6. Fixed minor warning described at http://rt.cpan.org/Public/Bug/Display.html?id=36435
  7. Fixed overlap of attribute and parameter space described in http://rt.perl.org/rt3//Ticket/Display.html?id=24294

Version 3.37, Apr 22, 2008

  1. Fix pragmas so that they persist over modperl invocations (e.g. RT 34761)
  2. Fixed handling of chunked multipart uploads; thanks to Michael Bernhardt
     who reported and fixed the problem.

Version 3.36

  1. Fix CGI::Cookie to support cookies that are separated by "," instead of ";".

Version 3.35, Mar 27, 2008

  1. Resync with bleadperl, primarily fixing a bug in parsing semicolons in uploaded filenames.

Version 3.34, Mar 18, 2008

  1. Handle Unicode %uXXXX  escapes properly -- patch from DANKOGAI@cpan.org
  2. Fix url() method to not choke on path names that contain regex characters.

Version 3.33, Jan 02, 2008

  1. Remove uninit variable warning when calling url(-relative=>1)
  2. Fix uninit variable warnings for two lc calls
  3. Fixed failure of tempfile upload due to sprintf() taint failure in perl 5.10

Version 3.32, Dec 27, 2007

  1. Patch from Miguel Santinho to prevent sending premature headers under mod_perl 2.0

Version 3.31, Nov 30, 2007

  1. Patch from Xavier Robin so that CGI::Carp issues a 500 Status code rather than a 200 status code.
  2. Patch from Alexander Klink to select correct temporary directory in OSX Leopard so that upload works.
  3. Possibly fixed "wrapped pack" error on 5.10 and higher.

Version 3.30 

  1. Patch from Mike Barry to handle POSTDATA in the same way as PUT.
  2. Patch from Rafael Garcia-Suarez to correctly reencode unicode values as byte values.

Version 3.29, Apr 16, 2007

  1. The position of file handles is now reset to zero when CGI->new is called.
    (Mark Stosberg)
  2. uploadInfo() now works across multiple object instances. Also, the first
     tests for uploadInfo() were added as part of the fix. (CPAN bug 11895, with
     contributions from drfrench and Mark Stosberg).

Version 3.28, Mar 29, 2007

  1. Applied patch from Allen Day that makes Cookie parsing RFC2109 compliant
	(attribute/values can be separated by commas as well as semicolons).
  2. Applied patch from Stephan Struckmann that allows script_name() to be set correctly.
  3. Fixed problem with url(-full) in which port number appears twice.

Version 3.27, Feb 27, 2007

  1. Applied patch from Steve Taylor that allows checkbox_groups to be
  disabled with a new -disabled=> option.

Version 3.26

  1. Fixed alternate stylesheet behavior so that it is insensitive to order of declarations.
  2. Patch from John Binns to allow users to provide a callback to CGI::Carp.
  3. Added "~" as an unreserved character in escape().
  4. Patch from Chris Fedde to prevent HTTP_HOST from inhibiting SERVER_PORT in url() generation.
  5. Fixed outdated documentation (and behavior) of -language in start_html -script option.
  6. Fixed bug in seconds calculation in CGI::Util::expire_calc.

Version 3.25, Sep 28, 2006

  1. Fixed the link to the Netscape frames page.
  2. Added ability to specify an alternate stylesheet.
  3. Add support for XForms POST submssion both as application/xml or as multipart/related

Version 3.24

  1. In startform(), if request_uri() returns undef, then falls back
  to self_url(). This should rarely happen except when run outside of
  the CGI environment.
  2. image button alignment options were mistakenly being capitalized, causing xhtml validation to fail.

Version 3.23, Aug 23, 2006

  1. Typo in upload() persisted, now fixed for real. Thanks to
  Emanuele Zeppieri for correct patch and regression test.

Version 3.22, Aug 23, 2006

  1. Typo in upload() function broke uploads. Now fixed (CPAN bug 21126).

Version 3.21, Aug 21, 2006

  1. Don't try to read data at all when POST > $POST_MAX.
  2. Fixed bug that caused $cgi->param('name',undef,'value') to unset param('name') entirely.
  3. Fixed bug in which upload() sometimes returns empty. (CPAN bug #12694).
  4. Incorporated patch from BURAK@cpan.org to support HTTPcookies (CPAN bug 21019).

Version 3.20

  1. Patch from David Wheeler for CGI::Cookie->bake(). Uses mod_perl headers_out->add()
	rather than headers_out->set().
  2. Fixed problem identified by Andrei Voronkov in which start_form() output was screwed
	up when initial argument begins with a dash and subsequent arguments do not.
  3. Quashed uninitialized variable warnings coming from script_name(), url() and other
        functions that require access to the PATH_INFO environment variable.

Version 3.19

  1. Added patch from Stephen Frost that allows one to suppress use of the temp file that is
	created during uploads.
  2. Fixed problem noted by Martin Foster in which regular expression meta-character terms
	in the path information were not quoted, causing URL parsing
	to fail on URLs that contained metacharacters (such as +).
  3. More fixes to the url() method.
  4. Removed "hack to fix broken PATH_INFO in MSII".

Version 3.18

  1.  Doc typo fixes.
  2.  Patch from Steve Peters to default the document type to match the charset.
  3.  Fixed param() so that param(-name=>'foo',-values=>[]) sets the parameter to empty list.

Version 3.17, Feb 24, 2006

   1. Added patch from Mike Hanafey which caused 0 arguments to CGI::Cookie->new() to
	be treated as empty.
   2. Patch to CGI::Carp from Peter Whaite to fix the unfixable problem of CGI::Carp
     not behaving correctly in an eval() context.
   3. CGI::Fast->new() calls CGI->_reset_globals to avoid contamination of one session
	with another's variables.
   4. Fixed upload failure on files that contain semicolons in their names.

Version 3.16, Feb 8, 2006

   1. header() -charset option now works even when the MIME type is not "text".
   2. Fixed documentation for cookie() function and fastCGI.
   3. Upload filehandles now only closed automatically on Windows systems.
   4. Apache::Cookie compatibility fix from David Wheeler
   5. CGI::Carp->fatalsToBrowser() does not work correctly with
	mod_perl 2. No workaround is known.
   6. Fixed text status code associated with 302 redirects. Should be "Found"
	but was "Moved".
   7. Fixed charset in start_html() and header() to be in synch.

Version 3.15, Dec 7, 2005

   1. Remove extraneous "?" from self_url() when URI contains a ? but no query string.

Version 3.14, Dec 6,  2005

   1. Fixed broken scrolling_list() select attribute.

Version 3.13, Dec 4, 2005

    1. Removed extraneous empty "?" from end of self_url().

Version 3.12, Dec 4, 2005

    1. Fixed virtual_port so that it works properly with https protocol.
    2. Fixed documentation for upload_hook().
    3. Added POSTDATA documentation.
    4. Made upload_hook() work in function-oriented mode.
    5. Fixed POST_MAX behavior so that it doesn't cause client to hang.
    6. Disabled automatic tab indexes and added new -tabindex pragma to
	turn automatic indexes back on.
    7. The url() and self_url() methods now work better in the context of Apache
       mod_rewrite. Be advised that path_info() may give you confusing results
       when mod_rewrite is active because Apache calculates the path info *after*
       rewriting. This is mostly worked around in url() and self_url(), but you
       may notice some anomalies.
    8. Removed empty (and non-validating) <div> from code emitted by end_form().
    9. Fixed CGI::Carp to work correctly with Mod_perl 1.29 in an Apache 2 environment.
   10. Setting $CGI::TMPDIRECTORY should now be effective.

Version 3.11, Aug 3, 2005

    1. Killed warning in CGI::Cookie about MOD_PERL_API_VERSION
    2. Fixed append() so that it works in function mode.
    3. Workaround for a bug that appears in Apache2 versions through 2.0.54
       in which SCRIPT_NAME and PATH_INFO are incorrect if the additional path_info
       contains a double slash. This workaround will handle the common case of
       http://mysite.com/cgi-bin/log.cgi/http://www.some.other.site/args, but will
       not handle the uncommon case of a ScriptAlias directive that adds additional
       path information to the end of the translated URI.

Version 3.10, May 13, 2005

    1. Added Apache2::RequestIO, which is necessary for mp2 interoperability.

Version 3.09, May 5, 2005

    1. Fixed tabindex="0" when using CGI to create forms without a prior start_html
    2. Removed warning about non-numeric MOD_PERL_API_VERSION.

Version 3.08, Apr 20, 2005

    1. update support for mod_perl 2.0.  versions prior to
       mod_perl 1.999_22 (2.0.0-RC5) are no longer supported.

Version 3.07, Mar 14, 2005

    1. Fixed typo in mod_perl detection.

Version 3.06, Mar 09, 2005

    1. Fixed bare call to script() in start_html
    2. Moved Fh::DESTROY out of autoloaded functions so as to avoid
       clobbering $@ when CGI functions are executed in an eval{}
       context.
    3. mod_perl 2.0 version detection patch in CGI::Cookie provided by
       Allen Day.
    4. autoEscape() flag is now respected when generating extra
       attributes.
    5. Tests for *tag start/end generation from Shlomi Fish.
    6. Support for can() method provided by Ron Savage.
    7. Fix for lang='' when outputting XHTML.
    8. Added support for chunked transfer encoding, as suggested by
	Hakan Ardo
    9. Fixed clobbering of row and column headers in tableized radio
	and checkbox groups, as reported by Nicolas Thierry-Mieg.
   10. <Label> tags are now associated with form elements, as suggested
	by accessibility guidelines.
   11. The <?xml> directive produced by start_html is now turned off by
        default and the charset is specified in a <meta> directive.  Apparently
        IE6 (and maybe some versions of Opera) were getting confused by this.
   12. Support for tab indexes.
   13. Retired the HTML docs.  The POD docs are now primary documentation.
   14. CGI::Carp now correctly detects and handles Apache::Dispatch.
   15. CGI::Util::utf8_chr now correctly sets the UTF8 flag on 5.006 or
	higher perls (fix courtesy Slaven Rezic).


Version 3.05, Apr 12, 2004

    1. Fixed uninitialized variable warning on start_form() when running
       from command line.
    2. Fixed CGI::_set_attributes so that attributes with a - are handled
       correctly.
    3. Fixed CGI::Carp::die() so as to avoid problems from _longmess()
       clobbering @_.
    4. If HTTP_X_FORWARDED_HOST is defined (i.e. running under a proxy),
       the various functions that return HOST will use that instead.
    5. Fix for undefined utf8() call in CGI::Util.
    6. Changed the call to warningsToBrowser() in
       CGI::Carp::fatalsToBrowser to call only after HTTP header is sent
       (thanks to Didier Lebrun for noticing).
    7. Patches from Dan Harkless to make CGI.pm validatable against HTML
       3.2.
    8. Fixed an extraneous "foo=bar" appearing when extra style
       parameters passed to start_html;
    9. Fixed cross-site scripting bug in startform() pointed out by Dan
       Harkless.
   10. Fixed documentation to discuss list context behavior of
       form-element generators explicitly.
   11. Fixed incorrect results from end_form() when called in OO manner.
   12. Fixed query string stripping in order to handle URLs containing
       escaped newlines.
   13. During server push, set NPH to 0 rather than 1. This is supposed
       to fix problems with Apache.
   14. Fixed incorrect processing of multipart form fields that contain
       embedded quotes. There's still the issue of how to handle ones
       that contain embedded semicolons, but no one has complained (yet).
   15. Fixed documentation bug in -style argument to start_html()
   16. Added -status argument to redirect().

Version 3.04, Jan 18, 2004

    1. Fixed the problem with mod_perl crashing when "defaults" button
       pressed.

Version 3.03, Jan 13, 2004

    1. Fix upload hook functionality
    2. Workaround for CGI->unescape_html()
    3. Bumped version numbers in CGI::Fast and CGI::Util for 5.8.3-tobe

Version 3.02

    1. Bring in Apache::Response just in case.
    2. File upload on EBCDIC systems now works.

Version 3.01, Dec 10, 2003

    1. No fix yet for upload failures when running on EBCDIC server.
    2. Fixed uninitialized glob warnings that appeared when file
       uploading under perl 5.8.2.
    3. Added patch from Schlomi Fish to allow debugging of PATH_INFO from
       command line.
    4. Added patch from Steve Hay to correctly unlink tmp files under
       mod_perl/windows
    5. Added upload_hook functionality from Jamie LeTaul
    6. Workarounds for mod_perl 2 IO issues. Check that file upload and
       state saving still working.
    7. Added code for underreads.
    8. Fixed misleading description of redirect() and relative URLs in
       the POD docs.
    9. Workaround for weird interaction of CGI::Carp with Safe module
       reported by William McKee.
   10. Added patches from Ilmari Karonen to improve behavior of
       CGI::Carp.
   11. Fixed documentation error in -style argument.
   12. Added virtual_port() method for finding out what port server is
       listening on in a virtual-host aware fashion.

Version 3.00, Aug 18, 2003

    1. Patch from Randal Schwartz to fix bug introduced by cross-site
       scripting vulnerability "fix."
    2. Patch from JFreeman to replace UTF-8 escape constant of 0xfe with
       0xfc. Hope this is right!

  Version 2.99

    1. Patch from Steve Hay to fix extra Content-type: appearing on
       browser screen when FatalsToBrowser invoked.
    2. Patch from Ewann Corvellec to fix cross-site scripting
       vulnerability.
    3. Fixed tmpdir routine for file uploading to solve problem that
       occurs under mod_perl when tmpdir is writable at startup time, but
       not at session time.

  Version 2.98

    1. Fixed crash in Dump() function.

  Version 2.97

    1. Sigh. Uploaded wrong 2.96 to CPAN.

  Version 2.96

    1. More bugfixes to the -style argument.

  Version 2.95

    1. Fixed bugs in start_html(-style=>...) support introduced in 2.94.

  Version 2.94

    1. Removed warning from reset() method.
    2. Moved

   and tags into the :html3 group. Hope this removes undefined CGI::Area
   errors.

     Changed CGI::Carp to play with mod_perl2 and to (hopefully) restore
   reporting of compile-time errors.

     Fixed potential deadlock between web server and CGI.pm when aborting
   a read due to POST_MAX (reported by Antti Lankila).

     Fixed issue with tag-generating function not incorporating content
   when first variable undef.

     Fixed cross-site scripting bug reported by obscure.

     Fixed Dump() function to return correctly formed XHTML - bug
   reported by Ralph Siemsen.

  Version 2.93

    1. Fixed embarassing bug in mp1 support.

  Version 2.92

    1. Fix to be P3P compliant submitted from MPREWITT.
    2. Added CGI->r() API for mod_perl1/mod_perl2.
    3. Fixed bug in redirect() that was corrupting cookies.
    4. Minor fix to behavior of reset() button to make it consistent with
       submit() button (first time this has been changed in 9 years).
    5. Patch from Dan Kogai to handle UTF-8 correctly in 5.8 and higher.
    6. Patch from Steve Hay to make CGI::Carp's error messages appear on
       MSIE browsers.
    7. Added Yair Lenga's patch for non-urlencoded postings.
    8. Added Stas Bekman's patches for mod_perl 2 compatibility.
    9. Fixed uninitialized escape behavior submitted by William Campbell.
   10. Fixed tied behavior so that you can pass arguments to tie()
   11. Fixed incorrect generation of URLs when the path_info contains +
       and other odd characters.
   12. Fixed redirect(-cookies=>$cookie) problem.
   13. Fixed tag generation bug that affects -javascript passed to
       start_html().

  Version 2.91

    1. Attribute generation now correctly respects the value of
       autoEscape().
    2. Fixed endofrm() syntax error introduced by Ben Edgington's patch.

  Version 2.90

    1. Fixed bug in redirect header handling.
    2. Added P3P option to header().
    3. Patches from Alexey Mahotkin to make CGI::Carp work correctly with
       object-oriented exceptions.
    4. Removed inaccurate description of how to set multiple cookies from
       CGI::Cookie pod file.
    5. Patch from Kevin Mahony to prevent running out of filehandles when
       uploading lots of files.
    6. Documentation enhancement from Mark Fisher to note that the
       import_names() method transforms the parameter names into valid
       Perl names.
    7. Patch from Dan Harkless to suppress lang attribute in <html> tag
       if specified as a null string.
    8. Patch from Ben Edgington to fix broken XHTML-transitional 1.0
       validation on endform().
    9. Custom html header fix from Steffen Beyer (first letter correctly
       upcased now)
   10. Added a -verbatim option to stylesheet generation from Michael
       Dickson
   11. Faster delete() method from Neelam Gupta
   12. Fixed broken Cygwin support.
   13. Added empty charset support from Bradley Baetz
   14. Patches from Doug Perham and Kevin Mahoney to fix file upload
       failures when uploaded file is a multiple of 4096.

  Version 2.89

    1. Fixed behavior of ACTION tag when POSTING to a URL that has a
       query string.
    2. Added Patch from Michael Rommel to handle multipart/mixed uploads
       from Opera

  Version 2.88

    1. Fixed problem with uploads being refused under Perl 5.8 when under
       Taint mode.
    2. Fixed uninitialized variable warnings under Perl 5.8.
    3. Fixed CGI::Pretty regression test failures.

  Version 2.87

    1. Security hole patched: when processing multipart/form-data
       postings, most arguments were being untainted silently. Returned
       arguments are now tainted correctly. This may cause some scripts
       to fail that used to work (thanks to Nick Cleaton for pointing
       this out and persisting until it was fixed).
    2. Update for mod_perl 2.0.
    3. Pragmas such as -no_xhtml are now respected in mod_perl
       environment.

  Version 2.86

    1. Fixes for broken CGI::Cookie expiration dates introduced in 2.84.

  Version 2.85

    1. Fix for broken autoEscape function introduced in 2.84.

  Version 2.84

    1. Fix for failed file uploads on Cygwin platforms.
    2. HTML escaping code now replaced 0x8b and 0x9b with unicode
       references < and *#8250;

  Version 2.83

    1. Fixed autoEscape() documentation inconsistencies.
    2. Patch from Ville Skytt� to fix a number of XHTML inconsistencies.
    3. Added Max-Age to list of CGI::Cookie headers.

  Version 2.82

    1. Patch from Rudolf Troller to add attribute setting and option
       groups to form fields.
    2. Patch from Simon Perreault for silent crashes when using CGI::Carp
       under mod_perl.
    3. Patch from Scott Gifford allows you to set the program name for
       CGI::Carp.

  Version 2.81

    1. Removed extraneous slash from end of stylesheet tags generated by
       start_html in non-XHTML mode.
    2. Changed behavior of CGI::Carp with respect to eval{} contexts so
       that output behaves properly in mod_perl environments.
    3. Fixed default DTD so that it validates with W3C validator.

  Version 2.80

    1. Fixed broken messages in CGI::Carp.
    2. Changed checked="1" to checked="checked" for real XHTML
       compatibility.
    3. Resurrected REQUEST_URI code so that url() works correctly with
       multiviews.

  Version 2.79

    1. Changes to CGI::Carp to avoid "subroutine redefined" error
       messages.
    2. Default DTD is now XHTML 1.0 Transitional
    3. Patches to support all HTML4 tags.

  Version 2.78

    1. Added ability to change encoding in <?xml> assertion.
    2. Fixed the old escapeHTML('CGI') ne "CGI" bug
    3. In accordance with XHTML requirements, there are no longer any
       minimized attributes, such as "checked".
    4. Patched bug which caused file uploads of exactly 4096 bytes to be
       truncated to 4094 (thanks to Kevin Mahony)
    5. New tests and fixes to CGI::Pretty (thanks to Michael Schwern).

  Version 2.77

    1. No new features, but released in order to fix an apparent CPAN
       bug.

  Version 2.76

    1. New esc.t regression test for EBCDIC translations courtesy Peter
       Prymmer.
    2. Patches from James Jurach to make compatible with FCGI-ProcManager
    3. Additional fields passed to header() (like -Content_disposition)
       now honor initial capitalization.
    4. Patch from Andrew McNaughton to handle utf-8 escapes (%uXXXX
       codes) in URLs.

  Version 2.752

    1. Syntax error in the autoloaded Fh::new() subroutine.
    2. Better error reporting in autoloaded functions.

  Version 2.751

    1. Tiny tweak to filename regular expression function on line 3355.

  Version 2.75

    1. Fixed bug in server push boundary strings (CGI.pm and CGI::Push).
    2. Fixed bug that occurs when uploading files with funny characters
       in the name
    3. Fixed non-XHTML-compliant attributes produced by textfield()
    4. Added EPOC support, courtesy Olaf Flebbe
    5. Fixed minor XHTML bugs.
    6. Made escape() and unescape() symmetric with respect to EBCDIC,
       courtesy Roca, Ignasi <ignasi.roca@fujitsu.siemens.es>
    7. Removed uninitialized variable warning from CGI::Cookie, provided
       by Atipat Rojnuckarin <rojnuca@yahoo.com>
    8. Fixed bug in CGI::Pretty that causes it to print partial end tags
       when the $INDENT global is changed.
    9. Single quotes are changed to character entity ' for compatibility
       with URLs.

  Version 2.74

   September 13, 2000
    1. Quashed one-character bug that caused CGI.pm to fail on file
       uploads.

  Version 2.73

   September 12, 2000
    1. Added -base to the list of arguments accepted by url().
    2. Fixes to XHTML support.
    3. POST parameters no longer show up in the Location box.

  Version 2.72

   August 19, 2000
    1. Fixed the defaults button so that it works again
    2. Charset is now correctly saved and restored when saving to files
    3. url() now works correctly when given scripts with %20 and other
       escapes in the additional path info. This undoes a patch
       introduced in version 2.47 that I no longer understand the
       rationale for.

  Version 2.71

   August 13, 2000
    1. Newlines in the value attributes of hidden fields and other form
       elements are now escaped when using ISO-Latin.
    2. Inline script and style sections are now protected as CDATA
       sections when XHTML mode is on (the default).

  Version 2.70

   August 4, 2000
    1. Fixed bug in scrolling_list() which omitted a space in front of
       the "multiple" attribute.
    2. Squashed the "useless use of string in void context" message from
       redirects.

  Version 2.69

    1. startform() now creates default ACTION for POSTs as well as GETs.
       This may break some browsers, but it no longer violates the HTML
       spec.
    2. CGI.pm now emits XHTML by default. Disable with -no_xhtml.
    3. We no longer interpret &#ddd sequences in non-latin character
       sets.

  Version 2.68

    1. No longer attempts to escape characters when dealing with non
       ISO-8861 character sets.
    2. checkbox() function now defaults to using -value as its label,
       rather than -name. The current behavior is what has been
       documented from the beginning.
    3. -style accepts array reference to incorporate multiple stylesheets
       into document.

    1. Fixed two bugs that caused the -compile pragma to fail with a
       syntax error.

  Version 2.67

    1. Added XHTML support (incomplete; tags need to be lowercased).
    2. Fixed CGI/Carp when running under mod_perl. Probably broke in
       other contexts.
    3. Fixed problems when passing multiple cookies.
    4. Suppress warnings from _tableize() that were appearing when using
       -w switch with radio_group() and checkbox_group().
    5. Support for the header() -attachment argument, which can give
       pages a default file name when saving to disk.

  Version 2.66

    1. 2.65 changes in make_attributes() broke HTTP header functions
       (including redirect), so made it context sensitive.

  Version 2.65

    1. Fixed regression tests to skip tests that require implicit fork on
       machines without fork().
    2. Changed make_attributes() to automatically escape any HTML
       reserved characters.
    3. Minor documentation fix in javascript example.

  Version 2.64

    1. Changes introduced in 2.63 broke param() when retrieving parameter
       lists containing only a single argument. This is now fixed.
    2. self_url() now defaults to returning parameters delimited with
       semicolon. Use the pragma -oldstyle_urls to get the old "&"
       delimiter.

  Version 2.63

    1. Fixed CGI::Push to pull out parameters correctly.
    2. Fixed redirect() so that it works with default character set
    3. Changed param() so as to returned empty string '' when referring
       to variables passed in query strings like 'name1=&name2'

  Version 2.62

    1. Fixed broken ReadParse() function, and added regression tests
    2. Fixed broken CGI::Pretty, and added regression tests

  Version 2.61

    1. Moved more functions from CGI.pm proper into CGI/Util.pm.
       CGI/Cookie should now be standalone.
    2. Disabled per-user temporary directories, which were causing grief.

  Version 2.60

    1. Fixed junk appearing in autogenerated HTML functions when using
       object-oriented mode.

  Version 2.59

    1. autoescape functionality breaks too much existing code, removed
       it.
    2. use escapeHTML() manually

  Version 2.58

   This is the release version of 2.57.

  Version 2.57

    1. Added -debug pragma and turned off auto reading of STDIN.
    2. Default DTD updated to HTML 4.01 transitional.
    3. Added charset() method and the -charset argument to header().
    4. Fixed behavior of escapeHTML() to respect charset() and to escape
       nasty Windows characters (thanks to Tom Christiansen).
    5. Handle REDIRECT_QUERY_STRING correctly.
    6. Removed use_named_parameters() because of dependency problems and
       general lameness.
    7. Fixed problems with bad HREF links generated by url(-relative=>1)
       when the url is like /people/.
    8. Silenced a warning on upload (patch provided by Jonas Liljegren)
    9. Fixed race condition in CGI::Carp when errors occur during parsing
       (patch provided by Maurice Aubrey).
   10. Fixed failure of url(-path_info=>1) when path contains % signs.
   11. Fixed warning from CGI::Cookie when receiving foreign cookies that
       don't use name=value format.
   12. Fixed incompatibilities with file uploading on VMS systems.

  Version 2.56

    1. Fixed bugs in file upload introduced in version 2.55
    2. Fixed long-standing bug that prevented two files with identical
       names from being uploaded.

  Version 2.55

    1. Fixed cookie regression test so as not to produce an error.
    2. Fixed path_info() and self_url() to work correctly together when
       path_info() modified.
    3. Removed manify warnings from CGI::{Switch,Apache}.

  Version 2.54

    1. This will be the last release of the monolithic CGI.pm module.
       Later versions will be modularized and optimized.
    2. DOMAIN tag no longer added to cookies by default. This will break
       some versions of Internet Explorer, but will avoid breaking
       networks which use host tables without fully qualified domain
       names. For compatibility, please always add the -domain tag when
       creating cookies.
    3. Fixed escape() method so that +'s are treated correctly.
    4. Updated CGI::Pretty module.

  Version 2.53

    1. Forgot to upgrade regression tests before releasing 2.52. NOTHING
       ELSE HAS CHANGED IN LIBRARY

  Version 2.52

    1. Spurious newline in checkbox() routine removed. (courtesy John
       Essen)
    2. TEXTAREA linebreaks now respected in dump() routine. (courtesy
       John Essen)
    3. Patches for DOS ports (courtesy Robert Davies)
    4. Patches for VMS
    5. More fixes for cookie problems
    6. Fix CGI::Carp so that it doesn't affect eval{} blocks (courtesy
       Byron Brummer)

  Version 2.51

    1. Fixed problems with cookies not being remembered when sent to IE
       5.0 (and Netscape 5.0 too?)
    2. Numerous HTML compliance problems in cgi_docs.html; fixed thanks
       to Michael Leahy

  Version 2.50

    1. Added a new Vars() method to retrieve all parameters as a tied
       hash.
    2. Untainted tainted tempfile name so that script doesn't fail on
       terminal unlink.
    3. Made picking of upload tempfile name more intelligent so that
       doesn't fail in case of name collision.
    4. Fixed handling of expire times when passed an absolute timestamp.
    5. Changed dump() to Dump() to avoid name clashes.

  Version 2.49

    1. Fixes for FastCGI (globals not getting reset)
    2. Fixed url() to correctly handle query string and path under
       MOD_PERL

  Version 2.48

    1. Reverted detection of MOD_PERL to avoid breaking PerlEX.

  Version 2.47

    1. Patch to fix file upload bug appearing in IE 3.01 for
       Macintosh/PowerPC.
    2. Replaced use of $ENV{SCRIPT_NAME} with $ENV{REQUEST_URI} when
       running under Apache, to fix self-referencing URIs.
    3. Fixed bug in escapeHTML() which caused certain constructs, such as
       CGI->image_button(), to fail.
    4. Fixed bug which caused strong('CGI') to fail. Be careful to use
       CGI::strong('CGI') and not CGI->strong('CGI'). The latter will
       produce confusing results.
    5. Added upload() function, as a preferred replacement for the
       "filehandle as string" feature.
    6. Added cgi_error() function.
    7. Rewrote file upload handling to return undef rather than dieing
       when an error is encountered. Be sure to call cgi_error() to find
       out what went wrong.

  Version 2.46

    1. Fix for failure of the "include" tests under mod_perl
    2. Added end_multipart_form to prevent failures during qw(-compile
       :all)

  Version 2.45

    1. Multiple small documentation fixes
    2. CGI::Pretty didn't get into 2.44. Fixed now.

  Version 2.44

    1. Fixed file descriptor leak in upload function.
    2. Fixed bug in header() that prevented fields from containing double
       quotes.
    3. Added Brian Paulsen's CGI::Pretty package for pretty-printing
       output HTML.
    4. Removed CGI::Apache and CGI::Switch from the distribution.
    5. Generated start_* shortcuts so that start_table(), end_table(),
       start_ol(), end_ol(), and so forth now work (see the docs on how
       to enable this feature).
    6. Changed accept() to Accept(), sub() to Sub(). There's still a
       conflict with reset(), but this will break too many existing
       scripts!

  Version 2.43

    1. Fixed problem with "use strict" and file uploads (thanks to Peter
       Haworth)
    2. Fixed problem with not MSIE 3.01 for the power_mac not doing file
       uploads right.
    3. Fixed problem with file upload on IIS 4.0 when authorization in
       use.
    4. -content_type and '-content-type' can now be provided to header()
       as synonyms for -type.
    5. CGI::Carp now escapes the ampersand BEFORE escaping the > and <
       signs.
    6. Fixed "not an array reference" error when passing a hash reference
       to radio_group().
    7. Fixed non-removal of uploaded TMP files on NT platforms which
       occurs when server runs on non-C drive (thanks to Steve Kilbane
       for finding this one).

  Version 2.42

    1. Too many screams of anguish at changed behavior of url(). Is now
       back to its old behavior by default, with options to generate all
       the variants.
    2. Added regression tests. "make test" now works.
    3. Documentation fixes.
    4. Fixes for Macintosh uploads, but uploads STILL do not work pending
       changes to MacPerl.

  Version 2.41

    1. url() method now includes the path info. Use script_name() to get
       it without path info().
    2. Changed handling of empty attributes in HTML tag generation. Be
       warned! Use table({-border=>undef}) rather than
       table({-border=>''}).
    3. Changes to allow uploaded filenames to be compared to other
       strings with "eq", "cmp" and "ne".
    4. Changes to allow CGI.pm to coexist more peacefully with
       ActiveState PerlEX.
    5. Changes to prevent exported variables from clashing when importing
       ":all" set in combination with cookies.

  Version 2.40

    1. CGI::Carp patched to work better with mod_perl (thanks to Chris
       Dean).
    2. Uploads of files whose names begin with numbers or the Windows
       \\UNC\shared\file nomenclature should no longer fail.
    3. The <STYLE> tag (for cascading style sheets) now generates the
       required TYPE attribute.
    4. Server push primitives added, thanks to Ed Jordan.
    5. Table and other HTML3 functions are now part of the :standard set.
    6. Small documentation fixes.

   TO DO:
    1. Do something about the DTD mess. The module should generate
       correct DTDs, or at least offer the programmer a way to specify
       the correct one.
    2. Split CGI.pm into CGI processing and HTML-generating modules.
    3. More robust file upload (?still not working on the Macintosh?).
    4. Bring in all the HTML4 functionality, particular the accessibility
       features.

  Version 2.39

    1. file uploads failing because of VMS patch; fixed.
    2. -dtd parameter was not being properly processed.

  Version 2.38

   I finally got tired of all the 2.37 betas and released 2.38. The main
   difference between this version and the last 2.37 beta (2.37b30) are
   some fixes for VMS. This should allow file upload to work properly on
   all VMS Web servers.

  Version 2.37, various beta versions

    1. Added a CGI::Cookie::parse() method for lucky mod_perl users.
    2. No longer need separate -values and -labels arguments for
       multi-valued form elements.
    3. Added better interface to raw cookies (fix courtesy Ken Fox,
       kfox@ford.com)
    4. Added param_fetch() function for direct access to parameter list.
    5. Fix to checkbox() to allow for multi-valued single checkboxes
       (weird problem).
    6. Added a compile() method for those who want to compile without
       importing.
    7. Documented the import pragmas a little better.
    8. Added a -compile switch to the use clause for the long-suffering
       mod_perl and Perl compiler users.
    9. Fixed initialization routines so that FileHandle and type globs
       work correctly (and hash initialization doesn't fail!).
   10. Better deletion of temporary files on NT systems.
   11. Added documentation on escape(), unescape(), unescapeHTML() and
       unescapeHTML() subroutines.
   12. Added documentation on creating subclasses.
   13. Fixed problem when calling $self->SUPER::foo() from inheriting
       subclasses.
   14. Fixed problem using filehandles from within subroutines.
   15. Fixed inability to use the string "CGI" as a parameter.
   16. Fixed exponentially growing $FILLUNIT bug
   17. Check for undef filehandle in read_from_client()
   18. Now requires the UNIVERSAL.pm module, present in Perl 5.003_7 or
       higher.
   19. Fixed problem with uppercase-only parameters being ignored.
   20. Fixed vanishing cookie problem.
   21. Fixed warning in initialize_globals() under mod_perl.
   22. File uploads from Macintosh versions of MSIE should now work.
   23. Pragmas now preceded by dashes (-nph) rather than colons (:nph).
       Old style is supported for backward compatibility.
   24. Can now pass arguments to all functions using {} brackets,
       resolving historical inconsistencies.
   25. Removed autoloader warnings about absent MultipartBuffer::DESTROY.
   26. Fixed non-sticky checkbox() when -name used without -value.
   27. Hack to fix path_info() in IIS 2.0. Doesn't help with IIS 3.0.
   28. Parameter syntax for debugging from command line now more
       straightforward.
   29. Added $DISABLE_UPLOAD to disable file uploads.
   30. Added $POST_MAX to error out if POSTings exceed some ceiling.
   31. Fixed url_param(), which wasn't working at all.
   32. Fixed variable suicide problem in s///e expressions, where the
       autoloader was needed during evaluation.
   33. Removed excess spaces between elements of checkbox and radio
       groups
   34. Can now create "valueless" submit buttons
   35. Can now set path_info as well as read it.
   36. ReadParse() now returns a useful function result.
   37. import_names() now allows you to optionally clear out the
       namespace before importing (for mod_perl users)
   38. Made it possible to have a popup menu or radio button with a value
       of "0".
   39. link() changed to Link() to avoid overriding native link function.
   40. Takes advantage of mod_perl's register_cleanup() function to clear
       globals.
   41. <LAYER> and <ILAYER> added to :html3 functions.
   42. Fixed problems with private tempfiles and NT/IIS systems.
   43. No longer prints the DTD by default (I bet no one will complain).
   44. Allow underscores to replace internal hyphens in parameter names.
   45. CGI::Push supports heterogeneous MIME types and adjustable delays
       between pages.
   46. url_param() method added for retrieving URL parameters even when a
       fill-out form is POSTed.
   47. Got rid of warnings when radio_group() is called.
   48. Cookies now moved to their very own module.
   49. Fixed documentation bug in CGI::Fast.
   50. Added a :no_debug pragma to the import list.

  Version 2.36

    1. Expanded JavaScript functionality
    2. Preliminary support for cascading stylesheets
    3. Security fixes for file uploads:
          + Module will bail out if its temporary file already exists
          + Temporary files can now be made completely private to avoid
            peeking by other users or CGI scripts.
    4. use CGI qw/:nph/ wasn't working correctly. Now it is.
    5. Cookie and HTTP date formats didn't meet spec. Thanks to Mark
       Fisher (fisherm@indy.tce.com) for catching and fixing this.

   p

  Version 2.35

    1. Robustified multipart file upload against incorrect syntax in
       POST.
    2. Fixed more problems with mod_perl.
    3. Added -noScript parameter to start_html().
    4. Documentation fixes.

  Version 2.34

    1. Stupid typo fix

  Version 2.33

    1. Fixed a warning about an undefined environment variable.
    2. Doug's patch for redirect() under mod_perl
    3. Partial fix for busted inheritence from CGI::Apache
    4. Documentation fixes.

  Version 2.32

    1. Improved support for Apache's mod_perl.
    2. Changes to better support inheritance.
    3. Support for OS/2.

  Version 2.31

    1. New uploadInfo() method to obtain header information from uploaded
       files.
    2. cookie() without any arguments returns all the cookies passed to a
       script.
    3. Removed annoying warnings about $ENV{NPH} when running with the -w
       switch.
    4. Removed operator overloading throughout to make compatible with
       new versions of perl.
    5. -expires now implies the -date header, to avoid clock skew.
    6. WebSite passes cookies in $ENV{COOKIE} rather than
       $ENV{HTTP_COOKIE}. We now handle this, even though it's O'Reilly's
       fault.
    7. Tested successfully against new sfio I/O layer.
    8. Documentation fixes.

  Version 2.30

    1. Automatic detection of operating system at load time.
    2. Changed select() function to Select() in order to avoid conflict
       with Perl built-in.
    3. Added Tr() as an alternative to TR(); some people think it looks
       better that way.
    4. Fixed problem with autoloading of MultipartBuffer::DESTROY code.
    5. Added the following methods:
          + virtual_host()
          + server_software()
    6. Automatic NPH mode when running under Microsoft IIS server.

  Version 2.29

    1. Fixed cookie bugs
    2. Fixed problems that cropped up when useNamedParameters was set to
       1.
    3. Prevent CGI::Carp::fatalsToBrowser() from crapping out when
       encountering a die() within an eval().
    4. Fixed problems with filehandle initializers.

  Version 2.28

    1. Added support for NPH scripts; also fixes problems with Microsoft
       IIS.
    2. Fixed a problem with checkbox() values not being correctly saved
       and restored.
    3. Fixed a bug in which CGI objects created with empty string
       initializers took on default values from earlier CGI objects.
    4. Documentation fixes.

  Version 2.27

    1. Small but important bug fix: the automatic capitalization of tag
       attributes was accidentally capitalizing the VALUES as well as the
       ATTRIBUTE names (oops).

  Version 2.26

    1. Changed behavior of scrolling_list(), checkbox() and
       checkbox_group() methods so that defaults are honored correctly.
       The "fix" causes endform() to generate additional <INPUT
       TYPE="HIDDEN"> tags -- don't be surpised.
    2. Fixed bug involving the detection of the SSL protocol.
    3. Fixed documentation error in position of the -meta argument in
       start_html().
    4. HTML shortcuts now generate tags in ALL UPPERCASE.
    5. start_html() now generates correct SGML header:
      <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">

    6. CGI::Carp no longer fails "use strict refs" pragma.

  Version 2.25

    1. Fixed bug that caused bad redirection on destination URLs with
       arguments.
    2. Fixed bug involving use_named_parameters() followed by
       start_multipart_form()
    3. Fixed bug that caused incorrect determination of binmode for
       Macintosh.
    4. Spelling fixes on documentation.

  Version 2.24

    1. Fixed bug that caused generation of lousy HTML for some form
       elements
    2. Fixed uploading bug in Windows NT
    3. Some code cleanup (not enough)

  Version 2.23

    1. Fixed an obscure bug that caused scripts to fail mysteriously.
    2. Fixed auto-caching bug.
    3. Fixed bug that prevented HTML shortcuts from passing taint checks.
    4. Fixed some -w warning problems.

  Version 2.22

    1. New CGI::Fast module for use with FastCGI protocol. See pod
       documentation for details.
    2. Fixed problems with inheritance and autoloading.
    3. Added TR() (<tr>) and PARAM() (<param>) methods to list of
       exported HTML tag-generating functions.
    4. Moved all CGI-related I/O to a bottleneck method so that this can
       be overridden more easily in mod_perl (thanks to Doug MacEachern).
    5. put() method as substitute for print() for use in mod_perl.
    6. Fixed crash in tmpFileName() method.
    7. Added tmpFileName(), startform() and endform() to export list.
    8. Fixed problems with attributes in HTML shortcuts.
    9. Functions that don't actually need access to the CGI object now no
       longer generate a default one. May speed things up slightly.
   10. Aesthetic improvements in generated HTML.
   11. New examples.

  Version 2.21

    1. Added the -meta argument to start_html().
    2. Fixed hidden fields (again).
    3. Radio_group() and checkbox_group() now return an appropriate
       scalar value when called in a scalar context, rather than
       returning a numeric value!
    4. Cleaned up the formatting of form elements to avoid unesthetic
       extra spaces within the attributes.
    5. HTML elements now correctly include the closing tag when
       parameters are present but null: em('')
    6. Added password_field() to the export list.

  Version 2.20

    1. Dumped the SelfLoader because of problems with running with taint
       checks and rolled my own. Performance is now significantly
       improved.
    2. Added HTML shortcuts.
    3. import() now adheres to the Perl module conventions, allowing
       CGI.pm to import any or all method names into the user's name
       space.
    4. Added the ability to initialize CGI objects from strings and
       associative arrays.
    5. Made it possible to initialize CGI objects with filehandle
       references rather than filehandle strings.
    6. Added the delete_all() and append() methods.
    7. CGI objects correctly initialize from filehandles on NT/95 systems
       now.
    8. Fixed the problem with binary file uploads on NT/95 systems.
    9. Fixed bug in redirect().
   10. Added '-Window-target' parameter to redirect().
   11. Fixed import_names() so that parameter names containing funny
       characters work.
   12. Broke the unfortunate connection between cookie and CGI parameter
       name space.
   13. Fixed problems with hidden fields whose values are 0.
   14. Cleaned up the documentation somewhat.

  Version 2.19

    1. Added cookie() support routines.
    2. Added -expires parameter to header().
    3. Added cgi-lib.pl compatibility mode.
    4. Made the module more configurable for different operating systems.
    5. Fixed a dumb bug in JavaScript button() method.

  Version 2.18

    1. Fixed a bug that corrects a hang that occurs on some platforms
       when processing file uploads. Unfortunately this disables the
       check for bad Netscape uploads.
    2. Fixed bizarre problem involving the inability to process uploaded
       files that begin with a non alphabetic character in the file name.
    3. Fixed a bug in the hidden fields involving the -override directive
       being ignored when scalar defaults were passed.
    4. Added documentation on how to disable the SelfLoader features.

  Version 2.17

    1. Added support for the SelfLoader module.
    2. Added oodles of JavaScript support routines.
    3. Fixed bad bug in query_string() method that caused some parameters
       to be silently dropped.
    4. Robustified file upload code to handle premature termination by
       the client.
    5. Exported temporary file names on file upload.
    6. Removed spurious "uninitialized variable" warnings that appeared
       when running under 5.002.
    7. Added the Carp.pm library to the standard distribution.
    8. Fixed a number of errors in this documentation, and probably added
       a few more.
    9. Checkbox_group() and radio_group() now return the buttons as
       arrays, so that you can incorporate the individual buttons into
       specialized tables.
   10. Added the '-nolabels' option to checkbox_group() and
       radio_group(). Probably should be added to all the other
       HTML-generating routines.
   11. Added the url() method to recover the URL without the entire query
       string appended.
   12. Added request_method() to list of environment variables available.
   13. Would you believe it? Fixed hidden fields again!

  Version 2.16

    1. Fixed hidden fields yet again.
    2. Fixed subtle problems in the file upload method that caused
       intermittent failures (thanks to Keven Hendrick for this one).
    3. Made file upload more robust in the face of bizarre behavior by
       the Macintosh and Windows Netscape clients.
    4. Moved the POD documentation to the bottom of the module at the
       request of Stephen Dahmen.
    5. Added the -xbase parameter to the start_html() method, also at the
       request of Stephen Dahmen.
    6. Added JavaScript form buttons at Stephen's request. I'm not sure
       how to use this Netscape extension correctly, however, so for now
       the form() method is in the module as an undocumented feature. Use
       at your own risk!

  Version 2.15

    1. Added the -override parameter to all field-generating methods.
    2. Documented the user_name() and remote_user() methods.
    3. Fixed bugs that prevented empty strings from being recognized as
       valid textfield contents.
    4. Documented the use of framesets and added a frameset example.

  Version 2.14

   This was an internal experimental version that was never released.

  Version 2.13

    1. Fixed a bug that interfered with the value "0" being entered into
       text fields.

  Version 2.01

    1. Added -rows and -columns to the radio and checkbox groups. No
       doubt this will cause much grief because it seems to promise a
       level of meta-organization that it doesn't actually provide.
    2. Fixed a bug in the redirect() method -- it was not truly HTTP/1.0
       compliant.

  Version 2.0

   The changes seemed to touch every line of code, so I decided to bump
   up the major version number.
    1. Support for named parameter style method calls. This turns out
       to be a big win for extending CGI.pm when Netscape adds new HTML
       "features".
    2. Changed behavior of hidden fields back to the correct "sticky"
       behavior. This is going to break some programs, but it is for
       the best in the long run.
    3. Netscape 2.0b2 broke the file upload feature. CGI.pm now handles
       both 2.0b1 and 2.0b2-style uploading. It will probably break again
       in 2.0b3.
    4. There were still problems with library being unable to distinguish
       between a form being loaded for the first time, and a subsequent
       loading with all fields blank. We now forcibly create a default
       name for the Submit button (if not provided) so that there's
       always at least one parameter.
    5. More workarounds to prevent annoying spurious warning messages
       when run under the -w switch. -w is seriously broken in perl
       5.001!

  Version 1.57

    1. Support for the Netscape 2.0 "File upload" field.
    2. The handling of defaults for selected items in scrolling lists and
       multiple checkboxes is now consistent.

  Version 1.56

    1. Created true "pod" documentation for the module.
    2. Cleaned up the code to avoid many of the spurious "use of
       uninitialized variable" warnings when running with the -w switch.
    3. Added the autoEscape() method. v
    4. Added string interpolation of the CGI object.
    5. Added the ability to pass additional parameters to the <BODY> tag.
    6. Added the ability to specify the status code in the HTTP header.

  Bug fixes in version 1.55

    1. Every time self_url() was called, the parameter list would grow.
       This was a bad "feature".
    2. Documented the fact that you can pass "-" to radio_group() in
       order to prevent any button from being highlighted by default.

  Bug fixes in version 1.54

    1. The user_agent() method is now documented;
    2. A potential security hole in import() is now plugged.
    3. Changed name of import() to import_names() for compatibility with
       CGI:: modules.

  Bug fixes in version 1.53

    1. Fixed several typos in the code that were causing the following
       subroutines to fail in some circumstances
         1. checkbox()
         2. hidden()
    2. No features added

  New features added in version 1.52

    1. Added backslashing, quotation marks, and other shell-style escape
       sequences to the parameters passed in during debugging off-line.
    2. Changed the way that the hidden() method works so that the default
       value always overrides the current one.
    3. Improved the handling of sticky values in forms. It's now less
       likely that sticky values will get stuck.
    4. If you call server_name(), script_name() and several other methods
       when running offline, the methods now create "dummy" values to
       work with.

  Bugs fixed in version 1.51

    1. param() when called without arguments was returning an array of
       length 1 even when there were no parameters to be had. Bad bug!
       Bad!
    2. The HTML code generated would break if input fields contained the
       forbidden characters ">< or &. You can now use these characters
       freely.

  New features added in version 1.50

    1. import() method allows all the parameters to be imported into a
       namespace in one fell swoop.
    2. Parameters are now returned in the same order in which they were
       defined.

  Bugs fixed in version 1.45

    1. delete() method didn't work correctly. This is now fixed.
    2. reset() method didn't allow you to set the name of the button.
       Fixed.

  Bugs fixed in version 1.44

    1. self_url() didn't include the path information. This is now fixed.

  New features added in version 1.43

    1. Added the delete() method.

  New features added in version 1.42

    1. The image_button() method to create clickable images.
    2. A few bug fixes involving forms embedded in <PRE> blocks.

  New features added in version 1.4

    1. New header shortcut methods
          + redirect() to create HTTP redirection messages.
          + start_html() to create the HTML title, complete with the
            recommended <LINK> tag that no one ever remembers to include.
          + end_html() for completeness' sake.
    2. A new save() method that allows you to write out the state of an
       script to a file or pipe.
    3. An improved version of the new() method that allows you to restore
       the state of a script from a file or pipe. With (2) this gives you
       dump and restore capabilities! (Wow, you can put a "121,931
       customers served" banner at the bottom of your pages!)
    4. A self_url() method that allows you to create state-maintaining
       hypertext links. In addition to allowing you to maintain the state
       of your scripts between invocations, this lets you work around a
       problem that some browsers have when jumping to internal links in
       a document that contains a form -- the form information gets lost.
    5. The user-visible labels in checkboxes, radio buttons, popup menus
       and scrolling lists have now been decoupled from the values sent
       to your CGI script. Your script can know a checkbox by the name of
       "cb1" while the user knows it by a more descriptive name. I've
       also added some parameters that were missing from the text fields,
       such as MAXLENGTH.
    6. A whole bunch of methods have been added to get at environment
       variables involved in user verification and other obscure
       features.

  Bug fixes

    1. The problems with the hidden fields have (I hope at last) been
       fixed.
    2. You can create multiple query objects and they will all be
       initialized correctly. This simplifies the creation of multiple
       forms on one page.
    3. The URL unescaping code works correctly now.