/ 
Mojolicious-0.999922
⭐ Starred 2674
Security Advisories (13)
CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

CVE-2010-4803 (2011-05-03)

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.

CVE-2010-4802 (2011-05-03)

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

CVE-2011-1841 (2011-03-10)

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies.  An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

Changes for version 0.999922 - 2010-02-11

  • Added session support.
  • Added signed cookie support.
  • Added I18N support. (vti, memowe)
  • Added template detection again, you can now just mix multiple template engines and the renderer will automatically pick the right template. So you don't have to use the "handler" argument anymore, even though it's still available and overrides auto detection.
  • Added Flash Policy Server example. (xantus)
  • Added more reference docs.
  • Added .gitignore generator command. (marcus)
  • Added automatic CGI/FastCGI environment detection to Mojo::Commands.
  • Renamed Mojolicious::Book to Mojolicious::Guides.
  • Removed hot deployment support for Windows because of incompatibilities between Active Perl and Strawberry Perl.
  • Made process id and lock file defaults more userfriendly in Mojo::Server::Daemon.
  • Updated for Perl 5.12, not using the bytes pragma anymore.
  • Fixed a bug where WebSocket servers could not directly start sending messages.
  • Fixed connection id handling in Mojo::Client.
  • Fixed multiple epoll bugs.
  • Fixed Mojo::IOLoop connection check.
  • Fixed identification headers.
  • Fixed a bug where exception pages would be rendered multiple times.
  • Fixed reverse proxy support. (vti)
  • Fixed error state in Mojo::Stateful. (vti)
  • Fixed seek bug. (lee7)
  • Fixed a PSGI header bug. (lee7)
  • Fixed typos.

Documentation

Mojolicious::Guides
Mojolicious Guide To The Galaxy
Mojolicious::Guides::Cheatsheet
Reference
Mojolicious::Guides::CodingGuidelines
Coding Guidelines
Mojolicious::Guides::FAQ
Frequently Asked Questions

Modules

Mojo
The Box!
Mojo::Asset
Asset Base Class
Mojo::Asset::File
File Asset
Mojo::Asset::Memory
In-Memory Asset
Mojo::Base
Minimal Base Class For Mojo Projects
Mojo::ByteStream
ByteStream
Mojo::Client
Async IO HTTP 1.1 And WebSocket Client
Mojo::Command
Command Base Class
Mojo::Command::Cgi
CGI Command
Mojo::Command::Daemon
Daemon Command
Mojo::Command::DaemonPrefork
Prefork Daemon Command
Mojo::Command::Fastcgi
FastCGI Command
Mojo::Command::Generate
Generator Command
Mojo::Command::Generate::App
Application Generator Command
Mojo::Command::Generate::Gitignore
Gitignore Generator Command
Mojo::Command::Generate::Makefile
Makefile Generator Command
Mojo::Command::Generate::Psgi
PSGI Generator Command
Mojo::Command::Get
Get Command
Mojo::Command::Test
Test Command
Mojo::Command::Version
Version Command
Mojo::Commands
Commands
Mojo::Content
HTTP 1.1 Content Base Class
Mojo::Content::MultiPart
HTTP 1.1 MultiPart Content Container
Mojo::Content::Single
HTTP 1.1 Content Container
Mojo::Cookie
HTTP 1.1 Cookie Base Class
Mojo::Cookie::Request
HTTP 1.1 Request Cookie Container
Mojo::Cookie::Response
HTTP 1.1 Response Cookie Container
Mojo::CookieJar
Cookie Jar For HTTP 1.1 User Agents
Mojo::Date
HTTP 1.1 Date Container
Mojo::Exception
Exceptions With Context
Mojo::Filter
HTTP 1.1 Filter Base Class
Mojo::Filter::Chunked
HTTP 1.1 Chunked Filter
Mojo::Headers
Headers
Mojo::HelloWorld
Hello World!
Mojo::Home
Detect And Access The Project Root Directory In Mojo
Mojo::IOLoop
Minimalistic Event Loop For TCP Clients And Servers
Mojo::JSON
Minimalistic JSON
Mojo::Loader
Loader
Mojo::Log
Simple Logger For Mojo
Mojo::Message
HTTP 1.1 Message Base Class
Mojo::Message::Request
HTTP 1.1 Request Container
Mojo::Message::Response
HTTP 1.1 Response Container
Mojo::Parameters
Parameter Container
Mojo::Path
Path
Mojo::Server
HTTP Server Base Class
Mojo::Server::CGI
CGI Server
Mojo::Server::Daemon
Async IO HTTP 1.1 And WebSocket Server
Mojo::Server::Daemon::Prefork
Preforking HTTP 1.1 And WebSocket Server
Mojo::Server::FastCGI
FastCGI Server
Mojo::Server::PSGI
PSGI Server
Mojo::Stateful
Stateful Base Class
Mojo::Template
Perlish Templates!
Mojo::Transaction
Transaction Base Class
Mojo::Transaction::HTTP
HTTP 1.1 Transaction Container
Mojo::Transaction::Single
DEPRECATED!
Mojo::Transaction::WebSocket
WebSocket Transaction Container
Mojo::URL
Uniform Resource Locator
Mojo::Upload
Upload Container
MojoX::Controller
Controller Base Class
MojoX::Dispatcher::Routes
Routes Dispatcher
MojoX::Dispatcher::Routes::Controller
Controller Base Class
MojoX::Dispatcher::Static
Serve Static Files
MojoX::Renderer
MIME Type Based Renderer
MojoX::Routes
Always Find Your Destination With Routes
MojoX::Routes::Match
Routes Visitor
MojoX::Routes::Pattern
Routes Pattern
MojoX::Session::Cookie
Signed Cookie Based Sessions
MojoX::Session::Cookie::Controller
Controller Base Class
MojoX::Types
MIME Types
Mojolicious
The Web In A Box!
Mojolicious::Command::Generate
Generator Command
Mojolicious::Command::Generate::App
App Generator Command
Mojolicious::Command::Generate::LiteApp
Lite App Generator Command
Mojolicious::Command::Inflate
Inflate Command
Mojolicious::Command::Routes
Routes Command
Mojolicious::Commands
Commands
Mojolicious::Controller
Controller Base Class
Mojolicious::Lite
Micro Web Framework
Mojolicious::Plugin
Plugin Base Class
Mojolicious::Plugin::AgentCondition
Agent Condition Plugin
Mojolicious::Plugin::Charset
Charset Plugin
Mojolicious::Plugin::DefaultHelpers
Default Helpers Plugin
Mojolicious::Plugin::EpRenderer
EP Renderer Plugin
Mojolicious::Plugin::EplRenderer
EPL Renderer Plugin
Mojolicious::Plugin::HeaderCondition
Header Condition Plugin
Mojolicious::Plugin::I18n
Intenationalization Plugin
Mojolicious::Plugin::JsonConfig
JSON Configuration Plugin
Mojolicious::Plugin::PodRenderer
POD Renderer Plugin
Mojolicious::Plugin::PoweredBy
Powered By Plugin
Mojolicious::Plugin::RequestTimer
Request Timer Plugin
Mojolicious::Plugins
Plugins
Test::Mojo
Testing Mojo!
Test::Mojo::Server
Server Tests

Provides

Mojo::JSON::_Bool
in lib/Mojo/JSON.pm
Mojo::Server::PSGI::Handle
in lib/Mojo/Server/PSGI.pm
Mojolicious::Plugin::I18n::_Handler
in lib/Mojolicious/Plugin/I18n.pm

Examples

Other files