Vlinder Software Announces Arachnida version 2.1

Vlinder Software is announcing the release of version 2.1 of Arachnida. This latest version of our HTTP server framework makes it even more versatile than it was before and introduces several improvements and fixes.

The single most important addition to Arachnida in this version is the new JSON parser/generator. Like Arachnida, it uses the Acari library for its components optimized for parsing, and integrates seamlessly with the rest of the framework.

The JSON parser, which can be used without using Arachnida and will be available separately, is designed specifically with industrial embedded devices in mind. It can parse JSON text from a wide variety of sources and provide access to its contents using a straight-forward, easy to understand C++ API.

Version 2.1 further includes:

  • Improved support for systems that do not have non-blocking sockets
  • Improved support for 64-bit systems
  • Improved support for IPv6
  • Improved support for integration with software that does not use exceptions
  • Better integration with the diverse Vlinder Software memory allocators

Version 2.0 introduced:

  • support for more operating systems, including Windows CE 4.2, 6.0 and Windows Embedded Compact 7 (as well as other OSs in the Windows family and many POSIX-based embedded platforms)
  • support for more hardware architectures, including x86-64, ARM and, of course, x86
  • better performance: both speed increases and reduced memory footprint
  • better integration with Vlinder Software memory allocators so you can fine-tune your memory usage
  • new build system: we now use CMake to generate native project files, Makefiles, etc. for each target platform
  • better documentation: we’ve revised and partly rewritten large parts of the documentation


Aside from the changes mentioned above, what are the most important fixes in this version? Two security bulletins, neither of which exploitable, we’re addressed in version 2.1 and are being released today. Both of them were found during regular security review in version 2.0.00 and all affected customers already have fixes (version 2.0.01 was released for this purpose). Both were the result of a bug in the implementation of the copy-on-write algorithm used in our String class, which is optimized for parsing.

Why were these two security bulletins not released before today? We had to make sure that the risk of the security issue existing in the wild as contained before making the issue public: known users of version 2.0.00, including users of the Community Edition, had to be contacted and provided with the fix, which was part of version 2.0.01. Even though neither issue is likely to be remotely exploitable, we take security issues very seriously: before publicly releasing a security bulletin, we make sure our known users have a fix, or are aware of the problem and the risks involved. You should know, however, that security issues are very rare in our software, thanks to the rigorous review processes that our software is subjected to. While those processes mean that changes to our software are often seen as slow and incremental, we credit them with the reliability of our software products.

What editions are being released today? Vlinder Software is releasing the usual Basic, Standard and Premium editions as well as a new Individual edition of the software. Trial versions and licenses are available as of today.

What is the new Individual edition? The new Individual edition is intended for software professionals, such as consultants and individual software developers, that need an HTTP server for a software project. It is a single-seat, single-platform, non-transferable license with unlimited duration and the usual one year (renewable) support. It includes 1 support ticket and commercial updates for the duration of the support plan.

What is the pricing for the Individual edition? The budget price for the individual edition is set at $ 250.

Is the Individual edition available to larger companies? It’s a single-seat non-transferable license, so a larger company would only be able to have a single person use the software, and would have to buy a new license when that person leaves the company. This is not ideal for larger businesses, but that doesn’t mean they can’t decide to go that way.

Will a Community Edition of version 2.1 be available? Vlinder Software policy is to release a Community Edition of eligible software six months after commercial versions are released, or when a superseding version is released (which ever comes first) unless there are known security issues with the software. A Community Edition of erosion 2.1 will therefore be available as of December 2013 unless we find security issues with this version.

Why was version 2.0 not publicly announced? Version 2.0 was initially released only to a few customers. Version 2.0 was slated for public release in April, but version 2.1 was already under review at that point, so a public release was postponed to concentrate on this version.

Is a Community Edition of version 2.0 available? Yes, the version available is 2.0.01.

Is the new JSON parser/generator ready for use in production? This is the first version of the JSON parser/generator we’re releasing to the public, so we are very cautious with recommending it for production use in an industrial setting: while we are confident about the quality of the software, we will want to work closely with our first customers to make sure the parser/generator suits their needs and is used as we designed it to be. Sometimes, different interpretations of APIs and documentation can lead to unexpected bugs, so we want to make sure we got it right.

How does the JSON parser affect pricing? The JSON parser is not part of Arachnida, but is an add-on that is sold separately. Our first few customers will get a special discount and we will work closely with them to make sure everything works as intended.

Why all the extra caution? Vlinder Software makes software for industrial embedded devices. These devices are often safety-critical, are always on and don’t tolerate down-time. Often, these devices are deployed in strictly regulated settings. We need to be extra careful when deploying new software to such a context, no matter how well-prepared we may believe we are. Our policies dictate that new software be deployed in a controlled manner, to one customer at a time, that we seek feed-back from those customers and adjust either the software, the documentation, or both, according to that feed-back. We only make software widely available once we have gone through the process of integrating with other software.

Where can I get the software? Download links will be posted soon. In the mean time, you can contact Vlinder Software Support to have the software sent to you.

Why the delay — why not post download links now? We want to make sure our current customers get the personalized information they need for their specific solutions: deploying a new version of software for industrial embedded devices is a bit more involved that just downloading and compiling it: changes need to be documented, often in client-specific formats designed to comply with specific regulatory requirements, and a risk assessment needs to be performed so our clients can decide when and how to deploy the new software. We are contacting our customers to let them know the new version is available and that we’re ready to work with them to make the upgrade as smooth as possible, and we invite them to contact us if they read this announcement before we can get in contact. Simply posting a download link would not provide the quality of service our customers have come to expect of Vlinder Software.