Rad Studio
[+] : Added Support for Rad Studio 13.1: the new platform WinARM64EC is supported.[+] : New TsgcWSFirewall component: full-featured firewall for WebSocket servers with IP blacklist/whitelist (CIDR support), brute force protection with auto-ban, SQL injection detection, XSS detection, rate limiting, and flood protection.
[+] : New Demo for Server Firewall: shows the main features of the new Firewall and is located in the folder: "Demos\04.WebSocket_Other_Samples\13.Firewall".
[+] : New Demo for HTTP/2 Large File Transfer: server + client demo for testing 1GB+ file downloads via HTTP/2, located in "Demos\20.HTTP_Protocol\13.HTTP2_LargeFile_Transfer".
[+] : New HTTP/2 debug logging: frame send/receive, WINDOW_UPDATE increments, and streaming chunk reads are logged via LoggerPro when {$DEFINE SGC_DEBUG} is enabled in sgcVer.inc.
[+] : Improved MQTT Client: new property RcvMsg to get access to the latest MQTT message received from the server.
[+] : New TsgcTCPClient component: full-featured TCP client based on the WebSocket client infrastructure, supporting TLS/SSL, proxy, watchdog and protocol integration. Protocols (MQTT, AMQP, STOMP, WAMP, etc.) can now use either TsgcTCPClient or TsgcWebSocketClient via their Client property.
[+] : New OAuth2 Client Token Revocation support (RFC 7009): Revoke() method with OnBeforeRevokeToken, OnAfterRevokeToken, and OnRevokeTokenError events.
[+] : New OAuth2 Client Token Introspection support (RFC 7662): Introspect() method with OnBeforeIntrospectToken, OnAfterIntrospectToken, and OnIntrospectTokenError events.
[+] : New OAuth2 Client Device Authorization Grant (RFC 8628): auth2DeviceCode grant type with automatic polling, OnDeviceCode and OnDeviceCodeExpired events.
[+] : New OAuth2 Server Token Revocation endpoint (RFC 7009): /sgc/oauth2/revoke with OnOAuth2AfterRevokeToken event.
[+] : New OAuth2 Server Token Introspection endpoint (RFC 7662): /sgc/oauth2/introspect with OnOAuth2AfterIntrospectToken event.
[+] : New OAuth2 Server Device Authorization endpoint (RFC 8628): /sgc/oauth2/device and /sgc/oauth2/device/verify with OnOAuth2DeviceAuthorization and OnOAuth2DeviceCodeVerification events.
[+] : New OAuth2 Server Resource Owner Password Credentials grant handling (password grant_type).
[+] : New OAuth2 Server Device Code token exchange (urn:ietf:params:oauth:grant-type:device_code grant_type).
[+] : New OAuth2 Client DPoP support (RFC 9449): sender-constrained tokens via DPoPOptions with ES256/RS256 signing, automatic DPoP proof JWT generation, JWK thumbprint calculation (RFC 7638), and DPoP-Nonce retry handling.
[+] : New OAuth2 Client DPoP methods: GetDPoPProof() for resource requests, GetDPoPJWKThumbprint() for token binding verification.
[+] : New OAuth2 Server DPoP support (RFC 9449): DPoP proof validation, JWK thumbprint token binding, token_type DPoP issuance, and OnOAuth2ValidateDPoP event.
[+] : Improved Deflate extension: the speed has been improved specially for small messages. (Thanks to Michael for the fix).
[+] : New TsgcWebView2 component: visual VCL wrapper for Microsoft Edge WebView2 with navigation, JavaScript (async/sync/init scripts), cookie management, download control, profile management, print, audio/mute, certificate handling, context menus, favicon, virtual host mapping, screenshot capture, and 20+ events. Supports Delphi 7 through Delphi 13.
[+] : New Demo for WebView2 Browser: shows navigation, JavaScript execution, cookies, print, mute, clear data, virtual host mapping and event logging. Located in "Demos\50.Other\WebView2_Browser".
[+] : New Gemini API: Google Gemini integration with Content Generation (with streaming), Vision, Structured JSON Output, Tool Use (function calling), Token Counting, Embeddings, and Model listing.
[+] : New DeepSeek API: DeepSeek integration with Chat Completions (with streaming), Vision, Tool Use (function calling), and Model listing.
[+] : New Ollama API: Ollama local LLM integration with Chat Completions (with streaming), Model Management (show, pull, delete, list tags), and Embeddings.
[+] : New Grok API: xAI Grok integration with Chat Completions (with streaming), Vision, Tool Use (function calling), and Model listing.
[+] : New Mistral API: Mistral AI integration with Chat Completions (with streaming), Vision, Structured JSON Output, Tool Use (function calling), Embeddings, and Model listing.
[*] : Fixed HTTP/2 server-side streaming for large responses: Eliminates out-of-memory crashes when serving large files and reduces peak server memory.
[*] : Fixed HTTP/2 client-side memory reallocation when receiving large responses: payload buffer now uses a capacity growth strategy with platform-specific caps (128 MB on Win32, 1 GB on Win64) instead of reallocating on every DATA frame.
[*] : Fixed HTTP/2 SSL write deadlock on large file transfers: WINDOW_UPDATEs are now queued and flushed between read iterations instead of being written inline during frame processing, preventing both client and server from blocking simultaneously on SSL_write.
[*] : Fixed HTTP/2 Integer overflow for files larger than 2 GB: changed FrameLength, Offset, WindowSize, PayLoadCapacity, ReadWindowSize, and flow control accumulators from Integer to Int64.
[*] : Fixed HTTP/2 stream state: RST_STREAM frames received on idle streams (after stream cleanup) now gracefully transition to closed instead of raising a PROTOCOL_ERROR.
[*] : Fixed HPACK encoder: GetBestMatchingIndex now correctly returns static table name-only matches, preventing compression errors on HTTP/2 connections.
[*] : Fixed HPACK encoder: Huffman bit mask uses correct shift-left operation.
[*] : Fixed HPACK decoder: byte count and available bytes calculations now correctly account for the buffer offset.
[*] : Fixed SetBytesFromInteger: intermediate byte extractions now masked with $FF to prevent range check errors on values like WINDOW_UPDATE increments.
[*] : Fixed typed pointer incompatibilities when compiling with the option active "Typed @ operator".
[*] : Fixed JWT RSA signing: vLength parameter in DoSignRSA was declared as Integer instead of TIdNativeUInt, causing potential stack corruption on 64-bit platforms. (Thanks to Gabriel for the fix).
[*] : Fixed Win64 pointer truncation in sgcHTTP_API_OpenAI: mciSendCommand calls used Cardinal() cast on pointers, replaced with NativeUInt().
[*] : Fixed OAuth2 Server: SetOAuth2Options memory leak fixed.
[*] : Fixed AWS Signature V4: fixed query string parameter sorting in canonical request.
[*] : Fixed Bitfinex access violation when unsubscribe from a channel.
[*] : Fixed memory leaks in Indy Servers caused by thread-unsafe lazy initialization of FSpecifications and FConnections fields. Concurrent Indy worker threads could race on creation, orphaning instances.
[/] : The OnMQTTPublishEx event has changed the signature adding a new parameter aMessage of type TsgcWSMQTTMessage.
.NET
[+] : New TsgcWSFirewall component: full-featured firewall for WebSocket servers with IP blacklist/whitelist (CIDR support), brute force protection with auto-ban, SQL injection detection, XSS detection, rate limiting, and flood protection.[+] : New Demo for Server Firewall: shows the main features of the new Firewall and is located in the folder: "Demos\04.WebSocket_Other_Samples\13.Firewall".
[+] : New Demo for HTTP/2 Large File Transfer: server + client demo for testing 1GB+ file downloads via HTTP/2, located in "Demos\20.HTTP_Protocol\13.HTTP2_LargeFile_Transfer".
[+] : New OAuth2 Client Token Revocation support (RFC 7009): Revoke() method with OnBeforeRevokeToken, OnAfterRevokeToken, and OnRevokeTokenError events.
[+] : New OAuth2 Client Token Introspection support (RFC 7662): Introspect() method with OnBeforeIntrospectToken, OnAfterIntrospectToken, and OnIntrospectTokenError events.
[+] : New OAuth2 Client Device Authorization Grant (RFC 8628): auth2DeviceCode grant type with automatic polling, OnDeviceCode and OnDeviceCodeExpired events.
[+] : New OAuth2 Server Token Revocation endpoint (RFC 7009): /sgc/oauth2/revoke with OnOAuth2AfterRevokeToken event.
[+] : New OAuth2 Server Token Introspection endpoint (RFC 7662): /sgc/oauth2/introspect with OnOAuth2AfterIntrospectToken event.
[+] : New OAuth2 Server Device Authorization endpoint (RFC 8628): /sgc/oauth2/device and /sgc/oauth2/device/verify with OnOAuth2DeviceAuthorization and OnOAuth2DeviceCodeVerification events.
[+] : New OAuth2 Server Resource Owner Password Credentials grant handling (password grant_type).
[+] : New OAuth2 Server Device Code token exchange (urn:ietf:params:oauth:grant-type:device_code grant_type).
[+] : New OAuth2 Client DPoP support (RFC 9449): sender-constrained tokens via DPoPOptions with ES256/RS256 signing, automatic DPoP proof JWT generation, JWK thumbprint calculation (RFC 7638), and DPoP-Nonce retry handling.
[+] : New OAuth2 Client DPoP methods: GetDPoPProof() for resource requests, GetDPoPJWKThumbprint() for token binding verification.
[+] : New OAuth2 Server DPoP support (RFC 9449): DPoP proof validation, JWK thumbprint token binding, token_type DPoP issuance, and OnOAuth2ValidateDPoP event.
[+] : Improved Deflate extension: the speed has been improved specially for small messages. (Thanks to Michael for the fix).
[+] : New Gemini API: Google Gemini integration with Content Generation (with streaming), Vision, Structured JSON Output, Tool Use (function calling), Token Counting, Embeddings, and Model listing.
[+] : New DeepSeek API: DeepSeek integration with Chat Completions (with streaming), Vision, Tool Use (function calling), and Model listing.
[+] : New Ollama API: Ollama local LLM integration with Chat Completions (with streaming), Model Management (show, pull, delete, list tags), and Embeddings.
[+] : New Grok API: xAI Grok integration with Chat Completions (with streaming), Vision, Tool Use (function calling), and Model listing.
[+] : New Mistral API: Mistral AI integration with Chat Completions (with streaming), Vision, Structured JSON Output, Tool Use (function calling), Embeddings, and Model listing.
[*] : Fixed HTTP/2 server-side streaming for large responses: Eliminates out-of-memory crashes when serving large files and reduces peak server memory.
[*] : Fixed HTTP/2 client-side memory reallocation when receiving large responses: payload buffer now uses a capacity growth strategy with platform-specific caps (128 MB on Win32, 1 GB on Win64) instead of reallocating on every DATA frame.
[*] : Fixed HTTP/2 SSL write deadlock on large file transfers: WINDOW_UPDATEs are now queued and flushed between read iterations instead of being written inline during frame processing, preventing both client and server from blocking simultaneously on SSL_write.
[*] : Fixed HTTP/2 Integer overflow for files larger than 2 GB: changed FrameLength, Offset, WindowSize, PayLoadCapacity, ReadWindowSize, and flow control accumulators from Integer to Int64.
[*] : Fixed HTTP/2 stream state: RST_STREAM frames received on idle streams (after stream cleanup) now gracefully transition to closed instead of raising a PROTOCOL_ERROR.
[*] : Fixed HPACK encoder: GetBestMatchingIndex now correctly returns static table name-only matches, preventing compression errors on HTTP/2 connections.
[*] : Fixed HPACK encoder: Huffman bit mask uses correct shift-left operation.
[*] : Fixed HPACK decoder: byte count and available bytes calculations now correctly account for the buffer offset.
[*] : Fixed SetBytesFromInteger: intermediate byte extractions now masked with $FF to prevent range check errors on values like WINDOW_UPDATE increments.
[*] : Fixed typed pointer incompatibilities when compiling with the option active "Typed @ operator".
[*] : Fixed JWT RSA signing: vLength parameter in DoSignRSA was declared as Integer instead of TIdNativeUInt, causing potential stack corruption on 64-bit platforms. (Thanks to Gabriel for the fix).
[*] : Fixed Win64 pointer truncation in sgcHTTP_API_OpenAI: mciSendCommand calls used Cardinal() cast on pointers, replaced with NativeUInt().
[*] : Fixed OAuth2 Server: SetOAuth2Options memory leak fixed.
[*] : Fixed Bitfinex access violation when unsubscribe from a channel.
[*] : Fixed memory leaks in Indy Servers caused by thread-unsafe lazy initialization of FSpecifications and FConnections fields. Concurrent Indy worker threads could race on creation, orphaning instances.