0.32.1
Increased timeout in ServiceInfo.request to handle loaded systems
It can take a few seconds for a loaded system to run the async_request coroutine when the event loop is busy, or the system is CPU bound (example being Home Assistant startup). We now add an additional _LOADED_SYSTEM_TIMEOUT (10s) to the run_coroutine_threadsafe calls to ensure the coroutine has the total amount of time to run up to its internal timeout (default of 3000ms).
Ten seconds is a bit large of a timeout; however, it is only used in cases where we wrap other timeouts. We now expect the only instance the run_coroutine_threadsafe result timeout will happen in a production circumstance is when someone is running a ServiceInfo.request() in a thread and another thread calls Zeroconf.close() at just the right moment that the future is never completed unless the system is so loaded that it is nearly unresponsive.
The timeout for run_coroutine_threadsafe is the maximum time a thread can cleanly shut down when zeroconf is closed out in another thread, which should always be longer than the underlying thread operation.
1.9.6 Change Log:
Added in the TLS 1.3 Cipher Suite from the RFC 8446 dated August 2018
Added support for Linux cooked capture v2, SLL2.
1.9.5 Changelog:
- New example showing how to process truncated DNS packets (examples/print_dns_truncated.py).
- Corrected typo in BGP.notification attribute.
- BGP.Update.Attribute.MPReachNLRI.SNPA now inherits from dpkt.Packet.
- Byteorder is now specified when packing GRE optional fields.
- Improvement to Radiotap class, supporting multi-byte and misaligned flags fields. Endianness is now enforced.
- Github issue template added for bug reporting.
- Compliance with flake8 formatting.
- asn1.py::utctime method now returns time in UTC, instead of local.
- Allow multiple InterfaceDescriptionBlocks with pcapng.Writer.
- SCTP decoder DATA chunk padding aligned to 4-bytes, and improved handling of .data field.
- IEEE80211 DELBA frame now works on big and little-endian architectures.
- Introduce compat.ntole which converts from network byte order to little-endian byte order, regardless of host endianness.
- Ethernet class now attempts to unpack the padding and trailer if present.
- Added anonymous property to cipher suites, which returns True if the cipher suite starts with 'anon'.
- Added pfs (Perfect Forward Secrecy) and aead (Authenticated Encryption with Additional Data) properties to cipher suites.
- Added old CHACHA20-POLY1305 related cipher suites to TLS CipherSuite list.
- Remove redundant num_compression_methods from TLSClientHello
- Testing improved from 90% coverage to over 99%.
0.32.0
This release offers 100% line and branch coverage.
Made ServiceInfo first question QU
We want an immediate response when requesting with ServiceInfo by asking a QU question; most responders will not delay the response and respond right away to our question. This also improves compatibility with split networks as we may not have been able to see the response otherwise. If the responder has not multicast the record recently, it may still choose to do so in addition to responding via unicast
Reduces traffic when there are multiple zeroconf instances running on the network running ServiceBrowsers
If we don't get an answer on the first try, we ask a QM question in the event, we can't receive a unicast response for some reason
This change puts ServiceInfo inline with ServiceBrowser which also asks the first question as QU since ServiceInfo is commonly called from ServiceBrowser callbacks
Limited duplicate packet suppression to 1s intervals
Only suppress duplicate packets that happen within the same second. Legitimate queriers will retry the question if they are suppressed. The limit was reduced to one second to be in line with rfc6762
Made multipacket known answer suppression per interface
The suppression was happening per instance of Zeroconf instead of per interface. Since the same network can be seen on multiple interfaces (usually and wifi and ethernet), this would confuse the multi-packet known answer supression since it was not expecting to get the same data more than once
New ServiceBrowsers now request QU in the first outgoing when unspecified
https://datatracker.ietf.org/doc/html/rfc6762#section-5.4 When we start a ServiceBrowser and zeroconf has just started up, the known answer list will be small. By asking a QU question first, it is likely that we have a large known answer list by the time we ask the QM question a second later (current default which is likely too low but would be a breaking change to increase). This reduces the amount of traffic on the network, and has the secondary advantage that most responders will answer a QU question without the typical delay answering QM questions.
IPv6 link-local addresses are now qualified with scope_id
When a service is advertised on an IPv6 address where the scope is link local, i.e. fe80::/64 (see RFC 4007) the resolved IPv6 address must be extended with the scope_id that identifies through the "%" symbol the local interface to be used when routing to that address. A new API parsed_scoped_addresses() is provided to return qualified addresses to avoid breaking compatibility on the existing parsed_addresses().
Network adapters that are disconnected are now skipped
Fixed listeners missing initial packets if Engine starts too quickly
When manually creating a zeroconf.Engine object, it is no longer started automatically. It must manually be started by calling .start() on the created object.
The Engine thread is now started after all the listeners have been added to avoid a race condition where packets could be missed at startup.
Fixed answering matching PTR queries with the ANY query
Fixed lookup of uppercase names in the registry
If the ServiceInfo was registered with an uppercase name and the query was for a lowercase name, it would not be found and vice-versa.
Fixed unicast responses from any source port
Unicast responses were only being sent if the source port was 53, this prevented responses when testing with dig:
dig -p 5353 @224.0.0.251 media-12.local
The above query will now see a response
Fixed queries for AAAA records not being answered
Removed second level caching from ServiceBrowsers
The ServiceBrowser had its own cache of the last time it saw a service that was reimplementing the DNSCache and presenting a source of truth problem that lead to unexpected queries when the two disagreed.
Fixed server cache not being case-insensitive
If the server name had uppercase chars and any of the matching records were lowercase, and the server would not be found
Fixed cache handling of records with different TTLs
There should only be one unique record in the cache at a time as having multiple unique records will different TTLs in the cache can result in unexpected behavior since some functions returned all matching records and some fetched from the right side of the list to return the newest record. Instead we now store the records in a dict to ensure that the newest record always replaces the same unique record, and we never have a source of truth problem determining the TTL of a record from the cache.
Fixed ServiceInfo with multiple A records
If there were multiple A records for the host, ServiceInfo would always return the last one that was in the incoming packet, which was usually not the one that was wanted.
Fixed stale unique records expiring too quickly
Records now expire 1s in the future instead of instant removal.
tools.ietf.org/html/rfc6762#section-10.2 Queriers receiving a Multicast DNS response with a TTL of zero SHOULD NOT immediately delete the record from the cache, but instead record a TTL of 1 and then delete the record one second later. In the case of multiple Multicast DNS responders on the network described in Section 6.6 above, if one of the responders shuts down and incorrectly sends goodbye packets for its records, it gives the other cooperating responders one second to send out their own response to "rescue" the records before they expire and are deleted.
Fixed exception when unregistering a service multiple times
Added an AsyncZeroconfServiceTypes to mirror ZeroconfServiceTypes to zeroconf.asyncio
Fixed interface_index_to_ip6_address not skiping ipv4 adapters
Added async_unregister_all_services to AsyncZeroconf
Fixed services not being removed from the registry when calling unregister_all_services
There was a race condition where a query could be answered for a service in the registry, while goodbye packets which could result in a fresh record being broadcast after the goodbye if a query came in at just the right time. To avoid this, we now remove the services from the registry right after we generate the goodbye packet
Fixed zeroconf exception on load when the system disables IPv6
Fixed the QU bit missing from for probe queries
The bit should be set per datatracker.ietf.org/doc/html/rfc6762#section-8.1
Fixed the TC bit missing for query packets where the known answers span multiple packets
Fixed packets not being properly separated when exceeding maximum size
Ensure that questions that exceed the max packet size are moved to the next packet. This fixes DNSQuestions being sent in multiple packets in violation of: datatracker.ietf.org/doc/html/rfc6762#section-7.2
Ensure only one resource record is sent when a record exceeds _MAX_MSG_TYPICAL datatracker.ietf.org/doc/html/rfc6762#section-17
Fixed PTR questions asked in uppercase not being answered
Added Support for context managers in Zeroconf and AsyncZeroconf
Implemented an AsyncServiceBrowser to compliment the sync ServiceBrowser
Added async_get_service_info to AsyncZeroconf and async_request to AsyncServiceInfo
Implemented allowing passing in a sync Zeroconf instance to AsyncZeroconf
Fixed IPv6 setup under MacOS when binding to ""
Fixed ZeroconfServiceTypes.find not always cancels the ServiceBrowser
There was a short window where the ServiceBrowser thread could be left running after Zeroconf is closed because the .join() was never waited for when a new Zeroconf object was created
Fixed duplicate packets triggering duplicate updates
If TXT or SRV records update was already processed and then received again, it was possible for a second update to be called back in the ServiceBrowser
Fixed ServiceStateChange.Updated event happening for IPs that already existed
Fixed RFC6762 Section 10.2 paragraph 2 compliance
Reduced length of ServiceBrowser thread name with many types
Fixed empty answers being added in ServiceInfo.request
Fixed ServiceInfo not populating all AAAA records
Use get_all_by_details to ensure all records are loaded into addresses.
Only load A/AAAA records from the cache once in load_from_cache if there is a SRV record present
Move duplicate code that checked if the ServiceInfo was complete into its own function
Fixed a case where the cache list can change during iteration
Return task objects created by AsyncZeroconf
Traffic Reduction:
Added support for handling QU questions
Implements RFC 6762 sec 5.4: Questions Requesting Unicast Responses datatracker.ietf.org/doc/html/rfc6762#section-5.4
Implemented protect the network against excessive packet flooding
Additionals are now suppressed when they are already in the answers section
Additionals are no longer included when the answer is suppressed by known-answer suppression
Implemented multi-packet known answer supression
Implements datatracker.ietf.org/doc/html/rfc6762#section-7.2
Implemented efficient bucketing of queries with known answers
Implemented duplicate question suppression
http://datatracker.ietf.org/doc/html/rfc6762#section-7.3
Technically backwards incompatible:
Update internal version check to match docs (3.6+)
Python version earlier then 3.6 were likely broken with zeroconf already, however, the version is now explicitly checked.
Update python compatibility as PyPy3 7.2 is required
Backwards incompatible:
Drop oversize packets before processing them
Oversized packets can quickly overwhelm the system and deny service to legitimate queriers. In practice, this is usually due to broken mDNS implementations rather than malicious actors.
Guard against excessive ServiceBrowser queries from PTR records significantly lowerthan recommended
We now enforce a minimum TTL for PTR records to avoid ServiceBrowsers generating excessive queries refresh queries. Apple uses a 15s minimum TTL, however, we do not have the same level of rate limit and safeguards, so we use 1/4 of the recommended value.
RecordUpdateListener now uses async_update_records instead of update_record
This allows the listener to receive all the records that have been updated in a single transaction such as a packet or cache expiry.
update_record has been deprecated in favor of async_update_records A compatibility shim exists to ensure classes that use RecordUpdateListener as a base class continue to have update_record called, however, they should be updated as soon as possible.
A new method async_update_records_complete is now called on each listener when all listeners have completed processing updates and the cache has been updated. This allows ServiceBrowsers to delay calling handlers until they are sure the cache has been updated as its a common pattern to call for ServiceInfo when a ServiceBrowser handler fires.
The async_ prefix was chosen to make it clear that these functions run in the eventloop and should never do blocking I/O. Before 0.32+ these functions ran in a select() loop and should not have been doing any blocking I/O, but it was not clear to implementors that I/O would block the loop.
Pass both the new and old records to async_update_records
Pass the old_record (cached) as the value and the new_record (wire) to async_update_records instead of forcing each consumer to check the cache since we will always have the old_record when generating the async_update_records call. This avoids the overhead of multiple cache lookups for each listener.
3.6.1:
Modified
Support deprecated method_whitelist parameter in urllib3.util.retry.Retry for urllib3<1.26
Fix support of registered domains for INWX provider
Update mypy and use external types modules
Changes in version 0.4.6.6 - 2021-06-30
Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that
allows Tor to build correctly on older versions of GCC. You should
upgrade to this version if you were having trouble building Tor
0.4.6.5; otherwise, there is probably no need.
o Minor bugfixes (compilation):
- Fix a compilation error when trying to build Tor with a compiler
that does not support const variables in static initializers.
Fixes bug 40410; bugfix on 0.4.6.5.
- Suppress a strict-prototype warning when building with some
versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing):
- Enable the deterministic RNG for unit tests that covers the
address set bloomfilter-based API's. Fixes bug 40419; bugfix
on 0.3.3.2-alpha.
GitHub CLI 1.12.1
-----------------
* Fix bug where branchProtectionRule doesn't exist in enterprise 2.22
* fix repo create in org with license/ignore
GitHub CLI 1.12.0
-----------------
HELLO and welcome back to GitHub on the command line.
This is a pretty cool release.
gh browse
Taking inspiration from hub, we've added gh browse. This is a multipurpose
command for getting from your terminal to your browser.
My favorite use is to open up lines of code for sharing with others:
gh browse pkg/cmd/repo/garden/garden.go:520
You can also get directly to a repo's settings:
gh browse --settings
The command can do much more, check out gh browse -h!
We're also excited to shout out the contributors who made this new feature
possible, a group of students in the MinT program.
Add .gitignore and LICENSE when creating repositories
When creating a repository from scratch (gh repo create mycoolrepo), you can
now select from GitHub's .gitignore and LICENSE templates to include with the
new repository.
Connect via a unix socket
A new config value http_unix_socket can be configured to a local path to push
all of gh's traffic over a socket.
GitHub CLI 1.11.0
-----------------
* Add support for environment secrets
* run list: add "age" column and columns headers in output
* Add support for XDG Base Directory specification
Additionally, the default configuration location on Windows is now changed
from ~/.config/gh/ to %AppData%.
* Include number alongside the title in issue/pr view
GitHub CLI 1.10.0
-----------------
Improvements to JSON exporting
* Add gh repo list/view --json support
* Add gh release view --json support
* Fixes numerous issues with gh pr list/view --json support
+ fetching closed field
+ fetching date fields like createdAt or mergedAt
+ fetching files field
* Fix exporting milestone field for issues and PRs
* Add commits field to JSON export for PRs
* Show more than 100 comments in gh issue view --json comments
* Add shell completion for valid --json flag values
New Features
* Add gh repo fork --org option
* Allow passinggh alias set value via standard input
* Prompt for value in gh secret set
* Update gh api placeholder syntax to {owner}, {repo} to match GitHub API
documentation
* Extend our package repository to support Ubuntu Hirsute and Kali linux
Changes in version 0.4.6.5 - 2021-06-14
Tor 0.4.6.5 is the first stable release in its series. The 0.4.6.x
series includes numerous features and bugfixes, including a significant
improvement to our circuit timeout algorithm that should improve
observed client performance, and a way for relays to report when they are
overloaded.
This release also includes security fixes for several security issues,
including a denial-of-service attack against onion service clients,
and another denial-of-service attack against relays. Everybody should
upgrade to one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
o Major bugfixes (security):
- Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
half-closed streams. Previously, clients failed to validate which
hop sent these cells: this would allow a relay on a circuit to end
a stream that wasn't actually built with it. Fixes bug 40389;
bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
003 and CVE-2021-34548.
o Major bugfixes (security, defense-in-depth):
- Detect more failure conditions from the OpenSSL RNG code.
Previously, we would detect errors from a missing RNG
implementation, but not failures from the RNG code itself.
Fortunately, it appears those failures do not happen in practice
when Tor is using OpenSSL's default RNG implementation. Fixes bug
40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
o Major bugfixes (security, denial of service):
- Resist a hashtable-based CPU denial-of-service attack against
relays. Previously we used a naive unkeyed hash function to look
up circuits in a circuitmux object. An attacker could exploit this
to construct circuits with chosen circuit IDs, to create
collisions and make the hash table inefficient. Now we use a
SipHash construction here instead. Fixes bug 40391; bugfix on
0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
- Fix an out-of-bounds memory access in v3 onion service descriptor
parsing. An attacker could exploit this bug by crafting an onion
service descriptor that would crash any client that tried to visit
it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
Glazunov from Google's Project Zero.
o Major features (control port, onion services):
- Add controller support for creating version 3 onion services with
client authorization. Previously, only v2 onion services could be
created with client authorization. Closes ticket 40084. Patch by
Neel Chauhan.
o Major features (directory authority):
- When voting on a relay with a Sybil-like appearance, add the Sybil
flag when clearing out the other flags. This lets a relay operator
know why their relay hasn't been included in the consensus. Closes
ticket 40255. Patch by Neel Chauhan.
o Major features (metrics):
- Relays now report how overloaded they are in their extrainfo
documents. This information is controlled with the
OverloadStatistics torrc option, and it will be used to improve
decisions about the network's load balancing. Implements proposal
328; closes ticket 40222.
o Major features (relay, denial of service):
- Add a new DoS subsystem feature to control the rate of client
connections for relays. Closes ticket 40253.
o Major features (statistics):
- Relays now publish statistics about the number of v3 onion
services and volume of v3 onion service traffic, in the same
manner they already do for v2 onions. Closes ticket 23126.
o Major bugfixes (circuit build timeout):
- Improve the accuracy of our circuit build timeout calculation for
60%, 70%, and 80% build rates for various guard choices. We now
use a maximum likelihood estimator for Pareto parameters of the
circuit build time distribution, instead of a "right-censored
estimator". This causes clients to ignore circuits that never
finish building in their timeout calculations. Previously, clients
were counting such unfinished circuits as having the highest
possible build time value, when in reality these circuits most
likely just contain relays that are offline. We also now wait a
bit longer to let circuits complete for measurement purposes,
lower the minimum possible effective timeout from 1.5 seconds to
10ms, and increase the resolution of the circuit build time
histogram from 50ms bin widths to 10ms bin widths. Additionally,
we alter our estimate Xm by taking the maximum of the top 10 most
common build time values of the 10ms histogram, and compute Xm as
the average of these. Fixes bug 40168; bugfix on 0.2.2.14-alpha.
- Remove max_time calculation and associated warning from circuit
build timeout 'alpha' parameter estimation, as this is no longer
needed by our new estimator from 40168. Fixes bug 34088; bugfix
on 0.2.2.9-alpha.
o Major bugfixes (signing key):
- In the tor-gencert utility, give an informative error message if
the passphrase given in `--create-identity-key` is too short.
Fixes bug 40189; bugfix on 0.2.0.1-alpha. Patch by Neel Chauhan.
o Minor features (bridge):
- We now announce the URL to Tor's new bridge status at
https://bridges.torproject.org/ when Tor is configured to run as a
bridge relay. Closes ticket 30477.
o Minor features (build system):
- New "make lsp" command to auto generate the compile_commands.json
file used by the ccls server. The "bear" program is needed for
this. Closes ticket 40227.
o Minor features (client):
- Clients now check whether their streams are attempting to re-enter
the Tor network (i.e. to send Tor traffic over Tor), and close
them preemptively if they think exit relays will refuse them for
this reason. See ticket 2667 for details. Closes ticket 40271.
o Minor features (command line):
- Add long format name "--torrc-file" equivalent to the existing
command-line option "-f". Closes ticket 40324. Patch by
Daniel Pinto.
o Minor features (command-line interface):
- Add build informations to `tor --version` in order to ease
reproducible builds. Closes ticket 32102.
- When parsing command-line flags that take an optional argument,
treat the argument as absent if it would start with a '-'
character. Arguments in that form are not intelligible for any of
our optional-argument flags. Closes ticket 40223.
- Allow a relay operator to list the ed25519 keys on the command
line by adding the `rsa` and `ed25519` arguments to the
--list-fingerprint flag to show the respective RSA and ed25519
relay fingerprint. Closes ticket 33632. Patch by Neel Chauhan.
o Minor features (compatibility):
- Remove an assertion function related to TLS renegotiation. It was
used nowhere outside the unit tests, and it was breaking
compilation with recent alpha releases of OpenSSL 3.0.0. Closes
ticket 40399.
o Minor features (control port, stream handling):
- Add the stream ID to the event line in the ADDRMAP control event.
Closes ticket 40249. Patch by Neel Chauhan.
o Minor features (dormant mode):
- Add a new 'DormantTimeoutEnabled' option to allow coarse-grained
control over whether the client ever becomes dormant from
inactivity. Most people won't need this. Closes ticket 40228.
- Add a new 'DormantTimeoutEnabled' option for coarse-grained
control over whether the client can become dormant from
inactivity. Most people won't need this. Closes ticket 40228.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/06/10.
o Minor features (logging):
- Edit heartbeat log messages so that more of them begin with the
string "Heartbeat: ". Closes ticket 40322; patch
from 'cypherpunks'.
- Change the DoS subsystem heartbeat line format to be more clear on
what has been detected/rejected, and which option is disabled (if
any). Closes ticket 40308.
- In src/core/mainloop/mainloop.c and src/core/mainloop/connection.c,
put brackets around IPv6 addresses in log messages. Closes ticket
40232. Patch by Neel Chauhan.
o Minor features (logging, diagnostic):
- Log decompression failures at a higher severity level, since they
can help provide missing context for other warning messages. We
rate-limit these messages, to avoid flooding the logs if they
begin to occur frequently. Closes ticket 40175.
o Minor features (onion services):
- Add a warning message when trying to connect to (no longer
supported) v2 onion services. Closes ticket 40373.
o Minor features (performance, windows):
- Use SRWLocks to implement locking on Windows. Replaces the
"critical section" locking implementation with the faster
SRWLocks, available since Windows Vista. Closes ticket 17927.
Patch by Daniel Pinto.
o Minor features (protocol, proxy support, defense in depth):
- Close HAProxy connections if they somehow manage to send us data
before we start reading. Closes another case of ticket 40017.
o Minor features (tests, portability):
- Port the hs_build_address.py test script to work with recent
versions of python. Closes ticket 40213. Patch from
Samanta Navarro.
o Minor features (vote document):
- Add a "stats" line to directory authority votes, to report various
statistics that authorities compute about the relays. This will
help us diagnose the network better. Closes ticket 40314.
o Minor bugfixes (build):
- The configure script now shows whether or not lzma and zstd have
been used, not just if the enable flag was passed in. Fixes bug
40236; bugfix on 0.4.3.1-alpha.
o Minor bugfixes (compatibility):
- Fix a failure in the test cases when running on the "hppa"
architecture, along with a related test that might fail on other
architectures in the future. Fixes bug 40274; bugfix
on 0.2.5.1-alpha.
o Minor bugfixes (compilation):
- Fix a compilation warning about unused functions when building
with a libc that lacks the GLOB_ALTDIRFUNC constant. Fixes bug
40354; bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto.
o Minor bugfixes (consensus handling):
- Avoid a set of bugs that could be caused by inconsistently
preferring an out-of-date consensus stored in a stale directory
cache over a more recent one stored on disk as the latest
consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha.
o Minor bugfixes (control, sandbox):
- Allow the control command SAVECONF to succeed when the seccomp
sandbox is enabled, and make SAVECONF keep only one backup file to
simplify implementation. Previously SAVECONF allowed a large
number of backup files, which made it incompatible with the
sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by
Daniel Pinto.
o Minor bugfixes (directory authorities, voting):
- Add a new consensus method (31) to support any future changes that
authorities decide to make to the value of bwweightscale or
maxunmeasuredbw. Previously, there was a bug that prevented the
authorities from parsing these consensus parameters correctly under
most circumstances. Fixes bug 19011; bugfix on 0.2.2.10-alpha.
o Minor bugfixes (ipv6):
- Allow non-SOCKSPorts to disable IPv4, IPv6, and PreferIPv4. Some
rare configurations might break, but in this case you can disable
NoIPv4Traffic and NoIPv6Traffic as needed. Fixes bug 33607; bugfix
on 0.4.1.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (key generation):
- Do not require a valid torrc when using the `--keygen` argument to
generate a signing key. This allows us to generate keys on systems
or users which may not run Tor. Fixes bug 40235; bugfix on
0.2.7.2-alpha. Patch by Neel Chauhan.
o Minor bugfixes (logging, relay):
- Emit a warning if an Address is found to be internal and tor can't
use it. Fixes bug 40290; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (metrics port):
- Fix a bug that made tor try to re-bind() on an already open
MetricsPort every 60 seconds. Fixes bug 40370; bugfix
on 0.4.5.1-alpha.
o Minor bugfixes (onion services, logging):
- Downgrade the severity of a few rendezvous circuit-related
warnings from warning to info. Fixes bug 40207; bugfix on
0.3.2.1-alpha. Patch by Neel Chauhan.
o Minor bugfixes (relay):
- Reduce the compression level for data streaming from HIGH to LOW.
This should reduce the CPU and memory burden for directory caches.
Fixes bug 40301; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing, BSD):
- Fix pattern-matching errors when patterns expand to invalid paths
on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by
Daniel Pinto.
o Code simplification and refactoring:
- Remove the orconn_ext_or_id_map structure and related functions.
(Nothing outside of unit tests used them.) Closes ticket 33383.
Patch by Neel Chauhan.
o Removed features:
- Remove unneeded code for parsing private keys in directory
documents. This code was only used for client authentication in v2
onion services, which are now unsupported. Closes ticket 40374.
- As of this release, Tor no longer supports the old v2 onion
services. They were deprecated last July for security, and support
will be removed entirely later this year. We strongly encourage
everybody to migrate to v3 onion services. For more information,
see https://blog.torproject.org/v2-deprecation-timeline . Closes
ticket 40266. (NOTE: We accidentally released an earlier version
of the 0.4.6.1-alpha changelog without this entry. Sorry for
the confusion!)
o Code simplification and refactoring (metrics, DoS):
- Move the DoS subsystem into the subsys manager, including its
configuration options. Closes ticket 40261.
o Documentation (manual):
- Move the ServerTransport* options to the "SERVER OPTIONS" section.
Closes issue 40331.
- Indicate that the HiddenServiceStatistics option also applies to
bridges. Closes ticket 40346.
- Move the description of BridgeRecordUsageByCountry to the section
"STATISTICS OPTIONS". Closes ticket 40323.
o Removed features (relay):
- Because DirPorts are only used on authorities, relays no longer
advertise them. Similarly, self-testing for DirPorts has been
disabled, since an unreachable DirPort is no reason for a relay
not to advertise itself. (Configuring a DirPort will still work,
for now.) Closes ticket 40282.
This repository holds the code for the main server that Magic-Wormhole
clients connect to. The server performs store-and-forward delivery
for small key-exchange and control messages. Bulk data is sent over
a direct TCP connection, or through a transit-relay.
Clients connect with WebSockets, for low-latency delivery in the
happy case where both clients are attached at the same time. Message
are stored to enable non-simultaneous clients to make forward
progress. The server uses a small SQLite database for persistence
(and clients will reconnect automatically, allowing the server to
be rebooted without losing state). An optional "usage DB" tracks
historical activity for status monitoring and operational maintenance.
This repository implements the Magic-Wormhole "Transit Relay", a
server that helps clients establish bulk-data transit connections
even when both are behind NAT boxes. Each side makes a TCP connection
to this server and presents a handshake. Two connections with
identical handshakes are glued together, allowing them to pretend
they have a direct connection.
This server used to be included in the magic-wormhole repository,
but was split out into a separate repo to aid deployment and
development.
FreeRADIUS 3.0.23
Feature improvements
* Update dictionary.aruba
* Add "set home_server state ... down" in order to mark the
home server as administratively down. Use "alive" to bring
it back to life.
* Add Post-Auth-Type "Client-Lost" which should make it easier
to log when clients stop responding.
* Add sites-available/totp as an example of how to use TOTP.
* Add %{mschap:Domain-Name}.
* Cache TLS messages in &session-state, for more debugging.
* Notes in eap configuration about TLS 1.0 / TLS 1.1, and setting
cipher_list = "DEFAULT@SECLEVEL=1"
* Added MANY warning messages about using TLS 1.3 with EAP.
In short, don't use it. Microsoft will support it in fall 2021.
Bug fixes
* Fix crash in some cases when home server is down, in debug mode.
* Fix (again) "read clients from SQL" functionality.
* Fix sql_map to return values in more situations.
* Silently ignore LEAP configuration instead of erroring out.
FreeRADIUS 3.0.22
Feature improvements
* Many new "unlang" documentation files. See "make docsite"
and then see build/docsite/freeradius-server/*/index.html
* Limited support for dynamic home servers. See proxy.conf
and doc/configuration/dynamic_home_servers.md
* Add support for prepend operator ^=. See "man unlang" for
for details.
* Added rlm_totp, for use with the Google Authenticator app.
See mods-available/totp.
* The default minimum TLS version is now TLS 1.2, as per RFC 8996.
Older versions can be allowed by setting tls_min_version, and
updating "cipher_list".
* Significantly improve the readability and contents of TLS
debug messages.
* Allow CoA and Disconnect messages over TLS sockets.
* Automatically set fragment size / MTU, so that PEAP/EAP-TLS
works, and no longer requires manual changes to the configuration.
* Allow "configurable_client_cert=yes" for EAP-TLS. This should
only be used for a "walled garden". See mods-available/eap
* Add TLS 1.2 support for EAP-Fast. Patches from Alex Clouter.
* Add ca_path_reload_interval option for tls. See mods-available/eap.
* Abfab-tls updates from Alejandro Perez.
* Add "tls_min_version" to ldap module configuration.
* We now support running policies when receiving a RadSec connection.
See sites-available/default, "New-TLS-Connection".
* Update TLS "ecdh_curve" code to allow for multiple curves.
* Allow delta CRLs.
* add rlm_sql_map, which can handle multiple columns from an SQL
query. See raddb/mods-available/sql_map.
* New xlat for setting status of rlm_always instances and new
resource-check example virtual server for manipulating control flow
in unlang policies based on status of some external resource.
Patches from Terry Burton.
* Update radmin to show more information about the home servers
using "show home_server list all".
* The default configuration now replies with EAP-Key-Name, if it
is available, and was requested.
* Include extensions in generated certificates.
* Ignore user-provided dhparams in FIPS mode.
Patch from Alexander Scheel.
* Remove native support for Cisco LEAP. It is insecure, and
should not be used. Proxying LEAP is still supported.
* Allow use of password preparation methods with rlm_eap_pwd.
Patch from Michael Braun.
* Many, many, improvements for DHCP from Nick Porter and Terry Burton.
* More RFC compliance for various corner cases of DHCP,
* Use DHCP-specific schemas.
* Add stored procedures for DHCP lease allocation
* Add support for DHCP-Decline.
* Added mods-available/dhcp_sql which is a DHCP-specific instance
of the SQL module.
* Treat DHCP Discover and Request differently for lease allocation times.
* Add support for PBKDF2 keys.
* Update dictionary.mikrotik, dictionary.aruba, dictionary.paloalto,
dictionary.juniper, dictionary.bskyb,
dictionary.alcatel.sr.
* Update default PostgreSQL schema to use "text" instead of
a fixed-size "varchar".
* Add radmin command "show client list verbose", which gives a lot
more information about each client.
* Add support for EAPS-AKA authentication to rlm_wimax.
* Add rlm_rest support for HTTP/2.
* Add REST-HTTP-Status-Code attribute holding HTTP status code.
* Add option to set http_negotiation in rlm_rest.
* Encode / decode NAS-Filter-Rule according to RFC 4849.
Inside of FreeRADIUS, each NAS-Filter-Rule just looks like
a string. But "on the wire", it follows RFC 4849.
See src/tests/unit/rfc4849.txt
* Allow attributes using old names in configuration files, SQL,
or modules to match attributes in the packet which use
new names.
* Allow querying IPv6 stats via FreeRADIUS-Stats-Client-IPv6-Address
and FreeRADIUS-Stats-Server-IPv6-Address
* Add warnings if there is no "real" User-Name to identify users.
* Add sample configuration to update Stripped-User-Name and/or
Class for user sessions. See sites-available/default
* Add configuration to suppress printing values for User-Name, etc.
See radiusd.conf, "suppress_secrets"
* Support dictionary.telrad, which is also in WiMAX format.
* PEAP 'proxy_tunneled_request_as_eap' is now configurable
at runtime with Proxy-Tunneled-Request-As-EAP.
* Debug output now lists client/server proposed TLS ciphers.
* Add support for TLS1.3, patches from Alexander Clouter
Bug fixes
* Fix long-term double free due to PCRE calling our "free"
function twice.
* Respect the "log_reject" configuration item in more places.
This lowers the number of "Login incorrect"
messages when "log_reject = no".
* Fix rpmbuild for Centos > 6. Patch from Matthew Newton.
* Run Post-Proxy-Type Fail... when all home servers are down.
* Note that rlm_replicate can only use UDP, and not TCP or TLS.
* DHCP pool lookup is now keyed by Client Identifier (Option 61) when
supplied by client, otherwise the hardware address is used. Compliant
with RFC 2132. This change will not affect existing systems on upgrade,
but new installations will use the new behavior.
Patch from Terry Burton.
* Fix minor spelling mistakes in man pages. Patch from
Alexander Scheel.
* Don't print invalid tags in rlm_cache, among other places.
* Do home_server failover immediately when an initial TCP / Radsec
connection fails.
* Port EAP-PWD constant time fixes from "master" branch. The issue
was verified by Mohamed Sabt, and a patch supplied by
Daniel De Almeida Braga.
* Clear error on SQLITE_BUSY to prevent memory leak in corner cases.
Patch from Nick Porter.
* Properly add SQL clients to virtual servers.
* Update documentation for cert generation. Patch from Alexander Scheel.
* Use better API when decoding DHCP packets, to avoid unnecessary work.
This improves performance noticeably.
* Parse locale-dependent dates.
* Strip out "-frecord-gcc-switches" from rlm_python3 configure build.
* Fix radiusd.conf ENV LD_PRELOAD function.
* Update the "sql" module so that it uses fewer handles for group selection,
which means that it is less likely to complain that the
connection pool is exhausted.
* Update the "sql" module to return "ok" when no rows have been updated
for accounting on/off.
* Make the "date" module handle UTC more consistently.
* Check for, and complain about, inconsistent use of tls_min_version
versus disable_tlsv1
* Fix "read client from SQL" code so that it properly ties clients
to a virtual server. Also document the behavior.
* Update / correct data types in dictionary.wimax
* Fix edge case in rlm_rest post decoder which could lead to the value of
a post attribute being lost in the case where the output buffer was completely
full after writing an attribute value, and more attributes needed to be encoded.
Reported by Adrian Smith.
* Fix leak with unknown attributes in detail reader.
* Fix parenting issues in rlm_yubikey.
* Update Mongo examples to be correct.
Notices
* CentOS 6, Debian 8 (Jessie) and Ubuntu 14 (Trusty) are EOL and no
longer supported. Docker files have been removed.
* OCaml 4.12 support
* fsmonitor improvements and Solaris support
* Color support in text UI, with a new preference, disabled by
NO_COLOR.
* Interactive profile selection in text UI, enabled by a new
preference.
* Working files are stored in the unison directory (typically
/.unison) rather than $HOME.
* Build cleanups, CI improvements, housekeeping
* Many bugfixes and minor improvements
This is still the snapshot package, but since a release just happened,
at least catch it up for those following the snapshot.
Upstream changes since the last snapshot update are minor fixes, doc
regen, etc.
fastd is a very small VPN daemon which tunnels IP packets and Ethernet frames
over UDP. It supports various modern encryption and authentication schemes
and can be used in many different network topologies (1:1, 1:n, meshed).
2.4.1
- BUG/MEDIUM: ebtree: Invalid read when looking for dup entry
- BUG/MAJOR: server: prevent deadlock when using 'set maxconn server'
- BUILD/MINOR: opentracing: fixed build when using clang
- BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter
- BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response
- Revert "MEDIUM: http-ana: Deal with L7 retries in HTTP analysers"
- BUG/MINOR: http-ana: Send the right error if max retries is reached on L7 retry
- BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts
- MINOR: http-ana: Perform L7 retries because of status codes in response analyser
- MINOR: cfgparse: Fail when encountering extra arguments in macro
- DOC: intro: Fix typo in starter guide
- BUG/MINOR: server: Missing calloc return value check in srv_parse_source
- BUG/MINOR: peers: Missing calloc return value check in peers_register_table
- BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine
- BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture
- BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare
- BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy
- BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response
- BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule
- BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo
- BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list
- BUG/MINOR: http: Missing calloc return value check while parsing redirect rule
- BUG/MINOR: http: Missing calloc return value check in make_arg_list
- BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree
- CLEANUP: http-ana: Remove useless if statement about L7 retries
- BUG/MINOR: vars: Be sure to have a session to get checks variables
- DOC/MINOR: move uuid in the configuration to the right alphabetical order
- BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry
- MINOR: errors: allow empty va_args for diag variadic macro
- DOC: use the req.ssl_sni in examples
- BUILD: make tune.ssl.keylog available again
- BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future
- Revert "BUG/MINOR: opentracing: initialization after establishing daemon mode"
- BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode
- BUG/MEDIUM: compression: Fix loop skipping unused blocks to get the next block
- BUG/MEDIUM: compression: Properly get the next block to iterate on payload
- BUG/MEDIUM: compression: Add a flag to know the filter is still processing data
- BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush()
- BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location
- MINOR: pools: do not maintain the lock during pool_flush()
- MINOR: pools: call malloc_trim() under thread isolation
- MEDIUM: pools: use a single pool_gc() function for locked and lockless
- BUG/MAJOR: pools: fix possible race with free() in the lockless variant
- CLEANUP: pools: remove now unused seq and pool_free_list
- BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded
- BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default
- CLEANUP: l7-retries: do not test the buffer before calling b_alloc()
- BUG/MINOR: resolvers: answser item list was randomly purged or errors
- MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item
- MEDIUM: resolvers: add a ref between servers and srv request or used SRV record
- BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs
- DOC: lua: Add a warning about buffers modification in HTTP
- BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id
- BUG/MEDIUM: server: extend thread-isolate over much of CLI 'add server'
- BUG/MEDIUM: server: clear dynamic srv on delete from proxy id/name trees
- BUG/MEDIUM: server: do not forget to generate the dynamic servers ids
- BUG/MINOR: server: do not keep an invalid dynamic server in px ids tree
- BUG/MEDIUM: server: do not auto insert a dynamic server in px addr_node
- BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE
- BUG/MINOR: ssl: use atomic ops to update global shctx stats
- BUG/MINOR: mworker: fix typo in chroot error message
- CLEANUP: global: remove unused definition of stopping_task[]
- BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue
- MINOR: backend: only skip LB when there are actual connections
- BUG/MINOR: mux-h1: do not skip the error response on bad requests
- BUG/MINOR: server: explicitly set "none" init-addr for dynamic servers
- MINOR: connection: add helper conn_append_debug_info()
- MINOR: mux-h2/trace: report a few connection-level info during h2_init()
- CLEANUP: mux-h2/traces: better align user messages
- BUG/MINOR: stats: make "show stat typed desc" work again
- MINOR: mux-h2: obey http-ignore-probes during the preface
- BUG/MINOR: mux-h2/traces: bring back the lost "rcvd H2 REQ" trace
- BUG/MINOR: mux-h2/traces: bring back the lost "sent H2 REQ/RES" traces
4.2 Stable
Breakthroughs
Flexible Alert Handling
Added recipients and endpoints to send alerts to different recipients on different channels, including email, Discord, Slack and Elasticsearch
Initial SCADA protocol support
Many internal components of ntopng have been rewritten in order to improve the overall ntopng performance, reduce system load, and capable of processing more data while reducing memory usage with respect to 4.0.
Cybersecurity extensions have been greatly enhanced by leveraging on the latest nDPI enhancements that enabled the creation of several user scripts able to supervise many security aspects of modern systems.
Behavioral traffic analysis and lateral traffic movement detection for finding cybersecurity threats in traffic noise.
Initial Scada support with native IEC 60870-5-104 support. We acknowledge switch.ch for having supported this development.
Consolidation of Suricata and external alerts integration to further open ntopng to the integration of commercial security devices.
SNMP support has been enhanced in terms of speed, SNMPv3 protocol support, and variety of supported devices.
New REST API that enabled the integration of ntopng with third party applications such as CheckMK.
New features
Traffic Behavioral Analysis
Periodic Traffic
Lateral Movements
TLS with self-signed certificates, issuerDN, subjectDN
Support for Industrial IOT and Scada with modbus, DNP3 and IEC60870
Support for attack mitigation via SNMP
Active monitoring
Support for ICMP v4/v6, HTTP, HTTPS and Speedtest
Ability to generate alerts upon unreachable or slow hosts or services
Detection of unexpected servers
DHCP, NTP, SMTP, DNS
Services map
nIndex direct to maximixe flows dump performance
MacOS package
Improvements
Implements per-category indicator of compromise score
Flexible configuration import/export/reset
Ability to import/export/reset all the ntopng configurations or parts of it
Increased nIndex dump throughput by a factor 10
Increased user scripts execution throughput
Massive cleanup/simplifications of plugins to ease community contributions
Improved cardinality estimation (e.g., number of contacted hosts, number of contacted ports) using Hyper-Log-Log
Added DSCP information
Reworked handling of dissected virtual hosts to improve speed and reduce memory
nEdge
Support for hardware bypass
Fixes
Fixed race conditions in view interfaces
Fixed crash when restoring serialized hosts in memory
Fixed conditions causing high CPU load
Fixes CSRF vulnerabilities when POSTing JSON
Fixes heap-use-after-free on HTTP dissected last_url
3.4 Stable
New Features
Completely reworked and extended QUIC dissector
Added flow risk concept to move nDPI towards result interpretation
Added ndpi_dpi2json() API call
Added DGA risk for names that look like a DGA
Added HyperLogLog cardinality estimator API calls
Added ndpi_bin_XXX API calls to handle bin handling
Fully fuzzy tested code that has greatly improved reliability and robustness
New Supported Protocols and Services
QUIC
SMBv1
WebSocket
TLS: added ESNI support
SOAP
DNScrypt
Improvements
Python CFFI bindings
Various TLS extensions and fixes including extendede metadata support
Added various pcap files for testing corner cases in protocols
Various improvements in JSON/Binary data serialization
CiscoVPN
H323
MDNS
MySQL 8
IEC 60870-5-104
DoH/DoT dissection improvements
Office365 renamed to Microsoft365
Major protocol dissection improvement in particular with unknwon traffic
Improvement in Telegram v6 protocol support
HTTP improvements to detect file download/upload and binary files
BitTorrent and WhatsApp dissection improvement
Spotify
Added detection of malformed packets
Fuzzy testing support has been greatly improved
SSH code cleanup
Fixes
Fixed various memory leaks and race conditions in protocol decoding
NATS, CAPWAP dissector
Removed HyperScan support that greatly simplified the code
ARM platform fixes on memory alignment
Wireshark extcap support
DPDK support
OpenWRT, OpenBSD support
MINGW compiler support
MISC
Created demo app for nDPI newcomers
Removed obsolete pplive and pando protocols
0.6.6 - Changed the YouTube API client to capture more videos.
0.6.5 - Videos which are UNPLAYABLE won't just fail anymore.
0.6.4 - the YouTube handler uses the new(ish) youtube API now.
0.6.3 - YouTube has changed the get_video_info URL. Should fix#3.
0.6.2 - not taged upstream.
This is a bugfix release.
- Fixed a bug that caused the NSEC salt to be changed for KASP zones on every
startup.
- Signed, insecure delegation responses prepared by named either lacked the
necessary NSEC records or contained duplicate NSEC records when both wildcard
expansion and CNAME chaining were required to prepare the response. This has
been fixed.
- Queries where the wildcard match contained the letter W failed to return the
correct response as the W was mapped to \000.
- Checking of key-directory and dnssec-policy was broken. The checks failed to
account for key-directory inheritance.
Full release notes:
https://bind9.readthedocs.io/en/v9_16/notes.html#notes-for-bind-9-16-18
Feature Changes:
- After the network manager was introduced to named to handle incoming traffic,
it was discovered that recursive performance had degraded compared to
previous BIND 9 versions. This has now been fixed by processing internal
tasks inside network manager worker threads, preventing resource contention
among two sets of threads.
- Zone dumping tasks are now run on separate asynchronous thread pools. This
change prevents zone dumping from blocking network I/O.
- inline-signing was incorrectly described as being inherited from the
options/view levels and was incorrectly accepted at those levels without
effect. This has been fixed; named.conf files with inline-signing at those
levels no longer load.
Full changelog:
https://bind9.readthedocs.io/en/v9_16/notes.html#notes-for-bind-9-16-17
Upstream is about to release 2.51.4rc3 with version number 2.51.3.73,
and this packages a draft of that.
Packaging changes: Don't install the now-missing BUGS.txt.
Upstream NEWS for 2.51.4 relative to 2.51.3:
\item OCaml 4.12 support
\item fsmonitor improvements and Solaris support
\item Color support in text UI, with a new preference, disabled by
NO\_COLOR.
\item Interactive profile selection in text UI, enabled by a new
preference.
\item Working files are stored in the unison directory (typically
~/.unison) rather than \$HOME.
\item Build cleanups, CI improvements, housekeeping
\item Many bugfixes and minor improvements
Changes in version 0.4.5.9 - 2021-06-14
Tor 0.4.5.9 fixes several security issues, including a
denial-of-service attack against onion service clients, and another
denial-of-service attack against relays. Everybody should upgrade to
one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
o Major bugfixes (security, backport from 0.4.6.5):
- Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
half-closed streams. Previously, clients failed to validate which
hop sent these cells: this would allow a relay on a circuit to end
a stream that wasn't actually built with it. Fixes bug 40389;
bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
003 and CVE-2021-34548.
o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5):
- Detect more failure conditions from the OpenSSL RNG code.
Previously, we would detect errors from a missing RNG
implementation, but not failures from the RNG code itself.
Fortunately, it appears those failures do not happen in practice
when Tor is using OpenSSL's default RNG implementation. Fixes bug
40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
o Major bugfixes (security, denial of service, backport from 0.4.6.5):
- Resist a hashtable-based CPU denial-of-service attack against
relays. Previously we used a naive unkeyed hash function to look
up circuits in a circuitmux object. An attacker could exploit this
to construct circuits with chosen circuit IDs, to create
collisions and make the hash table inefficient. Now we use a
SipHash construction here instead. Fixes bug 40391; bugfix on
0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
- Fix an out-of-bounds memory access in v3 onion service descriptor
parsing. An attacker could exploit this bug by crafting an onion
service descriptor that would crash any client that tried to visit
it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
Glazunov from Google's Project Zero.
o Minor features (compatibility, backport from 0.4.6.4-rc):
- Remove an assertion function related to TLS renegotiation. It was
used nowhere outside the unit tests, and it was breaking
compilation with recent alpha releases of OpenSSL 3.0.0. Closes
ticket 40399.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/06/10.
o Minor bugfixes (control, sandbox, backport from 0.4.6.4-rc):
- Allow the control command SAVECONF to succeed when the seccomp
sandbox is enabled, and make SAVECONF keep only one backup file to
simplify implementation. Previously SAVECONF allowed a large
number of backup files, which made it incompatible with the
sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by
Daniel Pinto.
o Minor bugfixes (metrics port, backport from 0.4.6.4-rc):
- Fix a bug that made tor try to re-bind() on an already open
MetricsPort every 60 seconds. Fixes bug 40370; bugfix
on 0.4.5.1-alpha.
1.19.93
api-change:ec2: Amazon EC2 adds new AMI property to flag outdated AMIs
api-change:medialive: AWS MediaLive now supports OCR-based conversion of DVB-Sub and SCTE-27 image-based source captions to WebVTT, and supports ingest of ad avail decorations in HLS input manifests.
api-change:mediaconnect: When you enable source failover, you can now designate one of two sources as the primary source. You can choose between two failover modes to prevent any disruption to the video stream. Merge combines the sources into a single stream. Failover allows switching between a primary and a backup stream.
1.19.92
api-change:sagemaker-featurestore-runtime: Release BatchGetRecord API for AWS SageMaker Feature Store Runtime.
api-change:appmesh: AppMesh now supports additional routing capabilities in match and rewrites for Gateway Routes and Routes. Additionally, App Mesh also supports specifying DNS Response Types in Virtual Nodes.
api-change:redshift: Added InvalidClusterStateFault to the ModifyAquaConfiguration API, thrown when calling the API on a non available cluster.
api-change:appflow: Adding MAP_ALL task type support.
api-change:chime: This SDK release adds support for UpdateAccount API to allow users to update their default license on Chime account.
api-change:managedblockchain: This release supports KMS customer-managed Customer Master Keys (CMKs) on member-specific Hyperledger Fabric resources.
api-change:ec2: This release adds a new optional parameter connectivityType (public, private) for the CreateNatGateway API. Private NatGateway does not require customers to attach an InternetGateway to the VPC and can be used for communication with other VPCs and on-premise networks.
api-change🐏 AWS Resource Access Manager (RAM) is releasing new field isResourceTypeDefault in ListPermissions and GetPermission response, and adding permissionArn parameter to GetResourceShare request to filter by permission attached
api-change:cognito-idp: Amazon Cognito now supports targeted sign out through refresh token revocation
api-change:sagemaker: Using SageMaker Edge Manager with AWS IoT Greengrass v2 simplifies accessing, maintaining, and deploying models to your devices. You can now create deployable IoT Greengrass components during edge packaging jobs. You can choose to create a device fleet with or without creating an AWS IoT role alias.
1.19.91
api-change:proton: This is the initial SDK release for AWS Proton
api-change:transfer: Documentation updates for the AWS Transfer Family service.
api-change:personalize-events: Support for unstructured text inputs in the items dataset to to automatically extract key information from product/content description as an input when creating solution versions.
api-change:kendra: AWS Kendra now supports checking document status.
1.19.90
api-change:cognito-idp: Documentation updates for cognito-idp
api-change:macie2: This release of the Amazon Macie API introduces stricter validation of S3 object criteria for classification jobs.
api-change:fsx: This release adds support for auditing end-user access to files, folders, and file shares using Windows event logs, enabling customers to meet their security and compliance needs.
api-change:servicecatalog: increase max pagesize for List/Search apis
1.19.89
api-change:eks: Added updateConfig option that allows customers to control upgrade velocity in Managed Node Group.
api-change:sagemaker: AWS SageMaker - Releasing new APIs related to Callback steps in model building pipelines. Adds experiment integration to model building pipelines.
api-change:glue: Add SampleSize variable to S3Target to enable s3-sampling feature through API.
api-change:personalize: Update regex validation in kmsKeyArn and s3 path API parameters for AWS Personalize APIs
1.19.88
api-change:medialive: Add support for automatically setting the H.264 adaptive quantization and GOP B-frame fields.
api-change:autoscaling: Documentation updates for Amazon EC2 Auto Scaling
api-change:qldb: Documentation updates for Amazon QLDB
api-change:rds: Documentation updates for RDS: fixing an outdated link to the RDS documentation in DBInstance$DBInstanceStatus
api-change:pi: The new GetDimensionKeyDetails action retrieves the attributes of the specified dimension group for a DB instance or data source.
api-change:cloudtrail: AWS CloudTrail supports data events on new service resources, including Amazon DynamoDB tables and S3 Object Lambda access points.
1.19.87
api-change:ssm: Documentation updates for ssm to fix customer reported issue
api-change:forecast: Added optional field AutoMLOverrideStrategy to CreatePredictor API that allows users to customize AutoML strategy. If provided in CreatePredictor request, this field is visible in DescribePredictor and GetAccuracyMetrics responses.
api-change:route53resolver: Documentation updates for Route 53 Resolver
api-change:s3: S3 Inventory now supports Bucket Key Status
api-change:s3control: Amazon S3 Batch Operations now supports S3 Bucket Keys.
1.19.86
api-change:docdb: This SDK release adds support for DocDB global clusters.
api-change:lightsail: Documentation updates for Lightsail
api-change:ecs: Documentation updates for Amazon ECS.
api-change:iam: Documentation updates for AWS Identity and Access Management (IAM).
api-change:braket: Introduction of a RETIRED status for devices.
api-change:autoscaling: You can now launch EC2 instances with GP3 volumes when using Auto Scaling groups with Launch Configurations
1.19.85
api-change:servicediscovery: Bugfixes - The DiscoverInstances API operation now provides an option to return all instances for health-checked services when there are no healthy instances available.
api-change:polly: Amazon Polly adds new Canadian French voice - Gabrielle. Gabrielle is available as Neural voice only.
api-change:ec2: Added idempotency to CreateNetworkInterface using the ClientToken parameter.
api-change:sns: This release adds SMS sandbox in Amazon SNS and the ability to view all configured origination numbers. The SMS sandbox provides a safe environment for sending SMS messages, without risking your reputation as an SMS sender.
api-change:iotwireless: Added six new public customer logging APIs to allow customers to set/get/reset log levels at resource type and resource id level. The log level set from the APIs will be used to filter log messages that can be emitted to CloudWatch in customer accounts.
1.19.84
api-change:datasync: Added SecurityDescriptorCopyFlags option that allows for control of which components of SMB security descriptors are copied from source to destination objects.
api-change:lookoutmetrics: Allowing dot(.) character in table name for RDS and Redshift as source connector.
api-change:location: Adds support for calculation of routes, resource tagging and customer provided KMS keys.
1.19.83
api-change:iotsitewise: IoT SiteWise Monitor Portal API updates to add alarms feature configuration.
api-change:devicefarm: Introduces support for using our desktop testing service with applications hosted within your Virtual Private Cloud (VPC).
api-change:iotevents-data: Releasing new APIs for AWS IoT Events Alarms
api-change:fsx: This release adds LZ4 data compression support to FSx for Lustre to reduce storage consumption of both file system storage and file system backups.
api-change:iotevents: Releasing new APIs for AWS IoT Events Alarms
api-change:resource-groups: Documentation updates for Resource Groups.
api-change:sqs: Documentation updates for Amazon SQS for General Availability of high throughput for FIFO queues.
api-change:lightsail: Documentation updates for Lightsail
api-change:kendra: Amazon Kendra now suggests popular queries in order to help guide query typing and help overall accuracy.
1.19.82
api-change:ec2: This release removes resource ids and tagging support for VPC security group rules.
1.19.81
api-change:acm-pca: This release enables customers to store CRLs in S3 buckets with Block Public Access enabled. The release adds the S3ObjectAcl parameter to the CreateCertificateAuthority and UpdateCertificateAuthority APIs to allow customers to choose whether their CRL will be publicly available.
api-change:cloudfront: Documentation fix for CloudFront
api-change:qldb: Support STANDARD permissions mode in CreateLedger and DescribeLedger. Add UpdateLedgerPermissionsMode to update permissions mode on existing ledgers.
api-change:ec2: This release adds resource ids and tagging support for VPC security group rules.
api-change:outposts: Add ConflictException to DeleteOutpost, CreateOutpost
api-change:ecs: The release adds support for registering External instances to your Amazon ECS clusters.
api-change:mwaa: Adds scheduler count selection for Environments using Airflow version 2.0.2 or later.
1.19.80
api-change:workspaces: Adds support for Linux device types in WorkspaceAccessProperties
api-change:iot: This release includes support for a new feature: Job templates for AWS IoT Device Management Jobs. The release includes job templates as a new resource and APIs for managing job templates.
api-change:transfer: AWS Transfer Family customers can now use AWS Managed Active Directory or AD Connector to authenticate their end users, enabling seamless migration of file transfer workflows that rely on AD authentication, without changing end users' credentials or needing a custom authorizer.
1.19.79
api-change:logs: This release provides dimensions and unit support for metric filters.
api-change:quicksight: Add new parameters on RegisterUser and UpdateUser APIs to assign or update external ID associated to QuickSight users federated through web identity.
api-change:ce: Introduced FindingReasonCodes, PlatformDifferences, DiskResourceUtilization and NetworkResourceUtilization to GetRightsizingRecommendation action
api-change:compute-optimizer: Adds support for 1) additional instance types, 2) additional instance metrics, 3) finding reasons for instance recommendations, and 4) platform differences between a current instance and a recommended instance type.
api-change:ec2: This release adds support for creating and managing EC2 On-Demand Capacity Reservations on Outposts.
1.19.78
api-change:s3: Documentation updates for Amazon S3
api-change:opsworkscm: New PUPPET_API_CRL attribute returned by DescribeServers API; new EngineVersion of 2019 available for Puppet Enterprise servers.
api-change:forecast: Updated attribute statistics in DescribeDatasetImportJob response to support Long values
api-change:efs: Update efs command to latest version
1.19.77
api-change:iam: Documentation updates for AWS Identity and Access Management (IAM).
api-change:lexv2-models: Update lexv2-models command to latest version
api-change:personalize: Added new API to stop a solution version creation that is pending or in progress for Amazon Personalize
api-change:quicksight: Add ARN based Row Level Security support to CreateDataSet/UpdateDataSet APIs.
1.19.76
api-change:iam: Add pagination to ListUserTags operation
api-change:eks: Update the EKS AddonActive waiter.
api-change:autoscaling: With this release, customers can easily use Predictive Scaling as a policy directly through Amazon EC2 Auto Scaling configurations to proactively scale their applications ahead of predicted demand.
api-change:kinesisanalyticsv2: Kinesis Data Analytics now allows rapid iteration on Apache Flink stream processing through the Kinesis Data Analytics Studio feature.
api-change:lightsail: Documentation updates for Amazon Lightsail.
api-change:rekognition: Amazon Rekognition Custom Labels adds support for customer managed encryption, using AWS Key Management Service, of image files copied into the service and files written back to the customer.
1.19.75
api-change:license-manager: AWS License Manager now supports periodic report generation.
api-change:personalize: Amazon Personalize now supports the ability to optimize a solution for a custom objective in addition to maximizing relevance.
api-change:iotsitewise: Documentation updates for AWS IoT SiteWise.
api-change:apprunner: AWS App Runner is a service that provides a fast, simple, and cost-effective way to deploy from source code or a container image directly to a scalable and secure web application in the AWS Cloud.
api-change:compute-optimizer: This release enables compute optimizer to support exporting recommendations to Amazon S3 for EBS volumes and Lambda Functions.
api-change:lexv2-models: Update lexv2-models command to latest version
api-change:support: Documentation updates for support
1.19.74
api-change:neptune: Neptune support for CopyTagsToSnapshots
api-change:iotdeviceadvisor: AWS IoT Core Device Advisor is fully managed test capability for IoT devices. Device manufacturers can use Device Advisor to test their IoT devices for reliable and secure connectivity with AWS IoT.
api-change:sagemaker-a2i-runtime: Documentation updates for Amazon A2I Runtime model
api-change:mediaconnect: MediaConnect now supports JPEG XS for AWS Cloud Digital Interface (AWS CDI) uncompressed workflows, allowing you to establish a bridge between your on-premises live video network and the AWS Cloud.
api-change:elasticache: Documentation updates for elasticache
api-change:applicationcostprofiler: APIs for AWS Application Cost Profiler.
1.19.73
api-change:imagebuilder: Text-only updates for bundled documentation feedback tickets - spring 2021.
api-change:macie2: This release of the Amazon Macie API adds support for defining run-time, S3 bucket criteria for classification jobs. It also adds resources for querying data about AWS resources that Macie monitors.
api-change:securityhub: Updated descriptions to add notes on array lengths.
api-change🇪🇸 Adds support for cold storage.
api-change:events: Update InputTransformer variable limit from 10 to 100 variables.
api-change:transcribe: Transcribe Medical now supports identification of PHI entities within transcripts
api-change🕵️ Updated descriptions of array parameters to add the restrictions on the array and value lengths.
1.17.93
api-change:ec2: [botocore] Amazon EC2 adds new AMI property to flag outdated AMIs
api-change:medialive: [botocore] AWS MediaLive now supports OCR-based conversion of DVB-Sub and SCTE-27 image-based source captions to WebVTT, and supports ingest of ad avail decorations in HLS input manifests.
api-change:mediaconnect: [botocore] When you enable source failover, you can now designate one of two sources as the primary source. You can choose between two failover modes to prevent any disruption to the video stream. Merge combines the sources into a single stream. Failover allows switching between a primary and a backup stream.
1.17.92
api-change:sagemaker: [botocore] Using SageMaker Edge Manager with AWS IoT Greengrass v2 simplifies accessing, maintaining, and deploying models to your devices. You can now create deployable IoT Greengrass components during edge packaging jobs. You can choose to create a device fleet with or without creating an AWS IoT role alias.
api-change:appmesh: [botocore] AppMesh now supports additional routing capabilities in match and rewrites for Gateway Routes and Routes. Additionally, App Mesh also supports specifying DNS Response Types in Virtual Nodes.
api-change:redshift: [botocore] Added InvalidClusterStateFault to the ModifyAquaConfiguration API, thrown when calling the API on a non available cluster.
api-change:chime: [botocore] This SDK release adds support for UpdateAccount API to allow users to update their default license on Chime account.
api-change:ec2: [botocore] This release adds a new optional parameter connectivityType (public, private) for the CreateNatGateway API. Private NatGateway does not require customers to attach an InternetGateway to the VPC and can be used for communication with other VPCs and on-premise networks.
api-change🐏 [botocore] AWS Resource Access Manager (RAM) is releasing new field isResourceTypeDefault in ListPermissions and GetPermission response, and adding permissionArn parameter to GetResourceShare request to filter by permission attached
api-change:sagemaker-featurestore-runtime: [botocore] Release BatchGetRecord API for AWS SageMaker Feature Store Runtime.
api-change:cognito-idp: [botocore] Amazon Cognito now supports targeted sign out through refresh token revocation
api-change:appflow: [botocore] Adding MAP_ALL task type support.
api-change:managedblockchain: [botocore] This release supports KMS customer-managed Customer Master Keys (CMKs) on member-specific Hyperledger Fabric resources.
1.17.91
api-change:transfer: [botocore] Documentation updates for the AWS Transfer Family service.
api-change:personalize-events: [botocore] Support for unstructured text inputs in the items dataset to to automatically extract key information from product/content description as an input when creating solution versions.
api-change:proton: [botocore] This is the initial SDK release for AWS Proton
api-change:kendra: [botocore] AWS Kendra now supports checking document status.
1.17.90
api-change:fsx: [botocore] This release adds support for auditing end-user access to files, folders, and file shares using Windows event logs, enabling customers to meet their security and compliance needs.
api-change:servicecatalog: [botocore] increase max pagesize for List/Search apis
api-change:macie2: [botocore] This release of the Amazon Macie API introduces stricter validation of S3 object criteria for classification jobs.
api-change:cognito-idp: [botocore] Documentation updates for cognito-idp
1.17.89
api-change:sagemaker: [botocore] AWS SageMaker - Releasing new APIs related to Callback steps in model building pipelines. Adds experiment integration to model building pipelines.
api-change:glue: [botocore] Add SampleSize variable to S3Target to enable s3-sampling feature through API.
api-change:personalize: [botocore] Update regex validation in kmsKeyArn and s3 path API parameters for AWS Personalize APIs
api-change:eks: [botocore] Added updateConfig option that allows customers to control upgrade velocity in Managed Node Group.
1.17.88
api-change:rds: [botocore] Documentation updates for RDS: fixing an outdated link to the RDS documentation in DBInstance$DBInstanceStatus
api-change:pi: [botocore] The new GetDimensionKeyDetails action retrieves the attributes of the specified dimension group for a DB instance or data source.
api-change:cloudtrail: [botocore] AWS CloudTrail supports data events on new service resources, including Amazon DynamoDB tables and S3 Object Lambda access points.
api-change:medialive: [botocore] Add support for automatically setting the H.264 adaptive quantization and GOP B-frame fields.
api-change:autoscaling: [botocore] Documentation updates for Amazon EC2 Auto Scaling
api-change:qldb: [botocore] Documentation updates for Amazon QLDB
1.17.87
api-change:s3: [botocore] S3 Inventory now supports Bucket Key Status
api-change:s3control: [botocore] Amazon S3 Batch Operations now supports S3 Bucket Keys.
api-change:route53resolver: [botocore] Documentation updates for Route 53 Resolver
api-change:ssm: [botocore] Documentation updates for ssm to fix customer reported issue
api-change:forecast: [botocore] Added optional field AutoMLOverrideStrategy to CreatePredictor API that allows users to customize AutoML strategy. If provided in CreatePredictor request, this field is visible in DescribePredictor and GetAccuracyMetrics responses.
1.17.86
api-change:autoscaling: [botocore] You can now launch EC2 instances with GP3 volumes when using Auto Scaling groups with Launch Configurations
api-change:lightsail: [botocore] Documentation updates for Lightsail
api-change:ecs: [botocore] Documentation updates for Amazon ECS.
api-change:docdb: [botocore] This SDK release adds support for DocDB global clusters.
api-change:iam: [botocore] Documentation updates for AWS Identity and Access Management (IAM).
api-change:braket: [botocore] Introduction of a RETIRED status for devices.
1.17.85
api-change:sns: [botocore] This release adds SMS sandbox in Amazon SNS and the ability to view all configured origination numbers. The SMS sandbox provides a safe environment for sending SMS messages, without risking your reputation as an SMS sender.
api-change:polly: [botocore] Amazon Polly adds new Canadian French voice - Gabrielle. Gabrielle is available as Neural voice only.
api-change:ec2: [botocore] Added idempotency to CreateNetworkInterface using the ClientToken parameter.
api-change:iotwireless: [botocore] Added six new public customer logging APIs to allow customers to set/get/reset log levels at resource type and resource id level. The log level set from the APIs will be used to filter log messages that can be emitted to CloudWatch in customer accounts.
api-change:servicediscovery: [botocore] Bugfixes - The DiscoverInstances API operation now provides an option to return all instances for health-checked services when there are no healthy instances available.
1.17.84
api-change:lookoutmetrics: [botocore] Allowing dot(.) character in table name for RDS and Redshift as source connector.
api-change:location: [botocore] Adds support for calculation of routes, resource tagging and customer provided KMS keys.
api-change:datasync: [botocore] Added SecurityDescriptorCopyFlags option that allows for control of which components of SMB security descriptors are copied from source to destination objects.
1.17.83
api-change:iotevents-data: [botocore] Releasing new APIs for AWS IoT Events Alarms
api-change:devicefarm: [botocore] Introduces support for using our desktop testing service with applications hosted within your Virtual Private Cloud (VPC).
api-change:kendra: [botocore] Amazon Kendra now suggests popular queries in order to help guide query typing and help overall accuracy.
api-change:iotsitewise: [botocore] IoT SiteWise Monitor Portal API updates to add alarms feature configuration.
api-change:resource-groups: [botocore] Documentation updates for Resource Groups.
api-change:lightsail: [botocore] Documentation updates for Lightsail
api-change:iotevents: [botocore] Releasing new APIs for AWS IoT Events Alarms
api-change:fsx: [botocore] This release adds LZ4 data compression support to FSx for Lustre to reduce storage consumption of both file system storage and file system backups.
api-change:sqs: [botocore] Documentation updates for Amazon SQS for General Availability of high throughput for FIFO queues.
1.17.82
api-change:ec2: [botocore] This release removes resource ids and tagging support for VPC security group rules.
1.17.81
api-change:qldb: [botocore] Support STANDARD permissions mode in CreateLedger and DescribeLedger. Add UpdateLedgerPermissionsMode to update permissions mode on existing ledgers.
api-change:cloudfront: [botocore] Documentation fix for CloudFront
api-change:outposts: [botocore] Add ConflictException to DeleteOutpost, CreateOutpost
api-change:mwaa: [botocore] Adds scheduler count selection for Environments using Airflow version 2.0.2 or later.
api-change:ec2: [botocore] This release adds resource ids and tagging support for VPC security group rules.
api-change:ecs: [botocore] The release adds support for registering External instances to your Amazon ECS clusters.
api-change:acm-pca: [botocore] This release enables customers to store CRLs in S3 buckets with Block Public Access enabled. The release adds the S3ObjectAcl parameter to the CreateCertificateAuthority and UpdateCertificateAuthority APIs to allow customers to choose whether their CRL will be publicly available.
1.17.80
api-change:transfer: [botocore] AWS Transfer Family customers can now use AWS Managed Active Directory or AD Connector to authenticate their end users, enabling seamless migration of file transfer workflows that rely on AD authentication, without changing end users' credentials or needing a custom authorizer.
api-change:iot: [botocore] This release includes support for a new feature: Job templates for AWS IoT Device Management Jobs. The release includes job templates as a new resource and APIs for managing job templates.
api-change:workspaces: [botocore] Adds support for Linux device types in WorkspaceAccessProperties
1.17.79
api-change:quicksight: [botocore] Add new parameters on RegisterUser and UpdateUser APIs to assign or update external ID associated to QuickSight users federated through web identity.
api-change:ce: [botocore] Introduced FindingReasonCodes, PlatformDifferences, DiskResourceUtilization and NetworkResourceUtilization to GetRightsizingRecommendation action
api-change:compute-optimizer: [botocore] Adds support for 1) additional instance types, 2) additional instance metrics, 3) finding reasons for instance recommendations, and 4) platform differences between a current instance and a recommended instance type.
api-change:ec2: [botocore] This release adds support for creating and managing EC2 On-Demand Capacity Reservations on Outposts.
api-change:logs: [botocore] This release provides dimensions and unit support for metric filters.
1.17.78
api-change:efs: [botocore] Update efs client to latest version
api-change:s3: [botocore] Documentation updates for Amazon S3
api-change:forecast: [botocore] Updated attribute statistics in DescribeDatasetImportJob response to support Long values
api-change:opsworkscm: [botocore] New PUPPET_API_CRL attribute returned by DescribeServers API; new EngineVersion of 2019 available for Puppet Enterprise servers.
1.17.77
api-change:personalize: [botocore] Added new API to stop a solution version creation that is pending or in progress for Amazon Personalize
api-change:lexv2-models: [botocore] Update lexv2-models client to latest version
api-change:quicksight: [botocore] Add ARN based Row Level Security support to CreateDataSet/UpdateDataSet APIs.
api-change:iam: [botocore] Documentation updates for AWS Identity and Access Management (IAM).
1.17.76
api-change:kinesisanalyticsv2: [botocore] Kinesis Data Analytics now allows rapid iteration on Apache Flink stream processing through the Kinesis Data Analytics Studio feature.
api-change:rekognition: [botocore] Amazon Rekognition Custom Labels adds support for customer managed encryption, using AWS Key Management Service, of image files copied into the service and files written back to the customer.
api-change:iam: [botocore] Add pagination to ListUserTags operation
api-change:eks: [botocore] Update the EKS AddonActive waiter.
api-change:autoscaling: [botocore] With this release, customers can easily use Predictive Scaling as a policy directly through Amazon EC2 Auto Scaling configurations to proactively scale their applications ahead of predicted demand.
api-change:lightsail: [botocore] Documentation updates for Amazon Lightsail.
1.17.75
api-change:support: [botocore] Documentation updates for support
api-change:apprunner: [botocore] AWS App Runner is a service that provides a fast, simple, and cost-effective way to deploy from source code or a container image directly to a scalable and secure web application in the AWS Cloud.
api-change:compute-optimizer: [botocore] This release enables compute optimizer to support exporting recommendations to Amazon S3 for EBS volumes and Lambda Functions.
api-change:personalize: [botocore] Amazon Personalize now supports the ability to optimize a solution for a custom objective in addition to maximizing relevance.
api-change:license-manager: [botocore] AWS License Manager now supports periodic report generation.
api-change:iotsitewise: [botocore] Documentation updates for AWS IoT SiteWise.
api-change:lexv2-models: [botocore] Update lexv2-models client to latest version
1.17.74
api-change:mediaconnect: [botocore] MediaConnect now supports JPEG XS for AWS Cloud Digital Interface (AWS CDI) uncompressed workflows, allowing you to establish a bridge between your on-premises live video network and the AWS Cloud.
api-change:sagemaker-a2i-runtime: [botocore] Documentation updates for Amazon A2I Runtime model
api-change:applicationcostprofiler: [botocore] APIs for AWS Application Cost Profiler.
api-change:neptune: [botocore] Neptune support for CopyTagsToSnapshots
api-change:iotdeviceadvisor: [botocore] AWS IoT Core Device Advisor is fully managed test capability for IoT devices. Device manufacturers can use Device Advisor to test their IoT devices for reliable and secure connectivity with AWS IoT.
api-change:elasticache: [botocore] Documentation updates for elasticache
1.17.73
api-change:events: [botocore] Update InputTransformer variable limit from 10 to 100 variables.
enhancement:s3: [botocore] Block endpoint resolution of clients configured with S3 pseudo-regions (e.g. aws-global, s3-external-1) that will never resolve to a correct access point endpoint.
api-change:macie2: [botocore] This release of the Amazon Macie API adds support for defining run-time, S3 bucket criteria for classification jobs. It also adds resources for querying data about AWS resources that Macie monitors.
api-change🇪🇸 [botocore] Adds support for cold storage.
api-change:securityhub: [botocore] Updated descriptions to add notes on array lengths.
api-change🕵️ [botocore] Updated descriptions of array parameters to add the restrictions on the array and value lengths.
api-change:transcribe: [botocore] Transcribe Medical now supports identification of PHI entities within transcripts
api-change:imagebuilder: [botocore] Text-only updates for bundled documentation feedback tickets - spring 2021.
enhancement:FIPS: [botocore] Add validation to only attempt to connect to FIPS endpoints with a FIPS pseudo-region if the pseudo-region is explicitly known to the SDK.
1.20.93
api-change:ec2: Amazon EC2 adds new AMI property to flag outdated AMIs
api-change:medialive: AWS MediaLive now supports OCR-based conversion of DVB-Sub and SCTE-27 image-based source captions to WebVTT, and supports ingest of ad avail decorations in HLS input manifests.
api-change:mediaconnect: When you enable source failover, you can now designate one of two sources as the primary source. You can choose between two failover modes to prevent any disruption to the video stream. Merge combines the sources into a single stream. Failover allows switching between a primary and a backup stream.
1.20.92
api-change:sagemaker: Using SageMaker Edge Manager with AWS IoT Greengrass v2 simplifies accessing, maintaining, and deploying models to your devices. You can now create deployable IoT Greengrass components during edge packaging jobs. You can choose to create a device fleet with or without creating an AWS IoT role alias.
api-change:appmesh: AppMesh now supports additional routing capabilities in match and rewrites for Gateway Routes and Routes. Additionally, App Mesh also supports specifying DNS Response Types in Virtual Nodes.
api-change:redshift: Added InvalidClusterStateFault to the ModifyAquaConfiguration API, thrown when calling the API on a non available cluster.
api-change:chime: This SDK release adds support for UpdateAccount API to allow users to update their default license on Chime account.
api-change:ec2: This release adds a new optional parameter connectivityType (public, private) for the CreateNatGateway API. Private NatGateway does not require customers to attach an InternetGateway to the VPC and can be used for communication with other VPCs and on-premise networks.
api-change🐏 AWS Resource Access Manager (RAM) is releasing new field isResourceTypeDefault in ListPermissions and GetPermission response, and adding permissionArn parameter to GetResourceShare request to filter by permission attached
api-change:sagemaker-featurestore-runtime: Release BatchGetRecord API for AWS SageMaker Feature Store Runtime.
api-change:cognito-idp: Amazon Cognito now supports targeted sign out through refresh token revocation
api-change:appflow: Adding MAP_ALL task type support.
api-change:managedblockchain: This release supports KMS customer-managed Customer Master Keys (CMKs) on member-specific Hyperledger Fabric resources.
1.20.91
api-change:transfer: Documentation updates for the AWS Transfer Family service.
api-change:personalize-events: Support for unstructured text inputs in the items dataset to to automatically extract key information from product/content description as an input when creating solution versions.
api-change:proton: This is the initial SDK release for AWS Proton
api-change:kendra: AWS Kendra now supports checking document status.
1.20.90
api-change:fsx: This release adds support for auditing end-user access to files, folders, and file shares using Windows event logs, enabling customers to meet their security and compliance needs.
api-change:servicecatalog: increase max pagesize for List/Search apis
api-change:macie2: This release of the Amazon Macie API introduces stricter validation of S3 object criteria for classification jobs.
api-change:cognito-idp: Documentation updates for cognito-idp
1.20.89
api-change:sagemaker: AWS SageMaker - Releasing new APIs related to Callback steps in model building pipelines. Adds experiment integration to model building pipelines.
api-change:glue: Add SampleSize variable to S3Target to enable s3-sampling feature through API.
api-change:personalize: Update regex validation in kmsKeyArn and s3 path API parameters for AWS Personalize APIs
api-change:eks: Added updateConfig option that allows customers to control upgrade velocity in Managed Node Group.
1.20.88
api-change:rds: Documentation updates for RDS: fixing an outdated link to the RDS documentation in DBInstance$DBInstanceStatus
api-change:pi: The new GetDimensionKeyDetails action retrieves the attributes of the specified dimension group for a DB instance or data source.
api-change:cloudtrail: AWS CloudTrail supports data events on new service resources, including Amazon DynamoDB tables and S3 Object Lambda access points.
api-change:medialive: Add support for automatically setting the H.264 adaptive quantization and GOP B-frame fields.
api-change:autoscaling: Documentation updates for Amazon EC2 Auto Scaling
api-change:qldb: Documentation updates for Amazon QLDB
1.20.87
api-change:s3: S3 Inventory now supports Bucket Key Status
api-change:s3control: Amazon S3 Batch Operations now supports S3 Bucket Keys.
api-change:route53resolver: Documentation updates for Route 53 Resolver
api-change:ssm: Documentation updates for ssm to fix customer reported issue
api-change:forecast: Added optional field AutoMLOverrideStrategy to CreatePredictor API that allows users to customize AutoML strategy. If provided in CreatePredictor request, this field is visible in DescribePredictor and GetAccuracyMetrics responses.
1.20.86
api-change:autoscaling: You can now launch EC2 instances with GP3 volumes when using Auto Scaling groups with Launch Configurations
api-change:lightsail: Documentation updates for Lightsail
api-change:ecs: Documentation updates for Amazon ECS.
api-change:docdb: This SDK release adds support for DocDB global clusters.
api-change:iam: Documentation updates for AWS Identity and Access Management (IAM).
api-change:braket: Introduction of a RETIRED status for devices.
1.20.85
api-change:sns: This release adds SMS sandbox in Amazon SNS and the ability to view all configured origination numbers. The SMS sandbox provides a safe environment for sending SMS messages, without risking your reputation as an SMS sender.
api-change:polly: Amazon Polly adds new Canadian French voice - Gabrielle. Gabrielle is available as Neural voice only.
api-change:ec2: Added idempotency to CreateNetworkInterface using the ClientToken parameter.
api-change:iotwireless: Added six new public customer logging APIs to allow customers to set/get/reset log levels at resource type and resource id level. The log level set from the APIs will be used to filter log messages that can be emitted to CloudWatch in customer accounts.
api-change:servicediscovery: Bugfixes - The DiscoverInstances API operation now provides an option to return all instances for health-checked services when there are no healthy instances available.
1.20.84
api-change:lookoutmetrics: Allowing dot(.) character in table name for RDS and Redshift as source connector.
api-change:location: Adds support for calculation of routes, resource tagging and customer provided KMS keys.
api-change:datasync: Added SecurityDescriptorCopyFlags option that allows for control of which components of SMB security descriptors are copied from source to destination objects.
1.20.83
api-change:iotevents-data: Releasing new APIs for AWS IoT Events Alarms
api-change:devicefarm: Introduces support for using our desktop testing service with applications hosted within your Virtual Private Cloud (VPC).
api-change:kendra: Amazon Kendra now suggests popular queries in order to help guide query typing and help overall accuracy.
api-change:iotsitewise: IoT SiteWise Monitor Portal API updates to add alarms feature configuration.
api-change:resource-groups: Documentation updates for Resource Groups.
api-change:lightsail: Documentation updates for Lightsail
api-change:iotevents: Releasing new APIs for AWS IoT Events Alarms
api-change:fsx: This release adds LZ4 data compression support to FSx for Lustre to reduce storage consumption of both file system storage and file system backups.
api-change:sqs: Documentation updates for Amazon SQS for General Availability of high throughput for FIFO queues.
1.20.82
api-change:ec2: This release removes resource ids and tagging support for VPC security group rules.
1.20.81
api-change:qldb: Support STANDARD permissions mode in CreateLedger and DescribeLedger. Add UpdateLedgerPermissionsMode to update permissions mode on existing ledgers.
api-change:cloudfront: Documentation fix for CloudFront
api-change:outposts: Add ConflictException to DeleteOutpost, CreateOutpost
api-change:mwaa: Adds scheduler count selection for Environments using Airflow version 2.0.2 or later.
api-change:ec2: This release adds resource ids and tagging support for VPC security group rules.
api-change:ecs: The release adds support for registering External instances to your Amazon ECS clusters.
api-change:acm-pca: This release enables customers to store CRLs in S3 buckets with Block Public Access enabled. The release adds the S3ObjectAcl parameter to the CreateCertificateAuthority and UpdateCertificateAuthority APIs to allow customers to choose whether their CRL will be publicly available.
1.20.80
api-change:transfer: AWS Transfer Family customers can now use AWS Managed Active Directory or AD Connector to authenticate their end users, enabling seamless migration of file transfer workflows that rely on AD authentication, without changing end users' credentials or needing a custom authorizer.
api-change:iot: This release includes support for a new feature: Job templates for AWS IoT Device Management Jobs. The release includes job templates as a new resource and APIs for managing job templates.
api-change:workspaces: Adds support for Linux device types in WorkspaceAccessProperties
1.20.79
api-change:quicksight: Add new parameters on RegisterUser and UpdateUser APIs to assign or update external ID associated to QuickSight users federated through web identity.
api-change:ce: Introduced FindingReasonCodes, PlatformDifferences, DiskResourceUtilization and NetworkResourceUtilization to GetRightsizingRecommendation action
api-change:compute-optimizer: Adds support for 1) additional instance types, 2) additional instance metrics, 3) finding reasons for instance recommendations, and 4) platform differences between a current instance and a recommended instance type.
api-change:ec2: This release adds support for creating and managing EC2 On-Demand Capacity Reservations on Outposts.
api-change:logs: This release provides dimensions and unit support for metric filters.
1.20.78
api-change:efs: Update efs client to latest version
api-change:s3: Documentation updates for Amazon S3
api-change:forecast: Updated attribute statistics in DescribeDatasetImportJob response to support Long values
api-change:opsworkscm: New PUPPET_API_CRL attribute returned by DescribeServers API; new EngineVersion of 2019 available for Puppet Enterprise servers.
1.20.77
api-change:personalize: Added new API to stop a solution version creation that is pending or in progress for Amazon Personalize
api-change:lexv2-models: Update lexv2-models client to latest version
api-change:quicksight: Add ARN based Row Level Security support to CreateDataSet/UpdateDataSet APIs.
api-change:iam: Documentation updates for AWS Identity and Access Management (IAM).
1.20.76
api-change:kinesisanalyticsv2: Kinesis Data Analytics now allows rapid iteration on Apache Flink stream processing through the Kinesis Data Analytics Studio feature.
api-change:rekognition: Amazon Rekognition Custom Labels adds support for customer managed encryption, using AWS Key Management Service, of image files copied into the service and files written back to the customer.
api-change:iam: Add pagination to ListUserTags operation
api-change:eks: Update the EKS AddonActive waiter.
api-change:autoscaling: With this release, customers can easily use Predictive Scaling as a policy directly through Amazon EC2 Auto Scaling configurations to proactively scale their applications ahead of predicted demand.
api-change:lightsail: Documentation updates for Amazon Lightsail.
1.20.75
api-change:support: Documentation updates for support
api-change:apprunner: AWS App Runner is a service that provides a fast, simple, and cost-effective way to deploy from source code or a container image directly to a scalable and secure web application in the AWS Cloud.
api-change:compute-optimizer: This release enables compute optimizer to support exporting recommendations to Amazon S3 for EBS volumes and Lambda Functions.
api-change:personalize: Amazon Personalize now supports the ability to optimize a solution for a custom objective in addition to maximizing relevance.
api-change:license-manager: AWS License Manager now supports periodic report generation.
api-change:iotsitewise: Documentation updates for AWS IoT SiteWise.
api-change:lexv2-models: Update lexv2-models client to latest version
1.20.74
api-change:mediaconnect: MediaConnect now supports JPEG XS for AWS Cloud Digital Interface (AWS CDI) uncompressed workflows, allowing you to establish a bridge between your on-premises live video network and the AWS Cloud.
api-change:sagemaker-a2i-runtime: Documentation updates for Amazon A2I Runtime model
api-change:applicationcostprofiler: APIs for AWS Application Cost Profiler.
api-change:neptune: Neptune support for CopyTagsToSnapshots
api-change:iotdeviceadvisor: AWS IoT Core Device Advisor is fully managed test capability for IoT devices. Device manufacturers can use Device Advisor to test their IoT devices for reliable and secure connectivity with AWS IoT.
api-change:elasticache: Documentation updates for elasticache
1.20.73
api-change:events: Update InputTransformer variable limit from 10 to 100 variables.
enhancement:s3: Block endpoint resolution of clients configured with S3 pseudo-regions (e.g. aws-global, s3-external-1) that will never resolve to a correct access point endpoint.
api-change:macie2: This release of the Amazon Macie API adds support for defining run-time, S3 bucket criteria for classification jobs. It also adds resources for querying data about AWS resources that Macie monitors.
api-change🇪🇸 Adds support for cold storage.
api-change:securityhub: Updated descriptions to add notes on array lengths.
api-change🕵️ Updated descriptions of array parameters to add the restrictions on the array and value lengths.
api-change:transcribe: Transcribe Medical now supports identification of PHI entities within transcripts
api-change:imagebuilder: Text-only updates for bundled documentation feedback tickets - spring 2021.
enhancement:FIPS: Add validation to only attempt to connect to FIPS endpoints with a FIPS pseudo-region if the pseudo-region is explicitly known to the SDK.
v1.21
Added TCP_FASTOPEN support for client sockets (if tfo_ok is
specified in their configuration) and for listenint socket,
if all client protocols support it. (Craig Andrews)
Added 'minlength' option to skip a probe if less
than that many bytes have been received (mostly for
regex)
Moved configuration and command-line management to
use conf2struct. Hopefully this should be transparent
to users.
Update Let's Encrypt entry in example.cfg for tls-alpn-01
challenges; tls-sni-* challenges are now deprecated.
Log to syslog even if in foreground (for people who
use fail2ban)
Use syslog_facility: "none" to disable syslog
output.
v1.21b
Added TCP_FASTOPEN support for client sockets (if tfo_ok is specified
in their configuration) and for listenint socket, if all client
protocols support it. (Craig Andrews)
Added 'minlength' option to skip a probe if less than that many bytes
have been received (mostly for regex)
Moved configuration and command-line management to use conf2struct.
Changes are:
* command line option <-F|--config> no longer defaults to /etc/sslh.cfg,
so you have to specify it explicitly.
* command line option <-v|--verbose> takes a mandatory integer parameter
Update Let's Encrypt entry in example.cfg for tls-alpn-01 challenges;
tls-sni-* challenges are now deprecated.
Log to syslog even if in foreground (for people who use fail2ban)
Use syslog_facility: "none" to disable syslog output.
Changed exit code for illegal command line parameter from 1 to 6 (for
testing purposes)
v1.21c
Removed support for 'ssl' and fix a related segfault bug.
(use tls instead of ssl)
New in version 4.1
==================
Enhancements
------------
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
Bug fixes
---------
* Fix responding to IPv4 command requests on FreeBSD
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE server
This file contains all major changes made during the development of bftpd.
The uppermost change is the newest one.
Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.7
- A malicious client could cause a buffer overflow with
a lot of EPSV commands sent in a row. We now close
the pasv socket before each new use to avoid accumulating
more than 1023.
Thanks to Shisong Qin for reporting this issue and suggesting
a fix.
Version 1.0.36 August 26 2019
* Fix compiling tinc with certain versions of the OpenSSL library.
* Fix parsing some IPv6 addresses with :: in them.
* Fix GraphDumpFile output to handle node names starting with a digit.
* Fix a potential segmentation fault when fragmenting packets.
Thanks to Rosen Penev, Quentin Rameau and Werner Schreiber for their
contributions to this version of tinc.
Version 1.0.35 October 5 2018
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
* Minor fixes in the documentation.
Thanks to Amine Amri and Rafael Sadowski for their contributions to this
version of tinc.
Version 1.0.34 June 12 2018
* Fix a potential segmentation fault when connecting to an IPv6 peer via a
proxy.
* Minor improvements to the build system.
* Make the systemd service file identical to the one from the 1.1 branch.
* Fix a potential problem causing IPv4 sockets to not work on macOS.
Thanks to Maximilian Stein and Wang Liu Shuai for their contributions to this
version of tinc.
Version 1.0.33 November 4 2017
* Allow compilation from a build directory.
* Source code cleanups.
* Fix some options specified on the command line not surviving a HUP signal.
* Handle tun/tap device returning EPERM or EBUSY.
* Disable PMTUDiscovery when TCPOnly is used.
* Support the --runstatedir option of the autoconf 2.70.
Thanks to Rafael Sadowski and Pierre-Olivier Mercier for their contributions to
this version of tinc.
This release is for bug fixes only.
ASAN reports memory leaks while running tests
local libopts compiler warnings
DLT name for DLT_C_JNPR_ETHER in documentation
clean up new_cidr_map() string manipulation on error exit
fix gcc 8.3.0 build warnings
invalid --pps value protection
packets slowly drift further and further behind when they should be sent
64 bit rollover can cause pps replay issues after several hours
typo fixes
DLT_NULL/DLT_LOOP support for cross-platform PF_INET6
armv5 Freescale compile
heap buffer overflow in tcpreplay fast_edit_packet
heap buffer overflow in tcpreplay get_next_packet
CVE-2020-24266 heap buffer overflow in tcpprep get_l2len
CVE-2020-24265 heap buffer overflow in tcpprep
fix UNUSED macro declaration
handle malformed and unsupported packets as soft errors
compile failure on aarch64-linux-android
tcprewrite --fixlen not working on DLT conversion
fix configure --without-libdnet
ensure automake version is at least 1.15
with multiplier option only first file can be sent and hang
do not create tap0 if device already exists
sed 's/\(.*MINIUPNPC_API_VERSION\s\+\)[0-9]\+/\117/' < miniupnpc.h.bak > miniupnpc.h
sed: 1: "s/\(.*MINIUPNPC_API_VER ...": RE error: trailing backslash (\)
I held back on updating this package because of exactly this error...
All-in-one client for EC2 Instance Connect that handles key brokerage
and establishing connection to EC2 Instances through an interface
near-identical to standard system ssh, sftp, and other utilities.
[5.9.5] - 2021-05-25
Improvements
Changed a testing domain to one that really doesnt exist
Fix Incomplete notes field for file and block
Show component versions on hw detail
Add the firewall information on slcli firewall detail
Add an --orderBy parameters to call-api
Add image detail transaction data
[5.9.4] - 2021-04-27
New Commands
slcli hw authorize-storage
slcli order quote-save
Improvements
Refactored managers.ordering_manager.verify_quote() to work better with the REST endpoing
Add routers for each DC in slcli hw create-options
Add preset datatype in slcli virtual detail
Add upgrade option to slcli hw.
Ibmcloud authentication support
slcli config setup --ibmid
slcli config setup --sso
slcli config setup --cloud_key
slcli config setup --classic_key
Refactor slcli hw detail prices.
Updated contributing guide
Add the Hardware components on "slcli hardware detail"
Add billing and lastTransaction on hardware detail
Forced reserved capacity guests to be monthly
Removing the rwhois commands
Added automation to publish to test-pypi
Updating author_email to SLDN distro list
Add the option to add and upgrade the hw disk.
Added a utility to merge objectFilters,
Fixes shift+ins when pasteing into a password field for windows users.
Add Billing and lastTransaction on slcli virtual detail
Fixing 'import mock' pylint issues
RabbitMQ 3.8.17
RabbitMQ 3.8.17 is a maintenance release that includes a security patch.
Security Patches
This release addresses an undisclosed vulnerability with CVSS 3.1 score of 2.4 (low).
This section will be updated when the details are made public.
libtorrent-1.2.14
improve handling of seed flag in PEX messages
fix issue of accruing unlimited DHT node candidates when DHT is disabled
fix bug in parsing chunked encoding
fix incorrect reporting of active_duration when entering graceful-pause
fix python binding for functions taking string_view
fix python binding for torrent_info constructor overloads
issue python deprecation warnings for some deprecated functions in the python bindings
fix python binding for torrent_info::add_url_seed, add_tracker and add_http_seed
Wireshark 3.4.6 Release Notes
What’s New
The Windows installers now ship with Npcap 1.31. They previously
shipped with Npcap 1.10.
The Windows installers now ship with Qt 5.15.2. They previously
shipped with Qt 5.12.1.
Bug Fixes
• wnpa-sec-2021-04[1] DVB-S2-BB dissector infinite loop
The following bugs have been fixed:
• Macro filters can’t handle escaped characters Issue 17160[2].
• Display filter crashes Wireshark Issue 17316[3].
• IEEE-1588 Signalling Unicast TLV incorrectly reported as being
malformed Issue 17355[4].
• IETF QUIC TLS decryption error with extraneous packets during the
handshake Issue 17383[5].
• Statistics → Resolved Addresses: multi-protocol (TCP/UDP/…<U+200B>)
ports not displayed Issue 17395[6].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
DNP, DVB-S2-BB, ProtoBuf, PTP, QUIC, RANAP, and TACACS
New and Updated Capture File Support
Ascend, ERF, K12, NetScaler, and pcapng
2.3.3 - The "delayed too many times, but still not too late" version
Yes, it's been delayed too many times, but finally it's out! With all the new features and bug fixes from the past four years! Let me highlight some for you:
CMake support. CMake provides us platform-independent configuration files and generates native makefiles and workspaces for the compiler of your choice. It's highly experimental in its current state, but it aims to take the place of good old autoconf/automake one day.
Command completion with the TAB key in amulecmd.
Supports compilation with the latest C++ standard (C++17).
Scope graphs now (should) work on Mac.
Notification when a download completes.
pysmb-1.2.7, 30 May 2021
========================
- Fix compatibility issues on file retrievals with Likewise servers
- Improve SMBConnection's connect() method to remove the need to provide sock_family
parameter for IPv6 addresses in Python 3.x
Version 1.14.7
Fixes broken windows build.
Version 1.14.6
Fix for a DNS Rebind exploit. A special thanks for the collaboration
of the following people:
- Alaric Senat
- Fabrice Fontaine
- Gabriel Corona
- Ian Whyman
- Jean-Francois Dockes
- Marvin Scholz
- Werner Mahr
When upnp uses ixml to parse SOAP messages which contains too many node,
services are unavailable.
Version 1.14.5
Avoid potential memory leak in http_SendMessage()
Get rid of alloca()'s.
Non-recursive version of ixmlNode_free() avoids stack overflow attack.
Fixes CVE-2021-28302.
Version 1.14.4
Add more missing CMake infrastructure to the tarball.
Version 1.14.3
Add CMake infrastructure to the tarball.
Fix for gena leak.
Version 1.14.2
upnpapi.c: Fix crash in UpnpGetIfInfo
Per getifaddrs documentation, the ifa_addr field of an ifaddrs structure
can be null. In a real world example, an entry may be provided for the
non-existent hardware address of a tunnel device. This behavior was
observed with the netlink based getifaddrs implementation in glibc.
Handle interfaces without address
I got a crash on gerbera startup because at least one interface did not have `ifa_addr` set.
The reason is quite simple: they are the physical interfaces which are part of my channel
```
2: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
```
CMake:
- Fix tests for all occasions. (Hopefully)
- Set right so-version and don't yell commands.
- Reverted libname-change till decided
Fix IPv6 GENA subscription
Use LOCAL_PORT_V6_ULA_GUA or LOCAL_PORT_V6 depending on the IPv6 address
samples: allow the user to specify the control point interface
This is useful to test UPnP on specific interface (e.g. IPv6-only).
This was already possible on the device sample.
upnp/src/api/upnpapi.c: don't set gIF_IPV4 if there is no IPv4
Don't set gIF_IPV4 if no IPv4 is found to keep the default value of '\0'
otherwise SSDP will try to register IPv4 multicast with address 0.0.0.0
which will result in a runtime failure
Version 1.14.1
CMake Github Actions, including windows build.
upnpapi.c: assume that getifaddrs is available
Assume that getifaddrs is available even if it is not POSIX-compliant,
this will simplify the code and, as a side effect, this allow pupnp to
work on an interface that does not have an IPv4 address.
CMake support.
Fixes the inclusion of alloca.h in WIN32.
Remove the now unused file ClientSubscription.c.
Remove port >= 49152 restriction.
Version 1.14.0
Reworked the miniserver code to deal with SO_REUSEADDR
Factored the common socket code and test for EADDRINUSE returning from
listen() when SO_REUSEADDR is turned on.
Removed template classes.
The files generated through template classes had some drawbacks:
1 - You could not read the code.
2 - You could not step through the code with a debugger.
3 - Doxygen was unable to document it.
This patch removes the templates and creates an auto generator for these
boilerplate generated code in the same spirit of the templates, but
solves the above problems.
Still, dealing with documentation still needs some work, but should be
much easier now.
upnpapi.c: retrieve gIF_IPV4_NETMASK with BSD
BSD is using getifaddrs, update the code to retrieve the IPv4 netmask
(used in the CallStranger fix)
Signed-off-by: Fabrice Fontaine fontaine.fabrice@gmail.com
Drop UpnpInit
This function is deprecated since a long time moreover it is vulnerable
to CallStranger a.k.a. CVE-2020-12695 and can't be fixed without
breaking the API as HostIP only allows the user to pass an IP address
and not a netmask.
If we want to discover the netmask from the HostIP provided in UPnPInit,
we'll have to loop through all the available interfaces to find the
interface with the given IP address to finally retrieve the netmask.
This is a lot of work/modification for a deprecated function. Moreover,
in the end UPnPInit will be like a "deprecated" (i.e. IPv4-only) version
of UPnPInit2.
So it is time to remove this deprecated function.
As a result, also remove getlocalhostname and DEFAULT_INTERFACE which
are not needed anymore and replace UpnpInit by UpnpInit2 in comments.
Signed-off-by: Fabrice Fontaine fontaine.fabrice@gmail.com
Partial fix for CallStranger on IPv4
This is a partial fix for CallStranger a.k.a. CVE-2020-12695
Check that DeliveryURLs are in the expected network segment as requested
by the new UPnP UDA:
https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf.
Here is an extract of the new requirement:
The subscription request containing a delivery URL not on the same
network segment as the fully qualified event subscription URL shall not
be accepted. For private networks this means that the delivery URL
provided will adhere to the following IP ranges:
. 10.0.0.0 - 10.255.255.255 (10/8 prefix)
. 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
. 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
In the context of pupnp, this means that the IPv4 netmask is now
retrieved when using UPnPInit2. Then, each DeliveryURL is checked
against the device's IPv4 address and netmask. If one of them are not
compliant, the whole subscription is rejected.
This first commit should be enhanced / updated to:
. remove UPnPInit (it is deprecated for a long time) or update it so
. the user can also pass the netmask
. fix IPv6
. fix Windows code
. retrieve the netmask in the BSD code of UPnPInit2
Signed-off-by: Fabrice Fontaine fontaine.fabrice@gmail.com
NULL pointer dereference in FindServiceControlURLPath
Version 1.12.1
setsockopt(IP_MULTICAST_IF) fails on 64-bit CPUs
Do not use usleep when using newer POSIX C source.
usleep is deprecated and is optionally unavailable with uClibc-ng.
Add Os/UserAgent information to UpnpActionRequest and UpnpFileInfo
Add CtrlPtIPAddr to UpnpFileInfo class
List: Add extern C for C++ users
Version 1.12.0
Reduce spurious HTTP 416 errors due to ill-defined bytes header
I (re)discovered this behavior trying to use the Gerbera media server
with Chromecast (built in to my Vizio P55-F1 TV). Chromecast specifies
"bytes:0-" with no end range, which caused pupnp to return
RANGE_NOT_SATISFIABLE. Jin, the author of MediaTomb, of which Gerbera
is a continuation, fixed this in 2007 in MediaTomb's fork of pupnp, see
gerbera@ccd7994d45 "made sure that range requests specified as
"bytes=0-" do not trigger...", but never passed the fix upstream. When
restarted as Gerbera, pupnp was removed from the local tree in favor of
using the upstream version, and the patch was lost which lead to me
rediscovering it recently.
This is Jin's original patch applied to pupnp 1.8. This teaches pupnp to
ignore the bytes header if it matches "0-" and return HTTP_OK.
When building v1.8.6 (on GNU/Linux) with --disable-device, pupnp doesn't build:
/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../upnp/inc -I./inc -I../ixml/inc -DNDEBUG -I./src/inc -I./src/threadutil -I/foo/contrib/x86_64-linux-gnu/include -fPIC -pthread -I/foo/contrib/x86_64-linux-gnu/include -DNDEBUG=1 -O3 -DUPNP_STATIC_LIB -Os -Wall -c -o src/genlib/util/libupnp_la-util.lo `test -f 'src/genlib/util/util.c' || echo './'`src/genlib/util/util.c
In file included from src/genlib/miniserver/miniserver.c:58:0:
./src/inc/upnpapi.h:208:2: error: unknown type name 'service_info'
service_info **serv_info
^~~~~~~~~~~~
This patch fixes compilation for the --disable-device case.
GitHub PRs:
* Remove unused files
* UpnpEnableWebserver: Error correctly when web server compiled-out
* CI: Remove .travis.yml
* Remove TRUE/FALSE defines and BOOL typedef
* CI: Add address sanitizer and leak sanitizer enabled test run
* Add list test
* Add -Wextra and -Wpedantic to get more warnings
* More warning fixes
* Doxygen changes
* Remove unused headers
* Remove IN, OUT and INOUT defines
* Remove unused defines in uri.h
* Use stdbool.h instead of BOOL typedef and defines
* Various compiler warning fixes
* configure.ac: Fix Windows detection
* configure.ac: Enable silent rules
* LinkedList: Simplify _WIN32 check
* Remove checks of __OSX__ define
* Add Github Actions based CI
Github PR * Add forgotten Windows dll export qualifiers
Github PR * Remove and replace the list.h file
Github PRs:
* Overhaul list.h to fix various issues
* Use rand_s in get_random_info on Windows
* Do not redeclare timezone struct if already defined in Mingw
* Fix interface filtering for Windows
- The mentioned fix is not only needed for MSVC, but when
cross-compiling for Windows with mingw-w64 too.
* config.h: Remove DEBUG_TARGET
- The DEBUG_TARGET is no longer used, it was previously used in
upnpdebug.c to disable logging to a file, which now is done
by just not calling UpnpSetLogFileNames.
* Check for -lpthread too
- Updates pthread m4 check from upstream
Version 1.10.1
Fix format string for ExtraHeaders
Version 1.10.0
Fix sed command for upnp patch in configure.ac
Proper allocation for an array of structs and a check for an unlikely
overflow when calling the SIOCGIFCONF ioctl().
It still bugs me the stack requirements of getlocalhostname() and
UpnpGetIfInfo().
Version 1.8.6
Fix format string for ExtraHeaders
Version 1.8.5
Fixed a wrong ifdef in ssdp_device.c that was causing problems with
ipv6.
iperf-3.10.1 2021-06-03
-----------------------
* Notable user-visible changes
* Fixed a problem with autoconf scripts that made builds fail in
some environments.
* Developer-visible changes
* GNU autoconf 2.71 or newer is now required to regenerate iperf3's
configure scripts.
idna uses unicode_compat_util, and downloads it from the net and
builds it. This wasn't installed, and thus any attempt to use idna
failed at runtime, breaking s2s in ejabberd with earlier erlang-xmpp,
and probably breaking everything with current erlang-xmpp.
The idna library has removed this library, but doesn't have a release
yet. So this problem should go away soonish. For now, accept the ick
to (very likely) unbreak ejabberd.
(This commit does not increase the use of the net during the build; it
merely uses the build products that already happened.)
Gunison is a new GUI (GTK 3) frontend for the Unison file synchronizer.
Unison already has a built-in GTK 2 frontend, but Gunison is nicer
and more convenient. Gunison works by wrapping Unison's console
frontend in an expect-like fashion.
Notes for BIND 9.16.16
Feature Changes
* DNSSEC responses containing NSEC3 records with iteration counts greater
than 150 are now treated as insecure. [GL #2445]
* The maximum supported number of NSEC3 iterations that can be configured
for a zone has been reduced to 150. [GL #2642]
* The default value of the max-ixfr-ratio option was changed to unlimited,
for better backwards compatibility in the stable release series. [GL
#2671]
* Zones that want to transition from secure to insecure mode without
becoming bogus in the process must now have their dnssec-policy changed
first to insecure, rather than none. After the DNSSEC records have been
removed from the zone, the dnssec-policy can be set to none or removed
from the configuration. Setting the dnssec-policy to insecure causes CDS
and CDNSKEY DELETE records to be published. [GL #2645]
* The implementation of the ZONEMD RR type has been updated to match RFC
8976. [GL #2658]
* The draft-vandijk-dnsop-nsec-ttl IETF draft was implemented: NSEC(3) TTL
values are now set to the minimum of the SOA MINIMUM value or the SOA TTL.
[GL #2347]
Bug Fixes
* It was possible for corrupt journal files generated by an earlier version
of named to cause problems after an upgrade. This has been fixed. [GL
#2670]
* TTL values in cache dumps were reported incorrectly when
stale-cache-enable was set to yes. This has been fixed. [GL #389] [GL
#2289]
* A deadlock could occur when multiple rndc addzone, rndc delzone, and/or
rndc modzone commands were invoked simultaneously for different zones.
This has been fixed. [GL #2626]
* named and named-checkconf did not report an error when multiple zones with
the dnssec-policy option set were using the same zone file. This has been
fixed. [GL #2603]
* If dnssec-policy was active and a private key file was temporarily offline
during a rekey event, named could incorrectly introduce replacement keys
and break a signed zone. This has been fixed. [GL #2596]
* When generating zone signing keys, KASP now also checks for key ID
conflicts among newly created keys, rather than just between new and
existing ones. [GL #2628]
Notes for BIND 9.11.32
Feature Changes
* DNSSEC responses containing NSEC3 records with iteration counts greater
than 150 are now treated as insecure. [GL #2445]
* The maximum supported number of NSEC3 iterations that can be configured
for a zone has been reduced to 150. [GL #2642]
* The implementation of the ZONEMD RR type has been updated to match RFC
8976. [GL #2658]
Changes since 4.14.4
--------------------
* BUG 14696: s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success.
* BUG 14708: s3: smbd: Ensure POSIX default ACL is mapped into returned
Windows ACL for directory handles.
* BUG 14721: s3: smbd: Fix uninitialized memory read in
process_symlink_open() when used with vfs_shadow_copy2().
* BUG 14689: docs: Expand the "log level" docs on audit logging.
* BUG 14714: smbd: Correctly initialize close timestamp fields.
* BUG 14699: Fix gcc11 compiler issues.
* BUG 14718: docs-xml: Update smbcacls manpage.
* BUG 14719: docs: Update list of available commands in rpcclient.
* BUG 14475: ctdb: Fix a crash in run_proc_signal_handler().
* BUG 14695: s3:winbind: For 'security = ADS' require realm/workgroup to be
set.
* BUG 14699: lib:replace: Do not build strndup test with gcc 11 or newer.
1.4.3:
Generic changes:
o RHEL8 build fix.
Server changes:
o LDAP module functionality expanded with support for PAC and LDAP based
authentication.
o Fix an error case where the Dante mother process would never
terminate a request process that failed handling a client due to
resource shortage, leading the request process to hang around idle
forever.
Will hopefully fix problem reported by ANON.
o Fix for BSD authentication ECHILD error on OpenBSD.
Client changes:
o Work around an issue where "logoutput: syslog" in the client
could create issues for the application being socksified.
o Added missing NULL argument check in Raccept().
Version 0.11.0
* Added notice about needing a new maintainer.
* Fixed link to Travis CI.
* Added test.py to the source distribution.
* Fixed netmask calculation for IPv6.
* Fixes to gateway detection in some edge cases.
* Build CPython 2.7 wheels for 64-bit Windows (yes, you should be
using Python 3 now, but still).
Packaged in wip by otis@, roy@ and gdt@.
Tested on NetBSD 9 amd64 with openjdk11 (as upgrade from 5).
Upstream significant changes:
What’s New in 6.0?
Introduce Beta Dashboard for UDM.
Implement Real-Time statistics for UDM.
Preview new Beta Settings.
Redesign, simplify and move Site, Controller, Maintenance, Remote Access and Backup configuration to System Settings.
Hide and auto-configure Data Retention for Statistics.
Redesign and move Wi-Fi AI configuration to System Settings page.
Redesign and move RADIUS and Switch Port profiles to Advanced Features page.
Redesign and move Services to Advanced Gateway Settings to Advanced Features page.
Move User Groups to Client Groups on Advanced Features page.
Redesign and move Wireless Networks configuration to Wi-Fi page.
Replace WLAN Groups with new AP Groups feature.
Simplify WiFi creation - WPA2 Security protocol with Password is set by default.
Allow selecting WPA2 Enterprise Security Protocol if at least one Radius profile is enabled.
Change VLAN ID numeric input to Network dropdown.
Integrate Guest Control with Hotspot configuration on Wi-Fi page.
Redesign and move LAN Networks configuration to Networks page.
Add Auto Scale Network feature.
Move VLAN Only Networks to Network Isolation in Advanced Features.
Update Content Filtering categories and move to Network configuration.
Add new Device Isolation (creates guest network if turned on) and Internet Access (blocks WAN access if turned off) toggles.
Redesign and move WAN Networks configuration to Internet page.
Redesign and move DPI configuration to Security page.
Redesign and move Threat Management configuration to Security page.
Introduce AP Groups feature.
AP Groups simplifies the way to configure Wi-Fi and arrange APs in logical groups.
That feature is replacing WLAN Groups and WLAN Overrides. It’s a breaking change and some corner cases may not covered by migration.
Some WLAN Group configurations have been migrated to individual Wi-Fi Network configurations.
Preview Auto Scale Network feature.
That feature automatically adjusts subnet size and DHCP range with avoiding network collision.
Add ability to report incorrect Wi-Fi Experience.
Add Survey for Beta Dashboard and Beta Settings.
Improvements
Add transition animations in Beta Settings.
Add buttons for guest client authentication and unauthentication.
Replace Speed test gauge with numbers.
Move PMF to WLAN configuration in Beta Settings.
Show AP promo placeholder in the new dashboard when there is no WiFi network created.
Show Original vendor logos when device logo is unavailable.
Remove Combine Name/SSID option from Settings.
Improve the user experience of AP Group validation in Beta Settings.
This manifests as the snapper vfs files appearing depending on dbus
being present or not on Linux, causing PLIST mismatch. This option
actually disables this if desired. The default is still on, as
dbus is to be expected on modern Linux installs anyway.
3.7.2 (2021-05-24)
Merged Pull Requests
* Remove ruby 2.4 support and udpated activesupport to be >= 6.0.0 #680
(Vasu1105)
* Add support for Ubios #687 (tas50)
3.7.0 (2021-04-28)
Merged Pull Requests
* Update chefstyle requirement from 1.7.4 to 1.7.5 #678 (dependabot[bot])
* Switch to GNU timeout-based implementation of SSH timeouts #679
(clintoncwolfe)
* Read the username and port from /.ssh/config file and replace if present
#659 (sanga1794)
2.3.20 (2021-05-13)
Highlights:
* BUG: Fix for a regex performance bug in http_servers when matching
IPs. This was brought to our attention by @hudclark (#353)
* BUG: Fix for a CPE generation bug in which we were using deprecated
CPEs. This was brought to our attention by @p0lr (#361)
* CPE: Remapping logic was refactored so that remaps are specific record
type (a,h,o) which provides much greater flexibility. (#361)
* CPE: Focused improvements in coverage (#349)
* Fingerprints: Misc improvements (Thanks @cblack-r7, @dabdine, @sdynes-r7)
(#341, #344, #345, #351, #354, #355)
* Fingerprints: HTTP - focused work on HTTP related (http_servers,
html_title, etc) fingerprints (#352, #357, #358, #359)
* Tooling: Adding field names (os.vendor, service.product, etc) to our
standard identifier checks (#350)
Changelog:
1.4.17
Fix build with musl libc !2259 @ncopa
Fix typos !2260 @mfvescovi
Improving CI cache !2257 @antenore
Fix System Tray Icon Broken/Missing !2261 @antenore
VNC quality deafults now to good !2264 @antenore
Flatpak refactoring !2262 @antenore
Adding Gateway websocket support !2263 @antenore
Revert "Linking snap and flatpak to FreeRDP 2.3.1" !2265 @antenore
Set FreeRDP config path to Remmina profiles path !2266 @antenore
1.4.16
Fix Data PATH for the FreeRDP files bcf24360 @antenore
1.4.15
Fixing SSH plugin colour palette initialization. !2255 @antenore
1.4.14
[VNC] - Ignore remote Bell option and other fixes!2237 (merged) @antenore
Fixing color palette size for themed SSH !2253 (merged) @antenore
Bump FreeRDP version to 2.3.2 !2226 (merged) @antenore
Fixes search bar shortcuts wrong bahavior !2227 (merged) @antenore
Honour theme settings when run from command line !2251 (merged) @antenore
FTP UI improvements !2228 (merged) @antenore
Experimental VNC plugin using GTK-VNC !2248 (merged) @antenore
Config SSH tunnel username takes precedence. !2231 (merged) @matir
Allow groups to be expanded and collapsed by using the keyboard !2232 (merged) @xsmile
Fixing VNC repeater logic. !2243 (merged) @antenore
Send text clipboard content as keystrokes !2238 (merged) @antenore
scrolled viewport: explicitly recheck whether the timeout is active !2233 (merged) @cth451
Resolve Host+Page_Down triggers search text in SSH !2240 (merged) @antenore
UNIX sockets initial support !2250 (merged) @antenore
Fixed wrong freerdp_settings function use !2234 (merged) @akallabeth
Fixing RemminaConnectionWindow map/unmap events !2245 (merged) @antenore
Spelling: Comma-separated, List monitor IDs !2235 (merged) @kingu
Set Remmina specific FreeRDP config data folder !2236 (merged) @antenore
Optional port connection instead of server !2239 (merged) @kingu
Resolve "Use LZO compression for Snap to improve startup speed" !2241 (merged) @antenore
Make wayland not mandatory during compile time !2246 (merged) @antenore
Do not use alpha as it is not used for the Desktop !2247 (merged) @antenore
Refactoring: Deprecations and warnings !2249 (merged) @antenore
Removing unneeded widgets in the headerbar !2252 (merged) @antenore
This release brings:
- [server] Add MAX_FW_TIMEOUT to access.conf stanzas to allow a maximum
number of seconds for client-specified timeouts in SPA packets. This
fixes issue #226 which was spotted by Jeremiah Rothschild.
- [server] Bug fix in CMD_EXEC mode to make sure to call exit() upon any
error from execvpe(). Without this fix, additional fwknopd processes
would be started upon a user specifying a command without the necessary
permissions. This bug was reported by Stephen Isard.
- [build] Jeremie Courreges-Anglas and Ingo Feinerer contributed a patch
to fix endian detection on OpenBSD systems based on information
contained here: https://www.opengroup.org/austin/docs/austin_514.txt
- [client/server] (Michael Stair) Added client and server infrastructure
written in Erlang. See the erlang/ directory.
iperf 3.10 2021-05-26
---------------------
* Notable user-visible changes
* Fix a bug where some --reverse tests didn't terminate.
* Responsiveness of control connections is slightly improved.
* The allowable clock skew when doing authentication between client
and server is now configurable with the new --time-skew-threshold.
* Bitrate throttling using the -b option now works when a burst size
is specified.
* A bug with calculating CPU utilization has been fixed.
* A --bind-dev option to support binding sockets to a given network
interface has been added to make iperf3 work better with
multi-homed machines and/or VRFs.
* --pidfile now works with --client mode.
* The server is now less likely to get stuck due to network errors
controlled by the new --rcv-timeout option.
* Fixed a few bugs in termination conditions for byte or
block-limited tests.
* Added tcp_info.snd_wnd to JSON output.
* Some bugs with garbled JSON output have been fixed.
* Support for setting the IPv4 don't-fragment (DF) bit has been
added with the new --dont-fragment option.
* A failure with not being able to read the congestion control
algorithm under WSL1 has been fixed.
* Error handling and error messages now make more sense in cases
where sockets were not successfully opened.
* Some buffer overflow hazards were fixed.
* Notable developer-visible changes
* It is now possible to use the API to set/get the congestion
control algorithm.
Update isc-dhcp4 to 4.4.2p1 (4.4.2-P1).
Changes since 4.4.2 (Bug Fixes)
! Corrected a buffer overwrite possible when parsing hexadecimal
literals with more than 1024 octets. Reported by Jon Franklin from Dell,
and also by Pawel Wieczorkiewicz from Amazon Web Services.
[Gitlab #182]
CVE: CVE-2021-25217
Release v1.38.0
Core
Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner.
Fix use-after-unref bug in fault_injection_filter.
Fix 25897 to avoid crashes when certificates are not yet updated.
gRPC EventEngine Interface.
Allow the AWS_DEFAULT_REGION environment variable.
C++
s/OnServingStatusChange/OnServingStatusUpdate.
cmake: only install channelz if gRPC_USE_PROTO_LITE is off.
C#
Grpc.Tools: Use x64 protoc on macOS arm64.
Provide runtime/framework info in gRPC C# user agent string.
Python
Add grpcio-admin Python package.
Add CSDS API to Python.
Expose code and details from context on the server side.
Explicitly import importlib.abc; required on Python 3.10.
Fix potential deadlock on the GIL in AuthMetdataPlugin.
Introduce new Python package "xds_protos".
also build python3.6 aarch64 manylinux2014 wheel.
Remove async mark for set_trailing_metadata interface.
Ruby
ruby: use x86_64 binary on M1 macs.
Add ruby 3.0 support for mac binary packages.
Changes in version 0.4.5.8 - 2021-05-10
Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes
from the 0.4.6.x series.
o Minor features (compatibility, Linux seccomp sandbox, backport from 0.4.6.3-rc):
- Add a workaround to enable the Linux sandbox to work correctly
with Glibc 2.33. This version of Glibc has started using the
fstatat() system call, which previously our sandbox did not allow.
Closes ticket 40382; see the ticket for a discussion of trade-offs.
o Minor features (compilation, backport from 0.4.6.3-rc):
- Make the autoconf script build correctly with autoconf versions
2.70 and later. Closes part of ticket 40335.
o Minor features (fallback directory list, backport from 0.4.6.2-alpha):
- Regenerate the list of fallback directories to contain a new set
of 200 relays. Closes ticket 40265.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/05/07.
o Minor features (onion services):
- Add warning message when connecting to now deprecated v2 onion
services. As announced, Tor 0.4.5.x is the last series that will
support v2 onions. Closes ticket 40373.
o Minor bugfixes (bridge, pluggable transport, backport from 0.4.6.2-alpha):
- Fix a regression that made it impossible start Tor using a bridge
line with a transport name and no fingerprint. Fixes bug 40360;
bugfix on 0.4.5.4-rc.
o Minor bugfixes (build, cross-compilation, backport from 0.4.6.3-rc):
- Allow a custom "ar" for cross-compilation. Our previous build
script had used the $AR environment variable in most places, but
it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha):
- Fix a non-fatal BUG() message due to a too-early free of a string,
when listing a client connection from the DoS defenses subsystem.
Fixes bug 40345; bugfix on 0.4.3.4-rc.
o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc):
- Fix an indentation problem that led to a warning from GCC 11.1.1.
Fixes bug 40380; bugfix on 0.3.0.1-alpha.
o Minor bugfixes (controller, backport from 0.4.6.1-alpha):
- Fix a "BUG" warning that would appear when a controller chooses
the first hop for a circuit, and that circuit completes. Fixes bug
40285; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (onion service, client, memory leak, backport from 0.4.6.3-rc):
- Fix a bug where an expired cached descriptor could get overwritten
with a new one without freeing it, leading to a memory leak. Fixes
bug 40356; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (testing, BSD, backport from 0.4.6.2-alpha):
- Fix pattern-matching errors when patterns expand to invalid paths
on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by
Daniel Pinto.
- fix IPv6 split masklen
- vpnc-script-win: tidy up, more logging
- vpnc-script-win: make VPN addresses/gateways "non-persistent", and
delete them on disconnect
- vpnc-script-win: delete DNS and WINS servers before adding them
- vpnc-script-win: dump stdout and stderr when a command fails
- vpnc-script-win: use TUNIDX in all netsh commands, remove
waitForInterface()
- vpnc-script-win: add FIXMEs regard IPv6 split-excludes and gateways
- vpnc-script-win: add legacy IP split-exclude handling
- vpnc-script-win: cleanup spacing, clarify comments
- vpnc-script-win: simplify 'internal gateway' calculation
- GNU awk regex fix
- move destroy_tun_device into do_disconnect (called only here)
- remove bits for ancient Linux 2.6.x kernels
- mention IDLE_TIMEOUT
- cleanup whitespace and clarify comments
- tweak warning message about un-routable exclude routes
- Ignore unreachable exclude routes
- Document split tunnel EXC variables
- ignore bogus non-forwardable exclude routes on disconnect too
- *BSDs: get_default_gw needs to EXCLUDE routes through tunnel for
attempt-reconnect, but should NOT exclude them otherwise
- mark tunnel device 'down' before destroying
- Add DragonFly BSD support and improve FreeBSD support
- Use '[[:space:]]' instead of '\s' to support POSIX awk
- *BSDs: don't inadvertently pick up a bogus 0.0.0.0/32 route as a
default route
- Fix basename invocation on *BSD shells
- fix another ifconfig syntax difference between Linux and *BSDs
- use `ip netns` instead of ocserv `listen-netns` config option for
test configs
- match preexisting code style
- Use systemd-resolve to check if resolved is running
- FIXME add mock IPv6 configuration to get CI to work
- add a bit more logging to test scripts
- split iproute2 and *BSD-ish into separate CI runs
- CI: don't need to install ocserv and which
- numerous fixes for Linux IPv6 configuration using
ifconfig/route/netstat
- try running tests with *BSD-ish tools (ifconfig/route/netstat) for
additional coverage
- match code style
- Don't use /sbin/resolvconf if it just points to resolvectl.
- include calling process ID in DEFAULT_ROUTE_FILE{,_IPV6}
- with BSD 'route', save-and-restore IPv6 default routes
- simplify cases and add ifconfig_syntax_del variable
- Patch: make ipv6 in ipv4 and ipv6 in ipv6 tunnels work on (Net)BSD
- vpnc-scripts: added a sanity check of routes and resolv.conf
generation
- preserve metric in fix_ip_get_output
- with iproute2, sort the routes to the VPN gateway by metric before
trying to create an explicit route to the gateway via each of them
- make do_attempt_reconnect work with route/ifconfig
- add working do_attempt_reconnect
- don't try to set an explicit route to VPN gateway if localhost, and
ignore bogus non-forwardable exclude routes
- Ignore link-local routes in set_default_route
- leave support for older systemd-resolved (v229-v238) in place
- Windows IPv6: remove hard-coded next-hop of fe80::8
- Add split DNS support for systemd-resolved
- Use resolvectl for systemd-resolved
- fix tabs/spaces in POSIX vpnc-script as well
- cleanup whitespace in vpnc-script-win.js
- specify interface when adding routes
- fix Slackware issue (netconfig is an unrelated tool, not relevant for
resolv.conf handling)
- No need to add a separate sed invocation for `$NETMASKLEN` fixing
- iproute2 5.1+ doesn't allow prefixlen!=32 in get
upstream changes:
-----------------
Version 1.0.43
o Updating p1_utils to version 1.0.22.
o Updating fast_tls to version 1.1.12.
o stun_test: Start up transitive dependencies
Version 1.0.42
o Updating fast_tls to version 1.1.11.
Version 1.0.41
o Never accept Teredo/6to4 addresses as TURN peers.
o Never accept 0.0.0.0/:: addresses as TURN peers.
What's new in 2.4 compared to 2.3 ? Lots of cool stuff! The work was spread
on several fronts:
- performance and latency: a lot of work was done on locking reduction,
bringing 2.4 a much lower latency than 2.3 had, and a higher scalability.
2.4 is NUMA-aware on Linux and will avoid binding to cross-socket cores
by default. Idle server-side connections are now reusable even when SNI,
proxy protocol or transparent proxy are used, saving costly round trips.
Lua now supports lock-free multi-threading. Idle frontend connections
will now be closed as soon as possible during reloads.
- reliability: "strict-limits" is on by default, experimental features
are protected against accidental use from a copy-paste, a diagnostic
mode was added to report suspicious or uncommon constructs that could
be mistakes, new live debugging tools were added for better in-field
debugging. Backend idle connections will be closed before quitting
so that they don't consume source ports in TIME_WAIT.
- management and integration: maps and ACLs now support atomic updates,
server-side SSL certificates can also be updated without reloading,
servers can be added/removed without reloading (still experimental),
more server settings can be edited at run time, global variables can
be listed/edited at run time, "defaults" section can now be named,
reused an inherited, line numbers and file names can be included in
any command, file paths can now be relative to the config file, some
new ".if/.elif/.else/.endif" config directives permit a smoother
transition between versions using a same config file (particularly
useful for automated rollbacks),
- interoperability / protocol support: WebSocket over HTTP/2 (RFC8441)
is now supported on both sides, regardless of the version on the other
side. The cache now supports the "Vary" header with a few commonly
used headers, including "Accept-encoding" which gets normalized for
optimal cache hit ratio. The Prometheus exporter got a significant
liftup, requires less tricks on the Prometheus side, and supports
listing only certain metrics for faster retrieval. Optional native
support for Opentracing was also integrated (via USE_OT=1). The DNS
resolvers now support talking to servers over TCP. Basic support for
extracting information from MQTT and FIX protocol was added. Timeouts
can now be adjusted on the fly and per-request in order to adapt to
particuarly slow servers or special protocols.
- user-friendliness: TCP loggers now do not require a ring section
declaration anymore, it's transparently done now. Header deletion
using a pattern matching on the name is now supported instead of
having to list many names. Checking for real server-side errors got
easier than before with http_fail_cnt/http_fail_rate. The config
parser and CLI will now provide suggestions when some keywords are
misspelled. The CLI's help output can now be filtered to subsets of
commands and will be sorted for easier finding.
- processing: the new "wait-for-body" HTTP action allows to wait for
a request or response body up to a certain size or delay. This is
convenient to detect POST contents or to detect error patterns or
information leaks in responses. TCP frontends can now be manually
upgraded to HTTP, allowing HTTP rules to be used in a frontend in
a tcp->http scenario. JSON parameters can be decoded to extract some
fields values. A URL encoder is now available to pass some fields in
a way that is suitable for query string parameters. Base64 variants
are now supported (such as the URL-compatible one used by JWT).
- for distros: building optional addons will be easier thanks to the
removal of the contrib/ directory and the cleaner integration with
the regular build process and include files. Libslz was included by
default, simplifying the packaging work. A few example configs were
added into examples/ to serve as starters for users. A CPU entry was
added to produce executables that works well both on old and new
ARMv8 CPUs.
- observability: more stats were added (SSL, H2). "show info" can now
emit floating point values for rates and uptimes if requested.
upstream changes:
-----------------
Version 1.5.3
o Updating fast_tls to version 1.1.12.
o Updating fast_xml to version 1.1.46.
o Updating p1_utils to version 1.0.22.
o Updating stringprep to version 1.0.25.
o Fix spec to match the current source code, as reportd by Dialyzer
o xmpp uses p1_options, so Dialyzer reports some false warnings
o Fix return value when skipping queued tcp packet to already closed socket
Version 1.5.2
o Updating fast_tls to version 1.1.11.
o Allow to free socket/parser/tls when session get detached
o Add support for XEP-0430: Inbox
o Add support for XEP-0333: Chat Markers
o Add missing applicaitons to xmpp.app
o Fix timezone in timestamp used by XEP-0202
o Don't throw exception when client send invalid lenght sasl response
Switch to xorg-server 1.20.11.
Restore vncserver script that upstream does not distribute
any longer (they switched to systemd instead).
Changes:
TigerVNC 1.11.0 is now available. This is a new major release of
TigerVNC, but also a security release. Users that rely on the TLS
feature in the viewers are recommended to upgrade as soon as
possible.
Lots of changes have been made since the last release, but the highlights are:
* A security issue has been fixed in how the viewers handle TLS certificate exceptions
* vncserver has gotten a major redesign to be compatible with modern distributions
* The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel)
* Middle mouse button emulation in the native viewer, for devices with only two mouse buttons
* The Java viewer now supports Java 9+, but also now requires Java 8+
* Support for alpha cursors in the Java viewer (a feature already supported in the native viewer)
* The password and username can now be specified via the environment for the native viewer
* Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16
* The official builds have been fixed to work on the upcoming macOS 11
* The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy
1.10.1
This is a security release to fix a number of issues that were
found by Kaspersky Lab. These issues affect both the client and
server and could theoretically allow an malicious peer to take
control over the software on the other side.
No working exploit is known at this time, and the issues require
the peer to first be authenticated. We still urge users to upgrade
when possible.
1.10.0
TigerVNC 1.10.0 is now available. Lots of changes have been made
since the last release, but the highlights are:
* The clipboard now supports full Unicode in the native viewer, WinVNC and Xvnc/libvnc.so
* The native client will now respect the system trust store when verifying server certificates
* Improved compatibility with VMware's VNC server
* Improved compatibility with some input methods on macOS
* Improvements to the automatic "repair" of JPEG artefacts
* Better handling of the Alt keys in some corner cases
* The Java web server has been removed as applets are no longer support by most browsers
* x0vncserver can now be configured to only allow local connections
* x0vncserver has received fixes for when only part of the display is shared
* Polling is now default in WinVNC as that works better for most
1.19.72
api-change:ec2: High Memory virtual instances are powered by Intel Sky Lake CPUs and offer up to 12TB of memory.
1.19.71
api-change:s3control: Documentation updates for Amazon S3-control
api-change:ssm-contacts: AWS Systems Manager Incident Manager enables faster resolution of critical application availability and performance issues, management of contacts and post incident analysis
api-change:ssm-incidents: AWS Systems Manager Incident Manager enables faster resolution of critical application availability and performance issues, management of contacts and post-incident analysis
1.19.70
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added support for Kantar SNAP File Audio Watermarking with a Kantar Watermarking account, and Display Definition Segment(DDS) segment data controls for DVB-Sub caption outputs.
api-change:codeartifact: Documentation updates for CodeArtifact
api-change:kinesisanalyticsv2: Amazon Kinesis Analytics now supports ListApplicationVersions and DescribeApplicationVersion API for Apache Flink applications
api-change:eks: This release updates create-nodegroup and update-nodegroup-config APIs for adding/updating taints on managed nodegroups.
api-change:iotwireless: Add three new optional fields to support filtering and configurable sub-band in WirelessGateway APIs. The filtering is for all the RF region supported. The sub-band configuration is only applicable to LoRa gateways of US915 or AU915 RF region.
api-change:config: Adds paginator to multiple APIs: By default, the paginator allows user to iterate over the results and allows the CLI to return up to 1000 results.
api-change:ssm: This release adds new APIs to associate, disassociate and list related items in SSM OpsCenter; and this release adds DisplayName as a version-level attribute for SSM Documents and introduces two new document types: ProblemAnalysis, ProblemAnalysisTemplate.
api-change:ecs: This release contains updates for Amazon ECS.
1.19.69
api-change:lakeformation: This release adds Tag Based Access Control to AWS Lake Formation service
api-change:connect: Adds tagging support for Connect APIs CreateIntegrationAssociation and CreateUseCase.
api-change:lookoutmetrics: Enforcing UUID style for parameters that are already in UUID format today. Documentation specifying eventual consistency of lookoutmetrics resources.
1.19.68
api-change:snowball: AWS Snow Family adds APIs for ordering and managing Snow jobs with long term pricing
api-change:servicediscovery: Bugfix: Improved input validation for RegisterInstance action, InstanceId field
api-change:ssm: SSM feature release - ChangeCalendar integration with StateManager.
api-change:kafka: IAM Access Control for Amazon MSK enables you to create clusters that use IAM to authenticate clients and to allow or deny Apache Kafka actions for those clients.
1.19.67
api-change:kinesisanalyticsv2: Amazon Kinesis Analytics now supports RollbackApplication for Apache Flink applications to revert the application to the previous running version
api-change:sagemaker: Amazon SageMaker Autopilot now provides the ability to automatically deploy the best model to an endpoint
api-change:auditmanager: This release updates the CreateAssessmentFrameworkControlSet and UpdateAssessmentFrameworkControlSet API data types. For both of these data types, the control set name is now a required attribute.
api-change:nimble: Documentation Updates for Amazon Nimble Studio.
1.19.66
api-change:finspace-data: Documentation updates for FinSpaceData API.
api-change:finspace: Documentation updates for FinSpace API.
1.19.65
api-change:health: Documentation updates for health
api-change:devops-guru: Added GetCostEstimation and StartCostEstimation to get the monthly resource usage cost and added ability to view resource health by AWS service name and to search insights be AWS service name.
api-change:chime: This release adds the ability to search for and order international phone numbers for Amazon Chime SIP media applications.
api-change:acm-pca: This release adds the KeyStorageSecurityStandard parameter to the CreateCertificateAuthority API to allow customers to mandate a security standard to which the CA key will be stored within.
api-change:sagemaker: Enable retrying Training and Tuning Jobs that fail with InternalServerError by setting RetryStrategy.
1.19.64
api-change:finspace-data: Update FinSpace Data serviceAbbreviation
1.19.63
api-change:securityhub: Updated ASFF to add the following new resource details objects: AwsEc2NetworkAcl, AwsEc2Subnet, and AwsElasticBeanstalkEnvironment.
api-change:finspace: This is the initial SDK release for the management APIs for Amazon FinSpace. Amazon FinSpace is a data management and analytics service for the financial services industry (FSI).
api-change:mturk: Update mturk command to latest version
api-change:finspace-data: This is the initial SDK release for the data APIs for Amazon FinSpace. Amazon FinSpace is a data management and analytics application for the financial services industry (FSI).
api-change:chime: Added new BatchCreateChannelMembership API to support multiple membership creation for channels
1.19.62
api-change:customer-profiles: This release introduces GetMatches and MergeProfiles APIs to fetch and merge duplicate profiles
api-change:cloudfront: CloudFront now supports CloudFront Functions, a native feature of CloudFront that enables you to write lightweight functions in JavaScript for high-scale, latency-sensitive CDN customizations.
api-change:personalize: Update URL for dataset export job documentation.
api-change:forecast: Added new DeleteResourceTree operation that helps in deleting all the child resources of a given resource including the given resource.
api-change:robomaker: Adds ROS2 Foxy as a supported Robot Software Suite Version and Gazebo 11 as a supported Simulation Software Suite Version
api-change:marketplace-catalog: Allows user defined names for Changes in a ChangeSet. Users can use ChangeNames to reference properties in another Change within a ChangeSet. This feature allows users to make changes to an entity when the entity identifier is not yet available while constructing the StartChangeSet request.
1.19.61
enhancement:arguments: Remove redundant '-' from two character pluralized acronyms in argument names
api-change:macie2: The Amazon Macie API now provides S3 bucket metadata that indicates whether a bucket policy requires server-side encryption of objects when objects are uploaded to the bucket.
api-change:ecs: Add support for EphemeralStorage on TaskDefinition and TaskOverride
api-change:chime: Increase AppInstanceUserId length to 64 characters
api-change:organizations: Minor text updates for AWS Organizations API Reference
bugfix:configure: Fix list command to show correct profile location when AWS_DEFAULT_PROFILE set.
1.19.60
api-change:iotsitewise: AWS IoT SiteWise interpolation API will get interpolated values for an asset property per specified time interval during a period of time.
api-change:connect: Updated max number of tags that can be attached from 200 to 50. MaxContacts is now an optional parameter for the UpdateQueueMaxContact API.
api-change:mediapackage-vod: MediaPackage now offers the option to place your Sequence Parameter Set (SPS), Picture Parameter Set (PPS), and Video Parameter Set (VPS) encoder metadata in every video segment instead of in the init fragment for DASH and CMAF endpoints.
api-change:cloudformation: Add CallAs parameter to GetTemplateSummary to enable use with StackSets delegated administrator integration
api-change:nimble: Amazon Nimble Studio is a virtual studio service that empowers visual effects, animation, and interactive content teams to create content securely within a scalable, private cloud service.
1.19.59
api-change:auditmanager: This release restricts using backslashes in control, assessment, and framework names. The controlSetName field of the UpdateAssessmentFrameworkControlSet API now allows strings without backslashes.
1.19.58
api-change:kinesisanalyticsv2: Amazon Kinesis Data Analytics now supports custom application maintenance configuration using UpdateApplicationMaintenanceConfiguration API for Apache Flink applications. Customers will have visibility when their application is under maintenance status using 'MAINTENANCE' application status.
api-change:personalize: Added support for exporting data imported into an Amazon Personalize dataset to a specified data source (Amazon S3 bucket).
api-change:codeguru-reviewer: Include KMS Key Details in Repository Association APIs to enable usage of customer managed KMS Keys.
api-change:mediaconvert: Documentation updates for mediaconvert
api-change:iotwireless: Add a new optional field MessageType to support Sidewalk devices in SendDataToWirelessDevice API
api-change:glue: Adding Kafka Client Auth Related Parameters
api-change:eks: This release updates existing Amazon EKS input validation so customers will see an InvalidParameterException instead of a ParamValidationError when they enter 0 for minSize and/or desiredSize. It also adds LaunchTemplate information to update responses and a new "CUSTOM" value for AMIType.
api-change:ec2: Adding support for Red Hat Enterprise Linux with HA for Reserved Instances.
1.19.57
api-change:sns: Amazon SNS adds two new attributes, TemplateId and EntityId, for using sender IDs to send SMS messages to destinations in India.
api-change:mediapackage: Add support for Widevine DRM on CMAF origin endpoints. Both Widevine and FairPlay DRMs can now be used simultaneously, with CBCS encryption.
1.19.56
api-change:forecast: This release adds EstimatedTimeRemaining minutes field to the DescribeDatasetImportJob, DescribePredictor, DescribeForecast API response which denotes the time remaining to complete the job IN_PROGRESS.
api-change:cognito-idp: Documentation updates for cognito-idp
api-change:elasticache: This release introduces log delivery of Redis slow log from Amazon ElastiCache.
api-change:securityhub: Replaced the term "master" with "administrator". Added new actions to replace AcceptInvitation, GetMasterAccount, and DisassociateFromMasterAccount. In Member, replaced MasterId with AdministratorId.
1.19.55
api-change🕵️ Added parameters to track the data volume in bytes for a member account. Deprecated the existing parameters that tracked the volume as a percentage of the allowed volume for a behavior graph. Changes reflected in MemberDetails object.
api-change:groundstation: Support new S3 Recording Config allowing customers to write downlink data directly to S3.
api-change:cloudformation: Added support for creating and updating stack sets with self-managed permissions from templates that reference macros.
api-change:redshift: Add operations: AddPartner, DescribePartners, DeletePartner, and UpdatePartnerStatus to support tracking integration status with data partners.
api-change:kendra: Amazon Kendra now enables users to override index-level boosting configurations for each query.
1.19.54
api-change:ce: Adding support for Sagemaker savings plans in GetSavingsPlansPurchaseRecommendation API
api-change:savingsplans: Added support for Amazon SageMaker in Machine Learning Savings Plans
1.19.53
api-change:dms: AWS DMS added support of TLS for Kafka endpoint. Added Describe endpoint setting API for DMS endpoints.
api-change:sts: STS now supports assume role with Web Identity using JWT token length upto 20000 characters
1.17.72
api-change:ec2: [botocore] High Memory virtual instances are powered by Intel Sky Lake CPUs and offer up to 12TB of memory.
1.17.71
api-change:ssm-incidents: [botocore] AWS Systems Manager Incident Manager enables faster resolution of critical application availability and performance issues, management of contacts and post-incident analysis
api-change:ssm-contacts: [botocore] AWS Systems Manager Incident Manager enables faster resolution of critical application availability and performance issues, management of contacts and post incident analysis
api-change:s3control: [botocore] Documentation updates for Amazon S3-control
1.17.70
api-change:mediaconvert: [botocore] AWS Elemental MediaConvert SDK has added support for Kantar SNAP File Audio Watermarking with a Kantar Watermarking account, and Display Definition Segment(DDS) segment data controls for DVB-Sub caption outputs.
api-change:ecs: [botocore] This release contains updates for Amazon ECS.
api-change:codeartifact: [botocore] Documentation updates for CodeArtifact
api-change:eks: [botocore] This release updates create-nodegroup and update-nodegroup-config APIs for adding/updating taints on managed nodegroups.
api-change:iotwireless: [botocore] Add three new optional fields to support filtering and configurable sub-band in WirelessGateway APIs. The filtering is for all the RF region supported. The sub-band configuration is only applicable to LoRa gateways of US915 or AU915 RF region.
api-change:ssm: [botocore] This release adds new APIs to associate, disassociate and list related items in SSM OpsCenter; and this release adds DisplayName as a version-level attribute for SSM Documents and introduces two new document types: ProblemAnalysis, ProblemAnalysisTemplate.
api-change:kinesisanalyticsv2: [botocore] Amazon Kinesis Analytics now supports ListApplicationVersions and DescribeApplicationVersion API for Apache Flink applications
api-change:config: [botocore] Adds paginator to multiple APIs: By default, the paginator allows user to iterate over the results and allows the CLI to return up to 1000 results.
1.17.69
api-change:lakeformation: [botocore] This release adds Tag Based Access Control to AWS Lake Formation service
api-change:lookoutmetrics: [botocore] Enforcing UUID style for parameters that are already in UUID format today. Documentation specifying eventual consistency of lookoutmetrics resources.
api-change:connect: [botocore] Adds tagging support for Connect APIs CreateIntegrationAssociation and CreateUseCase.
1.17.68
api-change:servicediscovery: [botocore] Bugfix: Improved input validation for RegisterInstance action, InstanceId field
api-change:kafka: [botocore] IAM Access Control for Amazon MSK enables you to create clusters that use IAM to authenticate clients and to allow or deny Apache Kafka actions for those clients.
api-change:ssm: [botocore] SSM feature release - ChangeCalendar integration with StateManager.
api-change:snowball: [botocore] AWS Snow Family adds APIs for ordering and managing Snow jobs with long term pricing
1.17.67
api-change:auditmanager: [botocore] This release updates the CreateAssessmentFrameworkControlSet and UpdateAssessmentFrameworkControlSet API data types. For both of these data types, the control set name is now a required attribute.
api-change:nimble: [botocore] Documentation Updates for Amazon Nimble Studio.
api-change:kinesisanalyticsv2: [botocore] Amazon Kinesis Analytics now supports RollbackApplication for Apache Flink applications to revert the application to the previous running version
api-change:sagemaker: [botocore] Amazon SageMaker Autopilot now provides the ability to automatically deploy the best model to an endpoint
1.17.66
api-change:finspace: [botocore] Documentation updates for FinSpace API.
api-change:finspace-data: [botocore] Documentation updates for FinSpaceData API.
1.17.65
api-change:devops-guru: [botocore] Added GetCostEstimation and StartCostEstimation to get the monthly resource usage cost and added ability to view resource health by AWS service name and to search insights be AWS service name.
api-change:acm-pca: [botocore] This release adds the KeyStorageSecurityStandard parameter to the CreateCertificateAuthority API to allow customers to mandate a security standard to which the CA key will be stored within.
api-change:health: [botocore] Documentation updates for health
api-change:chime: [botocore] This release adds the ability to search for and order international phone numbers for Amazon Chime SIP media applications.
api-change:sagemaker: [botocore] Enable retrying Training and Tuning Jobs that fail with InternalServerError by setting RetryStrategy.
1.17.64
api-change:finspace-data: [botocore] Update FinSpace Data serviceAbbreviation
1.17.63
api-change:finspace-data: [botocore] This is the initial SDK release for the data APIs for Amazon FinSpace. Amazon FinSpace is a data management and analytics application for the financial services industry (FSI).
api-change:mturk: [botocore] Update mturk client to latest version
api-change:chime: [botocore] Added new BatchCreateChannelMembership API to support multiple membership creation for channels
api-change:finspace: [botocore] This is the initial SDK release for the management APIs for Amazon FinSpace. Amazon FinSpace is a data management and analytics service for the financial services industry (FSI).
api-change:securityhub: [botocore] Updated ASFF to add the following new resource details objects: AwsEc2NetworkAcl, AwsEc2Subnet, and AwsElasticBeanstalkEnvironment.
1.17.62
api-change:personalize: [botocore] Update URL for dataset export job documentation.
api-change:marketplace-catalog: [botocore] Allows user defined names for Changes in a ChangeSet. Users can use ChangeNames to reference properties in another Change within a ChangeSet. This feature allows users to make changes to an entity when the entity identifier is not yet available while constructing the StartChangeSet request.
api-change:forecast: [botocore] Added new DeleteResourceTree operation that helps in deleting all the child resources of a given resource including the given resource.
api-change:robomaker: [botocore] Adds ROS2 Foxy as a supported Robot Software Suite Version and Gazebo 11 as a supported Simulation Software Suite Version
api-change:cloudfront: [botocore] CloudFront now supports CloudFront Functions, a native feature of CloudFront that enables you to write lightweight functions in JavaScript for high-scale, latency-sensitive CDN customizations.
api-change:customer-profiles: [botocore] This release introduces GetMatches and MergeProfiles APIs to fetch and merge duplicate profiles
1.17.61
api-change:macie2: [botocore] The Amazon Macie API now provides S3 bucket metadata that indicates whether a bucket policy requires server-side encryption of objects when objects are uploaded to the bucket.
api-change:organizations: [botocore] Minor text updates for AWS Organizations API Reference
api-change:ecs: [botocore] Add support for EphemeralStorage on TaskDefinition and TaskOverride
api-change:chime: [botocore] Increase AppInstanceUserId length to 64 characters
1.17.60
api-change:connect: [botocore] Updated max number of tags that can be attached from 200 to 50. MaxContacts is now an optional parameter for the UpdateQueueMaxContact API.
api-change:mediapackage-vod: [botocore] MediaPackage now offers the option to place your Sequence Parameter Set (SPS), Picture Parameter Set (PPS), and Video Parameter Set (VPS) encoder metadata in every video segment instead of in the init fragment for DASH and CMAF endpoints.
api-change:nimble: [botocore] Amazon Nimble Studio is a virtual studio service that empowers visual effects, animation, and interactive content teams to create content securely within a scalable, private cloud service.
api-change:iotsitewise: [botocore] AWS IoT SiteWise interpolation API will get interpolated values for an asset property per specified time interval during a period of time.
api-change:cloudformation: [botocore] Add CallAs parameter to GetTemplateSummary to enable use with StackSets delegated administrator integration
1.17.59
api-change:auditmanager: [botocore] This release restricts using backslashes in control, assessment, and framework names. The controlSetName field of the UpdateAssessmentFrameworkControlSet API now allows strings without backslashes.
1.17.58
api-change:ec2: [botocore] Adding support for Red Hat Enterprise Linux with HA for Reserved Instances.
api-change:iotwireless: [botocore] Add a new optional field MessageType to support Sidewalk devices in SendDataToWirelessDevice API
api-change:kinesisanalyticsv2: [botocore] Amazon Kinesis Data Analytics now supports custom application maintenance configuration using UpdateApplicationMaintenanceConfiguration API for Apache Flink applications. Customers will have visibility when their application is under maintenance status using 'MAINTENANCE' application status.
api-change:personalize: [botocore] Added support for exporting data imported into an Amazon Personalize dataset to a specified data source (Amazon S3 bucket).
api-change:mediaconvert: [botocore] Documentation updates for mediaconvert
api-change:codeguru-reviewer: [botocore] Include KMS Key Details in Repository Association APIs to enable usage of customer managed KMS Keys.
api-change:glue: [botocore] Adding Kafka Client Auth Related Parameters
api-change:eks: [botocore] This release updates existing Amazon EKS input validation so customers will see an InvalidParameterException instead of a ParamValidationError when they enter 0 for minSize and/or desiredSize. It also adds LaunchTemplate information to update responses and a new "CUSTOM" value for AMIType.
1.17.57
api-change:mediapackage: [botocore] Add support for Widevine DRM on CMAF origin endpoints. Both Widevine and FairPlay DRMs can now be used simultaneously, with CBCS encryption.
api-change:sns: [botocore] Amazon SNS adds two new attributes, TemplateId and EntityId, for using sender IDs to send SMS messages to destinations in India.
1.17.56
api-change:forecast: [botocore] This release adds EstimatedTimeRemaining minutes field to the DescribeDatasetImportJob, DescribePredictor, DescribeForecast API response which denotes the time remaining to complete the job IN_PROGRESS.
api-change:securityhub: [botocore] Replaced the term "master" with "administrator". Added new actions to replace AcceptInvitation, GetMasterAccount, and DisassociateFromMasterAccount. In Member, replaced MasterId with AdministratorId.
api-change:cognito-idp: [botocore] Documentation updates for cognito-idp
api-change:elasticache: [botocore] This release introduces log delivery of Redis slow log from Amazon ElastiCache.
1.17.55
api-change🕵️ [botocore] Added parameters to track the data volume in bytes for a member account. Deprecated the existing parameters that tracked the volume as a percentage of the allowed volume for a behavior graph. Changes reflected in MemberDetails object.
api-change:redshift: [botocore] Add operations: AddPartner, DescribePartners, DeletePartner, and UpdatePartnerStatus to support tracking integration status with data partners.
api-change:groundstation: [botocore] Support new S3 Recording Config allowing customers to write downlink data directly to S3.
api-change:kendra: [botocore] Amazon Kendra now enables users to override index-level boosting configurations for each query.
api-change:cloudformation: [botocore] Added support for creating and updating stack sets with self-managed permissions from templates that reference macros.
1.17.54
api-change:savingsplans: [botocore] Added support for Amazon SageMaker in Machine Learning Savings Plans
api-change:ce: [botocore] Adding support for Sagemaker savings plans in GetSavingsPlansPurchaseRecommendation API
1.17.53
api-change:sts: [botocore] STS now supports assume role with Web Identity using JWT token length upto 20000 characters
api-change:dms: [botocore] AWS DMS added support of TLS for Kafka endpoint. Added Describe endpoint setting API for DMS endpoints.
0.4.2
enhancement:s3: Add support for ExpectedBucketOwner.
0.4.1
enhancement:crt: Add set_exception to CRTTransferFuture to allow setting exceptions in subscribers.
0.4.0
feature:crt: Add optional AWS Common Runtime (CRT) support. The AWS CRT provides a C-based S3 transfer client that can improve transfer throughput.
1.20.72
api-change:ec2: High Memory virtual instances are powered by Intel Sky Lake CPUs and offer up to 12TB of memory.
1.20.71
api-change:ssm-incidents: AWS Systems Manager Incident Manager enables faster resolution of critical application availability and performance issues, management of contacts and post-incident analysis
api-change:ssm-contacts: AWS Systems Manager Incident Manager enables faster resolution of critical application availability and performance issues, management of contacts and post incident analysis
api-change:s3control: Documentation updates for Amazon S3-control
1.20.70
api-change:mediaconvert: AWS Elemental MediaConvert SDK has added support for Kantar SNAP File Audio Watermarking with a Kantar Watermarking account, and Display Definition Segment(DDS) segment data controls for DVB-Sub caption outputs.
api-change:ecs: This release contains updates for Amazon ECS.
api-change:codeartifact: Documentation updates for CodeArtifact
api-change:eks: This release updates create-nodegroup and update-nodegroup-config APIs for adding/updating taints on managed nodegroups.
api-change:iotwireless: Add three new optional fields to support filtering and configurable sub-band in WirelessGateway APIs. The filtering is for all the RF region supported. The sub-band configuration is only applicable to LoRa gateways of US915 or AU915 RF region.
api-change:ssm: This release adds new APIs to associate, disassociate and list related items in SSM OpsCenter; and this release adds DisplayName as a version-level attribute for SSM Documents and introduces two new document types: ProblemAnalysis, ProblemAnalysisTemplate.
api-change:kinesisanalyticsv2: Amazon Kinesis Analytics now supports ListApplicationVersions and DescribeApplicationVersion API for Apache Flink applications
api-change:config: Adds paginator to multiple APIs: By default, the paginator allows user to iterate over the results and allows the CLI to return up to 1000 results.
1.20.69
api-change:lakeformation: This release adds Tag Based Access Control to AWS Lake Formation service
api-change:lookoutmetrics: Enforcing UUID style for parameters that are already in UUID format today. Documentation specifying eventual consistency of lookoutmetrics resources.
api-change:connect: Adds tagging support for Connect APIs CreateIntegrationAssociation and CreateUseCase.
1.20.68
api-change:servicediscovery: Bugfix: Improved input validation for RegisterInstance action, InstanceId field
api-change:kafka: IAM Access Control for Amazon MSK enables you to create clusters that use IAM to authenticate clients and to allow or deny Apache Kafka actions for those clients.
api-change:ssm: SSM feature release - ChangeCalendar integration with StateManager.
api-change:snowball: AWS Snow Family adds APIs for ordering and managing Snow jobs with long term pricing
1.20.67
api-change:auditmanager: This release updates the CreateAssessmentFrameworkControlSet and UpdateAssessmentFrameworkControlSet API data types. For both of these data types, the control set name is now a required attribute.
api-change:nimble: Documentation Updates for Amazon Nimble Studio.
api-change:kinesisanalyticsv2: Amazon Kinesis Analytics now supports RollbackApplication for Apache Flink applications to revert the application to the previous running version
api-change:sagemaker: Amazon SageMaker Autopilot now provides the ability to automatically deploy the best model to an endpoint
1.20.66
api-change:finspace: Documentation updates for FinSpace API.
api-change:finspace-data: Documentation updates for FinSpaceData API.
1.20.65
api-change:devops-guru: Added GetCostEstimation and StartCostEstimation to get the monthly resource usage cost and added ability to view resource health by AWS service name and to search insights be AWS service name.
api-change:acm-pca: This release adds the KeyStorageSecurityStandard parameter to the CreateCertificateAuthority API to allow customers to mandate a security standard to which the CA key will be stored within.
api-change:health: Documentation updates for health
api-change:chime: This release adds the ability to search for and order international phone numbers for Amazon Chime SIP media applications.
api-change:sagemaker: Enable retrying Training and Tuning Jobs that fail with InternalServerError by setting RetryStrategy.
1.20.64
api-change:finspace-data: Update FinSpace Data serviceAbbreviation
1.20.63
api-change:finspace-data: This is the initial SDK release for the data APIs for Amazon FinSpace. Amazon FinSpace is a data management and analytics application for the financial services industry (FSI).
api-change:mturk: Update mturk client to latest version
api-change:chime: Added new BatchCreateChannelMembership API to support multiple membership creation for channels
api-change:finspace: This is the initial SDK release for the management APIs for Amazon FinSpace. Amazon FinSpace is a data management and analytics service for the financial services industry (FSI).
api-change:securityhub: Updated ASFF to add the following new resource details objects: AwsEc2NetworkAcl, AwsEc2Subnet, and AwsElasticBeanstalkEnvironment.
1.20.62
api-change:personalize: Update URL for dataset export job documentation.
api-change:marketplace-catalog: Allows user defined names for Changes in a ChangeSet. Users can use ChangeNames to reference properties in another Change within a ChangeSet. This feature allows users to make changes to an entity when the entity identifier is not yet available while constructing the StartChangeSet request.
api-change:forecast: Added new DeleteResourceTree operation that helps in deleting all the child resources of a given resource including the given resource.
api-change:robomaker: Adds ROS2 Foxy as a supported Robot Software Suite Version and Gazebo 11 as a supported Simulation Software Suite Version
api-change:cloudfront: CloudFront now supports CloudFront Functions, a native feature of CloudFront that enables you to write lightweight functions in JavaScript for high-scale, latency-sensitive CDN customizations.
api-change:customer-profiles: This release introduces GetMatches and MergeProfiles APIs to fetch and merge duplicate profiles
1.20.61
api-change:macie2: The Amazon Macie API now provides S3 bucket metadata that indicates whether a bucket policy requires server-side encryption of objects when objects are uploaded to the bucket.
api-change:organizations: Minor text updates for AWS Organizations API Reference
api-change:ecs: Add support for EphemeralStorage on TaskDefinition and TaskOverride
api-change:chime: Increase AppInstanceUserId length to 64 characters
1.20.60
api-change:connect: Updated max number of tags that can be attached from 200 to 50. MaxContacts is now an optional parameter for the UpdateQueueMaxContact API.
api-change:mediapackage-vod: MediaPackage now offers the option to place your Sequence Parameter Set (SPS), Picture Parameter Set (PPS), and Video Parameter Set (VPS) encoder metadata in every video segment instead of in the init fragment for DASH and CMAF endpoints.
api-change:nimble: Amazon Nimble Studio is a virtual studio service that empowers visual effects, animation, and interactive content teams to create content securely within a scalable, private cloud service.
api-change:iotsitewise: AWS IoT SiteWise interpolation API will get interpolated values for an asset property per specified time interval during a period of time.
api-change:cloudformation: Add CallAs parameter to GetTemplateSummary to enable use with StackSets delegated administrator integration
1.20.59
api-change:auditmanager: This release restricts using backslashes in control, assessment, and framework names. The controlSetName field of the UpdateAssessmentFrameworkControlSet API now allows strings without backslashes.
1.20.58
api-change:ec2: Adding support for Red Hat Enterprise Linux with HA for Reserved Instances.
api-change:iotwireless: Add a new optional field MessageType to support Sidewalk devices in SendDataToWirelessDevice API
api-change:kinesisanalyticsv2: Amazon Kinesis Data Analytics now supports custom application maintenance configuration using UpdateApplicationMaintenanceConfiguration API for Apache Flink applications. Customers will have visibility when their application is under maintenance status using 'MAINTENANCE' application status.
api-change:personalize: Added support for exporting data imported into an Amazon Personalize dataset to a specified data source (Amazon S3 bucket).
api-change:mediaconvert: Documentation updates for mediaconvert
api-change:codeguru-reviewer: Include KMS Key Details in Repository Association APIs to enable usage of customer managed KMS Keys.
api-change:glue: Adding Kafka Client Auth Related Parameters
api-change:eks: This release updates existing Amazon EKS input validation so customers will see an InvalidParameterException instead of a ParamValidationError when they enter 0 for minSize and/or desiredSize. It also adds LaunchTemplate information to update responses and a new "CUSTOM" value for AMIType.
1.20.57
api-change:mediapackage: Add support for Widevine DRM on CMAF origin endpoints. Both Widevine and FairPlay DRMs can now be used simultaneously, with CBCS encryption.
api-change:sns: Amazon SNS adds two new attributes, TemplateId and EntityId, for using sender IDs to send SMS messages to destinations in India.
1.20.56
api-change:forecast: This release adds EstimatedTimeRemaining minutes field to the DescribeDatasetImportJob, DescribePredictor, DescribeForecast API response which denotes the time remaining to complete the job IN_PROGRESS.
api-change:securityhub: Replaced the term "master" with "administrator". Added new actions to replace AcceptInvitation, GetMasterAccount, and DisassociateFromMasterAccount. In Member, replaced MasterId with AdministratorId.
api-change:cognito-idp: Documentation updates for cognito-idp
api-change:elasticache: This release introduces log delivery of Redis slow log from Amazon ElastiCache.
1.20.55
api-change🕵️ Added parameters to track the data volume in bytes for a member account. Deprecated the existing parameters that tracked the volume as a percentage of the allowed volume for a behavior graph. Changes reflected in MemberDetails object.
api-change:redshift: Add operations: AddPartner, DescribePartners, DeletePartner, and UpdatePartnerStatus to support tracking integration status with data partners.
api-change:groundstation: Support new S3 Recording Config allowing customers to write downlink data directly to S3.
api-change:kendra: Amazon Kendra now enables users to override index-level boosting configurations for each query.
api-change:cloudformation: Added support for creating and updating stack sets with self-managed permissions from templates that reference macros.
1.20.54
api-change:savingsplans: Added support for Amazon SageMaker in Machine Learning Savings Plans
api-change:ce: Adding support for Sagemaker savings plans in GetSavingsPlansPurchaseRecommendation API
1.20.53
api-change:sts: STS now supports assume role with Web Identity using JWT token length upto 20000 characters
api-change:dms: AWS DMS added support of TLS for Kafka endpoint. Added Describe endpoint setting API for DMS endpoints.
The package needs Python 3.5 or newer, and apparently this is the better way to
register it; no functional change otherwise intended.
As suggested by leot@; thanks!
pynng provides a nice interface on top of the full power of nng. nng, and
therefore pynng, make it easy to communicate between processes on a single
computer or computers across a network. This library is compatible with Python
3.5 or newer. nng is the rewriting of Nanomsg, which is the spiritual successor
to ZeroMQ.
2.0.8 (2021-04-09)
* Fix a bunch of minor types and add data to the compression header
* Add the LZNT1 compression algorithm
* Add specs for the LZNT1 algorithm
* Add a note and fix up a bit of the decompression code
The latter two were only useful to support the go-grpc and go-tools builds.
go-grpc has no useful binaries (the CLI is in net/grpc), it only consists
of libraries that are now unused. No replacements.
3.7.0 (2021-04-28)
Merged Pull Requests
* Update chefstyle requirement from 1.7.4 to 1.7.5 #678 (dependabot[bot])
* Switch to GNU timeout-based implementation of SSH timeouts #679
(clintoncwolfe)
* Read the username and port from /.ssh/config file and replace if present
#659 (sanga1794)
3.6.2 (2021-04-14)
Merged Pull Requests
* Update chefstyle requirement from 1.7.2 to 1.7.4 #673 (dependabot[bot])
* Fix SSH Timeout PTY allocation #676 (clintoncwolfe)
3.6.0 (2021-04-07)
Merged Pull Requests
* Support Docker for Windows #674 (clintoncwolfe)
3.5.5 (2021-03-24)
Merged Pull Requests
* Add timeout support to Mixlib::ShellOut based local runners #671
(clintoncwolfe)
2.2.5 (2021-04-15)
* Fix argument forwarding on Ruby 2.7 [#149]
2.2.4 (2021-04-12)
* Add reload to close all connections, recreating them afterwards [Andrew
Marshall, #140]
* Add then as a way to use a pool or a bare connection with the same code
path [#138]
0.10.1
[BUGFIX] Support lowercase prometheus_multiproc_dir environment variable in mark_process_dead.
0.10.0
[CHANGE] Python 2.6 is no longer supported.
[CHANGE] The prometheus_multiproc_dir environment variable is deprecated in favor of PROMETHEUS_MULTIPROC_DIR.
[FEATURE] Follow redirects when pushing to Pushgateway using passthrough_redirect_handler.
[FEATURE] Metrics support a clear() method to remove all children.
[ENHANCEMENT] Tag support in GraphiteBridge.
3.6.0
Added
Vendor pynamecheap project for namecheap provider
Annotate public API with types
Check mypy types during CI
Add the RFC2136 DynDNS provider (named ddns)
Use Lexicon specific exceptions in code: AuthenticationError for authentication problems
Modified
Implement the base provider as an ABC class
Improve plesk provider for wildcard domains or subdomains
Use poetry-core instead of poetry for the builds
Switch to GitHub-native Dependabot
Deleted
Remove dependency of plesk provider to xmltodict
Remove some Python 2 specific code
Remove deprecated type parameter in providers public methods
5.0.5
=====
- Ensure keys are strings when deleting results from S3
- Fix a regression breaking `celery --help` and `celery events`
5.0.4
=====
- DummyClient of cache+memory:// backend now shares state between threads
This fixes a problem when using our pytest integration with the in memory
result backend.
Because the state wasn't shared between threads, 6416 results in test suites
hanging on `result.get()`.
5.0.3
=====
- Make `--workdir` eager for early handling
- When using the MongoDB backend, don't cleanup if result_expires is 0 or None
- Fix passing queues into purge command
- Restore `app.start()` and `app.worker_main()`
- Detaching no longer creates an extra log file
- Result backend instances are now thread local to ensure thread safety
- Don't upgrade click to 8.x since click-repl doesn't support it yet.
- Restore preload options
5.0.2
=====
- Fix _autodiscover_tasks_from_fixups
- Flush worker prints, notably the banner
- **Breaking Change**: Remove `ha_policy` from queue definition.
This argument has no effect since RabbitMQ 3.0.
Therefore, We feel comfortable dropping it in a patch release.
- Python 3.9 support
- **Regression**: When using the prefork pool, pick the fair scheduling strategy by default
- Preserve callbacks when replacing a task with a chain
- Fix max_retries override on `self.retry()`
- Raise proper error when replacing with an empty chain
5.0.1
=====
- Specify UTF-8 as the encoding for log files
- Custom headers now propagate when using the protocol 1 hybrid messages
- Retry creating the database schema for the database results backend
in case of a race condition
- When using the Redis results backend, awaiting for a chord no longer hangs
when setting :setting:`result_expires` to 0
- When a user tries to specify the app as an option for the subcommand,
a custom error message is displayed
- Fix the `--without-gossip`, `--without-mingle`, and `--without-heartbeat`
options which now work as expected.
- Provide a clearer error message when the application cannot be loaded.
- Avoid printing deprecation warnings for settings when they are loaded from
Django settings
- Allow lowercase log levels for the `--loglevel` option
- Detaching now works as expected
- Restore broadcasting messages from `celery control`
- Pass back real result for single task chains
- Ensure group tasks a deeply serialized
- Fix chord element counting
- Restore the `celery shell` command
5.0.0
=====
- **Breaking Change** Remove AMQP result backend
- Warn when deprecated settings are used
- Expose retry_policy for Redis result backend
- Prepare Celery to support the yet to be released Python 3.9
5.0.0rc3
========
- More cleanups of leftover Python 2 support
5.0.0rc2
========
- Bump minimum required eventlet version to 0.26.1.
- Update Couchbase Result backend to use SDK V3.
- Restore monkeypatching when gevent or eventlet are used.
5.0.0rc1
========
- Allow to opt out of ordered group results when using the Redis result backend
- **Breaking Change** Remove the deprecated celery.utils.encoding module.
5.0.0b1
=======
- **Breaking Change** Drop support for the Riak result backend
- **Breaking Change** pytest plugin is no longer enabled by default
Install pytest-celery to enable it.
- **Breaking Change** Brand new CLI based on Click
5.0.0a2
=======
- Bump Kombu version to 5.0
5.0.0a1
=======
- Removed most of the compatibility code that supports Python 2
- Modernized code to work on Python 3.6 and above
5.0.2
Bump required amqp version to 5.0.0.
5.0.1
Removed kombu.five from the reference documentation since it no longer exists
Adjusted the stable documentation’s version in Sphinx’s configuration since that was overlooked in the latest release
5.0.0
BREAKING CHANGE: Dropped support for Python 2
Add an SQS transport option for custom botocore config
4.6.11
Revert incompatible changes in
Default_channel should reconnect automatically
4.6.10
Doc improvement.
set _connection in _ensure_connection
Fix for the issue
reuse connection [bug fix]
4.6.9
Prevent failure if AWS creds are not explicitly defined on predefined.
Raise RecoverableConnectionError in maybe_declare with retry on and.
Fix for the issue
possible fix for
Fix: make SQLAlchemy Channel init thread-safe
Added integration testing infrastructure for RabbitMQ
Initial redis integration tests implementation
SQLAlchemy transport: Use Query.with_for_update() instead of deprecated
Fix Consumer Encoding
Added Integration tests for direct, topic and fanout exchange types
Added TTL integration tests
Added integration tests for priority queues
fix 100% cpu usage on linux while using sqs
Modified Mutex to use redis LuaLock implementation
Fix: eliminate remaining race conditions from SQLAlchemy Channel
Fix connection imaybe_declare
Fix for issue
Ensure connection when connecting to broker
update pyamqp to 2.6 with optional cythonization
5.0.6
=====
- Change the order in which context.check_hostname and context.verify_mode get set
in SSLTransport._wrap_socket_sni. Fixes bug introduced in 5.0.3 where setting
context.verify_mode = ssl.CERT_NONE would raise
"ValueError: Cannot set verify_mode to CERT_NONE when check_hostname is enabled."
Setting context.check_hostname prior to setting context.verify_mode resolves the
issue.
- Remove TCP_USER_TIMEOUT option for Solaris
- Pass long_description to setup()
- Fix for tox-docker 2.0
- Moved to GitHub actions CI
5.0.5
=====
- Removed mistakenly introduced code which was causing import errors
5.0.4
=====
- Add missing load_default_certs() call to fix a regression in v5.0.3 release.
5.0.3
=====
- Change the default value of ssl_version to None. When not set, the
proper value between ssl.PROTOCOL_TLS_CLIENT and ssl.PROTOCOL_TLS_SERVER
will be selected based on the param server_side in order to create
a TLS Context object with better defaults that fit the desired
connection side.
- Change the default value of cert_reqs to None. The default value
of ctx.verify_mode is ssl.CERT_NONE, but when ssl.PROTOCOL_TLS_CLIENT
is used, ctx.verify_mode defaults to ssl.CERT_REQUIRED.
- Fix context.check_hostname logic. Checking the hostname depends on
having support of the SNI TLS extension and being provided with a
server_hostname value. Another important thing to mention is that
enabling hostname checking automatically sets verify_mode from
ssl.CERT_NONE to ssl.CERT_REQUIRED in the stdlib ssl and it cannot
be set back to ssl.CERT_NONE as long as hostname checking is enabled.
- Refactor the SNI tests to test one thing at a time and removing some
tests that were being repeated over and over.
5.0.2
=====
- Whhels are no longer universal.
- Added debug representation to Connection and *Transport classes
- Reintroduce ca_certs and ciphers parameters of SSLTransport._wrap_socket_sni()
- Fix infinite wait when using confirm_publish
5.0.1
=====
- Require vine 5.0.0.
5.0.0
=====
- Stop to use deprecated method ssl.wrap_socket.
5.0.0b1
=======
- Dropped Python 3.5 support.
- Removed additional compatibility code.
5.0.0a1
=======
- Dropped Python 2.x support.
- Dropped Python 3.4 support.
- Depend on :pypi:`vine` 5.0.0a1.
Code Cleanups & Improvements:
2.6.1
=====
- Fix buffer overflow in frame_writer after frame_max is increased. `frame_writer`
allocates a `bytearray` on intialization with a length based on the `connection.frame_max`
value. If `connection.frame_max` is changed to a larger value, this causes an
error like `pack_into requires a buffer of at least 408736 bytes`.
2.6.0
=====
- Implement speedups in cython
- Updated some tests & code improvements
- Separate logger for Connection.heartbeat_tick method
- Cython generic content
- Improve documentation a_global parameter of basic_qos() method.
- Fix saving partial read buffer on windows during socket timeout.
- Fix deserialization of long string field values that are not utf-8.
- Added simple cythonization of abstract_channel.py
- Speedups of serialization.py are more restrictive
RabbitMQ 3.8.16 release
The RabbitMQ team is pleased to announce the release of RabbitMQ 3.8.16.
This is a maintenance release that follows-up to 3.8.15 to reintroduce AWS peer discovery plugin that was unintentionally excluded. Release notes can be found in the change log.
This release requires Erlang/OTP 23.2 and is the first release to support Erlang 24.
Binary builds and packages of the new release can be found on GitHub, Cloudsmith, or Package Cloud. See RabbitMQ installation guides to learn more.
We encourage all users of earlier versions of RabbitMQ to upgrade to this latest release.
As always, we welcome any questions, bug reports, and other feedback on this release, as well as general suggestions for features and enhancements in future releases. Contact us via the rabbitmq-users Google group or RabbitMQ community Slack.
RabbitMQ 3.8.15 release
The RabbitMQ team is pleased to announce the release of RabbitMQ 3.8.15.
This is a maintenance release that includes two security patches. Release notes can be found in the change log.
This is the last release to support Erlang/OTP 22.
We encourage all users to consult release notes but skip this release and upgrade to 3.8.11 or later.
As always, we welcome any questions, bug reports, and other feedback on this release, as well as general suggestions for features and enhancements in future releases. Contact us via the rabbitmq-users Google group or RabbitMQ community Slack.
warp-tls: HTTP over TLS support for Warp via the TLS package
SSLv1 and SSLv2 are obsoleted by IETF. We should use TLS 1.2 (or TLS
1.1 or TLS 1.0 if necessary). HTTP/2 can be negotiated by ALPN.
This library provides simple read-only access to the local computer's
networking configuration. It is currently capable of getting a list of
all the network interfaces and their respective IPv4, IPv6 and MAC
addresses.
Changes between 2.1.2 and 2.2.0 (newer changes not preset in ChangeLog)
# 2020-07-20 Version 2.2.0
Important notes:
* CVE-2020-15103 - Integer overflow due to missing input sanitation in rdpegfx channel
Noteworty changes:
* fix: memory leak in nsc
* urbdrc
* some fixes and improvements
* build
* use cmake to detect getlogin_r
* improve asan checks/detection
* server/proxy
* new: support for heartbeats
* new: support for rail handshake ex flags
* fix: possible race condition with redirects
Fixed issues:
* #6263 Sound & mic - filter GSM codec for microphone redirection
* #6335: windows client title length
* #6370 - "Alternate Secondary Drawing Order UNKNOWN"
* #6298 - remoteapp with dialog is disconnecting when it loses focus
* #6299 - v2.1.2: Can't connect to Windows7
bug fixes
serial number support for more devices
better manufacturer reporting
parsing of a few partnumbers for better inventory
improved inventory for storage, memory and controllers
updated PCI & USB database
