## 1.4.1 / 2017-06-21
* Don't ask .empty? until it's a String. (#38)
* rename Liquid 4 `has_key?` to `key?` to add compatibility for liquid 4 (#41)
* Test against Ruby 2.1 to 2.4 (#45)
3.5.2 (2017/8/18)
* Backport #6281 for v3.5.x: Fix Drop#key? so it can handle a nil argument (#6288)
* Backport #6280 for v3.5.x: Guard against type error in absolute_url (#6287)
* Backport #6266 for v3.5.x: Memoize the return value of Document#url (#6301)
* Backport #6273 for v3.5.x: delegate StaticFile#to_json to StaticFile#to_liquid (#6302)
* Backport #6226 for v3.5.x: Reader#read_directories: guard against an entry not being a directory (#6304)
* Backport #6247 for v3.5.x: kramdown: symbolize keys in-place (#6303)
3.5.1 (2017/7/18)
Minor Enhancements
* Use Warn for deprecation messages (#6192)
* site template: Use plugins key instead of gems (#6045)
Bug Fixes
* Backward compatiblize URLFilters module (#6163)
* Static files contain front matter default keys when to_liquid'd (#6162)
* Always normalize the result of the relative_url filter (#6185)
Documentation
* Update reference to trouble with OS X/macOS (#6139)
* added BibSonomy plugin (#6143)
* add plugins for multiple page pagination (#6055)
* Update minimum Ruby version in installation.md (#6164)
* [docs] Add information about finding a collection in site.collections (#6165)
* Add {%raw%} to Liquid example on site (#6179)
* Added improved Pug plugin - removed 404 Jade plugin (#6174)
* Linking the link (#6210)
* Small correction in documentation for includes (#6193)
* Fix docs site page margin (#6214)
Development Fixes
* Add jekyll doctor to GitHub Issue Template (#6169)
* Test with Ruby 2.4.1-1 on AppVeyor (#6176)
* set minimum requirement for jekyll-feed (#6184)
2.71.2 (2017/9/7)
* fix freebsd service check
* correct spelling mistake
2.71.1 (2017/8/31)
* Allow to test main package version on Alpine Linux
* get_version returns malformed value if the package name contains a hyphen
2.71.0 (2017/8/26)
* Allow to switch backends
2.70.2 (2017/8/26)
* Updated suse.rb to detect OS info on SUSE 11 machine
2.70.1 (2017/8/2)
* Fix freebsd commands
2.70.0 (2017/7/25)
* Add jexec backend to support FreeBSD jail.
* Facter/Ohai support for host_inventory
2.69.0 (2017/7/14)
* Support Debian 9
1.6.0 (2017/09/01)
* Rack::PostBodyContentTypeParser: if the middleware is told a POST body is
JSON, but it doesn't parse as JSON, then... it's not really JSON, and the
request is now rejected with a 400 response. Thanks to Yukihiko SAWANOBORI
(@sawanoboly) for the fix.
1.5.0 (2017/07/19)
After an extended hiatus, rack-contrib maintenance is back on track. This
is a tidy-up release, merging things that have sat around for far too long.
* git-version-bump has now been moved to being a development dependency,
thanks to Tobias Haagen Michaelsen.
* Rack::AcceptLocale can be restricted to a set of enforced locales, thanks to
Paco Guzman.
* Rack::NotFound's path argument is now optional, thanks to Ed Morley.
* Rack::BounceFavicon now has a description and tests, thanks to Steven
Wilkin.
* The automated Travis CI suite now tests all supported Ruby versions up to
2.4, which necessitated a few small changes.
### 0.9.1
o Added ssl_version options `TLSv1_1`, `TLSv1_2`, `TLSv1_3` for explicitly
forcing the SSL version
* requires the appropriate versions of libCURL and OpenSSL installed to
support these new options
* reference: https://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
o Added a new `:http_version` option with `HTTPv1_1` and `HTTPv2_0` values to
explicitly set the HTTP version of HTTP/1.1 or HTTP/2.0
* requires the appropriate versions of libCURL and OpenSSL installed to
support these new options
* reference: https://curl.haxx.se/libcurl/c/CURLOPT_HTTP_VERSION.html
o Updates the gem release procedure for more convenience, using the updated
Rubygems.org tasks
o Update a few minor dependencies and documentation to be Ruby
2.4.1-compatible, add 2.4.1. to Travis CI matrix
o Add `Session#download_byte_limit` for limiting the permitted download size.
This can be very useful in dealing with untrusted download sources, which
might attempt to send very large responses that would overwhelm the
receiving client.
o Add `Patron.libcurl_version_exact` which returns a triplet of major, minor
and patch libCURL version numbers. This can be used for more fine-grained
matching when using some more esoteric Curl features which might not
necessarily be available on libCURL Patron has been linked against.
**Mustermann 1.0.1** (2017-08-26)
#### Docs
* Updating readme to list Ruby 2.2 as minimum
* Fix rendering of HTML table
* Update summary and description in gemspec file.
#### Fixes
* avoid infinite loop by removing comments when receiving extended regexp
* avoid unintended conflict of namespace
* use Regexp#source instead of Regexp#inspect
0.13.1 (2017/8/18)
* Fixes an incompatibility with Addressable::URI being used as uri_parser
0.13.0 (2017/8/15)
* Dynamically reloads the proxy when performing a request on an absolute
domain (#701)
* Prefer #hostname over #host. (#714)
* Adapter support for Net::HTTP::Persistent v3.0.0 (#619)
* Fixes an edge-case issue with response headers parsing (missing HTTP header)
(#719)
0.12.2 (2017/07/21)
* Parse headers from aggregated proxy requests/responses (#681)
* Guard against invalid middleware configuration with warning (#685)
* Do not use :insecure option by default in Patron (#691)
* Fixes an issue with HTTPClient not raising a Faraday::ConnectionFailed
(#702)
* Fixes YAML serialization/deserialization for Faraday::Utils::Headers (#690)
* Fixes an issue with Options having a nil value (#694)
* Fixes an issue with Faraday.default_connection not using
Faraday.default_connection_options (#698)
* Fixes an issue with Options.merge! and Faraday instrumentation middleware
(#710)
RELEASE 1.2.6
-------------
- Don't ignore (global) userlogins/sendmail logging in per_user_logging mode
- Managesieve: Fix AM/PM suffix in vacation time selectors
- Fix bug where comment notation within style tag would cause the whole style
to be ignored (#5747)
- Fix bug where it wasn't possible to scroll folders list in Edge (#5750)
- Fix addressbook searching by gender (#5757)
- Fix SQL syntax error on MariaDB 10.2 (#5774)
- Fix bug where it wasn't possible to set timezone to auto-detected value
(#5782)
- Fix uninitialized string offset in rcube_utils::bin2ascii() and make sure
rcube_utils::random_bytes() result has always requested length (#5788)
- Fix potential XSS vulnerability with malformed HTML message markup
Upstream changes:
Here is the full list of fixed issues in 3.3.2.
Highlights
MDL-59492 - Gray out hidden courses in the new course overview block
MDL-57412 - Setting "Always link course sections" should apply consistently in Boost and Clean/More
MDL-58196 - "Require grade to pass" in quiz completion settings must be checked only with "Require grade", otherwise it does not work and causes confusions
MDL-57698 - Bug fix: Backup and restore cause deadlock with sqlsrv driver
Fixes and improvements
MDL-55912 - Assignment: when blind marking is enabled, students should receive teacher participant number in the email and not their own
MDL-54607 - Calendar export should not export events without duration as full-day events, i.e. assignment due dates have time component that was lost during export
MDL-59490 - Bug fix: LTI does not work when activity has a long name
MDL-55937 - Assignment: fixed error when viewing attachments of team submission
MDL-59511, MDL-59746, MDL-59539, MDL-59869 - Multiple fixes in OAuth 2 services (Google, OwnCloud, Nextcloud, etc)
MDL-35290 - My private files should continue working even if some files in filesystem are currently unreadable
MDL-57259 - Fixed bug that caused multiple debugging messages in error.log when teachers use assignment grading
MDL-56646 - Assignment: changing maximum grade of the module could result in negative grades in assignment which were pushed as "0" to the gradebook. This bug was fixed and will not happen in the future. However, according to Moodle policy, no existing grades were changed. Teachers will see the warning that there are erroneous grades and will be able to fix all of them with one click
MDL-54965 - Database module: fixed SQL error when you edit an entry after having added a new picture/file field
MDL-46495 - When uploading courses the setting "Completion tracking" should be set to the site default
MDL-59262 - Courses made via course request or "Upload course" tool should respect default course sections
MDL-59442 - Some third party modules had very big icons in the Default activity completion page
MDL-38129 - Grade export of user profile fields can now work with uppercase letters in the fields names
MDL-59317 - Performance improvements on the messages page
MDL-57246 - Trying to view a forum without the capability may lead you to a broken page.
MDL-59287 - Generate calendar event for "Expected completed on" for all modules.
MDL-55364 - Forum headers alignment on narrow screens
MDL-57649 - Lesson: Fixed bug deleting files unrelated to the pages being deleted
MDL-59195 - Assignments: when switching role to student teacher should be able to view group submissions
MDL-59068 - Lesson: Restore the behaviour of "No, I just want to go on to the next question"
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version
FEATURES:
- LAN Network Segments: (Consul Enterprise) Added a new Network Segments
capability which allows users to configure Consul to support segmented
LAN topologies with multiple, distinct gossip pools.
- WAN Join for Cloud Providers: Added WAN support for retry join for
cloud providers via go-discover, including Amazon AWS, Microsoft
Azure, Google Cloud, and SoftLayer. This uses the same "provider" syntax
supported for `-retry-join` via the `-retry-join-wan` configuration.
- RPC Rate Limiter: Consul agents in client mode have a new `limits`
configuration that enables a rate limit on RPC calls the agent makes
to Consul servers.
IMPROVEMENTS:
- agent: Switched to using a read lock for the agent's RPC dispatcher,
which prevents RPC calls from getting serialized.
- agent: When joining a cluster, Consul now skips the unique node ID
constraint for Consul members running Consul older than 0.8.5. This
makes it easier to upgrade to newer versions of Consul in an existing
cluster with non-unique node IDs.
- build: Upgraded Go version to 1.9.
- server: Consul servers can re-establish quorum after all of them
change their IP addresses upon a restart.
BUG FIXES:
- agent: Fixed an issue with consul watches not triggering when ACLs are
enabled.
- agent: Updated memberlist library for a deadlock fix.
- agent: Fixed a panic when retrieving NS or SOA records on Consul
clients (non-servers). This also changed the Consul server list to
come from the catalog and not the agent's local state when serving these
requests, so the results are consistent across a cluster.
- cli: Updated the CLI library to pull in a fix that prevents all
subcommands from being shown when showing the agent's usage list; now
just top-level commands are shown.
- server: Fixed an issue with Consul snapshots not saving on Windows
because of errors with the `fsync` syscall.
GNU Emacs is an extensible, customizable, free/libre text editor and software
environment. When Emacs renders MIME text/enriched data (Internet RFC 1896), it
is vulnerable to arbitrary code execution. Since Emacs-based mail clients decode
"Content-Type: text/enriched", this code is exploitable remotely. This bug
affects GNU Emacs versions 19.29 through 25.2.
Although we know no efforts to exploit this in the wild, exploitation is easy.
http://www.openwall.com/lists/oss-security/2017/09/11/1
Implement remaining property:
- If timeout is not started yet or started unconstrained: remaining is None
- If timeout is expired: remaining is 0.0
- All others: roughly amount of time before TimeoutError is triggered
