## 1.4.1 / 2017-06-21
* Don't ask .empty? until it's a String. (#38)
* rename Liquid 4 `has_key?` to `key?` to add compatibility for liquid 4 (#41)
* Test against Ruby 2.1 to 2.4 (#45)
3.5.2 (2017/8/18)
* Backport #6281 for v3.5.x: Fix Drop#key? so it can handle a nil argument (#6288)
* Backport #6280 for v3.5.x: Guard against type error in absolute_url (#6287)
* Backport #6266 for v3.5.x: Memoize the return value of Document#url (#6301)
* Backport #6273 for v3.5.x: delegate StaticFile#to_json to StaticFile#to_liquid (#6302)
* Backport #6226 for v3.5.x: Reader#read_directories: guard against an entry not being a directory (#6304)
* Backport #6247 for v3.5.x: kramdown: symbolize keys in-place (#6303)
3.5.1 (2017/7/18)
Minor Enhancements
* Use Warn for deprecation messages (#6192)
* site template: Use plugins key instead of gems (#6045)
Bug Fixes
* Backward compatiblize URLFilters module (#6163)
* Static files contain front matter default keys when to_liquid'd (#6162)
* Always normalize the result of the relative_url filter (#6185)
Documentation
* Update reference to trouble with OS X/macOS (#6139)
* added BibSonomy plugin (#6143)
* add plugins for multiple page pagination (#6055)
* Update minimum Ruby version in installation.md (#6164)
* [docs] Add information about finding a collection in site.collections (#6165)
* Add {%raw%} to Liquid example on site (#6179)
* Added improved Pug plugin - removed 404 Jade plugin (#6174)
* Linking the link (#6210)
* Small correction in documentation for includes (#6193)
* Fix docs site page margin (#6214)
Development Fixes
* Add jekyll doctor to GitHub Issue Template (#6169)
* Test with Ruby 2.4.1-1 on AppVeyor (#6176)
* set minimum requirement for jekyll-feed (#6184)
1.6.0 (2017/09/01)
* Rack::PostBodyContentTypeParser: if the middleware is told a POST body is
JSON, but it doesn't parse as JSON, then... it's not really JSON, and the
request is now rejected with a 400 response. Thanks to Yukihiko SAWANOBORI
(@sawanoboly) for the fix.
1.5.0 (2017/07/19)
After an extended hiatus, rack-contrib maintenance is back on track. This
is a tidy-up release, merging things that have sat around for far too long.
* git-version-bump has now been moved to being a development dependency,
thanks to Tobias Haagen Michaelsen.
* Rack::AcceptLocale can be restricted to a set of enforced locales, thanks to
Paco Guzman.
* Rack::NotFound's path argument is now optional, thanks to Ed Morley.
* Rack::BounceFavicon now has a description and tests, thanks to Steven
Wilkin.
* The automated Travis CI suite now tests all supported Ruby versions up to
2.4, which necessitated a few small changes.
### 0.9.1
o Added ssl_version options `TLSv1_1`, `TLSv1_2`, `TLSv1_3` for explicitly
forcing the SSL version
* requires the appropriate versions of libCURL and OpenSSL installed to
support these new options
* reference: https://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
o Added a new `:http_version` option with `HTTPv1_1` and `HTTPv2_0` values to
explicitly set the HTTP version of HTTP/1.1 or HTTP/2.0
* requires the appropriate versions of libCURL and OpenSSL installed to
support these new options
* reference: https://curl.haxx.se/libcurl/c/CURLOPT_HTTP_VERSION.html
o Updates the gem release procedure for more convenience, using the updated
Rubygems.org tasks
o Update a few minor dependencies and documentation to be Ruby
2.4.1-compatible, add 2.4.1. to Travis CI matrix
o Add `Session#download_byte_limit` for limiting the permitted download size.
This can be very useful in dealing with untrusted download sources, which
might attempt to send very large responses that would overwhelm the
receiving client.
o Add `Patron.libcurl_version_exact` which returns a triplet of major, minor
and patch libCURL version numbers. This can be used for more fine-grained
matching when using some more esoteric Curl features which might not
necessarily be available on libCURL Patron has been linked against.
**Mustermann 1.0.1** (2017-08-26)
#### Docs
* Updating readme to list Ruby 2.2 as minimum
* Fix rendering of HTML table
* Update summary and description in gemspec file.
#### Fixes
* avoid infinite loop by removing comments when receiving extended regexp
* avoid unintended conflict of namespace
* use Regexp#source instead of Regexp#inspect
0.13.1 (2017/8/18)
* Fixes an incompatibility with Addressable::URI being used as uri_parser
0.13.0 (2017/8/15)
* Dynamically reloads the proxy when performing a request on an absolute
domain (#701)
* Prefer #hostname over #host. (#714)
* Adapter support for Net::HTTP::Persistent v3.0.0 (#619)
* Fixes an edge-case issue with response headers parsing (missing HTTP header)
(#719)
0.12.2 (2017/07/21)
* Parse headers from aggregated proxy requests/responses (#681)
* Guard against invalid middleware configuration with warning (#685)
* Do not use :insecure option by default in Patron (#691)
* Fixes an issue with HTTPClient not raising a Faraday::ConnectionFailed
(#702)
* Fixes YAML serialization/deserialization for Faraday::Utils::Headers (#690)
* Fixes an issue with Options having a nil value (#694)
* Fixes an issue with Faraday.default_connection not using
Faraday.default_connection_options (#698)
* Fixes an issue with Options.merge! and Faraday instrumentation middleware
(#710)
Upstream changes:
Here is the full list of fixed issues in 3.3.2.
Highlights
MDL-59492 - Gray out hidden courses in the new course overview block
MDL-57412 - Setting "Always link course sections" should apply consistently in Boost and Clean/More
MDL-58196 - "Require grade to pass" in quiz completion settings must be checked only with "Require grade", otherwise it does not work and causes confusions
MDL-57698 - Bug fix: Backup and restore cause deadlock with sqlsrv driver
Fixes and improvements
MDL-55912 - Assignment: when blind marking is enabled, students should receive teacher participant number in the email and not their own
MDL-54607 - Calendar export should not export events without duration as full-day events, i.e. assignment due dates have time component that was lost during export
MDL-59490 - Bug fix: LTI does not work when activity has a long name
MDL-55937 - Assignment: fixed error when viewing attachments of team submission
MDL-59511, MDL-59746, MDL-59539, MDL-59869 - Multiple fixes in OAuth 2 services (Google, OwnCloud, Nextcloud, etc)
MDL-35290 - My private files should continue working even if some files in filesystem are currently unreadable
MDL-57259 - Fixed bug that caused multiple debugging messages in error.log when teachers use assignment grading
MDL-56646 - Assignment: changing maximum grade of the module could result in negative grades in assignment which were pushed as "0" to the gradebook. This bug was fixed and will not happen in the future. However, according to Moodle policy, no existing grades were changed. Teachers will see the warning that there are erroneous grades and will be able to fix all of them with one click
MDL-54965 - Database module: fixed SQL error when you edit an entry after having added a new picture/file field
MDL-46495 - When uploading courses the setting "Completion tracking" should be set to the site default
MDL-59262 - Courses made via course request or "Upload course" tool should respect default course sections
MDL-59442 - Some third party modules had very big icons in the Default activity completion page
MDL-38129 - Grade export of user profile fields can now work with uppercase letters in the fields names
MDL-59317 - Performance improvements on the messages page
MDL-57246 - Trying to view a forum without the capability may lead you to a broken page.
MDL-59287 - Generate calendar event for "Expected completed on" for all modules.
MDL-55364 - Forum headers alignment on narrow screens
MDL-57649 - Lesson: Fixed bug deleting files unrelated to the pages being deleted
MDL-59195 - Assignments: when switching role to student teacher should be able to view group submissions
MDL-59068 - Lesson: Restore the behaviour of "No, I just want to go on to the next question"
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version
=== raindrops 0.19.0 - Rack 2.x middleware compatibility / 2017-08-09 23:52 UTC
This release fixes Rack 2.x compatibility for the few users of
Raindrops::Middleware
<https://bogomips.org/raindrops/Raindrops/Middleware.html>.
Thanks to Dmytro Shteflyuk for this release.
No need to upgrade unless you use Raindrops::Middleware with
Rack 2.x.
There's also a few minor, inconsequential cleanups.
Dmytro Shteflyuk (1):
Properly override respond_to? in Raindrops::Middleware::Proxy
Eric Wong (2):
Ruby thread compatibility updates
tcp_info: remove unnecessary extconf.h include
# Version 2.15.1
Release date: 2017-08-04
### Fixed
* `attach_file` with no extension/MIME type when using the `:rack_test` driver
[Thomas Walpole]
# Version 2.15.0
Release date: 2017-08-04
### Added
* `sibling` and `ancestor` finders added [Thomas Walpole]
* Added ability to pass options to registered servers when setting
* Added basic built-in driver registrations `:selenium_chrome` and
`:selenium_chrome_headless` [Thomas Walpole]
* Add `and_then` to Capybara RSpec matchers which behaves like the previous
`and` compounder. [Thomas Walpole]
* Compound RSpec expectations with Capybara matchers now run both matchers
inside a retry loop rather than waiting for one to pass/fail before
checking the second. Will make `#or` more performant and confirm both
conditions are true "simultaneously" for `and`. [Thomas Walpole] If you
still want the
* Default filter values are now included in error descriptions [Thomas Walpole]
* Add `Session#refresh` [Thomas Walpole]
* Loosened restrictions on where `Session#within_window` can be called from
[Thomas Walpole]
* Switched from `mime-types` dependency to `mini_mime` [Jason Frey]
Bug Fixes
* Tornado now sets the FD_CLOEXEC flag on all file descriptors it creates. This prevents hanging client connections and resource leaks when the tornado.autoreload module (or Application(debug=True)) is used.
CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page¶
In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn’t affect most production sites since you shouldn’t run with DEBUG = True (which makes this page accessible) in your production settings.
Bugfixes:
Fixed GEOS version parsing if the version has a commit hash at the end (new in GEOS 3.6.2).
Added compatibility for cx_Oracle 6.
Fixed select widget rendering when option values are tuples.
Django 1.11 inadvertently changed the sequence and trigger naming scheme on Oracle. This causes errors on INSERTs for some tables if 'use_returning_into': False is in the OPTIONS part of DATABASES. The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily requires an update to Oracle tables created with Django 1.11.[1-4]. Use the upgrade script in 28451 comment 8 to update sequence and trigger names to use the pre-1.11 naming scheme.
Added POST request support to LogoutView, for equivalence with the function-based logout() view.
Omitted pages_per_range from BrinIndex.deconstruct() if it’s None.
Fixed a regression where SelectDateWidget localized the years in the select box.
Fixed a regression in 1.11.4 where runserver crashed with non-Unicode system encodings on Python 2 + Windows.
Fixed a regression in Django 1.10 where changes to a ManyToManyField weren’t logged in the admin change history and prevented ManyToManyField initial data in model forms from being affected by subsequent model changes.
Fixed non-deterministic results or an AssertionError crash in some queries with multiple joins.
Fixed a regression in contrib.auth’s login() and logout() views where they ignored positional arguments
- Can't convert Cache Result to Cache MISS by
TSHttpTxnCacheLookupStatusSet
- Unit Tests for Issue #1605 AWS Signature Version 4
- Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
- ua_buffer_reader should be released in deallocate_redirect_postdata
- Be less aggressive in calling SSL_shutdown.
- Fixed debug build on Fedora 26 with gcc7
- Prevent HSTS headers from including the terminating null byte.
- Fix origin requests to default to HTTP 1.1
- Rework SSL handshake hooks and add tls_hooks tests.
- For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
- Push triggered DNSConnections into an atomic queue to prevent
DNSConnection lost.
- cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
- Remove the correct entry from priority queue and insert the new node
into the queue
- Backport PR 2336 to 7.1.x - Add missing checks for request url
- Backport PR 2338 to 7.1.x - Add null pointer check to server response
set status in Lua plugin
- Change from SHA1 to SHA512
- Fedora 26 and gcc7 support for ATS 7.1.1
- Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
- Added more fallthrough comments for Fedora 26 and gcc7 for ICP
- Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
- Out-of-bounds while get port from host field
- AWS auth v4: fixed query param value URI-encoding
- Ticket file reload shouldn't kill traffic_server process
- FD leaks when ep.start() failed or cancelled in acceptEvent or
con.connect() failed
- Cherry pick a set of Catch based commits to 7.1
- Coverity: CID 1380042:Resource leaks (RESOURCE_LEAK)
- fixing memory leak when ATS serves stale records
- S3_auth:uri(En|De)code() pass by ref,not val(master)
Here is release announce:
Contao version 4.4.4 is available. The bugfix release fixes several issues
including a problem with the back end referrer management. In addition, the
back end theme has been adjusted so the submit buttons are shown at the end of
the form again instead of at the end of the page.
0.10.7
This release introduces 3 new HTTP plugins: awses, jekyll, and forwardproxy,
and supports SIGUSR2 for graceful binary upgrades. Read the release blog post
for more information.
A huge thanks to our sponsors for making continued development possible, and
for keeping this release of Caddy free for everyone to use: Minio, Uptime
Robot, and Sourcegraph!
Change list:
- Built with Go 1.9
- New 3rd-party plugin HTTP directives: jekyll, awses, forwardproxy
- Different exit codes
- Plan 9 support
- Graceful binary upgrades with SIGUSR2
- internal: Support X-Accel-Redir without paths to protect
- templates: Can execute templates loaded by other middleware
- A few really good bug fixes
0.10.6
This is a hotfix for 0.10.5's fastcgi directive which invokes a runtime error
on 32-bit and ARM architectures, due to a known, documented bug in Go. We
don't run tests on 32-bit or ARM (yet) which would have been the only way to
catch this error in an automated fashion. Sorry about that. Enjoy this
release! It's the best one yet.
0.10.5
It's been kind of a crummy week for a lot of people, but here's some good
news: Caddy 0.10.5 is out! This release fixes subtle issues that were present
in proxying WebSockets or FastCGI connections. We've also improved MITM
detection for iOS clients. There is a new header-based load balancing policy.
On top of these changes, of note are these:
The requestid directive has been renamed to request_id to be more consistent
with other directives and subdirectives.
There is a new default timeout in town: the idle timeout now has a default
value of 5 minutes. Unlike the previous default timeouts, we don't expect this
will negatively impact anyone. There is generally no good use for idle
connections, and if you have a good use for them, you can disable this timeout
in your Caddyfile. (We've tested this timeout on several kinds of sites for
months and have had zero problems, only improvements in memory and FD usage.)
This release is compatible with three new 3rd-party plugins! The http.cache
plugin acts as a caching layer of middleware, which can drastically improve
performance of serving your site. http.nobots attempts to dissuade bots from
accessing your site. http.webdav was extracted from the filemanager plugin and
enables webdav serving.
As usual, a HUGE thanks to contributors who made this possible! Most of these
changes were implemented by contributors to the project, while the maintainers
have been busy working on improved proxy middleware and other things (that
hopefully we can reveal soon). Our community is fantastic, and we and all
Caddy users appreciate you. Thank you!
Full change log:
- Renamed requestid directive to request_id
- Set default idle timeout of 5 minutes
- New 3rd-party plugin directives: cache, nobots, webdav
- New Unix timestamp placeholder {when_unix}
- Improved MITM detection on iOS clients
- errors, log: Fix log rolling parsing
- gzip: Convert any ETag header to weak etag
- fastcgi: Reverted persistent connections (issue #1736)
- proxy: Added header loaded balancing policy
- proxy: Fix hang on chunked WebSockets (e.g. with HomeAssistant)
- Several other bug fixes and minor internal improvements
- Fixed 185: Fix strict cookie policy
- Fixed 146: Improve fields value checking when enctype is multipart
- Fixed 119: Assertion error should be raised when you have non-string
response header
- Bugfix: Allow to set an int value to form fields when enctype is multipart
- Added py36 to tox.ini / .travis.yaml
v1.6.3
Version 1.6.3
Bugfix release
- Add notification of maintenance mode to README. (#410)
- Fix generation of methods with abnormal page token conventions. (#338)
- Raise ValueError is credentials and developerKey are both specified. (#358)
- Re-generate documentation. (#364, #373, #401)
- Fix method signature documentation for multiline required parameters. (#374)
- Fix ZeroDivisionError in MediaDownloadProgress.progress. (#377)
- Fix dead link to WebTest in README. (#378)
- Fix details missing in googleapiclient.errors.HttpError. (#412)
- Don't treat httplib2.Credentials as oauth credentials. (#425)
- Various fixes to the Django sample. (#413)
Changelog:
Tomcat 8.0.46 (violetagg)
Catalina
Fix: Additional permission for deleting files is granted to JULI as it is required by FileHandler when running under a Security Manager. The thread that cleans the log files is marked as daemon thread. (violetagg)
Fix: 61229: Correct a regression in 8.0.44 that broke WebDAV handling for resources with names that included a & character. (markt)
Fix: 61232: When log rotation is disabled only one separator will be used when generating the log file name. For example if the prefix is catalina. and the suffix is .log then the log file name will be catalina.log instead of catalina..log. Patch provided by Katya Stoycheva. (violetagg)
Fix: Performance improvements for service loader look-ups (and look-ups of other class loader resources) when the web application is deployed in a packed WAR file. (markt)
Fix: 61253: Add warn message when Digester.updateAttributes throws an exception instead of ignoring it. (csutherl)
Fix: 61313: Make the read timeout configurable in the JNDIRealm and ensure that a read timeout will result in an attempt to fail over to the alternateURL. Based on patches by Peter Maloney and Felix Schumacher. (markt)
Add: 61366: Add a new attribute, localDataSource, to the JDBCStore that allows the Store to be configured to use a DataSource defined by the web application rather than the default of using a globally defined DataSource. Patch provided by Jonathan Horowitz. (markt)
Coyote
Fix: 61086: Ensure to explicitly signal an empty request body for HTTP 205 responses. Additional fix to r1795278. Based on a patch provided by Alexandr Saperov. (violetagg)
Fix: 61322: Correct two regressions caused by the fix for 60319 when using BIO with an external Executor. Firstly, use the maxThreads setting from the Executor as the default for maxConnections if none is specified. Secondly, use maxThreads from the Executor when calculating the point at which to disable keep-alive. (markt)
Fix: Prevent exceptions being thrown during normal shutdown of NIO connections. This enables TLS connections to close cleanly. (markt)
Jasper
Add: 53031: Add support for the fork option when compiling JSPs with the Jasper Ant task and javac. (markt)
WebSocket
Add: 57767: Add support to the WebSocket client for following redirects when attempting to establish a WebSocket connection. Patch provided by J Fernandez. (markt)
Web applications
Fix: Remove references to the Loader attribute searchExternalFirst from the documentation since the attribute is no longer supported. (markt)
Fix: Correct the documentation for how StandardRoot is configured. (markt)
Other
Add: 52791: Add the ability to set the defaults used by the Windows installer from a configuration file. Patch provided by Sandra Madden. (markt)
