3.1.9 (stable)
- Fix regression introduced in 3.1.8 (#22687)
3.1.8 (stable)
- Windows read-write locks support on Windows XP or later and Windows
Win7 or later (use php_apc-xp.dll or php_apc-win7.dll)
- Fix variable type check in user cache update
- Make warnings that user cannot do anything about debug messages
- Fixed bug #21400 (Minor memory leak in MINFO)
- Fixed bug #18890: Ensure that --enable-apc-debug=no disables debug mode.
- Fixed bug #19459: check for expiry while looping through the iterator slots
3.1.7 (beta)
- pthread read-write locks support
- apc.serializer hooks, export apc_serializer.h as an API
- Fix regression bug #20529: Look up files in CWD
- Pool allocator fixes for large allocations
- trunk compat fixes (Kalle)
- ZTS fixes (Pierre, Hirokawa)
- Readability and warning fixes (Pierre, Kalle)
Zope 2.11.8 (2011/02/04)
Bugs fixed
- Prevent publication of acquired attributes, where the acquired
object does not have a docstring.
https://bugs.launchpad.net/zope2/+bug/713253/
Zope 2.11.7 (2010/09/01)
Bugs Fixed
- Prevent uncaught exceptions from killing ZServer worker threads.
https://bugs.launchpad.net/zope2/+bug/627988
- Ensure that mailhosts which share a queue directory do not double-
deliver mails, by sharing the thread which processes emails for
that directory. https://bugs.launchpad.net/zope2/+bug/574286
- Process "evil" JSON cookies which contain double quotes in violation
of RFC 2965 / 2616. https://bugs.launchpad.net/zope2/+bug/563229
- Ensure that Acquistion wrapper classes always have a ``__getnewargs__``
method, even if it is not provided by the underlying ExtensionClass.
- Fix the ``tp_name`` of the ImplicitAcquisitionWrapper and
ExplicitAcquisitionWrapper to match their Python visible names and thus
have a correct ``__name__``.
- Expand the ``tp_name`` of Acquisition's extension types to hold the
fully qualified name. This ensures classes have their ``__module__``
set correctly.
- Updated 'pytz' external to point to '2010b' version.
- Protect ZCTextIndex's clear method against storing Acquisition wrappers.
- LP #195761: fixed ZMI XML export / import.
- MailHost should fall back to HELO when EHLO fails.
Zope 2.11.6 (2010/01/12)
Bugs Fixed
- LP #491224: proper escaping of rendered error message
- Also look for ZEXP imports within the clienthome directory. This
provides a place to put imports that won't be clobbered by buildout
in a buildout-based Zope instance.
- LP #143444: add labels to checkboxes / radio buttons on import
/ export form.
- Fixed improper handling of IF_MODIFIED_SINCE header
inside Five/browser/resource.py
Zope 2.11.5 (2009/12/22)
Bugs Fixed
- LP #490514: preserve tainting when calling into DTML from ZPT.
- LP #360761 (backported from Acquisition trunk): fix iteration proxy
to pass `self` acquisition-wrapped into `__iter__` and `__getitem__`.
- LP #414757 (backported from Zope trunk): don't emit a IEndRequestEvent
when clearing a cloned request.
- updated to ZODB 3.8.4
Zope 2.11.4 (2009/08/06)
Restructuring
- Moved exception MountedStorageError from ZODB.POSExceptions
to Products.TemporaryFolder.mount (now its only client).
- LP #253362: Moved Zope2-specific module, ZODB/Mount.py, to
Products/TemporaryFolder/mount.py (its only client is
Products/TemporaryFolder/TemporaryFolder.py).
- Removed spurious import-time dependencies from
Products/ZODBMountPoint/MountedObject.py.
Bugs Fixed
- Fixed vulnerabilities in the ZEO network protocol
affecting ZEO storage servers.
Zope 2.11.3 (2009/05/04)
Features added
- SiteErrorLog now includes the entry id in the information copied to
the event log. This allowes you to correlate a user error report with
the event log after a restart, or let's you find the REQUEST
information in the SiteErrorLog when looking at a traceback in the
event log.
Restructuring
- Updated to match all new versions from the yet-unreleased Zope 3.4.1
release (`http://svn.zope.org/zope.release/branches/3.4/
releases/controlled-packages.cfg?rev=99659`).
- Updated to include all new versions from the final Zope 3.4.0 release
(http://download.zope.org/zope3.4/3.4.0/).
- Added 'InitializeClass' alias in 'App.class_init' to ease migration.
In Zope 2.12 it will be recommended to import 'InitializeClass' from
'App.class_init' instead of 'Globals'.
- Moved 'ApplicationDefaultPermissions' from 'App.class_init' to
'AccessControl.Permissions', in order to break an import cycle
in third-party code which avoids imports from 'Globals.' Left
the class importable from its old location without deprecation.
- configure script: setting ZOPE_VERS to '2.11'
- Products.PluginIndexes.PathIndex: backported doc fixes /
optimizations from trunk (and ExtendedPathIndex).
- Updated 'pytz' from '2007f' to '2008i'.
- Moved svn:externals for 'mechanize', 'ClientPath', and 'pytz' to
versions managed outside the Zope3 trunk.
- Testing.ZopeTestCase: Remove quota argument from DemoStorage calls in
preparation for ZODB 3.9.
Bugs Fixed
- Launchpad #373299: Removed bogus string exception in OFS.CopySupport.
- ZPublisher response.setBody: don't append Accept-Encoding to Vary
header if it is already present - this can make cache configuration
difficult. (merged 99493)
- Launchpad #267834: proper separation of HTTP header fields
using CRLF as requested by RFC 2616. (merged 90980, 92625)
- Launchpad #348223: optimize catalog query by breaking out early from
loop over indexes if the result set is already empty.
- "Permission tab": correct wrong form parameter for
the user-permission report
- Launchpad #290254, DateTime/DateTime.py:
added '__setstate__' to cope with old pickles missing a '_micros'
attribute; Python's pickling support was creating a new instance,
*with* a '_micros' attribute, but not clearing that attribute before
updating the instance dict with the unpickled state.
- Launchpad #332168, Shared/DC/RDBMS/Connection.py:
do not expose DB connection strings through exceptions
- Launchpad #324876: tighened regex for detecting the charset
from a meta-equiv header
- Launchpad #174705: ensure that the error info object exposed to a
'tal:on_error' handler has attributes visible to restricted code.
- Acquisition wrappers now correctly proxy __iter__.
Zope 2.10.13 (2011/02/04)
Bugs fixed
- Prevent publication of acquired attributes, where the acquired
object does not have a docstring.
https://bugs.launchpad.net/zope2/+bug/713253/
Zope 2.10.12 (2010/09/01)
Bugs fixed
- Prevent uncaught exceptions from killing ZServer worker threads.
https://bugs.launchpad.net/zope2/+bug/627988
- Updated 'pytz' external to point to '2010b' version (not via Zope3).
- Protect ZCTextIndex's clear method against storing Acquisition wrappers.
- LP #195761: fixed ZMI XML export / import and restored it to the UI.
Zope 2.10.11 (2010/01/12)
Bugs fixed
- LP #491224: proper escaping of rendered error message
- Also look for ZEXP imports within the clienthome directory. This
provides a place to put imports that won't be clobbered by buildout
in a buildout-based Zope instance.
- LP #143444: add labels to checkboxes / radio buttons on
import / export form.
- fixed improper usage of the IF_MODIFIED_SINCE header inside
Five/browser/resource.py (updated to Five 1.5.9)
Zope 2.10.10 (2009/12/22)
Features added
- Testing/custom_zodb.py: added support use a different storage other
than DemoStorage. A dedicated FileStorage can be mount by setting the
$TEST_FILESTORAGE environment variable to a custom Data.fs file. A
ZEO server can be configured using the $TEST_ZEO_HOST and
$TEST_ZEO_PORT environment variables. This new functionality allows us
to use the standard Zope testrunner for writing and running tests
against existing Zope installations.
Bugs fixed
- LP #490514: preserve tainting when calling into DTML from ZPT.
- LP #360761 (backported from Acquisition trunk): fix iteration proxy
to pass `self` acquisition-wrapped into `__iter__` and `__getitem__`.
- LP #414757 (backported from Zope trunk): don't emit a IEndRequestEvent
when clearing a cloned request.
Zope 2.10.9 (2009/08/06)
Restructuring
- Moved exception MountedStorageError from ZODB.POSExceptions
to Products.TemporaryFolder.mount (now its only client).
- LP #253362: Moved Zope2-specific module, ZODB/Mount.py, to
Products/TemporaryFolder/mount.py (its only client is
Products/TemporaryFolder/TemporaryFolder.py).
- Removed spurious import-time dependencies from
Products/ZODBMountPoint/MountedObject.py.
Bugs fixed
- Fixed vulnerabilities in the ZEO network protocol
affecting ZEO storage servers.
Zope 2.10.8 (2009/05/04)
Features added
- SiteErrorLog now includes the entry id in the information copied to
the event log. This allowes you to correlate a user error report with
the event log after a restart, or let's you find the REQUEST
information in the SiteErrorLog when looking at a traceback in the
event log.
Restructuring
- Added 'InitializeClass' alias in 'App.class_init' to ease migration.
In Zope 2.12 it will be recommended to import 'InitializeClass' from
'App.class_init' instead of 'Globals'.
- Moved 'ApplicationDefaultPermissions' from 'App.class_init' to
'AccessControl.Permissions', in order to break an import cycle
in third-party code which avoids imports from 'Globals.' Left
the class importable from its old location without deprecation.
Bugs fixed
- Launchpad #373299: Removed bogus string exception in OFS.CopySupport.
- ZPublisher response.setBody: don't append Accept-Encoding to Vary
header if it is already present - this can make cache configuration
difficult. (merged 99493)
- Launchpad #267834: proper separation of HTTP header fields
using CRLF as requested by RFC 2616. (merged 90980, 92625)
- Launchpad #348223: optimize catalog query by breaking out early from
loop over indexes if the result set is already empty.
- Launchpad ##332168: Connection.py: do not expose DB connection strings
through exceptions
- LP/#143873: Fixed problems when no HTTP_ACCEPT_CHARSET is in the
request. This required an update of zope.publisher to 3.3.3.
- LP/#324876: tighened regex for detecting the charset
from a meta-equiv header
- Acquisition wrappers now correctly proxy __iter__.
- Products.PluginIndexes.PathIndex: backported doc fixes /
optimizations from trunk (and ExtendedPathIndex).
- Launchpad #174705: ensure that the error info object exposed to a
'tal:on_error' handler has attributes visible to restricted code.
- Log an error for failures to read a chunk-size, and return 408 instead
413 when this is due to a read timeout. This change also fixes some cases
of two error documents being sent in the response for the same scenario.
[Eric Covener] Bug 49167
- core: Only log a 408 if it is no keepalive timeout. Bug 39785
[Ruediger Pluem, Mark Montague <markmont umich.edu>]
- core: Treat timeout reading request as 408 error, not 400.
Log 408 errors in access log as was done in Apache 1.3.x.
Bug 39785 [Nobutaka Mantani <nobutaka nobutaka.org>, Stefan Fritsch,
Dan Poirier]
- Core HTTP: disable keepalive when the Client has sent
Expect: 100-continue
but we respond directly with a non-100 response. Keepalive here led
to data from clients continuing being treated as a new request.
Bug 47087. [Nick Kew]
- htpasswd: Change the default algorithm for htpasswd to MD5 on all
platforms. Crypt with its 8 character limit is not useful anymore;
improve out of disk space handling (Bug 30877); print a warning if
a password is truncated by crypt. [Stefan Fritsch]
- mod_win32: Added shebang check for '! so that .vbs scripts work as CGI.
Win32's cscript interpreter can only use a single quote as comment char.
[Guenter Knauf]
- configure: Fix htpasswd/htdbm libcrypt link errors with some newer
linkers. [Stefan Fritsch]
- MinGW build improvements. Bug 49535. [John Vandenberg
<jayvdb gmail.com>, Jeff Trawick]
- mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
[Stefan Fritsch]
- core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
in request URL path info but not decode them. Bug 35256,
Bug 46830. [Dan Poirier]
- mod_rewrite: Allow to unset environment variables. Bug 50746.
[Rainer Jung]
- suEXEC: Add Suexec directive to disable suEXEC without renaming the
binary (Suexec Off), or force startup failure if suEXEC is required
but not supported (Suexec On). [Jeff Trawick]
- mod_proxy: Put the worker in error state if the SSL handshake with the
backend fails. Bug 50332.
[Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
- prefork: Update MPM state in children during a graceful restart.
Allow the HTTP connection handling loop to terminate early
during a graceful restart. Bug 41743.
[Andrew Punch <andrew.punch 247realmedia.com>]
- mod_ssl: Correctly read full lines in input filter when the line is
incomplete during first read. Bug 50481. [Ruediger Pluem]
- mod_autoindex: Merge IndexOptions from server to directory context when
the directory has no mod_autoindex directives. Bug 47766. [Eric Covener]
- mod_cache: Make sure that we never allow a 304 Not Modified response
that we asked for to leak to the client should the 304 response be
uncacheable. Bug 45341 [Graham Leggett]
- mod_dav: Send 400 error if malformed Content-Range header is received for
a put request (RFC 2616 14.16). Bug 49825. [Stefan Fritsch]
- mod_userdir: Add merging of enable, disable, and filename arguments
to UserDir directive, leaving enable/disable of userlists unmerged.
Bug 44076 [Eric Covener]
- core: Honor 'AcceptPathInfo OFF' during internal redirects,
such as per-directory mod_rewrite substitutions. Bug 50349.
[Eric Covener]
- mod_cache: Check the request to determine whether we are allowed
to return cached content at all, and respect a "Cache-Control:
no-cache" header from a client. Previously, "no-cache" would
behave like "max-age=0". [Graham Leggett]
- mod_mem_cache: Add a debug msg when a streaming response exceeds
MCacheMaxStreamingBuffer, since mod_cache will follow up with a scary
'memory allocation failed' debug message. Bug 49604. [Eric Covener]
- proxy_connect: Don't give up in the middle of a CONNECT tunnel
when the child process is starting to exit. Bug 50220. [Eric Covener]
anti-virus toolkit. Using it will help you securing your home or enterprise
network web traffic. SquidClamav is the most efficient Squid Redirector and
ICAP service antivirus tool for HTTP traffic available for free, it is written
in C and can handle thousand of connections. The way to add more securing on
your network for free is here.
SquidClamav is build for speed and security in mind, it is first used and
tested to secure a network with 2,500 and more users. It is also known to
working fast with 15000+ users.
that support the ICAP protocol to implement content adaptation and filtering
services.
Most of the commercial HTTP proxies must support the ICAP protocol. The open
source Squid 3.x proxy server supports it.
* Fix a vulnerability that allowed Contributor-level users to improperly
publish posts.
* Fix user queries ordered by post count.
* Fix multiple tag queries.
* Prevent over-escaping of post titles when using Quick Edit for pages.
config.new, check within $(DESTDIR) rather than the host system.
Resolves DESTDIR-mode build when privoxy is also installed, common in
make replace.
(No revbump because this change only affects a case where the package
failed to build.)
=== RELEASE 2.3pre2 ===
So dub 16 20:19:07 CEST 2011 mikulas:
Utf-8 text terminal support
Sat Mar 12 23:55:56 MET 2011 mikulas:
Fixed a bug with gpm, if gpm closed a handle on its own,
links would occasionaly close it again
Mon Aug 9 01:35:29 UTC 2010 mikulas:
Don't report terminal size in User-Agent
Thu Aug 5 23:31:59 MET 2010 mikulas:
Scan for header tags even in document body
Sat Jul 31 22:35:04 MET 2010 mikulas:
link rel=prefetch
Sat Jul 31 22:24:06 MET 2010 mikulas:
Interpret style="display:none"
Fri Jun 18 20:39:46 MET 2010 mikulas:
Fixed crash when unknown Content-Enconding is returned by the server
Sat Apr 24 04:11:58 CEST 2010 mikulas:
Fix an occasional lockup with Ctrl-Z, fg and framebuffer
Fixed in 7.21.6 - April 22 2011
Changes:
Added --tr-encoding and CURLOPT_TRANSFER_ENCODING
Bugfixes:
curl-config: fix --version
curl_easy_setopt.3: CURLOPT_PROXYTYPE clarification
use HTTPS properly after CONNECT
SFTP: close file before post quote operations
Fixed in 7.21.5 - April 17 2011
Changes:
SOCKOPTFUNCTION: callback can say already-connected
Added --netrc-file
Added (new) support for cyassl
TSL-SRP: enabled with OpenSSL
Added CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION
Bugfixes:
nss: avoid memory leak on SSL connection failure
nss: do not ignore failure of SSL handshake
multi: better failed connect handling when using FTP, SMTP, POP3 and IMAP
runtests.pl: fix pid number concatenation that prevented it from killing the correct process at times
PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alert
curl_easy_setopt.3: Removed wrong reference to CURLOPT_USERPASSWORD
multi: close connection on timeout
IMAP in multi mode does SSL connections non-blocking
honours the --disable-ldaps configure option
Force setopt constants written by --libcurl to be long
ssh_connect: treat libssh2 return code better
SFTP upload could stall the state machine when the multi_socket API was used
SFTP and SCP could leak memory when used with the multi interface and the connection was closed
Added missing file to repair the MSVC makefiles
Fixed detection of recvfrom arguments on Android/bionic
GSS: handle reuse fix
transfer: avoid insane conversion of time_t
nss: do not ignore value of CURLOPT_SSL_VERIFYPEER in certain cases
SMTP-multi: non-blocking connect
SFTP-multi: set cselect for sftp and scp to fix "stall" risk
configure: removed wrongly claimed default paths
pop3: fixed torture tests to succeed
symbols-in-versions: many corrections
if a HTTP request gets retried because the connection was dead, rewind if any data was sent as part of it
only probe for working ipv6 once and then re-use that info for further requests
requests that are asked to bound to a local interface/port will no longer wrongly re-use connections that aren't
libcurl.m4: Add missing quotes in AC_LINK_IFELSE
progress output: don't print the last update on a separate line
POP3: the command to send is STLS, not STARTTLS
POP3: PASS command was not sent after upgrade to TLS
configure: fix libtool warning
nss: allow to use multiple client certificates for a single host
HTTP pipelining: Fix handling of zero-length responses
Don't list NTLM in curl-config when HTTP is disabled
curl_easy_setopt.3: CURLOPT_RESOLVE typo version
OpenSSL: build fine with no-sslv2 versions
checkconnection: don't call with NULL pointer with RTSP and multi interface
Borland makefile updates
configure: libssh2 link fix without pkg-config
certinfo crash
CCC crash
* meta: Allow adding javascript to pages. Only when htmlscrubber is
disabled, naturally. (Thanks, Giuseppe Bilotta) Closes: #623154
* comments: Add avatar picture of comment author, using Libravatar::URL
when available. The avatar is looked up based on the user's openid,
or email address. (Thanks, Francois Marier)
* Recommend libgravatar-url-perl, which contains Libravatar::URL.
* monotone: Implement rcs_getmtime, and work around a problem with monotone
0.48 that affects rcs_getctime. (Thanks, Richard Levitte)
* meta: Fix bug in loading of HTML::Entities that can break inline
archive=yes (mostly masked by other plugins that load the module).
* Be quiet about updating wrappers, except in verbose mode. (jmtd)
* meta: Add FOAF support. Closes: #623156
* Promote Crypt::SSLeay to Recommends; needed for https openid auth.
* tag: Avoid autocreating multiple tag pages that vary only in
capitalization. The first capitalization seen of a tag will be used
for the tag page.
* Fix yaml build dep. Closes: #624712
Based on PR#44869 by Christian Sturm.
additionaly fixes shebang for scriptse.
1.16 2011-04-15 00:00:00
- Emergency release for a critical security issue that can expose
files on your system, everybody should update!
- Fixes several provlems resulting in stalling the client until the
server timed out.
- Fixes ACL bug that made it impossible to build a blacklist.
- Improved logging.
- Extended default filter list.
Firefox 4 is based on the Gecko 2.0 Web platform. This release features
JavaScript execution speeds up to six times faster than the previous
version, new capabilities for Web Developers and Add-on Developers such as
hardware accelerated graphics and HTML5 technologies, and a completely
revised user interface.
Changelog, so far:
Version 1.1.3 (r94)
- Fixed bug with "OTPAuthPINAuthProvider" and <AuthnProviderAlias>
Version 1.1.2 (r87)
- Added "OTPAuthPINAuthProvider" to allow alternate verification of PINs
- Added "OTPAuthLogoutOnIPChange" flag to auto-logout on IP address change
- Build fixes for Solaris
Version 1.1.1 (r66)
- Build fixes
Version 1.1.0 (r44)
- Moved time interval and #digits configuration into users file
- Fixed bug in time based token synchronization at large offsets
- Added support for the Mobile-OTP algorithm: http://motp.sourceforge.net/
- Added otptool(1) one-time password utility program.
- Accept either decimal or hexadecimal values (basic auth only).
Version 1.0.0 (r10)
- Initial release
