2.1.7:
* HTTP request body size limit is now enforced
* database_sync_to_async now closes old connections before it runs code
* Auth middleware closes old connections before it runs
2.2.5:
* WebSocket handshakes are now affected by the websocket connect timeout, so
you can limit them from the command line.
* Server name can now be set using --server-name
1.2:
Reformatted the code using Black.
Added equality of JS() objects to avoid adding the same script more than once in the same configuration.
Determine the static callable at module import time, not each time a static path is generated.
Customized the repr() of JS() objects.
Added Python 3.7 and Django 2.2 to the test matrix.
2.1.7:
Bugfixes
Corrected packaging error from 2.1.6
2.1.6:
CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()¶
If django.utils.numberformat.format() – used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters – received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format().
To avoid this, decimals with more than 200 digits are now formatted using scientific notation.
Bugfixes
Made the obj argument of InlineModelAdmin.has_add_permission() optional to restore backwards compatibility with third-party code that doesn’t provide it
1.11.20:
Bugfixes
Corrected packaging error from 1.11.19
1.11.19:
CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()
If django.utils.numberformat.format() – used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters – received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format().
To avoid this, decimals with more than 200 digits are now formatted using scientific notation.
pkgsrc changes:
- Set USE_GCC_RUNTIME to depends on gcc6-libs when pkgsrc gcc is used
(XXX: Not tested and not clear if currently mk/compiler/gcc.mk DTRT
XXX: regarding (if not, that's probably why firefox/mozilla-common.mk
XXX: abuses USE_PKGSRC_GCC_RUNTIME!))
Changes:
WebKitGTK+ 2.22.6
=================
- Make kinetic scrolling slow down smoothly when reaching the ends of
pages, instead of abruptly, to better match the GTK+ behaviour.
- Fix Web inspector magnifier under Wayland.
- Fix garbled rendering of some websites (e.g. YouTube) while scrolling
under X11.
- Fix several crashes, race conditions, and rendering issues.
Upstream changes:
Major changes since 7.63:
Issue #3018637 by emilymoi, das-peter: [regression] Unset the 'host' header in drupal_http_request() during redirect
Compatibility fixes for PHP 7.3 (#3020771)
Compatibility fixes for MySQL 5.7 (#2981248)
All changes since 7.63:
#1430934 by johnish@gmail.com, DamienMcKenna, Berdir, malcomio, Dane Powell, zerolab, er.pushpinderrana, akosipax, njbarrett, Fabianx, alesr, David_Rothstein, littledynamo, das-peter: Notice: Undefined index: display_field in file_field_widget_value() (line 582 of /module/file/file.field.inc)
#1470656 by Damien Tournoud, joseph.olstad, Pol, Fabianx, catch: Registry rebuild should not parse the same file twice in the same request
#3028364 by Pol, Fabianx: Update function _registry_update() and move module_implements() and _registry_check_code() calls out of the try/catch
#3018637 by emilymoi, das-peter: [regression] Unset the 'host' header in drupal_http_request() during redirect
#3026529 by alexpott: 7.x does not have Phar protection and Phar tests are failing on Drupal 7
#2482549 by Pol, marcelovani, ndf, drupal@guusvandewal.nl, TR, jenlampton, kaidjohnson, ufku, MiSc, David_Rothstein, RobLoach, pablo.guerino, afoster, geerlingguy, SebCorbin, joelpittet, JohnAlbin: Fix up commit - convert short array styles to long.
#3023066 by Pol, mfb: [PHP 7.3] Fix BootstrapMiscTestCase::testCheckMemoryLimit() notice
#2482549 by Pol, marcelovani, ndf, drupal@guusvandewal.nl, jenlampton, ufku, kaidjohnson, MiSc, David_Rothstein, RobLoach, SebCorbin, geerlingguy, pablo.guerino, JohnAlbin, joelpittet, afoster: Ignore node_module folder in core to use Drupal with npm/grunt/nodejs
#3020771 by Ayesh, Pol, sjerdo: [PHP 7.3] strpos explicit string needle warnings
#2981248 by mfb, LFP6, msti: MySQL 5.7 incompatibility in system upgrade 7061
Remove the patch that included in upstream
Upstream changes:
8.6.7:
This is a hotfix release for a regression affecting some Drush installations that was introduced by the fix for SA-CORE-2019-002. No other fixes are included.
8.6.8:
Changes since 8.6.7
#2975539 by mondrake, alexpott, marcoscano, desierto: Changing machine name of image style leads to WSOD when loading widgets that used the old name
#2859315 by quietone, heddn, jhodgdon: SQL error from profile_fields when migrating d6 (or d7) to d8 without Profile module
#2443165 by davidwbarratt, amateescu, HOG, kostyashupenko, yched, Berdir, andypost, alexpott, tstoeckler, xjm: Drupal\Core\Entity\EntityInterface\ContentEntityStorageBase::doCreate() assumes that the bundle is a string
#2849074 by decafdennis, alexpott, zuuperman, AdamPS, sagesolutions, tucho, xjm: SiteConfigureForm overrides value from install profile
#3007716 by Sam152, kevin.dutra, jhedstrom, larowlan: Security update introduces breaking changes to content moderation
#2215857 by michielnugter, Lendude, gmercer, tim.plunkett, cferthorney, marabak, olli, ericmulder1980, TwoD, sanduhrs, stella, dww, nod_: Behaviors get attached to removed forms
#3017812 by ibustos, joachim: Language selector is immune to hook_entity_field_access in entity forms
#2900883 by larskhansen, GaëlG, kalyansamanta, Chi, tim.plunkett, Gábor Hojtsy, joachim: Wrong documentation of Drupal\Component\Plugin\Derivative\DeriverInterface::getDerivativeDefinitions()
#3027595 by amateescu, pmelab: Incorrect blacklist condition in WorkspaceManager
#2725259 by sardara, andrewmacpherson, claudiu.cristea, tedbow, alwaysworking, droplet, techmsi, kwoxer, xjm, alexpott, lauriii, catch, cilefen, Cottser: [regression] Table Drag handles no longer respond to up/down arrow keys
Revert "Issue #2725259 by sardara, andrewmacpherson, claudiu.cristea, tedbow, alwaysworking, droplet, techmsi, kwoxer, xjm, alexpott, @catch, @cilefen, @Cottser, @lauriii: [regression] Table Drag handles no longer respond to up/down arrow keys"
#2725259 by sardara, andrewmacpherson, claudiu.cristea, tedbow, alwaysworking, droplet, techmsi, kwoxer, xjm, alexpott, @catch, @cilefen, @Cottser, @lauriii: [regression] Table Drag handles no longer respond to up/down arrow keys
#2937073 by tim.plunkett, Saviktor, tedbow: Improve robustness of FieldBlockTest
#2973713 by quietone, Adita, etecjdo, apmsooner, mikeryan, gnuschichten, tstoeckler: cache_key source plugin configuration not documented
#2949555 by quietone, ankitjain28may: Correct the documentation on method UserMigrationClassTest
#3025685 by quietone: Add error msg to assertions in MigrateSourceTestBase
#3026840 by izus: Fix plural typo in workspaces field
#3024452 by kfritsche, hchonov, alexpott: DatabaseStorageExpirable:setWithExpireIfNotExists is not respecting expired
#2999908 by penyaskito: View more link in recipe cards is not fully translated
#3028819 by alwaysworking: Update username
#2916021 by d.olaresko, wengerk, Chi, xjm, dawehner, idebr: Update "Running tests" section in core.api.php
#2953995 by kjay, starshaped, rachel_norfolk, Vidushi Mehta, cferthorney, HAL 9000, Eli-T, markconroy, steveparks: Update the Umami Vegan Chocolate Brownie recipe
#3028608 by danharper, Eli-T, markconroy, Not Real: Umami - favicon
#2940027 by jmsosso: Add change record to @deprecated for AccountInterface
#2995150 by msankhala, tim.plunkett: Command examples in core/tests/README.md are confusing and not executable
#3024184 by seanB, andrewmacpherson, Kristen Pol: Make the tabbing order match the visual reading order in MediaLibraryWidget
#2668416 by Krzysztof Domański, wheatpenny, Lendude, alexpott: Wrong assert in NodeTitleTest
#2981870 by Lendude, alexpott: Duplicate BrokenSetUpTest for BrowserTestBase
#2809513 by Lendude, brentgees: Convert AJAX part of \Drupal\responsive_image\Tests\ResponsiveImageFieldUiTest to JavascriptTestBase and the rest to BrowserTestBase
#3027574 by tuutti: SqlContentEntityStorage no longer update entities with certain (id) fields
#3026043 by Berdir: ConfigEntityBase::__sleep() serializes plugin instances if they were not previously initialized
#3021395 by quietone, alexpott: MigrateDrupalTestBase::migrateContent(['translations') does not migrate translations
Revert "Issue #3003238 by Sam152, amateescu, Berdir: EntityStorageException: Default revision can not be deleted in content_moderation_entity_revision_delete()"
#2987418 by quietone, Kristen Pol: Rename MigrateUpgrade tests
#3003238 by Sam152, amateescu, Berdir: EntityStorageException: Default revision can not be deleted in content_moderation_entity_revision_delete()
#3026470 by alexpott, jrockowitz, Joseph Zhao: ArchiveTar is throwing fatal error
Merged 8.6.7.
Merged 8.6.6.
#3015992 by Krzysztof Domański, alexpott, larowlan: Not affecting spacing in PhpTransliterationTest
#2998769 by kiamlaluno, quietone, kkalaskar: @see directive used in the wrong place outputs the wrong HTML markup
#3000677 by catch, Shane Birley, featherbelly, alexpott, larowlan: Fatal error after upgrade to 8.6x [due to regression in extension system]
#2955457 by pfrenssen, Chewie, unrealauk, alexpott, Pol: ConfigFactory static cache gets polluted with data from config overrides
#3020142 by mglaman, tim.plunkett: Test module no_transitions_css has invalid hook_page_attachments
#3007973 by tim.plunkett, lukasss, xopoc, bnjmnm, stompersly: Layout builder prevents the rendering of extra fields (like Links) on pages not using Layout Builder
#3024259 by Pol, alexpott: [PHP 7.3] Fix EnvironmentTest::providerTestCheckMemoryLimit() notice
#3023747 by mikelutz, heddn: D6 profile migrations assume stubs, which fail
#2978922 by brathbone, philipnorton42, msankhala, hardikpandya, alexpott, siliconmeadow: Improve batch_process() documentation
#2845975 by quietone, Jo Fitzgerald, aleevas, maxocub, Gábor Hojtsy: Migrate Drupal 6 user profile field value option translations
#2701829 by alexpott, andypost, Soul88, Graber, Eduardo Morales, dawehner, pingwin4eg, catch, Berdir, jibran, httang12: Extension objects should not implement \Serializable
#2693727 by mikelutz, sanduhrs, CalebD, ajlib, Lendude, tstoeckler, catch: Limiting options for exposed Language filters causes errors and doesn't work for special languages
8.6.9:
Changes since 8.6.8:
#2215857 followup by gaydamaka, timmillwood, alexpott, lauriii: Regression on Internet Explorer 11
#3031128 by alexpott, TrevorBradley, indigoxela, catch, cilefen, larowlan, jibran: Update from 8.6.7 to 8.6.8 warnings - Drupal\Core\Extension\Extension has no unserializer
Revert "Issue #2924201 by tim.plunkett, tedbow, larowlan, xjm, jibran, Kristen Pol: Resolve random failure in LayoutBuilderTest so that it can be added to HEAD"
#2924201 by tim.plunkett, tedbow, larowlan, xjm, jibran, Kristen Pol: Resolve random failure in LayoutBuilderTest so that it can be added to HEAD
Update DEPENDS
Upstream changes:
v2.5.0 2019-02-08 22:18:11Z
- Strip some control characters from links (GH#34) (Olaf Alders)
- Enable empty_element_tags in HTML::Parser (GH#35) (Olaf Alders)
v2.4.1 2019-02-05 14:13:16Z
- Bump version of Type::Tiny to 1.002001. (GH#33) (Olaf Alders). Issue
reported by Slaven Rezić (GH#32).
v2.4.0 2019-02-05 02:51:05Z
- Process text until it returns the same value twice. (GH#31) (Olaf
Alders). Issue raised in (GH#29) by Juraj Major.
- Add max_parser_loops attribute
* graph: Add an optional "file" parameter
* emailauth: When email can't be sent, show the error message
* osm: Don't raise errors if tags don't have attached icons
* cgi: Avoid C compiler warnings for waitpid() on NetBSD
* Hide popup template content from documentation (Closes: #898836)
* meta: Make [[!meta date]] show an error if dates are invalid or
Date::Parse can't be loaded
* inline: Cope with non-ASCII `rootpage` parameter.
Thanks, Feng Shu
* table: Cope with non-ASCII content in CSV format tables.
Thanks, Feng Shu
* trail: Allow unescaped punctuation in `pagenames` parameter
* comments: Hide "add comment" link from print stylesheet.
Thanks, Antoine Beaupré
* recentchangesdiff, relativedate, toggle:
Import JavaScript at the end of the page content, not the beginning,
so that the browser can render content as soon as possible.
Thanks, Antoine Beaupré
* inline: Add basic test coverage for [[!inline rootpage]]
* table: Add basic test coverage
* po: Add enough test coverage to reproduce Debian #911356
* comments: Improve test coverage
* tests: Exercise Unicode more
* aggregate: Fix aggregation of posts without a title.
Thanks, Alexandre Oliva
* poll: Added postlink and posttrail options for better multi-page polls.
* Fix permalink to comments.
curl and libcurl 7.64.0
This release includes the following changes:
* cookies: leave secure cookies alone
* hostip: support wildcard hosts
* http: Implement trailing headers for chunked transfers
* http: added options for allowing HTTP/0.9 responses
* timeval: Use high resolution timestamps on Windows
This release includes the following bugfixes:
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
* CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
* CVE-2019-3823: SMTP end-of-response out-of-bounds read
* FAQ: remove mention of sourceforge for github
* OS400: handle memory error in list conversion
* OS400: upgrade ILE/RPG binding.
* README: add codacy code quality badge
* Revert http_negotiate: do not close connection
* THANKS: added several missing names from year <= 2000
* build: make 'tidy' target work for metalink builds
* cmake: added checks for variadic macros
* cmake: updated check for HAVE_POLL_FINE to match autotools
* cmake: use lowercase for function name like the rest of the code
* configure: detect xlclang separately from clang
* configure: fix recv/send/select detection on Android
* configure: rewrite --enable-code-coverage
* conncache_unlock: avoid indirection by changing input argument type
* cookie: fix comment typo
* cookies: allow secure override when done over HTTPS
* cookies: extend domain checks to non psl builds
* cookies: skip custom cookies when redirecting cross-site
* curl --xattr: strip credentials from any URL that is stored
* curl -J: refuse to append to the destination file
* curl/urlapi.h: include "curl.h" first
* curl_multi_remove_handle() don't block terminating c-ares requests
* darwinssl: accept setting max-tls with default min-tls
* disconnect: separate connections and easy handles better
* disconnect: set conn->data for protocol disconnect
* docs/version.d: mention MultiSSL
* docs: fix the --tls-max description
* docs: use $(INSTALL_DATA) to install man page
* docs: use meaningless port number in CURLOPT_LOCALPORT example
* gopher: always include the entire gopher-path in request
* http2: clear pause stream id if it gets closed
* if2ip: remove unused function Curl_if_is_interface_name
* libssh: do not let libssh create socket
* libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
* libssh: free sftp_canonicalize_path() data correctly
* libtest/stub_gssapi: use "real" snprintf
* mbedtls: use VERIFYHOST
* multi: multiplexing improvements
* multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
* ntlm: fix NTMLv2 compliance
* ntlm_sspi: add support for channel binding
* openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
* openssl: fix the SSL_get_tlsext_status_ocsp_resp call
* openvms: fix OpenSSL discovery on VAX
* openvms: fix typos in documentation
* os400: add a missing closing bracket
* os400: fix extra parameter syntax error
* pingpong: change default response timeout to 120 seconds
* pingpong: ignore regular timeout in disconnect phase
* printf: fix format specifiers
* runtests.pl: Fix perl call to include srcdir
* schannel: fix compiler warning
* schannel: preserve original certificate path parameter
* schannel: stop calling it "winssl"
* sigpipe: if mbedTLS is used, ignore SIGPIPE
* smb: fix incorrect path in request if connection reused
* ssh: log the libssh2 error message when ssh session startup fails
* test1558: verify CURLINFO_PROTOCOL on file:// transfer
* test1561: improve test name
* test1653: make it survive torture tests
* tests: allow tests to pass by 2037-02-12
* tests: move objnames-* from lib into tests
* timediff: fix math for unsigned time_t
* timeval: Disable MSVC Analyzer GetTickCount warning
* tool_cb_prg: avoid integer overflow
* travis: added cmake build for osx
* urlapi: Fix port parsing of eol colon
* urlapi: distinguish possibly empty query
* urlapi: fix parsing ipv6 with zone index
* urldata: rename easy_conn to just conn
* winbuild: conditionally use /DZLIB_WINAPI
* wolfssl: fix memory-leak in threaded use
* spnego_sspi: add support for channel binding
Closes NetBSD/pkgsrc#42.
5.1.16
- Fix build on OSX.
5.1.15
- Restore apc.serializer=php as the default, as the "default" serializer
still/again has issues.
- Fix possible issues in persistence of arrays with the "default" serializer.
- Attempt to reduce shared memory fragementation.
5.1.14
- Fixed GH #347: Disable slam defense by default.
- Fix potential issue with destruction of locks. This does not affect Linux,
but might affect Windows and BSD.
- Use mutex instead of rwlock for shared memory allocator (if pthreads mutex
available).
- Require only read-lock for apcu_cas(), by using atomic compare-and-swap.
5.1.13
- Reimplement persistence logic using precise allocation rather than memory
pools. This reduces memory usage of cache entries, especially for small
values, and improves performance of persisting and unpersisting values.
- Fixed GH #335: Stampede protection is broken.
- Fixed GH #328: Segfault in apcu_key_info() if APCu is disabled.
- Generally make the behavior of functions if APCu is disabled more consistent.
- Fixed PHP bug #72980: Empty strings are now consistently allowed as cache
keys.
- Optimized apcu_key_info() and apcu_cache_info() by using interned strings.
- Fix build against PHP master (PHP 7.4).
- Many changes to internal C APIs.
5.1.12
- gh#307: Fix 'Timout' sort option (apc.php).
- gh#308: Keep search parameter on cache entry detail link (apc.php).
- Fix --enable-apcu-clear-signal support.
- Show entries with expired global TTL in APCuIterator.
- Respect TTL when calculating APCuIterator totals.
- The per-entry TTL now always takes precedence over the global TTL.
- The global TTL is now always relative to the access time.
- apcu_inc() and apcu_dec() no longer update hard-expired entries. Instead a
new entry is created.
- Added optional $ttl argument to apcu_inc() and apcu_dec(), used when creating
a new entry.
- PHP bug #76145: Fix use of APCu inside Serializer::(un)serialize().
- gh#304: If apcu_cas() is used on a non-existing entry, don't insert it.
- gh#295: Improve APCuIterator performance by using PCRE JIT and preallocating
key strings.
- Reduce the memory overhead of cache entries.
- Prevent potential memory corruption in the cache slam defense implementation.
- Ensure cache entry references are released on bailout during unserialization.
- Make support for atomic operations a hard requirement for building APCu.
- Check write-lock acquisition for failure, to help debugging deadlock
situations.
- Make sure apcu_inc/dec are atomic when working on a non-existing entry.
- Many changes to internal C APIs.
5.1.11
- fix gh#246 apcu_entry hangs
- fix gh#259 deadlock in apcu_store
- fix gh#281 undefined variable in apc.php
- fix handling of fatal errors in apcu_entry
- check string lengths when looking up keys
- many internal C APIs changed
* pkgsrc change: add "USE_LANGAUGES= # none" line.
2.1.0 (2018-10-04)
Spring has sprung so let's make a new release
New features:
* Rack::PostBodyContentTypeParser -- you can now pass a block to the
middleware to override the default "parse me some JSON" behaviour.
Thanks to Kris Dekeyser (@Kris-LEBIS) for the patch.
* Ruby 2.5 support -- we're now running the test suite through Ruby 2.5.1, as
well as the latest patch releases of all other Ruby releases supported by
rack-contrib (back to 2.2, the same as Rack itself). The only "interesting"
change here is that some Rack::Profiler printers no longer work, which is
not our fault, but rather a problem with ruby-prof.
Bug fixes:
* Remove a deprecation warning about has_rdoc. Thanks to Luciano Sousa
(@lucianosousa) for the patch.
* pkgsrc change: add "USE_LANGAUGES= # none" line.
Update to 1.6.11 which fixes security problems of CVE-2018-16471.
(CVE-2018-16470 is only for rack 2.0.x.)
Flask-RESTPlus is an extension for Flask that adds support for
quickly building REST APIs. Flask-RESTPlus encourages best practices
with minimal setup. If you are familiar with Flask, Flask-RESTPlus
should be easy to pick up. It provides a coherent collection of
decorators and tools to describe your API and expose its documentation
properly using Swagger.
libgnurl is a fork of libcurl. The goal for libgnurl is to support
only HTTP and HTTPS (and only HTTP 1.x) with a single crypto backend
(GnuTLS) to ensure a small footprint and uniform experience for
developers regardless of how libcurl was compiled.
This software is mainly used by GNUnet. The modifications to curl
are kept to the bare minimum, intended to track upstream closely.
gnurl is not a replacement for curl, so different paths are used.
This is a hotfix release for a regression affecting some Drush
installations that was introduced by the fix for SA-CORE-2019-002. No
other fixes are included.
Scrapy 1.6.0:
Highlights:
* better Windows support;
* Python 3.7 compatibility;
* big documentation improvements, including a switch
from .extract_first() + .extract() API to .get() + .getall()
API;
* feed exports, FilePipeline and MediaPipeline improvements;
* better extensibility: :signal:item_error and
:signal:request_reached_downloader signals; from_crawler support
for feed exporters, feed storages and dupefilters.
* scrapy.contracts fixes and new features;
* telnet console security improvements, first released as a
backport in :ref:release-1.5.2;
* clean-up of the deprecated code;
* various bug fixes, small new features and usability improvements across
the codebase.
2.1.5
Changes:
New: ipdb, pdb and wdb filters
Fix: ForeignKeySearchInput, error with widget render(...) parameters on Django 2.1
Fix: pipchecker, unsupported format string passed to NoneType.format error
Tests: bunch of new test cases
Changelog:
New
Enhanced tracking protection: Simplified content blocking settings give users standard, strict, and custom options to control online trackers. A redesigned content blocking section in the site information panel (viewed by expanding the small “i” icon in the address bar) shows what Firefox detects and blocks on each website you visit. To learn more about content blocking, visit the Mozilla Blog.
A better experience for multilingual users: An updated Language section in Preferences allows users to install multiple language packs and order language preferences for Firefox and websites, without having to download locale-specific versions.
Support for Handoff on macOS: Continue browsing across devices. Pick up where you left off with iOS (via Firefox or Safari) on Firefox on Mac.
A better video streaming experience for Windows users: Firefox now supports the next-generation, royalty-free video compression technology called AV1. Read about Mozilla’s contribution to this new open standard.
Improved performance and web compatibility, with support for the WebP image format: WebP brings the same image quality as existing formats at smaller file sizes, which saves bandwidth and speeds up page load.
Fixed
Various security fixes.
Changed
Enhanced security for macOS, Linux, and Android users via stronger stack smashing protection which is now enabled by default for all platforms. "Stack smashing" is a common security attack in which malicious actors corrupt or take control of a vulnerable program.
Firefox will now warn you when closing a window (regardless of whether you have automatic session restore enabled for restart).
Easier performance management: The revamped Task Manager page found at about:performance now reports memory usage for tabs and add-ons.
Improved the pop-up blocker to prevent multiple pop-up windows from being opened by websites at the same time.
Security fixes:
Not available yet.
1.2.1:
Bugfixes
- When given an IPv6 address in X-Forwarded-For or Forwarded for=
waitress was placing the IP address in REMOTE_ADDR with brackets:
[2001:db8::0], this does not match the requirements in the CGI spec which
REMOTE_ADDR was lifted from. Waitress will now place the bare IPv6
address in REMOTE_ADDR: 2001:db8::0.
Changes include:
- support for tyxml 4.3.x and js_of_ocaml 3.3.x (rendering obsolete a lot
of patches);
- compatibility with lwt 4.x (same);
and several other bugfixes and minor improvements.
Changes include:
- compatibility with ocaml 4.07
- compatibility with Lwt 4.x (a lot of this was already in patches,
which I've now been able to remove)
- replace tyxml-parser with xml-light
and some other minor bugfixes and improvements.
1.3.0:
Added support for Django 1.11, 2.0 and 2.1
Removed support for Django 1.8, 1.9
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 3.6
Added isort and adapted imports
Adapted code base to align with other supported addons
