Upstream changes:
8.6.12
The third-party Twig library, which powers Drupal 8's theme system, recently released new versions (Twig 1.38.0 and 1.38.1) that introduced a fatal error for Drupal 8 sites using Composer. Drupal 8.6.11 was released yesterday with an update to Twig 1.38.2 in order to resolve that error. However, this update also led to a different regression for certain Drupal 8 themes that use Twig {% embed %} tags. This release hotfixes Drupal 8 to resolve that regression. No other changes are included.
8.6.11
This release resolves two critical issues affecting Drupal 8 site updates:
The third-party Twig library, which powers Drupal 8's theme system, recently released a new minor version (1.38.0) that introduced a fatal error when used with Drupal 8. As a result, Drupal 8 sites managed with Composer encountered this fatal error when updating Twig to version 1.38.0 or 1.38.1. This release updates Drupal to require Twig 1.38.2, which resolves the fatal error.
The recent releases for SA-CORE-2019-003 introduced a serialized data integrity issue affecting some contributed and custom modules, including the Default Content and Paragraphs modules. This release resolves the issue for affected sites.
Additionally, this release resolves an administrator-only access bypass with the Layout Builder module. Previously, users who didn't have access to view individual entities were still granted access to configure the layout for that entity (if per-entity layout configuration was enabled) and therefore could view its content. This implicit access has been removed. Site owners should ensure that all content editor roles have access to view the content for which they are configuring the layout.
pkgsrc changes:
- Remove patch-Source_JavaScriptCore_assembler_MacroAssemblerARM.cpp: logic
changed upstream and there is no longer a function that check for a VFP.
Changes:
2.24.0
------
- Added support fot content filtering.
- Variation fonts support.
- Fully emoji rendering support.
- Added navigation and pinch zoom gestures for touchpads.
- Support for JPEG2000 images (please note that in pkgsrc at the
moment it is disabled to avoid a dependency on openjpeg)
- Script dialogs are now modal to the current web view only.
- New API to convert URI to format for display.
19.2.1
fix: set announced roles on appsession object
new: lower log noise on ApplicationErrors
new: allow explicit passing of tx endpoint and reactor
new: add attribute to forward applicationrunner to applicationsession via componentconfig
v1.37.0:
build
CMake build explicitly sets install location when building shared library.
nghttpx
This release fixes possible backend stall when header and request body are sent in their own packets.
The backend option gets weight parameter to influence backend selection.
This release fixes compile error with BoringSSL.
Upstream changes:
Moodle 3.6.3 release notes
Releases > Moodle 3.6.3 release notes
Release date: 11 March 2019
Here is the full list of fixed issues in 3.6.3.
Fixes and improvements
MDL-63892 - Last post date and time shown correctly on forum page
MDL-64609 - Gradebook regrading no longer gets stuck
MDL-43428 - Quiz now displays the correct time left when quiz close date before time limit
MDL-62345 - Site home and Dashboard now have different data-key attributes when the home page is set to site
MDL-61405 - All assignment 'View annotated PDF' buttons work
MDL-64632 - Invalid response value detected messaging error fix
MDL-63103 - Server files performance improvement for sites with lots of activities and files
MDL-64528 - Activities can no longer be marked as complete when the context is frozen
MDL-63677 - Users no longer redirected back to a policy agreement when creating a new account
MDL-55135 - View competency framework no longer required for viewing competencies in a course
MDL-62454 - Numerical question units are displayed on the same line
MDL-64553 - Notifications table has index for the useridfrom column
MDL-64521 - Participants page performance improvement for courses with ~50k users and 10 groups
MDL-48338 - A single simple discussion forum now scrolls to new posts
MDL-60972 - Deleting course sections now also delete files used in the section description
MDL-64652 - Data export performance improvement
MDL-63674 - RTL languages correctly aligned in messaging interface
MDL-64171 - Course image scaled down when no course summary
MDL-64240 - Forum post word count correctly reflects the size of posts
MDL-62680 - Accessibility improvement for quiz question feedback
MDL-64679 - Option to clear prediction for analytics trained models
MDL-62963 - Clearer button background in Boost
MDL-64640 - Deleting of feedback question and deleting of user tour step no longer give a 404 error
MDL-64856 - Glossary 'Actions menu' icon no longer disappears when browsing
MDL-64730 - External tool 0 points score now correctly recorded as zero in the gradebook
MDL-64464 - Drag and drop question types now allow use of mixed languages
MDL-62143 - Boost navigation bar accessibility improvements
MDL-64561 - Install database CLI script now shows help even if Moodle is already installed
MDL-64134 - Messaging search simpler UI when search returns no results
MDL-64385 - 'Allowed email domains' setting is now case insensitive
MDL-63628 - Download assignment submission files via keyboard accessibility fix
MDL-64469 - Question bank category edit link usability improvement
MDL-63378 - Boost theme menu links contrast accessibility fix
MDL-64143 - Messaging contacts are now shown in bold
MDL-64144 - Messaging search results now shown with date rather than time stamp
MDL-64971 - get_with_capability_join, get_users_by_capability, assign/unassign_capability now check the capability exists
1.9.1:
* WARNING: This is most probably the last version supporting Python 2.
* Added testing for Python 3.7.
* Confirmed support for Django 2.2 (no code changes required).
* Updated translations.
Upstream changes:
== Ruby-GNOME2 3.3.5: 2019-03-10
This is a follow-up release of 3.3.4.
=== Changes
==== Ruby/GObjectIntrospection
* Improvements
* Ignored no (({GType})) interface.
Upstream changes:
== Ruby-GNOME2 3.3.4: 2019-03-09
This is a real release to support GLib 2.60.
=== Changes
==== Ruby/GObjectIntrospection
* Improvements
* Ignored no (({GType})) interface.
== Ruby-GNOME2 3.3.3: 2019-03-09
This is a release to support GLib 2.60.
=== Changes
==== Ruby/GLib2
* Improvements
* Made tests more robust.
[GitHub#1272][Reported by Jeremy Bicha]
* Required pkg-config 1.3.5 or later.
* Added support for GLib 2.60.
* Windows: Removed support for static compilation.
* Fixes
* (({GLib::PollFD#fd=})): Fixed wrong conversion.
==== Ruby/GObjectIntrospection
* Improvements
* Improved auto (({#==}))/(({#!=})) implementations.
They returns (({true}))/(({false})) for invalid argument instead
of raising an error.
==== Ruby/GTK2
* Improvements
* Made tests more robust.
[GitHub#1275][Reported by Jeremy Bicha]
==== Ruby/RSVG2
* Improvements
* Made tests more robust.
[GitHub#1273][Reported by Mamoru TASAKA]
==== Ruby/Poppler
* Improvements
* (({Poppler::Document.new(data:)})):
Added support for (({Encoding.default_internal})).
* (({Poppler::Document.new})):
Added support for (({#to_path})) objects as path.
=== Thanks
* Jeremy Bicha
* Mamoru TASAKA
* upstream (curl) ChangeLog:
This release includes the following changes:
* cookies: leave secure cookies alone
* hostip: support wildcard hosts
* http: Implement trailing headers for chunked transfers
* http: added options for allowing HTTP/0.9 responses
* timeval: Use high resolution timestamps on Windows
This release includes the following bugfixes:
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
* CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
* CVE-2019-3823: SMTP end-of-response out-of-bounds read
* FAQ: remove mention of sourceforge for github
* OS400: handle memory error in list conversion
* OS400: upgrade ILE/RPG binding.
* README: add codacy code quality badge
* Revert http_negotiate: do not close connection
* THANKS: added several missing names from year <= 2000
* build: make 'tidy' target work for metalink builds
* cmake: added checks for variadic macros
* cmake: updated check for HAVE_POLL_FINE to match autotools
* cmake: use lowercase for function name like the rest of the code
* configure: detect xlclang separately from clang
* configure: fix recv/send/select detection on Android
* configure: rewrite --enable-code-coverage
* conncache_unlock: avoid indirection by changing input argument type
* cookie: fix comment typo
* cookies: allow secure override when done over HTTPS
* cookies: extend domain checks to non psl builds
* cookies: skip custom cookies when redirecting cross-site
* curl --xattr: strip credentials from any URL that is stored
* curl -J: refuse to append to the destination file
* curl/urlapi.h: include "curl.h" first
* curl_multi_remove_handle() don't block terminating c-ares requests
* darwinssl: accept setting max-tls with default min-tls
* disconnect: separate connections and easy handles better
* disconnect: set conn->data for protocol disconnect
* docs/version.d: mention MultiSSL
* docs: fix the --tls-max description
* docs: use $(INSTALL_DATA) to install man page
* docs: use meaningless port number in CURLOPT_LOCALPORT example
* gopher: always include the entire gopher-path in request
* http2: clear pause stream id if it gets closed
* if2ip: remove unused function Curl_if_is_interface_name
* libssh: do not let libssh create socket
* libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
* libssh: free sftp_canonicalize_path() data correctly
* libtest/stub_gssapi: use "real" snprintf
* mbedtls: use VERIFYHOST
* multi: multiplexing improvements
* multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
* ntlm: fix NTMLv2 compliance
* ntlm_sspi: add support for channel binding
* openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
* openssl: fix the SSL_get_tlsext_status_ocsp_resp call
* openvms: fix OpenSSL discovery on VAX
* openvms: fix typos in documentation
* os400: add a missing closing bracket
* os400: fix extra parameter syntax error
* pingpong: change default response timeout to 120 seconds
* pingpong: ignore regular timeout in disconnect phase
* printf: fix format specifiers
* runtests.pl: Fix perl call to include srcdir
* schannel: fix compiler warning
* schannel: preserve original certificate path parameter
* schannel: stop calling it "winssl"
* sigpipe: if mbedTLS is used, ignore SIGPIPE
* smb: fix incorrect path in request if connection reused
* ssh: log the libssh2 error message when ssh session startup fails
* test1558: verify CURLINFO_PROTOCOL on file:// transfer
* test1561: improve test name
* test1653: make it survive torture tests
* tests: allow tests to pass by 2037-02-12
* tests: move objnames-* from lib into tests
* timediff: fix math for unsigned time_t
* timeval: Disable MSVC Analyzer GetTickCount warning
* tool_cb_prg: avoid integer overflow
* travis: added cmake build for osx
* urlapi: Fix port parsing of eol colon
* urlapi: distinguish possibly empty query
* urlapi: fix parsing ipv6 with zone index
* urldata: rename easy_conn to just conn
* winbuild: conditionally use /DZLIB_WINAPI
* wolfssl: fix memory-leak in threaded use
* spnego_sspi: add support for channel binding
0.7.1:
Add support for Python 3.5, 3.6 and 3.7.
Move to GitHub and Travis CI.
Add support for iterator arguments to _speedups Markup.join implementation so that it matches
the Python implementation.
Add HTML5 input placeholder attribute to list of translatable attributes.
Add missing boolean attributes to XHTML and HTML serializers.
Fix infinite recursion in template inlining.
Support slash escaped of CRLF newlines.
Disable the speedups C extension on CPython >= 3.3 since Genshi doesn't support the new Unicode
C API yet.
Fix handling of case where a translation has text after a closing tag.
Fix assert with side-effect in xi:fallback directive processing
3.9.2:
Routers: invalidate _urls cache on register()
Deferred schema renderer creation to avoid requiring pyyaml.
Added 'request_forms' block to base.html
Fixed SchemaView to reset renderer on exception.
Update Django Guardian dependency.
Ensured support for Django 2.2.
Made templates compatible with session-based CSRF.
Adjusted field validators to accept non-list iterables.
Added SearchFilter.get_search_fields() hook.
Fix DeprecationWarning when accessing collections.abc classes via collections
Allowed Q objects in limit_choices_to introspection.
Added lazy evaluation to composed permissions.
Add negation ~ operator to permissions composition
Avoided calling distinct on annotated fields in SearchFilter.
Introduced RemovedInDRF…Warning classes to simplify deprecations.
## 4.3.3
- update jquery to 3.3.1
## 4.3.2
- update jquery to 3.3.0
- Add possibility to test HTML: all, attribute prefix, attribute contains,
attribute ends with, child, and class selectors
- Fix matching mutiple calls for the same selector/function exception
## 4.3.1
- update jquery to 3.2.1
## 4.3.0
- update jquery to 3.2.0
- Add possibility to test HTML attribute selectors
## 4.2.2
- update jquery to 3.1.1
## 4.2.1
- update jquery to 3.1.0
## 4.2.0
- Support jQuery 3.x
- Update jquery-ujs to 1.2.2
- Update jQuery to 1.12.4 and 2.2.4
## 4.1.1
- Update jQuery to 1.12.1 and 2.2.1
- Update jquery-ujs to 1.2.1
## 4.1.0
- Update jQuery to 1.12.0 and 2.2.0
- Update jquery-ujs to 1.2.0
## 4.0.5
- Specify that Ruby version 1.9.3+ is required
- Test on Ruby 2.2
- Update jquery-ujs from 1.0.4 to 1.1.0
## 4.0.4
- Fix CSP bypass vulnerability. CVE-2015-1840
## 4.0.1
- Fix RubyGems permission problem.
## 4.0.0
- Minimum dependency set to Rails 4.2
- Updated to jquery-ujs 1.0.2
- Support jQuery 1.x and 2.x
Add ruby-coffee-rails package version 4.2.2 which supported by Ruby on
Rails 4.2 and later.
CoffeeScript adapter for the Rails asset pipeline. Also adds support to use
CoffeeScript to respond to JavaScript requests (use `.coffee` views).
Add ruby-rails52 version 5.2.2 package.
Ruby on Rails is a full-stack web framework optimized for programmer
happiness and sustainable productivity. It encourages beautiful code
by favoring convention over configuration.
This is for Ruby on Rails 5.2.
