nginx-1.14.0 stable version has been released, incorporating new features and bug fixes from the 1.13.x mainline branch - including the mirror module, HTTP/2 push, the gRPC proxy module, and more.
Release 5.3.1
-------------
- Fixes a regression from 5.3.0: a crash that occurs if the user that
an application should run under, does not have a shell configured.
- Fixes a regression from 5.3.0: setting supplementary group IDs
during user switching.
Release 5.3.0
-------------
- Vastly improves spawning error page: quick overview of where the
problem is, and the option to drill down in extensive
troubleshooting information.
- Fuse Panel support: fixes a crash that occurs when you shut down
Passenger right after it fails to connect to Fuse Panel.
- [Nginx] Updates the preferred Nginx version to 1.14.0 (from 1.12.2).
- [Enterprise] Fix licensing proxy warning to refer to
licensing_proxy_url instead of licensing_proxy.
- [Enterprise] Add new `PassengerAppLogFile` (Apache) /
`passenger_app_log_file` (Nginx) config option to specify a file for
app-specific logs.
==================
WebKitGTK+ 2.20.2
==================
What's new in WebKitGTK+ 2.20.2?
- Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors.
- Properly close the connection to the nested wayland compositor in the Web Process.
- Avoid painting backing stores for zero-opacity layers.
- Fix downloads started by context menu failing in some websites due to missing user agent HTTP header.
- Fix video unpause when GStreamerGL is disabled.
- Fix several GObject introspection annotations.
- Update user agent quiks to fix Outlook.com and Chase.com.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2018-4200.
Changes:
Debian's w3m 0.5.3+git20180125
* bug fixes
- fix stack overflow with malformed text [CVE-2018-6196]
- fix null deref with malformed text [CVE-2018-6197]
- fix /tmp file races only when ~/.w3m is unwritable [CVE-2018-6198]
- do not remove w3mdict.cgi when "make distclean"
- do not turn a form's GET into POST
- correct <base ...> parsing
- accept TERM=fbterm
* new feature
- extend ssl_forbid_method to disable TLSv1.1
5.5.0
New features:
The files list now shows file sizes
Add a quit button in the dashboard
Display hostname in the terminal when running remotely
Add slides exportation/download to the menu
Add any extra installed nbconvert exporters to the “Download as” menu
Editor: warning when overwriting a file that is modified on disk
Display a warning message if cookies are not enabled
Basic __version__ reporting for extensions
Add NotebookApp.terminals_enabled config option
Make buffer time between last modified on disk and last modified on last save configurable
Allow binding custom shortcuts for ‘close and halt’
Add description for ‘Trusted’ notification
Add settings['activity_sources']
Add an output_updated.OutputArea event
Fixing problems:
Fixes to improve web accessibility
Fixed color contrast issue in tree.less
Allow cancelling upload of large files
Don’t clear login cookie on requests without cookie
Don’t trash files on different device to home dir on Linux
Clear waiting asterisks when restarting kernel
Fix output prompt when execution_count missing
Make the ‘changed on disk’ dialog work when displayed twice
Fix going back to root directory with history in notebook list
Allow defining keyboard shortcuts for missing actions
Prevent default on pageup/pagedown when completer is active
Prevent default event handling on new terminal
ConfigManager should not write out default values found in the .d directory
Fix leak of iopub object in activity monitoring
Javascript lint in notebooklist.js
Some Javascript syntax fixes
Convert native for loop to Array.forEach()
Disable cache when downloading nbconvert output
Add missing digestmod arg to HMAC
Log OSErrors failing to create less-critical files during startup
Use powershell on Windows
API spec improvements, API handler improvements
Set notebook to dirty state after change to kernel metadata
Use CSP header to treat served files as belonging to a separate origin
Don’t install gettext into builtins
Add missing import _
Write notebook.json file atomically
Fix clicking with modifiers, page title updates
Upgrade jQuery to version 2.2
Upgrade xterm.js to 3.1.0
Upgrade moment.js to 2.19.3
Upgrade CodeMirror to 5.35
“Require” pyzmq>=17
* Remove untested patches including NetBSD/earm support
Changelog:
New
Added a policy engine that allows customized Firefox deployments in
enterprise environments, using Windows Group Policy or a cross-platform
JSON file
Enhancements to New Tab / Firefox Home
Responsive layout that shows more content for users with wide-screen
displays
Highlights section includes web sites saved to Pocket
More options to reorder sections and content on the page
Pocket Sponsored Stories will appear for a percentage of users in
the US. Read about our privacy-conscious approach to sponsored content
Redesigned Cookies and Site Storage section in Preferences for greater
clarity and control of first- and third-party cookies
Applied Quantum CSS to render browser UI
Added support for Web Authentication API, which allows USB tokens for
website authentication
Enhanced camera privacy indicators: Firefox now turns off your camera
and the camera's light when you disable video recording, and turns
the camera and light on when you resume recording
Added an option for Linux users to show or hide page titles in a bar
at the top of the browser. You'll find the Title Bar option in the
Customize panel available from the main browser menu.
Improved WebRTC audio performance and playback for Linux users
Locale added: Occitan (oc)
Fixed
Various security fixes
Changed
#CVE-2018-5154: Use-after-free with SVG animations and clip paths
#CVE-2018-5155: Use-after-free with SVG animations and text paths
#CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files
#CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer
#CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
#CVE-2018-5160: Uninitialized memory use by WebRTC encoder
#CVE-2018-5152: WebExtensions information leak through webRequest API
#CVE-2018-5153: Out-of-bounds read in mixed content websocket messages
#CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache
#CVE-2018-5164: CSP not applied to all multipart content sent with
multipart/x-mixed-replace
#CVE-2018-5166: WebExtension host permission bypass through filterReponseData
#CVE-2018-5167: Improper linkification of chrome: and javascript: content
in web console and JavaScript debugger
#CVE-2018-5168: Lightweight themes can be installed without user interaction
#CVE-2018-5169: Dragging and dropping link text onto home button can set home
page to include chrome pages
#CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks
page or PDF viewer
#CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters
#CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior
for downloaded files in Windows 10 April 2018 Update
#CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in
their policies
#CVE-2018-5176: JSON Viewer script injection
#CVE-2018-5177: Buffer overflow in XSLT during number formatting
#CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in
32-bit Firefox
#CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
#CVE-2018-5181: Local file can be displayed in noopener tab through drag and
drop of hyperlink
#CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped
on addressbar
#CVE-2018-5151: Memory safety bugs fixed in Firefox 60
#CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
Fixes PR pkg/53263, tested by Mayuresh.
0.20.1:
Fixed
Avoid attempting to kill Firefox process that has stopped.
With the change to allow Firefox enough time to shut down in
0.20.0, geckodriver started unconditionally killing the process
to reap its exit status. This caused geckodriver to inaccurately
report a successful Firefox shutdown as a failure.
The regression should not have caused any functional problems, but
the termination cause and the exit status are now reported correctly.
0.20.0:
Added
New --jsdebugger flag to open the Browser Toolbox when Firefox
launches. This is useful for debugging Marionette internals.
Introduced the temporary, boolean capability
moz:useNonSpecCompliantPointerOrigin to disable the WebDriver
conforming behavior of calculating the Pointer Origin.
Changed
HTTP status code for the StaleElementReference error changed
from 400 (Bad Request) to 404 (Not Found).
Backtraces from geckodriver no longer substitute for missing
Marionette stacktraces.
webdriver crate upgraded to 0.35.0.
Fixed
The Firefox process is now given ample time to shut down, allowing
enough time for the Firefox shutdown hang monitor to kick in.
Firefox has an integrated background monitor that observes
long-running threads during shutdown. These threads will be
killed after 63 seconds in the event of a hang. To allow Firefox
to shut down these threads on its own, geckodriver has to wait
that time and some additional seconds.
Grapheme clusters are now accepted as input for keyboard input
to actions.
Input to the value field of the keyDown and keyUp action
primitives used to only accept single characters, which means
geckodriver would error when a valid grapheme cluster was sent in,
for example with the tamil nadu character U+0BA8 U+0BBF.
Thanks to Greg Fraley for fixing this bug.
Improved error messages for malformed capability values.
This is an Apache mod_davv_fs lock database management tool.
Sometimes a program crashes, leaving stale a lock on a WebDAV-based file.
This tool can inspect the lock database, and remove a stale lock.
The alternative is to wait for lock expiration.
This update avoids auto-creating directories when the request is MKCOL,
because that cause the Apache MKCOL handler to fail with an error because
the directory already exists.
Upstream changes:
Drupal-8.5.3:
Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes critical security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:
Drupal core - Critical - Remote Code Execution - SA-CORE-2018-004
No other fixes are included.
Drupal-8.5.2:
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:
Drupal core - Moderately Critical - Cross Site Scripting- SA-CORE-2018-003
No changes have been made to the .htaccess, web.config, robots.txt or default settings.php files in this release, so upgrading custom versions of those files is not necessary.
Add LICENSE
Update HOMEPAGE
Upstream changes:
v0.18.4 (12th April, 2018)
* fix for clang6
* add better build instructions to INSTALL
* add option (-v) to show version
* fix minor mem leak (8 bytes per apachetop invocation)
v0.17.4 (25th April, 2017)
* create config.nice when running ./configure
* fix error: extra qualification on member (when using adns)
* fix compiler warnings
* fix a potential buffer overflow
v0.15.6 (10th June, 2015)
* allow other time/date formats in Apache log
* use sys/param.h for MAXPATHLEN
* fix deprecated auto tools macros
* fix compiler warnings
* use silent compile rules
* updated man page
* change version to 0.YY.M of new release
v0.12.6 (27th October, 2005)
* fixed security issue which described at CVE-2005-2660
3.2.0
Features
Raise TooManyRedirects exception when client gets redirected too many times instead of returning last response.
Extract route definitions into separate web_routedef.py file
Raise an exception on request body reading after sending response.
ClientResponse and RequestInfo now have real_url property, which is request url without fragment part being stripped
Speed up connector limiting
Added and links property for ClientResponse object
Add request.config_dict for exposing nested applications data.
Speed up HTTP headers serialization, server micro-benchmark runs 5% faster now.
Apply assertions in debug mode only
Bugfixes
expose property app for TestClient
Call on_chunk_sent when write_eof takes as a param the last chunk
A closing bracket was added to __repr__ of resources
Fix compression of FileResponse
Fixes some bugs in the limit connection feature
Improved Documentation
Drop async_timeout usage from documentation for client API in favor of timeout parameter.
Improve Gunicorn logging documentation
Replace multipart writer .serialize() method with .write() in documentation.
Deprecations and Removals
Deprecate Application.make_handler()
From nia in PR 53266.
New in version 2.28:
Improvements to the FreeBSD startup script. (Craig Leres)
Minor portability tweak in mmc.c.
Fix to buffer overrun bug in htpasswd. Reported by Alessio Santoru as CVE-2017-17663.
New in version 2.27:
Stats syslogs changed from LOG_INFO to LOG_NOTICE.
Use memmove() for self-overlapping string copies instead of strcpy().
Couple of subroutine name changes for consistency.
## 3.11.4 / 2018-04-12
* 2 features:
* Manage puma as a service using rc.d (#1529)
* Server stats are now available from a top level method (#1532)
* 5 bugfixes:
* Fix parsing CLI options (#1482)
* Order of stderr and stdout is made before redirecting to a log file (#1511)
* Init.d fix of `ps -p` to check if pid exists (#1545)
* Early hits bugfix (#1550)
* Purge interrupt queue when closing socket fails (#1553)
### 0.13.0
* Permit timeouts to be set as a Float of seconds and use `CURLOPT_(CONNECT)TIMEOUT_MS` instead of `CURLOPT_(CONNECT)TIMEOUT` so that
sub-second timeouts can be configured, which is useful for performant services using accelerated DNS resolution.
* Remove the restriction that `Session#timeout` should be non-zero - a timeout set to 0 means "no timeout" in libCURL
# Version 3.0.3
Release date: 2018-04-30
### Fixes
* Issue in `check` where the locator string could not be omitted
* Selenium browser type detection when using remote [Ian Ker-Seymer]
* Potential hang when waiting for requests to complete [Chris Zetter]
# Version 3.0.2
Release date: 2018-04-13
### Fixes
* Fix expression filter descriptions in some selector failure messages
* Fix compounding of negated matechers - Issue #2010
# Version 3.0.1
Release date: 2018-04-06
### Changed
* Restored ability for `Capybara.server=` to accept a proc which was accidentally removed in 3.0.0
# Version 3.0.0
Release date: 2018-04-05
### Changed
* Selenium driver only closes extra windows for browsers where that is known to work (Firefox, Chrome)
* "threadsafe" mode is no longer considered beta
### Fixes
* Multiple file attach_file with Firefox
* Use Puma::Server directly rather than Rack::Handler::Puma so signal handlers don't prevent test quitting
# Version 3.0.0.rc2
Release date: 2018-03-23
### Changed
* Visibile text whitespace is no longer fully normalized in favor of being more in line with the WebDriver spec for visible text
* Drivers are expected to close extra windows when resetting the session
* Selenium driver supports Date/Time when filling in date/time/datetime-local inputs
* `current_url` returns the url for the top level browsing context
* `title` returns the title for the top level browsing context
### Added
* `Driver#frame_url` returns the url for the current frame
* `Driver#frame_title` returns the title for the current frame
# Version 3.0.0.rc1
Release date: 2018-03-02
### Added
* Support for libraries wrapping Capybara elements and providing a `#to_capybara_node` method
### Changed
* `first` now raises ElementNotFound, by default, instead of returning nil when no matches are found - Issue #1507
* 'all' now waits for at least one matching element by default. Pass `wait: false` if you want the previous
behavior where an empty result would be returned immediately if no matching elements exist yet.
* ArgumentError raised if extra parameters passed to selector queries
### Removed
* Ruby < 2.2.2 support
* `Capybara.exact_options` no longer exists. Just use `exact: true` on relevant actions/finders if necessary.
* All previously deprecated methods removed
* RSpec 2.x support
* selenium-webdriver 2.x support
* Nokogiri < 1.8 support
* `field_labeled` alias for `find_field`
Changes since 0.12.0 include a fix for CVE-2017-6807
Version 0.14.0
==============
* Backwards incompatible changes
This version switches the default signature algorithm used when
signing messages from rsa-sha1 to rsa-sha256. If your IdP does not
allow messages to be signed with that algorithm, you need to add a
setting switching back to the old algorithm:
MellonSignatureMethod rsa-sha1
Note that this only affects messages sent from mod_auth_mellon to your
IdP. It does not affect authentication responses or other messages
sent from your IdP to mod_auth_mellon.
* New features
Many improvements in what is logged during various errors.
Diagnostics logging, which creates a detailed log during request
processing.
Add support for selecting which signature algorithm is used when
signing messages, and switch to rsa-sha256 by default.
* Bug fixes
Fix segmentation fault in POST replay functionality on empty value.
Fix incorrect error check for many lasso_*-functions.
Fix case sensitive match on MellonUser attribute name.
Version 0.13.1
==============
* Security fix
Fix a cross-site session transfer vulnerability. mod_auth_mellon
version 0.13.0 and older failed to validate that the session
specified in the user's session cookie was created for the web site
the user actually accesses.
If two different web sites are hosted on the same web server, and
both web sites use mod_auth_mellon for authentication, this
vulnerability makes it possible for an attacker with access to one
of the web sites to copy their session cookie to the other web
site, and then use the same session to get access to the other web
site.
Thanks to François Kooman for reporting this vulnerability.
This vulnerability has been assigned CVE-2017-6807.
Note: The fix for this vunlerability makes mod_auth_mellon validate
that the cookie parameters used when creating the session match
the cookie parameters that should be used when accessing the current
page. If you currently use mod_auth_mellon across multiple subdomains,
you must make sure that you set the MellonCookie-option to the same
value on all domains. Bug fixes
Fix segmentation fault if a (trusted) identity provider returns
a SAML 2.0 attribute without a Name.
Fix segmentation fault if MellonPostReplay is enabled but
MellonPostDirectory is not set.
Version 0.13.0
==============
* Security fix
Fix a denial of service attack in the logout handler, which allows
a remote attacker to crash the Apache worker process with a
segmentation fault. This is caused by a null-pointer dereference
when processing a malformed logout message. New features
Allow MellonSecureCookie to be configured to enable just one
of the "httponly" of "secure" flags, instead of always enabling
both flags.
Support per-module log level with Apache 2.4.
Allow disabling the Cache-Control HTTP response header.
Add support for SameSite cookie parameter.
* Bug fixes
Fix MellonProbeDiscoveryIdP redirecting to the wrong IdP if no IdPs
respond to the probe request.
Fix mod_auth_mellon interfering with other Apache authentication
modules even when it is disabled for a path.
Fix wrong HTTP status code being returned in some cases during
user permission checks.
Fix default POST size limit to actually be 1 MB.
Fix error if authentication response is missing the optional
Conditions-element.
Fix AJAX requests being redirected to the IdP.
Fix wrong content type for ECP authentication request responses.
In addition there are various fixes for errors in the documentation,
as well as internal code changes that do not have any user visible
effects.
Upstream changes (from NEWS):
== Ruby-GNOME2 3.2.5: 2018-05-02
This is a bug fix release of 3.2.4.
=== Changes
==== Document
* Fixes
* Fixed typos.
[GitHub#1158][Patch by kojix2]
[GitHub#1160][Patch by kojix2]
==== Ruby/GLib2
* Fixes
* Fixed a GC related crash bug.
[GitHub#1162][Reported by Izumi Tsutsui]
==== Ruby/GObjectIntrospection
* Improvements
* Disabled NULL check for GObject Introspection < 1.42. Because
GObject Introspection < 1.42 doesn't support "(nullable)"
annotation yet.
==== Ruby/GdkPixbuf2
* Improvements
* (({GdkPixbuf::Pixbuf#composite})): Suppressed wrong warning.
[GitHub#1156][Reported by Chaistrin]
[GitHub#1157][Patch by cedlemo]
* Fixes
* Added a missing white space into message.
[GitHub#1155][Reported by Robert A. Heiler]
* (({GdkPixbuf::Pixbuf#composite})): Fixed a bug that width and
height are ignored.
[Patch by cedlemo]
==== Ruby/GTK3
* Improvements
* (({Gtk::TextBuffer#initialize})): Accepted "property-name" form.
[GitHub#1161][Reported by kojix2]
==== Ruby/Poppler
* Improvements
* Added a workaround for poppler-glib 0.63 bug.
[GitHub#1159][Reported by HIGUCHI Daisuke]
=== Thanks
* Robert A. Heiler
* Chaistrin
* cedlemo
* kojix2
* Izumi Tsutsui
* HIGUCHI Daisuke
1.50 Mon Apr 16 15:16:59 CDT 2018
------------------------------------
[FIXES]
Added html_tidy_ok() methods, analogous to html_lint_ok().
Remove unnecessary dependency on HTML::TreeBuilder. Thanks, Kent Fredric.
1.49_01 Mon Mar 26 10:58:51 CDT 2018
------------------------------------
[ENHANCEMENTS]
Adding autotidy functionality. autotidy lets you validate every page that
Mech gets using the HTML::Tidy5 module, just like the autolint feature
does with the HTML::Lint module. HTML::Tidy5 is a much more complete
HTML checking tool, and validates HTML5 which HTML::Lint does not. You
must have HTML::Tidy5 1.00 installed to use autotidy.
7.77 2018-04-28
- Added support for namespace selectors like "ns|*" to Mojo::DOM::CSS.
(jberger)
- Added support for :link and :visited pseudo-classes to Mojo::DOM::CSS.
- Added support for hyphen-separated list attribute selectors like
"[heflang|=en]" to Mojo::DOM::CSS.
7.76 2018-04-23
- Due to lack of domain experts on the team, Windows is no longer officially
supported. Moving forward, we will try to keep Mojolicious installable on
Windows, but cannot make any promises regarding security and/or reliability.
- Fixed a bug in Mojolicious::Plugin::Config where the config stash value was
not available when the config_override feature was used. (tim)
7.75 2018-04-09
- Deprecated placeholder quoting with "(placeholder)" in favor of
"<placeholder>".
- Fixed warnings in Mojo::Collection.
7.74 2018-04-06
- Improved unknown placeholder types to match nothing in
Mojolicious::Routes::Pattern.
7.73 2018-04-05
- Added support for routes with placeholder types.
- Added types attribute to Mojolicious::Routes and
Mojolicious::Routes::Pattern.
- Added add_type method to Mojolicious::Routes.
- Added to_file method to Mojo::Asset, Mojo::Asset::File and
Mojo::Asset::Memory.
- Added num placeholder type to Mojolicious::Routes.
- Removed deprecated use of Mojo::Promise::all and Mojo::Promise::race as
instance methods.
7.72 2018-04-02
- Improved Mojo::Content::MultiPart performance for large numbers of parts.
(philipspencer)
- Fixed another problem with ordering of sources for content negotiation in
Mojolicious::Renderer.
5.90118 - 2018-05-01
- fix handling of fragments in uri_for when path is an unblessed string (GH#160)
- ensure catalyst.pl is included with dist
- drop IO::Scalar prereq
- include optional test prereqs as develop prereqs
- remove unused developer prereq on Catalyst::Engine::PSGI
- use namespace::clean consistently rather than namespace::autoclean
- use JSON for test metadata to avoid needing YAML
- use JSON::MaybeXS consistently in code
- drop unused prereq of HTTP::Request::AsCGI
- drop unneeded prereq of Class::Data::Inheritable
- fix tests to cope with changes in new versions of Time::HiRes
- POD typo and syntax fixes
There still might be missing dependencies, but the self tests pass.
2.04 2018-04-20 12:25:55+01:00 Europe/London
- No code changes from Trial release
- Updated list of contributors.
2.03 2018-04-17 17:19:27+01:00 Europe/London (TRIAL RELEASE)
- Tweaks for travis CI and release tooling
- Revert to using MooseX::Attribute::Chained as per HTML::FormFu v2.06
Requires HTML::FormFu v2.06
fixes CPAN RT#125102
Thanks to Petr Písař <ppisar@redhat.com>
0.9.8:
* Extended auth plugin API.
* Added exit status code 7 for plugin errors.
* Added support for curses-less Python installations.
* Fixed REQUEST_ITEM arg incorrectly being reported as required.
* Improved CTRL-C interrupt handling.
* Added the standard exit status code 130 for keyboard interrupts.
0.9.6:
* Added Python 3 as a dependency for Homebrew installations
to ensure some of the newer HTTP features work out of the box
for macOS users (starting with HTTPie 0.9.4.).
* Added the ability to unset a request header with Header:, and send an
empty value with Header;.
* Added --default-scheme <URL_SCHEME> to enable things like
$ alias https='http --default-scheme=https.
* Added -I as a shortcut for --ignore-stdin.
* Added fish shell completion (located in extras/httpie-completion.fish
in the Github repo).
* Updated requests to 2.10.0 so that SOCKS support can be added via
pip install requests[socks].
* Changed the default JSON Accept header from application/json
to application/json, */*.
* Changed the pre-processing of request HTTP headers so that any leading
and trailing whitespace is removed.
0.9.4:
* Added Content-Type of files uploaded in multipart/form-data requests
* Added --ssl=<PROTOCOL> to specify the desired SSL/TLS protocol version
to use for HTTPS requests.
* Added JSON detection with --json, -j to work around incorrect
Content-Type
* Added --all to show intermediate responses such as redirects (with --follow)
* Added --history-print, -P WHAT to specify formatting of intermediate responses
* Added --max-redirects=N (default 30)
* Added -A as short name for --auth-type
* Added -F as short name for --follow
* Removed the implicit_content_type config option
(use "default_options": ["--form"] instead)
* Redirected stdout doesn't trigger an error anymore when --output FILE
is set
* Changed the default --style back to solarized for better support
of light and dark terminals
* Improved --debug output
* Fixed --session when used with --download
* Fixed --download to trim too long filenames before saving the file
* Fixed the handling of Content-Type with multiple +subtype parts
* Removed the XML formatter as the implementation suffered from multiple issues
2.0.5:
Bugfixes
* Corrected the import paths that inspectdb generates for django.contrib.postgres fields.
* Fixed a regression in Django 1.11.8 where altering a field with a unique constraint may drop and rebuild more foreign keys than necessary.
* Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed.
* Fixed a regression in Django 1.11.12 where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns
1.11.13:
Bugfixes
* Fixed a regression in Django 1.11.8 where altering a field with a unique constraint may drop and rebuild more foreign keys than necessary.
* Fixed crashes in django.contrib.admindocs when a view is a callable object, such as django.contrib.syndication.views.Feed.
* Fixed a regression in Django 1.11.12 where QuerySet.values() or values_list() after combining an annotated and unannotated queryset with union(), difference(), or intersection() crashed due to mismatching columns
1.1:
Added support for skipping static(), mostly useful when adding external scripts via JS() (e.g for adding defer="defer").
Made the attributes dictionary optional.
