CVE-2018-5148: Use-after-free in compositor
A use-after-free vulnerability can occur in the compositor during certain
graphics operations when a raw pointer is used instead of a reference
counted one. This results in a potentially exploitable crash.
A use-after-free vulnerability can occur in the compositor during
certain graphics operations when a raw pointer is used instead of a
reference counted one. This results in a potentially exploitable crash
Bug 1440717 - Use RefPtr for CompositingRenderTargetOGL::mGL. r=Bas, a=ritu
PKGREVISION++
CVE-2018-5148: Use-after-free in compositor
Invalid page rendering with hardware acceleration enabled (Bug 1435472)
Windows 7 users with touch screens or certain 3rd party desktop applications which interact with Firefox through accessibility services may experience random browser crashes. Known 3rd party applicatioins with issues: StickyPassword, Windows 7 touch screen. (Bug 1424505)
Browser keyboard shortcuts (eg copy Ctrl+C) don't work on sites that use those keys with resistFingerprinting enabled (Bug 1433592)
High CPU / memory churn caused by third-party software on some computers (Bug 1446280)
Users who have configured an "automatic proxy configuration URL" and want to reload their proxy settings from the URL will find the Reload button disabled in the Connection Settings dialog when they select Preferences/Options > Network Proxy > Settings... (Bug 1445991)
URL Fragment Identifiers Break Service Worker Responses (Bug 1443850)
User's trying to cancel a print around the time it completes will continue to get intermittent crashes (Bug 1441598)
Broken getUserMedia (audio) on DragonFly, FreeBSD, NetBSD, OpenBSD. Video chat apps either wouldn't work or be always muted (Bug 1444074)
Changes with Apache 2.4.33
*) core: Fix request timeout logging and possible crash for error_log hooks.
*) mod_slomem_shm: Fix failure to create balancers's slotmems in Windows MPM,
where children processes need to attach them instead since they are owned
by the parent process already.
*) ab: try all destination socket addresses returned by
apr_sockaddr_info_get instead of failing on first one when not available.
Needed for instance if localhost resolves to both ::1 and 127.0.0.1
e.g. if both are in /etc/hosts.
*) ab: Use only one connection to determine working destination socket
address.
*) ab: LibreSSL doesn't have or require Windows applink.c.
*) htpasswd/htdigest: Disable support for bcrypt on EBCDIC platforms.
apr-util's bcrypt implementation doesn't tolerate EBCDIC.
*) htpasswd/htdbm: report the right limit when get_password() overflows.
*) htpasswd: Don't fail in -v mode if password file is unwritable.
*) htpasswd: don't point to (unused) stack memory on output
to make static analysers happy.
Changes with Apache 2.4.32
*) mod_access_compat: Fail if a comment is found in an Allow or Deny
directive.
*) mod_authz_host: Ignore comments after "Require host", logging a
warning, or logging an error if the line is otherwise empty.
*) rotatelogs: Fix expansion of %Z in localtime (-l) mode, and fix
Y2K38 bug.
*) mod_ssl: Support SSL DN raw variable extraction without conversion
to UTF-8, using _RAW suffix on variable names.
*) ab: Fix https:// connection failures (regression in 2.4.30); fix
crash generating CSV output for large -n.
Changes with Apache 2.4.31
*) mod_proxy_fcgi: Add the support for mod_proxy's flushpackets and flushwait
parameters.
*) mod_ldap: Avoid possible crashes, hangs, and busy loops due to
improper merging of the cache lock in vhost config.
*) mpm_event: Do lingering close in worker(s).
*) mpm_queue: Put fdqueue code in common for MPMs event and worker.
Changes with Apache 2.4.30
*) SECURITY: CVE-2017-15710 (cve.mitre.org)
Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled
*) CVE-2018-1283 (cve.mitre.org)
mod_session: CGI-like applications that intend to read from mod_session's
'SessionEnv ON' could be fooled into reading user-supplied data instead.
*) SECURITY: CVE-2018-1303 (cve.mitre.org)
mod_cache_socache: Fix request headers parsing to avoid a possible crash
with specially crafted input data.
*) CVE-2018-1301 (cve.mitre.org)
core: Possible crash with excessively long HTTP request headers.
Impractical to exploit with a production build and production LogLevel.
*) mod_authnz_ldap: Fix language long names detection as short name.
*) mod_proxy: Worker schemes and hostnames which are too large are no
longer fatal errors; it is logged and the truncated values are stored.
*) CVE-2017-15715 (cve.mitre.org)
core: Configure the regular expression engine to match '$' to the end of
the input string only, excluding matching the end of any embedded
newline characters. Behavior can be changed with new directive
'RegexDefaultOptions'.
*) SECURITY: CVE-2018-1312 (cve.mitre.org)
mod_auth_digest: Fix generation of nonce values to prevent replay
attacks across servers using a common Digest domain. This change
may cause problems if used with round robin load balancers.
*) mod_proxy: Allow setting options to globally defined balancer from
ProxyPass used in VirtualHost. Balancers are now merged using the new
merge_balancers method which merges the balancers options.
*) logresolve: Fix incorrect behavior or segfault if -c flag is used
Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823259
*) mod_remoteip: Add support for PROXY protocol (code donated by Cloudzilla).
Add ability for PROXY protocol processing to be optional to donated code.
See also: http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
*) mod_proxy, mod_ssl: Handle SSLProxy* directives in <Proxy> sections,
allowing per backend TLS configuration.
*) mod_proxy_uwsgi: Add in UWSGI proxy (sub)module.
*) mod_proxy_balancer,mod_slotmem_shm: Rework SHM reuse/deletion to not
depend on the number of restarts (non-Unix systems) and preserve shared
*) CVE-2018-1302 (cve.mitre.org)
mod_http2: Potential crash w/ mod_http2.
names as much as possible on configuration changes for SHMs and persisted
files.
*) mod_http2: obsolete code removed, no more events on beam pool destruction,
discourage content encoders on http2-status response (where they do not work).
*) mpm_event: Let the listener thread do its maintenance job on resources
shortage.
*) mpm_event: Wakeup the listener to re-enable listening sockets.
*) mod_ssl: The SSLCompression directive will now give an error if used
with an OpenSSL build which does not support any compression methods.
*) mpm_event,worker: Mask signals for threads created by modules in child
init, so that they don't receive (implicitely) the ones meant for the MPM.
*) mod_md: new experimental, module for managing domains across virtual hosts,
implementing the Let's Encrypt ACMEv1 protocol to signup and renew
certificates. Please read the modules documentation for further instructions
on how to use it.
*) mod_proxy_html: skip documents shorter than 4 bytes
*) core, mpm_event: Avoid a small memory leak of the scoreboard handle, for
the lifetime of the connection, each time it is processed by MPM event.
*) mpm_event: Update scoreboard status for KeepAlive state.
*) mod_ldap: Fix a case where a full LDAP cache would continually fail to
purge old entries and log AH01323.
*) mpm_event: close connections not reported as handled by any module to
avoid losing track of them and leaking scoreboard entries.
*) core: A signal received while stopping could have crashed the main
process.
*) mod_ssl: support for mod_md added.
*) mod_proxy_html: process parsed comments immediately.
Fixes bug (seen in the wild when used with IBM's HTTPD bundle)
where parsed comments may be lost.
*) mod_proxy_html: introduce doctype for HTML 5
*) mod_proxy_html: fix typo-bug processing "strict" vs "transitional"
HTML/XHTML.
*) mpm_event: avoid a very unlikely race condition between the listener and
the workers when the latter fails to add a connection to the pollset.
*) core: silently ignore a not existent file path when IncludeOptional
is used.
*) mod_macro: fix usability of globally defined macros in .htaccess files.
*) mod_rewrite, core: add the Vary header when a condition evaluates to true
and the related RewriteRule is used in a Directory context
(triggering an internal redirect).
*) ab: Make the TLS layer aware that the underlying socket is nonblocking,
and use/handle POLLOUT where needed to avoid busy IOs and recover write
errors when appropriate.
*) ab: Keep reading nonblocking to exhaust TCP or SSL buffers when previous
read was incomplete (the SSL case can cause the next poll() to timeout
since data are buffered already).
*) mod_http2: avoid unnecessary data retrieval for a trace log. Allow certain
information retrievals on null bucket beams where it makes sense.
1.88 2018-03-23 15:37:25Z
========================================
[FIXED]
- tick() now dies if checkbox is not found (GH#248) (Olaf Alders)
[DOCUMENTATION]
- Clarify behaviour of submit_form when with_fields is supplied as an arg (GH#247) (Olaf Alders)
- Document some "Best Practices" (GH#246) (Olaf Alders)
- Update links in Pod. Suggest LWP::ConsoleLogger rather than LWP::Debug (GH#244) (Olaf Alders)
1.15:
Improve comments.
Close unwanted file descriptors.
In scgi_server.py, spawn_child() is called at startup to start the
first child and also from delegate_request() when more children are
needed. In the latter case, the parameter 'conn' is passed to
spawn_child() so that the newly-created child knows to close the
file descriptor it has inherited but doesn't need.
The bug is that in the latter case the new child also inherits
various other file descriptors which are not similarly closed,
namely the Unix sockets to its elder siblings, and the TCP listener
socket.
Improve Apache 2 mod_scgi error messages.
If the connection is aborted while sending the response, log an
error but don't generate an internal server error. This can happen
if the client closes the connection before the entire response has
been read. There's nothing the server can do about it.
When an error occurs while reading the response headers, don't
log an error since ap_scan_script_header_err_brigade() has already
done so.
## 2.2.2 / 2018-03-22
Make public `Loofah::HTML5::Scrub.force_correct_attribute_escaping!`,
which was previously a private method. This is so that downstream gems
(like rails-html-sanitizer) can use this logic directly for their own
attribute scrubbers should they need to address CVE-2018-8048.
Changelog:
Tomcat 8.5.29 (markt)
Catalina
Fix: Minor optimization when calling class transformers. (rjung)
Fix: Prevent Tomcat from applying gzip compression to content that is already compressed with brotli compression. Based on a patch provided by burka. (markt)
Fix: 62090: Null container names are not allowed. (remm)
Fix: 62104: Fix programmatic login regression as the NonLoginAuthenticator has to be set for it to work (if no login method is specified). (remm)
Fix: 62117: Improve error message in catalina.sh when calling kill -0 <pid> fails. Based on a suggestion from Mark Morschhaeuser. (markt)
Fix: 62118: Correctly create a JNDI ServiceRef using the specified interface rather than the concrete type. Based on a suggestion by Ángel Álvarez Páscua. (markt)
Fix: Fix for RequestDumperFilter log attribute. Patch provided by Kirill Romanov via Github. (violetagg)
Fix: 62123: Avoid ConcurrentModificationException when attempting to clean up application triggered RMI memory leaks on web application stop. (markt)
Fix: Correct a regression in the fix for 60276 that meant that compression was applied to all MIME types. Patch provided by Stefan Knoblich. (markt)
Coyote
Fix: Add minor HPACK fixes, based on fixes by Stuart Douglas. (remm)
Fix: 61751: Follow up fix so that OpenSSL engine returns underflow when unwrapping if no bytes were produced and the input is empty. (remm)
Fix: Minor OpenSSL engine cleanups. (remm)
Fix: NIO SSL handshake should throw an exception on overflow status, like NIO2 SSL. (remm)
Web applications
Add: 48672: Add documentation for the Host Manager web application. Patch provided by Marek Czernek. (markt)
Add: Work-around a known, non-specification compliant behaviour in some versions of IE that can allow XSS when the Manager application generates a plain text response. Based on a suggestion from Muthukumar Marikani. (markt)
Other
Update the build script so MD5 hashes are no longer generated for releases as per the change in the ASF distribution policy. (markt)
2018-02-11 Tomcat 8.5.28 (markt)
Catalina
Fix: Prevent a stack trace being written to standard out when running on Java 10 due to changes in the LogManager implementation. (markt)
Fix: 62000: When a JNDI reference cannot be resolved, ensure that the root cause exception is reported rather than swallowed. (markt)
Fix: 62036: When caching an authenticated user Principal in the session when the web application is configured with the NonLoginAuthenticator, cache the internal Principal object rather than the user facing Principal object as Tomcat requires the internal object to correctly process later authorization checks. (markt)
Fix: Avoid duplicate load attempts if one has been made already. (remm)
Fix: Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm)
Fix: 62067: Correctly apply security constraints mapped to the context root using a URL pattern of "". (markt)
Fix: When using Tomcat embedded, only perform Authenticator configuration once during web application start. (markt)
Fix: Process all ServletSecurity annotations at web application start rather than at servlet load time to ensure constraints are applied consistently. (markt)
Coyote
Fix: 61751: Fix truncated request input streams when using NIO2 with TLS. (markt)
Fix: 62023: Log error reporting multiple SSLHostConfig elements when using the APR Connector instead of crashing Tomcat. (csutherl)
Fix: 62032: Fix NullPointerException when certificateFile is not defined on an SSLHostConfig and unify the behavior when a certificateFile is defined but the file does not exist for both JKS and PEM file types. (csutherl)
WebSocket
Fix: 62024: When closing a connection with an abnormal close, close the socket immediately rather than waiting for a close message from the client that may never arrive. (markt)
Webapps
Fix: 62049: Fix missing class from manager 404 JSP error page. (remm)
jdbc-pool
Add: Enhance the JMX support for jdbc-pool in order to expose PooledConnection and JdbcInterceptors. (kfujino)
Add: Add MBean for PooledConnection. (kfujino)
Add: 62011: Add MBean for StatementCache. (kfujino)
Add: Expose the cache size for each connection via JMX in StatementCache. (kfujino)
Add: Add MBean for ResetAbandonedTimer. (kfujino)
Other
Update: Update the NSIS Installer used to build the Windows installer to version 3.03. (kkolinko)
Changelog:
Tomcat 8.0.50 (violetagg)
Catalina
Fix: Prevent a stack trace being written to standard out when running on Java 10 due to changes in the LogManager implementation. (markt)
Fix: Avoid duplicate load attempts if one has been made already. (remm)
Fix: Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm)
Fix: 62000: When a JNDI reference cannot be resolved, ensure that the root cause exception is reported rather than swallowed. (markt)
Fix: 62036: When caching an authenticated user Principal in the session when the web application is configured with the NonLoginAuthenticator, cache the internal Principal object rather than the user facing Principal object as Tomcat requires the internal object to correctly process later authorization checks. (markt)
Fix: 62067: Correctly apply security constraints mapped to the context root using a URL pattern of "". (markt)
Fix: When using Tomcat embedded, only perform Authenticator configuration once during web application start. (markt)
Fix: Process all ServletSecurity annotations at web application start rather than at servlet load time to ensure constraints are applied consistently. (markt)
Fix: Minor optimization when calling class tranformers. (rjung)
Web applications
Add: 48672: Add documentation for the Host Manager web application. Patch provided by Marek Czernek. (markt)
Other
Update: Update the NSIS Installer used to build the Windows installer to version 3.03. (kkolinko)
Changelog:
Tomcat 7.0.85 (violetagg)
Catalina
fix Prevent a stack trace being written to standard out when running on Java 10 due to changes in the LogManager implementation. (markt)
fix Avoid duplicate load attempts if one has been made already. (remm)
fix Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm)
fix 58143: Fix calling classloading transformers broken in 7.0.70 by the fix for 59619. This was observed when using Spring weaving. (rjung)
fix 62000: When a JNDI reference cannot be resolved, ensure that the root cause exception is reported rather than swallowed. (markt)
fix 62036: When caching an authenticated user Principal in the session when the web application is configured with the NonLoginAuthenticator, cache the internal Principal object rather than the user facing Principal object as Tomcat requires the internal object to correctly process later authorization checks. (markt)
fix 62067: Correctly apply security constraints mapped to the context root using a URL pattern of "". (markt)
fix When using Tomcat embedded, only perform Authenticator configuration once during web application start. (markt)
fix Process all ServletSecurity annotations at web application start rather than at servlet load time to ensure constraints are applied consistently. (markt)
fix Minor optimization when calling class tranformers. (rjung)
Web applications
add 48672: Add documentation for the Host Manager web application. Patch provided by Marek Czernek. (markt)
Other
update Update the NSIS Installer used to build the Windows installer to version 3.03. (kkolinko)
3.1.0:
Features
- Relax JSON content-type checking in the ClientResponse.json() to allow
"application/xxx+json" instead of strict "application/json".
- Bump C HTTP parser to version 2.8
- Accept a coroutine as an application factory in web.run_app and gunicorn
worker.
- Implement application cleanup context
- Make writer.write_headers a coroutine.
- Add tracking signals for getting request/response bodies.
- Deprecate ClientResponseError.code in favor of .status to keep similarity
with response classes.
- Implement app.add_routes() method.
- Implement web.static() and RouteTableDef.static() API.
- Install a test event loop as default by asyncio.set_event_loop(). The
change affects aiohttp test utils but backward compatibility is not broken
for 99.99% of use cases.
- Refactor ClientResponse constructor: make logically required constructor
arguments mandatory, drop _post_init() method.
- Use app.add_routes() in server docs everywhere
- Websockets refactoring, all websocket writer methods are converted into
coroutines.
- Provide Content-Range header for Range requests
Bugfixes
- Fix websocket client return EofStream.
- Fix websocket demo.
- Property BaseRequest.http_range now returns a python-like slice when
requesting the tail of the range. It's now indicated by a negative value in
range.start rather then in range.stop
- Close a connection if an unexpected exception occurs while sending a request
- Fix firing DNS tracing events.
Improved Documentation
- Change ClientResponse.json() documentation to reflect that it now
allows "application/xxx+json" content-types
- Document behavior when cchardet detects encodings that are unknown to Python.
- Add diagrams for tracing request life style.
- Drop removed functionality for passing StreamReader as data at client
side.
2.3.23 (2017-10-18)
-------------------
Enhancements
- [web] added Simplified Chinese (zh_CN) translation - thanks to Thomas Kuiper
- [web] updated CKEditor to version 4.7.3
Bug fixes
- [core] yearly repeating events are not shown in web calendar (#4237)
- [core] correctly handle "Last day of the month" recurrence rule
- [core] fixed yearly recurrence calculator with until date
- [core] generalized HTML sanitization to avoid encoding issues when replying/forwarding mails
- [eas] avoid sync requests for shared folders every second (#4275)
3.11.0 (2018-03-11)
===================
Ruby:
* No changes in Ruby bindings for this release
3.10.0 (Unreleased)
===================
Ruby:
* Added Errno::EAFNOSUPPORT to the list of ignored errors when finding port (thanks @jtarchie)
* Added automatic conversion of noProxy to the list of strings as required
by W3C WebDriver Specification (issue #5004)
Chrome:
* Added Chrome::Options#headless! shortcut to enable headless mode (thanks @pulkitsharma07)
IE:
* Added support for getting local storage using Driver#local_storage
* Added support for getting session storage using Driver#session_storage
3.9.0 (2018-02-06)
==================
Ruby:
* Fixed a bug when omitted capabilities caused NoMethodError (issue #5185)
* Fixed a bug when getting page source in W3C dialect caused WebDriverError (thanks @KazuCocoa)
* Fixed a bug when getting backtrace of server error would case NoMethodError (thanks @mcking49)
* Updated YARD to ~> 0.9.11
* Updated rubyzip to ~> 1.2 (thanks @michaelglass)
Chrome:
* Added support for getting network conditions via Driver#network_conditions
* Added support for setting network conditions via Driver#network_conditions=
* Added support to allow driver respond with custom error codes (issue #5376)
Firefox:
* Improved GeckoDriver binary lookup mechanism (issue #5240)
3.8.0 (2017-12-01)
==================
Ruby:
* Removed deprecated Alert#authenticate
* Removed deprecated :port initialization argument of Remote::Bridge.
Use :url instead.
* Removed deprecated Selenium::WebDriver::Remote::W3CCapabilities.
Use Selenium::WebDriver::Remote::Capabilities instead.
IE:
* Remove deprecated :log_file driver initialization argument.
Use driver_opts: {log_file: ''} instead.
* Remove deprecated :log_level driver initialization argument.
Use driver_opts: {log_level: ''} instead.
* Remove deprecated :implementation driver initialization argument.
Use driver_opts: {implementation: ''} instead.
* Removed deprecated :service_args driver initialization argument.
Use driver_opts: {args: ['--some-switch']} instead.
Chrome:
* Removed deprecated :service_log_path driver initialization argument.
Use driver_opts: {log_path: 'path'} instead.
* Removed deprecated :service_args driver initialization argument.
Use driver_opts: {args: ['--some-switch']} instead.
Firefox:
* Removed deprecated :service_args driver initialization argument.
Use driver_opts: {args: ['--some-switch']} instead.
Safari:
* Removed deprecated :service_args driver initialization argument.
Use driver_opts: {args: ['--some-switch']} instead.
Edge:
* Removed deprecated :service_args driver initialization argument.
Use driver_opts: {args: ['--some-switch']} instead.
3.7.0 (2017-11-03)
==================
Ruby:
* Added //rb:lint task to check codebase using RuboCop (thanks @RustyNail)
* Fixed codebase to comply more to Ruby community style guide (thanks @RustyNail)
* Packaged all dependencies to Selenium repository so that non-Ruby committers
can build and test Ruby bindings easier
* Update errors list according to latest changes of specification (thanks @jaysonesmith)
Firefox:
* Added Firefox::Options#headless! shortcut to enable headless mode (thanks @franzliedke)
3.6.0 (2017-09-22)
==================
Edge:
* Fixed a bug when execute_script failed using server + Edge (issue #4651)
Firefox:
* Fixed a bug when web extension failed to install using profile class (issue #4093)
PhantomJS:
* Support is deprecated in favor of headless Chrome/Firefox or HTMLUnit.
PhantomJS is no longer actively developed, and support will eventually
be dropped.
2.0.1 2017/12/08
Multibytes bytes again!
This is a bugfix release, which fixes a Rack 2 incompatibility in
Rack::NotFound, where the wrong value for the Content-Length response
header was calculated (#143).
Thanks to Kazuhiro NISHIYAMA (@znz) for the bug report, and Joe Francis
(@lostapathy) for the fix.
2.0.0 2017/11/30
2f3840e
Rack 2.x Support Is HERE!
Thanks to the hard work of Skye Shaw, amongst others, this release of
rack-contrib supports Rack 2.x. Unfortunately, it only supports Rack
2.x; if your application is using Rack 1.x, you should continue to use
rack-contrib 1.x.
The non-backwards-compatible, user-visible changes are:
* Drop support for Ruby versions less than 2.2. Rack 2 does not support these
older releases, so there's no benefit in our doing so.
* Rack::NestedParams: switch to using Rack::Utils.parse_nested_query to parse
request bodies, which handles repeated element keys differently. See #92.
* Rack::Sendfile: removed completely. Rack core provides a middleware of the
same name that is much better, and more actively maintained, and you should
use that instead.
* Rack::AcceptFormat: removed completely, because it is terribad.
## 2.2.1 / 2018-03-19
Addresses CVE-2018-8048. Loofah allowed non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments.
This CVE's public notice is at https://github.com/flavorjones/loofah/issues/144
Ruby on Rails is a full-stack web framework optimized for programmer
happiness and sustainable productivity. It encourages beautiful code
by favoring convention over configuration.
This is for Ruby on Rails 5.1.
Action Pack is a framework for handling and responding to web requests. It
provides mechanisms for *routing* (mapping request URLs to actions), defining
*controllers* that implement actions, and generating responses by rendering
*views*, which are templates of various formats. In short, Action Pack
provides the view and controller layers in the MVC paradigm.
This is for Ruby on Rails 5.1.
Action Pack is a framework for handling and responding to web requests. It
provides mechanisms for *routing* (mapping request URLs to actions), defining
*controllers* that implement actions, and generating responses by rendering
*views*, which are templates of various formats. In short, Action Pack
provides the view and controller layers in the MVC paradigm.
This is for Ruby on Rails 5.1.
1.13.10:
*) Feature: the "set" parameter of the "include" SSI directive now
allows writing arbitrary responses to a variable; the
"subrequest_output_buffer_size" directive defines maximum response
size.
*) Feature: now nginx uses clock_gettime(CLOCK_MONOTONIC) if available,
to avoid timeouts being incorrectly triggered on system time changes.
*) Feature: the "escape=none" parameter of the "log_format" directive.
Thanks to Johannes Baiter and Calin Don.
*) Feature: the $ssl_preread_alpn_protocols variable in the
ngx_stream_ssl_preread_module.
*) Feature: the ngx_http_grpc_module.
*) Bugfix: in memory allocation error handling in the "geo" directive.
*) Bugfix: when using variables in the "auth_basic_user_file" directive
a null character might appear in logs.
Changelog:
Changes
Dont polute the log on DAV emaillogin (server#8045)
Don't perform CSRF check on OCS routes with Bearer auth (server#8099)
Use S3Client::upload instead of splitting single/multipart upload ourselves (server#8102)
Remove old perl script to update l10n files (server#8145)
Scss hardening (server#8156)
Do not try to get the jailed path if we can't find the id (server#8177)
Handle SSL certificate verifications for others than Let's Encrypt (server#8183)
Use a phan version instead of master (server#8195)
Repair step to clear frontend related caches (server#8197)
Keep previous exception when transforming to dav exception (server#8228)
Actually return stream from swift (server#8250)
Remove invalid link to documentation (server#8253)
Fix deleting folders when using s3 external storage (server#8261)
Link to NC13 dev manual (server#8264)
Better result handling of email search (server#8267)
Update CRL to revoke files_rightclick (server#8271)
Fix styling issues of guest pages #8155 (server#8286)
Remove jquery ui background image (server#8287)
Show open graph preview in WhatsApp (server#8309)
Make acceptance tests for comments more consistent with the others (server#8395)
Fix edit tag textbox size (server#8407)
Use TTF fonts for avatar generation (server#8440)
Use mb_* string methods to extract first character for generated avatars (server#8470)
Show hint in OCS API for user creation (server#8515)
Fix hiding and event propagation issues with the user management popover (server#8517)
Add some whitespace around change.svg icon (server#8518)
Avoid fruitless login attempts (server#8532)
Fix retrieval of group members with numerical uids from LDAP (server#8536)
Theming: handle not being in the serverroot (server#8554)
Ext storage error warning (server#8561)
Set autocomplete=new-password for mail share password (server#8577)
Fix upload button visible on read-only folders (server#8595)
Fixed app navigation for IE11 (server#8609)
Fix breadcrumbs width calculation (server#8610)
Fix comments (and systemtags) when involving users with numerical ids (server#8615)
Update commentstabview.js (server#8621)
Properly encapsulate require_once for app.php (server#8631)
AppData hardening (server#8636)
Use hash algo that's robust against collisions (server#8654)
Fixed date/time picker on IE11 (server#8663)
Use a more widely available method to test s3 settings (server#8667)
Use proper lanugage in langauge code (server#8668)
Display the proper language strings in setttings (server#8669)
Do not create empty userid when attribute does not have allowed chars (server#8673)
Remove too restrict check for background image/color (server#8675)
Fix example regex for user agent matching (server#8676)
Generate different UIDs for Birthday, Anniversary and Death event (server#8678)
Don't use double quotes in MySQL queries (server#8680)
Log exceptions that happen when writing the app store reply to storage (server#8683)
Set the correct active navigation entry (server#8685)
Fix activities for end2end encryption (server#8686)
Filter out the current user when searching for emails too (server#8687)
Fix check if theming defaults instance is available (server#8688)
Fix undefined index problem (server#8693)
Disable part files for object stores (server#8725)
Better handling of invisible elements in acceptance tests (server#8738)
Remove base url from global cache prefix (server#8745)
Check if the cached js file exists (server#8746)
Sharee email matches not limited (server#8749)
Fix integer overflow in ChunkingPlugin (server#8752)
Revert wording back to updates (server#8755)
Add acceptance tests for permissions on public shared folders (server#8758)
Also send file emails in ASAP mode (activity#249)
Ensure userids are strings (activity#252)
Null coalescing operator is PHP7+ (activity#254)
Update PDF.js to 1.9.426 (files_pdfviewer#55)
Enable full screen mode for PDF files (files_pdfviewer#59)
Fix ACE module files failing to load (files_texteditor#83)
Do not keep FileInfoModels returned by "getModelForFile" (files_texteditor#89)
Fix share drop down in gallery not properly shown (gallery#394)
Fix gallery button hidden in folders without create permission (gallery#402)
Fix controls position in gallery layout (gallery#405)
Removed old code already present thanks to the files app (gallery#406)
Create "file app" public share links if the slideshow is opened from ... (gallery#407)
Allow to check against haveibeenpwned.com password list (password_policy#61)
Upstream changes:
Moodle 3.4.2:
Highlights
MDL-48501, MDL-61600 - Migrate to reCAPTCHA v2
MDL-51189 - Quiz: now possible to edit user overrides even if quiz is not available to a student
MDL-60241 - Invisible default sections lead to unexpected visibility layout
MDL-61344 - Assignment: "additional files" are now shown in Edit Submission view
GDPR preparation
Plugins will be available for Moodle 3.3 and 3.4 to help Moodle sites to comply with GDPR. In Moodle 3.5 they will be included in the standard distribution. Some necessary core changes were already included in this release:
MDL-61307 - New Privacy subsystem
MDL-61477 - Allow plugins to handle site policies and overwrite $CFG->sitepolicy
MDL-61423 - Signup process - add minimum age verification
Fixes and improvements
MDL-60815 - Fixed bug with loading CSS for editor
MDL-61549 - Fixed bug with empty user name on Participants page if username is included in user identitfy fields
MDL-60812 - Select correct default role during manual enrolment
MDL-58006 - Assignment: reset 'Blind marking' status during 'Course reset'
MDL-58845 - Choice: hide "unanswered" column when it is set so in choice settings
MDL-56688 - Single View & grades export should follow the same order set in gradebook set up
MDL-61305 - Performance: Modinfo cache can get built in parallel
MDL-61249 - Corrected end date for manual enrolments
MDL-61242 - EQUELLA repository: fixed error "The source url does not match the sourcekey."
MDL-61175 - Change "Remind me to grade by" date according to the new course start date after course restore
Changes 2.0.17:
The Emperor throttling subsystem does not make use anymore of blocking functions, like usleep(), this should fix stats serving and should improve vassals startup time
[Security/PHP] enforce DOCUMENT_ROOT check when using –php-docroot to avoid directory traversal
added –shutdown-sockets to improve graceful shutdowns
Based on wip/p5-Apache-Gallery by mef@
Many dependencies re-added.
1.0.2 Wed Jun 8 20:47:16 CEST 2011
- Extended GalleryUnderscoresToSpaces to filenames as well.
(Debian bug #348724, Francesco Potortì)
- Added txt to GalleryDocFile, the code in Gallery.pm already
allowed it. (Luca Capello)
- Added text-html.png and text-txt.png icons.
(Debian bug #423004, Luca Capello)
- Fixed counter typo for <directory>.folder in next directory
menu item. (Luca Capello)
- Added support to ignore items through <directory|file>.ignore.
(Debian bug #619625, Luca Capello)
- Fixed spelling typos in Gallery.pm and README. (Luca Capello)
- GalleryCacheDir defaults to /var/cache/www/ per the FHS-2.3.
(Debian bug #337197, Luca Capello)
- Fixed two minor POD errors (Michael Legart)
1.0.1 Wed Feb 23 20:45:38 CET 2011
- Added missing template files to MANIFEST
1.0 Tue Feb 22 21:54:31 CET 2011
- Handle files that match both GalleryDocFile and GalleryImgFile
correctly. (Claus Faerber)
- Only respond to HEAD and GET requests, enabling users to use
WebDAV for upload (Andreas Plesner)
- Added new option GalleryCommentExifKey to get comments from
EXIF data (Michael Legart)
- Added new option GalleryEnableMediaRss to enable generation of
a media RSS feed for each directory listing. This works with
e.g. the plugin from http://piclens.com to enable 3D viewing
of your gallery. (Michael Legart)
- Make browser-caching work with mod_perl 2. Supports If-None-Match
and If-Modified-Since headers. Sets Last-Modified-Date and
ETag headers. (Michael Legart)
1.0RC3 Fri Sep 16 10:27:48 CEST 2005
- Add watermark even when picture doesn't need to be rescaled
(Andreas Plesner)
- Fix logging to work in Apache 1.3 (Andreas Plesner)
- Bugfix: If only one GallerySize was specified, the image's
max width was autmatically added to GallerySizes
(Andreas Plesner)
- Bugfix: Locate thm files if they are called .thm or .THM
(Michael Legart)
1.0RC2 Wed Jun 1 09:11:50 CEST 2005
- Added access keys for navigation (Michael Knudsen)
1.0RC1 Tue May 24 13:31:50 CEST 2005
- Added submit button to form in selection mode (Vlad Marchenko)
- Added new option GalleryRootPath for use when the gallery
is not running from the root of the virtual host (Lubomir Host)
- Report proper errors when there are problems with templates (Don Armstrong)
- Support newest mod_perl2 version (Philip Paeps)
0.36 2018-03-15 11:37 GMT
- Relax PNG content type check in t/05dirs.t
0.35 2018-03-14 12:07 GMT
- Use less-likely extension for unknown file type (RT#124211)
+ fixed $r->connection()->remote_ip() to use useragent_ip(), then client_ip() access for Apache 2.4
+ Added section ``raw'' to MailErrors.inc to debug POSTs without
form fields
- MailErrorsHTML now uses monospaced fonts for errors. Easier on
the eyes and more informative
- Added a clumsy regex to avoid header longer than 70 chars
- removed deprecated "Extra" module references from Makefile.PL and Bundle::Apache::ASP::Extra,
including Apache::Filter, Apache::SSI, Bundle::XML, XML::Sablotron, and Tie::TextDir
2.0.1 2018/02/17
* avoid prefix duplication
* get rid of unnecessary assignment expression
the `base` does not respond to `conditions` permanently.
* documentation improvement
2.0.1 / 2018-02-17
* Repair nested namespaces, by avoiding prefix duplication #1322. Fixes#1310
by Kunpei Sakai
* Add pattern matches to values for Mustermann::Concat #1333. Fixes#1332 by
Dawa Ometto
* Ship the VERSION file with the gem, to allow local unpacking #1338 by Olle
Jonsson
* Fix issue with custom error handler on bad request #1351. Fixes#1350 by
Jordan Owens
* Override Rack::ShowExceptions#pretty to set custom template #1377. Fixes
#1376 by Jordan Owens
* Enhanced path validation in Windows #1379 by Orange Tsai
* Improve development support and documentation by Faheel Ahmad, Shota Iguchi,
Olle Jonsson, Manabu Niseki, John Hope, Horacio, Ice-Storm, GraniteRock,
Raman Skaskevich, Carlos Azuaje, 284km, Dan Rice and Zachary Scott
### 0.12.1
* Ensure HTTP2 response headers/status lines are correctly handled
### 0.12.0
* Replace StringScanner in HeaderParser with StringIO, fix Webmock regression when the headers string would
not have an empty CRLF-terminated line at the end - which would cause the parser to return a nil.
* Added `Session#dns_cache_timeout` as a config option for CURLOPT_DNS_CACHE_TIMEOUT
### 0.11.1
* Make sure StringScanner is available to HeaderParser.
### 0.11.0
* Added `Session#progress_callback` which accepts a callable object, which can be used to report session progress during request
execution.
* Fixed parsing of response headers when multiple responses are involved (redirect chains and HTTP proxies)
### 0.10.0
* Added `Session#low_speed_time` and `Session#low_speed_limit`. When used, they will force libCURL to raise
a timeout if a certain speed limit is not met performing the request. These can be used for better timeout
handling. These are available in all libCURL versions. See https://curl.haxx.se/libcurl/c/CURLOPT_LOW_SPEED_TIME.html
and https://curl.haxx.se/libcurl/c/CURLOPT_LOW_SPEED_LIMIT.html
0.14.3 (2018-02-23)
* Move to mustermann
* Drop ruby prior to 2.2.2
* update default_inflections
* Fix params handling which broke with Sinatra 2.0.1 by removing guard clause
to not initialize @params if already defined
0.14.2 (2018-01-02)
* FIX router in non-Padrino applications (@adam12)
* FIX padrino-admin haml layout
* FIX Datamapper tasks (@adam12)
* FIX#1979 default test or spec task
* FIX#2150 refuse invalid database adapters
* FIX#2152 using open without requiring 'open-uri'
* NEW #2161 allow array as tag attribute (@aeris)
* FIX#2163 preserve spaces in args of padrino gen
* update Sequel usage
* update ActiveRecord::Migration usage (@adam12)
#Version 2.18.0
Release date: 2018-02-12
### Fixed
* Firefox/geckodriver setting of contenteditable childs contents
* Ignore Selenium::WebDriver::Error::SessionNotCreatedError when quitting driver [Tim Connor]
### Removed
* Headless chrome modal JS injection that is no longer needed for Chrome 64+/chromedriver 2.35+
# Version 2.17.0
Release date: 2018-01-02
### Added
* `have_all_of_selectors`, `have_none_of_selectors` RSpec matchers for parity with minitest assertions [Thomas Walpole]
### Fixed
* Allow xpath 3.x gem [Thomas Walpole]
* Issue when drivers returned nil for `current_path` and a matcher was used with a Regexp [Thomas Walpole]
* Error message when visible element not found, but non-visible was [Andy Klimczak]
# Version 2.16.1
Release date: 2017-11-20
### Fixed
* Fix rack_test driver for rack_test 0.7.1/0.8.0 [Thomas Walpole]
* `accept_prompt` response text can contain quotes when using selenium with headless chrome [Thomas Walpole]
# Version 2.16.0
Release date: 2017-11-13
### Added
* Attempt to move element into view when selenium doesn't correctly do it - See PR #1917 [Thomas Walpole]
* `current_path` matchers will now autodetect path vs url based on string to be matched. Deprecates
`:only_path` in favor of `:ignore_query` option [Thomas Walpole]
* Session#evaluate_async_script [Thomas Walpole]
### Fixed
* Default prompt value when using headless Chrome works correctly [Thomas Walpole]
* Support new modal error returned by selenium-webdriver 3.7 for W3C drivers [Thomas Walpole]
* Calling `respond_to?` on the object passed to `Capybara.configure` block - Issue #1935
# Version 2.15.4
Release date: 2017-10-07
### Fixed
* Visiting an absolute URL shouldn't overwrite the port when no server or always_include_port=false - Issue #1921
# Version 2.15.3
Release date: 2017-10-03
### Fixed
* Visiting '/' when Capybara.app_host has a trailing '/' - Issue #1918 [Thomas Walpole]
# Version 2.15.2
Release date: 2017-10-02
### Fixed
* Include within scope description in element not found/ambiguous errors [Thomas Walpole]
* Raise error when no activation block is passed to modal methods if using headless chrome [Thomas Walpole]
* Don't retry element access when inspecting [Ivan Neverov]
* Don't override a specified port (even if it is default port) in visited url [Thomas Walpole]
Changelog:
59.0.1
Security fix
#CVE-2018-5146: Out of bounds memory write in libvorbis
59.0
New
Performance enhancements:
- Faster load times for content on the Firefox Home page
- Faster page load times by loading either from the networked cache
or the cache on the user's hard drive (Race Cache With Network)
- Improved graphics rendering using Off-Main-Thread Painting (OMTP)
for Mac users (OMTP for Windows was released in Firefox 58)
Drag-and-drop to rearrange Top Sites on the Firefox Home page, and
customize new windows and tabs in other ways
Added features for Firefox Screenshots:
- Basic annotation lets the user draw on and highlight saved screenshots
- Recropping to change the viewable area of saved screenshots
Enhanced WebExtensions API including better support for decentralized
protocols and the ability to dynamically register content scripts
Improved Real-Time Communications (RTC) capabilities.
- Implemented RTP Transceiver to give pages more fine grained control
over calls
- Implemented features to support large scale conferences
Added support for W3C specs for pointer events and improved platform
integration with added device support for mouse, pen, and touch
screen pointer input
Added the Ecosia search engine as an option for German Firefox
Added the Qwant search engine as an option for French Firefox
Added settings in about:preferences to stop websites from asking to
send notifications or access your device's camera, microphone, and
location, while still allowing trusted websites to use these features
Fixed
Various security fixes
Changed
Firefox Private Browsing Mode will remove path information from
referrers to prevent cross-site tracking
Security fixes:
#CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
#CVE-2018-5128: Use-after-free manipulating editor selection ranges
#CVE-2018-5129: Out-of-bounds write with malformed IPC messages
#CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption
#CVE-2018-5131: Fetch API improperly returns cached copies of
no-store/no-cache resources
#CVE-2018-5132: WebExtension Find API can search privileged pages
#CVE-2018-5133: Value of the app.support.baseURL preference is not properly
sanitized
#CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content
restrictions
#CVE-2018-5135: WebExtension browserAction can inject scripts into
unintended contexts
#CVE-2018-5136: Same-origin policy violation with data: URL shared workers
#CVE-2018-5137: Script content can access legacy extension
non-contentaccessible resources
#CVE-2018-5138: Android Custom Tab address spoofing through long domain names
#CVE-2018-5140: Moz-icon images accessible to web content through moz-icon:
protocol
#CVE-2018-5141: DOS attack through notifications Push API
#CVE-2018-5142: Media Capture and Streams API permissions display
incorrect origin with data: and blob: URLs
#CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into
addressbar
#CVE-2018-5126: Memory safety bugs fixed in Firefox 59
#CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7
remote code execution via ogg files.
Note firefox52 nor this patches tremor, so the vulnerability still exists
for ARM (which uses tremor rather than vorbis).
Blind commit. I don't have the resources to build so many firefoxes.
However it is based off firefox52.
PKGREVISION++
This release improves automatic HTTPS in cluster configurations, internal TLS
asset management, adds service discovery support to reverse proxying, reusable
snippets for the Caddyfile, and more!
Read the details in the announcement blog post!
https://caddyserver.com/blog/caddy-0_10_11-released
A few minor "breaking" changes include how signals are handled, conflicting TLS
configurations are no longer allowed (an error is raised), and a TLS alert is
raised if SNI is used but no certificate is available, rather than serving a
default certificate.
Special thanks to Ed for helping us patch a minor path-based open redirect
possibility!
Full change log:
Reusable snippets for the Caddyfile
Updated QUIC
Auto-HTTPS certificates may be shared by multiple instances
Expand globbed values in -conf flag
Swap behavior of SIGTERM and SIGQUIT; ignore SIGHUP
9 new DNS provider plugins for the ACME DNS challenge
New placeholder for {<Response-Header} values
basicauth: Username put in {user} placeholder
fastcgi: GET requests can now send a body
proxy: Service discovery with DNS SRV load balancing
request_id: Allow reusing request ID from header field
tls: Improved efficiency of many certificates and reloads
tls: Raise error if conflicting TLS configurations collide
tls: Raise TLS alert if SNI used and no cert matched
tls: Reject OCSP responses that expire after the certificate
tls: Clients can use SNI to request a specific certificate
tls: Add option for backend to approve on-demand certificate
tls: Synchronize maintenance of shared, managed certificates
Numerous fabulous bug fixes
6.15 2018-03-13 13:02:56Z
- Whenever possible, use an absolute four digit year for Time::Local (GH#97)
- Add is_cacheable_by_default() (GH#98) (Theo van Hoesel)
2.1.0:
* Removed subprotocol support from server, as it never really worked. Subprotocols
can instead be negotiated by ASGI applications now.
* Non-ASCII query strings now raise a 400 Bad Request error rather than silently
breaking the logger
Curl and libcurl 7.59.0
This release includes the following changes:
o curl: add --proxy-pinnedpubkey [10]
o added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T [13]
o CURLOPT_RESOLVE: Add support for multiple IP addresses per entry [37]
o Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS [37]
o Add new tool option --happy-eyeballs-timeout-ms [37]
o Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA [39]
This release includes the following bugfixes:
o openldap: check ldap_get_attribute_ber() results for NULL before using [50]
o FTP: reject path components with control codes [51]
o readwrite: make sure excess reads don't go beyond buffer end [52]
o lib555: drop text conversion and encode data as ascii codes [1]
o lib517: make variable static to avoid compiler warning
o lib544: sync ascii code data with textual data [1]
o GSKit: restore pinnedpubkey functionality [2]
o darwinssl: Don't import client certificates into Keychain on macOS [3]
o parsedate: fix date parsing for systems with 32 bit long [4]
o openssl: fix pinned public key build error in FIPS mode [5]
o SChannel/WinSSL: Implement public key pinning [6]
o cookies: remove verbose "cookie size:" output
o progress-bar: don't use stderr explicitly, use bar->out [7]
o Fixes for MSDOS
o build: open VC15 projects with VS 2017
o curl_ctype: private is*() type macros and functions [8]
o configure: set PATH_SEPARATOR to colon for PATH w/o separator [9]
o winbuild: make linker generate proper PDB [11]
o curl_easy_reset: clear digest auth state [12]
o curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 [14]
o range: commonize FTP and FILE range handling [15]
o progress-bar docs: update to match implementation [16]
o fnmatch: do not match the empty string with a character set
o fnmatch: accept an alphanum to be followed by a non-alphanum in char set [17]
o build: fix termios issue on android cross-compile [18]
o getdate: return -1 for out of range [19]
o formdata: use the mime-content type function [20]
o time-cond: fix reading the file modification time on Windows [21]
o build-openssl.bat: Extend VC15 support to include Enterprise and Professional
o build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional
o openssl: Don't add verify locations when verifypeer==0
o fnmatch: optimize processing of consecutive *s and ?s pattern characters [22]
o schannel: fix compiler warnings [23]
o content_encoding: Add "none" alias to "identity" [24]
o get_posix_time: only check for overflows if they can happen
o http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING [25]
o README: language fix [26]
o sha256: build with OpenSSL < 0.9.8 [27]
o smtp: fix processing of initial dot in data [28]
o --tlsauthtype: works only if libcurl is built with TLS-SRP support [29]
o tests: new tests for http raw mode [30]
o libcurl-security.3: man page discussion security concerns when using libcurl
o curl_gssapi: make sure this file too uses our *printf()
o BINDINGS: fix curb link (and remove ruby-curl-multi)
o nss: use PK11_CreateManagedGenericObject() if available [31]
o travis: add build with iconv enabled [32]
o ssh: add two missing state names [33]
o CURLOPT_HEADERFUNCTION.3: mention folded headers
o http: fix the max header length detection logic [34]
o header callback: don't chop headers into smaller pieces [35]
o CURLOPT_HEADER.3: clarify problems with different data sizes
o curl --version: show PSL if the run-time lib has it enabled
o examples/sftpuploadresume: resume upload via CURLOPT_APPEND [36]
o Return error if called recursively from within callbacks [38]
o sasl: prefer PLAIN mechanism over LOGIN
o winbuild: Use CALL to run batch scripts [40]
o curl_share_setopt.3: connection cache is shared within multi handles
o winbuild: Use macros for the names of some build utilities [41]
o projects/README: remove reference to dead IDN link/package [42]
o lib655: silence compiler warning [43]
o configure: Fix version check for OpenSSL 1.1.1
o docs/MANUAL: formfind.pl is not accessible on the site anymore [44]
o unit1309: fix warning on Windows x64 [45]
o unit1307: proper cleanup on OOM to fix torture tests
o curl_ctype: fix macro redefinition warnings
o build: get CFLAGS (including -werror) used for examples and tests [46]
o NO_PROXY: fix for IPv6 numericals in the URL [47]
o krb5: use nondeprecated functions [48]
o winbuild: prefer documented zlib library names [49]
o http2: mark the connection for close on GOAWAY [53]
o limit-rate: kick in even before "limit" data has been received [54]
o HTTP: allow "header;" to replace an internal header with a blank one [55]
o http2: verbose output new MAX_CONCURRENT_STREAMS values
o SECURITY: distros' max embargo time is 14 days
o curl tool: accept --compressed also if Brotli is enabled and zlib is not
o WolfSSL: adding TLSv1.3 [56]
o checksrc.pl: add -i and -m options
o CURLOPT_COOKIEFILE.3: "-" as file name means stdin
1.1.1 2018/02/03
Development Fixes
* Test against Ruby 2.5 (#25)
1.1.0 2017/12/03
Development Fixes
* Stop testing Ruby 1.9 (#17)
* Test against Ruby 2.1 to 2.4 (#20)
* Stop testing against Jekyll 2.5 (#22)
* Define path with dir (#18)
* Inherit Jekyll's rubocop config for consistency (#19)
* Add Rubocop to CI (#21)
2.4.0 2018/3/10
Minor Enhancements
* Add better system fonts (#205)
* Remove whitespace due to Liquid tags in generated HTML (#202)
* Adding Mastodon to the social networks (#198)
Bug Fixes
* social icons should resolve baseurl properly (#201)
* fix: styling main element in IE 11 (#199)
Documentation
* Improve thw wording in index.md (#175)
* Update config description comment (#203)
2.3.0 2018/01/30
* Add option to show excerpts on the homepage (#90)
* Handle RSS feed with jekyll-feed (#183)
* Test build with Ruby 2.4 on CI (#184)
* Document how to customize navigation links (#192)
2.2.1 2018/01/27
* Revert social_sites hash for retrocompatibility (#190)
2.2.0 2018/01/24
Minor Enhancements
* handling content outside of posts (#88)
* Add default table styles (#144)
* Add jekyll-seo-tag dependency (#139)
* Add Microformats markup (#160)
* Add more social links (#141)
Documentation
* Docs: clarification about page title (#142)
## 0.9.3 / 2018-02-04
* Define path with __dir (#187)
* Bump Ruby for Travis (#188)
### Documentation
* Fix: Add note about using plugins instead of gems key (#197)
* Add documentation for disabling smartify filter (#205)
### Development Fixes
* Rubocop: Target Ruby 2.2 (#195)
* Test feeds that have a `site.lang` (#164)
* Test against Ruby 2.5 (#201)
2.0.0 2016/12/02
Development Fixes
* Update versions for Travis (#43)
* Define path with dir (#48)
* Remove version lock for dependency listen (#50)
* Inherit Jekyll's rubocop config for consistency (#51)
* Update jekyll-watch (#53)
* Drop support for old Ruby and old Jekyll (#55)
Minor Enhancements
* Output regenerated file paths to terminal (#57)
Major Enhancements
* Remove unnecessary method (#56)
## About Jekyll SEO Tag
A Jekyll plugin to add metadata tags for search engines and social networks to
better index and display your site's content.
## What it does
Jekyll SEO Tag adds the following meta tags to your site:
* Page title, with site title or description appended
* Page description
* Canonical URL
* Next and previous URLs on paginated pages
* JSON-LD Site and post metadata for richer indexing
* Open Graph title, description, site title, and URL (for Facebook, LinkedIn,
etc.)
* Twitter Summary Card metadata
While you could theoretically add the necessary metadata tags yourself, Jekyll
SEO Tag provides a battle-tested template of crowdsourced best-practices.
## What it doesn't do
Jekyll SEO tag is designed to output machine-readable metadata for search
engines and social networks to index and display. If you're looking for
something to analyze your Jekyll site's structure and content (e.g., more
traditional SEO optimization), take a look at The Jekyll SEO Gem.
Jekyll SEO tag isn't designed to accommodate every possible use case. It
should work for most site out of the box and without a laundry list of
configuration options that serve only to confuse most users.
pkgsrc change: switch to depends on textproc/ruby-rails-dom-testing1
## Rails 4.2.10 (September 27, 2017) ##
* Fix regression in behavior of `normalize_path`.
In Rails 5 there was a change to ensure the encoding of the original string
in a path was maintained. This was incorrectly backported to Rails 4.2 which
caused a regression.
*Eileen M. Uchitelle*
## Rails 4.2.9 (June 26, 2017) ##
* Use more specific check for :format in route path
The current check for whether to add an optional format to the path is very lax
and will match things like `:format_id` where there are nested resources, e.g:
``` ruby
resources :formats do
resources :items
end
```
Fix this by using a more restrictive regex pattern that looks for the patterns
`(.:format)`, `.:format` or `/` at the end of the path. Note that we need to
allow for multiple closing parenthesis since the route may be of this form:
``` ruby
get "/books(/:action(.:format))", controller: "books"
```
This probably isn't what's intended since it means that the default index action
route doesn't support a format but we have a test for it so we need to allow it.
Fixes#28517.
*Andrew White*
Crass is a Ruby CSS parser that's fully compliant with the
CSS Syntax Level 3 specification.
Features
--------
* Pure Ruby, with no runtime dependencies other than Ruby 1.9.x or higher.
* Tokenizes and parses CSS according to the rules defined in the 14 November
2014 editor's draft of the [CSS Syntax Level 3][css] specification.
* Extremely tolerant of broken or invalid CSS. If a browser can handle it, Crass
should be able to handle it too.
* Optionally includes comments in the token stream.
* Optionally preserves certain CSS hacks, such as the IE "*" hack, which would
otherwise be discarded according to CSS3 tokenizing rules.
* Capable of serializing the parse tree back to CSS while maintaining all
original whitespace, comments, and indentation.
Version 0.9.4:
Add an optional dependency on Django
Fix the DjangoInstalledChecker so it can actually warn when Django isn't available
Fix 136 by adding automated build and sanity test scripts
- Fixed Phalcon\Db\Dialect\Mysql::modifyColumn to produce valid SQL
for renaming the column
- Fixed Phalcon\Forms\Form::getMessages to return back previous
behaviour: return array of messages with element name as key
- Fixed Phalcon\Mvc\Model\Behavior\SoftDelete::notify to solve
the exception that soft deletion renamed model
- Fixed E_DEPRECATED error for each() in Phalcon\Debug\Dump
Upstream changes:
=== 3.5.1 (2018-03-05) ===
* Fixed a bug where editing pages with primary keys greater than 999 would throw an
exception.
* Fixed a ``MultipleObjectsReturned`` exception raised on the page types migration
with multiple page types per site.
* Fixed a bug which prevented toolbar js from working correctly when rendered
before toolbar.
* Fixed a bug where CMS would incorrectly highlight plugin content when plugin
contains invisible elements
* Fixed a regression where templates which inherit from a template using an ``{% extends %}``
tag with a default would raise an exception.
=== 3.5.0 (2018-01-31) ===
* Fixed a bug which prevented users from seeing the welcome screen when debug is
turned off.
* Introduced improved repr for ``Page``, ``Title``, ``Placeholder`` and ``CMSPlugin`` models.
* Rename publish buttons to no longer reference "page"
* Page rendering will now use the draft page instead of public page for logged in
users with change permissions, unless the ``preview`` GET parameter is used.
* Fixed "Expand all / Collapse all" not reflecting real state of the placeholder tree
* Fixed a bug where Aliased plugins would render if their host page was unpublished (and user was not on edit mode).
* Fixed a bug where focusing inputs in modal would require 2 clicks in some browsers
* Changed the language chooser to always show all configured languages to staff members
and public-only languages to anon users.
* Introduced logic to copy pages to different sites from the admin.
* Removed "View on Site" button when adding a page
* Welcome page no longer uses multilingual URLs when not required.
* Prevent users from passing a public page as parent in ``create_page`` api function
=== 3.4.5 (2017-10-12) ===
* Introduced Django 1.11 compatibility
* Fixed a bug where slug wouldn't be generated in the creation wizard
* Fixed a bug where the add page endpoint rendered ``Change page`` as the html title.
* Fixed an issue where non-staff users could request the wizard create endpoint.
* Fixed an issue where the ``Edit page`` toolbar button wouldn't show on non-cms pages
with placeholders.
* Fixed a bug where placeholder inheritance wouldn't work if the inherited placeholder
is cached in an ancestor page.
* Fixed a regression where the code following a ``{% placeholder x or %}`` declaration,
was rendered before attempting to inherit content from parent pages.
* Changed page/placeholder cache keys to use sha1 hash instead of md5 to be FIPS compliant.
* Fixed a bug where the change of a slug would not propagate to all descendant pages
* Fixed a ``ValueError`` raised when using ``ManifestStaticFilesStorage`` or similar for static files.
This only affects Django >= 1.10
[ Amitai Schleier ]
* Avoid unexpected full paths from find(1)
[ thm.id.fedoraproject.org ]
* rst test: Probe for docutils Python 3 module, not Python 2
[ Simon McVittie ]
* mdwn: Automatically detect which Discount flags to use, fixing
regressions in 3.20180228 when using Discount < 2.2
* Add a test asserting that no plugin is an empty file, to confirm
that the build fixes in 3.20180228 were successful
Contao 4.4.16 is available 2018/03/08 15:39 by Leo Feyer
Contao version 4.4.16 is available. The bugfix release fixes a problem with
the page picker in TinyMCE.
5.2:
Ensure Django 2.1 compatibility for CountrySelectWidget.
Fix regression introduced into 5.1 when using Django 1.8 and certain queryset lookup types (like __in).
3.0.7:
Fix SSL proxy support by client.
Restore a imperative check in setup.py for python version. The check works in parallel to environment marker. As effect a error about unsupported Python versions is raised even on outdated systems with very old setuptools version installed.
3.5.0:
Features
Implement trailing commas in parameters and arguments
Implement deprecation warning for ID strings that look like colors
Implement content-exists function
Implement support for passing var() to CSS functions
Implement first class functions
Implement nesting guard to avoid "out of stack space"
Implement exponents for numbers
Implement long file path support for Windows
Implement case modifier for attribute selector
Implement warning for double parent selectors
Implement support for custom property syntax
Implement support for custom-property feature flag
Optimisations
Performance improvements
Fix memory leak by removing previously unused code
Fix memory leak of custom functions signature
Community
Add libsass-python to Readme
Update link to go-libsass
Fixes
Fix media query stack and eval issue
Fix Attribute Selector equal compare operator
Fix segfault for varargs with non-string keys
Fix Element Selector compare operators
Fix compiler issue with spec regression on NetBSD 6.1
Fix some segfaults caused by the parser being too forgiving
Fix segfault with invalid map keys
Fix null pointer dereference in css_error
Fix bug when parsing selector schemas
Fix null pointer dereference when parsing selector schemas
Fix .editorconfig
Fix compiler issue with spec regression on NetBSD 6.1
Fix segfault when extending pseudo selectors failed
Fix parser for urls looking like ruleset selectors
Fix use of non-portable std::to_string
Fix use of non-portable strdup
Fix unary slash expressions
Fix missing error for trailing comma in selector list
Fix selector and binominal look ahead
Fix hex escape handling in interpolation
Fix wrong parsing of calc functions as number units
Fix incorrect comment evaluation for compressed output
Fix parent selector handling in selector schema
Fix parameter vararg and keyword handling
Fix a few minor memory leaks
Fix issue with invalid error indicator
Fix selector parsing and url regression
Fix null ptr segv on invalid vararg
Fix segfault in selector extend edge-case
Fix segfault in selector extend edge-case
Fix segfault in selector append edge-case
Fix ref-counted value handling in if function
Fix segfault in at-root cssize edge-case
Fix file content malloc to avoid reading beyond buffer
Fix case-sensitive lookup to named color map
Fix shebang for tap-driver
Fix segfault in parser edge case
Fix memory corruption on error in parse_selector_schema
Fix autoconf path for sassc tester
Fix output of invisible @support blocks
Fix to_value for bracketed lists
Fix propagation of named rest arguments
Fix @extend of wrapped selectors
Fix wrapped pseudo selector handling
Fix minor issue with attribute selector unification
Fix issue when passing restargs to call
Fix compressing of colors in selectors
Fix missing error on selector with invalid quote mark
Fix travis-ci mac OSX builds
Fix endless loop comparing Selector_List to List
Fix SmartOS/Solaris build regression
Fix to connect parent selector only once
Fix whitespace issue for wrapped selectors
Fix missing error if cwd goes missing
Fix missing error when mixin ruleset in root has parent selector
Fix sourcemap crutch once again
Fix parser state column following static values
Fix error indicator not being Unicode aware
Fix error sourcemaps not being fully Unicode aware
Fix some compiler warnings
Fix math with multiple units
Fix css test for interpolated numbers
Fix null pointer access in nesting check
Fix @else possibly producing invalid output
Fix parsing of @supports declarations
0.9.3:
Fix 133 and 134 by including package data when building wheel and tar.gz packages for PyPI
0.9.2:
Fix 129 - Move tests under site-packages/pylint_django
Fix 96 - List Django as a dependency
Contao 4.5.5 is available 2018/03/06 11:04 by Leo Feyer
Contao version 4.5.5 is available. The bugfix release fixes problems with
using InnoDB without the innodb_large_prefix option.
Contao 4.5.6 is available 2018/03/06 15:53 by Leo Feyer
Contao version 4.5.6 is available. The bugfix release fixes a problem with new
installations with InnoDB without large prefixes.
2.0.3:
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters
CVE-2018-7537: Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
Bugfixes
1.11.11:
CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters
CVE-2018-7537: Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
Contao 4.4.15 is available 2018/03/06 09:52 by Leo Feyer
Contao version 4.4.15 is available. The bugfix release fixes several issues
including problems with the HTTP cache and improves the folder hash
calculation.
Version 3.5.34 (2018-03-06)
---------------------------
### Fixed
Check the registry for table prefixed queries (see contao/core-bundle#1161).
### Fixed
Improve the folder hashing performance (see #8856).
### Fixed
Reset the autologin hash if the username or password changes (see #8843).
### Fixed
Correctly encode the sitemap URLs (see #8849).
3.8.1:
- Admin thumbnails were not displaying correctly.
3.8:
- Added support for Django 2.0.
- Dropped support for Django 1.8 and 1.10.
- Did not really work with Django 1.11 - sortedm2m library was broken. Upgraded sortedm2m and it now works with 1.11.
- New translation for Ukranian; updated translation for Spanish.
- Fixed template tag that was broken in Django 1.11.
3.7:
- Now works with Django 1.11. Deprecated support for Django 1.9.
- Fixed the management commands to work in the latest versions of Django.
- Fixed an issue with some photo sizes not being created.
- Updated translations for French and Basque.
3.6:
- Now works with Django 1.10 (to be precise: Photologue worked, but the unit tests did not).
- Updated urlpatterns in docs, tests and example project for Django 1.8+
- Enhance Python 2.7 EXIF info.
- Updated docs (contributed by lizwalsh).
- Fixed command plcreatesize (contributed by Mikel Larreategi).
- Fixed deprecated template settings (contributed by Justin Dugger).
- Updated translations for German and Russian.
3.5.1:
- Photologue 3.5 failed to install under Python 2.7. Looks like distutils does not like files
with non-ascii filenames.
- Fix for issue 149 - bug with projects that extend ImageModel.
3.5:
- Increased length of 'title' fields to 250 chars in order to store longer title.
- Rotate image before resize, to comply with height/width constraints.
- Added forgotten migration.
- Changing "Photo" image leaves extra files on server.
- Normalize filenames to ASCII so they work across all filesystems.
- Updated Hungarian translation.
sortedm2m is a drop-in replacement for django's own ManyToManyField. The
provided SortedManyToManyField behaves like the original one but remembers
the order of added relations.
Selenium 3.10.0
* make tests to check clicking on disabled element work for w3c compliant drivers
* add docstring for InvalidElementStateException
* Deleting unused imports
* Making python specification in IDEA project more generic
* It should be possible to use a custom safaridriver executable to run Selenium's test suite.
18.0.0:
When passed to str() URLs now stringify to usable URL strings.
Switched off of Python's built-in IDNA facilities to using the idna package. Not only is it much more modern, it's also much more strict and correct in its output.
Added new DecodedURL type with almost-identical API to the normal URL, except that it automatically handles reserved characters in argument values passed to its methods.
Added top-level parse() convenience function that now represents the main entrypoint to hyperlink.
Accept dictionaries as ‘query=’ arguments, in addition to sequences of tuples
URL.child() will no longer fail when child gets no segments
URL.normalize() now supports encoding stray/unmatched % characters in character-encoded fields (userinfo, path, query string, fragment)
7.70 2018-03-01
- Fixed ordering of sources for content negotiation in Mojolicious::Renderer.
- Fixed a content negotiation bug in Mojolicious::Renderer that prevented all
sources from being considered at the same time.
- Fixed source links in documentation browser.
* core: Don't send relative redirect URLs when behind a reverse proxy
* core: Escape backticks etc. in directive error messages as HTML
entities so that the error message is not subsequently parsed as
Markdown
* mdwn: Enable fenced code blocks, PHP Markdown Extra-style definition
lists and GitHub-style extensions to HTML tag syntax when used with
Discount >= 2.2.0 (Closes: #[888055])
* img: Fix auto-detection of image format (if enabled, which is
strongly discouraged) with ImageMagick >= 6.9.8-3
* rst: Use Python 3 instead of Python 2
* build: `set -e` before each `for` loop, so that errors are reliably
trapped
* build: Use if/then instead of `||` so that the `-e` flag works
* build: Ensure that pm_to_blib finishes before rewriting shebang lines
* t: Make the img test pass with ImageMagick >= 6.9.8-3
(Closes: #[891647])
* debian: Remove unused Lintian overrides for duplicate word false positives
* debian: Declare compliance with Debian Policy 4.1.3
2.2.0:
Django 2.0 compatibility. Again there were no changes to the actual library code, so previous versions probably work.
Ensured that request._cors_enabled is always a bool() - previously it could be set to a regex match object.
- Fixes a regression from 5.1.11 that prevented Passenger from
compiling on FreeBSD in some cases.
- Fixes a bounds issue in printing an error message that could occur
in some cases when spawning a child process fails.
- Fixes a regression from 5.2.0 which prevented setting the max pool
idle time to 0.
- Warns if using an incompatible compiler on macOS < 10.13.
- No longer uses Security Framework on macOS 10.13+. This will prevent
further keychain warnings from appropriately compiled Passengers.
- Fixes warning on macOS about /proc/self access (excluded some code
that was intended only for Linux).
- `passenger-install-nginx-module` now downloads the preferred Nginx
version via https.
- [Apache] Fixes a regression from 5.2.0 that caused a crash on
startup when no top-level ServerName is set.
- [Enterprise] Adds support for using RAM-based pricing on Heroku.
Contao 4.5.4 is released on 14th Feb 2018.
Release note:
Contao version 4.5.4 is available. The bugfix release fixes several
issues including a problem with rebuilding the search index.
Contao 4.4.14 is released on 14th Feb 2018.
Release note:
Contao version 4.4.14 is available. The bugfix release fixes several issues
including a problem with rebuilding the search index.
6.33 2018-02-27 03:51:36Z
- Fix send_te change from previous release, which was breaking
LWP::Parallel::UserAgent and Test::Override::UserAgent (GH #281) (Doug
Bell)
nginx 1.13.9:
*) Feature: HTTP/2 server push support; the "http2_push" and
"http2_push_preload" directives.
*) Bugfix: "header already sent" alerts might appear in logs when using
cache; the bug had appeared in 1.9.13.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_verify_client" directive was used and no SSL certificate was
specified in a virtual server.
*) Bugfix: in the ngx_http_v2_module.
*) Bugfix: in the ngx_http_dav_module.
nghttp2 v1.31.0:
lib: Add nghttp2_session_set_user_data() public API function
src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro
nghttpx: Close listening socket on graceful shutdown
nghttpx: Add an option to accept expired client certificate
nghttpx: Add mruby tls_client_not_before, and tls_client_not_after
nghttpx: Fix potential memory leak
Version 0.9.1:
Fix 123 - Update links after the move to PyCQA
Add test for Meta class from django_tables2
Fix flake8 complaints
Add missing .txt and .rc test files to MANIFEST.in
Upstream changes:
drupal 7.57
Posted by David_Rothstein on 21 February 2018
Release notes
Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement:
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001
No other fixes are included.
Upstream changes:
8.4.5
Security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcements:
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001
No other fixes are included.
5.1.1:
Fix some translations that were included in 5.1 but not compiled.
5.1:
Tests now also cover Django Rest Framework 3.7 and Django 2.0.
Allow for creating country fields using (valid) alpha-3 or numeric codes.
Fix migration error with blank default.
Add a {% get_countries %} template tag.
Changes in 2.0.2:
Fixed manager inheritance behavior for Django 1.11, by automatically enabling Meta.manager_inheritance_from_future if it's not defined. This restores the manager inheritance behavior that django-polymorphic 1.3 provided for Django 1.x projects.
Fixed internal base_objects usage.
Changes in 2.0.1:
Fixed manager inheritance detection for Django 1.11.
It's recommended to use Meta.manager_inheritance_from_future so Django 1.x code also inherit the PolymorphicManager in all subclasses. Django 2.0 already does this by default.
Deprecated the base_objects manager. Use objects.non_polymorphic() instead.
Optimized detection for dumpdata behavior, avoiding the performance hit of __getattribute__().
Fixed test management commands
Changes in 2.0:
BACKWARDS INCOMPATIBILITY: Dropped Django 1.8 and 1.10 support.
BACKWARDS INCOMPATIBILITY: Removed old deprecated code from 1.0, thus:
Import managers from polymorphic.managers (plural), not polymorphic.manager.
Register child models to the admin as well using @admin.register() or admin.site.register(), as this is no longer done automatically.
Added Django 2.0 support.
Added PolymorphicTypeUndefined exception for incomplete imported models. When a data migration or import creates an polymorphic model, the polymorphic_ctype_id field should be filled in manually too. The polymorphic.utils.reset_polymorphic_ctype function can be used for that.
Added PolymorphicTypeInvalid exception when database was incorrectly imported.
Added polymorphic.utils.get_base_polymorphic_model() to find the base model for types.
Using base_model on the polymorphic admins is no longer required, as this can be autodetected.
Fixed manager errors for swappable models.
Fixed deleteText of |as_script_options template filter.
Fixed .filter(applabel__ModelName___field=...) lookups.
Improved polymorphic.utils.reset_polymorphic_ctype() to accept models in random ordering.
Fix fieldsets handling in the admin (declared_fieldsets is removed since Django 1.9)
Pure-Python implementation of a WebSocket protocol stack. It's written from the
ground up to be embeddable in whatever program you choose to use, ensuring that
you can communicate via WebSockets, as defined in RFC6455, regardless of your
programming paradigm.
This is a little HTTP/1.1 library written from scratch in Python,
heavily inspired by hyper-h2.
It's a "bring-your-own-I/O" library; h11 contains no IO code
whatsoever. This means you can hook h11 up to your favorite network
API, and that could be anything you want: synchronous, threaded,
asynchronous, or your own implementation of RFC 6214 - h11 won't
judge you. (Compare this to the current state of the art, where
every time a new network API comes along then someone gets to start
over reimplementing the entire HTTP protocol from scratch.)
1.4.0:
* Selector and SelectorList can't be pickled because
pickling/unpickling doesn't work for lxml.html.HtmlElement;
parsel now raises TypeError explicitly instead of allowing pickle to
silently produce wrong output. This is technically backwards-incompatible
if you're using Python < 3.6.
1.0.0:
Added an export of the js_asset.static() helper (which does the right thing regarding django.contrib.staticfiles)
Fixed the documentation to not mention internal (and removed) API of Django's Media() class.
Switched to using tox for running tests and style checks locally.
Added more versions of Python and Django to the CI matrix.
3.4.9:
Fix math with multiple units
Make error indicator Unicode aware
Make sourcemaps fully Unicode aware
Fix parser state column following static values
Fix memory leak of custom functions signature
Adding the missing scope identifier std::
Fix fall-trough warning in latest gnu gcc
Tweak warning message format
Fix msvc compiler warning
3.0.2:
Security Fix
Prevent Windows absolute URLs in static files. Paths like /static/D:\path and /static/\\hostname\drive\path are forbidden.
3.0.1:
Technical release for fixing distribution problems.
1.87 2018-02-07 22:04:16Z
========================================
[FIXED]
- Fix typo in contributor name (GH#241) (Philippe Bruhat (BooK))
- Fix link to Michael Schilli's article in Linux magazine (GH#240) (Bernhard Wagner)
- Fix some section links (GH#238) (Evan Zacks)
- Override _agent() method. (GH#236) (Сергей Романов)
- Link to appropriate section of HTML::Form (GH#237) (Evan Zacks)
- Make version consistent in .pm files (GH#231) (Olaf Alders)
[ENHANCEMENTS]
- Return form number in list context. (GH#235) (Сергей Романов)
- Overload 'post' in order to set 'base'. (GH#111) (Stuart A Johnston)
- Allow multiple file paths/uris in mech-dump; fixes issue 72 (GH#113) (Nik LaBelle)
- Add docs for the output of dump_forms (GH#112) (John Beppu)
0.17 2018-02-22 06:11:23 JST
- Added support for loading debug middleware outside of the
Plack::Middleware::Debug::* namespace, by prefixing the name of
middleware with a "+",
e.g. "+My::Plack::Middleware::Debug::Something".
- Debug.pm no longer injects inline JavaScript
7.69 2018-02-24
- Improved respond_to method in Mojolicious::Controller and accepts helper in
Mojolicious::Plugin::DefaultHelpers to no longer limit support for multiple
MIME types to requests containing an X-Requested-With header, since browsers
have become smarter about requesting what they actually want.
7.68 2018-02-22
- Fixed RFC 7230 compliance bugs in Mojo::Message::Request that prevented
"GET //foo/bar HTTP/1.1" to be interpreted as a request target in origin
form.
7.67 2018-02-19
- Modernized ".perltidyrc".
- Fixed a bug in Mojo::Asset::File where forked processes could delete
temporary files prematurely.
7.66 2018-02-13
- This release contains fixes for security issues, everybody should upgrade!
- Removed origin attribute of Mojo::Cookie::Response.
- Removed deprecated data and remaining methods from Mojo::IOLoop::Delay.
- Added host_only attribute to Mojo::Cookie::Response.
- Improved all method in Mojo::Promise to resolve with no results if no
promises have been passed.
- Fixed a bug in Mojo::UserAgent::CookieJar where old cookies could be leaked.
(exp-innit, sri)
7.65 2018-02-11
- Added EXPERIMENTAL timing->begin, timing->elapsed, timing->rps and
timing->server_timing helpers to Mojolicious::Plugin::DefaultHelpers.
- Added EXPERIMENTAL server_timing method to Mojo::Headers.
- Added support for new HTTP status code.
7.64 2018-02-07
- Fixed a bug in Mojo::Log where short log messages spanning multiple lines
would not be formatted properly for systemd.
7.63 2018-02-06
- Improved Mojo::Log to use native systemd log levels.
7.62 2018-02-01
- Added -u option to get command. (jberger)
- Added dont_use_nlink option to list_tree method in Mojo::File.
- Added reverse proxy section to Mojolicious::Guides::Cookbook. (polettix)
- Fixed a promise resolution bug in Mojo::Promise.
5.90117 - 2018-01-21
- Fixed errors in distribution packaging
5.90116 - 2018-01-19
- Switch from Module::Install to Distar (solves problems that MI has with newer Perl) haarg++
- Killed Test::Aggregate since its clearly doomed
- PR135 - improved test cases for query keywork
- PR158 - improved docs for Catalyst::Test
- PR157 - improved error response for data_handlers
- PR156 - POD fixes
- PR154 - Few dependencies
- PR152 - Better support for HTTP Patch
Changelog:
Changes
Over 1100 changes were merged in the server, with many hundreds more in existing or new apps. The main improvements include:
Collaboration features
Nextcloud Talk, a private videoconference software integrated with Nextcloud
real-time and asynchronous communication with push notifications, calls and chat web and mobile devices
Integration in business workflow with calendar invitations and calls directly from Nextcloud Files
Screen and note sharing with participant moderation capabilities
100% secure peer-to-peer, end-to-end encrypted calls, mediated by self-hosted server
auto-completion of user names in comments and notification to the mentioned user
support free/busy scheduling in native calendar applications like Thunderbird Lightning
show meeting invites in the calendar
End-to-End Encryption
can encrypt data on a per-folder level rather than all-or-nothing approach
does not require users to remember or exchange passwords
does not require re-uploading data upon sharing
features an optional off-line administrator recovery key
allows full audit logging
can be combined with our File Access Control feature so administrator can enforce aspects of End-to-end Encryption
protects from identity theft with our Cryptographic Identity Protection feature
This feature is in Tech Preview for Nextcloud 13 and does not yet implement sharing.
User Interface
new way of selecting files
easy way to quickly copy or move to a location
High DPI support
admin menu integrated in one list
no limitation to file uploads via the web interface
user quota in the side bar
social sharing (Twitter, G+, Facebook, Diaspora) now features a preview
improved theming
Performance
decreased page load times with up to 50% and faster search
80% faster LDAP and up to 10x faster external storage
Server-side Encryption performance largely improved
Other
Support for PHP 7.2
Support for PostgreSQL 10
Upstream changes:
1.0047 2018-02-10 01:23:37 PST
[BUG FIXES]
- Disable FCGI/lighttpd test that was supposed to be releng only #611
1.0046 2018-02-09 23:51:10 PST
[NEW FEATURES]
- Support psgix.cleanup and psgix.harakiri in FCGI handler (afresh1) #610
[IMPROVEMENTS]
- Do not set TCP_NODELAY when it's unavailable in embedded systems (dex4er) #579
1.1.1
- Fix interval schedules by providing nowfun.
- Removing code that forced last_run_at to be timezone naive for no reason, made timezone aware. Fixes crontab schedules
- Entry.last_run_at is no-longer timezone naive.
- Use a localized PyTZ timezone object for now() otherwise conversions fail scheduling breaks resulting in constant running of tasks or possibly not running ever.
- Fix endless migrations creation for solar schedules events.
- Prevent MySQL has gone away errors.
- Added support for Django 2.0.
- Adjust CrontabSchedule's minutes, hour & day_of_month fields max length
0.47.0:
- Fix socket constructor in _open_socket to use all relevant variables from getaddrinfo.
- .send() method is very slow
- cross-platform aync multi-client solution
- Fix detecting timeouts with SSL in recv
- Fix WebSocketApp does not poll for data correctly when using SSL
- Fix Infinite ping/pong timeouts in WebSocketApp.run_forever
- Added status message when HTTP can't be upgraded to WS
