Version 3.1.4 (2013-10-14)
--------------------------
### Fixed
Do not show the debug bar in the modal dialog (see #6302).
### Fixed
Ignore the "maxlength" setting in certain form fields (see #6283).
### Fixed
Correctly show the "toggle page status" icon (see #6282).
### Removed
Removed the TinyMCE spell checker (see #6247).
### Updated
Updated TCPDF to version 3.0.38 (see #6268).
### Fixed
Correctly render the pages breadcrumb menu for non-admin users (see #6067).
### Fixed
Correctly handle the accordion fields during the version 3.1 update (see #6229).
### Fixed
Correctly handle special characters in page aliases (see #6232).
Upstream changes:
4.47 2013-10-15
- Added dumper function to Mojo::Util.
- Improved compatibility with IO::Socket::SSL 1.955.
- Improved IIS compatibility of Mojo::Server::CGI.
4.46 2013-10-11
- Changed default name for generated applications from MyMojoliciousApp to
MyApp.
- Improved performance of route matching in Mojolicious::Routes::Pattern.
- Improved HTML Living Standard compliance of Mojo::DOM::HTML.
Update DEPENDS
Add LICENSE
Upstream changes:
2.20 Fri Apr 6 00:49:51 CDT 2012
[ENHANCEMENTS]
Sometimes creating HTML::Lint-compliant HTML just isn't possible.
Now, you can now turn individual errors on and off in your HTML
via comment directives, like so:
<!-- html-lint elem-img-sizes-missing: off, attr-unknown: off -->
And if you have a batch of code that's hopeless:
<!-- html-lint all: off -->
Added check for unknown entities, such as "&foo;".
Added check for unclosed entitities, such as "&" without the
closing semicolon.
Added a check for a bare ampersand that should be written as &
Version 0.7
http://svn.edgewall.org/repos/genshi/tags/0.7.0/
(Jan 27 2013, from branches/stable/0.7.x)
* Add support for Python 3.1, 3.2 and 3.3 (via 2to3) and for PyPy. The
majority of the coding was done in a sprint run by the Cape Town Python
Users Group with financial assistance from the Python Software Foundation.
* Default input and output encodings changed from UTF-8 to None (i.e. unicode
strings).
* Skip Mako benchmarks if Mako isn't installed (rather than failing
completely).
Version 0.6.1
http://svn.edgewall.org/repos/genshi/tags/0.6.1/
(Jan 27 2013, from branches/stable/0.6.x)
* Security fix to enhance sanitizing of CSS in style attributes. Genshi's
`HTMLSanitizer` disallows style attributes by default (this remains
unchanged) and warns against such attacks in its documentation, but
the provided CSS santizing is now less lacking (see #455).
* Fix for error in how `HTMLFormFiller` would handle `textarea` elements if
no value was not supplied form them.
* The `HTMLFormFiller` now correctly handles check boxes and radio buttons
with an empty `value` attribute.
* Template `Context` objects now have a `.copy` method.
* Added a simple `tox.ini` file for using tox to test against multiple
verions of Python.
* Fix for bug in `QName` comparison (see #413).
* Fix for bug in handling of trailing events in match template matches
(see #399).
* Fix i18n namespace declaration in documentation (see #400).
* Fix for bug in caching of events in serializers by no longer caching
`(TEXT, Markup)` events (see #429).
* Fix handling of `None` by `Markup.escape` in `_speedups.c` (see #439).
* Fix handling of internal state by match templates (relevant when multiple
templates match the same part of the stream, see #370).
* Fix handling of multiple events between or on either side of start and end
tags in translated messages (see #404).
* Fix test failures caused by changes in HTMLParser in Python 2.7 (see #501).
* Fix infinite loop in interplotation lexing that was introduced by a change
in Python 2.7's tokenizer (see #540).
* Fix handling of processing instructions without data (see #368).
* Updated MANIFEST.in so as not to rely on build from Subersion 1.6.
Changelog
=========
Since 2.3.2
----------------
bugfix: When creating members, do not assign permissions for all executives (or superior users) if member has a parent.
Since 2.3.2-rc2
----------------
bugfix: Cannot filter overview by tag.
bugfix: Tasks tooltip in calendar views shows description as html.
bugfix: Permissions issue when editing and subscribing for non-admins for not classiffied objects.
Since 2.3.2-rc
----------------
bugfix: Show can_manage_billing permission.
bugfix: Missing lang on javascript langs.
bugfix: Javascript plugin langs are not loaded.
bugfix: When requesting completed tasks for calendar month view, it does not filter by dates and calendar hangs if there are too much tasks.
bugfix: Administration / dimensions does not show members for dimensions that don't define permissions.
bugfix: Permissions fix when email module is not installed.
bugfix: Company object type name fixed.
bugfix: Try to reconect to database if not conected when executing a query (if connection is lost while performing other tasks).
bugfix: When users cannot see other user's tasks they can view them using the search.
bugfix: Group permissions not applied in assigned to combo (when adding or editing tasks).
bugfix: Minor bugfixes in 1.7 -> 2.x upgrade.
bugfix: Activity widget: logs for members (workspaces, etc.) were not displayed.
bugfix: General search sql query improved.
bugfix: Don't include context in the user edited notification.
bugfix: Don't show worked hours if user doesn't have permissions for it.
bugfix: Don't send archived mails.
feature: Only administrators can change system permissions.
feature: Users can change permissions of users of the same type (only dimension member permissions).
feature: Set permissions to executive, manager and admins when creating a new member.
Since 2.3.2-beta
----------------
bugfix: Archiving a submember does not archive its objects.
bugfix: Error 500 when adding group.
bugfix: Installer fixes.
bugfix: Modified the insert in read objects for emails.
bugfix: Minor bugfixes in document listing.
bugfix: Sql error when $selected_columns ins an empty array in ContentDataObjects::listing() function
bugfix: root permissions not set when installing new feng office.
bugfix: Person report fixed when displaying email field.
bugfix: contacts are always created when sending mails.
bugfix: Tasks list milestone grouping fixed.
preformance: Search query improved.
performance: Insert/delete into sharing table 500 objects x query when saving user permissions.
=== RELEASE 2.8 ===
Sat Sep 14 22:42:15 CEST 2013 mikulas:
Fixed a memory leak if TIFF download was interrupted
Sat Aug 24 17:59:01 cet 2013 mikulas:
DOS DJGPP port
Sun Jul 14 23:35:49 CEST 2013 mikulas:
Do not save lines starting with space to URL history on the disk
(idea by Volker Schatz)
Sun Jul 14 23:35:28 CEST 2013 Volker Schatz <linksbrowser@volkerschatz.com>
Do not misreport Date header value as last-modified date
in the info box popping up on "=".
New graphics glyphs
Wed May 15 00:44:53 CEST 2013 Samuli Suominen <ssuominen@gentoo.org>:
Fixed file 045e.png. It was not compatible with libpng-1.6
Wed May 15 00:43:27 CEST 2013 mikulas:
Test integers addition for overflow. This fixes possible crashes due to
overflows, they could possibly be security-sensitive.
Sat Apr 6 19:00:07 CEST 2013 mikulas:
Fixed a bug in Xwindow driver when images larger than 65536
pixels were used
Fixed some integer overflows when scaling images larger than 65536
pixels
Wed Jan 2 02:07:43 CET 2013 mikulas:
OpenVMS port
Wed Dec 12 04:52:33 MET 2012 mikulas:
Fixed invalid pointer comparison (comparing if NULL is smaller
than non-NULL pointer) that could result in failures with certain
compilers
Wed Nov 7 22:43:45 CET 2012 mikulas:
Fixed IPv6 detection on OpenBSD
Sat Sep 22 03:01:58 CEST 2012 mikulas:
Fixed an internal error in decompressed file cache if Links
was running out of memory and was freeing cached data
Wed Sep 19 22:40:04 MET 2012 mikulas:
An option that allows the user not to save URL history
Sat Sep 1 18:26:50 CEST 2012 mikulas:
An option to send do not track request
Thu Aug 16 04:19:58 CEST 2012 mikulas:
Reduced CPU consumption when downloading big files
Tue Aug 14 21:52:43 CEST 2012 mikulas:
Fixed a crash if the user selects "Save as" and the document has no
header (the bug was introduced in Links 2.7pre1)
Tue Aug 14 21:01:39 CEST 2012 mikulas:
Parse FTP directories on VMS FTP server
Mon Aug 13 21:39:09 CEST 2012 mikulas:
Use a blocking pipe when communicating with the dns process, it
fixes a possible error when system pipe buffer is too small
Mon Aug 6 23:31:44 CEST 2012 mikulas:
Workaround for bugs on GNU Hurd
Sat Jul 28 01:21:18 CEST 2012 mikulas:
data: url
Fri Jul 20 19:00:30 MET 2012 mikulas:
Accept color in #xxx format (besides usual #xxxxxx)
Tue Jul 10 22:45:19 CEST 2012 mikulas:
Fixed an infinite retry loop when the server terminates connection
prematurely
Sun Jul 8 20:23:43 CEST 2012 mikulas:
Fixed some races in the framebuffer driver that could result in
display corruption if the user is switching virtual consoles too
quickly
Thu Jul 5 22:35:57 CEST 2012 mikulas:
Don't save URLs with password to history file on a disk
Sat Jun 30 17:32:11 CEST 2012 mikulas:
Fixed a rare bug where image alpha channel was not applied correctly
Upstream downgraded their shlib major version (at least on NetBSD).
Since there are so few packages in pkgsrc depending on it, follow suit.
Recursive revbump coming next.
Serf 1.3.2 [2013-10-04, from /tags/1.3.2, r????]
Fix issue 130: HTTP headers should be treated case-insensitively
Fix issue 126: Compilation breaks with Codewarrior compiler
Fix crash during cleanup of SSL buckets in apr_terminate() (r2145)
Fix Windows build: Also export functions with capital letters in .def file
Fix host header when url contains a username or password (r2170)
Ensure less TCP package fragmentation on Windows (r2145)
Handle authentication for responses to HEAD requests (r2178,-9)
Improve serf_get: add option to add request headers, allow url with query,
allow HEAD requests (r2143,r2175,-6)
Improve RFC conformance: don't expect body for certain responses (r2011,-2)
Do not invoke progress callback when no data was received (r2144)
And more test suite fixes and build warning cleanups
SCons-related fixes:
Fix build when GSSAPI not in default include path (2155)
Fix OpenBSD build: always map all LIBPATH entries into RPATH (r2156)
Checksum generation in Windows shared libraries for release builds (2162)
Mac OS X: Use MAJOR version only in dylib install name (r2161)
Use both MAJOR and MINOR version for the shared library name (2163)
Fix the .pc file when installing serf in a non-default LIBDIR (r2191)
Upstream changes:
1.3118 01.09.2013
[ ENHANCEMENTS ]
* GH #946: new 'require_environment' setting. (Jesse van Herk)
* GH #952: don't set defaults for Template subclasses for
Dancer::Template::TemplateToolkit. (Rick Myers)
* GH #945: add function 'template_or_serialize' to
Dancer::Serializer::Mutable. (Yanick Champoux)
[ BUG FIXES ]
* GH #655: clarify logger error message. (Yanick Champoux,
reported by Gabor Szabo)
* GH #951: fix quoting of TemplateToolkit start_tag/stop_tag.
(Rick Myers)
* GH #940: carry over the session when we forward().
(Yanick Champoux, reported by sciurius)
* GH #954: don't die on autoflush for older perls.
(Yanick Champoux, reported by metateck and David Golden)
* GH #950: Dancer::Test functions now populate REQUEST_URI.
(Yanick Champoux, reported by S枚ren Kornetzki)
[ DOCUMENTATION ]
* GH #942: simpilify the Apache deployment docs for cgi/fcgi.
(bug report by Scott Penrose)
[ MISC ]
* GH #949: fixes a few errors in the serializer testsuite.
(Franck Cuny)
Upstream changes:
4.42 2013-09-30
- Added EXPERIMENTAL form validation support.
- Added EXPERIMENTAL modules Mojolicious::Validator and
Mojolicious::Validator::Validation.
- Added EXPERIMENTAL validation method to Mojolicious::Controller.
- Added EXPERIMENTAL validator attribute to Mojolicious.
- Added EXPERIMENTAL label_for and validation helpers to
Mojolicious::Plugin::DefaultHelpers.
4.41 2013-09-22
- Improved documentation browser to be a little more RESTful.
- Fixed flatten to work with older versions of Perl. (jamadam)
4.40 2013-09-21
- Added text method to Mojo::Message.
- Added siblings method to Mojo::DOM.
- Added flatten method to Mojo::Collection.
- Improved documentation browser with source links.
- Fixed smart whitespace trimming bug in Mojo::DOM.
- Fixed table parsing bug in Mojo::DOM::HTML.
- Fixed bug in Mojolicious::Types where the txt MIME type did not specify a
charset.
4.39 2013-09-17
- Improved HTML5.1 compliance of Mojo::DOM::HTML.
4.38 2013-09-16
- Added is_binary method to Mojo::Loader.
- Fixed support for binary files in inflate command.
- Fixed stylesheet helper not to enforce a media attribute.
Version 3.1.3 (2013-09-24)
--------------------------
### Fixed
Do not redirect to protected pages after logout (see #6210).
### Fixed
Consider the additional arguments in `Frontend::jumpToOrReload()` (see #5734).
### Fixed
Prevent article aliases from using reserved names (see #6066).
### Fixed
Correctly update the RSS feeds if a news item or event changes (see #6102).
### Fixed
Correctly link to news and calendar feeds via insert tag (see #6164).
### Fixed
Make the CSS ID available in the custom navigation module (see #6129).
### Fixed
Do not cache the "toggle_view" insert tag (see #6172).
### Fixed
Unset the primary key if a model is deleted (see #6162).
### Fixed
Support `tel:` and `sms:` upon IDNA conversion (see #6148).
### Fixed
Apply the width and height to the audio player as well (see #6114).
### Fixed
Do not exit after a template has been output (see #5570).
### Changed
Drop the database query cache (see #6070). This renders `executeUncached()` and
`executeCached()` deprecated. Use `execute()` instead.
### Fixed
Handle all possible errors when uploading files (see #5934).
Changelog:
SeaMonkey-specific changes
Implemented an option to thread messages received by date.
Allowed deletion of news posts by default.
Implemented optional taskbar preview-per-tab.
Added support (permission prompt) for desktop notifications.
Added Isn't operator for searching by Priority.
See the changes page for a more complete overview.
Mozilla platform changes
Support for new scrollbar style on Mac OS X 10.7 and newer.
Accessibility related improvements on using pinned tabs (bug 577727).
Major SVG rendering improvements around Image tiling and scaling (bug 600207).
Removed support for sherlock files that are loaded from application or profile directory.
Support for W3C touch events disabled (bug 888304).
Fixed several stability issues.
Fixed in SeaMonkey 2.21
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
Changelog:
FIXED
Security fixes can be found here
Fixed in Firefox ESR 17.0.9
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
MFSA 2013-65 Buffer underflow when generating CRMF requests
Bugfixes
[SSPCPP-543] - AttributeExtractor fails to deal with multiple Logos
[SSPCPP-547] - Encoding problem with Metadata Attribute Extractor
[SSPCPP-549] - Shiboleth SP 2.5.1 breaks Apache 2.4.3's error pages
[SSPCPP-550] - Problems with native.log file rotation
[SSPCPP-551] - DiscoFeed Content-Type header lacks charset
[SSPCPP-552] - Solaris TCP Listener code is broken
[SSPCPP-568] - Unattended install pegs the CPU and never completes
[SSPCPP-569] - native log files not closed at/before CGI exec
[SSPCPP-570] - mod_shib takes over valid-user for entire server
[SSPCPP-573] - ShibDisable on breaks basic auth valid user
[SSPCPP-575] - Source build w/memcached and/or fastcgi support fails
[SSPCPP-579] - Internal stack overflow in log4shib
Improvements
[SSPCPP-493] - Default allow access to Shibboleth.sso by default in shibd.conf
[SSPCPP-501] - Make metagen ingest a list of hostnames from a file
2.5.1:
Bugfixes
[SSPCPP-409] - Shibboleth2.xml - undefined InProcess/OutOfProcess means no shibd.log/native.log
[SSPCPP-490] - CLang build issue with stream operator overload
[SSPCPP-492] - SP Release 2.5.0 does not compile with xml-security-c versions prior to 1.7.0
[SSPCPP-495] - Warning Shibboleth.PropertySet : load() skipping duplicate property set:
[SSPCPP-499] - Fresh Installation on Windows XP fails after service daemon fails to start
[SSPCPP-500] - configure fails against Apache 2.4
[SSPCPP-502] - Apache 2.4 post_read hook isn't run on subrequests, breaks module
[SSPCPP-504] - ScopedAttributeDecoder fails on non-ascii chars?
[SSPCPP-505] - shibd on Windows missing a version option
[SSPCPP-507] - Insert record failed Violation of PRIMARY KEY constraint with ODBC plugin
[SSPCPP-510] - Installer scripts (particularly the uninstall ones) should fail safe
[SSPCPP-514] - FCGI responder stdin buffer missing termination
[SSPCPP-516] - apache24.config missing from makefile target
[SSPCPP-518] - Incorrect requireLogoutWith redirection if the original URL has query string
[SSPCPP-519] - Shorthand SSO/Logout syntax not working with policyId setting
[SSPCPP-521] - Schemas are not being edited on Windows Installation
[SSPCPP-522] - Transform resolver echoes source string when match fails
[SSPCPP-526] - Transaction log crashes on SOAP-based logout
[SSPCPP-527] - Add ignoreNoPassive attribute to SSO element
[SSPCPP-540] - ISAPI header detection code is prone to false alarms
Improvements
[SSPCPP-402] - Support front-channel SLO without cookies
[SSPCPP-447] - Extension of consistentAddress for IPv6
[SSPCPP-501] - Make metagen ingest a list of hostnames from a file
[SSPCPP-517] - Windows SP installer should not always roll back when shibd fails to start
New Feature
[SSPCPP-515] - Make /Status handler report SessionCache
2.5.0:
Bugfixes
[SSPCPP-344] - Version strings in various spots are wired at compile time
[SSPCPP-345] - Split "package-level" and "user-level" settings in shib.conf to limit effect of RPM upgrades.
[SSPCPP-365] - Support for binary attributes in resolver
[SSPCPP-382] - Correct date format in Expires headers
[SSPCPP-383] - Tag entityID not usable in error templates
[SSPCPP-387] - Cryptographic nameID is longer than key length that memcache can handle
[SSPCPP-391] - Generation of keys for relay state is not strongly random
[SSPCPP-392] - Valgrind detects memory leaks
[SSPCPP-393] - Setting session timeout="0" creates infinite loop between SP and IDP
[SSPCPP-400] - NameID lookup for logout ignores logical SP boundaries
[SSPCPP-401] - IIS App Pool Crash
[SSPCPP-406] - Should check for cross platform previous versions?
[SSPCPP-408] - ECP flow fails for Session configured inside of ApplicationOverride
[SSPCPP-411] - openSUSE 12.1 erases /var/run at each reboot, so shibd fails to start
[SSPCPP-413] - Schema catalogs should be set after XMLTooling init.
[SSPCPP-416] - IIS breaks with error "isapi_shib: Attempted to insert duplicate storage key." Server restart required to fix
[SSPCPP-417] - redirectErrors configuration attribute does not handle relative URLs
[SSPCPP-419] - ExtensibleAttribute internal marshalling doesn't handle attribute naming correctly
[SSPCPP-423] - After upgrading SP to Alpha SP 2.5 RPM from previous version of SP, shibd does not start.
[SSPCPP-431] - Change links of https://spaces.inetrnet2.edu to wiki.shibboleth.net
[SSPCPP-438] - Artifact resolver code doesn't use EndpointIndex in 2.0 artifacts
[SSPCPP-439] - Auto-generated ACS endpoints improperly tracked by index
[SSPCPP-443] - SP not signing ECP AuthnRequests
[SSPCPP-444] - Multiple shib_state cookies get set -> server chokes on header field size
[SSPCPP-445] - RequestInitiator metadata generated in a case where it shouldn't be
[SSPCPP-448] - setting relayState to use ODBC storage service results in attempted redirects to an invalid URL
[SSPCPP-449] - RequestMap not normalizing hostname for comparison
[SSPCPP-459] - redirectLimit parser typo
[SSPCPP-460] - A spelling error in the configure file
[SSPCPP-461] - caching DiscoFeed fails b/c cache directory does not exist
[SSPCPP-465] - CLONE - Tag entityID not usable in error templates
[SSPCPP-467] - Cross-contamination from conflicting @relayState settings
[SSPCPP-468] - Aliases support in XML Attribute Extractor no longer working in 2.5.0 Beta 1
[SSPCPP-487] - relayStateLimitWhitelist parameter is being changed inadvertently by limitRelayState method
[SSPCPP-488] - No way to get client address set for ExternalAuth sessions
[SSPCPP-489] - Windows installer (tries to) install a 64 bit path into IIS
[SSPCPP-498] - Hardcoded path in XMLTooling is invalid on localized WinXP/2003
Improvements
[SSPCPP-319] - Augment XMLAccessControl for time based access control.
[SSPCPP-326] - Abbreviated IPv6 address format and CIDR support for acl
[SSPCPP-332] - Session cache slows down if large numbers of sessions with a single NameID are created
[SSPCPP-335] - Handle query strings on POST and avoid unintended POST data consumption
[SSPCPP-352] - Expose RelayState limiter as a public API and revisit default setting
[SSPCPP-353] - Package the SP to run as non-root user
[SSPCPP-361] - Session handler with better parseable and accessable (X)HTML code
[SSPCPP-362] - add 'metadata last refresh' to SP's status page
[SSPCPP-366] - generated metadata should include cryptographic algorithms
[SSPCPP-375] - Add httpOnly to cookieProps in the shibboleth2.xml config
[SSPCPP-376] - Add a post-filtering hashing feature to shorten long attributes, namely ePTIDs
[SSPCPP-394] - Support multiple authn context references in requests
[SSPCPP-399] - SImple Aggregation plugin should allow "prefixing" of attributes or dedicated extractors
[SSPCPP-403] - Facilitate signing Logout messages
[SSPCPP-404] - Log entry for failed consistentAddress="true" check
[SSPCPP-405] - CRIT Shibboleth.Application : no MetadataProvider available should be a warning not CRIT
[SSPCPP-407] - Improve logging on invalid XML in shibboleth2.xml configuration file
[SSPCPP-418] - Incorporating Boost libraries into code base
[SSPCPP-420] - Memcache build on RH6 and error handling fixes
[SSPCPP-425] - ShibAccessControl Relative Paths to user web content
[SSPCPP-436] - Log on DEBUG when a shibsession cookie is being cleared because no corresponding session is found by Shibboleth
[SSPCPP-446] - Try moving child_init hooks in Apache 2.x modules to post_config
[SSPCPP-458] - Unprecise error message when wrong certificate is used for SAML2 encryption
[SSPCPP-464] - Provide Logging to Recommend Production Settings
[SSPCPP-470] - Identify deprecated features or suboptimal settings and add warnings
[SSPCPP-472] - AttributeExtractor: remove leading/trailing whitespace created by formatter
New Features
[SSPCPP-245] - Support for attribute requirements in the SP
[SSPCPP-339] - Extraction of contacts and other built-in metadata information
[SSPCPP-341] - AttributeResolver plugin(s) for regexp or template-based transformation of values
[SSPCPP-342] - Metadata / Attribute filtering based on EntityAttributes
[SSPCPP-343] - Add support for capturing AuthenticatingAuthority
[SSPCPP-349] - Parseable audit logs for SP
[SSPCPP-389] - Add option to shibd to set uid and gid at startup
[SSPCPP-390] - Multiple language versions for the same attribute
[SSPCPP-396] - Simplify logout support for Native SP
[SSPCPP-410] - add support for the 'policy' query string parameter
[SSPCPP-421] - Extraction of consent attribute from SAML 2 responses
[SSPCPP-430] - Apache 2.4 support
[SSPCPP-437] - Add artifact binding for resolving artifacts via file system
[SSPCPP-440] - Loopback handler to exchange an assertion for a session
[SSPCPP-469] - Logout request extension to specify no response
[SSPCPP-471] - Shorthand settings for manipulating cookie properties
[SSPCPP-486] - Add automatic algorithm blacklist
* Merge some patches via FreeBSD ports.
* Tested on NetBSD/amd64 6.99.23 and DragonFly/amd64 3.4.1.
* Use system hunspell dictionaries.
* DuckDuckGo search window.
* Enable system icu support.
Changelog:
NEW
Support for new scrollbar style in Mac OS X 10.7 and newer
NEW
Implemented Close tabs to the right
NEW
Social: Ability to tear-off chat windows to view separately by simply dragging them out
CHANGED
Accessibility related improvements on using pinned tabs (see 577727)
CHANGED
Removed support for Revocation Lists feature (see 867465)
CHANGED
Performance improvements on New Tab Page loads (see 791670)
DEVELOPER
Major SVG rendering improvements around Image tiling and scaling (see 600207 )
DEVELOPER
Improved and unified Browser console for enhanced debugging experience, replacing existing Error console
DEVELOPER
Removed support for sherlock files that are loaded from application or profile directory
FIXED
Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate ( see 886886)
FIXED
24.0: Security fixes can be found here
Fixed in Firefox 24
MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-87 Shared object library loading from writable location
MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-84 Same-origin bypass through symbolic links
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
These releases address a denial-of-service attack against Django's authentication framework. All users of Django are encouraged to upgrade immediately.
