Changes:
20170328 - 1.38.2
[-] * Improved support for Huawei K3765, E150 and E372.
[-] * Fixed decoding of unicode surrogates at message boundary.
[+] * Environment variable PHONE_ID for external program.
[-] * SMS compatibility with devices following old version of GSM 03.38.
[-] * Unicode is now preferred when handling USSD.
[+] * Improved decoding of MMS indication SMS.
20170105 - 1.38.1
[-] * Fixed sending SMS to numbers starting with 000.
[-] * Fixed parsing of vcalendar files with VALUE=DATE-TIME.
[-] * Fixed compatibility with D-Link dwm-157.
[-] * Updated list of GSM countries and networks.
20161212 - 1.38.0
[-] * MySQL script for SMSD is compatible with strict mode.
[-] * Fixed USSD responses for some AT modems.
[-] * Fixed parsing network status for some modems (eg. Quectel UC15).
[-] * Fixed handling of emojis and other Unicode chars from supplementary plan.
[-] * Fixed compilation with C90 compiler.
TODO: see cpu_arm_instr_dpi; non-zero steps but still under 256 is not implemented yet
to_be_translated(): TODO: unimplemented instruction:
ebf61a60: e28fc600 add ip,pc,#0
Note: oauth2client is now deprecated. No more features will be added to the
libraries and the core team is turning down support. We recommend you use
google-auth and oauthlib.
New features:
* Allow customizing the GCE metadata service address via an env var.
* Store original encoded and signed identity JWT in OAuth2Credentials.
* Use jsonpickle in django contrib, if available.
Bug fixes:
* Typo fixes.
* Remove b64 padding from PKCE values, per RFC7636.
* Include LICENSE in Manifest.in.
* Fix tests and CI.
* Escape callback error code in flask_util.
==== Bugfixes
Affecting all Beats
- Improve error message when downloading the dashboards fails.
- Fix potential Elasticsearch output URL parsing error if protocol
scheme is missing.
- Downgrade Elasticsearch per batch item failure log to debug level.
- Make `@timestamp` accessible from format strings.
Filebeat
- Allow log lines without a program name in the Syslog fileset.
- Don't stop Filebeat when modules are used with the Logstash output.
Metricbeat
- Fixing panic on the Prometheus collector when label has a comma.
- Make system process metricset honor the `cpu_ticks` config option.
Winlogbeat
- Fix null terminators include in raw XML string when include_xml is
enabled.
==== Added
Affecting all Beats
- Update index mappings to support future Elasticsearch 6.X.
Filebeat
- Add auditd module for reading audit logs on Linux.
- Add fileset for the Linux authorization logs.
Heartbeat
- Add default ports in HTTP monitor.
Metricbeat
- Add beta Jolokia module.
- Add dashboard for the MySQL module.
- Module configuration reloading is now beta instead of experimental.
- Marked http fields from the HAProxy module optional to improve
compatibility with 1.5.
- Add support for custom HTTP headers and TLS for the Metricbeat
modules.
Packetbeat
- Add DNS dashboard for an overview the DNS traffic.
- Add DNS Tunneling dashboard to highlight domains with large numbers
of subdomains or high data volume.
=== Breaking changes
Settings::
- Remove support for default settings
=== Breaking Java changes
Aggregations::
- Move getProperty method out of MultiBucketsAggregation.Bucket
interface
- Remove getProperty method from Aggregations interface and impl
- Move getProperty method out of Aggregation interface
Java API::
- Fold InternalSearchHits and friends into their interfaces
=== Deprecations
Aggregations::
- Deprecate Stats#getCountAsString
Java API::
- Add BulkProcessor methods with XContentType parameter
Network::
- Deprecate Netty 3
Packaging::
- Add deprecation warnings for $ES_USER and $ES_GROUP
Plugin Delete By Query::
- Deprecate delete_by_query requests without an explicit query
Plugin Repository Azure::
- Deprecate global `repositories.azure` settings
Plugin Repository S3::
- Deprecate repositories.s3 settings
REST::
- Deprecate ldjson support and document ndjson for bulk/msearch
Stats::
- Deprecate `_field_stats` endpoint
=== New features
Analysis::
- Adds pattern keyword marker filter support
- Expose WordDelimiterGraphTokenFilter
Index APIs::
- Add FieldCapabilities (`_field_caps`) API
Search::
- Introduce incremental reduction of TopDocs
Similarities::
- Adds boolean similarity to Elasticsearch
=== Enhancements
Aggregations::
- Add BucketMetricValue interface
- Move aggs CommonFields and TYPED_KEYS_DELIMITER from
InternalAggregation to Aggregation
- Use ParseField for aggs CommonFields rather than String
- Share XContent rendering code in terms aggs
- Add unit tests for ParentToChildAggregator
- First step towards incremental reduction of query responses
Allocation::
- Trigger replica recovery restarts by master when primary relocation
completes
- Makes the same_shard host dynamically updatable
Analysis::
- Support Keyword type in Analyze API
Cluster::
- Prevent nodes from joining if newer indices exist in the cluster
Core::
- Detect remnants of path.data/default.path.data bug
- Await termination after shutting down executors
- Add early-access check
- Adapter action future should restore interrupts
- Disable bootstrap checks for single-node discovery
- Enable explicitly enforcing bootstrap checks
- Add equals/hashcode method to ReplicationResponse
Dates::
- Improve error handling for epoch format parser with time zone
(#22621)
Discovery::
- Introduce single-node discovery
- UnicastZenPing shouldn't ping the address of the local node
- MasterFaultDetection can start after the initial cluster state has
been processed
Highlighting::
- Add support for fragment_length in the unified highlighter
- Add BreakIteratorBoundaryScanner support
Index APIs::
- Wildcard cluster names for cross cluster search
Ingest::
- Lazy load the geoip databases
Internal::
- Add a dedicated TransportRemoteInfoAction for consistency
- Simplify sorted top docs merging in SearchPhaseController
- Synchronized CollapseTopFieldDocs with lucenes relatives
- Cleanup SearchPhaseController interface
- Do not create String instances in 'Strings' methods accepting
StringBuilder
Java API::
- Added types options to DeleteByQueryRequest
Java High Level REST Client::
- Convert suggestion response parsing to use NamedXContentRegistry
- UpdateRequest implements ToXContent
- Add javadoc for DocWriteResponse.Builders
- Expose WriteRequest.RefreshPolicy string representation
- Use `typed_keys` parameter to prefix suggester names by type in
search responses
- Add parsing methods to BulkItemResponse
Logging::
- Warn on not enough masters during election
Mapping::
- Improve error message for ipv6 on legacy ip fields
Nested Docs::
- Avoid adding unnecessary nested filters when ranges are used.
Network::
- Adjust default Netty receive predictor size to 64k
- Keep the pipeline handler queue small initially
- Set network receive predictor size to 32kb
- TransportService.connectToNode should validate remote node ID
Packaging::
- Introduce Java version check
- Cleanup some things after removal of joda-time hack
Percolator::
- Allowing range queries with now ranges inside percolator queries
- Add term extraction support for MultiPhraseQuery
Plugin Discovery EC2::
- Settings: Migrate ec2 discovery sensitive settings to elasticsearch
keystore
Plugin Lang Painless::
- Allow painless to load stored fields
- Start on custom whitelists for Painless
- Fix Painless's implementation of interfaces returning primitives
- Allow painless to implement more interfaces
Plugin Repository Azure::
- Add Backoff policy to azure repository
Plugin Repository S3::
- Removes the retry mechanism from the S3 blob store
- S3 Repository: Eagerly load static settings
Plugins::
- Modify permissions dialog for plugins
- Plugins: Add plugin cli specific exit codes
- Plugins: Output better error message when existing plugin is
incompatible
Query DSL::
- Make it possible to validate a query on all shards instead of a
single random shard
REST::
- Validate top-level keys when parsing mget requests
- Cluster stats should not render empty http/transport types
- Add parameter to prefix aggs name with type in search responses
Search::
- Set shard count limit to unlimited
- Streamline shard index availability in all SearchPhaseResults
- Search took time should use a relative clock
- Prevent negative `from` parameter in SearchSourceBuilder
- Remove unnecessary result sorting in SearchPhaseController
- Expose `batched_reduce_size` via `_search`
- Adding fromXContent to Suggest and Suggestion class
- Adding fromXContent to Suggestion.Entry and subclasses
- Add CollapseSearchPhase as a successor for the FetchSearchPhase
- Integrate IndexOrDocValuesQuery.
- Detach SearchPhases from AbstractSearchAsyncAction
- Fix GraphQuery expectation after Lucene upgrade to 6.5
- Nested queries should avoid adding unnecessary filters when
possible.
- Add xcontent parsing to completion suggestion option
- Add xcontent parsing to suggestion options
- Separate reduce (aggs, suggest and profile) from merging fetched
hits
Settings::
- Add secure file setting to keystore
- Add a setting which specifies a list of setting
- Add a property to mark setting as final
- Remove obsolete index setting `index.version.minimum_compatible`.
- Provide a method to retrieve a closeable char[] from a SecureString
- Update indices settings api to support CBOR and SMILE format
- Improve setting deprecation message
Snapshot/Restore::
- Change snapshot status error to use generic SnapshotException
Stats::
- Add cross-cluster search remote cluster info API
Task Manager::
- Allow task to be unregistered by ClusterStateApplier
- Limit IndexRequest toString() length
=== Bug fixes
Aggregations::
- Align behavior HDR percentiles iterator with percentile() method
- The `filter` and `significant_terms` aggregations should parse the
`filter` as a filter, not a query.
- Completion suggestion should also consider text if prefix/regex is
missing
- Fixes the per term error in the terms aggregation
- Fixes terms error count for multiple reduce phases
- Restore support for the `include/pattern` syntax.
Bulk::
- Reject empty IDs
CRUD::
- Fix backport executing ops as single item bulk
Cluster::
- Don't set local node on cluster state used for node join validation
- Allow a cluster state applier to create an observer and wait for a
better state
- Cluster allocation explain to never return empty response body
Core::
- Check for default.path.data included in path.data
- Improve performance of extracting warning value
- Reject duplicate settings on the command line
- Restrict build info loading to ES jar, not any jar
Discovery::
- ZenDiscovery - only validate min_master_nodes values if local node
is master
Index APIs::
- Fixes restore of a shrunken index when initial recovery node is gone
- Honor update request timeout
Ingest::
- Improve missing ingest processor error
- update _ingest.timestamp to use new ZonedDateTime
Inner Hits::
- Replace NestedChildrenQuery with ParentChildrenBlockJoinQuery
- Changed DisMaxQueryBuilder to extract inner hits from leaf queries
Internal::
- Add infrastructure to mark contexts as system contexts
- Always restore the ThreadContext for operations delayed due to a
block
Java High Level REST Client::
- Correctly parse BulkItemResponse.Failure's status
Java REST Client::
- Make buffer limit configurable in HeapBufferedConsumerFactory
- RestClient asynchronous execution should not throw exceptions
Mapping::
- Preserve response headers when creating an index
- Improves disabled fielddata error message
- Switch include_in_all in multifield to warning
- Fix MapperService StackOverflowError
- Fix NPE with scaled floats stats when field is not indexed
Network::
- Fix possible hang in local transport when nodes get concurrently
disconnected
- Respect promises on pipelined responses
- Ensure that releasing listener is called
Packaging::
- Fall back to non-atomic move when removing plugins
Percolator::
- Fix memory leak when percolator uses bitset or field data cache
Plugin Ingest Attachment::
- Remove support for Visio and potm files
Plugin Lang Painless::
- Fix painless's regex lexer and error messages
- Replace Painless's Cast with casting strategies
- Fix Bad Casts In Painless
Plugin Repository Azure::
- Azure blob store's readBlob() method first checks if the blob exists
Plugin Repository S3::
- Handle BlobPath's trailing separator case. Add test cases to
BlobPathTests.java
Plugins::
- Fix delete of plugin directory on remove plugin
- Use a marker file when removing a plugin
Query DSL::
- FuzzyQueryBuilder should error when parsing array of values
REST::
- [API] change wait_for_completion default according to docs
- Deprecate request_cache for clear-cache
- HTTP transport stashes the ThreadContext instead of the
RestController
- Ensure we try to autodetect content type for handlers that support
plain text
- Fix date format in warning headers
- Align REST specs for HEAD requests
- Correct warning header to be compliant
- Fix get HEAD requests
- Fix search scroll request with a plain text body
- Handle bad HTTP requests
- Fix get source HEAD requests
- Properly encode location header
- Fix template HEAD requests
- Fix index HEAD requests
- Fix alias HEAD requests
Recovery::
- Provide target allocation id as part of start recovery request
Reindex API::
- Fix throttled reindex_from_remote
- Fix reindex with a remote source on a version before 2.0.0
- Make reindex wait for cleanup before responding
Scripting::
- Remove unnecessary Groovy deprecation logging
- Convert script/template objects to json format internally
- Script: Fix value of `ctx._now` to be current epoch time in
milliseconds
Search::
- Cross Cluster Search: propagate original indices per cluster
- Query string default field
- Speed up parsing of large `terms` queries.
- IndicesQueryCache should delegate the scorerSupplier method.
- Fork LRUQueryCache from Lucene to work around LUCENE-7749
- Disable graph analysis at query time for shingle and cjk filters
producing tokens of different size
- Fix cross-cluster remote node gateway attributes
- Use a fixed seed for computing term hashCode in TermsSliceQuery
- Honor max concurrent searches in multi-search
- Avoid stack overflow in multi-search
- Fix query_string_query to transform "foo:*" in an exists query on
the field name
- Factor out filling of TopDocs in SearchPhaseController
- Replace blocking calls in ExpandCollapseSearchResponseListener by
asynchronous requests
Search Templates::
- No longer add illegal content type option to stored search templates
Settings::
- Do not set path.data in environment if not set
- Correct handling of default and array settings
- Fix merge scheduler config settings
- Settings: Fix keystore cli prompting for yes/no to handle console
returning null
Similarities::
- Fix similarity upgrade when "default" similarity is overridden
Snapshot/Restore::
- Fixes maintaining the shards a snapshot is waiting on
- Fixes snapshot status on failed snapshots
- Fixes snapshot deletion handling on in-progress snapshot failure
- Prioritize listing index-N blobs over index.latest in reading
snapshots
Stats::
- Avoid overflow when computing total FS stats
- Handle existence of cgroup version 2 hierarchy
- Handle long overflow when adding paths' totals
- Fix control group pattern
- Fix total disk bytes returning negative value
=== Regressions
Bulk::
- Fix _bulk response when it can't create an index
=== Upgrades
Aggregations::
- Upgrade HDRHistogram to 2.1.9
Core::
- Upgrade to Lucene 6.5.0
- Upgrade from JNA 4.2.2 to JNA 4.4.0
- Upgrade to lucene-6.5.0-snapshot-d00c5ca
- Upgrade to lucene-6.5.0-snapshot-f919485.
Logging::
- Upgrade to Log4j 2.8.2
Network::
- Upgrade to Netty 4.1.9
- Upgrade to Netty 4.1.8
Plugin Repository Azure::
- Update to Azure Storage 5.0.0
Use ALTERNATIVES to handle different Python versions better.
0.14.0 - 2017-05-04
Added
- Python 3.3+ support for all Certbot packages. certbot-auto still
currently only supports Python 2, but the acme, certbot,
certbot-apache, and certbot-nginx packages on PyPI now fully support
Python 2.6, 2.7, and 3.3+.
- Certbot's Apache plugin now handles multiple virtual hosts per file.
- Lockfiles to prevent multiple versions of Certbot running
simultaneously.
Changed
- When converting an HTTP virtual host to HTTPS in Apache, Certbot
only copies the virtual host rather than the entire contents of the
file it's contained in.
- The Nginx plugin now includes SSL/TLS directives in a separate file
located in Certbot's configuration directory rather than copying the
contents of the file into every modified server block.
Fixed
- Ensure logging is configured before parts of Certbot attempt to log
any messages.
- Support for the --quiet flag in certbot-auto.
- Reverted a change made in a previous release to make the acme and
certbot packages always depend on argparse. This dependency is
conditional again on the user's Python version.
- Small bugs in the Nginx plugin such as properly handling empty
server blocks and setting server_names_hash_bucket_size during
challenges.
- Remove the playhouse.fields.AESEncryptedField over security concerns
described in ticket #1264.
- Correctly resolve explicit table dependencies when creating tables, refs
- Implement not equals comparison for CompositeKey.
0.7.2 (May 8th, 2017)
BUG FIXES:
- audit: Fix auditing entries containing certain kinds of time values
0.7.1 (May 5th, 2017)
DEPRECATIONS/CHANGES:
- LDAP Auth Backend: Group membership queries will now run as the
binddn user when binddn/bindpass are configured, rather than as the
authenticating user as was the case previously.
FEATURES:
- AWS IAM Authentication
- MSSQL Physical Backend
- Lease Listing and Lookup
- TOTP Secret Backend
- Database Secret Backend & Secure Plugins (Beta)
IMPROVEMENTS:
- auth/cert: Support for constraints on subject Common Name and
DNS/email Subject Alternate Names in certificates
- auth/ldap: Use the binding credentials to search group membership
rather than the user credentials
- cli/revoke: Add -self option to allow revoking the currently active
token
- core: Randomize x coordinate in Shamir shares
- tidy: Improvements to auth/token/tidy and sys/leases/tidy to handle
more cleanup cases
- secret/pki: Add no_store option that allows certificates to be
issued without being stored. This removes the ability to look up
and/or add to a CRL but helps with scaling to very large numbers of
certificates.
- secret/pki: If used with a role parameter, the sign-verbatim/<role>
endpoint honors the values of generate_lease, no_store, ttl and
max_ttl from the given role
- secret/pki: Add role parameter allow_glob_domains that enables
defining names in allowed_domains containing * glob patterns
- secret/pki: Update certificate storage to not use characters that
are not supported on some filesystems
- storage/etcd3: Add discovery_srv option to query for SRV records to
find servers
- storage/s3: Support max_parallel option to limit concurrent
outstanding requests
- storage/s3: Use pooled transport for http client
- storage/swift: Allow domain values for V3 authentication
BUG FIXES:
- api: Respect a configured path in Vault's address
- auth/aws-ec2: New bounds added as criteria to allow role creation
- auth/ldap: Don't lowercase groups attached to users
- cli: Don't panic if vault write is used with the force flag but no
path
- core: Help operations should request forward since standbys may not
have appropriate info
- replication: Fix enabling secondaries when certain mounts already
existed on the primary
- secret/mssql: Update mssql driver to support queries with colons
- secret/pki: Don't lowercase O/OU values in certs
- secret/pki: Don't attempt to validate IP SANs if none are provided
Improvement
- SCRAM secret's should be better protected with Zookeeper ACLs
Bug
- Refresh consumer metadata more frequently for unknown subscribed
topics
- OffsetValidationTest fails validation with "Current position greater
than the total number of consumed records"
- Failure in
kafka/tests/kafkatest/tests/core/security_rolling_upgrade_test.py
- Broker level configuration 'log.segment.bytes' not used when
'segment.bytes' not configured per topic.
- Kafka Streams - unable to add state stores when using wildcard
topics on the source
- Streams State transition ASCII diagrams need fixing and polishing
- KafkaConsumer: ConsumerConfig gets logged twice.
- docker/run_tests.sh should set up /opt/kafka-dev to be the source
directory
- Config validation in Connector plugins need to compare against both
canonical and simple class names
- Stream thread getting into deadlock state while trying to get
rocksdb lock in retryWithBackoff
- SessionStore.fetch(key) is a performance bottleneck
- log.message.timestamp.type=LogAppendTime breaks Kafka based
consumers
- Querying window store may return unwanted keys
- Kafka Secure Migrator tool doesn't secure all the nodes
- Kafka Connect does not log connector configuration errors
- Make ProduceRequest thread-safe
- Add streams tests with brokers failing
- Document that stores must not be closed when Processors are closed
- remove controller concurrent access to non-threadsafe NetworkClient,
Selector, and SSLEngine
- testReprocessingFromScratch unit test failure
- StreamThread should catch InvalidTopicException
- running multiple kafka streams instances causes one or more instance
to get into file contention
- Increase number of Streams producer retries from the default of 0
- Defer exception to the next pollOnce() if consumer's fetch position
has already increased
- ThreadCacheTest.cacheOverheadsSmallValues fails intermittently
- KafkaConsumer.poll throws IllegalStateException
======================
Backward compatibility notes.
* Use of an empty string as a pathspec element that is used for
'everything matches' is still warned and Git asks users to use a
more explicit '.' for that instead. The hope is that existing
users will not mind this change, and eventually the warning can be
turned into a hard error, upgrading the deprecation into removal of
this (mis)feature. That is not scheduled to happen in the upcoming
release (yet).
* The historical argument order "git merge <msg> HEAD <commit>..."
has been deprecated for quite some time, and is now removed.
* The default location "~/.git-credential-cache/socket" for the
socket used to communicate with the credential-cache daemon has
been moved to "~/.cache/git/credential/socket".
* Git now avoids blindly falling back to ".git" when the setup
sequence said we are _not_ in Git repository. A corner case that
happens to work right now may be broken by a call to die("BUG").
We've tried hard to locate such cases and fixed them, but there
might still be cases that need to be addressed--bug reports are
greatly appreciated.
Updates since v2.12
-------------------
UI, Workflows & Features
* "git describe" and "git name-rev" have been taught to take more
than one refname patterns to restrict the set of refs to base their
naming output on, and also learned to take negative patterns to
name refs not to be used for naming via their "--exclude" option.
* Deletion of a branch "foo/bar" could remove .git/refs/heads/foo
once there no longer is any other branch whose name begins with
"foo/", but we didn't do so so far. Now we do.
* When "git merge" detects a path that is renamed in one history
while the other history deleted (or modified) it, it now reports
both paths to help the user understand what is going on in the two
histories being merged.
* The <url> part in "http.<url>.<variable>" configuration variable
can now be spelled with '*' that serves as wildcard.
E.g. "http.https://*.example.com.proxy" can be used to specify the
proxy used for https://a.example.com, https://b.example.com, etc.,
i.e. any host in the example.com domain.
* "git tag" did not leave useful message when adding a new entry to
reflog; this was left unnoticed for a long time because refs/tags/*
doesn't keep reflog by default.
* The "negative" pathspec feature was somewhat more cumbersome to use
than necessary in that its short-hand used "!" which needed to be
escaped from shells, and it required "exclude from what?" specified.
* The command line options for ssh invocation needs to be tweaked for
some implementations of SSH (e.g. PuTTY plink wants "-P <port>"
while OpenSSH wants "-p <port>" to specify port to connect to), and
the variant was guessed when GIT_SSH environment variable is used
to specify it. The logic to guess now applies to the command
specified by the newer GIT_SSH_COMMAND and also core.sshcommand
configuration variable, and comes with an escape hatch for users to
deal with misdetected cases.
More...
--------------------------------
Common
~~~~~~
- Fix OpenStack drivers not correctly setting URLs when used with identity API, would default to 127.0.0.1 and service
catalog URLs were not adhered to.
- Fix Aliyun ECS, Load balancer and storage adapters when using unicode UTF-8 characters in the names of resources
in 2.0.0rc2 < it would fail as a MalformedResponseError, Python 2.7 element tree was raising a unicode error
- Refactor the test classes to use the full libcloud.http and libcloud.common.base modules, with Connection,
Response all used with requests_mock. This increases our test coverages and catches bugs in drivers' custom
parse_body and auth modules
- Rename libcloud.httplib_ssl to libcloud.http now that we don't use httplib
BREAKING CHANGES:
- api: HttpClient now defaults to nil in the client config and will be
generated if left blank. A NewHttpClient function has been added for
creating an HttpClient with a custom Transport or TLS config.
IMPROVEMENTS:
- agent: Added an error at agent startup time if both -ui and -ui-dir
are configured together.
- agent: Added the datacenter of a node to the catalog, health, and
query API endpoints which contain a Node structure.
- agent: Added the ca_path, tls_cipher_suites, and
tls_prefer_server_cipher_suites options to give more flexibility
around configuring TLS.
- agent: Reduced the timeouts for the -dev server mode so that the
development server starts up almost instantly.
- agent: Added verify_incoming_rpc and verify_incoming_https options
for more granular control over incoming TLS enforcement.
- agent: Use bind address as source for outgoing connections.
- api: Added the ACL replication status endpoint to the Go API client
library.
- cli: Added Raft protocol version to output of operator raft
list-peers command.
- ui: Added optional JSON validation when editing KV entries in the
web UI.
- ui: Updated ACL guide links and made guides open in a new tab.
BUG FIXES:
- server: Fixed a panic when the tombstone garbage collector was
stopped.
- server: Fixed a panic in Autopilot that could occur when a node is
elected but cannot complete leader establishment and steps back
down.
- server: Added a new peers.json format that allows outage recovery
when using Raft protocol version 3 and higher. Previously, you'd
have to set the Raft protocol version back to 2 in order to manually
recover a cluster.
- ui: Add and update favicons
Fixed SecureTransport issue that would cause long delays in response body delivery.
Fixed regression in 1.21 that threw exceptions when users passed the socket_options flag to the PoolManager.
Fixed regression in 1.21 that threw exceptions when users passed the assert_hostname or assert_fingerprint flag to the PoolManager.
Changelog:
Security fixes:
#CVE-2017-5433: Use-after-free in SMIL animation functions
#CVE-2017-5435: Use-after-free during transaction processing in the editor
#CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
#CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
#CVE-2017-5459: Buffer overflow in WebGL
#CVE-2017-5434: Use-after-free during focus handling
#CVE-2017-5432: Use-after-free in text input selection
#CVE-2017-5460: Use-after-free in frame selection
#CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
#CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
#CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
#CVE-2017-5441: Use-after-free with selection during scroll events
#CVE-2017-5442: Use-after-free during style changes
#CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
#CVE-2017-5443: Out-of-bounds write during BinHex decoding
#CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
#CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
#CVE-2017-5447: Out-of-bounds read during glyph processing
#CVE-2017-5465: Out-of-bounds read in ConvolvePixel
#CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
#CVE-2016-10196: Vulnerabilities in Libevent library
#CVE-2017-5469: Potential Buffer overflow in flex-generated code
#CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
#CVE-2017-5462: DRBG flaw in NSS
#CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1
