Hyper-h2 is a HTTP/2 protocol stack, written entirely in Python. The goal
of Hyper-h2 is to be a common HTTP/2 stack for the Python ecosystem, usable
in all programs regardless of concurrency model or environment.
To achieve this, Hyper-h2 is entirely self-contained: it does no I/O of any
kind, leaving that up to a wrapper library to control. This ensures that it
can seamlessly work in all kinds of environments, from single-threaded code
to Twisted.
Its goal is to be 100% compatible with RFC 7540, implementing a complete
HTTP/2 protocol stack build on a set of finite state machines. Its
secondary goals are to be fast, clear, and efficient.
This library contains the HTTP/2 framing code used in the hyper project.
It provides a pure-Python codebase that is capable of decoding a binary
stream into HTTP/2 frames.
This library is used directly by hyper and a number of other projects to
provide HTTP/2 frame decoding logic.
Move config files to standard location.
Make Apache/Nginx compatible (based on mail/rouncube).
Upstream changes follow.
3.7.1
* Fix for auth bypass when using the authentication module
* Fix for a XSS in the view adding interface
* Update JQuery Mobile library to 1.4.5
3.7.0
* Cubism integration
* Ganglia Reporting
* Couple reported XSS issues have been corrected
3.6.2
* Performance improvements
* New clearer heatmaps
* Other minor improvements and fixes
3.5.7
* Required Jquery files were missing from 3.5.6 release.
3.5.6
* Number of fixes to address XSS (Cross Site Scripting) issues
* Enhancement to the host view if use option
"metric_groups_initially_collapsed". Clicking on metric groups
dynamically loads images instead of reloading the page
* Fixed mobile view
* Incorporate legend in the selection when doing Inspect graph
* Stacked graph fixes
* Numerous other fixes and enhancements
3.5.2
* Fix for stacked graphs not showing after upgrading to 3.5.1
* Inspect graph now uses AJAX calls to retrieve data which should
help in situations where users use Basic authentication
3.5.1
* Security advisory
* Support for same hostname being in multiple clusters
3.5.0
* Enable zoom to a selection in Inspect Graph
* Add Jump to Metric group drop down
* Add Timeshift functionality to graphs
* Other misc fixes and improvements
3.4.2
* Improvements to the live dashboard
* Fixed the aggregate graphs metric auto complete which broke in 3.4.1
* Add ability to specify critical and warning thresholds. Use in
Live Dashboard and Views.
* Minor bug fixes
3.4.1
* Major improvements to Inspect Graph thanks to Peter Piela - deselect
all data sources, select individual sources, change graph type from
stack to line and vice versa
* Live Dashboard - integration of Tasseo
* Metrics drop down now includes ability to select optional reports
No changelog could be found for 3.1.3-3.4.0.
Crowd is an application security framework that handles authentication
and authorisation for your web-based applications. With Crowd you can
quickly integrate multiple web applications into a single security
architecture that supports single sign-on (SSO) and centralised identity
management.
Patches for Apache 2.4 and Subversion 1.8 suport from FreeBSD Ports.
---------------------
v1.4.2
Version 1.4.2
Add automatic caching for the discovery docs.
v1.4.1
Version 1.4.1
Add the googleapiclient.discovery.Resource.new_batch_http_request method.
v1.4.0
Version 1.4.0
Python 3 support.
v1.3.2
Version 1.3.2
Small bugfix release.
- Fix an infinite loop for downloading small files.
- Fix a unicode error in error encoding.
- Better handling of `content-length` in media requests.
- Add support for methodPath entries containing colon.
Upstream changes (from CHANGES.md):
## 1.0.2 (2016-01-15)
* [#295](https://github.com/httprb/http/pull/295):
Fix redirect following when used with persistent mode.
([@ixti])
Changes:
* Fixes#287: media:content support broken
(patch by Leiaz)
* Fixes#279: Rules not visible in searchdialog
(patch by Leiaz)
* Fixes#83: Segfault when sorting feeds in folder
(patch by Leiaz)
* Fixes#302: Broken compilation with --disable-notify
(reported by vostorga)
--------------
0.17 2016-02-03T18:35:33Z
- Added URI::_ado, which subclasses URI::_odbc to provide a `dbi_dsn()`
that returns a DSN using DBD::ADO. NOTE: This class is experimental,
since I was unable to figure out the best default values for the
connection string -- there are so many options! Feedback and
recommendations wanted (Issue #11).
- The `dbi_dsn` method of URI::mssql now supports a single argument to
specify the DBI driver for which to return a DSN. Pass in "sybase" or
"ado" (experimental) to get a DSN for either of those drivers,
instead. Based on work by Dan Muey.
--------------
6.44 2016-02-04
- Removed deprecated format_regex attribute from Mojolicious::Routes::Pattern.
- Improved get command not to use the user agent of the application.
- Improved Mojo::JSON performance slightly.
Changelog:
Fix:
Fix issue which could lead to the removal of stored passwords under certain circumstances (1242176)
Allows spaces in cookie names (1244505)
Fix WebSockets when used in a Service Worker context (1243942)
Disable opus/vorbis audio with H.264 (1245696)
Require NSS 3.21 (1244069)
Ship the Gecko SDK (1243740)
Fix for graphics startup crash (GNU/Linux) (1222171)
Fix a crash in cache networking (1244076)
Bugfixes:
* getredirect.c: fix variable name
* tool_doswin: silence unused function warning
* cmake: fixed when OpenSSL enabled on Windows and schannel detected
* curl.1: Explain remote-name behavior if file already exists
* tool_operate: Don't sanitize --output path (Windows)
* URLs: change all http:// URLs to https:// in documentation & comments
* sasl_sspi: Fix memory leak in domain populate
* COPYING: clarify that Daniel is not the sole author
* examples/htmltitle: Use _stricmp on Windows
* examples/asiohiper: Avoid function name collision on Windows
* idn_win32: Better error checking
* openssl: Fix signed/unsigned mismatch warning in X509V3_ext
* curl save files: check for backslashes on cygwin
CGI::Application::Plugin::Session seamlessly adds session support
to your CGI::Application modules by providing a CGI::SEssion
that is accessible from anywhere in the application.
Description:
HTML::CalendarMonthSimple is a Perl module for generating, manipulating,
and printing a HTML calendar grid for a specified month. It is intended
as a faster and easier-to-use alternative to HTML::CalendarMonth.
Changelog:
5.7.5.6 Release Notes
Behavioral Improvements
Minor improvements to command line utilities (thanks mlocati)
Default behavior on certain javascript links prevented (thanks ojalehto)
Fixed: User's avatar's url doesn't change when you change the image (thanks ojalehto)
Fixed: https://github.com/concrete5/concrete5/pull/3420 (thanks ojalehto)
Remove New Page link from stacks version history (thanks ojalehto)
Adjust clear log button to indicate dangerousness of the action (thanks ojalehto)
Bug Fixes
Fixed inability to publicly register new accounts (received invalid email address errors on valid email addresses.) (thanks JeRoNZ)
Fixed http://www.concrete5.org/developers/bugs/5-7-5-5/file-manager-broken-after-deleting-a-file-set./ (thanks ojalehto)
Parallax custom template causes layout design to not be accessible
Fixed bug in next/previous block where exclude system pages was always set to true (thanks ojalehto)
Prevent error while adding a new feed without a page type filter (thanks ojalehto)
Fix incorrect action after renaming a stack (thanks ojalehto)
PHP7 bug fixes (thanks JeRoNZ)
Fixed multilingual flag layout(thanks ojalehto)
Strict error bug fixes (thanks mlocati)
5.7.5.5 Release Notes
Behavioral Improvements
You can no longer deactivate or delete your own user account in the Dashboard
Social Links block opens links in new tabs (thanks MrKarlDilkington)
Bug Fixes
Fixed inability to clear site contents when installing themes that swap the site’s contents with their own.
Responsive flag images in multilingual sites (thanks seebaermichi)
Fixed issue where pasted blocks weren’t using proper grid container settings.
Fixed inability to bulk delete files.
Fixed Form block's questions are ordered incorrectly after ordering some of them and creating a new question. (thanks ojalehto)
Fixed: An error was thrown e.g. when trying to change user's password in dashboard while MYSQL is used in STRICT_TRANS_TABLES mode (thanks ojalehto)
Fixed error when adding files to sets and not logged in as admin.
Fixed inability to login with Oauth-based authentication types, including concrete5.org community and others (thanks Fabian Vogler)
Fixed bug: Layout column widths are no longer editable after being saved the first time
Fixed http://www.concrete5.org/developers/bugs/5-7-5-4/member-avatar/
Minor fixes to certain command line commands (thanks mlocati)
Fixed https://github.com/concrete5/concrete5/pull/3363 (thanks ojalehto)
Fixed https://github.com/concrete5/concrete5/issues/2959 (thanks seebaermichi)
Fixed https://github.com/concrete5/concrete5/pull/3368 (jaromirdalecky)
Fixed https://github.com/concrete5/concrete5/issues/3365 (thanks Ruudt)
5.7.5.4 Release Notes
Feature Updates
Lots of improvements to the YouTube block, including responsive and widescreen improvements, support for playlist URLs, support for more YouTube options, and code cleanup (thanks Mesuva!)
Added the ability to start composer page location sitemaps at a certain level in the tree.
Share this Page block now includes a print option (thanks ojalehto)
New uploading settings Dashboard page allows administrators to specify a maximum width, height and JPEG level for images uploaded to the file manager. Images will be constrained using client side JavaScript (if available) and server side as a fallback (thanks Mesuva)
Background size and position added to options in Background Image section of area/block design (thanks MrKarlDilkington)
Added the ability to set storage locations for files in bulk (thanks hissy)
Updates to Image Slider block: draggable and collapsible slides, choose whether to animate automatically, slider speed, time between transitions, and whether to pause on hover (thanks MrKarlDilkington)
Character count added to bulk SEO updater and SEO panel (thanks Mesuva)
Added “Fit Image” button to Image Editor (thanks MrKarlDilkington)
Behavioral Improvements
If a user has the ability to approve the workflow on a page that he or she is updating, the workflow will be skipped when submission occurs.
Better validation of thumbnail types created through the dashboard (thanks mnakalay)
Security improvement: immediate invalidation of password reset emails upon changed passwords (thanks joemeyer)
We now use the number form element in the number attribute (thanks Remo)
Added version comment to workflow email.
Better caching of Page List blocks (thanks TimDix)
CSS scope fixes and cleanup (thanks robkovacs)
Drafts now include the date they were created (thanks MrKarlDilkington)
Command line utilities will now work with a symlinked core (thanks mlocati)
An area name is now visible when dragging a block over it
Better compressed image slider sample images lead to smaller file sizes (thanks MrKarlDilkington)
Improvement to the Page Defaults editing experience (thanks MrKarlDilkington)
Added support for system pages to the AutoNav block (thanks joostrijneveld)
Better support for elements in content blocks (thanks EC-Joe)
Configuration option added to disable download statistics tracking (thanks EC-Joe)
Bug Fixes
Custom theme layout presets now honor attributes on containers and columns other than just “class” (data attributes, etc…)
Fixed error on user password validation on PHP 5.3.3.
User avatar removal now protected against CSRF attacks.
Allows the use of custom label text for file selectors (thanks mnakalay)
Miscellaneous code cleanup and minor bug fixes (thanks joemeyer)
Fixed infinite redirect issues with certain setups.
Fixed https://github.com/concrete5/concrete5/issues/3063 (thanks joemeyer)
Fixed errors when including job sets in packages (thanks joemeyer)
Fixed bug where uploading files with uppercase extensions would fail in certain situations.
Fixed bug where image slider block entries with links to internal page would lose those links on edit (thanks acliss19xx)
Fixed https://github.com/concrete5/concrete5/issues/3300
Fix newsflow url to Dashboard's update page (thanks concrete5 Japan)
Fixed: It is not possible to set the color picker to complete transparency in the theme customization options (thanks mlocati)
Fixed: if you add a picture to a feature paragraph area (or other abstracted string) and go to edit it it doesn't get translated back (thanks joemeyer)
Fixed: https://github.com/concrete5/concrete5/pull/3214 (thanks frosso)
Fixed inability to clear background images in page design.
Fixed https://www.concrete5.org/developers/bugs/5-7-5-3/remove-alias-does-not-work/
Bug fixes with Dashboard sitemap and page search.
Fixed: Package description isn't translated before installing the package (thanks mlocati)
Fixed: Can't vote in a survey if the block caching is turned on (thanks TimDix)
Fixed https://www.concrete5.org/community/forums/chat/date-navigation-timezone-problem/ (thanks mlocati and WillemAnchor)
Fixed https://github.com/concrete5/concrete5/issues/3098 (thanks ahukkanen)
Fixed bug where the Add new page dialog was missing certain translations loaded from Composer (thanks ahukkanen)
Fixed https://www.concrete5.org/developers/bugs/5-7-5-3/zip-file-download/ (thanks mlocati)
Fixed bug where filtering by select attribute option values wasn’t working when the options had special characters in them (thanks dsgraham)
Added X-Frame-Options header option for security purposes (thanks hissy)
Fixed https://hackerone.com/reports/4934 (thanks joemeyer)
Fixed mobile theme switcher issues: Elements are loaded from default theme instead of mobile theme, Responsive image settings of mobile theme does not respected (thanks hissy)
Content import now properly imports area background images (thanks myconcretelab)
https://github.com/concrete5/concrete5/pull/3106 (thanks mlocati)
Fixed typo in Password Sent email template (thanks allybee)
Developer Updates
Code improvements to facilitate concrete5 running on PHP 7 (thanks mlocati)
New command line installation functionality to support installs in a clustered environment (attaches to existing databases rather than requiring an empty database.)
New command line utilities for installing and uninstalling pacs are now available (thanks mlocati)
New command line utilities for generating and updating package translation files (thanks mlocati)
Feature: Add new Conversation Message event (thanks brucewyne)
Page Theme classes can now provide custom valNew attach mode in command line installer: When the --attach flag is supplied with a concrete5 c5:install call, if the supplied database already has rows we will attach to it rather than failing
Session API Improvements
Groups tree Javascript now methods which will run after on_start() from ALL installed packages have run. This can be helpful when a particular package requires something from another package, but the original package is executing on_start() before the dependency.
Tourist tours now have access to showStep method (thanks danielgasser)
5.7.5.3 Release Notes
Behavioral Improvements
Added an “Add Content” guide that goes through the process of adding content to the page, and explains the Add Content panel.
Improved contrast in the Add Content and Dashboard panels.
Fixed https://github.com/concrete5/concrete5/issues/2980
Improvements to image editing experience when using the concrete5 image editor.
Account private messages no longer assumes profiles are enabled (thanks ounziw)
Escaped input in form submissions so prevent Excel macros from being embedded in fields (thanks TimDix)
Links in image slider description will automatically substitute the proper URLs even when changing servers (thanks hissy)
Added logout link to mobile menu (thanks ojalehto)
Device visibility classes (hide on desktop, hide on laptop,, etc…) are now disabled when a page is in edit mode.
Additional page URLs preserve query strings on redirecting to canonical URLs.
Imported area layouts now support custom styles (thanks myconcretelab)
Parallax custom template on area design now works with multiple parallax areas on a page (thanks myconcretelab)
Bug Fixes
Fixed infinite redirect loop with Internationalized Domain Names (thanks EC-Joe)
Fixed bug where multilingual global areas would sometimes duplicate themselves needlessly, leading to empty global areas
Fixed hard-to-reproduce duplicate key error in ConversationFeatureDetailAssignments table when using the conversation block throughout your site
Fixed out of memory errors when uploading large files from the incoming directory (thanks EC-Joe)
Fixed “When using inline blocks, I can edit other inline blocks” (thanks TimDix)
Fixed errors with blocks that have assets not having their assets included if those blocks were within a layout. Fixed error with google maps block specifically.
Fixed error with scrollbar not appearing after file uploaded on the front-end (actually fixed this time.)
Fixed Adding and Moving a Block in One Step Causes JS Error
Resolved: Rich text editor adds in random "=" symbols sometimes
Resolved: Rich text editor wraps selection in when choosing a custom style
Fixed but where Downloading a file that exceeds the available memory today causes an out of memory issue
Fixed occasionally bug that resulted in error “"Argument 1 passed to Concrete\Core\Permission\Access\Access::create() must be an instance of PermissionKey, Concrete\Core\Permission\Key\AdminKey given."
Fixed bug when moving blocks in certain situations (thanks Remo)
Fixed: Topics attributes marked as required on pages weren’t being properly validated.
Fixed some minor XSS potential issues with social links (thanks EC-Chris)
Fixed bug: Internal Links in Feature Blocks Store Absolute URL in Database
Fixed: config value “concrete.updates.auto_update_packages” now works again
Fixed fatal error when enabling package auto updates (thanks EC-Joe)
Fixed error autoloading packages when working with the command line (thanks EC-Joe)
Approve changes now shows up when moving blocks in stacks (thanks WillemAnchor)
Fixed bug where editing permissions in simple permissions mode wouldn’t apply multilingual settings administration to the appropriate groups (Thanks Remo)
Fixed possible CSRF security issue in Conversations settings dashboard page.
Fixed free-form layouts that on occasion would break into two rows as widths wouldn’t match properly (thanks wstoettinger)
Color picker JavaScript now properly escaped so it can be used with PHP array syntax.
Fixed: If you added a BlockTypeSet but didn't add anything to them it would cause the foreach to error on a null value (thanks joe-meyer)
Fixed inability to filter lists by multiple select values (thanks markbennett)
Fixed http://www.concrete5.org/developers/bugs/5-7-5-2/date-attributes-search-method-doesnt-work/ (thanks haeflimi)
IP Blacklist no longer bans on failed registrations (thanks joemeyer)
Fixed https://github.com/concrete5/concrete5/issues/3048 (thanks joemeyer)
Developer Updates
We now default to the “GD” image processing library for image manipulation. Imagick must be opted into by setting the config value “concrete.file_manager.images.manipulation_library” to “imagick”.
Adds ability to specify wildcard page theme classes by creating an array key with “*” as its key (thanks TimDix)
Database Entities dashboard page now refreshes package-specific entities as well as application-specific entities.
Implemented new Validation framework and some useful constraints. Used within password validation.
API improvements to the Processor class to allow it to be used without a queue.
Select attribute option API improvements
Edge case page list sorting fix when adding to the query with addSelect and attempting to sort by the new field, and use pagination as well.
Backward Compatibility Notes
If you were relying on Imagick image manipulation, you will now be using GD image manipulation unless you manually set “concrete.file_manager.images.manipulation_library” to “imagick” within a custom config file.
5.7.5.2 Release Notes
Feature Updates
You can now filter the Page List block by date, including pages with a public date of today, X days in the past, X days in the future, and a custom date range (thanks TimDix)
The File block is now available in the Composer view for a Page type (thanks TimDix)
You can now export the Database Query Log to CSV (thanks TimDix)
The Cache settings page now gives developers the ability to optionally create CSS source maps from compiled LESS files.
Version list now shows who approved the version (thanks Katz)
Added page template to advanced page search.
New modes for page composer where you can choose target pages from an in-panel sitemap, rather than the popup selector.
Select custom attribute now uses the Select2 JavaScript library for tagging modes, leading to an improved appearance and nicer code behind the scenes.
Behavioral Improvements
Improved appearance and information display of controls on the composer form page type dashboard page (thanks TimDix)
Blocks added to the scrapbook will now honor the original block’s cache settings (thanks TimDix)
Area layouts will now be cached if all the blocks they contain are cached (thanks TimDix) Adds ability to cache Search Block if the block doesn't display results - useful for when placed in header/footer (thanks TimDix)
Performance improvements in the Assets Subsystem (thanks joe-meyer)
We now include the “position” property in the search index when using the testimonial block (thanks hissy)
Better performance when working with bulk files and file sets with a large number of file sets (thanks TimDix and jefharris23)
Stack blocks now check to see if the blocks within the stack can be cached – if so, they will be cached as well (thanks TimDix)
Resolved https://github.com/concrete5/concrete5/pull/2911 (thanks Shotster)
Added error messaging when adding or editing page types and not configuring the publishing settings properly.
Better error reporting when http:// or https:// omitted from canonical URLs (thanks mnakalay)
Removed “Meta Keywords” from SEO panel on new installs because it’s not actually something that most search engines like anymore (thanks Mesuva). The attribute is still available and installed.
Bug Fixes
Fixed bug where layouts with custom widths didn’t honor those widths (thanks kaktuspalme)
Fixed bug where area layouts disappear upon changing layout design changes (thanks TimDix)
Fixed issue installing on PHP 5.3.9 and earlier (5.7.5.1 was supposed to fix this but did not.)
When deleting files, some rows were left in child database tables. This has been fixed (thanks EC-Joe)
Block actions in edit mode (introduced in 5.7.5) now work with blocks in Composer.
Permission access entity types can now be provided in packages like they could in 5.6.
Permission keys can now be provided in packages like they could in 5.6.
Rich text editor toolbar was abnormally large when present in the attributes dialog window. This has been fixed.
Fixed bug where Image block fails on Elemental when using certain third party file storage location types with no thumbnail types installed (thanks Mnkras)
We now show a confirmation dialog when discarding page drafts (thanks hissy)
Fixed bulk SEO Updater not updating the home page.
Fixed editor tooltips and link edit callouts not displaying when using redactor in a dialog.
When setting sitewide permissions in simple permissions mode, “Edit Page Type” hadn’t been set. It also wasn’t set by default when installing concrete5. This is fixed.
Fixes Bug with Search Block when resultsURL specified instead of page (thanks TimDix)
Fixed https://github.com/concrete5/concrete5/pull/2894 (thanks skybluesofa)
Fixed https://github.com/concrete5/concrete5/issues/2362 (thanks TimDix)
Fixed Fix Cancel button action on block aliasing dialog (thanks hissy)
Fixed scrollbar not appearing after file upload (thanks EC-Chris)
Fixed exception when passing an non-number to ccm_paging_p (thanks SkyBlueSofa)
Developer Updates
Added custom file import processes for forcing JPEGs, forcing JPEG compression and forcing width/height. Added system for creating custom file import processes and calling them programmatically
Added the ability to try and use exif rotation data (experimental, toggle on by enabling with the config value concrete.file_manager.images.use_exif_rotation_data)
Translation improvements (thanks mlocati)
Added flash message support to page controller. Just call $this->flash(‘key’, ‘value’) and then a page redirect and the $key will be available from within the target page the same as if it had been set from that target page. (e.g. $this->flash(‘success’, ‘Thanks for your submission!’); $this->redirect(‘/to/new/page’); )
PageSelector::quickSelect now works again.
Page Type Validator framework improvements
Slight fixes to form labels in form block (thanks haeflimi)
Improvements to permissions content import XML functionality.
Fix potential data loss when working with packages that had both db.xml files and Doctrine entities (thanks Mainio)
Content block image placeholders now save all attributes placed on the images in the rich text editor (Thanks TimDix)
Fixed permissions error rendering “subscribe to conversation” functionality inoperable.
Improvements for working with PHP7 (thanks mlocati and Mnkras)
Added additional MIME extensions for new Office file types (thanks RGeeanks joe-meyer and mlocati)
Fixed https://github.com/concrete5/concrete5/issues/2952 (thanks ahukkanen)
New console command available: Clear Cache (thanks mlocati)
Developer Backward Compatibility Notes
The signature of the \Concrete\Core\Page\Type\Validator\ValidatorInterface has changed. If you rely on this interface check your implementations. (Note: if you extend the \Concrete\Core\Page\Type\Validator\StandardValidator you should be fine.)
5.7.5.1 Release Notes
Behavioral Improvements
Better checking for InnoDB database tables than querying INFORMATION_SCHEMA directly.
Improved accuracy and performance of the parallax scroll area layout custom template.
Fixed Fatal error when getPageThemeGridFrameworkRowStartHTML() and getPageThemeGridFrameworkRowEndHTML() return nothing
Bug Fixes
IP Blacklist functionality now works correctly
Fixed non-functioning image editor when editing image thumbnails.
Fixed error “PHP Fatal error: Can't inherit abstract function” on PHP 5.3.9 and earlier
Fixed errors installing and working with concrete5 on MySQL setups with strict tables enabled.
Fixing tree topic error in flat filter custom template when you have removed the topic tree its linked to
Fixed misnamed header grid classes in Elemental theme (thanks hdk0016)
Fixed http://www.concrete5.org/developers/bugs/5-7-4-2/date-type-custom-attributes-was-not-add-default-block/
Added legacy Image helper class (\Concrete\Core\Legacy\ImageHelper) back. This class had been moved to BasicThumbnailer and was working for all proper usage of the class, but for those instances where the class was hard-coded a the legacy image helper, the class is back for the time being. It will be removed in a subsequent update.
5.7.5 Release Notes
Grid and Layout Improvements
Page Theme classes can specify layout presets, which can use classes contained in grid frameworks or use their own custom classes.
Layouts now have design controls available to them, including custom templates and custom CSS classes.
Added a new custom template “Parallax Image” available to layouts that employ a background image.
Grid frameworks can now specify hiding classes for responsive breakpoints, which can be controlled through block and area design settings.
Grid containers that wrap around blocks based on their type can now be disabled or enabled on a per-block basis through the block design palette.
Added nested support to grid frameworks.
Mobile Improvements
Completely new Mobile Device Preview panel in the page panel. Preview the current page in a variety of mobile form factors, simulating user agent, and even rotating the device.
Multilingual Improvements
Global areas and stacks are now multilingual: if you have multiple language areas in your site, stacks and global areas you add will have separate instances for each language, and the appropriate stack contents will be displayed on the appropriate pages with no hacks.
You can scan a multilingual section for all links and references to multilingual pages, and if those pages exist outside the current tree, they will be remapped into the current tree. (i.e after you copy a multilingual tree, you can rescan its links so they don’t point to the original tree.)
Other Feature Updates
Elemental now provides two layout presets – Left Sidebar and Right Sidebar.
You can now set an RSS feed to be filtered by a particular topic
You can now add an image to an RSS feed
If you register a site that requires approval before logging in, you will receive an email letting you know this is the case (thanks ounziw)
You can now turn off help via a checkbox in the Dashboard on the Accessibility page.
The file block now contains an option to force download (thanks Mesuva)
Next/Previous Block now supports reverse ordering options (thanks UziTech)
You can now run concrete5 jobs from the command line using concrete/bin/concrete5 c5:job (thanks ChrisHougard!)
You can now choose the background image for full-image background pages with the 'concrete.white_label.background_url' config option (thanks myconcretelab)
Redactor rich text editor has been updated to version 10.2.2,. fixing many bugs and adding some small features.
Adds support to adjust trusted proxy ips and settings through Config values (thanks timdix)
Behavioral Improvements
Login page now much easier to theme. Should look nice in stock Elemental theme. More generic language and hides the authentication type list of only one authentication type is enabled. No more background image when attempting to re-skin login page in another theme.
File manager import incoming now has a checkbox to select all files (thanks MeyerJL)
Table cells in rich text editor have a minimum width of 55 pixels (thanks KarlDilkington)
Group set names can now contain multibyte characters (thanks hissy)
More rich text editor plugin interfaces are translatable (thanks mlocati)
Fixed Typography selector fails on save if it is used without font selection (thanks ojalehto)
Permissions are properly checked when displaying the publish button and the delete button in composer (thanks hissy)
Editing page defaults no longer prompts you to save or approve your changes, since changes to page defaults are immediately live (they are not versioned.)
Improved performance of full page caching (thanks EC-Chris)
Improvements to session handling when the session directory exists outside of an open_basedir restriction (thanks acohin and mlocati)
Page attributes are now grouped in sets on the page type defaults attributes screen (thanks EC-Joe)
Form block now highlights errors on specific fields when they aren’t filled in properly (thanks timdix)
Fixed bug that caused areas to have problems if they were converted in code from GlobalArea to Area and vice versa (thanks joe-meyer)
Fix: can't override install options by config file (thanks mlocati and hissy)
Better dialog message when the user can not select files (thanks hissy)
Display last used authentication type if authentication fails (thanks ChrisHougard)
Authentication types that rely on mcrypt use a more reliable random number generator (thanks thomwiggers)
You can now export logs to CSV files from the Dashboard page (thanks timdix)
If the package contains a theme that's currently active on the site, the package uninstallation can't occur
Gravatar user avatars now honor the passed aspect ratio parameter when using a custom aspect ratio (thanks joostrijneveld)
Fixed https://github.com/concrete5/concrete5/issues/2522
Bug Fixes
Fixed broken list element HTML on dashboard pages when no child pages existing in a certain section. (thanks jaromirdalecky)
Lots of configuration cleanup, removal of unused configuration values (thanks mlocati)
Fixed bug where a deleted block type could cause problems for scrapbook blocks that referenced blocks of that type (thanks MeyerJL)
Fix Base table or view not found: MultilingualSections error when installing in a language other than English
Fixed bug where there could be only one basic workflow assignment (thanks hissy)
Miscellaneous UI improvements (thanks mitchray)
Lots of miscellaneous bug fixes to community points and badges
Removt full page caching with the setting "On - If blocks on the particular page allow it (thanks TimDix)
The global configuration value for JPEG compression wasn’t being accessed properly, was ignored. This is fixed (thanks mlocati)
Email service haixing bug in topics where topics of multiple words would all be capitalized
Configuration options are more reliably displayed when using caches like PHP opcache, APC, etc.. (thanks mlocati)
External links are properly outputted in page list blocks
Fixed Fixing ipv4 to ipv6 address bugs (thanks MeyerJL)
Fixed error editing testimonial blocks when the image of the testimonial had been removed from the file manager (thanks edbeeny)
Fixed error where certain checkbox attributes were being imported as defaulting to checked, when they shouldn’t have been.
Fixed bug where running \Page::getByID on startup with a page you're currently editing breaks edit mode (thanks EC-Joe)
Fixed https://www.concrete5.org/community/forums/5-7-discussion/image-slider-links/#752359
Responsive images served by the picture tag now work in IE9 (thanks mitchray)
Surveys in global areas are now properly displayed on the survey results dashboard page (thanks EvgeniySpinov)
Fixed inability to select topics to create under a new topic tree.
Fixed validation incorrectly claiming a file attribute didn’t exist when checking a page in from edit mode (thanks mitchray)
Fixed bug with broken URL in testimonial block (thanks KarlDilkington)
Fixed https://github.com/concrete5/concrete5/issues/2623
Fixed pagination in form results (thanks mitchray)
Fixed overrride permissions for user groups not working
Fixed https://github.com/concrete5/concrete5/issues/2451 (thanks mlocati)
Style customizer for theme should be easier to use on options that have colors but no fonts available
Fixed If you create a Checkbox page attribute and select The checkbox will be checked by default. When adding the attribute to pages the box is not checked
Fixed https://www.concrete5.org/developers/bugs/5-7-4-2/cannot-reset-theme-customization-for-this-page/
Fixed If you does not have access to group search, you'll get a JSON error message (thanks hissy)
Fixed filtering by log status levels on Dashboard page
Fixed http://www.concrete5.org/developers/bugs/5-7-4-2/bug-with-tags-attribute-type1/
Fixed bug where duplicated pages couldn’t have their block content edited in composer (thanks katzueno)
Username validation error string fixes (thanks ounziw)
Fix class not included in legacy page list (thanks hissy)
Fixed bug: Add layout to area. Without refreshing page, edit container layout of new area, then cancel. Layout looks weird
Developer Updates
Big thanks to mlocati for delivering a completely new way to specify database XML, built off of the Doctrine DBAL library, including its types and functionality instead of ADODB’s AXMLS. Database XML now has support for foreign keys, comments and more. Doctrine XML is a composer package and can be used by third party projects as well. More information can be found at https://github.com/concrete5/doctrine-xml.
$view->action() now works for blocks in add and edit templates. This makes block AJAX routing much easier (simply reference $view->action(‘my_method’) in your block add/edit template, and implement action_my_method) in your block controller.
Code cleanup and API improvements and better code documentation (thanks mlocati)
Configuration and old PHP constants removed and replaced (thanks mlocati)
Completely new approach to command line utilities built off of the Symfony command line class; existing utilities ported (thanks mlocati!)
Adds ability to add Social Icons via config. (thanks TimDix)
Packages can also add command line utilities through their on_start() method (thanks hissy)
Flag images for multilingual sites can now be specified in application/images/countries/ as well as theme/current_theme/images/countries (as opposed to coming solely from concrete/images/) (thanks akodde)
Custom file type inspectors now work again.
Block types are checked to see if they exist prior to import (thanks Remo)
Attribute keys are checked to see if they exist prior to import (thanks Remo)
Permission keys are checked to see if they exist prior to import (thanks Remo)
Upgraded to Zend Framework 2.2.10 to fix certain internationalization issues (thanks mlocati)
Fixed duplicate success message on cloned form blocks on the same page (thanks bluefractals)
Fixed bugs installing concrete5 with strict mysql tables enabled (thanks mlocati)
Updated Magnific Popup to 1.0 (thanks mitchray)
If you’re running an OpCache like PHP’s Opcache, APC, XCache or something else, when you clear the cache this cache will also be cleared (thanks mlocati)
Can compute hash key based on full asset contents if so desired, using the concrete.full_contents_asset_hash config value (thanks mlocati)
Page cache adapters can now be loaded from places other than the core namespace (thanks hissy)
updateUserAvatar now fires on_user_update event (thanks timdix)
Attribute sets no longer need to have unique handles across different categories (thanks ijessup)
Delete page event now can be cancelled by hooking into the event and settings $this->proceed to false (thanks mlocati)
You can now customize the session save path through configuration (thanks mlocati).
Updated picturefill.js library to 2.3.1.
You can now specify your environment for configuration through an environment variable (CONCRETE5_ENV) as well as through host name (thanks ahukkanen)
File manager JavaScript API improvements
--------------
4.26 2016-02-04
[ RELEASE NOTES ]
- please see v4.21 Changes for any potentially impacting changes
[ SPEC / BUG FIXES ]
- sort HTML attributes by default (GH #106, GH #196)
[ DOCUMENTATION ]
- clarifications about HTML function non removal
===== 5.0 (2016-01-28) =====
* Add Eliom_shared and server-side Eliom_content.{Html5,Svg}.R modules
* Add PPX syntax extension
* Clean-up form APIs, now available under Eliom_content.Html5.{D,F}.Form
* Patches to significantly reduce the size of request data
* Compatibility with TyXML 3.6, Js_of_ocaml 2.7, and reactiveData 0.2
* Various bugfixes and enhancements
===== 4.2 (2015-07-21) =====
* Add Manip.children, to get the html children of an element.
* Simplify Html5 and Svg signatures using tyxml's signature functors.
* Various logging improvements, in particular in Eliom_client.
* Fix eliomdep's exit code when calling option "-sort".
* Fix#168: call_ocaml_service always sends boolean true.
* Makes server function return types covariant.
* Restore compatibility with ocsigenserver 2.6 and lwt 2.4.7.
* Various bugfixes and wiki updates.
* Fix cryptographic-safe string generation
* Fix performance bug in Deflatmod
* Fix max-age cache control directive in Staticmod
* Resend cache information with 304 (not modified) responses
* Expose Ocsigen_request_info interface.
* Wait for error message to be logged on shutdown (#81)
* Lots of fixes, UTF-8-ization, cosmetics, etc.
Reset (RST_STREAM) stream if flow control window gets overflow
Validate :authroity, host, and :scheme value more strictly
Check request/response submission error based side of session
Strict outgoing idle stream detection
Return error from nghttp2_submit_{headers,request} when self dependency is made
Add -ldl to APPLDFLAGS for static openssl linking
asio: Stop acceptor on server::http2::stop
asio: Rename http2::get_io_services() as http2::io_services()
h2load: Support UNIX domain socket
h2load: Improve readability of traffic numbers
h2load: Remove "auto" for -m option
h2load: Show progress in rate mode
h2load: Perform sampling for request and connection timings to reduce memory consumption
nghttpd: Add --no-content-length option to omit content-length in response
nghttpx: Interleave pushed streams with the associated stream if pushed streams are javascript and CSS resources
nghttpx: The initial value of request/response buffer is increased to 128K
nghttpx: Fix bug that --listener-disable-timeout option is not used
nghttpx: Don't emit :authority if request does not contain authority information
nghttpx: Add clarification of quotes in configuration file
nghttpx: Don't allow certain characters in host and :scheme header field
nghttpx: Add RFC 7239 Forwarded header field support
nghttpx: Fix crash when running on IPv6 only (Patch from Vernon Tang)
nghttpx: Take into account of trailers when applying max_header_fields
nghttpx: Don't apply max_header_fields and header_field_buffer limit to response
nghttpx: Strict validation for header fields given in configuration
nghttpx: header value should not be lower-cased (Patch from ayanamist)
Fixed a regression that caused the “user-tools” items to display on the admin’s logout page.
Fixed a crash in the translations system when the current language has no translations.
Fixed a regression that caused the incorrect day to be selected when opening the admin calendar widget for timezones from GMT+0100 to GMT+1200.
Fixed a regression in 1.8.8 causing incorrect index handling in migrations on PostgreSQL when adding db_index=True or unique=True to a CharField or TextField that already had the other specified, or when removing one of them from a field that had both, or when adding unique=True to a field already listed in unique_together.
Fixed a crash when using an __in lookup inside a Case expression.
Fixed a crash when using a reverse OneToOneField in ModelAdmin.readonly_fields.
Fixed a regression in Django 1.8.5 that broke copying a SimpleLazyObject with copy.copy().
Fixed the contrib.gis map widgets when using USE_THOUSAND_SEPARATOR=True.
Changes:
=================
WebKitGTK+ 2.10.7
=================
What's new in WebKitGTK+ 2.10.6?
- Fix the build with GTK+ < 3.16.
=================
WebKitGTK+ 2.10.6
=================
What's new in WebKitGTK+ 2.10.6?
- Fix a deadlock in the Web Process when JavaScript garbage collector was running for a web worker
thread that made google maps to hang.
- Fix media controls displaying without controls attribute.
- Fix a Web Process crash when quickly attempting many DnD operations.
-------------------
* v3.01 - 10th December 2015
- No changes from v3.00_02
* v3.00_02 - 27th November 2015
- Dual subs/methods have improved detection of how they have been called.
- Misc small documentation improvements.
* v3.00_01 - 15th October 2015
- BUG FIX: Uploads with enctype "multipart/form-data" and at least one
non-file param now process without warnings. (issue 107570)
-----------------------------------------------------------------
-------------------
=item 1.39 Apr 21 2015
Test scripts can now test if perl has a fork() implementation available by
using the Apache::Test::need_fork() function. [Steve Hay]
CPAN RT#87620: Add -D APACHE2_4 to identify httpd-2.4. [Michael Schout]
- Add BUILD_DEPENDS+= p5-Test-Fatal for make test
(upstream)
- Update 0.25 to 0.30
-------------------
0.30 2015-03-02 10:24:38 PST
- Fix VERSION
0.29 2015-02-17 15:56:25 PST
- Moved repo to the plack organization on github
0.28 2015-02-16 08:30:08 PST
- Same as 0.27. Make it non-trial
0.27 2015-02-13 16:52:11 PST
- Added late_store in psgix.session.options to update the
session after the streaming and reverts the default
behavior to pre-0.26 (reported by darkkar, fixed by alexmv)
#29, #30
0.26 2015-02-03 09:17:38 CET
- Improved documentation (oalders, basiliscos, Mohammad Anwar, alexmv)
- Session storage is now updated in the cleanup phase, after
the streaming is complete (alexmv) #28
--------------
6.43 2016-02-01
- Removed client_close and server_close methods from Mojo::Transaction.
- Added closed method to Mojo::Transaction.
- Added parse_message method to Mojo::Transaction::WebSocket.
- Improved a few examples to avoid timing attacks.
- Fixed timing bug in Mojo::Server::Daemon.
Changelog:
Fixed in Firefox ESR 38.6
2016-03 Buffer overflow in WebGL after out of memory allocation
2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
2015-150 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature
* Make the default `http_get` proc act more like Googlebot.
- It only allows up to 5 redirect hops rather than 10.
- It treats too many redirections as full allow.
- It treats any 4xx error as full allow.
* Fix context/should wording
* Follow the deprecation warning from SimpleCov::Formatter::MultiFormatter
* Update real world tests, introducing Webmock+VCR
* Use secure string comparisons for basic auth username / password.
(CVE-2015-7576)
* Stop caching mime types globally. (CVE-2016-0751)
* Don't short-circuit reject_if proc. (CVE-2015-7577)
* Allow :file to be outside rails root, but anything else must be inside
the rails view directory. (CVE-2016-0752)
- Add BUILD_DEPENDS+= p5-Test-CPAN-Meta-[0-9]*:... for make test
- Convert LINCENSE from 'mpl-1.0 OR mpl-1.1 OR mit' to mit only
(upstream)
- Update 4.15 to 4.17
-------------------
4.17 Fri Feb 21 2014: - Balint Szilakszi <szbalint at cpan.org>
- Fixing build process for old libcurl versions without CURLOPT_RESOLVE.
- License is now MIT only.
4.16 Thu Feb 20 2014: - Balint Szilakszi <szbalint at cpan.org>
- Support for CURLOPT_RESOLVE (an slist option) [Theo Schlossnagle]
- Fixing t/19multi.t test failures when using a threaded resolver for libcurl.
- Improved constant parsing when using ISO-compliant CPP. [tsibley]
---------------------
2015-12-13 Kingpin <martin@localhost.localdomain>
* added META.yml to distro
2015-09-23 Kingpin <Martin@EV-9D9>
* moved UK test file to xt folder (author only)
2014-11-28 Kingpin <Martin@EV-9D9>
* lib/WWW/Amazon/Wishlist.pm (get_list): fixed now that HTML page layouts are same
------------------
0.16 2015-09-22T00:17:07Z
- Added new abstract class, URI::_odbc, for URIs that use ODBC in
`dbi_dsn`.
- The `dbi_dsn` method of URI::mssql now returns an ODBC DSN instead of
DBD::Sybase, since the latter would require Sybase to build.
- URI::sqlserver now inherits from URI::mssql rather than the other way
around.
- Fixed a bug where a URI with three slashes but no authority part after
the first two would incorrectly think the databse name should be an
absolute path. That is, in "db:sqlite:///foo.db", the `dbname` value
is "foo.db", not "/foo.db". Thanks to Dan Book for the report
(issue #8).
-------------------
Tue Dec 15 14:54:14 CET 2015
- Bump version for release
- Better diagnostics
- Added .gitignore
- Fix some formatting that has been broken for a very long time.
- Force another build.
- Experimentally add coveralls.op and Devel::Cover support
- better diagnostics in case of failure in tinyurl.t
- better META.yml
- Corrected INSTALL instructions.
The INSTALL section links to
http://www.cpan.org/modules/by-authors/id/S/SP/SPOON/
as the place to download 'the latest release of WWW::Shorten'
but this is no longer true.
Of course the whole INSTALL file is a little bit huge!
Changelog:
== ChangeLog v0.12 ==
49 files changed, 1073 insertions(+), 2145 deletions(-)
Changes:
* Uses internally Git 2.7.0.
* Show remote refs in branch switcher combobox.
* Add sample post-receive hook in /contrib.
* Add HTML escaping to filters.
* Add "enable-follow-links" option to have the log UI
behave the same way as "git log --follow", as well
as updating the diffand commit UIs.
* Errors are now cached under the dynamic-ttl setting.
* Simplified filters and converters.
* Add "enable-html-serving" to turn on serving of HTML mimetypes
from the /plain handler, to prevent against stored XSS.
* /blob no longer takes a mimetype query string parameter.
Bug fixes:
* Always honor repo.hide and repo.ignore.
* Ensure /about/ always has a trailing slash to keep other links
consistent internally.
* Unit test stability improvements.
* Numerous internal cleanups.
* Always send HTTP headers even on error messages.
* Cleaner mimetype parsing.
* Multiple resource leaks plugged.
* Do not allow header injection.
* Fix integer/buffer overflow.
* Fix several crashes.
* Return 404 when no repositories are found.
== ChangeLog v0.11.2 ==
22 files changed, 444 insertions(+), 92 deletions(-)
Additions:
* New sample filter: filters/gentoo-ldap-authentication.lua
This filter shows how you might use lualdap for real authentication.
Changes:
* Uses internally Git 2.3.2
* No longer display blank links for submodules when there's no way of
resolving the submodule location.
Bug fixes:
* Numerous code quality fixes from sparse
* Take into account leading slashes when comptuing links
* Set up environment variables before making clone urls
== ChangeLog v0.11.1 ==
10 files changed, 127 insertions(+), 113 deletions(-)
Changes:
* Uses internally Git 2.3.1
* Optimized commit and tag parsing
* The sample simple-authentication.lua has been hardened
Bug fixes:
* When clicking on an owner in the index, use the right query string for
searching
* When filtering in the index, make the sorting links point to the same
filtered page of results
* Also, the same as above, but with pagination links
* F_SETLK is now used to avoid creating stale lock files
== ChangeLog v0.11.0 ==
31 files changed, 328 insertions(+), 211 deletions(-)
Features:
* "stat-only" diff type, for kernel.org, where diff's can become huge
* Show rel='vcs-git' on clone URL attributes
* Add rel-vcs microformat links to HTML <head> section
* Add "owner-filter" option, for filtering the owner column in the index
* Snapshots now have HTTP ETags, for better caching
* repo.hide and repo.ignore can now be specified for changing repository
visibility
Changes:
* Rebased on Git 2.3.0
* Match more Markdown extensions
* Tooltips now show absolute time for relative date markers
* Use git's built-in ident line splitting algorithm instead
* The patch output now matches git's format
Bug fixes:
* More constification
* Documentation fixes
* Libravatar now uses HTTPS correctly
* Be sure README exists before displaying
* Remove trailing slash when .git is removed from links
(LICENSE is ${PERL5_LICENSE}, not changed)
--------------
version 1.08 at 2016-01-27 14:20:14 +0000
-----------------------------------------
New release to update LICENSE file
--------------
6.42 2016-01-24
- Fixed use of deprecated Perl feature in Mojo::JSON.
- Fixed validation filter bugs in Mojolicious::Validator::Validation.
- Add following line
PERL5_MODULE_TYPE= Module::Build
(Upstream)
- Update to 0.07
--------------
0.07 2015-01-14T07:27:52Z
- Use %04x not %04d (Thanks anall and teancom)
- cleanup docs add a reference to a site about preventing XSS (Thanks teancom)
- migrate with minil
-------------------
0.26: # 2015-11-25T12:30:00+0100
- No functional changes since 0.25, but we had some Travis-specific
changes in the repo, releasing just so we have the latest code there
on the CPAN.
0.25: # 2015-11-25T12:20:00+0100
- Make the t/select-timeout.t test which fails on various odd
CPANtesters platforms a TODO. Maybe some OS-specific issue, maybe an
issue with kill() in the CPANtesters sandboxes not behaving as we
expect.
--------------
0.51 2015-09-16
- add OPTIONS as a valid method
- better compatibility with CGI.pm < 3.36
- fix tests for freebsd and IPv6
- repository info
-----------------------
Curl and libcurl 7.47.0
Public curl releases: 151
Command line options: 179
curl_easy_setopt() options: 221
Public functions in libcurl: 61
Contributors: 1340
This release includes the following changes:
o version: Add flag CURL_VERSION_PSL for libpsl
o http: added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only [8]
o curl: use 2TLS by default
o curl --expect100-timeout: added [10]
o Add .dir-locals and set c-basic-offset to 2 (for emacs) [16]
This release includes the following bugfixes:
o curl: avoid local drive traversal when saving file on Windows [33]
o NTLM: do not resuse proxy connections without diff proxy credentials [34]
o tests: Disable the OAUTHBEARER tests when using a non-default port number [1]
o curl: remove keepalive #ifdef checks done on libcurl's behalf
o formdata: Check if length is too large for memory [2]
o lwip: Fix compatibility issues with later versions [3]
o openssl: BoringSSL doesn't have CONF_modules_free
o config-win32: Fix warning HAVE_WINSOCK2_H undefined
o build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS [4]
o http2: Fix hanging paused stream [5]
o scripts/Makefile: fix GNUism and survive no perl [6]
o openssl: adapt to 1.1.0+ name changes
o openssl: adapt to openssl >= 1.1.0 X509 opaque structs [7]
o HTTP2.md: spell fix and remove TODO now implemented
o setstropt: const-correctness [9]
o cyassl: fix compiler warning on type conversion
o gskit: Fix host subject altname verification [11]
o http2: Support trailer fields [12]
o wolfssl: handle builds without SSLv3 support
o cyassl: deal with lack of *get_peer_certificate [13]
o sockfilt: do not wait on unreliable file or pipe handle
o make: build zsh script even in an out-of-tree build
o test 1326: fix getting stuck on Windows
o test 87: fix file check on Windows
o configure: allow static builds on mingw [14]
o configure: detect IPv6 support on Windows [15]
o ConnectionExists: with *PIPEWAIT, wait for connections [17]
o Makefile.inc: s/curl_SOURCES/CURL_FILES [18]
o test 16: fixed for Windows
o test 252-255: use datacheck mode text for ASCII-mode LISTings
o tftpd server: add Windows support by writing files in binary mode
o ftplistparser: fix handling of file LISTings using Windows EOL
o tests first.c: fix calculation of sleep timeout on Windows
o tests (several): use datacheck mode text for ASCII-mode LISTings
o CURLOPT_RANGE.3: for HTTP servers, range support is optional
o test 1515: add MSYS support by passing a relative path
o curl_global_init.3: Add Windows-specific info for init via DLL [19]
o http2: Fix client write for trailers on stream close [20]
o mbedtls: Fix ALPN support
o connection reuse: IDN host names fixed [21]
o http2: Fix PUSH_PROMISE headers being treated as trailers [22]
o http2: handle the received SETTINGS frame [23]
o http2: Ensure that http2_handle_stream_close is called [24]
o mbedtls: implement CURLOPT_PINNEDPUBLICKEY
o runtests: Add mbedTLS to the SSL backends
o IDN host names: Remove the port number before converting to ACE [25]
o zsh.pl: fail if no curl is found
o scripts: fix zsh completion generation
o scripts: don't generate and install zsh completion when cross-compiling [26]
o lib: Prefix URLs with lower-case protocol names/schemes [27]
o ConnectionExists: only do pipelining/multiplexing when asked [28]
o configure: assume IPv6 works when cross-compiled [29]
o openssl: for 1.1.0+ they now provide a SSLeay() macro of their own
o openssl: improved error detection/reporting
o ssh: CURLOPT_SSH_PUBLIC_KEYFILE now treats "" as NULL again [30]
o mbedtls: Fix pinned key return value on fail [31]
o maketgz: generate date stamp with LC_TIME=C [32]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Anders Bakken, Christian Stewart, Dan Fandrich,
Daniel Schauenberg, Daniel Stenberg, Francisco Moraes, Gisle Vanem,
Isaac Boukris, Johannes Schindelin, John Kohl, Kamil Dudka, Marc Hoersken,
Michael Kaufmann, Mohammad AlSaleh, Patrick Monnerat, Ray Satiro, Steve Holme,
Tatsuhiro Tsujikawa, Thomas Glanzmann, Thomas Klausner,
(21 contributors)
Thanks! (and sorry if I forgot to mention someone)
Changelog:
New
Improved warning pages for certificate errors and untrusted connections
Enable H.264 if system decoder is available
Enable WebM/VP9 video support on systems that don't support MP4/H.264
In the animation-inspector timeline, lightning bolt icon next to animations running on the compositor thread
Support the brotli compression format via HTTPS content-encoding
Screenshot commands allow user choice of pixel ratio in Developer Tools
Fixed
Windows XP and Vista screensaver doesn't disable when watching videos (Bug 1193610)
Various security fixes
Changed
To support unicode-range descriptor for webfonts, font matching under Linux now uses the same font matching code as other platforms
Use a SHA-256 signing certificate for Windows builds, to meet new signing requirements
Firefox has removed support for the RC4 decipher
Firefox will no longer trust the Equifax Secure Certificate Authority 1024-bit root certificate or the UTN - DATACorp SGC to validate secure website certificates
Stricter validation of web fonts
On-screen keyboard support temporarily turned off for Windows 8 and Windows 8.1
Developer
Right click on a logged object in the console to store it as a global variable on the page
Visual tools for Animation:
View/Edit CSS animation keyframe rules directly in the inspector
Visually modify the cubic-bezier curve that drives the way animations progress through time
Discover and scrub through all CSS animations and transitions playing on the page
Learn more: http://devtoolschallenger.com/
Visual tools for Layout and Styles:
Display rulers along the viewport to verify size and position and use the measurement tool to easily detect spacing and alignment problems
Use CSS filters to preview and create real-time effects like drop-shadows, sepia, etc
Learn more: http://devtoolschallenger.com/
New memory tool for inspecting the memory heap
Service Workers API
Built-in JSON reader to intuitively view, search, copy and save data without extensions
Jump to function definitions in the debugger with Cmd-Click
WebSocket Debugging API and add-on
The rule view now displays styles using their authored text, and edits in the rule view are now linked to the style editor
Security bugs:
Fixed in Firefox 44
2016-12 Lightweight themes on Firefox for Android do not verify a secure connection
2016-11 Application Reputation service disabled in Firefox 43
2016-10 Unsafe memory manipulation found through code inspection
2016-09 Addressbar spoofing attacks
2016-08 Delay following click events in file download dialog too short on OS X
2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS
2016-06 Missing delay following user click events in protocol handler dialog
2016-05 Addressbar spoofing through stored data url shortcuts on Firefox for Android
2016-04 Firefox allows for control characters to be set in cookie names
2016-03 Buffer overflow in WebGL after out of memory allocation
2016-02 Out of Memory crash when parsing GIF format images
2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
- security fixes when using the "resolver" directive
- bugfixes for "proxy_protocol" parameter of "listen", "try_files" and
"alias" directives, when using different ssl_session_cache settings
across vhosts, "spdy" could be active when builtin but not explicitly
enabled
vimb is a fast and lightweight web browser based on the webkit web browser
engine and the gtk toolkit. vimb is modal like the great vim editor and
also easily configurable during runtime. vimb is mostly keyboard driven
and does not detract you from your daily work.
Python LiveReload is a web server library and command line utility, designed
for web developers who know Python. It comes with the livereload command for
starting up a server in an arbitrary directory, serving up files inside that
directory, and watching for changes to files which trigger regeneration.
[ Amitai Schlair ]
* meta: Fix [[!meta name=foo]] by closing the open quote.
* Avoid unescaped "{" in regular expressions
* meta test: Add tests for many behaviors of the directive.
* img test: Bail gracefully when ImageMagick is not present.
[ Joey Hess ]
* emailauth: Added emailauth_sender config.
* Modified page.tmpl to to set html lang= and dir= when
values have been specified for them, which the po plugin does.
* Specifically license the javascript underlay under the permissive
basewiki license.
[ Simon McVittie ]
* git: if no committer identity is known, set it to
"IkiWiki <ikiwiki.info>" in .git/config. This resolves commit errors
in versions of git that require a non-trivial committer identity.
* inline, trail: rename show, feedshow parameters to limit, feedlimit
(with backwards compatibility)
* pagestats: add "show" option to show meta fields. Thanks, Louis
* inline: force RSS <comments> to be a fully absolute URL as required
by the W3C validator. Please use Atom feeds if relative URLs are
desirable on your site.
* inline: add <atom:link rel="self"> to RSS feeds as recommended by
the W3C validator
* inline: do not produce links containing /./ or /../
* syslog: accept and encode UTF-8 messages
* syslog: don't fail to log if the wiki name contains %s
* Change dependencies from transitional package perlmagick
to libimage-magick-perl (Closes: #789221)
* debian/copyright: update for the rename of openid-selector to
login-selector
* d/control: remove leading article from Description
(lintian: description-synopsis-starts-with-article)
* d/control: Standards-Version: 3.9.6, no changes required
* Wrap and sort control files (wrap-and-sort -abst)
* Silence "used only once: possible typo" warnings for variables
that are part of modules' APIs
* Run autopkgtest tests using autodep8 and the pkg-perl team's
infrastructure
* Add enough build-dependencies to run all tests, except for
non-git VCSs
* tests: consistently use done_testing instead of no_plan
* t/img.t: do not spuriously skip
* img test: skip testing PDFs if unsupported
* img test: use the right filenames when testing that deletion occurs
-- Simon McVittie <smcv@debian.org> Thu, 21 Jan 2016 09:53:07 +0000
Changes:
- Disable DNS prefetch when a proxy is configured.
- Reduce the maximum simultaneous network connections to match other browsers.
- Make WebKitWebView always propagate motion-notify-event signal.
- Add a way to force accelerating compositing mode at runtime using an environment variable.
- Fix input elements and scrollbars rendering with GTK+ 3.19.
- Fix rendering of lines when using solid colors.
- Fix UI process crashes related to not having a main resource response when the load is
committed for pages restored from the history cache.
- Fix a WebProcess crash when loading large contents with custom URI schemes API.
- Fix a crash in the UI process when the WebView is destroyed while the screensaver DBus proxy
is being created.
- Fix WebProcess crashes due to BadDrawable X errors in accelerated compositing mode.
- Fix crashes on PPC64 due to mprotect() on address not aligned to the page size.
- Fix std::bad_function_call exception raised in dispatchDecidePolicyForNavigationAction.
- Fix downloads of data URLs.
- Fix runtime critical warnings when closing a page containing windowed plugins.
- Fix several crashes and rendering issues.
- Translation updates: French, German, Italian, Turkish.
- Security fixes: CVE-2015-7096, CVE-2015-7098.
Upstream changes:
6.41 2016-01-20
- Added support for validation filters.
- Added filters attribute to Mojolicious::Validator.
- Added add_filter method to Mojolicious::Validator.
- Added filter arguments to optional and required methods in
Mojolicious::Validator::Validation.
- Fixed MOJO_WEBSOCKET_DEBUG environment variable. (jberger)
6.40 2016-01-13
- Removed client_challenge, client_handshake, server_handshake and server_open
methods from Mojo::Transaction::WebSocket. (batman, sri)
- Removed is_writing method from Mojo::Transaction.
- Removed upgrade event from Mojo::Transaction::HTTP.
- Deprecated Mojo::Transaction::WebSocket::build_frame and
Mojo::Transaction::WebSocket::parse_frame in favor of
Mojo::WebSocket::build_frame and Mojo::WebSocket::parse_frame. (batman)
- Replaced deprecated proxy method in Mojo::Message::Request with an
attribute.
- Added SNI support to all built-in web servers. (bpmedley, sri)
- Added module Mojo::WebSocket. (batman)
- Added established attribute to Mojo::Transaction::WebSocket.
- Added completed method to Mojo::Transaction.
- Updated jQuery to version 2.2.0.
- Improved performance of Mojo::Server::Daemon and Mojo::UserAgent slightly.
- Improved mtime attribute in Mojo::Asset::Memory to default to the value of
$^T.
- Improved app generator command to generate more portable scripts.
- Fixed a few timing bugs.
- Fixed url_for to handle fragments correctly.
This goes as far back as 2001 (mk.conf.example) but there should not be any
reason to explicitly set CFLAGS for specific packages. In practice this
even fixes support for global CFLAGS in www/apache{22,24}.
ok gdt@
pkgsrc changes:
o Update MASTER_SITES and HOMEPAGE (libproxy migrated to GitHub)
o Delete patches/patch-libproxy_modules_config__macosx.cpp, now present in the
stable release.
Changes:
New in version 0.4.12
==============================
* Move development to github.com/libproxy/libproxy
* Fix fd leak in get_pac (Bug #185)
* Detect running MATE session (Bug #186, Part1).
* Fix linking of perl bindings to pthread (Bug #182)
* Correctly detect spidermonky (mozjs185) (Bug #188)
* Stop pxgsettings from segfaulting on exit (Bug #192)
* Fix test #10 (Bug #189)
* Fix build on Mac OS X (Bug #183)
* Add a generic KDE Config module (fix crashes of Qt5 based
apps) (issue#4)
- Add following line for make test
BUILD_DEPENDS+= p5-Test-Exception-[0-9]*:../../devel/p5-Test-Exception
(upstream)
Update to 0.25
--------------
0.25 2015-04-21T23:39:33Z
Author: Yanick Champoux <yanick at babyl.dyndns.org>
silence warnings
... as the arguments can be undefined
Fixes#10
- Drop PERL5_MODULE_TYPE statement to be default
- Add three lines for make test
BUILD_DEPENDS+= p5-Test-Stream-[0-9]*:../../devel/p5-Test-Stream
BUILD_DEPENDS+= p5-Capture-Tiny-[0-9]*:../../devel/p5-Capture-Tiny
BUILD_DEPENDS+= p5-File-Slurper-[0-9]*:../../devel/p5-File-Slurper
(upstream)
Update 1.05 to 1.09
-------------------
1.09 2015-11-29T10:08:00
- Replace "\t" with \s{4} in scripts/synopsis.pl and t/synopsis.html
in an attempt to fix the large number of failures reported by CPAN
Testers.
- Patch t/test.t to use File::Spec to join a dir to a file name.
- Use $^X rather than 'perl' to invoke Perl in t/test.t.
- Make some pre-req version #s explicit.
1.08 2015-11-26T14:26:00
- In V 1.07 I patched t/test.t to use Test::Stream instead of Test::More,
but did not patch Makefile.PL to match. Test::More is still used for
xt/author/pod.t.
1.07 2015-11-24T08:47:00
- Apologies: Forgot to release V 1.06 to CPAN.
- Add scripts/synopsis.pl and its output t/synopsis.html.
- Copy scripts/synopsis.pl into docs.
- Add t/test.t to run scripts/synopsis.pl and compare the output
to t/synopsis.html.
- Update pre-reqs to add Capture::Tiny and File::Slurper,
which are used in t/test.t.
- Add .gitignore to MANIFEST.SKIP.
- Remove Build.PL.
- Remove t/load.t.
- Reformat the dates in this file.
1.06 2015-02-18T16:32:00
- Add use strict and use warnings to Build.PL and Makefile.PL.
- Add github repo to Build.PL, Makefile.PL and docs.
- Move t/pod.t to xt/author/.
- Patch Build.PL to handle xt/author/*.t.
-------------------------
5.90035 - Tue Mar 31 09:57:18 EDT 2015
Updates the deprecation message to reflect the fact that this module
has been dropped from Catalyst::Runtime.
[No meaningful code changes. No need to upgrade.]
5.90034 - Tue Mar 31 09:47:32 EDT 2015
Adds Catalyst::Runtime to list of prereqs.
- Catalyst::Runtime was not previously included as prereq as it caused
circular dependencies. As of v5.90060, Catalyst::Runtime no longer
includes this module as a prereq. Since that was released 14 months ago,
it should be relatively safe to include Catalyst::Runtime as a prereq.
Adds travis.ci integration.
[No code changes. No need to upgrade.]
---------------
0.005 18 Nov 2015
- two_args_POST now defers to model to indicate support for
$model->create_related
- refactor tests to set explicit content-type for PUT requests
(https://rt.cpan.org/Ticket/Display.html?id=108962)
--------------
0.36 Wed Nov 25 12:00:00 CT 2015
- POD updates, improved warning messages, strictness (andyjack++)
- Make the default BOM added for safari optional. Possible breaking
change, please file issues if this causes trouble.
- New render method to let you just get a JSON encoded version of
some data (Added to make compatible with the unofficial Catalyst
View API that has a render method).
--------------
0.40 2015-01-26
- Add a flag so that a storage can finalize during finalize_header rather
than finalize_body. This is to enable storages that need to write to the
HTTP header (such as the cookie based store).
--------------
0.21 2016-01-01 13:13:10 PST
- fix warnings with non-numeric return values (rkitover) #18
- fix uninitialized value in open warning on perl 5.8 (rkitover)
--------------
3.24 2016-01-13
- Update Apache 2.4 README, flesh out guts of Authz Provider notes.
- Improve Apache 2.4 README's AuthzProvider documentation
- Add POD to Apache2_4::AuthCookie
- Add FAQ to Apache2_4::AuthCookie documenation
- 2.4: document that PerlAddAuthzProvider is only needed for *custom* Requires directives.
- 2.4: make authz_handler recognize multiple usernames in the directive like
mod_authz_user does.
- add test case for internal authz_handler
- explicitly require Apache::Test 1.39 so that APACHE2_4 defines are set
Move the line of ${SED} from do-install to post-patch, to pet pkglint
Upstream change:
Releases > Moodle 3.0.2 release notes
Release date: 11 January 2016
Here is the full list of fixed issues in 3.0.2.
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
This is a very quiet release since Moodle 3.0.1 has only come out recently and lots of developers and users took Christmas holidays after that. Additional interesting issues included in 3.0.2 are:
MDL-49473 - Logs export contains year
MDL-52078 - Fixed error in grade totals when using natural grading and excluding hidden items that appeared only when viewed by students
MDL-52354, MDL-52355 - Database module now allows to set dates in a broader range and respects calendar type plugin
MDL-51257 - Messaging screen now indicates when a message is not sent
MDL-52194 - Fixed Flowplayer not working with insecure configuration of request_order
* Ssl::CertValidationHelper::sslSubmit: Assure that the callback->getDialer()
* Fix build error with ICC
* Fix GnuTLS detection via pkg-config
* Reflect the [ugly] reality in external_acl_type cache=n documentation.
* Avoid memory leaks when a certificate validator is used with SslBump
* Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
* Fix clang build error after rev.13961
* Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
* Fix startup crash with a misconfigured (too-small) shared memory cache
* Fix connection retry and fallback after failed server TLS connections
* Complete certificate chains using external intermediate certificates
* Bug 4387: Kerberos build errors on Solaris
Package changes:
- follow upstream with the rule what's installed of the files
- use newly added -DGEOIPDIR in the place of older string replace function
- stop installing an example output as a configuration file
Upstream changelog:
Logswan 1.04 (2016-01-10)
- Moving global variables into main
- Using 'size_t' instead of 'int' for array indexes in for loops
- Using 'uint32_t' for all non 'uint64_t' integers
- Do not increment hits and processed lines counter for each parsed line,
compute total only once when everything is parsed
- Setting 'CMAKE_BUILD_TYPE' to 'Release' and formatting fixes
- Sanitize CMake script to build under NetBSD (Thanks Kamil Rytarowski)
- Initializing some uninitialized variables
- Renaming 'DATADIR' variables to 'GEOIPDIR'
Logswan 1.03 (2016-01-01)
- Remove header display and do not print name of processed file
- Print results to stderr instead of stdout
- Output JSON data to stdout instead of creating a new file
- Define GeoIP databases path in CMakeLists.txt
- Adding log file name in the JSON output
- Removing some hardcoded values and replacing them with constants
defined in config.h
- Breaking the loop when a match is found in the request parser
- Using enumeration constants instead of macros
- Process GeoIP continent information
- Re-ordering protocols and methods with more common occurences on top of
the list, allowing to break earlier when iterating through the array
- Adding support for reading logs from standard input
- Renaming 'definitions' files to 'config'
- Increasing countries array size, as an attempt to be future-proof
- Initial support for using pledge() on OpenBSD
- Documentation updates (HLL precision, Features list, GeoIP databases)
- Updated JSON output example
- Added a manual page
Logswan 1.02 (2015-11-02)
- Renaming 'resource' variable to 'request' in the 'logLine' struct
- Do not attempt to parse empty date tokens
- Do not attempt to parse empty request tokens (Thanks Brian Carpenter for
reporting the issue)
This module implements a www-like shell above WWW::Mechanize and also has the
capability to output crude Perl code that recreates the recorded session.
Its main use is as an interactive starting point for automating a session
through WWW::Mechanize.
The cookie support is there, but no cookies are read from your existing browser
sessions. See HTTP::Cookies on how to implement reading/writing your current
browsers cookies.
From DESCR:
This module is intended as a simple way to fill out HTML forms from a set
of predetermined values. You set up the form filler with value elements,
retrieve the HTML form, and let the form filler loose on that form.
There are value classes provided for many tasks - fixed values, values to
be queried interactively from the user, values taken randomly from a list
of values and values specified through a callback to some Perl code.
This module abstracts the task of displaying HTML to the user. The displaying
is done by launching a browser and navigating it to either a temporary file
with the HTML stored in it, or, if possible, by pushing the HTML directly
into the browser window.
Changelog:
Fixed: Fix for startup crash for users of a third party antivirus tool (Bug 1235537)
Fixed: Multi-user GNU/Linux download folders can be created (Bug 1233434)
Changed: Re-enable SHA-1 certificates (Bug 1236975)
Upstream changes:
0.165000 2015-12-17 09:19:13+01:00 Europe/Amsterdam
[ BUG FIXES ]
* Revert session_name change, as this would invalidate all existing
changes. We will need to rethink this change.
(Stefan @racke Hornburg, Sawyer X)
0.164000 2015-12-16 23:42:24+01:00 Europe/Amsterdam
[ DOCUMENTATION ]
* Update core team members and contributors list. (Russell Jenkins)
* GH #1066: Fix typo in Cookbook. (gertvanoss)
* Correct typo. It's "query_parameters", not "request_parameters".
Thanks to mst for letting me know and making sure I fix it!
(Sawyer X)
[ BUG FIXES ]
* GH #1040: Forward with a post body no longer tries to re-read body
filehandle. (Bas Bloemsaat)
* GH #1042: Add Diggest::SHA as explicit prequisite for installs on
perl < v5.9.3. (Russell Jenkins)
* GH #1071, #1070: HTML escape the message in the default error page.
(Peter Mottram)
* GH #1062, #1063: Command line interface didn't support
"-s SKELETON_DIRECTORY" in any order.
(Nuno Carvalho)
* GH #1052, #1053: Always call before_serializer hook when serializer
is set.
(Mickey Nasriachi)
* GH #1034: Correctly use different session cookie name for Dancer2.
(Jason A. Crome)
* GH #1060: Remove trailing slashes when providing skeleton
directory.
(Gabor Szabo)
[ ENHANCEMENTS ]
* Use Plack 1.0035 to make sure you only have HTTP::Headers::Fast
in the Plack::Request object internally.
* GH #951#1037: Dancer2::Template::TemplateToolkit no longer sets TT2
INCLUDE_PATH directive, allowing `views` setting to be non-absolute
paths. (Russell Jenkins)
* GH #1032#1043: Add .dancer file to new app scaffolding.
(Jason A. Crome)
* GH #1045: Small cleanups to Request class. (Russell Jenkins)
* GH #1033: strict && warnings in Dancer2::CLI. (Mohammad S Anwar)
* GH #1052, #1053: Allow before_serializer hook to change the content
using @_.
(Mickey Nasriachi)
* GH #1060: Ignore .git directory when using an external skeleton
directory.
(Gabor Szabo)
* GH #1060: Support more asset file extensions. (Gabor Szabo)
* GH #1072: Add request->is_options(). (Theo van Hoesel)
Version 1.7.5
-------------
Released December 2nd 2015
- Added `SECURITY_TOKEN_MAX_AGE` configuration setting
- Fixed calls to `SQLAlchemyUserDatastore.get_user(None)` (this now returns
`False` instead of raising a `TypeError`
- Fixed URL generation adding extra slashes in some cases (see GitHub #343)
- Fixed handling of trackable IP addresses when the `X-Forwarded-For`
header contains multiple values
- Include WWW-Authenticate headers in `@auth_required` authentication
checks
- Fixed error when `check_token` function is used with a json list
- Added support for custom `AnonymousUser` classes
- Restricted `forgot_password` endpoint to anonymous users
- Allowed unauthorized callback to be overridden
- Fixed issue where passwords cannot be reset if currently set to `None`
- Ensured that password reset tokens are invalidated after use
- Updated `is_authenticated` and `is_active` functions to support
Flask-Login changes
- Various documentation improvements
No changelog provided; includes several structural updates including the
switch from package to module, and a change in maintainer.
Backwards Compatibility
=======================
Version 0.2.0
-------------
* The `patch_request_class` function was removed as it's unnecessary from
Flask 0.6 onward.
* Filenames without extensions are no longer lowercased by `lowercase_ext`,
only the extension is returned in lowercase, if an extension exists.
