Changelog:
Sun 15 Dec 2019 02:12:02 PM CET
Fix send() call (affects Mac OS X). #5977 -CG/fbrault
Releasing libmicrohttpd 0.9.69. -CG
Fri 29 Nov 2019 11:22:25 PM CET
If application suspends a connection before we could send 100 CONTINUE,
give application another shot at queuing a reply before the upload begins. -CG
1.1.3:
- URL-friendly parameter encoding
- Updating dependency reference for Python 3 compatibility
- Include database views in list of tables
- Fix unicode issue when generating migration with py2 or py3
- Do not use "message" attribute on exception
- Update EXPLORER_SCHEMA_EXCLUDE_TABLE_PREFIXES
- Minor Changes
- release checklist included in repo
- readme updated with new screenshots
- python dependencies/optional-dependencies updated to latest
- six, xlsxwriter, factory-boy, sqlparse
Version 2.2:
Added DjangoFilterBackend.get_schema_operation_parameters() for DRF 3.10+ OpenAPI schema generation.
Added lookup_expr to MultipleChoiceFilter
Dropped support for EOL Python 3.4
Django REST framework 3.11
The 3.11 release adds support for Django 3.0.
Our supported Python versions are now: 3.5, 3.6, 3.7, and 3.8.
Our supported Django versions are now: 1.11, 2.0, 2.1, 2.2, and 3.0.
This release will be the last to support Python 3.5 or Django 1.11.
* OpenAPI Schema Generation Improvements
* Validator / Default Context
3.2.0:
Converted setuptools metadata to configuration file. This meant removing the __version__ attribute from the package. If you want to inspect the installed version, use importlib.metadata.version("django-cors-headers") (docs / backport).
Support Python 3.8.
Update php-apcu_bc to 1.0.5.
o pkgsrc change: allow build on php74.
1.0.5 (2019-02-20)
- fix skipif.inc path in test suite
- remove APCU version from phpinfo
- remove Build date from phpinfo
1.0.4 (2018-02-10)
- promote as stable (no change)
Update php-apcu to 5.1.18.
o pkgsrc change: allow build with php74.
5.1.18 (2019-10-28)
- Implement apcu_inc() and apcu_dec() using atomic operations. This means
that these functions no longer have to acquire a write lock. These
functions will now wraparound on overflow, instead of saturating to a
floating point value.
- Make table header in apc.php sticky.
- Fix compile warnings related to mktemp() usage.
- Fix compatibility with PHP 8.0.
- Fix required number of arguments for apcu_store() returned by Reflection.
ChangeLog:
3.14.0
This release includes fixes for the JSONDOC, Liquid, Magik and TOML
lexers as well as the addition of the NES Assembly and Slice lexers.
3.13.0
This release includes a fix for the BPF lexer and the Q lexer and
the addition of the TTCN-3 lexer.
3.12.0
This release includes a handful of fixes (one for the Embedded
Elixir lexer and a couple for Rouge itself) and the addition of the
Minizinc lexer.
3.11.1
This is a small update that provides a fix for the Perl lexer.
3.11.0
This release includes some fixes for existing lexers and support
for three new languages.
3.10.0
This release includes a couple of fixes and support for five new
languages.
3.9.0
This release includes fixes for a number of lexers and support for
three new languages.
3.8.0
This release includes continued improvements to the library, fixes
for a number of lexers and support for seven new languages.
3.7.0
This release includes continued improvements to the library, fixes
for a number of lexers and support for eight new languages.
3.6.0
This release includes continued improvements to the library, fixes
for a number of lexers and—like v3.5.0—support for three new
languages.
3.5.1
This release fixes a bug in the PowerShell lexer that was affecting
some users.
3.5.0
This release includes continued improvements to the library, fixes
for a number of lexers and support for three new languages.
3.4.1
Version 3.4.0 mistakenly included a breaking change. For some
consumers of the library, this could cause Rouge to crash. This
release reverts the behaviour to be consistent with version 3.3.0.
3.4.0
We are sorry to say that v3.4.0 contains a breaking change that can
cause Rouge to crash for some users. Please use v3.4.1 instead.
From upstream's changelog:
1.1.9.2:
Bug Fixes
Fix CSRF not being checked in collection-edit.php
Other Changes
use foreach() instead of deprecated each()
1.1.9.1:
Bug Fixes
Corrects reflected cross-site scripting (XSS) vulnerability
Corrects persistent XSS vulnerability in user/group/resource details
Corrects persistent XSS vulnerability in user/group/resource list
Adds token to address cross-site request forgery (CSRF) vulnerability
Corrects syntax error in name of collection_id
Make calquery aware of default timezone
Corrections to range-based calendar queries
Add missing 'break' to rrule.php
Other Changes
Updated PHP version requirement
Changelog picked from https://github.com/nifty-site-manager/nsm/releases:
Nift (aka nsm) v1.24
Release Notes:
* fixed bugs with content/page/script extensions and mv/cp/rm
aka move/copy/del
* updated/moved removePath to remove_path and remove_file and
now removes now-empty directories
* added in ^ option for @script syntax in template language
for not making a backup copy
* added in backupScripts to config files
* added Nift commands track-dir, untrack-dir, rm-dir,
track-from-file, untrack-from-file, rm-from-file (note when
removing large volumes of pages using rm-from-file can cause
significant machine lags while running and not long after)
* added Nift commands watch, unwatch, info-watching
* got rid of pre/post build-all and build-updated scripts,
costs too much time and not really needed
* added pre/post build scripts to page dependencies
2.0.0:
- Removed support for older Python versions. On Python 2, meld3 now
requires Python 2.7. On Python 3, meld3 now requires Python 3.4 or later.
- Added Python 3.7 classifier to ``setup.py``. No code changes were
needed for Python 3.7 compatibility.
1.4.1:
* Fix regression, make the library work on Python 3.5 and 3.6 again.
1.4.0:
* Distinguish an empty password in URL from a password not provided at all
* Fixed annotations for optional parameters of ``URL.build``
* Use None as default value of ``user`` parameter of ``URL.build``
* Enforce building C Accelerated modules when installing from source tarball, use
``YARL_NO_EXTENSIONS`` environment variable for falling back to (slower) Pure Python
implementation
* Drop Python 3.5 support
* Fix quoting of plus in path by pure python version
* Don't create a new URL if fragment is unchanged
* Included in error msg the path that produces starting slash forbidden error
* Skip slow IDNA encoding for ASCII-only strings
Changelog picked from https://github.com/nifty-site-manager/nsm/releases:
Nift (aka nsm) v1.23
Release Notes:
fixed Windows bugs and tidied up with pre/post build/serve scripts and @script, @scriptoutput, @scriptraw
fixed indenting inside pre blocks with methods to input from file
added allowing quoted string variable names with whitespace and open brackets
improved filenames for temporary files
added syntax @\n to template language
added in syntax for Nift comments to template language:
<@-- .. --@> (raw multi line comment)
@/* .. @*/ (parsed multi line comment)
@--- .. @--- (parsed special multi line comment)
@# (raw single line comment)
@// (parsed single line comment)
@!\n (parsed special single line comment)
Nift (aka nsm) v1.22
Release Notes:
added in scriptExt to config files, better way to do pre/post build/serve scripts
added command new-script-ext (page-name) scriptExt
changed/improved how pre/post build/serve scripts are done
hopefully fixed bugs with @script, @scriptoutput, @scriptraw functions
added optional parameter string parameter to @script, @scriptoutput, @scriptraw functions
updated Nift info commands with additional page information
added pageinfo syntax @pagecontentext, @pagepageext, @pagescriptext to template language
added siteinfo syntax @scriptext to template language
added in buildThreads to config files
added command no-build-thrds (no-threads)
pkgsrc changes:
- Fixed building with wayland libs installed
Security fixes:
- CVE-2019-17008: Use-after-free in worker destruction
- CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebRTC code
- CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher
- CVE-2019-17009: Updater temporary files accessible to unprivileged processes
- CVE-2019-17010: Use-after-free when performing device orientation checks
- CVE-2019-17005: Buffer overflow in plain text serializer
- CVE-2019-17011: Use-after-free when retrieving a document in antitracking
- CVE-2019-17012: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
BUGFIXES
Fix max length check and limit in multiple repo forms (#9148) (#9204)
Properly fix displaying virtual session provider in admin panel (#9137) (#9203)
Upgrade levelqueue to 0.1.0 (#9192) (#9199)
Fix panic when diff (#9187) (#9193)
Smtp logger configuration sendTos should be an array (#9154) (#9157)
Always Show Password Field on Link Account Sign-in Page (#9150)
Create PR on Current Repository by Default (#8670) (#9141)
Fix race on indexer (#9136) (#9139)
Fix reCAPTCHA URL (#9119)
Hide migrated credentials (#9098)
Update golang.org/x/crypto vendor to use acme v2 (#9056) (#9085)
Fix password checks on admin create/edit user (#9076) (#9081)
Fix add search as a reserved username (#9063) (#9065)
Fix permission checks for close/reopen from commit (#8875) (#9033)
Ensure Written is set in GZIP ProxyResponseWriter (#9018) (#9025)
Fix broken link to branch from issue list (#9003) (#9021)
Fix wrong system notice when repository is empty (#9020)
Shadow password correctly for session config (#8984) (#9002)
* Remove oss option. Its patch is not usable for 71.0.
Changelog:
New
Improvements to Lockwise, our integrated password manager:
Firefox now recognizes subdomains and will autofill domain logins from Lockwise
Integrated breach alerts from Firefox Monitor are now available to users with screen readers
More information about Enhanced Tracking Protection in action:
Notifications when Firefox blocks cryptominers
A running tally of blocked trackers in the protection panel accessed by clicking the address bar shield
Picture-in-picture video comes to Firefox for Windows: Select the blue icon from the right edge of a video to pop open a floating window so you can keep watching while working in other tabs. Learn how the feature works.
Native MP3 decoding on Windows, Linux, and macOS
Security fixes:
Not available yet.
2.2.8:
* CVE-2019-19118: Privilege escalation in the Django admin.
* Fixed a data loss possibility in the admin changelist view when a custom formset’s prefix contains regular expression special characters, e.g. ‘$’.
* Fixed a regression in Django 2.2.1 that caused a crash when migrating permissions for proxy models with a multiple database setup if the default entry was empty.
* Fixed a data loss possibility in the select_for_update(). When using 'self' in the of argument with multi-table inheritance, a parent model was locked instead of the queryset’s model
Changelog picked from https://github.com/nifty-site-manager/nsm/releases:
Nift (aka nsm) v1.21
Release Notes:
removed trailing '/' or '\' from @contentdir and @sitedir output
fixed bugs with @contentdir, @sitedir, @contentext syntax
fixed indenting when parsing parameters
added more error handling with Nift commands new-[cont/page]-ext
added file input syntax @RawContent, @inputraw, @scriptraw, @systemraw to template language
added user input syntax @userin, @userfilein to template language
6.43 2019-11-26 13:54:43Z
- Continue trying different Authentication challenge schemes if
credentials are wrong (Roman Galeev, Julien Fiegehenn)
6.42 2019-11-20 17:40:52Z
- Add retry handling for a stale nonce with digest authentication (marmotil
and Frank Maas) (GH#40, GH#313, GH#321)
- Add the patch method to LWP::UserAgent. (GH#334) (Chase Whitener)
- Fix docs to match keep_alive => undef behavior, add some trivial tests
(GH#333) (Ville Skyttä)
- Documentation grammar fixes (GH#331) (Ville Skyttä)
6.41 2019-10-28 14:42:06Z
- Allow mirroring to files called '0' (GH#329) (Mark Fowler)
6.40 2019-10-24 12:55:45Z
- Let Digest authentication act on nonce expiry (GH#313) (Frank Maas)
- Make file arg for mirror mandatory #304 (GH#326) (Julien Fiegehenn)
- Doc fix: fields starting with ":" have to be quoted (GH#324) (Slaven
Rezić)
- Fix documentation for removing all handlers (GH#319) (leedo)
- Ensure proper version of Dist::Zilla::Plugin::MakeMaker::Awesome
- Add TravisCI testing for Perl v5.30
- Clean up .perltidyrc
0.58 2019-09-30
* Made the tests pass on IPv6 enabled systems
Uncovered by making Test::HTTP::LocalServer work on IPv6 enabled systems.
* Test-only improvements, no need to upgrade
0.026 2019-10-08T12:00:22
- Workaround for another timeout exception (Stanislaw Pusep)
- Dist::Zilla maintenance (Stanislaw Pusep)
- CURLOPT_HTTP_VERSION: eval and CURL_HTTP_VERSION_3 (Nick Kostyria)
- CURLOPT_HTTP_VERSION: re updated (Nick Kostyria)
- CURLOPT_HTTP_VERSION (Nick Kostyria)
0.025 2019-07-15T11:27:30
- Failing test fixes (Stanislaw Pusep)
0.024 2019-07-12T12:22:28
- PUT test should no longer fail (Stanislaw Pusep)
- die() is still OK (Stanislaw Pusep)
- Regenerated README (Stanislaw Pusep)
- Updated libcurl symbols (Stanislaw Pusep)
- A less exotic URL for redirect test (Stanislaw Pusep)
- Not every installation of Net::Curl does support select() polling
(Stanislaw Pusep)
- Add and populate META files with MetaJSON and MetaProvides::Package
(José Joaquín Atria)
6.07 2019-11-15 18:11:42Z
- Fix t/issue32.t on old perl versions (GH#59) (Bernhard M. Wiedemann)
6.06 2019-11-12 14:28:31Z
- Make test pass in 2025 (GH#56) (Bernhard M. Wiedemann)
2.4.0:
* Adds CI testing against and support for Python 3.8.
* Adds support for ``raw_path`` in ASGI scope.
* Ensures an error response is sent to the client if the application sends
malformed headers.
* Resolves an asyncio + multiprocessing problem when testing that would cause
the test suite to fail/hang on macOS.
* Requires installing Twisted's TLS extras, via ``install_requires``.
* Adds missing LICENSE to distribution.
8.1
Added compatibility with Python 3.8.
8.0.2
Restored the ability to pass a socket with the sock parameter of :func:`~server.serve`.
Removed an incorrect assertion when a connection drops.
8.0.1
Restored the ability to import WebSocketProtocolError from websockets.
8.0
Warning
Version 8.0 drops compatibility with Python 3.4 and 3.5.
Note
Version 8.0 expects process_request to be a coroutine.
Previously, it could be a function or a coroutine.
If you're passing a process_request argument to :func:`~server.serve` or :class:`~server.WebSocketServerProtocol`, or if you're overriding :meth:`~protocol.WebSocketServerProtocol.process_request` in a subclass, define it with async def instead of def.
For backwards compatibility, functions are still mostly supported, but mixing functions and coroutines won't work in some inheritance scenarios.
Note
Version 8.0 changes the behavior of the max_queue parameter.
If you were setting max_queue=0 to make the queue of incoming messages unbounded, change it to max_queue=None.
Note
Version 8.0 deprecates the host , port , and secure attributes of :class:`~protocol.WebSocketCommonProtocol`.
Use :attr:`~protocol.WebSocketCommonProtocol.local_address` in servers and :attr:`~protocol.WebSocketCommonProtocol.remote_address` in clients instead of host and port.
Note
Version 8.0 renames the WebSocketProtocolError exception to :exc:`ProtocolError` .
A WebSocketProtocolError alias provides backwards compatibility.
Note
Version 8.0 adds the reason phrase to the return type of the low-level API :func:`~http.read_response` .
Also:
:meth:`~protocol.WebSocketCommonProtocol.send`, :meth:`~protocol.WebSocketCommonProtocol.ping`, and :meth:`~protocol.WebSocketCommonProtocol.pong` support bytes-like types :class:`bytearray` and :class:`memoryview` in addition to :class:`bytes`.
Added :exc:`~exceptions.ConnectionClosedOK` and :exc:`~exceptions.ConnectionClosedError` subclasses of :exc:`~exceptions.ConnectionClosed` to tell apart normal connection termination from errors.
Added :func:`~auth.basic_auth_protocol_factory` to enforce HTTP Basic Auth on the server side.
:func:`~client.connect` handles redirects from the server during the handshake.
:func:`~client.connect` supports overriding host and port.
Added :func:`~client.unix_connect` for connecting to Unix sockets.
Improved support for sending fragmented messages by accepting asynchronous iterators in :meth:`~protocol.WebSocketCommonProtocol.send`.
Prevented spurious log messages about :exc:`~exceptions.ConnectionClosed` exceptions in keepalive ping task. If you were using ping_timeout=None as a workaround, you can remove it.
Changed :meth:`WebSocketServer.close() <server.WebSocketServer.close>` to perform a proper closing handshake instead of failing the connection.
Avoided a crash when a extra_headers callable returns None.
Improved error messages when HTTP parsing fails.
Enabled readline in the interactive client.
Added type hints (PEP 484).
Added a FAQ to the documentation.
Added documentation for extensions.
Documented how to optimize memory usage.
Improved API documentation.
Changelog picked from https://github.com/nifty-site-manager/nsm/releases:
Nift (aka nsm) v1.20
Release Notes:
made template language available with input parameters
added paginfo syntax @pagename, @pagepath, @contentpath, @templatepath to template language
added siteinfo syntax @contentdir, @sitedir, @contentext, @pageext, @defaulttemplate to template language
fixed indenting bugs
fixed os_mtx functionality
added optional sleepTime parameter for Nift serve command
Nift (aka nsm) v1.19
Release Notes:
added more error handling
added string variables
added rootBranch and siteBranch to config files
changed/improved/finalised how pre/post build/serve scripts are done
fixed @script[output] and @System[output/content]
added pre/post build-[all/updated] script support
Nift (aka nsm) v1.18
Release Notes:
added FileSystem.[h/cpp] to the project
added cpDir function to FileSystem.[h/cpp]
renamed trash to ret_val and handle more errors
fixed numerous minor bugs
Nift (aka nsm) v1.17
Release Notes:
changed std::endl to "\n" when writing to file, 20% improvement in build-all time on some machines, no improvement on others
changed pages set to pointer in PageBuilder.h, significantly less memory consumption
added/improved Nift commands new-template, new-site-dir, new-cont-dir, new-cont-ext, new-page-ext
added @systemcontent(sys-call) syntax to template language
fixed bug with @System, @systemoutput, @script, @scriptoutput syntax
Nift (aka nsm) v1.16
Release Notes:
improved multithreading
added @inputhead syntax to the template language
fixed read_sys_call and read_path
improved new-page-ext
Nift (aka nsm) v1.15
Release Notes:
added non-default page extension support
added @dep syntax to the template language
Haunt is a static site generator written in Guile Scheme.
Haunt features a functional build system and an extensible
interface for reading articles in any format.
Haunt is a static site generator written in Guile Scheme.
Haunt features a functional build system and an extensible
interface for reading articles in any format.
20.0.3:
- fixed load of a config file without a Python extension
- fixed `socketfromfd.fromfd` when defaults are not set
we now warn when we load a config file without Python Extension
20.0.2:
fix changelog
20.0.1:
fixed the way the config module is loaded. __file__ is now available
fixed wsgi.input_terminated. It is always true.
use the highest protocol version of openssl by default
only support Python >= 3.5
added __repr__ method to Config instance
fixed support of AIX platform and musl libc in socketfromfd.fromfd function
fixed support of applications loaded from a factory function
fixed chunked encoding support to prevent any request smuggling
Capture os.sendfile before patching in gevent and eventlet workers. fix RecursionError.
removed locking in reloader when adding new files
load the WSGI application before the loader to pick up all files
AUTOFIX: Makefile:58: Replacing "${PKGSRC_COMPILER} == \"sunpro\"" with "${PKGSRC_COMPILER:Msunpro}".
The PKGSRC_COMPILER can be a list of chained compilers, e.g. "ccache
distcc clang". Therefore, comparing it using == or != leads to wrong
results in these cases.
setup.py is invoked internally hardcoding `--optimize 2' that leads to PLIST
mismatches when Python 3 is used. Substitute it to `--optimize 1' to be
consistent with other Python packages.
Thanks to <martin> for spotting this problem and testing this patch!
nghttp2 v1.40.0
lib: Add nghttp2_check_authority as public API (GH-1413)
lib: Fix the bug that stream is closed with wrong error code (GH-1408)
lib: Faster huffman encoding and decoding (GH-1405)
build: Avoid filename collision of static and dynamic lib (Patch from William A Rowe Jr) (GH-1394)
build: Add new flag ENABLE_STATIC_CRT for Windows (Patch from William A Rowe Jr) (GH-1393)
build: cmake: Support building nghttpx with systemd (Patch from Andrew Penkrat) (GH-1377)
third-party: Update neverbleed to fix memory leak
nghttpx: Fix bug that mruby is incorrectly shared between backends (GH-1392)
nghttpx: Reconnect h1 backend if it lost connection before sending headers
nghttpx: Returns 408 if backend timed out before sending headers
nghttpx: Fix request stall (GH-1378)
Changes with nginx 1.17.6:
*) Feature: the $proxy_protocol_server_addr and
$proxy_protocol_server_port variables.
*) Feature: the "limit_conn_dry_run" directive.
*) Feature: the $limit_req_status and $limit_conn_status variables.
Upstream changes:
Moodle 3.8 release notes
Releases > Moodle 3.8 release notes
Release date: 18 November 2019
Here is the full list of fixed issues in 3.8.
If you are upgrading from a previous version, please see Upgrading in the user docs.
Contents
1 Server requirements
1.1 Database requirements
2 Client requirements
2.1 Browser support
3 Major features
3.1 Analytics
3.2 H5P integration
3.3 Forum summary report
3.4 Forum export
3.5 Forum grading
3.6 Forum UI improvements
3.7 Assignment
3.8 Question bank
3.9 Course relative dates (experimental)
3.10 Course overview
3.11 Emojis
3.12 Usability improvements
4 Other highlights
4.1 Functional changes
4.2 For administrators
5 For developers
5.1 Web services additions and updates
5.2 Component API upgrades
6 See also
Server requirements
These are just the minimum supported versions. We recommend keeping all of your software and operating systems up-to-date.
Moodle upgrade: Moodle 3.2 or later
PHP version: minimum PHP 7.1.0 Note: minimum PHP version has increased since Moodle 3.6. PHP 7.2.x and 7.3.x are supported too. PHP 7.x could have some engine limitations.
PHP extension intl is required since Moodle 3.4 (it was recommended in 2.0 onwards)
Database requirements
Moodle supports the following database servers. Again, version numbers are just the minimum supported version. We recommend running the latest stable version of any software.
Database Minimum version Recommended
PostgreSQL 9.4 Latest
MySQL 5.6 Latest
MariaDB 5.5.31 Latest
Microsoft SQL Server 2012 (increased since Moodle 3.7) Latest
Oracle Database 11.2 Latest
Client requirements
Browser support
Moodle is compatible with any standards compliant web browser. We regularly test Moodle with the following browsers:
Desktop:
Chrome
Firefox
Safari
Edge
Internet Explorer
Mobile:
MobileSafari
Google Chrome
For the best experience and optimum security, we recommend that you keep your browser up to date.
Note: Legacy browsers with known compatibility issues with Moodle 3.8:
Internet Explorer 10 and below
Safari 7 and below
Major features
Analytics
MDL-64739 - Analytics models may be restricted to category or course contexts
MDL-65588 - Insights about students who have not logged in recently
MDL-65562 - Report on the actions executed by users on predictions
MDL-65633 - Allow targets to limit the analysis interval to a specific interface or parent class.
MDL-66234 - Extra garbage collection for analytics
MDL-66254 - Require enrolments to be active for most of the analysis interval
MDL-62191 - Add bulk actions for analytics' insights
MDL-66536 - Insight notifications improvements
MDL-60949 - Analytics models should be sorted by name and not last modified
MDL-66004 - Allow the Python machine learning backend to run from a separate server
MDL-58992 - Add multi-class capabilities to prediction processors
MDL-65585 - Global on/off switch for analytics
H5P integration
MDL-66388 - Create a new button in Atto to add H5P content in anywhere from hp5.com and h5p.org external URLs
MDL-66398 - Improve H5P filter to allow internal H5P content URLs
MDL-66593 - Implement backup and restore process for H5P content
MDL-67059 - Add Admin UI to manually upload H5P content-type libraries
MDL-67057 - Create a capability to update H5P content-type libraries
MDL-67058 - Create a task to install H5P content-type libraries
MDL-66609 - Create the basic skeleton, library and interfaces for rendering H5P content
MDL-66399 - Improve H5P Atto button to upload content
MDL-66397 - Create a new filter to convert h5p.com and h5p.org URLs to embed code
Forum summary report
MDL-66153 - Forum report: Basic skeleton
MDL-66298 - Forum summary report option to message selected users
MDL-66268 - Groups filter in forum summary report
MDL-66373 - Dates filter in forum summary report
MDL-66297 - Link forum summary report to export of each user's post content
MDL-66694 - Add columns for word count and character count to the forum summary report
MDL-66768 - Add the ability to download the forum summary report
Forum export
MDL-66075 - Forum export functionality
MDL-66631 - Dates filter in forum export
MDL-66808 - Forum export options for human-readable dates and removing HTML
Forum grading
MDL-66074 - Create forum grading interface
MDL-66358 - Display grading form in the grading panel
MDL-66365 - Add a button to display the entire discussion for a post being graded
MDL-67116 - Make 'require grade' an activity completion criterion for the forum
MDL-66381 - Forum grading user search
MDL-66360 - Forum grading option to send notification to student
MDL-66906 - Forum view grades option for students
MDL-66359 - Support restricting the user list to a specific group
Forum UI improvements
MDL-66477 - Create settings side drawer for new discussion view
MDL-64821 - Create new discussion view for forum
MDL-66481 - Update display of discussion in discussion list table
MDL-65129 - Search starred discussions only option in forum advanced search
Assignment
MDL-63349 - Assignment: Annotate PDF - Rotate submitted image automatically
MDL-66537 - Annotate PDF - Right-to-left UI - The rotate buttons order is confusing
MDL-63878 - Enable the saving and printing of annotated PDFs from previous attempts
MDL-64811 - Assignment: Add warning about students falling into Default group if group submissions are enabled but not required
MDL-65797 - Performance improvements for user / group overrides for mod assign
Question bank
MDL-66553 - Display ID number and tags in the question bank UI
MDL-66816 - Question bank: replace the row of edit icons with an Edit menu
MDL-67153 - Allow question types to add extra actions to the Question bank edit menu
Course relative dates (experimental)
MDL-66147 - Assignment due date relative to the student course start date
MDL-66144 - Weeks format relative dates
MDL-66143 - Course relative dates mode setting
MDL-66148 - Option to override the assignment due date in a relative dates course
Course overview
MDL-64901 - block_myoverview: Add admin setting to control the available layouts
MDL-66016 - An admin can set which filters are available for users to select in their Dashboard course overview
MDL-66017 - An admin can specify a course custom field as a filter for users to select in their Dashboard course overview
MDL-63612 - Course card pattern colours may be specified by an admin
MDL-65621 - Courses with course visibility set to hide should be labelled 'Hidden from students' in the course overview
MDL-64860 - block_myoverview: Improve pagination widget
MDL-64094 - Change 'Hidden' to 'Removed from view' in the course overview
Emojis
MDL-65896 - Add emojis to messaging
MDL-46779 - Atto should support full emoji
Usability improvements
MDL-34498 - Session Timeout alert
MDL-61043 - Provide a more consistent and better way of selecting and deselecting all items in a list
MDL-48610 - Show alphabet filter in grader report even when there are less than 100 users
MDL-38555 - Forms do not prevent same data submission multiple times
MDL-59639 - Browser back button should work as expected in the administration menu with Boost theme
MDL-57208 - Let users set their default homepage
MDL-66178 - Participants list - Filter users with no roles
MDL-65671 - Calendar view selector enables users to switch between month, day and upcoming events
MDL-66563 - Improve drag and drop question accessibility in high-contrast mode
MDL-64032 - The UI for setting enrolment end date/duration should be consistent
MDL-65406 - Boost Theme accessibility: Nav drawer should be marked up as list
MDL-65915 - Better progress display while re-grading quiz attempts
MDL-67048 - Drag and drop upload progressbar invert inner and outer
Other highlights
Functional changes
MDL-64745 - Administrative setting to show/not show "hide" feature in online users block
MDL-62835 - The description should be displayed when viewing a Book, Lesson or IMS content package
MDL-66496 - Option to include author information when importing entries into a database activity
MDL-66740 - Make "course request" capability category context instead of system context
MDL-65093 - Users should be informed that they can't block a user who has permission to message all users
MDL-64002 - Add send message buffering
MDL-66226 - Show plain text in Messages summary pane
MDL-61649 - Several core emails provide only text format
MDL-35773 - Include files option in backup settings
MDL-63453 - VideoJS upgrade to 7.6.5 including HTTP Live Streaming (HLS) and Dynamic Adaptive Streaming over HTTP (MPEG-DASH) support
MDL-56549 - Add support for FLAC files
MDL-62836 - Make awarding badges groups/groupings compliant
MDL-60916 - Global Search: Replace course search form with global search
MDL-64438 - Display course category in course related block
MDL-66326 - Global search: Delete from search index when courses are deleted
MDL-65183 - block_timeline can cause JSON parse error on dashboard when activities are saved with newline characters
MDL-66612 - Calendar course event icon is different from course icon
MDL-66775 - Add new Mobile setting for forcing a minimum app version to access the site
MDL-66375 - Option to disable the "Forgotten password" feature in the app
MDL-66753 - The People block is no longer needed and should be removed from core
For administrators
MDL-66034 - Log role changes in more detail
MDL-66570 - Allow disabling of cron output when capturing logs
MDL-61804 - Let the admin control if lists of courses should be pre-sorted by visibility or not
MDL-66133 - Let the administrator configure which user filters are shown by default
MDL-63643 - Add ability to search/filter users by Last IP Address
MDL-66119 - Disable GUI plugin uninstalls (eg $CFG->uninstallclionly similar to $CFG->disableupdateautodeploy)
MDL-65201 - Automated backup course ordering
MDL-65404 - Add column for enrol start dates to Upload users CSV
MDL-40669 - Upload users via text file should include the optional user field 'disable notifications'
MDL-66705 - Add an example csv file for bulk uploading of users
MDL-59470 - Option to duplicate a user tour
MDL-65622 - Add a new event when a grade item has been created
MDL-65369 - Include changed course settings in course_updated event
MDL-65492 - Cache admin UI: make it easy re-purge the cache you just purged
MDL-63127 - Redis Cache: implement compression
MDL-66428 - Allow Redis cache to use PHP extension Zstd
MDL-46317 - Private files space setting should use MB not Bytes
MDL-7339 - Change 'Open to Google' setting to 'Open to search engines'
MDL-65208 - Add cli upgrade option to test if an upgrade is required
MDL-58439 - Admin pages login as guest and then throw Access denied error (should prompt for login) require_admin()
For developers
MDL-66675 - New $CFG->behat_pause_on_fail option added
MDL-46267 - The $CFG->httpswwwroot was removed
MDL-66335 - New steps to navigate straight to any plugin web page. Plugins must implement their own resolver between page types and URLs.
MDL-65349 - Profiling included and excluded URLs now are matched from start. Some adjustments may be needed.
MDL-66633 - Quiz: quiz attempt API should let you create an attempt for a different user
MDL-66709 - Components other than activity modules should be able to backup and restore question attempt data
MDL-66754 - Question engine: report methods should not require a list of slots
MDL-62497 - Add a new transpilation tool for ES6
MDL-50346 - Remove the restriction to forbid subdirectories in the templates directory
MDL-66327 - $DB->get_records uses a lot of Peak RAM (with Postgres)
MDL-66173 - Add hooks to extend all forms with /login/
MDL-66367 - Caching of templates should use a new templaterev variable
MDL-66304 - Allow support for xsendfile in alternative_file_system_class independently of local files
MDL-66166 - Improve the moodlebot user agent and expose a function for plugins to use
MDL-65646 - Move dependencies and subplugins to JSON
MDL-55751 - Remove the CSS chunker from Moodle
MDL-65438 - Allow themes to alter the core css url's
MDL-65747 - Removed unused Pear_Crypt_CHAP library
Web services additions and updates
MDL-65794 - Make some web service calls idempotent over http GET
MDL-67043 - Web service to enable H5P offline access in the Moodle app
MDL-64254 - New Web Services for updating a forum post (or a discussion topic post)
MDL-65017 - New web service to delete forum posts
MDL-64588 - New web services for adding and deleting comments
MDL-66376 - Enforce app security by using tokenpluginfile.php instead webservice/pluginfile.php
MDL-65400 - Blocks Web Services (for course and dashboard) should return the block settings
Component API upgrades
admin/upgrade.txt
analytics/upgrade.txt
blocks/recentlyaccessedcourses/upgrade.txt
blocks/starredcourses/upgrade.txt
blocks/upgrade.txt
cache/upgrade.txt
calendar/upgrade.txt
comment/upgrade.txt
course/format/upgrade.txt
course/upgrade.txt
customfield/field/upgrade.txt
enrol/ldap/upgrade.txt
enrol/upgrade.txt
lib/mlbackend/php/upgrade.txt
lib/mlbackend/python/upgrade.txt
lib/upgrade.txt
media/upgrade.txt
message/upgrade.txt
mod/assign/upgrade.txt
mod/book/upgrade.txt
mod/feedback/upgrade.txt
mod/forum/upgrade.txt
mod/glossary/upgrade.txt
mod/lti/upgrade.txt
mod/quiz/report/upgrade.txt
mod/upgrade.txt
mod/wiki/upgrade.txt
mod/workshop/upgrade.txt
question/type/upgrade.txt
question/upgrade.txt
search/upgrade.txt
theme/upgrade.txt
webservice/upgrade.txt
1.95 2019-10-28 13:07:45Z
[FIXED]
- die if submit_form() called with invalid form_id (GH#287) (Olaf Alders)
1.94 2019-10-10 13:12:28Z
[FIXED]
- Issue #182: Don't autocheck for mech-dump so basic auth works (GH#285)
(Julien Fiegehenn)
[DOCUMENTATION]
- Fix pod error reported by CPANTS. (GH#284) (Mohammad S Anwar)
1.93 2019-10-04 21:06:49Z
[FIXED]
- Allow images to not have a src attribute (GH#282) (Julien Fiegehenn)
[DOCUMENTATION]
- Pod fixes. (GH#283) (Mohammad S Anwar)
1.92 2019-08-24 01:00:35Z
[FIXED]
- Test requires HTTP::Daemon 6.05+ and uses 127.0.0.1 or [::1] according to
server's sockdomain (GH#280) (Shoichi Kaji)
- Install LWP::Protocol::https and fix xt/author/live/encoding.t (GH#277)
(Shoichi Kaji)
- Set dist trusty for old Perls on Travis (GH#279) (Shoichi Kaji)
- Fixed pod errors as reported by CPANTS. (GH#273) (Mohammad S Anwar)
[DOCUMENTATION]
- Document that follow_link will die on failure with autocheck enabled (GH#271) (Olaf Alders)
[TESTS]
- Add a test for finding a link in a meta refresh tag (GH#275) (Olaf Alders)
6.19 2019-05-16 19:16:59Z
- partially skip live-https.t if there's no keep-alive connection (GH#58) (Slaven Rezić)
- set "x_static_install" : 1 in META files
20.0:
- Fixed `fdopen` `RuntimeWarning` in Python 3.8
- Added check and exception for str type on value in Response process_headers method.
- Ensure WSGI header value is string before conducting regex search on it.
- Added pypy3 to list of tested environments
- Grouped `StopIteration` and `KeyboardInterrupt` exceptions with same body together in Arbiter.run()
- Added `setproctitle` module to `extras_require` in setup.py
- Avoid unnecessary chown of temporary files
- Logging: Handle auth type case insensitively
- Removed `util.import_module`
- Removed fallback for `types.SimpleNamespace` in tests utils
- Use `SourceFileLoader` instead instead of `execfile_`
- Use `importlib` instead of `__import__` and eval`
- Fixed eventlet patching
- Added optional `datadog <https://www.datadoghq.com>`_ tags for statsd metrics
- Header values now are encoded using latin-1, not ascii.
- Rewritten `parse_address` util added test
- Removed redundant super() arguments
- Simplify `futures` import in gthread module
- Fixed worker_connections` setting to also affects the Gthread worker type
- Fixed setting max_requests
- Bump minimum Eventlet and Gevent versions to 0.24 and 1.4
- Use Python default SSL cipher list by default
- handle `wsgi.input_terminated` extension
- Simplify Paste Deployment documentation
- Fix root logging: root and logger are same level.
- Fixed typo in ssl_version documentation
- Documented systemd deployement unit examples
- Added systemd sd_notify support
- Fixed typo in gthread.py
- Added `tornado <https://www.tornadoweb.org/>`_ 5 and 6 support
- Declare our setuptools dependency
- Added support to `--bind` to open file descriptors
- Document how to serve WSGI app modules from Gunicorn
- Provide guidance on X-Forwarded-For access log in documentation
- Add support for named constants in the `--ssl-version` flag
- Clarify log format usage of header & environment in documentation
- Fixed systemd documentation to properly setup gunicorn unix socket
- Prevent removal unix socket for reuse_port
- Fix `ResourceWarning` when reading a Python config module
- Remove unnecessary call to dict keys method
- Support str and bytes for UNIX socket addresses
- fixed `InotifyReloadeder`: handle `module.__file__` is None
- `/dev/shm` as a convenient alternative to making your own tmpfs mount in fchmod FAQ
- fix examples to work on python3
- Fix typo in `--max-requests` documentation
- Clear tornado ioloop before os.fork
- Miscellaneous fixes and improvement for linting using Pylint
Breaking Change
- Removed gaiohttp worker
- Drop support for Python 2.x
- Drop support for EOL Python 3.2 and 3.3
Symfony http-foundation has been updated to version 3.4.35 in this
release. This includes an upstream security release which does not
impact Drupal core.
Core versioning support in *.info.yml files since 8.7.7
Drupal 8.7.7 introduces a new core_version_requirement key to
*.info.yml files, allowing contributed modules to specify specific
versions for Drupal core compatiblity, as well as to indicate that
they are compatible with both Drupal 8 and the forthcoming Drupal
9 release. See the change record for more details. Important
accessibility fix to the Toolbar
This releases resolves a significant accessibility bug which
prevented toolbar links from working with some screen readers.
Websites which need to support administrators who use assistive
technology are strongly recommended to upgrade. If in doubt, assume
this is the case, particularly in larger organizations. Discussing
the issue with staff from IT user-support, disabled employee support,
and human resources teams is advisable. Internal change to entity
and field definition update events
It is now possible to install a new field storage definition during
a fieldable entity type update. Event subscribers for entity type
and field definition update events will now be passed the updated
definitions rather than the outdated ones. Code relying on this
buggy behavior may need adjustment.
6.04 2019-03-20 13:01:15Z
- Full release of changes in 6.03
6.03 2019-03-19 16:44:17Z (TRIAL RELEASE)
- Convert release process to Dist::Zilla
- Allow File::Temp handles to be guessed correctly (GH#1) (Wesley
Schwengle)
0.000042 2019-06-12 15:15:52Z
- Don't rely on Mojo to be installed in tests (GH#18) (Olaf Alders)
0.000041 2019-06-12 12:31:03Z
- Bump minimum Mojo version required for tests (GH#17) (Olaf Alders)
- Add support for Mojo::UserAgent to LWP::ConsoleLogger::Everywhere ((GH#16) simbabque)
0.000040 2019-06-11 01:22:03Z
- Add support for Mojo::UserAgent (GH#14) (Gregory Oschwald)
6.05 2019-10-24 02:21:51Z
- Fix GH#32 by checking for " as well as ; when splitting. (GH#49) (colinnewell)
- Fix GH#48 update documentation about $version (GH#55) (Dave Menninger)
- Fix broken README badge (GH#54) (Alex Peters)
- Whenever possible, use an absolute four digit year for Time::Local (GH#52) (Olaf Alders)
- Add test case for Issue #26 (GH#45) (George-NG)
- Long numbers (GH#47) (pludlamCVL)
- Cookies.pm: die if close on $fh in ->save fails (GH#46) (MCRayRay)
- Replace "use vars" with "our" (GH#43) (James Raspass)
- Fixed minor typo in the pod for HTTP::Cookies. (GH#39) (Mohammad S Anwar)
(from README, not from Changes)
NOTE: 2.30 fixed a dependency in Makefile.PL and is addressing the OSX ACL
files that got included in the tarball and break modern make instances.
Logswan 2.1.2 (2019-11-19)
- Add ENABLE_SECCOMP build option, to allow building seccomp support
conditionally
- Disable seccomp by default, it needs more testing on non !amd64 platforms
- Use ${CMAKE_INSTALL_BINDIR} instead of hardcoding 'bin'
Changelog:
Changes:
7.67.0
------
This release includes the following changes:
o curl: added --no-progress-meter
o setopt: CURLMOPT_MAX_CONCURRENT_STREAMS is new
o urlapi: CURLU_NO_AUTHORITY allows empty authority/host part
This release includes the following bugfixes:
o BINDINGS: five new bindings addded
o CURLOPT_TIMEOUT.3: Clarify transfer timeout time includes queue time
o CURLOPT_TIMEOUT.3: remove the mention of "minutes"
o ESNI: initial build/setup support
o FTP: FTPFILE_NOCWD: avoid redundant CWDs
o FTP: allow "rubbish" prepended to the SIZE response
o FTP: remove trailing slash from path for LIST/MLSD
o FTP: skip CWD to entry dir when target is absolute
o FTP: url-decode path before evaluation
o HTTP3.md: move -p for mkdir, remove -j for make
o HTTP3: fix invalid use of sendto for connected UDP socket
o HTTP3: fix ngtcp2 Windows build
o HTTP3: fix prefix parameter for ngtcp2 build
o HTTP3: fix typo somehere1 > somewhere1
o HTTP3: show an --alt-svc using example too
o INSTALL: add missing space for configure commands
o INSTALL: add vcpkg installation instructions
o README: minor grammar fix
o altsvc: accept quoted ma and persist values
o altsvc: both backends run h3-23 now
o appveyor: Add MSVC ARM64 build
o appveyor: Use two parallel compilation on appveyor with CMake
o appveyor: add --disable-proxy autotools build
o appveyor: add 32-bit MinGW-w64 build
o appveyor: add a winbuild
o appveyor: add a winbuild that uses VS2017
o appveyor: make winbuilds with DEBUG=no/yes and VS 2015/2017
o appveyor: publish artifacts on appveyor
o appveyor: upgrade VS2017 to VS2019
o asyn-thread: make use of Curl_socketpair() where available
o asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris
o build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO defines
o checksrc: fix uninitialized variable warning
o chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error
o cirrus: Increase the git clone depth
o cirrus: Switch the FreeBSD 11.x build to 11.3 and add a 13.0 build
o cirrus: switch off blackhole status on the freebsd CI machines
o cleanups: 21 various PVS-Studio warnings
o configure: only say ipv6 enabled when the variable is set
o configure: remove all cyassl references
o conn-reuse: requests wanting NTLM can reuse non-NTLM connections
o connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT
o connect: silence sign-compare warning
o cookie: avoid harmless use after free
o cookie: pass in the correct cookie amount to qsort()
o cookies: change argument type for Curl_flush_cookies
o cookies: using a share with cookies shouldn't enable the cookie engine
o copyrights: update copyright notices to 2019
o curl: create easy handles on-demand and not ahead of time
o curl: ensure HTTP 429 triggers --retry
o curl: exit the create_transfers loop on errors
o curl: fix memory leaked by parse_metalink()
o curl: load large files with -d @ much faster
o docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag
o docs: added multi-event.c example
o docs: disambiguate CURLUPART_HOST is for host name (ie no port)
o docs: note on failed handles not being counted by curl_multi_perform
o doh: allow only http and https in debug mode
o doh: avoid truncating DNS QTYPE to lower octet
o doh: clean up dangling DOH memory on easy close
o doh: fix (harmless) buffer overrun
o doh: fix undefined behaviour and open up for gcc and clang optimization
o doh: return early if there is no time left
o examples/sslbackend: fix -Wchar-subscripts warning
o examples: remove the "this exact code has not been verified"
o git: add tests/server/disabled to .gitignore
o gnutls: make gnutls_bye() not wait for response on shutdown
o http2: expire a timeout at end of stream
o http2: prevent dup'ed handles to send dummy PRIORITY frames
o http2: relax verification of :authority in push promise requests
o http2_recv: a closed stream trumps pause state
o http: lowercase headernames for HTTP/2 and HTTP/3
o ldap: Stop using wide char version of ldapp_err2string
o ldap: fix OOM error on missing query string
o mbedtls: add error message for cert validity starting in the future
o mime: when disabled, avoid C99 macro
o ngtcp2: adapt to API change
o ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23
o ngtcp2: remove fprintf() calls
o openssl: close_notify on the FTP data connection doesn't mean closure
o openssl: fix compiler warning with LibreSSL
o openssl: use strerror on SSL_ERROR_SYSCALL
o os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr
o parsedate: fix date parsing disabled builds
o quiche: don't close connection at end of stream
o quiche: persist connection details (fixes -I with --http3)
o quiche: set 'drain' when returning without having drained the queues
o quiche: update HTTP/3 config creation to new API
o redirect: handle redirects to absolute URLs containing spaces
o runtests: get textaware info from curl instead of perl
o schannel: reverse the order of certinfo insertions
o schannel_verify: Fix concurrent openings of CA file
o security: silence conversion warning
o setopt: handle ALTSVC set to NULL
o setopt: make it easier to add new enum values
o setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly
o smb: check for full size message before reading message details
o smbserver: fix Python 3 compatibility
o socks: Fix destination host shown on SOCKS5 error
o test1162: disable MSYS2's POSIX path conversion
o test1591: fix spelling of http feature
o tests: add `connect to non-listen` keywords
o tests: fix narrowing conversion warnings
o tests: fix the test 3001 cert failures
o tests: makes tests succeed when using --disable-proxy
o tests: use %FILE_PWD for file:// URLs
o tests: use port 2 instead of 60000 for a safer non-listening port
o tool_operate: Fix retry sleep time shown to user when Retry-After
o travis: Add an ARM64 build
o url: Curl_free_request_state() should also free doh handles
o url: don't set appconnect time for non-ssl/non-ssh connections
o url: fix the NULL hostname compiler warning
o url: normalize CURLINFO_EFFECTIVE_URL
o url: only reuse TLS connections with matching pinning
o urlapi: avoid index underflow for short ipv6 hostnames
o urlapi: fix URL encoding when setting a full URL
o urlapi: fix unused variable warning
o urlapi: question mark within fragment is still fragment
o urldata: use 'bool' for the bit type on MSVC compilers
o vtls: Fix comment typo about macosx-version-min compiler flag
o vtls: fix narrowing conversion warnings
o winbuild/MakefileBuild.vc: Add vssh
o winbuild/MakefileBuild.vc: Fix line endings
o winbuild: Add manifest to curl.exe for proper OS version detection
o winbuild: add ENABLE_UNICODE option
1.013 2019-07-23 02:00:06Z
- amended instructions in App::Nopaste::Service::Gist regarding
creating a gist authorization token
- --copy now works with Control-V on X windows (PR#17, Shlomi Fish)
The functions optionaly exported by this module allows you to open URLs in
the user browser.
A set of known commands per OS-name is tested for presence, and the first
one found is executed. With an optional parameter, all known commands are
checked.
The "open_browser" uses the system() function to execute the command. If
you want more control, you can get the command with the "open_browser_cmd"
or "open_browser_cmd_all" functions and then use whatever method you want
to execute it.
Change log:
Version 1.10, released 2019-09-08
---------------------------------
No bug fixes or new features.
Other changes
~~~~~~~~~~~~~
* Similar to the change in version 1.9 which normalized conversions to
named colors for `gray`/`grey` to always use the `gray` variant, the
other named grays of CSS3 now normalize to the `gray` spelling. This
affects the following colors: `darkgray`/`darkgrey`,
`darkslategray`/`darkslategrey`, `dimgray`/`dimgrey`,
`lightgray`/`lightgrey`, `lightslategray`/`lightslategrey`,
`slategray`/`slategrey`.
Version 1.9.1, released 2019-06-07
----------------------------------
Bugs fixed
~~~~~~~~~~
* The `__version__` attribute of the installed webcolors module,
although not documented or referenced anywhere, was accidentally not
updated in the 1.9 release. It has now been updated (and now
indicates 1.9.1).
Version 1.9, released 2019-06-01
--------------------------------
No bug fixes.
New features
~~~~~~~~~~~~
* Added :ref:`a set of constants to use when referring to
specifications that define color names <spec-constants>`.
Other changes
~~~~~~~~~~~~~
* When asked to provide a color name, using the CSS3/SVG set of names,
for the hexadecimal value `#808080`, the integer triplet `rgb(128,
128, 128)`, or the percentage triplet `rgb(50%, 50%, 50%)`,
webcolors now always returns `u'gray'`, never `u'grey'`. Previously,
the behavior could be inconsistent as it depended on the Python
version in use; `u'gray'` was picked because it was the spelling
variant used in HTML 4, CSS1, and CSS2.
Version 1.8.1, released 2018-02-12
----------------------------------
The 1.8.1 release is a repackaging of 1.8 to produce both source
(.tar.gz) and binary (.whl) package formats, following reports that
the source-package-only release of 1.8 was causing installation issues
for some users. See `issue 6 in the repository
<https://github.com/ubernostrum/webcolors/issues/6>`_ for details.
Version 1.8, released 2018-02-08
--------------------------------
No bug fixes.
New features
~~~~~~~~~~~~
* Added the :class:`~webcolors.IntegerRGB`,
:class:`~webcolors.PercentRGB`, and
:class:`~webcolors.HTML5SimpleColor` named tuples.
Other changes
~~~~~~~~~~~~~
* Drop support for Python 3.3 (Python core team no longer maintains
3.3).
* Mark support for Python 3.6.
* :ref:`The full verification tests <full-verification>` now run
correctly on Python 3.
Version 1.7, released 2016-11-25
--------------------------------
No new features or bugfixes.
Other changes
~~~~~~~~~~~~~
* Drop support for Python 2.6 (Python core team no longer maintains
2.6).
* Mark support for Python 3.4.
* On Python 3, the use of :class:`str` for all functions which take
string arguments is now mandatory. Attempted use of :class:`bytes`
will raise an exception. On Python 2, use of bytestrings is still
permitted.
Version 1.5.1, released 2015-11-23
----------------------------------
No new features.
Bug fixes
~~~~~~~~~
* Corrected multiple typos in documentation.
Version 1.5, released 2015-03-07
--------------------------------
No bug fixes.
New features
~~~~~~~~~~~~
* Python 3 support: webcolors now supports Python 3.3.
* Added :ref:`HTML5 color algorithms <html5-algorithms>`.
Other changes
~~~~~~~~~~~~~
* Packaging improvements.
- Bumps versions of dependencies.
Changes (since 1.29.3):
Cliqz Browser release 1.30.0 includes all changes of Firefox's latest version 70
with additional Cliqz improvements and bug fixes.
New Features
* Browse undisturbed at last: Thanks to the new Cookie Pop-up Blocker,
websites no longer bother you with cookie consent notices. Once activated,
consent requests for data collection are automatically denied if
possible. Otherwise, the cookie pop-up is simply hidden.
Improvements
* Cliqz got updated to Firefox 70.0.1 with various improvements and fixes.
* Thanks to code optimizations, the Cliqz Browser now starts up to 20%
faster (with an existing profile).
* Cliqz now displays websites opened in Forget Mode in a separate browser
window. Therefore, normal and private tabs are more strictly
separated. This makes it easier for you to differentiate between them, and
further strengthens your privacy. Forget Tabs are no longer supported.
* The completely redesigned Onboarding makes the initial setup of the Cliqz
Browser easier by guiding you step-by-step through the most important
settings.
Fixes
* Various bugs with themes have been fixed.
* Instead of Firefox's built-in tracking protection, the Cliqz Browser uses
our superior anti-tracking technology.
* Cliqz continues to use the built-in password manager instead of Firefox
Lockwise to manage login data and passwords.
Changes:
* BREAKING
* Fix deadline on update issue or PR via API (#8698)
* Hide some user information via API if user doesn't have enough permission (#8655) (#8657)
* Remove legacy handling of drone token (#8191)
* Change repo search to use exact match for topic search. (#7941)
* Add pagination for admin api get orgs and fix only list public orgs bug (#7742)
* Implement the ability to change the ssh port to match what is in the gitea config (#7286)
* SECURITY
* Fix issue with user.fullname (#8903)
* Ignore mentions for users with no access (#8395)
* Be more strict with git arguments (#7715)
* Extract the username and password from the mirror url (#7651)
* reserve .well-known username (#7637)
* FEATURE
* Org/Members: display 2FA members states + optimize sql requests (#7621)
* SetDefaultBranch on pushing to empty repository (#7610)
* Adds side-by-side diff for images (#6784)
* API method to list all commits of a repository (#6408)
* Password Complexity Checks (#6230)
* Add option to initialize repository with labels (#6061)
* Add additional password hash algorithms (#6023)
* BUGFIXES
* Allow to merge if file path contains " or \ (#8629) (#8771)
* On windows set core.longpaths true (#8776) (#8786)
* Fix 500 when edit hook (#8782) (#8789)
* Fix Checkbox at RepoSettings Protected Branch (#8799) (#8801)
* Fix SSH2 conditional in key parsing code (#8806) (#8810)
* Fix commit expand button to not go to commit link (#8745) (#8825)
* Fix new user form for non-local users (#8826) (#8828)
* Fix to close opened io resources as soon as not needed (#8839) (#8846)
* Fix edit content button on migrated issue content (#8877) (#8884)
* Fix require external registration password (#8885) (#8890)
* Fix password complexity check on registration (#8887) (#8888)
* Update Github Migration Tests (#8896) (#8938) (#8945)
* Enable punctuations ending mentions (#8889) (#8894)
* Add Close() method to gogitRepository (#8901) (#8956)
* Hotfix for review actions and notifications (#8965)
* Expose db.SetMaxOpenConns and allow non MySQL dbs to set conn pool params (#8528) (#8618)
* Fix milestone close timestamp (#8728) (#8730)
* Fix 500 when getting user as unauthenticated user (#8653) (#8663)
* Fix 'New Issue Missing Milestone Comment' (#8678) (#8681)
* Use AppSubUrl for more redirections (#8647) (#8651)
* Add SubURL to redirect path (#8632) (#8634)
* Fix template error on account page (#8562) (#8622)
* Allow externalID to be UUID (#8551) (#8624)
* Prevent removal of non-empty emoji panel following selection of duplicate (#8609) (#8623)
* Update heatmap fixtures to restore tests (#8615) (#8616)
* Ensure that diff stats can scroll independently of the diff (#8581) (#8621)
* Webhook: set Content-Type for application/x-www-form-urlencoded (#8600)
* Fix#8582 by handling empty repos (#8587) (#8594)
* Fix bug on pull requests when transfer head repository (#8564) (#8569)
* Add missed close in ServeBlobLFS (#8527) (#8542)
* Ensure that GitRepo is set on Empty repositories (#8539) (#8541)
* Fix migrate mirror 500 bug (#8526) (#8530)
* Fix password complexity regex for special characters (#8524)
* Prevent .code-view from overriding font on icon fonts (#8614) (#8627)
* Allow more than 255 characters for tokens in external_login_user table (#8554)
* Fix errors in create org UI regarding team access permission (#8506)
* Fix bug on FindExternalUsersByProvider (#8504)
* Create .ssh dir as necessary (#8486)
* IsBranchExist: return false if provided name is empty (#8485)
* Making openssh listen on SSH_LISTEN_PORT not SSH_PORT (#8477)
* Add check for empty set when dropping indexes during migration (#8471)
* LFS files are relative to LFS content path, ensure that when deleting they are made relative to this (#8455)
* Ensure Request Body Readers are closed in LFS server (#8454)
* Fix template bug on mirror repository setting page (#8438)
* Fix migration v96 to keep issue attachments (#8435)
* Update strk.kbt.io/projects/go/libravatar to latest (#8429)
* Singular form for files that has only one line (#8416)
* Check for either escaped or unescaped wiki filenames (#8408)
* Allow users with explicit read access to give approvals (#8382)
* Fix editor commit to new branch if PR disabled (#8375)
* readd .markdown class to all markup renderers (#8357)
* Upgrade xorm to v0.7.9 to fix some bugs (#8354)
* Fix column name ambiguity in GetUserIssueStats() (#8347)
* Change general form binding to gogs form (#8334)
* Fix pull request commit status in user dashboard list (#8321)
* Fix repo_admin_change_team_access always checked in org settings (#8319)
* Update to github.com/lafriks/xormstore@v1.3.0 (#8317)
* Show correct commit status in PR list (#8316)
* Bugfix for image compare and minor improvements to image compare (#8289)
* Update xorm (#8286)
* Fix API for edit and delete release attachment (#8285)
* Fix nil object access in some conditions when parsing cross references (#8281)
* Fix label count (#8267)
* Only show teams access for organization repositories on collaboration setting page (#8265)
* Test more reserved usernames (#8263)
* Rewrite reference processing code in preparation for opening/closing from comment references (#8261)
* Fix assets key on release webhook (#8253)
* Allow registration when button is hidden (#8237)
* Fix release API URL generation (#8234)
* Fix milestone num_issues (#8221)
* MS Teams webhook misses commit messages (#8209)
* Fix data race (#8204)
* Fix team user api (#8172)
* Fix pull merge 500 error caused by git-fetch breaking behaviors (#8161)
* Make show private icon when repo avatar set (#8144)
* Add reviewers as participants (#8121)
* Fix Go 1.13 private repository go get issue (#8112)
* feat: highlight issue references with : (#8101)
* Make AllowedUsers configurable in sshd_config (#8094)
* Strict name matching for Repository.GetTagID() (#8074)
* Avoid ambiguity of branch/directory names for the git-diff-tree command (#8066)
* Add change title notification for issues (#8061)
* [ssh] fix the config specification in the authorized_keys template (#8031)
* Fix reading git notes from nested trees (#8026)
* Fixes synchronize tags to releases for repository - makes sure we are only getting tag refs (#7990)
* Fix adding default Telegram webhook (#7972)
* Run CORS handler first for /api routes (#7967)
* Abort synchronization from LDAP source if there is some error. (#7960)
* Fix wrong sender when send slack webhook (#7918)
* Fix bug when migrating a private repository (#7917)
* Evaluate emojis in commit messages in list view (#7906)
* Fix upload file type check (#7890)
* lfs/lock: round locked_at timestamp to second (#7872)
* fix non existent milestone with 500 error instead of 404 (#7867)
* gpg/bugfix: Use .ExpiredUnix.IsZero to display green color of forever valid gpg key (#7846)
* Fix duplicate call of webhook (#7821)
* Enable switching to a different source branch when PR already exists (#7819)
* Convert files to utf-8 for indexing (#7814)
* Do not fetch all refs in pull-request compare (#7797)
* Fix multiple bugs with statuses endpoints at API (#7785)
* Restore functionality for early gits (#7775)
* Fix Slack webhook fork message (#7774)
* Rewrite existing repo units if setting is not included in api body (#7763)
* Fix rename failed when rewrite public keys (#7761)
* Fix approvals counting (#7757)
* Add migration step to remove old repo_indexer_status orphaned records (#7746)
* Fix repo_index_status lingering when deleting a repository (#7734)
* Remove camel case tokenization from repo indexer (#7733)
* Fix milestone completness calculation when migrating (#7725)
* Regression: Include "executable" files in the index, as they are not necessarily … (#7718)
* Fixes indexed repos keeping outdated indexes when files grow too large (#7712)
* Skip non-regular files (e.g. submodules) on repo indexing (#7711)
* Fix dropTableColumns sqlite implementation (#7710)
* Update gopkg.in/src-d/go-git.v4 to v4.13.1 (#7705)
* improve branches list performance and fix protected branch icon when no-login (#7695)
* Correct wrong datetime format for git (#7689)
* Move add to hook queue for created repo to outside xorm session. (#7675)
* sugestion to use range .Branches (#7674)
* Fix bug on migrating milestone from github (#7665)
* hide delete/restore button on archived repos (#7658)
* css: use flex to fix floating paginate (#7656)
* Fix syntax highlight initialization (#7617)
* Fix panic on push at - Merging pull request causes 500 error (#7615)
* Make PKCS8, PEM and SSH2 keys work (#7600)
* Fix mistake in arc-green.less split-diff css code. (#7587)
* Handle ErrUserProhibitLogin in http git (#7586)
* Fix bug create/edit wiki pages when code master branch protected (#7580)
* Fixes Malformed URLs in API git/commits response (#7565)
* Fix file header overflow in file and blame views (#7562)
* Improve SSH key parser to handle newlines in keys (#7522)
* Fix empty commits now showing in repo overview (#7521)
* Fix repository's pull request count error (#7518)
* Fix markdown invoke sequence (#7513)
* Remove duplicated webhook trigger (#7511)
* Update User.NumRepos atomically in createRepository (#7493)
* Fix settings page of repo you aren't admin print error - Settings pages giving UnitType error message (#7482)
* Fix redirection after file edit - Handles all redirects for Web UI File CRUD (#7478)
* cmd/serv: actually exit after fatal errors (#7458)
* Fix an issue with some pages throwing 'not defined' js exceptions (#7450)
* fix Dropzone.js integration (#7445)
* Fix regex for issues in commit messages (#7444)
* Diff: Fix indentation on unhighlighted code (#7435)
* Only show "New Pull Request" button if repo allows pulls (#7426)
* Upgrade macaron/captcha to fix random error problem (#7407)
* create class for inline positioned lists (#7393)
* Fetch refs for successful testing for tag (#7388)
* add missing template variable on organisation settings (#7385)
* fix post parameter - on issue list - unset assignee (#7380)
* fix/define autochecked checkboxes on issue list in firefox (#7320)
* only return head: null if source branch was deleted (#6705)
* ENHANCEMENT
* Add nofollow to sign in links (#8509)
* vendor: update mvdan.cc/xurls/v2 to v2.1.0 (#8495)
* Update milestone issues numbers when save milestone and other code improvements (#8411)
* Add extra user information when migrating release (#8331)
* Require overall success if no context is given for status check (#8318)
* Transaction-aware retry create issue to cope with duplicate keys (#8307)
* Change link on issue milestone (#8246)
* Alwaywas return local url for users avatar (#8245)
* Move some milestone functions to a standalone package (#8213)
* Move create issue comment to comments package (#8212)
* Disable max height property of comment textarea (#8203)
* Add 'Mentioning you' group to /issues page (#8201)
* oauth2 with remote Gitea (#8149)
* Reference issues from pull requests and other issues (#8137)
* Fix webhooks to use proxy from environment (#8116)
* Add merged commit id on pull view when it's merged (#8062)
* Add teams to repo on collaboration page. (#8045)
* Update swagger to 0.20.1 (#8010)
* Make link last commit massages in repository home page and commit tables (#8006)
* Add API endpoint for accessing repo topics (#7963)
* Include description in repository search (#7942)
* Use gitea forked macaron (#7933)
* Fix pull creation with empty changes (#7920)
* Allow token as authorization for accessing attachments (#7909)
* Retry create issue to cope with duplicate keys (#7898)
* Move git diff codes from models to services/gitdiff (#7889)
* migrate gplus to google oauth2 provider (#7885)
* Remove unique filter from repo indexer analyzer. (#7878)
* Detect delimiter in CSV rendering (#7869)
* Import topics during migration (#7851)
* Move CreateReview to modules/pull (#7841)
* vendor: update pdf.js to v2.1.266 (#7834)
* Support SSH_LISTEN_PORT env var in docker app.ini template (#7829)
* Add Ability for User to Customize Email Notification Frequency (#7813)
* Move database settings from models to setting (#7806)
* Display ui time with customize time location (#7792)
* Implement webhook branch filter (#7791)
* Restrict repository indexing by glob match (#7767)
* Api: advanced settings for repository (external wiki, issue tracker etc.) (#7756)
* Update migrated repositories' issues/comments/prs poster id if user has a github external user saved (#7751)
* deps: Upgrade gopkg.in/editorconfig/editorconfig-core-go.v1 (#7749)
* Apply emoji on commit graph page (#7743)
* Add a lot of extension to language mappings for syntax highlights (#7741)
* Add SQL execution on log and indexes on table repository and comment (#7740)
* Set DB connection error level to error (#7724)
* Check commit message hashes before making links (#7713)
* remove unnecessary fmt on generate bindata (#7706)
* Fix specific highlighting (CMakeLists.txt ...) (#7686)
* Add file status on API (#7671)
* Add support for DEFAULT_ORG_MEMBER_VISIBLE (#7669)
* Provide links in commit summaries in commits table/view list (#7659)
* Change length of some repository's columns (#7652)
* Move commit repo action from models to repofiles package (#7645)
* fix wrong email when use gitea as OAuth2 provider (#7640)
* [Branch View] add download button (#7604)
* Update to xorm@v0.7.4 (#7596)
* use 403 instead of 401 for ErrUserProhibitLogin (#7591)
* Removed unnecessary conversions (#7557)
* Un-lambda base.FileSize (#7556)
* Added missing error checks in tests (#7554)
* Move create release from models to a standalone package (#7539)
* Make default branch name link to default branch (#7519)
* Added total count of contributions to heatmap (#7517)
* Move mirror to a standalone package from models (#7486)
* Move models.PushUpdate to repofiles.PushUpdate (#7485)
* Include thread related headers in issue/coment mail (#7484)
* Refuse merge until all required status checks success (#7481)
* convert all js var to let/const (#7464)
* Only create branches for opened pull requestes when migrating from github (#7463)
* jQuery 3 (#7425)
* Add notification placeholder (#7409)
* Search Commits via Commit Hash (#7400)
* Move status table to cron package (#7370)
* wiki - page revisions list (#7369)
* Display original author and URL information when showing migrated issues/comments (#7352)
* Refactor filetype is not allowed errors (#7309)
* switch to use gliderlabs/ssh for builtin server (#7250)
* Remove settting dependency on modules/session (#7237)
* Move all mail related codes from models to services/mailer (#7200)
* Support git.PATH entry in app.ini (#6772)
* Support setting cookie domain (#6288)
* Move migrating repository from frontend to backend (#6200)
* Delete releases attachments if release is deleted (#6068)
* TRANSLATION
* Latvian translation for home page (#8468)
* Add home template italian translation (#8352)
* fix misprint (#7452)
* BUILD
* use go 1.13 (#8088)
* MISC
* add file line count info on UI (#8396)
* Make issues page left menu 100% width and add reponame as title attribute (#8359)
* [arc-green] white on hover for active menu items (#8344)
* Move ref (branch or tag) location on issue list page (#8157)
* apply emoji on dashboard issue list labels (#8156)
* 1148: Take up the full width when viewing the diff in split view. (#8114)
* Display description of 'make this repo private' as help text, not as tooltip (#8097)
* Fixes deformed emoji in pull request reviews (#8047)
* Add strike to old header on comment (#8046)
* Add tooltip for the visibility checkbox in /repo/create (#8025)
* Update github.com/lafriks/xormstore and tidy up mod.go (#8020)
* keep blame view buttons sequence consistent with normal view when view a file (#8007)
* Use "Pull Request" instead of "Merge Request" (#8003)
* Move line number to :before attr to hide from search on browser (#8002)
* Changed black color to white for (read) number label on issue list page (#8000)
* [Branch View] show "New Pull Request" Button only if posible (#7977)
* Fix hook problem by only setting the git environment variables if we are passed them (#7854)
* Prevent Commit Status and Message From Overflowing On Branch Page (#7800)
* Fix global search result CSS, misc CSS tweaks (#7789)
* Tweak label border CSS (#7739)
* Fix create menu item widths (#7708)
* [Branch View] Delete duplicate protection symbol (#7624)
* [Branch View] Delete Table Header (#7622)
* [Branch View] icons to buttons (#7602)
* update js dependencies (#7462)
* Add Extra Info to Branches Page (#7461)
* Bump lodash from 4.17.11 to 4.17.14 (#7459)
* wiki history improvements (#7391)
* ui fixes - compare view and archieved repo issues (#7345)
* dark theme scrollbars (#7269)
* wiki - editor - add buttons 'inline code', 'empty checkbox', 'checked checkbox' (#7243)
* Fix Statuses API only shows first 10 statuses: Add paging and extend API GetCommitStatuses (#7141)
2.0.0
- Discontinue the lib and migrate to https://github.com/model-bakers/model_bakery
- Use default value for unknown field types
- Enable seq method to be imported directly from model_mommy
- Stick to Django's roadmap (https://www.djangoproject.com/download/)
- Add validation to `_fill_optional` parameter
- Add new `_from_manager` parameter to `make` method
- Clean up obsolete imports
- Save object instances when handling one to many relations
3.10.3
Include API version in OpenAPI schema generation, defaulting to empty string.
Add pagination properties to OpenAPI response schemas.
Add missing "description" property to OpenAPI response schemas.
Only include "required" for non-empty cases in OpenAPI schemas.
Fix response schemas for "DELETE" case in OpenAPI schemas.
Use an array type for list view response schemas.
Use consistent lowerInitialCamelCase style in OpenAPI operation IDs.
Fix minLength/maxLength/minItems/maxItems properties in OpenAPI schemas.
Only call FileField.url once in serialization, for improved performance.
Fix an edge case where throttling calcualtions could error after a configuration change.
3.10.2
Various OpenAPI schema fixes.
Ability to specify urlconf in include_docs_urls.
3.10.1
Don't include autocomplete fields on TokenAuth admin, since it forces constraints on custom user models & admin.
Require uritemplate for OpenAPI schema generation, but not coreapi.
3.10.0
Switch to OpenAPI schema generation.
Drop Python 2 support.
Add generateschema --generator_class CLI option
Updated PyYaml dependency for OpenAPI schema generation to pyyaml>=5.1
Resolve DeprecationWarning with markdown.
Use user.get_username in templates, in preference to user.username.
Fix for cursor pagination issue that could occur after object deletions.
Fix for nullable fields with source="*"
Always apply all throttle classes during throttling checks.
Updates to jQuery and Markdown dependencies.
Don't strict disallow redundant SerializerMethodField field name arguments.
Don't render extra actions in browable API if not authenticated.
Strip null characters from search parameters.
This package now depends on py-pallets-sphinx-themes>=1.2.2nb1, since
the latter added a new dependency for its basic functioning (and 1.2.2
pre-revbump was broken).
2019-11-07 Kovid Goyal
* 0.4.4 release
* URLs passed into mechanize now automatically have URL unsafe characters
percent encoded. This is necessary because newer versions of python
disallow processing of URLs with unsafe characters. Note that this means
values return by get_full_url(), get_selector() etc will be percent encoded.
Version 7.43.0.3 [requires libcurl-7.19.0 or better] - 2019-06-17
-----------------------------------------------------------------
* Fixed use with libcurl 7.65+ when FTP support is disabled.
* Added support for mbedTLS (patch by Josef Schlehofer).
* Fixed string processing on Python 3 (patch by Dmitriy Taychenachev).
* Added CURLOPT_TCP_FASTOPEN and CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE
(patch by Khavish Anshudass Bhundoo).
* Repaired inability to install PycURL when libcurl is using an SSL
backend other than the ones PycURL explicitly recognizes and
handles (OpenSSL, LibreSSL, BoringSSL, GnuTLS, NSS).
The requirement for setup.py to detect an SSL backend if libcurl
is configured to use SSL, added in 7.43.0.2, has been changed
to a warning to allow this.
=== RELEASE 2.20.2 ===
Wed Sep 18 18:39:07 CEST 2019 mikulas:
If the user runs links on a framebuffer and switch to a differnt
framebuffer, links would incorrectly respond to mouse clicks.
2.0.11 October 5, 2019
Fix t/modules/apache_resource.t failures [Steve Hay]
Fix [CVE-2011-2767] Arbitrary Perl code execution in the context of the user
account via a user-owned .htaccess. Patch from bugs.debian.org #644169. [Jan
Ingvoldstad <jani+debian-2011+@ifi.uio.no>]
Fix potential test suite hangs due to pipelined response deadlocks. Patch
from rt.cpan.org #82409. [Zefram <zefram@fysh.org>]
Fix t/compat/request.t failures [Steve Hay]
Fix use-after-free segfault in ap_server_config_defines seen on start-up on
OpenBSD. [Found/fixed by Sam Vaughan/Joe Orton]
Fix build with Perls earlier than 5.13.6. [Rainer Jung
<rainer.jung@kippdata.de>]
Fix filter/in_bbs_inject_header.t test failure with Apache 2.4.25+. [Stefan
Fritsch <sf@sfritsch.de>]
Fix apache/read.t test failure with Apache 2.4.25+. [Niko Tyni
<ntyni@debian.org>]
v4.1.4
* Make tests more deterministic and easier to run outside of ``tox``.
* Fix Fedora packaging `issue <https://github.com/evansd/whitenoise/issues/225>`_.
* Use `Black <https://github.com/psf/black>`_ to format all code.
v4.1.3
* Fix handling of zero-valued mtimes which can occur when running on some
filesystems.
* Fix potential path traversal attack while running in autorefresh mode on
Windows.
3.7.0:
Bugfixes
* Monkeypatch pytest to not use ``TestCase.debug`` with unittests, instead
of patching it into Django.
* Work around pytest crashing due to ``pytest.fail`` being used from within the
DB blocker, and pytest trying to display an object representation involving
DB access. pytest-django uses a ``RuntimeError`` now instead.
1.25.7:
* Preserve ``chunked`` parameter on retries
* Allow unset ``SERVER_SOFTWARE`` in App Engine
* Fix issue where URL fragment was sent within the request target.
* Fix issue where an empty query section in a URL would fail to parse.
* Remove TLS 1.3 support in SecureTransport due to Apple removing support
pkgsrc changes: added -lsendfile to SunOS build to make it work.
Release notes:
New in version 1.30:
Enlarged request read buffer to 50KB.
Fix security bug that let remote users read arbitrary files. (CVE-2018-18778)
New in version 1.29:
Allow CGI to handle HTTP methods besides GET/HEAD/POST.
New in version 1.28:
Fix to buffer overrun bug in htpasswd. Reported by Alessio Santoru as CVE-2017-17663.
Some fixes to keep connections from getting stuck forever in FIN_WAIT_2 state.
5.62.0
KDE WebKit
Use ECMAddQtDesignerPlugin instead of private copy
5.63.0
KJS
Added startsWith(), endsWith() and includes() JS String functions
Fixed Date.prototype.toJSON() called on non-Date objects
5.64.0
KHTML
Extend KHtmlView::print() to use a predefined QPrinter instance
KJS
Better message for String.prototype.repeat(count) range errors
Simplify parsing of numeric literals
Parse JS binary literals
Detect truncated hex and octal literals
Support new standard way of specifying octal literals
Collection of regression tests taken from khtmltests repository
Privoxy 3.0.27 stable scales better in multi-user environments
and brings a couple of tuning directives.
Privoxy 3.0.28 stable fixes two regressions introduced in 3.0.27.
--------------------------------------------------------------------
ChangeLog for Privoxy 3.0.28
--------------------------------------------------------------------
- Bug fixes for regressions in 3.0.27:
- Fixed misplaced parentheses.
Reported by David Binderman.
- Changed two regression tests to depend on config directive
enable-remote-toggle instead of FEATURE_TOGGLE.
--------------------------------------------------------------------
ChangeLog for Privoxy 3.0.27
--------------------------------------------------------------------
- General improvements:
- Add a receive-buffer-size directive which can be used to
set the size of the previously statically allocated buffer
in handle_established_connection().
Increasing the buffer size increases Privoxy's memory usage but
can lower the number of context switches and thereby reduce the
CPU usage and potentially increase the throughput.
This is mostly relevant for fast network connections and
large downloads that don't require filtering.
Sponsored by: Robert Klemme
- Add a listen-backlog directive which specifies the backlog
value passed to listen().
Sponsored by: Robert Klemme
- Add an enable-accept-filter directive which allows to
toggle accept filter support at run time when compiled
with FEATURE_ACCEPT_FILTER support.
It makes testing more convenient and now that it's
optional we can emit an error message if enabling
the accept filter fails.
Sponsored by: Robert Klemme
- Add a delay-response{} action.
This is useful to tar pit JavaScript requests that
are endlessly retried in case of blocks. It can also
be used to simulate a slow Internet connection.
Sponsored by: Robert Klemme
- Add a 'trusted-cgi-referrer' directive.
It allows to configure another page or site that can be used
to reach sensitive CGI resources.
Sponsored by: Robert Klemme
- Add a --fuzz mode which exposes Privoxy internals to input
from files or stdout.
Mainly tested with American Fuzzy Lop. For details see:
https://www.fabiankeil.de/talks/fuzzing-on-freebsd/
This work was partially funded with donations and done
as part of the Privoxy month in 2015.
- Consistently use the U(ngreedy) flag in the 'img-reorder' filter.
- listen_loop(): Reuse a single thread attribute object
The object doesn't change and creating a new one for
every thread is a waste of (CPU) time.
Sponsored by: Robert Klemme
- Free csp resources in the thread that belongs to the csp instead
of the main thread which has enough on its plate already.
Sponsored by: Robert Klemme
- Improve 'socket timeout reached' message.
Log the timeout that was triggered and downgrade the
log level to LOG_LEVEL_CONNECT to reduce the log noise
with common debug settings.
The timeout isn't necessary the result of an error and
usually merely indicates that Privoxy's socket timeout
is lower than the relevant timeouts used by client and
server.
Sponsored by: Robert Klemme
- Explicitly taint the server socket in case of CONNECT requests.
This doesn't fix any known problems, but makes
some log messages less confusing.
- Let write_pid_file() terminate if the pid file can't be opened.
Logging the issue at info level is unlikely to help.
- log_error(): Reduce the mutex-protected area by not using a
heap-allocated buffer that is shared between all threads.
This increases performance and reduces the latency with
verbose debug settings and multiple concurrent connections.
Sponsored by: Robert Klemme
- Let zalloc() use calloc() if it's available.
In some situations using calloc() can be faster than
malloc() + memset() and it should never be slower.
In the real world the impact of this change is not
expected to be noticeable.
Sponsored by: Robert Klemme
- Never use select() when poll() is available.
On most platforms select() is limited by FD_SETSIZE while
poll() is not. This was a scaling issue for multi-user setups.
Using poll() has no downside other than the usual risk
that code modifications may introduce new bugs that have
yet to be found and fixed.
At least in theory this commit could also reduce the latency
when there are lots of connections and select() would use
"bit fields in arrays of integers" to store file descriptors.
Another side effect is that Privoxy no longer has to stop
monitoring the client sockets when pipelined requests are
waiting but can't be read yet.
This code keeps the select()-based code behind ifdefs for
now but hopefully it can be removed soonish to make the
code more readable.
Sponsored by: Robert Klemme
- Add a 'reproducible-tarball-dist' target.
It's currently separate from the "tarball-dist" target
because it requires a tar implementation with mtree spec
support.
It's far from being perfect and does not enforce a
reproducible mode, but it's better than nothing.
- Use arc4random() if it's available.
While Privoxy doesn't need high quality pseudo-random numbers
there's no reason not to use them when we can and this silences
a warning emitted by code checkers that can't tell whether or not
the quality matters.
- Show the FEATURE_EXTERNAL_FILTERS status on the status page.
Better late than never. Previously a couple of tests weren't
executed as Privoxy-Regression-Test couldn't detect that the
FEATURE_EXTERNAL_FILTERS dependency was satisfied.
- Ditch FEATURE_IMAGE_DETECT_MSIE.
It's an obsolete workaround we inherited from Junkbuster
and was already disabled by default.
Users that feel the urge to work around issues with
image requests coming from an Internet Explorer version
from more than 15 years ago can still do this using tags.
- Consistently use strdup_or_die() instead of strdup() in
cases where allocation failures aren't expected.
Using strdup_or_die() allows to remove a couple of explicit
error checks which slightly reduces the size of the binary.
- Insert a refresh tag into the /client-tags CGI page when
serving it while a client-specific tag is temporarily enabled.
This makes it less likely that the user ends up
looking at tag state that is out of date.
- Use absolute URLs in the client-tag forms.
It's more consistent with the rest of the CGI page
URLs and makes it more convenient to copy the forms
to external pages.
- cgi_error_disabled(): Use status code 403 and an appropriate response line
- Use a dedicated CGI handler to deal with tag-toggle requests
As a result the /client-tags page is now safe to reach without
trusted Referer header which makes bookmarking or linking to
it more convenient.
Finally, refreshing the /client-tags page to show the
current state can no longer unintentionally repeat the
previous toggle request.
- Don't add a "Connection" header for CONNECT requests.
Explicitly sending "Connection: close" is not necessary and
apparently it causes problems with some forwarding proxies
that will close the connection prematurely.
Reported by Marc Thomas.
- Fix compiler warnings.
- Bug fixes:
- rfc2553_connect_to(): Properly detect and log when poll()
reached the time out. Previously this was logged as:
Could not connect to [...]: No error: 0.
which isn't very helpful.
Sponsored by: Robert Klemme
- add_tag_for_client(): Set time_to_live properly.
Previously the time_to_live was always set for the first tag.
Attempts to temporarily enable a tag would result in enabling
it permanently unless no tag was enabled already.
- Revert r1.165 which didn't perform as advertised.
While the idea was to use "https:// when creating links
for the user manual on the website", the actual effect
was to use "https://" when Privoxy was supposed to serve
the user manual itself.
Reported by Yossi Zahn on Privoxy-devel@.
- socks5_connect(): Fail in case of unsupported address types.
Previously they would not be detected right away and
Privoxy would fail later on with an error message that
didn't make it obvious that the problem was socks-related.
So far, no such problems have actually been reported.
- socks5_connect(): Properly deal with socks replies that
contain IPv6 addresses.
Previously parts of the reply were left unread and
later on treated as invalid HTTP response data.
Fixes#904 reported by Danny Goossen who also provided
the initial version of this patch.
- Action file improvements:
- Unblock 'msdn.microsoft.com/'.
It (presumably) isn't used to serve the kind of ads Privoxy should
block by default but happens to serve lots of pages with URLs that
are likely to result in false positives.
Reported by bugreporter1694 in AF#939.
- Disable gif deanimation for requests tagged with CSS-REQUEST.
The action will ignore content that isn't considered text
anyway and explicitly disabling it makes this more obvious
if "action" debugging (debug 65536) is enabled while
"gif deanimation" debugging (debug 256) isn't.
- Explicitly disable HTML filters for requests with CSS-REQUEST tag.
The filters are unlikely to break CSS files but executing
them without (intentionally) getting any hits is a waste of
cpu time and makes the log more noisy when running with
"debug 64".
- Unblock 'adventofcode.com/'.
Reported by Clint Adams in Debian bug #848211.
Fixes Roland's AF#937.
- Unblock 'adlibris.com'.
Reported by Wyrex in #935
- Unblock .golang.org/
- Add fast-redirects exception for '.youtube.com/.*origin=http'
- Privoxy-Log-Parser:
- Don't gather host and resource statistics if they aren't requested.
While the performance impact seems negligible this significantly
reduces the memory usage if there are lots of requests.
- Bump version as the behaviour (slightly) changed.
- Count connection failures as well in statistics mode.
Sponsored by: Robert Klemme
- Count connection timeouts as well in statistics mode.
Sponsored by: Robert Klemme
- Fix an 'uninitialized value' warning when generating
statistics for a log file without response headers.
While privoxy-log-parser was supposed to detect this already,
the check was flawed and the message the user didn't see was
somewhat confusing anyway.
Now the message is less confusing, more helpful and actually printed.
Reported by: Robert Klemme
- Documentation improvements:
- Refer to the git sources instead of CVS.
- Use GNU/Linux when referring to the OS instead of the kernel.
- Add FAQ entry for what to do if editing the config file is access denied.
- Add brief HTTP/2 FAQ.
- Add a small fuzzing section to the developer documentation.
- Add a client-header-tagger{client-ip-address} example.
- Stop suggesting that Privoxy is an anonymizing proxy.
The term could lead to Privoxy users overestimating
what it can do on its own (without Tor).
- Make it more obvious that SPI accepts Paypal, too.
Currently most donations are made through the Paypal account
managed by Zwiebelfreunde e.V. and a more even distribution
would be useful.
- Suggest to log applying actions as well when reproducing problems.
- Explicitly mention that Privoxy binaries are built by individuals
on their own systems. Buyer beware!
- Mention the release feed on the homepage.
- Remove a mysterious comment with a GNU FDL link as it isn't
useful and could confuse license scanners.
In May 2002 it was briefly claimed that "this document" was covered
by the GNU FDL. The commit message (r1.5) doesn't explain the motivation
or whether all copyright holders were actually asked and agreed to the
declared license change.
It's thus hard to tell whether or not the license change was legit,
but luckily two days later the "doc license" was "put" "back to GPL"
anyway (r1.6).
At the same time the offending comment with a link to the FDL
(not the GPL) was added for no obvious reason.
Now it's gone again.
- Regression tests:
- Bump for-privoxy-version to 3.0.27 as we now rely on untrusted
CGI request being rejected with status code 403 (instead of 200).
- Update test for /send-stylesheet and add another one
- Templates:
- Consistently use https:// when linking to the Privoxy website.
- Remove SourceForge references in Copyright header.
- Remove a couple of SourceForge references in a comment.
While at it, fix the grammar.
- Move the site-specific documentation block before the generic one.
While most Privoxy installations don't have a site-specific
documentation block, in cases were it exists it's likely to
be more relevant than the generic one.
Showing it first makes it less likely that users stop reading
before they reach it, especially on pages that don't fit on
the screen.
- Build system improvements:
- Prefer openjade to jade. On some systems Jade produces
HTML with unescaped ampersands in URLs.
- Prefer OpenSP to SP to be consistent.
- Have Docbook generated HTML files be straight ASCII.
Dealing with a mixture of ISO-8859 and UTF-8 files is problematic.
- Echo the filename to stderr for 'make dok-tidy'.
Make it a bit easier to find errors in docbook generated HTML.
- Warn when still using select().
- Warn when compiling without calloc().
- Make it more obvious that the --with-fdsetsize configure switch
is pointless if poll() is available.
- Remove support for AmigaOS.
- Update windows build system to use supported software.
The cygwin gcc -mno-cygwin option is no longer supported, so
convert the windows build system to use the cygwin cross-compiler
to build "native" code.
- Add --enable-static-linking option for configure
does the same thing as LDFLAGS=-static; ./configure
but nicer than mixing evars and configure options.
4.2
- Fix for old versions of libcurl (build was broken in 4.1 on RHEL / CentOS).
- Add hostname to timeout errors (#190)
4.1
- Fixed typechecking code for new internal macro names in libcurl 7.66
- Rewrite typechecking to work better with clang and old libcurl (#192)
- has_internet() now checks for connectivity via a proxy server if one is detected
- Windows: respect the CURL_SSL_BACKEND variable for people that want to use OpenSSL.
- Windows: respect CURL_CA_BUNDLE if (and only if) CURL_SSL_BACKEND == openssl
- curl_download now writes to a temporary file, which is renamed to the destfile
upon success. This prevents corrupt files when a download fails or is interrupted.
- Automatically set forbid_reuse = TRUE in curl_echo() handles
- Update symbol table to 7.66.0
1.5.4:
Fix display of inline x-editable boolean fields on list view
Add support for several SQLAlchemy-Utils data types
Support searching on SQLAlchemy hybrid properties
Extra URL paramaters are now propagated to the next page when searching / filtering
Add enum34 dependency when running on legacy Python version
Update Mapbox API v1 URL format
Update jQuery and moment dependencies in templates
Fixed a datepicker issue, where only dates up to 2015 were showing up
Updated Pillow dependency version
5.6.1:
Significant Changes
RegExRemove applies to all cells
RegExRemove preprocessor now removes cells regardless of cell outputs. Before this only cells that had outputs were filtered.
Comprehensive notes
New Features
- Add support for alt tags for jpeg and png images
- Allow HTML header anchor text to be HTML
- Change RegExRemove to remove code cells with output
- Added cell tag data attributes to HTML exporter
Fixing Problems
- Update svg2pdf.py to search the PATH for inkscape
- Fix latex dependencies installation command for Ubuntu systems
Testing, Docs, and Builds
- Added Circle CI builds for documentation
- Fix typo in argument name in docstring (TagRemovePreprocessor)
- Changelog typo fix
- Updated API page for TagRemovePreprocessor and TemplateExporter
- Added remove_input_tag traitlet to the docstring
Changes:
2.26.2
======
- Improve performance of querying system fallback fonts.
- Don't use prgname in dbus-proxy socket path.
- Fix thread-safety issues in image decoders.
- Fix the build with WebDriver disabled.
- Disable accelerated compositing when we fail to initialize the EGL
dispaly under Wayland.
- Fill the objects category in emoji picker.
- Fix several crashes and rendering issues.
Go-mux implements a request router and dispatcher for matching
incoming requests to their respective handler.
The name mux stands for "HTTP request multiplexer". Like the standard
http.ServeMux, mux.Router matches incoming requests against a list of
registered routes and calls a handler for the route that matches the
URL or other conditions. The main features are:
It implements the http.Handler interface so it is compatible with the
standard http.ServeMux.
Requests can be matched based on URL host, path, path prefix, schemes,
header and query values, HTTP methods or using custom matchers.
URL hosts, paths and query values can have variables with an optional
regular expression.
Registered URLs can be built, or "reversed", which helps maintaining
references to resources.
Routes can be used as subrouters: nested routes are only tested if the
parent route matches. This is useful to define groups of routes that
share common conditions like a host, a path prefix or other repeated
attributes. As a bonus, this optimizes request matching.
Changes:
7.67.0
------
This release includes the following changes:
o curl: added --no-progress-meter
o setopt: CURLMOPT_MAX_CONCURRENT_STREAMS is new
o urlapi: CURLU_NO_AUTHORITY allows empty authority/host part
This release includes the following bugfixes:
o BINDINGS: five new bindings addded
o CURLOPT_TIMEOUT.3: Clarify transfer timeout time includes queue time
o CURLOPT_TIMEOUT.3: remove the mention of "minutes"
o ESNI: initial build/setup support
o FTP: FTPFILE_NOCWD: avoid redundant CWDs
o FTP: allow "rubbish" prepended to the SIZE response
o FTP: remove trailing slash from path for LIST/MLSD
o FTP: skip CWD to entry dir when target is absolute
o FTP: url-decode path before evaluation
o HTTP3.md: move -p for mkdir, remove -j for make
o HTTP3: fix invalid use of sendto for connected UDP socket
o HTTP3: fix ngtcp2 Windows build
o HTTP3: fix prefix parameter for ngtcp2 build
o HTTP3: fix typo somehere1 > somewhere1
o HTTP3: show an --alt-svc using example too
o INSTALL: add missing space for configure commands
o INSTALL: add vcpkg installation instructions
o README: minor grammar fix
o altsvc: accept quoted ma and persist values
o altsvc: both backends run h3-23 now
o appveyor: Add MSVC ARM64 build
o appveyor: Use two parallel compilation on appveyor with CMake
o appveyor: add --disable-proxy autotools build
o appveyor: add 32-bit MinGW-w64 build
o appveyor: add a winbuild
o appveyor: add a winbuild that uses VS2017
o appveyor: make winbuilds with DEBUG=no/yes and VS 2015/2017
o appveyor: publish artifacts on appveyor
o appveyor: upgrade VS2017 to VS2019
o asyn-thread: make use of Curl_socketpair() where available
o asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris
o build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO defines
o checksrc: fix uninitialized variable warning
o chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error
o cirrus: Increase the git clone depth
o cirrus: Switch the FreeBSD 11.x build to 11.3 and add a 13.0 build
o cirrus: switch off blackhole status on the freebsd CI machines
o cleanups: 21 various PVS-Studio warnings
o configure: only say ipv6 enabled when the variable is set
o configure: remove all cyassl references
o conn-reuse: requests wanting NTLM can reuse non-NTLM connections
o connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT
o connect: silence sign-compare warning
o cookie: avoid harmless use after free
o cookie: pass in the correct cookie amount to qsort()
o cookies: change argument type for Curl_flush_cookies
o cookies: using a share with cookies shouldn't enable the cookie engine
o copyrights: update copyright notices to 2019
o curl: create easy handles on-demand and not ahead of time
o curl: ensure HTTP 429 triggers --retry
o curl: exit the create_transfers loop on errors
o curl: fix memory leaked by parse_metalink()
o curl: load large files with -d @ much faster
o docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag
o docs: added multi-event.c example
o docs: disambiguate CURLUPART_HOST is for host name (ie no port)
o docs: note on failed handles not being counted by curl_multi_perform
o doh: allow only http and https in debug mode
o doh: avoid truncating DNS QTYPE to lower octet
o doh: clean up dangling DOH memory on easy close
o doh: fix (harmless) buffer overrun
o doh: fix undefined behaviour and open up for gcc and clang optimization
o doh: return early if there is no time left
o examples/sslbackend: fix -Wchar-subscripts warning
o examples: remove the "this exact code has not been verified"
o git: add tests/server/disabled to .gitignore
o gnutls: make gnutls_bye() not wait for response on shutdown
o http2: expire a timeout at end of stream
o http2: prevent dup'ed handles to send dummy PRIORITY frames
o http2: relax verification of :authority in push promise requests
o http2_recv: a closed stream trumps pause state
o http: lowercase headernames for HTTP/2 and HTTP/3
o ldap: Stop using wide char version of ldapp_err2string
o ldap: fix OOM error on missing query string
o mbedtls: add error message for cert validity starting in the future
o mime: when disabled, avoid C99 macro
o ngtcp2: adapt to API change
o ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23
o ngtcp2: remove fprintf() calls
o openssl: close_notify on the FTP data connection doesn't mean closure
o openssl: fix compiler warning with LibreSSL
o openssl: use strerror on SSL_ERROR_SYSCALL
o os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr
o parsedate: fix date parsing disabled builds
o quiche: don't close connection at end of stream
o quiche: persist connection details (fixes -I with --http3)
o quiche: set 'drain' when returning without having drained the queues
o quiche: update HTTP/3 config creation to new API
o redirect: handle redirects to absolute URLs containing spaces
o runtests: get textaware info from curl instead of perl
o schannel: reverse the order of certinfo insertions
o schannel_verify: Fix concurrent openings of CA file
o security: silence conversion warning
o setopt: handle ALTSVC set to NULL
o setopt: make it easier to add new enum values
o setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly
o smb: check for full size message before reading message details
o smbserver: fix Python 3 compatibility
o socks: Fix destination host shown on SOCKS5 error
o test1162: disable MSYS2's POSIX path conversion
o test1591: fix spelling of http feature
o tests: add `connect to non-listen` keywords
o tests: fix narrowing conversion warnings
o tests: fix the test 3001 cert failures
o tests: makes tests succeed when using --disable-proxy
o tests: use %FILE_PWD for file:// URLs
o tests: use port 2 instead of 60000 for a safer non-listening port
o tool_operate: Fix retry sleep time shown to user when Retry-After
o travis: Add an ARM64 build
o url: Curl_free_request_state() should also free doh handles
o url: don't set appconnect time for non-ssl/non-ssh connections
o url: fix the NULL hostname compiler warning
o url: normalize CURLINFO_EFFECTIVE_URL
o url: only reuse TLS connections with matching pinning
o urlapi: avoid index underflow for short ipv6 hostnames
o urlapi: fix URL encoding when setting a full URL
o urlapi: fix unused variable warning
o urlapi: question mark within fragment is still fragment
o urldata: use 'bool' for the bit type on MSVC compilers
o vtls: Fix comment typo about macosx-version-min compiler flag
o vtls: fix narrowing conversion warnings
o winbuild/MakefileBuild.vc: Add vssh
o winbuild/MakefileBuild.vc: Fix line endings
o winbuild: Add manifest to curl.exe for proper OS version detection
o winbuild: add ENABLE_UNICODE option
Changelog:
Security fixes:
#CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
#CVE-2019-11758: Potentially exploitable crash due to 360 Total Security
#CVE-2019-11759: Stack buffer overflow in HKDF output
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
#CVE-2019-11761: Unintended access to a privileged JSONView object
#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
#CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
5.5:
Django 3.0 compatibility.
Plugin system for extending the Country object.
5.4:
Renamed Macedonia -> North Macedonia.
Fix an outlying makemigrations error.
Pulled in new translations which were provided but missing from previous version.
Fixed Simplified Chinese translation (needed to be locale/zh_Hans).
Introduce an optional complex format for COUNTRIES_ONLY and COUNTRIES_OVERRIDE to allow for multiple names for a country, a custom three character code, and a custom numeric country code.
3.1.1:
Support the value file:// for origins, which is accidentally sent by some versions of Chrome on Android.
3.1.0:
Drop Python 2 support, only Python 3.5-3.7 is supported now.
Fix all links for move from github.com/ottoyiu/django-cors-headers to github.com/adamchainz/django-cors-headers.
Version 2.0.12:
- Fix too broad suppression of ``unused-argument`` warnings for functions and
methods where the first argument is named ``request``. Now issues warnings
for the rest of the arguments if they are unused.
- Pass arguments of ``scripts/test.sh`` to ``test_func/pytest`` to ease
development.
- Document behavior when ForeignKey fields are referenced as strings.
Django 2.2.7:
Fixed a crash when using a contains, contained_by, has_key, has_keys, or has_any_keys lookup on JSONField, if the right or left hand side of an expression is a key transform.
Prevented migrate --plan from showing that RunPython operations are irreversible when reverse_code callables don’t have docstrings or when showing a forward migration plan.
Fixed migrations crash on PostgreSQL when adding an Index with fields ordering and opclasses.
Restored the ability to override get_FOO_display().
Django 1.11.26:
Fixed a crash when using a contains, contained_by, has_key, has_keys, or has_any_keys lookup on JSONField, if the right or left hand side of an expression is a key transform.
3.6.3:
This release fixes issues introduced with 3.6.2 and the extend backport.
Also fixes an issue with memory lifespan of error_src on the C-API.
Additionally some edge case crashes have also been addressed.
Changelog
Fix compound extend warning
Fix extend being stuck in endless loop
Fix various edge-case segfault crashes
Extend error_src lifetime on c-api context
Fix memory leak in permutation function
Preserve indentation in nested mode
pkgsrc changes:
* Fix the script that initialize PostgreSQL database. Patch for AWL
directory was broken. Add '-U @PGUSER@' to psql command because it
is the default database administrator out of the box.
* Bump revision.
* Try to use pkgsrc clang/clang++ explicitly
Changelog:
Fixed
Fix for an issue that caused some websites or page elements using dynamic JavaScript to fail to load. (Bug 1592136)
Update OpenH264 video plugin for macOS 10.15 users (Bug 1587543)
Title bar no longer shows in full screen view (Bug 1588747)
Changed
OpenH264 video codec version bump for macOS 10.15 users (Bug 1587543)
Changes:
* BREAKING
* Hide some user information via API if user doesn't have enough permission (#8655) (#8658)
* BUGFIXES
* Fix milestone close timestamp (#8728) (#8731)
* Fix deadline on update issue or PR via API (#8699)
* Fix 'New Issue Missing Milestone Comment' (#8678) (#8682)
* Fix 500 when getting user as unauthenticated user (#8653) (#8662)
* Use AppSubUrl for more redirections (#8647) (#8652)
* Add SubURL to redirect path (#8632) (#8634) (#8640)
* Fix#8582 by handling empty repos (#8587) (#8593)
* Fix bug on pull requests when transfer head repository (#8571)
* Add missed close in ServeBlobLFS (#8527) (#8543)
* Return false if provided branch name is empty for IsBranchExist (#8485) (#8492)
* Create .ssh dir as necessary (#8369) (#8486) (#8489)
* Restore functionality for early gits (#7775) (#8476)
* Add check for empty set when dropping indexes during migration (#8475)
* Ensure Request Body Readers are closed in LFS server (#8454) (#8459)
* Ensure that LFS files are relative to the LFS content path (#8455) (#8458)
* SECURITY
* Ignore mentions for users with no access (#8395) (#8484)
* TESTING
* Update heatmap fixtures to restore tests (#8615) (#8617)
Logswan 2.1.1 (2019-10-30)
- Check if system has seccomp in CMakeLists.txt
- Use the HAVE_SECCOMP macro to check whether or not to enable seccomp
- Define and use a GEOIP2DB macro to specify GeoLite2 database name
- Add a switch (-d) to allow specifying path to a GeoIP2 database file
- Define and use a LOGSWAN_SYSCALL_ALLOW macro to make code more readable
- Adding missing #include guard in seccomp.h header file
- Use __NR_ instead of SYS_ prefix in LOGSWAN_SYSCALL_ALLOW
- Fix the build on aarch64 Linux, where the open() syscall does not exist
- Add error checking for both prctl() calls
19.10.1
new: updated docker image scripts
new: add WAMP serializer in use to SessionDetails
fix: partial support for xb buyers/sellers in pypy
fix: remove dependency on "ethereum" package (part of pypy support)
ChangeLog:
Logswan 2.1.0 (2019-10-23)
- Add FALLTHROUGH comments where appropriate
- Add support for parsing HTTP/3 requests
- Add initial seccomp support on Linux, tested on musl and glibc systems
* Offline build is incomplete. However I cannot finish the fix.
Changelog:
New
More privacy protections from Enhanced Tracking Protection:
Social tracking protection, which blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn, is now a standard feature of Enhanced Tracking Protection.
The Privacy Protections report shows an overview, with details, of the trackers Firefox has blocked. It provides consolidated reports from Monitor and Lockwise.
More security protections from Firefox Lockwise, our digital identity and password management tool:
Lockwise for desktop lets you create, update, and delete your logins and passwords to sync across all your devices, including the Lockwise mobile apps and Firefox mobile browsers .
Integrated breach alerts from Firefox Monitor, to alert you when saved logins and passwords are compromised in online data breaches.
Complex password generation, to help you create and save strong passwords for new online accounts.
Improvements to core engine components, for better browsing on more sites
A faster Javascript Baseline Interpreter to handle the modern web’s
large codebases and improve page load performance by as much as 8
percent.
WebRender rolled out to more Firefox for Windows users, now available by default on Windows desktops with integrated Intel graphics cards and resolution of 1920x1200 or less) for improved graphics rendering.
Compositor improvements in Firefox for macOS that reduce power
consumption, speed up page load by as much as 22 percent, and reduce
resource use for video by up to 37 percent.
More browser features to help you get the most out of Firefox products and services
A stand-alone Firefox account menu for easy access to Firefox services like Monitor and Send.
A message panel accessed from the gift icon in the toolbar that offers a quick overview of new releases and key features.
When a website uses your geolocation, an indicator is shown in the
address bar.
Fixed
Various security fixes
Changed
Built-in Firefox pages now follow the system dark mode preference
Aliased theme properties have been removed, which may affect some themes
Passwords can now be imported from Chrome on macOS in addition to existing support for Windows
Readability is now greatly improved on under- or overlined texts, including links. The lines will now be interrupted instead of crossing over a glyph.
Improved privacy and security indicators
A new crossed-out lock icon will indicate sites delivered via
insecure HTTP
The formerly green lock icon is now grey
The Extended Validation (EV) indicator has been moved to the identity
popup that appears when clicking the lock icon
Security fixes:
#CVE-2018-6156: Heap buffer overflow in FEC processing in WebRTC
#CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
#CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
#CVE-2019-11759: Stack buffer overflow in HKDF output
#CVE-2019-11760: Stack buffer overflow in WebRTC networking
#CVE-2019-11761: Unintended access to a privileged JSONView object
#CVE-2019-11762: document.domain-based origin isolation has same-origin-property violation
#CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
#CVE-2019-11765: Incorrect permissions could be granted to a website
#CVE-2019-17000: CSP bypass using object tag with data: URI
#CVE-2019-17001: CSP bypass using object tag when script-src 'none' is specified
#CVE-2019-17002: upgrade-insecure-requests was not being honored for links dragged and dropped
#CVE-2019-11764: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
Changelog:
Sat 26 Oct 2019 06:53:05 PM CEST
Fix regression where MHD would fail to return an empty response
when used with HTTPS.
Releasing libmicrohttpd 0.9.68. -CG/TR
Fri 25 Oct 2019 02:31:59 PM CEST
Introduce MHD_RF_INSANITY_HEADER_CONTENT_LENGTH. -CG
This code is somewhat poorly documented, and highly experimental.
Its the result of a quick bit of hacking to get MetaCPAN::API working
faster via the WWW::Mechanize::Cached module ( and gaining cache
persistence via CHI )
It works so far for this purpose.
At present, only "get" and "request" are implemented, and all other
calls fall through to a native HTTP::Tiny.
Changes with nginx 1.17.5:
*) Feature: now nginx uses ioctl(FIONREAD), if available, to avoid
reading from a fast connection for a long time.
*) Bugfix: incomplete escaped characters at the end of the request URI
were ignored.
*) Bugfix: "/." and "/.." at the end of the request URI were not
normalized.
*) Bugfix: in the "merge_slashes" directive.
*) Bugfix: in the "ignore_invalid_headers" directive.
Thanks to Alan Kemp.
*) Bugfix: nginx could not be built with MinGW-w64 gcc 8.1 or newer.
Changes:
5.2.4:
Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.
5.2.3:
#38415: New Custom Link menu item has a wrong fallback label
#45739: Block Editor: $editor_styles bug.
#45935: A URL in do_block_editor_incompatible_meta_box function does not have classic-editor__forget parameter
#46757: Media Trash: The Bulk Media options when in the Trash shouldn’t provide two primary buttons
#46758: Media Trash: Primary button(s) should be on the left
#46899: Ensure that tables generated by the Settings API have no semantics
#47079: Incorrect version for excerpt_allowed_blocks filter
#47113: Media views: dismiss notice button is invisible
#47145: Feature Image dialog does not follow the dialog pattern
#47190: Twenty Seventeen: Native audio and video embeds have no focus state.
#47340: Twenty Nineteen: Revise Latest Posts block styles to support post content options.
#47386: Fix headings hierarchy in the legacy Custom Background and Custom Header pages
#47390: Improve accessibility of forms elements within some “form-table” forms
#47414: Twenty Seventeen: Button block preview has extra spacing within button
#47458: Fix tab sequence order in the Media attachment browser
#47489: Emoji are substituted in preformatted blocks
#47502: Media modal bottom toolbar cuts-off content in Internet Explorer 11
#47538: Minor Verbiage Update – Switch ‘developer time’ for ‘a developer’
#47543: Twenty Seventeen: buttons don’t change color on hover and focus
#47561: Plugin: View details popup layout issue
#47603: My account toggle on admin bar not visible at high zoom levels
#47604: Undefined variable: locked in wp-admin/edit-form-blocks.php
#47687: Use alt tags for gallery images in editor
#47688: Color hex code in color picker displayed in RTL instead of LTR on RTL install (take 2)
#47693: customizer Color picker should get closed when click on color picker area.
#47723: Adding a custom link in nav-menus.php doesn’t trim whitespace
#47758: Font sizes on installation screen are too small
#47835: PHP requirement always set to null for plugins
#47888: Adding a custom link in menu via Customize doesn’t trim whitespace.
Security Fixes
Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments.
Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.
Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability that for cross-site scripting (XSS) in shortcode previews.
Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.
## 2.3.1 / 2019-10-22
### Security
Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171
## 2.3.0 / unreleased
### Features
* Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
* Expand set of allowed CSS functions. [related to #122]
* Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
* Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
* Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
* Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)
### Bug fixes
* CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [#165] (Thanks, @asok!)
### Deprecations / Name Changes
The following method and constants are hereby deprecated, and will be completely removed in a future release:
* Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use `Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
* Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use `Loofah::Helpers::ActionView::SafeListSanitizer` instead.
* Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.
Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
Nifty Site Manager ("nsm") is a cross-platform framework for managing
and generating websites. Some of its features are:
- it can manage and generate static and dynamic websites.
- it has support for pre/post build/serve scripts to integrate with
cURL, databases, SASS, Grunt, GraphQL, Python Web Server, Live
Server/Reload, and more.
- there is multithreading support
- it is language agnostic, you can use any language you want
(markdown, LATEX, html, xml, css, javascript, php, MySQL, etc)
- it integrates flawlessly with various Javascript and PHP frameworks
- it integrates with Git to clone from and push to various platforms
including AWS, BitBucket, GitHub, GitLab, Netlify, surge.sh, ZEIT Now, etc
- it has a templating system
(upstream)
ChangeLog has too many lines, sorry to omit
(pkgsrc)
- Some VARIABLES introduced to ease further version update
- following two patches dropped
(patch-w3mhack.el)
Compile mew-shimbun.el and mew-w3m.el when
emacs-w3m-mew option is set.
(patch-aclocal.m4)
Don't quote ${EGREP}, it may be set to "grep -E".
- (pkglint) LOCALBASE -> PREFIX
Upstream changes (from NEWS):
== Ruby-GNOME 3.4.1: 2019-10-16
This is a follow-up release of 3.4.0.
=== Changes
==== Ruby/GDK3
* Improvements
* Added support for (({String})) and (({Symbol})) as (({Gdk::Color})).
[GitHub#1286][Reported by rubyFeedback]
* Added support for (({String})) and (({Symbol})) as (({Gdk::RGBA})).
==== Ruby/GObjectIntrospection
* Improvements
* Added support for (({GBytes **})).
=== Thanks
* rubyFeedback
- Switch from FLTK 1.1 to FLTK 1.3 (tested to work with FLTK 1.4 too)
======================
# Changes in HTMLDOC v1.9.7
- Refactored the PRE rendering code to work around compiler optimization bugs
(Issue #349)
- Added support for links with targets (Issue #351)
- Fixed a table rowspan + valign bug (Issue #360)
# Changes in HTMLDOC v1.9.6
- Added support for data URIs (Issue #340)
- HTMLDOC no longer includes a PDF table of contents when converting a single
web page (Issue #344)
- Updated the markdown support with external links, additional inline markup,
and hard line breaks.
- Links in markdown text no longer render with a leading space as part of the
link (Issue #346)
- Fixed a buffer underflow bug discovered by AddressSanitizer.
- Fixed a bug in UTF-8 support (Issue #348)
- PDF output now includes the base language of the input document(s)
(Issue #350)
- Optimized the loading of font widths (Issue #354)
- Optimized PDF page resources (Issue #356)
- Optimized the base memory used for font widths (Issue #357)
- Added proper `­` support (Issue #361)
- Title files can now be markdown.
# Changes in HTMLDOC v1.9.5
- The GUI did not support EPUB output.
- Empty markdown table cells were not rendered in PDF or PostScript output.
- The automatically-generated title page now supports both "docnumber" and
"version" metadata.
- Added support for dc:subject and dc:language metadata in EPUB output from the
HTML keywords and lang values.
- Added support for the subject and language metadata in markdown input.
- Fixed a buffer underflow bug (Issue #338)
- `htmldoc --help` now reports whether HTTPS URLs are supported (Issue #339)
- Fixed an issue with HTML title pages and EPUB output.
# Changes in HTMLDOC v1.9.4
- Inline fixed-width text is no longer reduced in size automatically
(Issue #309)
- Optimized initialization of font width data (Issue #334)
# Changes in HTMLDOC v1.9.3
- Fixed formatting bugs with aligned images (Issue #322, Issue #324)
- Fixed support for three digit "#RGB" color values (Issue #323)
- Fixed character set support for markdown metadata.
- Updated libpng to v1.6.34 (Issue #326)
- The makefiles did not use the CPPFLAGS value (Issue #328)
# Changes in HTMLDOC v1.9.2
- Added Markdown table support.
- Fixed parsing of TBODY, TFOOT, and THEAD elements in HTML files.
# Changes in HTMLDOC v1.9.1
- Fixed monospace font size issue (Issue #309)
- Added support for reproducible builds (Issue #310)
- Added limited support for the HTML 4.0 SPAN element (Issue #311)
- Added (extremely limited) UTF-8 support for input files (Issue #314)
- Fixed buffer underflow for (invalid) short HTML comments (Issue #316)
- Now indent PRE text, by popular request.
- EPUB output now makes sure that `<element property>` is written as
`<element property="property">`.
- Now support both NAME and ID for table-of-contents targets.
# Changes in HTMLDOC v1.9
- Added support for repeating a single header row for tables that span multiple
pages (Issue #16)
- Added support for embedding the current filename/URL in the header or footer
(Issue #50)
- Added EPUB support (Issue #301)
- Added Markdown support (Issue #302)
- Fixed a regression in header/footer image scaling (Issue #303)
- Documentation updates (Issue #305)
- Compiler fixes (Issue #304, Issue #306)
- Fixed a bug when running HTMLDOC as a macOS application.
- Updated the bundled libpng to v1.6.29.
# Changes in HTMLDOC v1.8.30
- Updated documentation to reflect new project page on Github.
- Dropped old CDE and IRIX desktop integration files.
- Cleaned up the GUI and adopted new default text editors for Linux and macOS.
- PAGE BREAK comments at the end of a file in web page mode would lose the
first page (Issue #251)
- Fixed the scaling of header/footer images to limit them to the height of the
header or footer (Issue #273)
- Fixed an issue with the top-level makefile not exiting with an error as
needed (Issue #282)
- Fixed a URL referencing bug when the same hostname but a different port was
used (Issue #290)
- Fixed build issue on macOS (Issue #291)
- Fixed handling of indexed+alpha PNG images (Issue #295)
# Changes in HTMLDOC v1.8.29
- Updated local PNG library to version 1.6.20.
- Updated local JPEG library to version 9b.
- Dropped support for OpenSSL.
- Added configure script support for libjpeg-turbo.
- Updated HTTP code to latest CUPS/ippsample sources.
- Duplex PDF output incorrectly forced an even number of pages
- The table of contents showed the wrong page numbers after headings containing
the "_HD_OMIT_TOC" attribute.
- Fixed reported build issues
- The configure script's --enable-local* options did not work.
# Changes in HTMLDOC v1.8.28
- Updated local zlib to version 1.2.8.
- Updated local PNG library to version 1.6.8.
- Updated local JPEG library to version 9.
- Updated default PDF version to 1.4.
- SECURITY: Fixed three buffer overflow issues when reading AFM files and
parsing page sizes.
- Fixed incompatibility with Fortify's version of strcpy, which does not work
properly with variable-length arrays
- Fixed compilation against PNG library 1.5 or later
- Fixed documentation errors
- Marked Zapf-Dingbats as a standard font
- Fixed GPL license text in GUI
- Fixed a table formatting problem when a column has multiple colspan values
- Fixed parsing of HTML comments
- Fixed potential out-of-bounds read in table-of-contents rendering code
- Fixed handling of image URLs with ampersands in them
- Fixed top/bottom margins for logo and header/footer images
- Fixed image alignment bug
- Fixed X11 build problem
- patch-ab/patch-ac/patch-ad/patch-ae/patch-htmldoc_htmlsep.cxx removed
Already merged upstream
- INSTALL_MAKE_FLAGS removed from Makefile
No longer required (autotools do the right things)
- OpenSSL option removed
OpenSSL support was dropped in version 1.8.29
Always use GnuTLS for "ssl" option
======================
# Changes in HTMLDOC v1.9.7
- Refactored the PRE rendering code to work around compiler optimization bugs
(Issue #349)
- Added support for links with targets (Issue #351)
- Fixed a table rowspan + valign bug (Issue #360)
# Changes in HTMLDOC v1.9.6
- Added support for data URIs (Issue #340)
- HTMLDOC no longer includes a PDF table of contents when converting a single
web page (Issue #344)
- Updated the markdown support with external links, additional inline markup,
and hard line breaks.
- Links in markdown text no longer render with a leading space as part of the
link (Issue #346)
- Fixed a buffer underflow bug discovered by AddressSanitizer.
- Fixed a bug in UTF-8 support (Issue #348)
- PDF output now includes the base language of the input document(s)
(Issue #350)
- Optimized the loading of font widths (Issue #354)
- Optimized PDF page resources (Issue #356)
- Optimized the base memory used for font widths (Issue #357)
- Added proper `­` support (Issue #361)
- Title files can now be markdown.
# Changes in HTMLDOC v1.9.5
- The GUI did not support EPUB output.
- Empty markdown table cells were not rendered in PDF or PostScript output.
- The automatically-generated title page now supports both "docnumber" and
"version" metadata.
- Added support for dc:subject and dc:language metadata in EPUB output from the
HTML keywords and lang values.
- Added support for the subject and language metadata in markdown input.
- Fixed a buffer underflow bug (Issue #338)
- `htmldoc --help` now reports whether HTTPS URLs are supported (Issue #339)
- Fixed an issue with HTML title pages and EPUB output.
# Changes in HTMLDOC v1.9.4
- Inline fixed-width text is no longer reduced in size automatically
(Issue #309)
- Optimized initialization of font width data (Issue #334)
# Changes in HTMLDOC v1.9.3
- Fixed formatting bugs with aligned images (Issue #322, Issue #324)
- Fixed support for three digit "#RGB" color values (Issue #323)
- Fixed character set support for markdown metadata.
- Updated libpng to v1.6.34 (Issue #326)
- The makefiles did not use the CPPFLAGS value (Issue #328)
# Changes in HTMLDOC v1.9.2
- Added Markdown table support.
- Fixed parsing of TBODY, TFOOT, and THEAD elements in HTML files.
# Changes in HTMLDOC v1.9.1
- Fixed monospace font size issue (Issue #309)
- Added support for reproducible builds (Issue #310)
- Added limited support for the HTML 4.0 SPAN element (Issue #311)
- Added (extremely limited) UTF-8 support for input files (Issue #314)
- Fixed buffer underflow for (invalid) short HTML comments (Issue #316)
- Now indent PRE text, by popular request.
- EPUB output now makes sure that `<element property>` is written as
`<element property="property">`.
- Now support both NAME and ID for table-of-contents targets.
# Changes in HTMLDOC v1.9
- Added support for repeating a single header row for tables that span multiple
pages (Issue #16)
- Added support for embedding the current filename/URL in the header or footer
(Issue #50)
- Added EPUB support (Issue #301)
- Added Markdown support (Issue #302)
- Fixed a regression in header/footer image scaling (Issue #303)
- Documentation updates (Issue #305)
- Compiler fixes (Issue #304, Issue #306)
- Fixed a bug when running HTMLDOC as a macOS application.
- Updated the bundled libpng to v1.6.29.
# Changes in HTMLDOC v1.8.30
- Updated documentation to reflect new project page on Github.
- Dropped old CDE and IRIX desktop integration files.
- Cleaned up the GUI and adopted new default text editors for Linux and macOS.
- PAGE BREAK comments at the end of a file in web page mode would lose the
first page (Issue #251)
- Fixed the scaling of header/footer images to limit them to the height of the
header or footer (Issue #273)
- Fixed an issue with the top-level makefile not exiting with an error as
needed (Issue #282)
- Fixed a URL referencing bug when the same hostname but a different port was
used (Issue #290)
- Fixed build issue on macOS (Issue #291)
- Fixed handling of indexed+alpha PNG images (Issue #295)
# Changes in HTMLDOC v1.8.29
- Updated local PNG library to version 1.6.20.
- Updated local JPEG library to version 9b.
- Dropped support for OpenSSL.
- Added configure script support for libjpeg-turbo.
- Updated HTTP code to latest CUPS/ippsample sources.
- Duplex PDF output incorrectly forced an even number of pages
- The table of contents showed the wrong page numbers after headings containing
the "_HD_OMIT_TOC" attribute.
- Fixed reported build issues
- The configure script's --enable-local* options did not work.
# Changes in HTMLDOC v1.8.28
- Updated local zlib to version 1.2.8.
- Updated local PNG library to version 1.6.8.
- Updated local JPEG library to version 9.
- Updated default PDF version to 1.4.
- SECURITY: Fixed three buffer overflow issues when reading AFM files and
parsing page sizes.
- Fixed incompatibility with Fortify's version of strcpy, which does not work
properly with variable-length arrays
- Fixed compilation against PNG library 1.5 or later
- Fixed documentation errors
- Marked Zapf-Dingbats as a standard font
- Fixed GPL license text in GUI
- Fixed a table formatting problem when a column has multiple colspan values
- Fixed parsing of HTML comments
- Fixed potential out-of-bounds read in table-of-contents rendering code
- Fixed handling of image URLs with ampersands in them
- Fixed top/bottom margins for logo and header/footer images
- Fixed image alignment bug
- Fixed X11 build problem
Changelog:
Thu 17 Oct 2019 04:50:52 PM CEST
Integrate 0-byte send() method for uncorking for old FreeBSD/OS X
systems into new mhd_send.c logic for uncorking.
Releasing libmicrohttpd 0.9.67. -CG
Fri 18 Aug 2019 00:00:00 PM UTC
Fixes and optimizations for the setsockopt handling:
* Added: MHD_UPGRADE_ACTION_CORK_ON and MHD_UPGRADE_ACTION_CORK_OFF
to enum MHD_UpgradeAction (turn corking on/off on the underlying
socket).
* Use calls and flags native to the system for corking and
other operations, tested with performance improvements on
FreeBSD, Debian Linux, NetBSD, and cygwin. In particular,
this adds selective usage of MSG_MORE, NODELAY, TCP_NOPUSH,
TCP_CORK. -ng0
Fri 09 Aug 2019 10:07:27 AM CEST
Copy compiler and linker hardening flags from GNUnet (updating
configure.ac). -CG
3.6.2:
Improve pseudo selector handling
Code improvements
Fix various functions arguments
Fix "call" for $function
Check weight argument on invert call
Improve makefile to use dylib extension on MacOS
Fix bug in scale-color with positive saturation
Minor API documentation improvements
Fix selector isInvisible logic
Fix evaluation of unary expressions in loops
Fix attribute selector equality with modifiers
* BUGFIXES
* Highlight issue references (#8101) (#8404)
* Fix bug when migrating a private repository #7917 (#8403)
* Change general form binding to gogs form (#8334) (#8402)
* Fix editor commit to new branch if PR disabled (#8375) (#8401)
* Fix milestone num_issues (#8221) (#8400)
* Allow users with explicit read access to give approvals (#8398)
* Fix commit status in PR #8316 and PR #8321 (#8339)
* Fix API for edit and delete release attachment (#8290)
* Fix assets on release webhook (#8283)
* Fix release API URL generation (#8239)
* Allow registration when button is hidden (#8238)
* MS Teams webhook misses commit messages (backport v1.9) (#8225)
* Fix data race (#8206)
* Fix pull merge 500 error caused by git-fetch breaking behaviors (#8194)
* Fix the SSH config specification in the authorized_keys template (#8193)
* Fix reading git notes from nested trees (#8189)
* Fix team user api (#8172) (#8188)
* Add reviewers as participants (#8124)
* BUILD
* Use vendored go-swagger (#8087) (#8165)
* Fix version-validation for GO 1.13 (go-macaron/cors) (#8389)
* MISC
* Make show private icon when repo avatar set (#8144) (#8175)
3.2.2
* Avoid some reference cycles through tracebacks in httpserver.py
3.2.1
* Handle io.UnsupportedOperation from socket.tell()
3.2.0
* Ensure unicode URLs work in TestApp.
* Make LimitedLengthFile file return empty bytes.
* Protect against accidental close in FieldStorage.
3.1.1
* TestApp.encode_multipart handles bytes filenames and params.
3.1.0
* Allow anything that can read() for a file-like response, not just
a ``file`` instance.
Changes with nginx 1.17.4
*) Change: better detection of incorrect client behavior in HTTP/2.
*) Change: in handling of not fully read client request body when
returning errors in HTTP/2.
*) Bugfix: the "worker_shutdown_timeout" directive might not work when
using HTTP/2.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 and the "proxy_request_buffering" directive.
*) Bugfix: the ECONNABORTED error log level was "crit" instead of
"error" on Windows when using SSL.
*) Bugfix: nginx ignored extra data when using chunked transfer
encoding.
*) Bugfix: nginx always returned the 500 error if the "return" directive
was used and an error occurred during reading client request body.
*) Bugfix: in memory allocation error handling.
Changelog:
Fixed
Fixed download errors for Windows 10 users with Parental Controls enabled (bug 1586228)
Fixed Yahoo mail users being prompted to download files when clicking on emails (bug 1582848)
4.8.1:
* When the html.parser or html5lib parsers are in use, Beautiful Soup
will, by default, record the position in the original document where
each tag was encountered. This includes line number (Tag.sourceline)
and position within a line (Tag.sourcepos). Based on code by Chris
Mayo.
* When instantiating a BeautifulSoup object, it's now possible to
provide a dictionary ('element_classes') of the classes you'd like to be
instantiated instead of Tag, NavigableString, etc.
* Fixed the definition of the default XML namespace when using
lxml 4.4. Patch by Isaac Muse.
* Fixed a crash when pretty-printing tags that were not created
during initial parsing.
* Copying a Tag preserves information that was originally obtained from
the TreeBuilder used to build the original Tag.
* Raise an explanatory exception when the underlying parser
completely rejects the incoming markup.
* Avoid a crash when trying to detect the declared encoding of a
Unicode document.
* Avoid a crash when unpickling certain parse trees generated
using html5lib on Python 3.
3.24.0:
Adds the ability to add custom data to the JWT headers via the headers kwarg when making new tokens or via the jwt_manager.additional_headers_loader decorator. These headers can be accessed in your endpoints via the get_raw_jwt_header function.
Version 0.16.0
Deprecate most top-level attributes provided by the werkzeug module in favor of direct imports. The deprecated imports will be removed in version 1.0.
For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. A deprecation warning will show the correct import to use. werkzeug.exceptions and werkzeug.routing should also be imported instead of accessed, but for technical reasons can’t show a warning.
Upstream changes (from NEWS):
== Ruby-GNOME 3.4.0: 2019-10-10
This is a bug fix release of 3.3.9.
=== Changes
==== Ruby/ATK
* Fixes
* Fixed a typo.
[GitHub#1302][Reported by kojix2]
=== Thanks
* kojix2
== Ruby-GNOME 3.3.9: 2019-10-10
This is a full GLib 2.62.0 support release.
=== Changes
==== Ruby/GLib2
* Improvements
* Deprecated (({GLib::Param::PRIVATE})). Use
(({GLib::Param::STATIC_NAME})) instead.
* Deprecated (({GLib::Param#private?})). Use
(({GLib::Param#static_name?})) instead.
* Added new flags:
* (({GLib::Param::STATIC_NICK}))
* (({GLib::Param::STATIC_BLURB}))
* (({GLib::Param::EXPLICIT_NOTIFY}))
* (({GLib::Param::DEPRECATED}))
* Added new predicates:
* (({GLib::Param#static_nick?}))
* (({GLib::Param#static_blurb?}))
* (({GLib::Param#explicit_notify?}))
* (({GLib::Param#deprecated?}))
* Deprecated (({ruby_gnome2_version})) in `mkmf-gnome`. Use
(({ruby_gnome_version})) instead.
* Added (({rbgobj_gtype_from_ruby()})).
* Added (({rbg_is_object()})).
* Added (({rbg_is_value()})).
* Added (({rbg_is_bytes()})).
* Removed needless const from the return value of
(({rbg_rval2strv()})).
* Removed needless const from the return value of
(({rbg_rval2strv_accept_nil()})).
* Added (({rbg_rval2filenamev()})).
* Added (({rbg_rval2filenamev_accept_nil()})).
* Stopped to define (({GType})) for (({GPollFD})).
==== Ruby/GObjectIntrospection
* Improvements
* Added support for conversion from (({GLib::Bytes})) to
(({[gint8]})) and (({[guint8]})).
* Added more information to inspected result.
==== Ruby/GIO2
* Improvements
* Added support for GLib 2.62.0 or later.
[GitHub#1296][Reported by Mamoru TASAKA]
==== Ruby/GTK3
* Improvements
* Added (({Gtk::TreeModelSort.new})).
[GitHub#1298][Reported by LutzLue]
(({[gint8]})) and (({[guint8]})).
==== Ruby/GStreamer
* Improvements
* Removed all custom callbacks.
* (({Gst::TagList#each})): Changed to yield tag name and tag
values.
=== Thanks
* LutzLue
* Mamoru TASAKA
Core versioning support in *.info.yml files since 8.7.7
Drupal 8.7.7 introduces a new core_version_requirement key to
*.info.yml files, allowing contributed modules to specify specific
versions for Drupal core compatiblity, as well as to indicate that they
are compatible with both Drupal 8 and the forthcoming Drupal 9 release.
See the change record for more details.
Dependency updates
* Several JavaScript dependencies have been updated to resolve
publicly disclosed security issues:
+ nightwatch has been updated to version 1.2.1
+ chromedriver has been updated to version 75.1.0
+ stylelint-no-browser-hacks has been updated to 1.2.1
* Due to a compatibility issue between zend-diactoros 1.8.5 and
psr-http-message-bridge versions prior to 1.1.2, Drupal core's
composer.json has increased the minimum requirement for
psr-http-message-bridge from 1.0 to 1.1.2. This should not affect
sites using the tarball packaged by Drupal.org (which already
supplied version 1.1.2 of the component in Drupal 8.7.7), but may
lead to a dependency update for certain sites maintained with
Composer.
Full release notes available at:
https://www.drupal.org/project/drupal/releases/8.7.8
3.6.2:
Features
- Made exceptions pickleable. Also changed the repr of some exceptions.
- Use Iterable type hint instead of Sequence for Application *middleware*
parameter.
Bugfixes
- Reset the sock_read timeout each time data is received for a
aiohttp.ClientResponse.
- Fix handling of expired cookies so they are not stored in CookieJar.
- Fix misleading message in the string representation of ClientConnectorError;
self.ssl == None means default SSL context, not SSL disabled
- Don't clobber HTTP status when using FileResponse.
Improved Documentation
- Added minimal required logging configuration to logging documentation.
- Update docs to reflect proxy support.
- Fix typo in code example in testing docs.
2.3.0:
* Adjusted ``AsgiHandler`` HTTP body handling to use a spooled temporary file,
rather than reading the whole request body into memory.
As a result, ``AsgiRequest.__init__()`` is adjusted to expect a file-like
``stream``, rather than the whole ``body`` as bytes. Test cases instantiating
requests directly will likely need to be updated to wrap the provided body
in, e.g., `io.BytesIO`.
3.2.2:
Added helpful syntax errors when someone tries to run Beautiful Soup 3
code under Python 3. Added a detailed deprecation warning with
instructions for everyone else.
1.9.4
- **FIX**: :checked rule was too strict with option elements. The specification for :checked does not require an
option element to be under a select element.
- **FIX**: Fix level 4 :lang() wildcard match handling with singletons. Implicit wildcard matching should not
match any singleton. Explicit wildcard matching (* in the language range: *-US) is allowed to match singletons.
Changes:
Use octal mode for -M (patch by dfjoerg)
Add -b backlog option (fixes#2422, patch by aschmitz)
Restrict Unix socket file ownership by default to ug=rw
Add example apparmor spawn-fcgi abstraction
Use autoreconf instead of calling tools manually
Add more flags to extra-warning flags
Check return values of setuid, setgid, setgroups, initgroups, write
Check whether compiler supports wanted CFLAGS (fixes#2235)
Fix resource leaks in failure cases (found with coverity)
Changelog:
A quick overview of what is new:
Remote Wipe allows users and administrators to forcibly clean files from remote devices, for example in case they are stolen.
Nextcloud Text, our new distraction-free, collaborative rich text editor
Improvements to secure view like enforcable watermarks enable virtual data room use
Setup two-factor authentication after first login, admins can create one-time login tokens in the web UI and delegate this to group admins
secure mailbox in Outlook Add-in
LDAP write support makes it possible to manage users from Nextcloud
S3 versioning support, IBM Spectrum Scale integration and Global Scale with Collabora Online
Changelog:
4.0.0
Major Enhancements
Drop ruby 2.3 (#7454)
Drop support for Ruby 2.1 and 2.2 (#6560)
Drop support for older versions of Rouge (#6978)
Drop support for pygments as syntax-highlighter (#7118)
Drop support for Redcarpet (#6987)
Drop support for rdiscount (#6988)
Drop support for jekyll-watch-1.4.0 and older (#7287)
Incorporate relative_url filter in link tag (#6727)
Upgrade kramdown dependency to v2.x (#7492)
Upgrade jekyll-sass-converter to v2.x - Sassc + sourcemaps (#7778)
Upgrade i18n to v1.x (#6931)
Add Jekyll::Cache class to handle caching on disk (#7169)
Cache converted markdown (#7159)
Cache: Do not dump undumpable objects (#7190)
Cache matched defaults sets for given parameters (#6888)
Ignore cache directory (#7184)
Add Site#in_cache_dir helper method (#7160)
Remove 'cache_dir' during jekyll clean (#7158)
Cache parsed Liquid templates in memory (#7136)
Only read layouts from source_dir or theme_dir (#6788)
Allow custom sorting of collection documents (#7427)
Always exclude certain paths from being processed (#7188)
Remove Jekyll::Utils#strip_heredoc in favor of a Ruby > 2.3 built in (#7584)
Incorporate relative_url within post_url tag (#7589)
Remove patch to modify config for kramdown (#7699)
Minor Enhancements
Enhance --blank scaffolding (#7310)
Use jekyll-compose if installed (#6932)
Disable Liquid via front matter (#6824)
Configure cache_dir (#7232)
ISO week date drops (#5981)
Fix custom 404 page for GitHub pages (#7132)
Load config file from within current theme-gem (#7304)
Suggest re-running command with --trace on fail (#6551)
Support for binary operators in where_exp filter (#6998)
Automatically load _config.toml (#7299)
Add vendor folder to a newly installed site's .gitignore (#6968)
Output Jekyll Version while debugging (#7173)
Memoize computing excerpt's relative_path (#6951)
Skip processing posts that can not be read (#7302)
Memoize the return value of Site#documents (#7273)
Cache globbed paths in front matter defaults (#7345)
Cache computed item property (#7301)
Cleanup Markdown converter (#7519)
Do not process Liquid in post excerpt when disabled in front matter (#7146)
Liquefied link tag (#6269)
Update item_property to return numbers as numbers instead of strings (#6608)
Use .markdown extension for page templates (#7126)
Add support for *.xhtml files (#6854)
Allow i18n v0.9.5 and higher (#7044)
Ignore permission error of /proc/version (#7267)
Strip extra slashes via Jekyll.sanitized_path (#7182)
Site template: remove default config for markdown (#7285)
Add a custom inspect string for StaticFile objects (#7422)
Remind user to include gem in the Gemfile on error (#7476)
Search Front matter defaults for Page objects with relative_path (#7261)
Lock use of tzinfo gem to v1.x (#7521, #7562)
Utilize absolute paths of user-provided file paths (#7450)
Detect nil and empty values in objects with where filter (#7580)
Initialize mutations for Drops only if necessary (#7657)
Reduce Array allocations via Jekyll::Cleaner (#7659)
Encode and unencode urls only as required (#7654)
Reduce string allocations with better alternatives (#7643)
Reduce allocations from Jekyll::Document instances (#7625)
Add type attribute to Document instances (#7406)
Reduce allocations from where-filter (#7653)
Memoize SiteDrop#documents to reduce allocations (#7697)
Add PathManager class to cache interim paths (#7732)
Remove warnings and fixes for deprecated config (#7440)
Delegate --profile tabulation to terminal-table (#7627)
Bug Fixes
Security: fix include bypass of EntryFilter#filter symlink check (#7226)
Theme gems: ensure directories aren't symlinks (#7419)
Add call to unused method validate_options in commands/serve.rb (#7122)
Check if scope applies to type before given path (#7263)
Document two methods, simplify one of the methods (#7270)
Check key in collections only if it isn't "posts" (#7277)
Interpolate Jekyll::Page subclass on inspection (#7203)
Measure the no. of times a template gets rendered (#7316)
Reduce array traversal in Jekyll::Reader (#7157)
Re-implement handling Liquid blocks in excerpts (#7250)
Documents should be able to render their date (#7404)
Fix Interpreter warning from Jekyll::Renderer (#7448)
Loggers should accept both numbers and symbols (#6967)
Replace regex arg to :gsub with a string arg (#7189)
Dont write static files from unrendered collection (#7410)
Excerpt handling of custom and intermediate tags (#7382)
Change future post loglevel to warn to help user narrow down issues (#7527)
Handle files with trailing dots in their basename (#7315)
Fix unnecessary allocations via StaticFileReader (#7572)
Don't check if site URL is absolute if it is nil (#7498)
Avoid unnecessary duplication of pages array (#7272)
Memoize Site#post_attr_hash (#7276)
Memoize Document#excerpt_separator (#7569)
Optimize Document::DATE_FILENAME_MATCHER to match valid filenames (#7292)
Escape valid special chars in a site's path name (#7568)
Replace name in Page#inspect with relative_path (#7434)
Log a warning when the slug is empty (#7357)
Push Markdown link refs to excerpt only as required (#7577)
Fix broken include_relative usage in excerpt (#7633)
Initialize and reset glob_cache only as necessary (#7658)
Revert memoizing Site#docs_to_write and #documents (#7684)
Backport #7684 for v3.8.x: Revert memoizing Site#docs_to_write and refactor #documents (#7689)
Backport #7213 and #7633 for v3.8.x: Fix broken include_relative usage in excerpt (#7690)
Don't read symlinks in site.include in safe mode (#7711)
Replace String#=~ with String#match? (#7723)
Update log output for an invalid theme directory (#7679)
Remove configuration of theme sass files from Core (#7290)
Actually conditionally include liquid-c (#7792)
Test number_like regex on stringified property (#7788)
Development Fixes
Upgrade liquid-c to v4.0 (#7375)
Bump RuboCop to v0.71.0 (#7687)
Target Ruby 2.4 syntax (#7583)
Fix: RuboCop offenses (#7769)
Use communicative method parameters (#7566)
Scan assert_equal methods and rectify any offenses with a custom RuboCop cop (#7130)
CI: Test with Ruby 2.6 (#7438)
CI: Test with Ruby 2.6 on AppVeyor (#7518)
CI: Update RuboCop config (#7050)
CI: Add a script to profile docs (#7540)
CI(Appveyor): shallow clone with 5 last commits (#7312)
CI: Test with oldest and latest Ruby only (#7412)
CI: Update excludes for CodeClimate Analyses (#7365)
CI: Lock Travis to Bundler-1.16.2 (#7144)
CI: Bump tested version of JRuby to 9.2.7.0 (#7612)
CI: Do not install docs on updating gems on Travis (#7706)
Update gemspec (#7425)
deps: relax version constraint on classifier-reborn gem (#7471)
deps: update yajl-ruby (#7278)
deps: bump yajl-ruby to v1.4.0 (#6976)
Create symlink only if target is accessible (#7429)
Switch to :install_if for wdm gem (#7372)
Add cucumber feature to test include_relative tag (#7213)
Small benchmark refactoring (#7211)
Fix incorrectly passed arguments to assert_equal (#7134)
fix up refute_equal call (#7133)
Fix RuboCop offences in test files (#7128)
Use assert_include (#7093)
Remember to release docs gem (#7066)
Useless privates removed (#6768)
Load Rouge for TestKramdown (#7007)
Update instructions for releasing docs Gem (#6975)
We are not using Ruby 2.2 anymore (#6977)
Remove unnecessary Jekyll::Page constant (#6770)
Remove unused error class (#6511)
Add a Cucumber feature for post_url tag (#7586)
Generate a "TOTAL" row for build-profile table (#7614)
Refactor Jekyll::Cache (#7532)
Store list of expected extnames in a constant (#7638)
Profile allocations from a build session (#7646)
Update small typo in contributing.md (#7671)
Remove override to Jekyll::Document#respond_to? (#7695)
Update TestTags in sync with Rouge v3.4 (#7709)
Use regexp to filter special entries (#7702)
Reduce Array objects generated from utility method (#7749)
Update mime.types (#7756)
Replace redundant Array#map with Array#each (#7761)
Reduce allocations by using #each_with_object (#7758)
Memoize fallback_data for Drop (#7728)
Use String#end_with? to check if entry is a backup (#7701)
Documentation
Refactor docs (#7205)
Add a link to Giraffe Academy's tutorial (#7325)
Do not advise users to install Jekyll outside of Bundler (#6927)
Remove documentation for using Redcarpet (#6990)
Install Docs that Work on MacOS 10.14 (#7561)
Add Installation Instructions for Ubuntu (#6925)
Don't prompt for sudo when installing with Ubuntu WSL (#6781)
Installation instructions for Fedora (#7198)
Update Windows install docs (#6926)
List all standard liquid filters (#7333)
List all static files variables (#7002)
Improve how to include Rouge stylesheets (#7752)
Mention CommonMark plugins (#7418)
Add TSV to list of supported _data files. (#7168)
How to deploy using pre-push git hook (#7179)
Hosting with AWS Amplify (#7510)
CircleCI deployment through CircleCI v2 (#7024)
GitHub Pages: use themes from other repos (#7112)
Document page.dir and page.name (#7373)
Document custom tag blocks (#7359)
Document converter methods (#7289)
Document {{ page.collection }} (#7430)
Document Jekyll Filters with YAML data (#7335)
Document where Jekyll looks for layouts in a site (#7564)
plugin: liquid tag jekyll-flickr (#6946)
plugin: jekyll-target-blank (#7046)
plugin: json-get. (#7086)
plugin: jekyll-info (#7091)
plugin: jekyll-xml-source (#7114)
plugin: jekyll-firstimage filter (#7127)
plugin: CAT (#7011)
Resources: Statictastic (#7593)
Resources: Bonsai Search (#7543)
Resources: Formspark (#7601)
Resources: Jekpack(#7598)
Resources: formX (#7536)
Resources: 99inbound's Jekyll post (#7348)
Resources: CloudSh (#7497)
Community: DEV Community's Jekyll tag (#7139)
Showcase: developer.spotify.com (#7217)
Showcase: Isomer (#7300)
Add version number for group_by_exp doc (#6956)
Updated nginx configuration for custom-404-page documentation (#6994)
Clarify definition of 'draft' (#7037)
_drafts need to be contained within the custom collection directory (#6985)
Updated to supported version (#7031)
Add Hints for some Improved Travis Config in Doc (#7049)
Update travis-ci.md to point out "this is an example Gemfile" (#7089)
Instructions to view theme’s files under Linux (#7095)
Use a real theme in the example (#7125)
Update docs about post creation (#7138)
Initialize upgrading doc for v4.0 (#7140)
Add version badge for date filters with ordinal (#7162)
Corrected sample usage of postfiles (#7181)
Resolve "Unable to locate package ruby2.4" error (#7196)
Correct stylesheet url in tutorial step 7 (#7210)
Removes quotes from markdown for assets (#7223)
Clarified front matter requirement (#7234)
Explicit location of where to create blog.html (#7241)
Reference the build command options that allows multiple config files (#7266)
Add more issue template(s) and pull request template (#7269)
Suggest sites use OpenSSL instead of GnuTLS for their site's CI (#7010)
Fix broken Contributors link in README.markdown (#7200)
Add title tag to item in RSS template (#7282)
Add link tag to item in RSS template (#7291)
Remove redundant instruction comment (#7342)
Textile is only supported through a converter plugin (#7003)
Add recursive navigation tutorial (#7720)
Remove installation instructions with Homebrew (#7381)
Fix dead link and misleading prose (#7383)
Fix content management section (#7385)
Apply ruby official guide documents (#7393)
Fix group_by_exp filter example (#7394)
Remove alt attribute from a tags (#7407)
Fix BASH code-block in ubuntu.md (#7420)
zlib is missing (#7428)
Fixed unnecessary aticles and pronouns (#7466)
Store SSL key and cert in site source (#7473)
Fix typo in tutorial for converting existing site (#7524)
Check if var exists before include tag (#7530)
Clarify docs on collections regarding the need for front matter (#7538)
Fix incorrect Windows path in themes.md (#7525)
Addresses bundle not found. (#7351)
Update the contribution docs for draft pull requests (#7619)
Data file section adds TSV (#7640)
Indicate where the _sass folder is by default (#7644)
Docs: add version tags to new placeholders (#5981) for permalinks (#7647)
Solve "GitHub Page build failure" in 10-deployment.md (#7648)
fix link to Site Source config (#7708)
Introduce frontmatter in step 2 (#7704)
Add @ashmaroli to Core Team listing (#7398)
Lnk to Tidelift in site's footer (#7377)
Link to OpenCollective backing (#7378
Link to sponsor listing in README (#7405)
Adjust team page listings (#7395)
Updates to CODE OF CONDUCT (v1.4.0) (#7105)
More inclusive writing (#7283)
Update Ruby version used in Travis-CI example (#7783)
Documentation for binary operators in where_exp (#7786)
Adding SmartForms as Forms service (#7794)
Site Enhancements
Better Performance (#7388)
Add some minor improvements to image loading in Showcase page (#7214)
Simplify assigning classname to docs' aside-links (#7609)
Simplify couple of includes in the docs site (#7607)
Avoid generating empty classnames (#7610)
Minimize rendering count (#7343)
Release
Release post for v4.0.0 beta1 (#7716)
Release post for v4.0.0.pre.alpha1 (#7574)
Release post for v3.8.0 (#6849)
Release post for v3.6.3, v3.7.4 and v3.8.4 (#7259)
Post: v4.0 development (#6934)
Changelog:
2.0.1
Bug Fixes
Do not register hooks for documents of type :pages (#94)
Append theme's sass path after all sanitizations (#96)
2.0.0
Major Enhancements
Migrate to sassc gem (#75)
Use and test sassc-2.1.0 pre-releases and beyond (#86)
Drop support for Ruby 2.3 (#90)
Minor Enhancements
Generate Sass Sourcemaps (#79)
Configure Sass to load from theme-gem if possible (#80)
SyntaxError line and filename are set by SassC (#85)
Memoize #jekyll_sass_configuration (#82)
Development Fixes
Target Ruby 2.3 (#70)
Lint with rubocop-jekyll (#73)
Clear out RuboCop TODO (#87)
Cache stateless regexes in class constants (#83)
Add appveyor.yml (#76)
Bug Fixes
Fix rendering of sourcemap page (#89)
2.0.0.pre.beta
Major Enhancements
Migrate to sassc gem (#75)
Drop support for Ruby 2.3 (#90)
Minor Enhancements
Generate Sass Sourcemaps (#79)
Configure Sass to load from theme-gem if possible (#80)
SyntaxError line and filename are set by SassC (#85)
Memoize #jekyll_sass_configuration (#82)
Development Fixes
Target Ruby 2.3 (#70)
Lint with rubocop-jekyll (#73)
Clear out RuboCop TODO (#87)
Cache stateless regexes in class constants (#83)
Add appveyor.yml (#76)
Changelog:
2.6.1
Development Fixes
Test against Jekyll 4.x (#336)
2.6.0
Minor Enhancements
Twitter Image and Title (#330)
Bug Fixes
Do not cache the drop payload for SeoTag (#306)
Update url of schema website (#296)
Development Fixes
Relax version constraint on Bundler (#325)
chore(ci): Add Ruby 2.6, drop Ruby 2.3 (#326)
chore (ci): remove deprecated sudo: false in .travis.yml (#333)
Lint Ruby code with rubocop-jekyll gem (#302)
chore(deps): bump rubocop-jekyll to v0.4 (#320)
chore(deps): bump rubocop-jekyll to v0.3 (#316)
Correct RuboCop offenses in spec files (#319)
Documentation
Rectify error in Usage documentation (#328)
Changelog:
0.12.1
Bug Fixes
Re-introduce Ruby 2.3 support and test Jekyll 3.7+ (#272)
0.12.0
Allow Jekyll v4 (still alpha)
Development Fixes
style: fix offenses in specs (#248)
dev: update CI and style settings (#258)
Enable testing for Windows platform (#265)
Changelog:
Tomcat 9.0.26 (markt)
Oher
Fix: Re-tagged to ensure that the source file for the changelog did not contain an XML byte order mark. (markt)
not released Tomcat 9.0.25 (markt)
Catalina
Fix: Avoid a possible InvalidPathException when obtaining a URI for a configuration file. (markt)
Fix: 63684: Wrapper never passed to RealmBase.hasRole() for given security constraints. (michaelo)
Fix: 63740: Ensure configuration files are loaded correctly when a Host is configured with an xmlBase. Patch provided by uk4sx. (markt)
Fix: Avoid a potential NullPointerException on Service stop if a Service is embedded directly (i.e. with no Server) in an applciation and JNDI is enabled. Patch provided by S. Ali Tokmen. (markt)
Add: Add a new PropertySource implementation, EnvironmentPropertySource, that can be used to do property replacement in configuration files with environment variables. Based on a pull request provided by Thomas Meyer. (markt)
Coyote
Fix: 63682: Fix a potential hang when using the asynchronous Servlet API to write the response body and the stream and/or connection window reaches 0 bytes in size. (markt)
Fix: 63690: Use the average of the current and previous sizes when calculating overhead for HTTP/2 DATA and WINDOW_UPDATE frames to avoid false positives as a result of client side buffering behaviour that causes a small percentage of non-final DATA frames to be smaller than expected. (markt)
Fix: 63706: Avoid NPE accessing https port with plaintext. (remm)
Fix: Correct typos in the names of the configuration attributes overheadDataThreshold and overheadWindowUpdateThreshold. (markt)
Fix: If the HTTP/2 connection requires an initial window size larger than the default, send a WINDOW_UPDATE to increase the flow control window for the connection so that the initial size of the flow control window for the connection is consistent with the increased value. (markt)
Fix: 63710: When using HTTP/2, ensure that a content-length header is not set for those responses with status codes that do not permit one. (markt)
Fix: 63737: Correct various issues when parsing the accept-encoding header to determine if gzip encoding is supported including only parsing the first header found. (markt)
Jasper
Fix: 63724: Correct a regression introduced in 9.0.21 that broke compilation of JSPs in some configurations. (markt)
Web applications
Fix: Correct the source code links on the index page for the ROOT web application to point to Git rather than Subversion. (markt)
Fix: Fix various issues with the Javadoc generated for the documentation web application to enable release builds to be built with Java 10 onwards. (markt)
Fix: 63733: Remove the documentation for the "Additional Components" since they have been remove / merged into the core Tomcat distribution for 9.0.5 onwards. (markt)
Fix: 63739: Correct the invalid Automatic-Module-Name manifest entries for the Tomcat provided JARs included in the Tomcat embedded distribution. (markt)
Fix: Fix a large number of Javadoc and documentation typos. Patch provided by KangZhiDong. (markt)
Fix: Spelling and formatting corrections for the cluster how-to. Pull request provided by Bill Mitchell. (markt)
Other
Add: Expand the coverage and quality of the French translations provided with Apache Tomcat. (remm)
Add: Expand the coverage and quality of the Simplified Chinese translations provided with Apache Tomcat. Includes contributions by leeyazhou and 康智冬. (markt)
Fix: 62140: Additional usage documentation in comments for catalina.[bat|sh]. (markt)
Fix: Fix JSSE_OPTS quoting in catalina.bat. Contributed by Peter Uhnak. (fschumacher)
Update: 63625: Update to Commons Daemon 1.2.1. This corrects several regressions in Commons Daemon 1.2.1, most notably the Windows Service crashing on start when using 32-bit JVMs. (markt)
Fix: 63689: Correct a regression in the fix for 63285 that meant that when installing a service, the service display name was not set. (markt)
Fix: When performing a silent install with the Windows Installer, ensure that the registry entires are added to the 64-bit registry when using a 64-bit JVM. (markt)
Fix: Remove unused i18n messages and associated translations. Patch provided by KangZhiDong. (markt)
Add: Expand the coverage and quality of the Korean translations provided with Apache Tomcat. (woonsan)
2019-08-17 Tomcat 9.0.24 (markt)
Coyote
Code: Remove the code in the sendfile poller that ensured smaller pollsets were used with older, no longer supported versions of Windows that could not support larger pollsets. (markt)
not released Tomcat 9.0.23 (markt)
Catalina
Update: 63627: Implement more fine-grained handling in RealmBase.authenticate(GSSContext, boolean). (michaelo)
Add: 62496: Add option to write auth information (remote user/auth type) to response headers. (michaelo)
Add: 57665: Add support for the X-Forwarded-Host header to the RemoteIpFilter and RemoteIpValve. (markt)
Fix: 63550: Only try the alternateURL in the JNDIRealm if one has been specified. (markt)
Add: 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter (michaelo)
Fix: If an unhandled exception occurs on a asynchronous thread started via AsyncContext.start(Runnable), process it using the standard error page mechanism. (markt)
Fix: Discard large byte buffers allocated using setBufferSize when recycling the request. (remm)
Fix: 63579: Correct parsing of malformed OPTIONS requests and reject them with a 400 response rather than triggering an internal error that results in a 500 response. (markt)
Fix: 63608: Align the implementation of the negative match feature for patterns used with the RewriteValve with the description in the documentation. (markt)
Fix: Avoid a NullPointerException in the CrawlerSessionManagerValve if no ROOT Context is deployed and a request does not map to any of the other deployed Contexts. Patch provided by Jop Zinkweg. (markt)
Fix: 63636: Context.findRoleMapping() never called in StandardWrapper.findSecurityReference(). (michaelo)
Coyote
Code: Refactor the APR poller to always use a single pollset now that the Windows operating systems that required multiple smaller pollsets to be used are no longer supported. (markt)
Fix: 63524: Improve the handling of PEM file based keys and certificates that do not include a full certificate chain when configuring the internal, in-memory key store. Improve the handling of PKCS#1 formatted private keys when configuring the internal, in-memory key store. (markt)
Update: Add callback when finishing the set properties rule in the digester. (remm)
Fix: 63570: Fix regression retrieving local address with the NIO connector. Submitted by Aditya Kadakia. (remm)
Fix: 63568: Avoid error when trying to set tcpNoDelay on socket types that do not support it, which can occur when using the NIO inherited channel capability. Submitted by František Kučera. (remm)
Fix: Correct parsing of invalid host names that contain bytes in the range 128 to 255 and reject them with a 400 response rather than triggering an internal error that results in a 500 response. (markt)
Fix: 63571: Allow users to configure infinite TLS session caches and/or timeouts. (markt)
Fix: 63578: Improve handling of invalid requests so that 400 responses are returned to the client rather than 500 responses. (markt)
Fix: Fix h2spec test suite failure. It is an error if a Huffman encoded string literal contains the EOS symbol. (jfclere)
Add: Connections that fail the TLS handshake will now appear in the access logs with a 400 status code. (markt)
Fix: Timeouts for HTTP/2 connections were not always correctly handled leaving some connections open for longer than expected. (markt)
Fix: 63650: Refactor initialisation for JSSE based TLS connectors to enable custom JSSE providers that provide custom cipher suites to be used. (markt)
Add: Expand the HTTP/2 excessive overhead protection to cover various forms of abusive client behaviour and close the connection if any such behaviour is detected. (markt)
Fix: Fix a crash on shutdown with the APR/native connector when a blocking I/O operation was still in progress when the connector stopped. (markt)
Cluster
Fix: Avoid failing Kubernetes membership (and preventing startup) if the stream cannot be opened, to get the same behavior as the DNS based membership. The namespace is still a failure on startup but it is easy to provide. (remm)
Fix: Avoid non fatal NPEs with Tribes when JMX is not available. (remm)
Fix: Make Kube environment optional for Kube memberships, for easier testing and Graal training. A warn log will occur if the environment is not present. (remm)
Web applications
Fix: 63597: Update the custom 404 error page for the Host Manager to take account of previous refactoring so that the page is used for 404 errors rather than falling back to the default error page. (markt)
Other
Fix: JNDI support for GraalVM native images. (remm)
Fix: JSP runtime library support for GraalVM native images. (remm)
Fix: java.util.logging configuration for GraalVM native images. (remm)
Update: Update Checkstyle to 8.22. (markt)
Update: 62696: The digital signature for the Windows installer now uses SHA-256 for hashes. (markt)
Update: 63310: Update to Commons Daemon 1.2.0. This provides improved support for Java 11. This also changes the user configured by the Windows installer for the Windows service from Local System to the lower privileged Local Service. (markt)
Fix: 55969: Tighten up the security of the Apache Tomcat installation created by the Windows installer. Change the default shutdown port used by the Windows installer from 8005 to -1 (disabled). Limit access to the chosen installation directory to local administrators, Local System and Local Service. (markt)
Add: Expand the coverage and quality of the French translations provided with Apache Tomcat. (remm)
Add: 63285: Add an option to service.bat so that when installing a Windows service, the name of the executables used by the Windows service may be changed to match the service name. This makes the installation behaviour consistent with the Windows installer. The original executable names will be restored when the Windows service is removed. The renaming can be enabled by using the new --rename option after the service name. (markt)
Fix: 63567: Restore the passing of $LOGGING_MANAGER to the jvm in catalina.sh when calling stop. (markt)
Fix: Correct broken OSGi data in JAR file manifests. (markt)
Fix: Add "embed" to the Bundle-Name and Bundle-Symbolic-Name for the Tomact embedded WebSocket JAR to align the naming with the other embedded JARs and to differentiate it from the standard WebSocket JAR that does not include the API classes. (markt)
Fix: 63555: Add Automatic-Module-Name entries for each of the Tomcat provided JARs included in the Tomcat embedded distribution. (markt)
Update: Update dependency on bnd to 4.2.0. (markt)
Update: Update the internal fork of Commons Codec to 3ebef4a (2018-08-01) to pick up the fix for CODEC-134. (markt)
Update: Update the internal fork of Commons Pool2 to 796e32d (2018-08-01) to pick up the changes Commons Pool2 2.7.0. (markt)
Update: Update the internal fork of Commons DBCP2 to 87d9e3a (2018-08-01) to pick up the changes Commons DBCP2 2.7.0 and DBCP-555. (markt)
Update: 63648: Update the test TLS keys and certificates used in the test suite to replace the keys and certificates that are about to expire. (markt)
Changelog:
Fixed
Fixed a crash when editing files on Office 365 websites (bug 1579858)
Fixed detection of the Windows 10 Parental Controls feature being enabled (bug 1584613)
Fixed a Linux-only crash when changing the playback speed while watching YouTube videos (bug 1582222)
3.6.1:
Features
- Compatibility with Python 3.8.
Bugfixes
- correct some exception string format
- Emit a warning when ``ssl.OP_NO_COMPRESSION`` is
unavailable because the runtime is built against
an outdated OpenSSL.
- Update multidict requirement to >= 4.5
Improved Documentation
- Provide pytest-aiohttp namespace for pytest fixtures in docs.
Upstream changes:
5.9010 - 2019-04-25
- updated stale urls
- numerous typo fixes
- many pod syntax fixes
- other pod syntax cleanup
- added references to the RT issues queue, mailing list, and irc channel
Update DEPENDS
Upstream changes:
0.37 - 2019-04-28
- fix Makefile.PL when current directory not in @INC (perl 5.26+)
- convert from Module::Install to Distar for release tooling
- Drop unneeded prerequisite on YAML
c-icap-modules-0.5.3 changes
- Add support for ClamAV 0.101.x
- Bug fix: use url-decoded string as filename on viralator mode
c-icap-modules-0.5.2 changes
- virus_scan: Add the counter AV_SCAN_FAILURES to count scan engine failures
- virus_scan: fix error handling when PassOnError is set to on
- virus_scan: Report correctly the X-Violations-Found header and the virus_scan:viruses-list attribute.
- url_check: Fix misplaced space in added headers using the HttpHeaderReplace and HttpHeaderAdd* rules
c-icap-modules-0.4.5 changes
- Fixes to compile with the c-icap-0.5.x releases
c-icap-0.5.5 changes
- c-icap may crash with a SIGBUS while using mmap to map files to memory.
- Fix multiple brotli decoding bugs
- c-icap-client does not send the ";ieof" preview termination sequence when sends zero sized files
c-icap-0.5.4 changes
- Bug fix: IPv6 address can not be used on Port configuration parameter
- Mark as deprecated the tls-method TlsPort option
- Bug fix: c-icap fails to decompress zero-sized files compressed with brotli
c-icap-0.5.2 changes
- Document the forceUnload=off option for Service/Module configuration parameter
- Bug fix: c-icap crashes when converting ci_simple_file_t to a memory object
- ci_headers_value* functions should remove spaces at the beginning of the returned value
c-icap-0.5.1 changes
The 0.5.1 release has the following new major features :
* TLS/SSL support. This feature sponsored by Ergon Informatik AG.
* A non-blocking ICAP client API. This feature sponsored by Ergon Informatik AG.
* Allow 204 response on preview handler even if the ICAP client does not support preview.
* New API functions.
Major bugs fixed:
* c-icap crashes on shutdown or on reconfigure, because of unloaded c++ dynamic libraries. The new release accepts the forceUnload=off parameter to Module and Service configuration parameters to force c-icap to not actually unload dynamic libraries on reconfigure, or shutdown.
New configuration parameters:
* FakeAllow204
* TlsPort
* TlsPassphrase
2.2.3
Changes:
- Fix: admin widgets, fix import of static template tag (part 2)
2.2.2
Changes:
- Fix: autoslugfield, find unique method overrideable
- Fix: notes, do not replace dot in template dirs
- Fix: admin widgets, fix import of static template tag
- Improvement: print_user_for_session, use session backend
- Improvement: sqlcreate, postgis support
- Improvement: graph_models, permit combination of includes and excludes
- Improvement: Adds missing GIS engine to DEFAULT_MYSQL_ENGINES
- Improvement: sqldiff, use lowercase field names in MySQL
- Improvement: sqldiff, mysql code could duplicate AUTO_INCREMENT and UNSIGNED statements
1.25.6:
* Fix issue where tilde (``~``) characters were incorrectly
percent-encoded in the path.
1.25.5:
* Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which
caused certificate verification to be enabled when using ``cert_reqs=CERT_NONE``.
1.25.4:
* Propagate Retry-After header settings to subsequent retries.
* Fix edge case where Retry-After header was still respected even when
explicitly opted out of.
* Remove dependency on ``rfc3986`` for URL parsing.
* Fix issue where URLs containing invalid characters within ``Url.auth`` would
raise an exception instead of percent-encoding those characters.
* Add support for ``HTTPResponse.auto_close = False`` which makes HTTP responses
work well with BufferedReaders and other ``io`` module features.
* Percent-encode invalid characters in URL for ``HTTPConnectionPool.request()``
Changelog:
Tomcat 8.5.46 (markt)
Catalina
Fix: 63684: Wrapper never passed to RealmBase.hasRole() for given security constraints. (michaelo)
Fix: Avoid a potential NullPointerException on Service stop if a Service is embedded directly (i.e. with no Server) in an applciation and JNDI is enabled. Patch provided by S. Ali Tokmen. (markt)
Add: Add a new PropertySource implementation, EnvironmentPropertySource, that can be used to do property replacement in configuration files with environment variables. Based on a pull request provided by Thomas Meyer. (markt)
Coyote
Fix: 63682: Fix a potential hang when using the asynchronous Servlet API to write the response body and the stream and/or connection window reaches 0 bytes in size. (markt)
Fix: 63690: Use the average of the current and previous sizes when calculating overhead for HTTP/2 DATA and WINDOW_UPDATE frames to avoid false positives as a result of client side buffering behaviour that causes a small percentage of non-final DATA frames to be smaller than expected. (markt)
Fix: 63706: Avoid NPE accessing https port with plaintext. (remm)
Fix: Correct typos in the names of the configuration attributes overheadDataThreshold and overheadWindowUpdateThreshold. (markt)
Fix: If the HTTP/2 connection requires an initial window size larger than the default, send a WINDOW_UPDATE to increase the flow control window for the connection so that the initial size of the flow control window for the connection is consistent with the increased value. (markt)
Fix: 63710: When using HTTP/2, ensure that a content-length header is not set for those responses with status codes that do not permit one. (markt)
Fix: 63737: Correct various issues when parsing the accept-encoding header to determine if gzip encoding is supported including only parsing the first header found. (markt)
Web applications
Fix: Correct the source code links on the index page for the ROOT web application to point to Git rather than Subversion. (markt)
Fix: Fix various issues with the Javadoc generated for the documentation web application to enable release builds to be built with Java 10 onwards. (markt)
Fix: Fix a large number of Javadoc and documentation typos. Patch provided by KangZhiDong. (markt)
Fix: Spelling and formatting corrections for the cluster how-to. Pull request provided by Bill Mitchell. (markt)
Other
Fix: Back-port various corrections and improvements to the English versions of the i18n messages. (markt)
Add: Include the available German translations in the standard Tomcat distribution. Back-port additions and updates to the German i18n messages. (markt)
Fix: Back-port various corrections and improvements to the Spanish i18n messages. (markt)
Fix: Back-port various corrections and improvements to the French i18n messages. (markt)
Fix: Back-port various corrections and improvements to the Japanese i18n messages. (markt)
Fix: Back-port various corrections and improvements to the Russian i18n messages. (markt)
Add: Add Korean translations to the standard Tomcat distribution. (markt)
Add: Add Simplifed Chinese translations to the standard Tomcat distribution. (markt)
Fix: 62140: Additional usage documentation in comments for catalina.[bat|sh]. (markt)
Fix: Fix JSSE_OPTS quoting in catalina.bat. Contributed by Peter Uhnak. (fschumacher)
Update: 63625: Update to Commons Daemon 1.2.1. This corrects several regressions in Commons Daemon 1.2.1, most notably the Windows Service crashing on start when using 32-bit JVMs. (markt)
Fix: 63689: Correct a regression in the fix for 63285 that meant that when installing a service, the service display name was not set. (markt)
Fix: When performing a silent install with the Windows Installer, ensure that the registry entires are added to the 64-bit registry when using a 64-bit JVM. (markt)
Fix: Remove unused i18n messages and associated translations. Patch provided by KangZhiDong. (markt)
2019-08-21Tomcat 8.5.45 (markt)
Coyote
Code: Remove the code in the sendfile poller that ensured smaller pollsets were used with older, no longer supported versions of Windows that could not support larger pollsets. (markt)
not releasedTomcat 8.5.44 (markt)
Catalina
Add: 62258: Don't trigger the standard error page mechanism when the error has caused the connection to the client to be closed as no-one will ever see the error page. (markt)
Update: 63627: Implement more fine-grained handling in RealmBase.authenticate(GSSContext, boolean). (michaelo)
Add: 62496: Add option to write auth information (remote user/auth type) to response headers. (michaelo)
Add: 51497: Add an option, ipv6Canonical, to the AccessLogValve that causes IPv6 addresses to be output in canonical form defined by RFC 5952. (ognjen/markt)
Add: 57665: Add support for the X-Forwarded-Host header to the RemoteIpFilter and RemoteIpValve. (markt)
Fix: 63550: Only try the alternateURL in the JNDIRealm if one has been specified. (markt)
Add: 63556: Mark request as forwarded in RemoteIpValve and RemoteIpFilter (michaelo)
Fix: If an unhandled exception occurs on a asynchronous thread started via AsyncContext.start(Runnable), process it using the standard error page mechanism. (markt)
Fix: Discard large byte buffers allocated using setBufferSize when recycling the request. (remm)
Fix: 63579: Correct parsing of malformed OPTIONS requests and reject them with a 400onse rather than triggering an internal error that results in a 500 response. (markt)
Fix: Correct version information in X-Powered-By header. (markt)
Fix: 63608: Align the implementation of the negative match feature for patterns used with the RewriteVx: Avoid a NullPointerException in the CrawlerSessionManagerValve if no ROOT Context is deployed and a request does not map to any of the other deployed Contexts. Patch provided by Jop Zinkweg. (markt)
Fix: 63636: Context.findRoleMapping() never called 3524: Improve the handling of PEM file based keys and certificates that do not include a full certificate chain when configuring the internal, in-memory key store. Improve the handling of PKCS#1 formatted private keys when configuring the internal, in-memying to set tcpNoDelay on socket types that do not support it, which can occur when using the NIO inherited channel capability. Submitted by František Kučera. (remm)
Fix: Correct parsing of invalid host names that contain bytes in the range 128 to 255 or that results in a 500 response. (markt)
Fix: 63571: Allow users to configure infinite TLS session caches and/or timeouts. (markt)
Fix: 63578: Improve handling of invalid requests so that 400 responses are returned to the client rather than 500 respon an error if a Huffman encoded string literal contains the EOS symbol. (jfclere)
Add: Connections that fail the TLS handshake will now appear in the access logs with a 400 status code. (markt)
Fix: Timeouts for HTTP/2 connections were not always correctnger than expected. (markt)
Add: Expand the HTTP/2 excessive overhead protection to cover various forms of abusive client behaviour and close the connection if any such behaviour is detected. (markt)
Fix: Fix a crash on shutdown with the APR/native connress when the connector stopped. (markt)
Web applications
Fix: 63597: Update the custom 404 error page for the Host Manager to take account of previous refactoring so that the page is used for 404 errors rather than falling back to the default error pagebat so that when installing a Windows service, by default, it changes the name of the executables used by the Windows service to match the service name. This makes the installation behaviour consistent with the Windows installer. The original executable nhe renaming can be disabled by using the new --no-rename option after the service name. (markt)
Update: Switch from Checkstyle to the JRE6 backport and update to version 8.22. This allows Tomcat 8.5 to use the newer Checkstyle releases while still buildi digital signature for the Windows installer now uses SHA-256 for hashes. (markt)
Update: 63310: Update to Commons Daemon 1.2.0. This provides improved support for Java 11. This also changes the user configured by the Windows installer for the Windows seer privileged Local Service. (markt)
Fix: 55969: Tighten up the security of the Apache Tomcat installation created by the Windows installer. Change the default shutdown port used by the Windows installer from 8005 to -1 (disabled). Limit access to the cho local administrators, Local System and Local Service. (markt)
Add: 63285: Add an option to service.bat so that when installing a Windows service, the name of the executables used by the Windows service may be changed to match the service name. This maksistent with the Windows installer. The original executable names will be restored when the Windows service is removed. The renaming can be enabled by using the new --rename option after the service name. (markt)
Fix: 63567: Restore the passing of $LOGGIsh when calling stop. (markt)
Update: Update the internal fork of Commons Codec to 3ebef4a (2018-08-01) to pick up the fix for CODEC-134. (markt)
Update: Update the internal fork of Commons Pool2 to 796e32d (2018-08-01) to pick up the changes Commons Poe the internal fork of Commons DBCP2 to 87d9e3a (2018-08-01) to pick up the changes Commons DBCP2 2.7.0 and DBCP-555. (markt)
Update: 63648: Update the test TLS keys and certificates used in the test suite to replace the keys and certificates that are about to expire. (markt)
Django 2.2.6:
Fixed migrations crash on SQLite when altering a model containing partial indexes.
Fixed a regression in Django 2.2.4 that caused a crash when filtering with a Subquery() annotation of a queryset containing JSONField or HStoreField.
