Selenium 3.9.0
* Add docstrings to WebElement find methods
* Additional data in unexpected alert error is now handled for w3c drivers
* Allow service_args to be passed into Firefox WebDriver
* Fix bug introduced with response logging in 3.8.1
"google-apitools" is a collection of utilities to make it easier to build
client-side tools, especially those that talk to Google APIs.
Part of PR pkg/52941.
Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Django was designed to make common Web-development
tasks fast and easy.
Version 1.1:
* Add Deprecations for 2.0
* Improve IsoDateTimeField test clarity
* Fix form attr references in tests
* Simplify tox config, drop python 3.3 & django 1.8
* Make get_filter_name a classmethod, allowing it to be overriden for each FilterClass
* Support active timezone
* Docs Typo: django_filters -> filters in docs
* Add Polish translations for some messages
* Remove support for Django 1.9 (EOL)
* Use required attribute from field when getting schema fields
* Prevent circular ImportError hiding for rest_framework sub-package
* Deprecate 'extra' field attrs on Filter
* Add SuffixedMultiWidget
* Fix null filtering for *Choice filters
* Use isort on imports
* Use urlencode from django.utils.http
* Remove OrderingFilter.help_text
* Update DRF test dependency to 3.6
3.5.0
* Allow for object uploads > 5GB from stdin.
When uploading from standard input, swiftclient will turn the upload
into an SLO in the case of large objects. By default, input larger
than 10MB will be uploaded as an SLO with 10MB segment sizes. Users
can also supply the --segment-size option to alter that
threshold and the SLO segment size. One segment is buffered in
memory (which is why 10MB default was chosen).
* The --meta option can now be set on the upload command.
* Updated PyPy test dependency references to be more accurate
on different distros.
* Various other minor bug fixes and improvements.
1.11.10:
CVE-2018-6188: Information leakage in AuthenticationForm
A regression in Django 1.11.8 made AuthenticationForm run its confirm_login_allowed() method even if an incorrect password is entered. This can leak information about a user, depending on what messages confirm_login_allowed() raises. If confirm_login_allowed() isn’t overridden, an attacker enter an arbitrary username and see if that user has been set to is_active=False. If confirm_login_allowed() is overridden, more sensitive details could be leaked.
This issue is fixed with the caveat that AuthenticationForm can no longer raise the “This account is inactive.” error if the authentication backend rejects inactive users (the default authentication backend, ModelBackend, has done that since Django 1.10). This issue will be revisited for Django 2.1 as a fix to address the caveat will likely be too invasive for inclusion in older versions.
Bugfixes:
Fixed incorrect foreign key nullification if a model has two foreign keys to the same model and a target model is deleted.
Fixed a regression where contrib.auth.authenticate() crashes if an authentication backend doesn’t accept request and a later one does.
Fixed crash when entering an invalid uuid in ModelAdmin.raw_id_fields
Upstream changes:
The following important issues are resolved in 8.4.4 (in addition to the dozens of other fixes listed at the end of this post):
[PHP 7.2] count() parameter must be an array or an object that implements Countable. Drupal 8.4.4 still has one remaining critical bug on PHP 7.2 which will be fixed by Drupal 8.5.0, to be released March 7 2018.
Concurrently editing two translations of a node may result in data loss for non-translatable fields
Known issues
There are no known regressions in this release.
Important: If you have not already upgraded to 8.4.0, read the Drupal 8.4.0 release notes before upgrading to 8.4.4. Drupal 8.4 includes major version updates for Symfony, jQuery, and jQuery UI and is no longer compatible with older versions of Drush.
Drupal 8 currently has one remaining critical bug on PHP 7.2 which will be fixed by Drupal 8.5.0, to be released March, 7 2018.
Search the issue queue for all known issues.
All changes since the last release
#2894068 by Jo Fitzgerald, davidsickmiller, alexpott, heddn, Yogesh Pawar, quietone, xjm: datetime_type is not set correctly when migrating datetime fields from D7
#2930715 by alexpott, dawehner: Recursive rebuild caused by installing admin_toolbar_tools module
#2837022 by hchonov, xjm, vlad.dancer, plach, matsbla, Gábor Hojtsy: Concurrently editing two translations of a node may result in data loss for non-translatable fields
#2933125 by Tessa Bakker: Case mismatch in ExportForm.php
#2323459 by harsha012, jhodgdon, joachim: Change wording of annotation keys to properties
#2840257 by kiamlaluno: The documentation makes reference to a function that doesn't exist
#2779921 by kiamlaluno, alexpott: hook_field_widget_form_alter() still reference a hook that is not used anymore
#2931294 by claudiu.cristea, Wim Leers: Timestamp field type misses schema for value
#2923884 by mfernea: Fix 'Squiz.WhiteSpace.SemicolonSpacing' coding standard
#2899708 by gaurav.kapoor, tan33sh, tedbow, droplet, Wim Leers: `quote` should be `blockquote` in off-canvas.base.css
#2932154 by jhedstrom: ModerationInformation::getLatestRevisionId returns access-specific results
#2932551 by jeqq: Error when calling ModerationStateFieldItemList::updateModeratedEntity() if the entity doesn't have workflow
#2346893 by lauriii, idebr, slashrsm, RavindraSingh, Rade, Fabianx, alexpott, swentel, gauravjeet, darrenwh, deepak_zyxware, joelpittet, Wim Leers, Yogesh Pawar, Vj, ivan.chavarro, josephdpurcell, josmera01, rloos289, kattekrab, Tanvish Jha, csakiistvan, xjm, larowlan, akalata: Duplicate AJAX wrapper around a file field
#2921033 by Jo Fitzgerald, masipila, phenaproxima, xjm, Wim Leers: Improve API documentation of DrupalSqlBase source plugin
#2862671 by masipila, Jo Fitzgerald, kleog, phenaproxima, quietone: Add documentation to SqlBase source plugin
#2930072 by vaplas, Lendude: Module: Convert system functional tests to phpunit
#2913864 by Jo Fitzgerald, chiranjeeb2410, matslats, phenaproxima: badly constructred link in drupal_set_message
#2928846 by alexpott, Berdir: [PHP 7.2] count() parameter must be an array or an object that implements Countable
#1489692 by Liam Morland, pfrenssen, YesCT, geekinpink, sudishth, josmera01, David_Rothstein: Incorrect handling of file upload limit exceeded - file widget disappears
#2914938 by timmillwood, RajabNatshah, xjm, Manuel Garcia, amateescu, Wim Leers: Preview of content - Notice: Undefined offset: 0 in _quickedit_entity_is_latest_revision() (line 196 of core/modules/quickedit/quickedit.module)
#2880445 by pjcdawkins, japerry, gargsuchi, q0rban: Config sync should not throw a warning when not being writable
#2927636 by alexpott, Mile23, Mixologic: Backport --supress-deprecations to run-tests.sh 8.4.x
#2928778 by plach: Exception when trying to save a new revision after manually setting the original revision ID
#2929464 by tedbow, mpdonadio: Tests under "core/modules/ckeditor/tests/modules/src/Kernel" are in the wrong folder and do not get tested
#2795317 by hswong3i, alexpott, Lendude, bircher, dawehner, martin107, Jo Fitzgerald, mondrake: Allow PHPUnit 6+ support for object mocking
#2862745 by masipila, quietone: Add documentation to EntityFieldInstance destination plugin
#2862746 by masipila, quietone, phenaproxima: Add documentation to EntityFieldStorageConfig destination plugin
#2927844 by Jo Fitzgerald, quietone, heddn: Correct references to 'iterator' plugin to be 'sub_process'
#2927563 by tstoeckler, amateescu: Aggregator feed "refresh" field should have a default value
#2927569 by tstoeckler, amateescu: Various tests do not set values for required field when creating entities
#2862207 by kalpaitch, jmmarquez, jeetendrakumar: Config import change profile message
#2923886 by mfernea: Fix 'Squiz.WhiteSpace.LanguageConstructSpacing' coding standard
Revert "Issue #2929076 by marcoscano: Fix wrong \Drupal\Core\Entity\EntityTypeInterface::getBundleLabel() docblock"
#2929076 by marcoscano: Fix wrong \Drupal\Core\Entity\EntityTypeInterface::getBundleLabel() docblock
#2927758 by Wim Leers, dagmar: Update DbLogResourceTest to use the ResourceTestBase base class instead of the deprecated RESTTestBase
#2717965 by Yogesh Pawar, pguillard, alexpott, Liam Morland, skylord, oxy86, cilefen, balagan, Anthony Fok: Site name is not UTF-8 encoded in email headers
Changes:
- Fix potential memory bug in curl() when doubling the buffer is
insufficient.
- Added unit test for curl_echo() to post large multipart data.
- Fix IDN unit test error "string has forbidden bi-directional
properties"
Notable changes:
- Use a loop to preload anonymous inner classes when running under a SecurityManager, to be safe for future changes in the code or using a different compiler. (kkolinko)
- Implement a small optimisation to how JAR URLs are processed to reduce the storage of duplicate String objects in memory. Patch provided by Dmitri Blinov. (markt)
Full changelog:
https://tomcat.apache.org/tomcat-7.0-doc/changelog.html
Notable changes:
- Correct a regression in the previous fix for 61916 that meant that any call to addHeader() would have been replaced with a call to setHeader() for all requests mapped to the AddDefaultCharsetFilter. (markt)
- Improve handling for ByteChunk and CharChunk instances that grow close to the maximum size allowed by the JRE. (markt)
Full changelog:
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html
* Fix build under netbsd-7, PR pkg/52956
Changelog:
Fix Mozilla Foundation Security Advisory 2018-05:
Arbitrary code execution through unsanitized browser UI
When using certain non-default security policies on Windows (for
example with Windows Defender Exploit Protection or Webroot security
products), Firefox 58.0 would fail to load pages (bug 1433065).
Version 0.9:
Fix: TypeError: 'NamesConsumer' object does not support indexing
Fix: resolve ForeignKey models specified as strings instead of class names
(Based on wip/*passenger.)
Phusion Passenger is a web server and application server,
designed to be fast, robust and lightweight. It supports Ruby,
Python, Node.js and Meteor.
1.19.0:
- Add a workaround for CPython segfault (https://bugs.python.org/issue32583)
which affect w3lib.encoding functions. This is technically **backwards
incompatible** because it changes the way non-decodable bytes are replaced
(in some cases instead of two ``\ufffd`` chars you can get one).
As a side effect, the fix speeds up decoding in Python 3.4+.
- Add 'encoding' parameter for w3lib.http.basic_auth_header.
- Fix pypy testing setup, add pypy3 to CI.
Changelog:
New
Performance improvements, including:
Rendering graphics for Windows users by using Off-Main-Threa
Painting (OMTP)
Loading pages faster by changing how Firefox caches and retrieves
JavaScript
Improvements to Firefox Screenshots:
Copy and paste screenshots directly to your clipboard
Firefox Screenshots now works in Private Browsing mode
Added Nepali (ne-NP) locale
In case you missed it--57 Release privacy and performance feature:
Users can enable Tracking Protection at all times. Learn how to turn
Tracking Protection on.
Fixed
Fonts installed in non-standard directories will no longer appear
blank for Linux users
Various security fixes
Changed
User profiles created in Firefox 58 (and in future releases) are not
supported in previous versions of Firefox. Users who downgrade to
a previous version should create a new profile for that version.
Learn about alternatives to downgrading on our support site.
Added a warning to alert users and site owners of planned security
changes to sites affected by the gradual distrust plan for
the Symantec certificate authority
#CVE-2018-5091: Use-after-free with DTMF timers
#CVE-2018-5092: Use-after-free in Web Workers
#CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
#CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on
uninitialized memory
#CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
#CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
#CVE-2018-5098: Use-after-free while manipulating form input elements
#CVE-2018-5099: Use-after-free with widget listener
#CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are
freed from memory
#CVE-2018-5101: Use-after-free with floating first-letter style elements
#CVE-2018-5102: Use-after-free in HTML media elements
#CVE-2018-5103: Use-after-free during mouse event handling
#CVE-2018-5104: Use-after-free during font face manipulation
#CVE-2018-5105: WebExtensions can save and execute files on local file
system without user prompts
#CVE-2018-5106: Developer Tools can expose style editor information
cross-origin through service worker
#CVE-2018-5107: Printing process will follow symlinks for local file access
#CVE-2018-5108: Manually entered blob URL can be accessed by subsequent
private browsing tabs
#CVE-2018-5109: Audio capture prompts and starts with incorrect origin
attribution
#CVE-2018-5110: Cursor can be made invisible on OS X
#CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
#CVE-2018-5118: Activity Stream images can attempt to load local content
through file:
#CVE-2018-5119: Reader view will load cross-origin content in violation
of CORS headers
#CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar
#CVE-2018-5122: Potential integer overflow in DoCrypt
#CVE-2018-5090: Memory safety bugs fixed in Firefox 58
#CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
