Version 2.10.4 (2011-12-30)
---------------------------
- Fixed: the Environment class did not always return the correct script name
(#3603)
- Fixed: close the connection after sending a file to the browser (#3602)
- Fixed: the new Ajax cron trigger did not work in IE8 due to missing
Date.now() support (#3681)
- Fixed: do not block ressources required by the Google website preview in the
robots.txt file (#3688)
- Fixed: correctly update the cache after a new template has been created
(#3676)
- Fixed: correctly handle HTML comments in inline JavaScripts (#3696)
- Fixed: get the next autoincrement ID when importing a theme so deleted
themes can be restored (#3604)
- Fixed a few minor issues
* Consume all stdin when rcs_receive short-circuits, to avoid git SIGPIPE race.
* Add path and path_natural sort orders (smcv)
* Test coverage can be checked with make coverage (smcv)
* tag: encode categories using numeric values. (tango)
Fixed in Firefox 3.6.24
MFSA 2011-49 Memory corruption while profiling using Firebug
MFSA 2011-47 Potential XSS against sites using Shift-JIS
MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch)
Fixed in Firefox 3.6.23
MFSA 2011-40 Code installation through holding down Enter
MFSA 2011-39 Defense against multiple Location headers due to CRLF Injection
MFSA 2011-38 XSS via plugins and shadowed window.location object
MFSA 2011-37 Integer underflow when using JavaScript RegExp
MFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)
* let DISTNAME to sync with base pkg version.
* DISTINFO_FILE is not overwrite by php/ext.mk, so no need to set here.
* reset DIST_SUBDIR, to share DISTFILES with base package.
3.1.12
* Compatibility with the mathn library (thanks to Thomas Walpole).
* Fix some infinite loops with mixins that were previously uncaught.
* Catch infinite @import loops.
* Fix a deprecation warning in sass --update and --watch (thanks to Marcel
Köppen).
* Don’t make $important a special pre-initialized variable.
* Fix exponential parsing time of certain complex property values and
selectors.
* Properly merge @media directives with comma-separated queries.
E.g.
@media foo, bar { @media baz { ... } } now becomes
@media foo and baz, bar and baz { ... }.
Drop ${PHP_BASE_VARS} from PKGVERSION by default.
It used to be required to support multiple php version.
But after PHP version based ${PHP_PKG_PREFIX} was introduced,
such trick is not required anymore.
In addition to this, such version name schme invokes unwanted version bump
when base php version is bumped, plus, such version scheme is hard to
use for DEPENDS pattern.
To avoid downgrading of package using such legacy version scheme,
PECL_LEGACY_VERSION_SCHEME is introduced.
If it is defined, current version scheme is still used for currently
supported PHP version (5 and 53), but instead of ${PHP_BASE_VARS},
current fixed PHP base version in pkgsrc is used to avoid unwanted version bump
from update of PHP base package.
With newer PHP (54, or so on), new version scheme will be used if
it is defined.
This trick will not be required and should be removed after php5 and php53 will
be gone away from pkgsrc.
Changes from previous:
----------------------
1.3090 13.12.2011
** Codename: Hornburg of Hannover // Stefan Hornburg (racke) **
[ BUG FIXES ]
* GH #685: Set VERSION for Dancer::Plugin::Ajax.
(Sawyer X, Naveed Massjouni)
[ DOCUMENTATION ]
* GH #694: Typo fix. (Yanick Champoux)
* GH #698: Document further TT init options. (Dennis Lichtenthaeler)
* GH #709: Update POD documentation regarding hook. (Stefan Hornburg)
1.3089_01 26.11.2011
[ BUG FIXES ]
* Fix bug that made system() fail with -1 under Dancer (felixdo).
* Support for 'content_type' option on send_file when sending a
system wide file (Emmanuel Rodriguez).
* Support HTTP_X_FORWARDED_HOST in behing proxy (Ipaponov).
* Deserialize PATCH requests (Sam Kington).
* Encode log messages properly if charset UTF-8 is set (David Precious,
thanks to Penfold for the fix & MiklerGM for reporting).
[ ENHANCEMENTS ]
* Continuations-style exception system! (Damien Krotkine).
* The ability for dancer_response to send file contents for file uploads
as a scalar, instead of reading from file on disk (Squeeks).
[ DOCUMENTATION ]
* Clean up "plack_middlewares" example in docs (Richard Simões).
Changes from previous:
----------------------
2.37 2011-12-10 00:00:00
- Welcome to the Mojolicious core team Marcus Ramberg, Glen Hinkle
and Abhijit Menon-Sen.
- Removed cleanup_interval attribute from Mojo::IOLoop.
- Deprecated Mojo::IOLoop->timeout in favor of
Mojo::IOLoop::Stream->timeout.
- Added EXPERIMENTAL timeout event to Mojo::IOLoop::Stream.
- Added EXPERIMENTAL timeout attribute to Mojo::IOLoop::Stream.
- Changed default keep alive timeout of Mojo::UserAgent from 15 to 20
seconds.
- Improved documentation.
- Improved unicode tests.
- Fixed inline template double encoding bug.
2.36 2011-12-05 00:00:00
- Changed default heartbeat timeout of Hypnotoad from 5 to 10
seconds.
- Improved documentation.
- Fixed default keep alive timeout of Hypnotoad.
2.35 2011-12-01 00:00:00
- Added EXPERIMENTAL etag method to Mojo::Headers.
- Improved documentation.
- Fixed one-byte payload bug in Mojo::Transaction::WebSocket. (tinx)
- Fixed body event in Mojo::Content to work more reliably in CGI
environments.
- Fixed small portability issue in loader test.
2.34 2011-11-28 00:00:00
- Added "websocket.pl" to example scripts.
- Improved documentation.
- Fixed small bugs in example scripts.
2.33 2011-11-28 00:00:00
- Improved Mojo::EventEmitter performance slightly.
- Improved documentation.
- Fixed a few small inline template issues.
- Fixed small WebSocket handshake bug.
2.32 2011-11-24 00:00:00
- Added EXPERIMENTAL error event to Mojo::IOWatcher.
- Updated jQuery to version 1.7.1.
- Improved Mojo::IOLoop performance by changing the default cleanup
interval from 0 to 0.025 seconds.
- Improved documentation.
2.31 2011-11-21 00:00:00
- Improved stacktraces by making them a lot simpler.
- Improved documentation.
- Improved tests.
2.30 2011-11-20 00:00:00
- Deprecated Mojo::IOLoop->on_lock in favor of Mojo::IOLoop->lock.
- Deprecated Mojo::IOLoop->on_unlock in favor of
Mojo::IOLoop->unlock.
2.29 2011-11-19 00:00:00
- Deprecated Mojolicious->on_process in favor of around_dispatch
hook.
- Added EXPERIMENTAL emit_chain method to Mojolicious::Plugins.
(Akron, sri)
- Added EXPERIMENTAL around_dispatch hook.
- Fixed small bug in boundary and charset methods of Mojo::Content.
2.28 2011-11-18 00:00:00
- Improved documentation.
- Fixed small IPv6 portabilty issue in Mojo::IOLoop::Client.
2.27 2011-11-16 00:00:00
- Deprecated Mojo::IOLoop->connect in favor of Mojo::IOLoop->client.
- Deprecated Mojo::IOLoop->listen in favor of Mojo::IOLoop->server.
- Deprecated Mojo::IOLoop->connection_timeout in favor of
Mojo::IOLoop->timeout.
- Deprecated Mojo::IOLoop->write in favor of
Mojo::IOLoop::Stream->write.
- Deprecated Mojo::IOLoop->connect_timeout in favor of timeout
argument.
- Deprecated on_* methods in Mojo::IOLoop.
- Removed Mojo::IOLoop::Resolver.
- Added EXPERIMENTAL connect_timeout attribute to Mojo::UserAgent.
- Added EXPERIMENTAL is_readable method to Mojo::IOLoop::Stream.
- Added EXPERIMENTAL charset method to Mojo::Content.
- Added EXPERIMENTAL write event to Mojo::IOLoop::Stream.
- Added EXPERIMENTAL connection event to Mojo::Transaction.
- Improved documentation.
- Improved CSS of some built-in templates.
- Fixed many small memory leaks.
- Fixed multiple drain callback bugs.
- Fixed small attribute selector bug in Mojo::DOM::CSS. (tladesignz)
2.26 2011-11-10 00:00:00
- Added EXPERIMENTAL upgrade event to Mojo::Asset::Memory.
- Added EXPERIMENTAL upgrade event to Mojo::Transaction::HTTP.
- Added EXPERIMENTAL auto_upgrade attribute to Mojo::Asset::Memory.
- Improved Mojo::Content::Single and Mojo::Content::MultiPart parsers
to reuse events.
- Improved documentation.
- Fixed small route caching bug.
2.25 2011-11-08 00:00:00
- Removed canonicalize method from Mojo::URL.
- Improved documentation.
- Fixed URL without scheme handling in Mojo::URL.
- Fixed a few small bugs in Mojo::URL.
2.24 2011-11-05 00:00:00
- Added EXPERIMENTAL canonicalize method to Mojo::URL.
- Improved documentation.
- Fixed small path canonicalization bug in Mojo::URL.
- Fixed small trailing slash bug in Mojo::Path.
2.23 2011-11-04 00:00:00
- Changed semantics of get_line function in Mojo::Util.
- Removed experimental status from Mojo::Util.
- Updated jQuery to version 1.7.
- Improved documentation.
- Improved empty path element handling in Mojo::URL.
- Fixed empty path element bug in Mojo::Path.
2.22 2011-11-03 00:00:00
- Added EXPERIMENTAL --verbose flag to routes command.
- Improved documentation.
- Fixed a few attribute without value selector bugs in
Mojo::DOM::CSS.
- Fixed template inheritance bug in Mojolicious::Renderer.
2.21 2011-11-02 00:00:00
- Removed profile helper.
- Removed CSS4 selector subject support from Mojo::DOM::CSS until we
actually know the exact semantics.
- Improved Mojo::ByteStream to generate most Mojo::Util based methods
automatically.
- Fixed route pattern bug.
- Fixed bug in "user_agent.t".
2.20 2011-11-01 00:00:00
- Changed semantics of almost all functions in Mojo::Util.
- Documentation improvements.
2.19 2011-10-31 00:00:00
- Deprecated Mojolicious::Plugins->add_hook in favor of
Mojolicious::Plugins->on.
- Deprecated Mojolicious::Plugins->run_hook in favor of
Mojolicious::Plugins->emit_hook.
- Deprecated Mojolicious::Plugins->run_hook_reverse in favor of
Mojolicious::Plugins->emit_hook_reverse.
- Improved documentation.
- Improved tests.
2.18 2011-10-30 00:00:00
- Improved documentation.
- Fixed small rendering bug.
2.17 2011-10-30 00:00:00
- Fixed bug in "user_agent.t".
2.16 2011-10-30 00:00:00
- Removed experimental status from Mojo::EventEmitter.
- Merged unsubscribe and unsubscribe_all methods in
Mojo::EventEmitter.
- Improved documentation.
2.15 2011-10-29 00:00:00
- Deprecated Mojolicious::Controller->on_finish in favor of
Mojolicious::Controller->on.
- Removed Mojolicious::Controller->on_message, you can now use
Mojolicious::Controller->on instead.
$c->on(message => sub {...})
- Added EXPERIMENTAL message event to Mojo::Log.
- Improved documentation.
2.14 2011-10-29 00:00:00
- Deprecated Mojo::DOM->new with arguments.
- Renamed Mojo::IOLoop::Trigger to Mojo::IOLoop::Delay.
- Renamed watch method in Mojo::IOWatcher to change.
- Renamed io method in Mojo::IOWatcher to watch.
- Renamed cancel method in Mojo::IOWatcher to drop_timer.
- Renamed remove method in Mojo::IOWatcher to drop_handle.
- Added EXPERIMENTAL --verbose flag to test command.
2.13 2011-10-28 00:00:00
- Removed experimental status from many classes, methods, attributes
and functions.
- Removed before_render hook.
- Removed Mojolicious::Plugin::CallbackCondition.
- Improved documentation.
2.12 2011-10-27 00:00:00
- Added EXPERIMENTAL cleanup_interval attribute to Mojo::IOLoop.
- Added EXPERIMENTAL max_leftover_size attribute to Mojo::Content.
- Replaced handle method in Mojo::IOLoop with stream method.
- Replaced writing and not_writing methods in Mojo::IOWatcher with
watch method.
- Replaced is_finished method in Mojo::IOLoop::Stream with is_writing
method.
- Replaced add method in Mojo::IOWatcher with io method.
- Reduced memory usage of Mojo::Headers significantly.
- Fixed finish event timing in Mojo::Server::Daemon.
= 1.3.1 / Not Yet Released
* Support adding more than one callback to the stream object. (Konstantin
Haase)
= 1.3.0 / 2011-09-30
* Added `stream` helper method for easily creating streaming APIs, Server
Sent Events or even WebSockets. See README for more on that topic.
(Konstantin Haase)
* If a HTTP 1.1 client is redirected from a different verb than GET, use 303
instead of 302 by default. You may still pass 302 explicitly. Fixes AJAX
redirects in Internet Explorer 9 (to be fair, everyone else is doing it
wrong and IE is behaving correct). (Konstantin Haase)
* Added support for HTTP PATCH requests. (Konstantin Haase)
* Use rack-protection to defend against common opportunistic attacks.
(Josh Lane, Jacob Burkhart, Konstantin Haase)
* Support for Creole templates, Creole is a standardized wiki markup,
supported by many wiki implementations. (Konstanin Haase)
* The `erubis` method has been deprecated. If Erubis is available, Sinatra
will automatically use it for rendering ERB templates. `require 'erb'`
explicitly to prevent that behavior. (Magnus Holm, Ryan Tomayko, Konstantin
Haase)
* Patterns now match against the escaped URLs rather than the unescaped
version. This makes Sinatra confirm with RFC 2396 section 2.2 and RFC 2616
section 3.2.3 (escaped reserved characters should not be treated like the
unescaped version), meaning that "/:name" will also match `/foo%2Fbar`, but
not `/foo/bar`. To avoid incompatibility, pattern matching has been
adjusted. Moreover, since we do no longer need to keep an unescaped version
of path_info around, we handle all changes to `env['PATH_INFO']` correctly.
(Konstantin Haase)
* `settings.app_file` now defaults to the file subclassing `Sinatra::Base` in
modular applications. (Konstantin Haase)
* Set up `Rack::Logger` or `Rack::NullLogger` depending on whether logging
was enabled or not. Also, expose that logger with the `logger` helper
method. (Konstantin Haase)
* The sessions setting may be an options hash now. (Konstantin Haase)
* Important: Ruby 1.8.6 support has been dropped. This version also depends
on at least Rack 1.3.0. This means that it is incompatible with Rails prior
to 3.1.0. Please use 1.2.x if you require an earlier version of Ruby or
Rack, which we will continue to supply with bug fixes. (Konstantin Haase)
* Renamed `:public` to `:public_folder` to avoid overriding Ruby's built-in
`public` method/keyword. `set(:public, ...)` is still possible but shows a
warning. (Konstantin Haase)
* It is now possible to use a different target class for the top level DSL
(aka classic style) than `Sinatra::Application` by setting
`Delegator.target`. This was mainly introduced to ease testing. (Konstantin
Haase)
* Error handlers defined for an error class will now also handle subclasses
of that class, unless more specific error handlers exist. (Konstantin
Haase)
* Error handling respects Exception#code, again. (Konstantin Haase)
* Changing a setting will merge hashes: `set(:x, :a => 1); set(:x :b => 2)`
will result in `{:a => 1, :b => 2}`. Use `set(:x, {:a => 1}, true)` to
avoid this behavior. (Konstantin Haase)
* Added `request.accept?` and `request.preferred_type` to ease dealing with
`Accept` headers. (Konstantin Haase)
* Added `:static_cache_control` setting to automatically set cache control
headers to static files. (Kenichi Nakamura)
* Added `informal?`, `success?`, `redirect?`, `client_error?`,
`server_error?` and `not_found?` helper methods to ease dealing with status
codes. (Konstantin Haase)
* Uses SecureRandom to generate default session secret. (Konstantin Haase)
* The `attachment` helper will set Content-Type (if it hasn't been set yet)
depending on the supplied file name. (Vasiliy Ermolovich)
* Conditional requests on `etag` helper now work properly for unsafe HTTP
methods. (Matthew Schinckel, Konstantin Haase)
* The `last_modified` helper does not stop execution and change the status code
if the status code is something different than 200. (Konstantin Haase)
* Added support for If-Unmodified-Since header. (Konstantin Haase)
* `Sinatra::Base.run!` now prints to stderr rather than stdout. (Andrew
Armenia)
* `Sinatra::Base.run!` takes a block allowing access to the Rack handler.
(David Waite)
* Automatic `app_file` detection now works in directories containing brackets
(Konstantin Haase)
* Exception objects are now passed to error handlers. (Konstantin Haase)
* Improved documentation. (Emanuele Vicentini, Peter Higgins, Takanori
Ishikawa, Konstantin Haase)
* Also specify charset in Content-Type header for JSON. (Konstantin Haase)
* Rack handler names will not be converted to lower case internally, this
allows you to run Sinatra with custom Rack handlers, like Kirk or Mongrel2.
Example: `ruby app.rb -s Mongrel2` (Konstantin Haase)
* Ignore `to_ary` on response bodies. Fixes compatibility to Rails 3.1.
(Konstantin Haase)
* Middleware setup is now distributed across multiple methods, allowing
Sinatra extensions to easily hook into the setup process. (Konstantin
Haase)
* Internal refactoring and minor performance improvements. (Konstantin Haase)
* Move Sinatra::VERSION to separate file, so it can be checked without
loading Sinatra. (Konstantin Haase)
* Command line options now complain if value passed to `-p` is not a valid
integer. (Konstantin Haase)
* Fix handling of broken query params when displaying exceptions. (Luke
Jahnke)
3.1.11
* Allow control directives (such as @if) to be nested beneath properties.
* Allow property names to begin with a hyphen followed by interpolation
(e.g. -#{...}).
* Fix a parsing error with interpolation in comma-separated lists.
* Make --cache-store with with --update.
* Properly report ArgumentErrors that occur within user-defined functions.
* Don’t crash on JRuby if the underlying Java doesn’t support every Unicode
encoding.
* Add new updated_stylesheet callback, which is run after each stylesheet has
been successfully compiled. Thanks to Christian Peters.
* Allow absolute paths to be used in an importer with a different root.
* Don’t destructively modify the options when running
Sass::Plugin.force_update.
Deprecations – Must Read!
* The updating_stylesheet is deprecated and will be removed in a future
release. Use the new updated_stylesheet callback instead.
3.1.10
* Fix another aspect of the 3.1.8 regression relating to +.
3.1.9
* Fix a regression in 3.1.8 that broke the + combinator in selectors.
* Deprecate the loud-comment flag when used with silent comments
(e.g. //!). Using it with multi-line comments (e.g. /*!) still works.
3.1.8
* Deprecate parent selectors followed immediately by identifiers
(e.g. &foo). This should never have worked, since it violates the rule of &
only being usable where an element selector would.
* Add a --force option to the sass executable which makes --update always
compile all stylesheets, even if the CSS is newer.
* Disallow semicolons at the end of @import directives in the indented syntax.
* Don’t error out when being used as a library without requiring fileutil.
* Don’t crash when Compass-style sprite imports are used with
StalenessChecker (thanks to Matthias Bauer).
* The numeric precision of numbers in Sass can now be set using the
--precision option to the command line. Additionally, the default number of
digits of precision in Sass output can now be changed by setting
Sass::Script::Number.precision to an integer (defaults to 3). Since this
value can now be changed, the PRECISION constant in Sass::Script::Number has
been deprecated. In the unlikely event that you were using it in your code,
you should now use Sass::Script::Number.precision_factor instead.
* Don’t crash when running sass-convert with selectors with two commas in a
row.
* Explicitly require Ruby >= 1.8.7 (thanks Eric Mason).
* Properly validate the nesting of elements in imported stylesheets.
* Properly compile files in parent directories with --watch and --update.
* Properly null out options in mixin definitions before caching them. This
fixes a caching bug that has been plaguing some Rails 3.1 users.
=== 2.3.2
* Bug fix
* Finish connections that were closed by Net::HTTP so they can be restarted.
=== 2.3.1 / 2011-10-26
* Bug fix
* If a request object already contains a Connection header it will no longer
be overridden. This allows keep-alive connections to be disabled on a
per-request basis.
=== 2.3 / 2011-10-25
* Minor Enhancement
* The time since last use for a connection is now recorded in error
messages for the connection.
=== 2.2 / 2011-10-24
* Minor Enhancements
* Added timeouts for idle connections which are set through #idle_timeout.
The default timeout is 5 seconds. Reducing the idle timeout is preferred
over setting #retry_change_requests to true if you wish to avoid the "too
many connection resets" error when POSTing data.
* Documented tunables and settings in one place in Net::HTTP::Persistent
=== 2.1 / 2011-09-19
* Minor Enhancement
* For HTTPS connections, SSL sessions are now reused avoiding the extra
round trips and computations of extra SSL handshakes. If you have
problems with SSL session reuse it can be disabled by
Net::HTTP::Persistent#reuse_ssl_sessions
* Bug Fixes
* The default certificate store is now used even if #verify_mode was not
set. Issue #7, Pull Request #8 by Matthew M. Boedicker
## 2.3.0
* Several speed/memory improvements
* Numerous bug fixes
* Added support for MRI 1.9, Rubinius, and JRuby
* Added support for integer drop parameters
* Added epoch support to `date` filter
* New `raw` tag that suppresses parsing
* Added `else` option to `for` tag
* New `increment` tag
* New `split` filter
## 2.2.1 / 2010-08-23
* Added support for literal tags
This is current stable release of Drupal.
Drupal is software that allows an individual or a community of users to easily
publish, manage and organize a great variety of content on a website. Tens of
thousands of people and organizations have used Drupal to set up scores of
different kinds of web sites, including
* community web portals and discussion sites
* corporate web sites/intranet portals
* personal web sites
* aficionado sites
* e-commerce applications
* resource directories
Drupal includes features to enable:
* content management systems
* blogs
* collaborative authoring environments
* forums
* newsletters
* picture galleries
* file uploads and download
== 1.3.1 Triple Espresso
* Fix service not working pre 1.9.
== 1.3.0 Double Espresso
* BREAKING CHANGE: Thin no longer ships with fat Windows binaries.
From now on, to install on Windows, install https://github.com/oneclick/rubyinstaller/wiki/Development-Kit.
* BREAKING CHANGE: Remove automatic Content-Length setting.
It is now the responsibility of the app (or a middleware) to set the Content-Length.
* Log errors to STDERR [textgoeshere]
* Shut down gracefully when receiving SIGTERM [ddollar]
Processes are allowed a chance to shut down gracefully when receiving
SIGTERM (http://en.wikipedia.org/wiki/SIGTERM).
On Heroku, when shutting down a process, we send a SIGTERM followed 10
seconds later with a SIGKILL, similar to the behavior of the init daemon
on most Unix systems. This patch will allow Heroku apps to shut down
gracefully when they need to be terminated / moved.
## Rails 3.1.1 (October 7, 2011) ##
* No changes
## Rails 3.1.0 (August 30, 2011) ##
* The default format has been changed to JSON for all requests. If you want to continue to use XML you will need to set `self.format = :xml` in the class. eg.
class User < ActiveResource::Base
self.format = :xml
end
## Rails 3.1.3 (unreleased) ##
* Downgrade sprockets to ~> 2.0.3. Using 2.1.0 caused regressions.
* Fix using `tranlate` helper with a html translation which uses the `:count` option for
pluralization.
*Jon Leighton*
## Rails 3.1.2 (unreleased) ##
* Fix XSS security vulnerability in the `translate` helper method. When using interpolation
in combination with HTML-safe translations, the interpolated input would not get HTML
escaped. *GH 3664*
Before:
translate('foo_html', :something => '<script>') # => "...<script>..."
After:
translate('foo_html', :something => '<script>') # => "...<script>..."
*Sergey Nartimov*
* Upgrade sprockets dependency to ~> 2.1.0
* Ensure that the format isn't applied twice to the cache key, else it becomes impossible
to target with expire_action.
*Christopher Meiklejohn*
* Swallow error when can't unmarshall object from session.
*Bruno Zanchet*
* Implement a workaround for a bug in ruby-1.9.3p0 where an error would be raised
while attempting to convert a template from one encoding to another.
Please see http://redmine.ruby-lang.org/issues/5564 for details of the bug.
The workaround is to load all conversions into memory ahead of time, and will
only happen if the ruby version is *exactly* 1.9.3p0. The hope is obviously that
the underlying problem will be resolved in the next patchlevel release of
1.9.3.
*Jon Leighton*
* Ensure users upgrading from 3.0.x to 3.1.x will properly upgrade their flash object in session (issues #3298 and #2509)
## Rails 3.1.1 (October 7, 2011) ##
* stylesheet_link_tag('/stylesheets/application') and similar helpers doesn't
throw Sprockets::FileOutsidePaths exception anymore *Santiago Pastorino*
* Ensure default_asset_host_protocol is respected, closes#2980. *Jos«± Valim*
Changing rake db:schema:dump to run :environment as well as :load_config,
as running :load_config alone will lead to the dumper being run without
including extensions such as those included in foreigner and
spatial_adapter.
This reverses a change made here:
5df72a238e (L0L324)
I'm assuming here that :load_config needs to be invoked
separately from :environment, as it is elsewhere in the
file for db operations, if not the alternative is to go
back to "task :dump => :environment do".
*Ben Woosley*
* Update to rack-cache 1.1.
Versions prior to 1.1 delete the If-Modified-Since and If-Not-Modified
headers when config.action_controller.perform_caching is true. This has two
problems:
* unexpected inconsistent behaviour between development &
production environments
* breaks applications that use of these headers
*Brendan Ribera*
* Ensure that enhancements to assets:precompile task are only run once *Sam Pohlenz*
* TestCase should respect the view_assigns API instead of pulling variables on
its own. *Jos«± Valim*
* javascript_path and stylesheet_path now refer to /assets if asset pipelining
is on. *Santiago Pastorino*
* button_to support form option. Now you're able to pass for example
'data-type' => 'json'. *ihower*
* image_path and image_tag should use /assets if asset pipelining is turned
on. Closes#3126 *Santiago Pastorino and christos*
* Avoid use of existing precompiled assets during rake assets:precompile run.
Closes#3119 *Guillermo Iguaran*
* Copy assets to nondigested filenames too *Santiago Pastorino*
* Give precedence to `config.digest = false` over the existence of
manifest.yml asset digests *christos*
* escape options for the stylesheet_link_tag method *Alexey Vakhov*
* Re-launch assets:precompile task using (Rake.)ruby instead of Kernel.exec so
it works on Windows *cablegram*
* env var passed to process shouldn't be modified in process method. [Santiago
Pastorino]
* `rake assets:precompile` loads the application but does not initialize
it.
To the app developer, this means configuration add in
config/initializers/* will not be executed.
Plugins developers need to special case their initializers that are
meant to be run in the assets group by adding :group => :assets. *Jos«± Valim*
* Sprockets uses config.assets.prefix for asset_path *asee*
* FileStore key_file_path properly limit filenames to 255 characters. *phuibonhoa*
* Fix Hash#to_query edge case with html_safe strings. *brainopia*
* Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation.
Useful for linking assets from static html files or from emails when the user
could probably look at an older html email with an older asset. *Santiago Pastorino*
* Don't mount Sprockets server at config.assets.prefix if config.assets.compile is false. *Mark J. Titorenko*
* Set relative url root in assets when controller isn't available for Sprockets (eg. Sass files using asset_path). Fixes#2435 *Guillermo Iguaran*
* Fix basic auth credential generation to not make newlines. GH #2882
* Fixed the behavior of asset pipeline when config.assets.digest and config.assets.compile are false and requested asset isn't precompiled.
Before the requested asset were compiled anyway ignoring that the config.assets.compile flag is false. *Guillermo Iguaran*
* CookieJar is now Enumerable. Fixes#2795
* Fixed AssetNotPrecompiled error raised when rake assets:precompile is compiling certain .erb files. See GH #2763#2765#2805 *Guillermo Iguaran*
* Manifest is correctly placed in assets path when default assets prefix is changed. Fixes#2776 *Guillermo Iguaran*
* Fixed stylesheet_link_tag and javascript_include_tag to respect additional options passed by the users when debug is on. *Guillermo Iguaran*
* Fix ActiveRecord#exists? when passsed a nil value
* Fix assert_select_email to work on multipart and non-multipart emails as the method stopped working correctly in Rails 3.x due to changes in the new mail gem.
## Rails 3.1.0 (August 30, 2011) ##
* Param values are `paramified` in controller tests. *David Chelimsky*
* x_sendfile_header now defaults to nil and config/environments/production.rb doesn't set a particular value for it. This allows servers to set it through X-Sendfile-Type. *Santiago Pastorino*
* The submit form helper does not generate an id "object_name_id" anymore. *fbrusatti*
* Make sure respond_with with :js tries to render a template in all cases *Jos«± Valim*
* json_escape will now return a SafeBuffer string if it receives SafeBuffer string *tenderlove*
* Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string *Prem Sichanugrist*
* Fix escape_js to work correctly with the new SafeBuffer restriction *Paul Gallagher*
* Brought back alternative convention for namespaced models in i18n *thoefer*
Now the key can be either "namespace.model" or "namespace/model" until further deprecation.
* It is prohibited to perform a in-place SafeBuffer mutation *tenderlove*
The old behavior of SafeBuffer allowed you to mutate string in place via
method like `sub!`. These methods can add unsafe strings to a safe buffer,
and the safe buffer will continue to be marked as safe.
An example problem would be something like this:
<%= link_to('hello world', @user).sub!(/hello/, params[:xss]) %>
In the above example, an untrusted string (`params[:xss]`) is added to the
safe buffer returned by `link_to`, and the untrusted content is successfully
sent to the client without being escaped. To prevent this from happening
`sub!` and other similar methods will now raise an exception when they are called on a safe buffer.
In addition to the in-place versions, some of the versions of these methods which return a copy of the string will incorrectly mark strings as safe. For example:
<%= link_to('hello world', @user).sub(/hello/, params[:xss]) %>
The new versions will now ensure that *all* strings returned by these methods on safe buffers are marked unsafe.
You can read more about this change in http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2e516e7acc96c4fb
* Warn if we cannot verify CSRF token authenticity *Jos«± Valim*
* Allow AM/PM format in datetime selectors *Aditya Sanghi*
* Only show dump of regular env methods on exception screen (not all the rack crap) *DHH*
* auto_link has been removed with no replacement. If you still use auto_link
please install the rails_autolink gem:
http://github.com/tenderlove/rails_autolink
*tenderlove*
* Added streaming support, you can enable it with: *Jos«± Valim*
class PostsController < ActionController::Base
stream :only => :index
end
Please read the docs at `ActionController::Streaming` for more information.
* Added `ActionDispatch::Request.ignore_accept_header` to ignore accept headers and only consider the format given as parameter *Jos«± Valim*
* Created `ActionView::Renderer` and specified an API for `ActionView::Context`, check those objects for more information *Jos«± Valim*
* Added `ActionController::ParamsWrapper` to wrap parameters into a nested hash, and will be turned on for JSON request in new applications by default *Prem Sichanugrist*
This can be customized by setting `ActionController::Base.wrap_parameters` in `config/initializer/wrap_parameters.rb`
* RJS has been extracted out to a gem. *fxn*
* Implicit actions named not_implemented can be rendered. *Santiago Pastorino*
* Wildcard route will always match the optional format segment by default. *Prem Sichanugrist*
For example if you have this route:
map '*pages' => 'pages#show'
by requesting '/foo/bar.json', your `params[:pages]` will be equals to "foo/bar" with the request format of JSON. If you want the old 3.0.x behavior back, you could supply `:format => false` like this:
map '*pages' => 'pages#show', :format => false
* Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call *DHH*
class PostsController < ApplicationController
USER_NAME, PASSWORD = "dhh", "secret"
before_filter :authenticate, :except => [ :index ]
def index
render :text => "Everyone can see me!"
end
def edit
render :text => "I'm only accessible if you know the password"
end
private
def authenticate
authenticate_or_request_with_http_basic do |user_name, password|
user_name == USER_NAME && password == PASSWORD
end
end
end
..can now be written as
class PostsController < ApplicationController
http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index
def index
render :text => "Everyone can see me!"
end
def edit
render :text => "I'm only accessible if you know the password"
end
end
* Allow you to add `force_ssl` into controller to force browser to transfer data via HTTPS protocol on that particular controller. You can also specify `:only` or `:except` to specific it to particular action. *DHH and Prem Sichanugrist*
* Allow FormHelper#form_for to specify the :method as a direct option instead of through the :html hash *DHH*
form_for(@post, remote: true, method: :delete) instead of form_for(@post, remote: true, html: { method: :delete })
* Make JavaScriptHelper#j() an alias for JavaScriptHelper#escape_javascript() -- note this then supersedes the Object#j() method that the JSON gem adds within templates using the JavaScriptHelper *DHH*
* Sensitive query string parameters (specified in config.filter_parameters) will now be filtered out from the request paths in the log file. *Prem Sichanugrist, fxn*
* URL parameters which return false for to_param now appear in the query string (previously they were removed) *Andrew White*
* URL parameters which return nil for to_param are now removed from the query string *Andrew White*
* ActionDispatch::MiddlewareStack now uses composition over inheritance. It is
no longer an array which means there may be methods missing that were not
tested.
* Add an :authenticity_token option to form_tag for custom handling or to omit the token (pass :authenticity_token => false). *Jakub Ku«õma, Igor Wiedler*
* HTML5 button_tag helper. *Rizwan Reza*
* Template lookup now searches further up in the inheritance chain. *Artemave*
* Brought back config.action_view.cache_template_loading, which allows to decide whether templates should be cached or not. *Piotr Sarnacki*
* url_for and named url helpers now accept :subdomain and :domain as options, *Josh Kalderimis*
* The redirect route method now also accepts a hash of options which will only change the parts of the url in question, or an object which responds to call, allowing for redirects to be reused (check the documentation for examples). *Josh Kalderimis*
* Added config.action_controller.include_all_helpers. By default 'helper :all' is done in ActionController::Base, which includes all the helpers by default. Setting include_all_helpers to false will result in including only application_helper and helper corresponding to controller (like foo_helper for foo_controller). *Piotr Sarnacki*
* Added a convenience idiom to generate HTML5 data-* attributes in tag helpers from a :data hash of options:
tag("div", :data => {:name => 'Stephen', :city_state => %w(Chicago IL)})
# => <div data-name="Stephen" data-city-state="["Chicago","IL"]" />
Keys are dasherized. Values are JSON-encoded, except for strings and symbols. *Stephen Celis*
* Deprecate old template handler API. The new API simply requires a template handler to respond to call. *Jos«± Valim*
* :rhtml and :rxml were finally removed as template handlers. *Jos«± Valim*
* Moved etag responsibility from ActionDispatch::Response to the middleware stack. *Jos«± Valim*
* Rely on Rack::Session stores API for more compatibility across the Ruby world. This is backwards incompatible since Rack::Session expects #get_session to accept 4 arguments and requires #destroy_session instead of simply #destroy. *Jos«± Valim*
* file_field automatically adds :multipart => true to the enclosing form. *Santiago Pastorino*
* Renames csrf_meta_tag -> csrf_meta_tags, and aliases csrf_meta_tag for backwards compatibility. *fxn*
* Add Rack::Cache to the default stack. Create a Rails store that delegates to the Rails cache, so by default, whatever caching layer you are using will be used for HTTP caching. Note that Rack::Cache will be used if you use #expires_in, #fresh_when or #stale with :public => true. Otherwise, the caching rules will apply to the browser only. *Yehuda Katz, Carl Lerche*
Changes from previous:
----------------------
0.09 2011-04-29
- Fix documentation to point at the tutorial, rather than
old advent article.
- Link to Catalyst::ActionRole::ACL
- Tidy up examples to show the new authentication system
- fix check_* to always return scalar values,
even in list context (RT#66812)
Jetty provides an HTTP server, HTTP client, and javax.servlet
container. These components are open source and available for
commercial use and distribution.
Tested on NetBSD/i386 5.99.58 with lang/openjdk7
Rack::SSL
=========
Force SSL/TLS in your app.
1. Redirects all "http" requests to "https"
2. Set `Strict-Transport-Security` header
3. Flag all cookies as "secure"
* September 16, 2011: Eighteenth public release 1.2.4
* Fix a bug with MRI regex engine to prevent XSS by malformed unicode
* May 22nd, 2011: Thirteenth public release 1.3.0
* Various performance optimizations
* Various multipart fixes
* Various multipart refactors
* Infinite loop fix for multipart
* Test coverage for Rack::Server returns
* Allow files with '..', but not path components that are '..'
* rackup accepts handler-specific options on the command line
* Request#params no longer merges POST into GET (but returns the same)
* Use URI.encode_www_form_component instead. Use core methods for escaping.
* Allow multi-line comments in the config file
* Bug L#94 reported by Nikolai Lugovoi, query parameter unescaping.
* Rack::Response now deletes Content-Length when appropriate
* Rack::Deflater now supports streaming
* Improved Rack::Handler loading and searching
* Support for the PATCH verb
* env['rack.session.options'] now contains session options
* Cookies respect renew
* Session middleware uses SecureRandom.hex
* May 22nd, 2011: Fourteenth public release 1.2.3
* Pulled in relevant bug fixes from 1.3
* Fixed 1.8.6 support
* July 13, 2011: Fifteenth public release 1.3.1
* Fix 1.9.1 support
* Fix JRuby support
* Properly handle $KCODE in Rack::Utils.escape
* Make method_missing/respond_to behavior consistent for Rack::Lock,
Rack::Auth::Digest::Request and Rack::Multipart::UploadedFile
* Reenable passing rack.session to session middleware
* Rack::CommonLogger handles streaming responses correctly
* Rack::MockResponse calls close on the body object
* Fix a DOS vector from MRI stdlib backport
* July 16, 2011: Sixteenth public release 1.3.2
* Fix for Rails and rack-test, Rack::Utils#escape calls to_s
* September 16, 2011: Seventeenth public release 1.3.3
* Fix bug with broken query parameters in Rack::ShowExceptions
* Rack::Request#cookies no longer swallows exceptions on broken input
* Prevents XSS attacks enabled by bug in Ruby 1.8's regexp engine
* Rack::ConditionalGet handles broken If-Modified-Since helpers
* October 1, 2011: Nineteenth public release 1.3.4
* Backport security fix from 1.9.3, also fixes some roundtrip issues in URI
* Small documentation update
* Fix an issue where BodyProxy could cause an infinite recursion
* Add some supporting files for travis-ci
* October 17, 2011: Twentieth public release 1.3.5
* Fix annoying warnings caused by the backport in 1.3.4
- release: 2.7.0
date: 2011-04-01
enhancements:
- |
New option ':bufvar' supported to specify buffer variable name.
ex:
input = "Hello <%= name %>!"
eruby = Erubis::Eruby.new(input)
puts eruby.src
#=> _buf = ''; _buf << "Hello "; _buf << ( name ).to_s; _buf << '!';
eruby = Erubis::Eruby.new(input, :bufvar=>'@_out')
puts eruby.src
#=> @_out = ''; @_out << 'Hello '; @_out << ( name ).to_s; @_out << '!';
- |
New enhancer 'PrefixedLineEnhancer' which is a customizable version
of PercentLineEnhancer.
The difference between PrefixedLineEnhancer and PercentLineEnhancer is:
* You can indent Ruby statetment lines starting with '%'
* You can specify prefix character by :prefixchar option.
ex:
class MyEruby < Erubis::Eruby
include Erubis::PrefixedLineEnhancer
end
input = <<END
<ul>
% for item in @items
<li><%= item %></li>
% end
%% you can indent '%' lines
</ul>
END
eruby = MyEruby.new(input, :prefixchar=>'%') # default '%'
puts eruby.src
output:
_buf = ''; _buf << '<ul>
'; for item in @items
_buf << ' <li>'; _buf << ( item ).to_s; _buf << '</li>
'; end
% you can indent '%' lines
_buf << '</ul>
';
_buf.to_s
- |
Add helper CGI script. See 'public_html/README.txt' for details.
- |
Rubinius is supported as first-class Ruby implementation.
- |
C++ support. Try '-l cpp' command-line option.
changes:
- |
Remove dependency to 'abstract' library.
You don't need to install 'abstract' gem.
- |
Erubis::Eruby#load_file() now sets cache file timestamp to the same
value as original eRuby file. For example, if you restore eRuby files
from backup, Erubis::Eruby#load_file() can detect it and generate
cache file again.
## generates cache file (A.rhtml.cache).
eruby = Erubis::Eruby.load_file('A.rhtml')
p File.mtime('A.rhtml') == File.mtime('A.rhtml.cache') #=> true
TYPO3 is a free Open Source content management system for enterprise
purposes on the web and in intranets. It offers full flexibility and
extendability while featuring an accomplished set of ready-made
interfaces, functions and modules.
This is TPYO3 4.6 based stable release.
Please refer release notes http://typo3.org/download/release-notes/typo3-46/
in detail.
Changes from previous:
----------------------
3.18 2011-01-24
- remove 3.17's test skip hacks, and bump Apache::Test prerequisite to v1.35
which fixes this issue.
- fix MANIFEST.SKIP to ignore generated t/conf/mime.types
- remove dist.ini, weaver.ini from dists
- fixed t/real.t to use correct -withtestmore import syntax
- rename sample authcookie handlers to Sample::Apache and Sample::Apache2
namespaces
3.17 2011-01-19
- skip the test suite if running as root. Apache::Test 1.34 fails the test
suite if running as root instead of skipping it. By skipping, AuthCookie can
be installed via CPAN.pm as root.
3.16 2011-01-19
- require Apache::Test 1.32 - fixes ubuntu build issue
- remove mod_perl/mod_perl2 related prereq's from META.yml. The correct mod
perl version is not known until Makefile.PL is run. CPAN.pm should not
try to install either one until it is known which one is appropriate.
(RT 64926)
3.15 2010-08-27
- enable Dist::Zilla Manifest plugin
- add FAQ
- add FAQ entry on how to protect an entire site/document root
- recognize_user: return DECLINED if user is already set
- refactor P3P header generation into send_p3p($r) so subclasses can overload it
3.14 2010-04-12
- MP2: doc updates: remove beta warnings, change Apache::AuthCookie to
Apache2::Authcookie where appopriate.
- docs: change my email to my cpan address
- docs: remove POST limitations reference (handled by POST to GET conversion)
- sign dist with Module::Signature
- add signature test
- MP1: perltidy Apache::AuthCookie sources.
- update mod_perl2 prereq version (still 2.0.0 RC5, but version number was
incorrect in Makefile.PL)
- use Dist::Zilla for building the dist
Concrete5 is a content management system (CMS) that can manage Web
applications, Web sites, stores, and forums. It allows individuals
involved with Web sites to easily manage their content and their
site structure. Concrete5's in-context editing is like working with
a wiki, and the extendable block support makes editing and extending
unique Web sites easy. The goal behind Concrete5 was always to
create a toolset that could be used by anyone with basic computer
skills to edit and add pages to a Web site.
Highlights:
* Easier Uploading
- File Type Detection - A single upload button
- Drag-and-Drop Media Uploader
* Dashboard Design
- New Toolbar in the dashboard, combining the Admin Bar and admin
header
- Responsive design for some screens, including iPad/tablet
support
- Flyout menus, providing single-click access to any screen
* New User Experience
- New feature pointers, helping users navigate new features
- Post-update About screen
- Dashboard welcome area for new installs
* Content Tools
- Better co-editing that releases post locks immediately
- Don't lose widgets when switching themes
- Tumblr Importer
* Under the Hood improvements
- Use the postname permalink structure without a performance
penalty
- Improved Editor API
- is_main_query() function and WP_Query method
- Remove a number of funky characters from post slugs
- jQuery 1.7.1 and jQuery UI 1.8.16
- A new Screen API for adding help documentation and adapting to
screen contexts
- Improved metadata API
* Performance improvements and hundreds of bug fixes
More changes at http://codex.wordpress.org/Version_3.3
== 0.6.1 / 2011-07-27
* Bug fixes
* Fix support for params with arrays in multipart forms (Joel Chippindale)
* Add respond_to? to Rack::Test::UploadedFile to match method_missing (Josh Nichols)
* Set the Referer header on requests issued by follow_redirect! (Ryan Bigg)
== 0.6.0 / 2011-05-03
* Bug fixes
* Add support for HTTP OPTIONS verb (Paolo "Nusco" Perrotta)
* Call #finish on MockResponses if it's available (Aaron Patterson)
* Allow HTTP_HOST to be set via #header (Geoff Buesing)
