Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
This package tracks 17.0.x extended support release.
Frozen-Flask freezes a Flask application into a set of static files.
The result can be hosted without any server-side software other
than a traditional web server.
Flask-Uploads provides flexible upload handling for Flask applications.
It lets you divide your uploads into sets that the application user
can publish separately.
Version 3.0.3 (2013-01-08)
--------------------------
### Fixed
Do not separate a style sheet with a font-face selector if the definition is
invisible or the media type of the style sheet is "all" (see #5216).
### Fixed
Looking for theme templates broke the install routine (see #5210).
### Fixed
Correctly handle empty newsletter channel selections.
Flask-SQLAlchemy is an extension for Flask that adds support for
SQLAlchemy to your application. It requires SQLAlchemy 0.6 or
higher. It aims to simplify using SQLAlchemy with Flask by providing
useful defaults and extra helpers that make it easier to accomplish
common tasks.
Flask-Login provides user session management for Flask. It handles
the common tasks of logging in, logging out, and remembering your
users' sessions over extended periods of time.
Werkzeug is a WSGI utility library for Python. It's widely used
and BSD licensed.
Werkzeug started as a simple collection of various utilities for
WSGI applications and has become one of the most advanced WSGI
utility modules. It includes a powerful debugger, fully featured
request and response objects, HTTP utilities to handle entity tags,
cache control headers, HTTP dates, cookie handling, file uploads,
a powerful URL routing system and a bunch of community contributed
addon modules.
It does Unicode and doesn't enforce a specific template engine,
database adapter or anything else. It doesn't even enforce a specific
way of handling requests and leaves all that up to the developer.
* Hungarian and Slovenian language files are added, too.
Version 3.0.2 (2013-01-07)
--------------------------
### Fixed
Throw an error if FileTree or PageTree widgets are left blank although they are
marked as mandatory in the DCA (see #5131).
### Fixed
Modules and Hybrids included via content element were shown even if the content
element was invisible or not published (see #5203).
### Fixed
Do not try to limit the template selection to a particular theme but show all
available themes instead (see #5095).
### Fixed
Correctly build the comments subscription confirmation URL (see #5201).
### Fixed
Update the database if a file is being uploaded in the front end (see #5137).
### Fixed
Do not send a 404 header if an enclosure is requested and cannot be find by a
module; there might be another module which can (see #5178).
### Fixed
Consider the `save_callback` of the password field in `tl_user` when a back end
user is forced to change his password (see #5138).
### Fixed
Random images now open in the lightbox if configured (see #5191).
### Fixed
Find e-mail addresse like `a@b.com` in `String::encodeEmail()` (see #5175).
### Fixed
Make sure there is a minimal MooTools core version for the command scheduler
(see #5195).
### Fixed
Made `Model::getPk()` and `Model::getTable()` static (see #5128).
### Fixed
Do not move resources in the file manager if the targets exist. Otherwise the
database might get out of sync with the file system (see #5145).
### Fixed
Convert automatically generated article alias names if the page uses folder URL
style alias names (see #5168).
### Fixed
The newsletter system did not yet handle file ID attachments (see #5118).
### Fixed
The gallery and downloads element now support using the user's home directory
again (see #5113).
### Fixed
Added an option to load models uncached (see #5102).
### Fixed
Added support for `CURRENT_DATE`, `CURRENT_TIME` and `CURRENT_TIMESTAMP` to the
database installer (see #5089).
### Fixed
Store the whole database row in `Calendar::addEvent()` so e.g. RSS feeds with
the event text instead of just the teaser are being rendered (see #5085).
### Fixed
Purge the internal cache after a module has been (de)activated (see #5016).
### Fixed
Do not cache the `system/cron/cron.txt` file (see #5105).
### Fixed
Do not create content elements for news and events which redirect to articles,
pages or external URLs during the version 3 update (see #5117).
### Fixed
Handle incorrectly closed indexer comments (see #5119).
### Fixed
The table content element did not assign the correct CSS class names when there
was only one row and one column (see #5140).
### Fixed
Consider the dynamic ptable when copying/deleting content elements (see #5041).
### Fixed
Scan templates in the autoload creator even if there are no classes (see #5158).
### Fixed
Corrected the main column margin when using the layout builder in combination
with the responsive grid (see #5170).
### Fixed
Consider the sorting order of external style sheets (see #5038).
### Fixed
The numeric file mounts of a user were overridden by the real paths (see #5083).
Version 2.11.8 (2013-01-07)
---------------------------
### Fixed
Make sure entered dates map to an existing date (see #5086).
### Fixed
Fixed the MySQLi field count (see #5182).
### Fixed
The Date class should return `00:00` for `Date(0)->time` (see #4249).
### Reverted
Handle dependencies when updating extensions (see #3804).
### Fixed
Fixed the unprefixed CSS gradient output (see #4569).
### Fixed
Fixed a small formatting issue in the Music Academy theme (see #5160).
### Fixed
Show all extensions in the log when updating multiple at once (see #5144).
### Fixed
Standardize RSS feed aliases (see #5096).
### Fixed
Make the `FileUpload` constructor public (see #5054).
### Fixed
Use `isset()` in the `Database::fetch*()` methods (see #4990).
### Fixed
Changed the `System::getReadableSize()` algorithm to powers of two (see #4283).
### Fixed
Removed Tahiti and the Netherlands Antilles from the countries list (see #3791).
### Fixed
Also adjust the `be_navigation.html5` template to the new "getUserNavigation"
hook changes (see #3411).
Tue Dec 25 16:16:30 CET 2012
Releasing libmicrohttpd 0.9.24. -CG
Tue Dec 18 21:18:11 CET 2012
Given both 'chunked' encoding and 'content-length',
ignore the 'content-length' header as per RFC. -ES
Thu Dec 6 10:14:44 CET 2012
Force adding "Connection: close" header to response if
client asked for connection to be closed (so far, we
did close the connection, but did not send the
"Connection: close" header explicitly, which some clients
seem to dislike. (See discussion on mailinglist).
Also, if there is already a transfer-encoding other
than 'chunked' set by the application, we also now close
the connection if the response is of unknown size. -CG
Wed Dec 5 19:22:26 CET 2012
Fixing parameter loss of POST parameters with IE8 and Chrome
in the PostProcessor as the code failed to properly handle
partial data. -MM
= Changes in 2.3.2 =
January 5, 2013 - version 2.3.2
* Changes
* #138 Revert Timeout change unintentionally included in v2.3.1. It's
reported that the change causes background processes not terminated
properly.
= Changes in 2.3.1 =
January 1, 2013 - version 2.3.1
* Changes
* #137 Signing key is expiring for cacert_sha1.p7s.
Deleted p7s signature check for default cacerts. Sorry for many troubles
in the past. This feature is not useful without having online/real-time
CA certs update but I don't think I can implement it in near future.
Users depend on this signature check (who puts cacert.p7s in R/W
filesystem and ssl_config.rb in R/O filesystem) should take care the
tampering by themself.
* Bug fixes
* #122 Support IPv6 address in URI
= Changes in 2.3.0 =
October 10, 2012 - version 2.3.0
* Features
* Added debug mode CLI. bin/httpclient is installed as CLI.
Usage: 1) % httpclient get https://www.google.co.jp/ q=ruby
Usage: 2) %httpclient
For 1) it issues a GET request to the given URI and shows the wiredump
and the parsed result. For 2) it invokes irb shell with the binding
that has a HTTPClient as 'self'. You can call HTTPClient instance
methods like;
> get "https://www.google.co.jp/", :q => :ruby
* #119 Addressable gem support (only if it exists); should handle IRI
properly.
* Bug fixes
* #115 Cookies couldn't work properly if the path in an URI is ommited.
* #112, #117 Proper handling of sized IO (the IO object that responds to
:size) for chunked POST. HTTPClient did read till EOF even if the
given IO has :size method.
* Handle '303 See Other' properly. RFC2616 says it should be redirected
with GET.
* #116 Fix "100-continue" support. It was just ignored.
* #118 Support for boolean values when making POST/PUT requests with
multiipart/form Content-Type.
* #110 Allows leading dots in no_proxy hostname suffixes.
---------------
- /usr/bin/env police
Upstream Changes:
-----------------
Version 1.9.6:
SECURITY HINT: make sure you have allow_xslt = False (or just do not use
allow_xslt at all in your wiki configs, False is the internal default).
Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.
HINT: Python >= 2.5 is maybe required! See docs/REQUIREMENTS for details.
Fixes:
* fix remote code execution vulnerability in twikidraw/anywikidraw action
* fix path traversal vulnerability in AttachFile action
* fix XSS issue, escape page name in rss link
* escape user- or admin-defined css url
* make taintfilename more secure
* use a constant time str comparison function to prevent timing attacks
* Attachment handler: catch all Zip-related errors
Version 1.9.5:
Fixes:
* Security fix: fix virtual group bug in ACL evaluation.
* Avoid crash if #refresh processing instruction is used without arguments.
* Fix issue with non-ASCII textchas.
* Xapian indexing: remove copy.copy() that crashed on Windows/IIS/isapi-wsgi
after page save.
* Fix dictionary file reading crash under Windows.
* Work around crash of AdvancedSearch macro rendering caused by non-ascii
mimetypes.types_map entries.
* Added migration script for moin 1.8.9.
* rss_rc: Fix diffs added in RSS with diffs=1 (now they correspond to item
listed in feed and not just last page diffs). Links generated with ddiffs=1
also fixed.
* rss_rc: fix double escaping issue.
* rss_rc: respect show_names configuration option.
* rss_rc: proper support of rename, revert, page creation.
* modern/modernized theme: fix padding/width for editor preview
* group/pagelinks formatters: avoid to create unnecessary output, redirect
output of send_page call with the groups formatter, it must not be written
to the output stream
* rst parser: fix include and macro directives
* wikisync: fix unicode pagename sending for python 2.7 httplib
New features:
* add a comment_required config option (default: False) to require a
non-empty comment when saving a page
* when a save error happens, show the editor again and highlight the error
* rss_rc: several new options added: lines parameter gives ability to set
maximum size of diffs showed in RSS. show_att parameter gives ability
to show information aboout attachment-related items in RSS. page parameter
gives ability to specify set of pages for which changes RSS feed should be
generated. Configuration of defaults and limits can now be done via wiki
configuration mechanism.
* As soon as it is now possible to provide RSS for page change history,
appropriate alternate link is now added for every page (controlled by
rss_show_page_history_link configuration parameter).
* Search: "no_highlight:" search query option provided for suppressing
highlighting search results.
* Search macros: new options for FullSearch, FullSearchCached and PageList
available:
* highlight_titles option controls highlighting of matches in search
results provided by these macros. Default value is set in
search_macro_highlight_titles configuration option)
* highlight_pages option controls adding of highlight URL parameter to
page links (so search term is highlighted when user goes to one of
these pages via provided link) in search results. Default value is set
in search_macro_highlight_pages configuration option.
Usage of these options is disabled (via search_macro_parse_args
configuration option) by default due to behavioural changes introduced
in macro parameter parsing mechanism to support them. Related to
http://moinmo.in/FeatureRequests/FullSearchResultsWithoutHighlight .
Other changes:
* Remove 4suite dependency for docbook formatter, use minidom (included in
Python).
* Upgraded FCKeditor to 2.6.8.
grappelli_safe was created to provide a snapshot of the Grappelli
admin skin for Django, to be referenced as a dependency for the
Mezzanine CMS for Django.
Bleach is an HTML sanitizing library that escapes or strips markup
and attributes based on a white list. Bleach can also linkify text
safely, applying filters that Django's ``urlize`` filter cannot,
and optionally setting ``rel`` attributes, even on links already
in the text.
Tiny Tiny RSS is an open source web-based news feed (RSS/Atom)
reader and aggregator, designed to allow you to read news from any
location, while feeling as close to a real desktop application as
possible.
Geeklog History/Changes:
Dec 30, 2012 (1.8.2)
------------
- A remote service user now bypasses current password check when account is
deleted (bug #0001417) [Tom]
- Fixed Twitter OAuth login error after Twitter deactived some old URLs (bug
#0001497) [Tom]
- $dbconfig_path was not escaped in the install script (bug #0001457, patch
provided by mystral-kk)
- COM_stripslashes will now handle arrays; this was a problem during
re-authentication after a security token expired (bug #0001413) [suprsidr]
- The comment count for a story could be wrong if there was a different object
with the same id and a comment (bug #0001414) [Tom]
- Feeds with the full story text still had a '...' at the end (bug #0001431)
[Jeff Rivett, Tom]
- Allow MIME type application/x-gzip-compressed when uploading a plugin for
installation (bug #0001405) [Dirk]
- Fixed compatibility with MySQL 5.5 (bugs #0001410, #0001456). This also
raises the minimum supported MySQL version to 4.1.2 [Dirk, Tom]
* Create user/group
Changelog:
* [bp/r43638][SEC] unserialize: More complete check for objects in serialized data when it's not the first item
* And more bugfixes
Changelog:
Version 4.5.5 Dec 20th 2012
Show drag and drop shadow for Firefox
Fix Knowledgebase under certain conditions
Fix setting of sharing password
Fix setting of sharing password
Several sharing fixes
Fixversioning during sharing
Fix mounting of external filesystems especially CIFS
Fix several PHP warnings
Show /Shared as standard directory
Fix session management for running several ownClouds on the same host
Fix WebDAV quota enforement
Fix CalDAV with LDAP users
Better warning about missing dependencies
Add warning about conflicting WebDAV auth and LDAP backend
Restore send sharing link my email
Fix encoding problem with mounting of CIFS filesystems
Fix mimetype icons for new files
Fix the folder size calculation
Fix for deleting multiple files
Fix for controling the data dir with LDAP
Security: Auth bypass in user_webdavauth and user_ldap (oC-SA-2012-006)
Security: XSS vulnerability in bookmarks (oC-SA-2012-007)
* Add a possible fix of SA4931, too.
Drupal 6.27, 2012-12-19
----------------------
- Fixed security issues (multiple vulnerabilities), see SA-CORE-2012-004.
Release notes
Release date: 2012-12-18
Opera 12.12 is a recommended upgrade offering security and stability enhancements.
Fixes and Stability Enhancements since Opera 12.11
General and User Interface
* Several general fixes and stability improvements
* New option `Delete settings and data for all extensions' option (off by
default) in the Delete Private Data dialog
* Corrected an issue where using the 'Delete Private Data' dialog could delete
extension and settings data
* Redesigned the 'Delete Private Data' dialog to be more usable with small
screens
* Fixed an issue where quitting Opera while in fullscreen mode could cripple
the interface on the next start-up
Security
* Fixed an issue where malformed GIF images could allow execution of arbitrary code; see our advisory
http://www.opera.com/support/kb/view/1038/
* Fixed an issue where repeated attempts to access a target site could trigger
address field spoofing, as reported by Masato Kinugawa; see our advisory
http://www.opera.com/support/kb/view/1040/
UNIX-only
* Fixed an issue where private data could be disclosed to other computer
users, or be modified by them, as reported by Jann Horn; see our advisory
http://www.opera.com/support/kb/view/1039/
turned off in www/curl.
Modify the curl package to be aware of the libidn option. Ensure default
is on.
No functional change, so no version number bump.
== 1.5.0 Knife
* Fix compilation under Ubuntu 12.04 with -Werror=format-security option.
* Raise an error when no PID file.
* Prevent duplicate response headers.
* Make proper response on exception [MasterLambaster].
* Automatically close idling pipeline connections on server stop [MasterLambaster].
=== unicorn 4.5.0 - check_client_connection option / 2012-12-07 22:59 UTC
The new check_client_connection option allows unicorn to detect
most disconnected local clients before potentially expensive
application processing begins.
This feature is useful for applications experiencing spikes of
traffic leading to undesirable queue times, as clients will
disconnect (and perhaps even retry, compounding the problem)
before unicorn can even start processing the request.
To enable this feature, add the following line to a unicorn
config file:
check_client_connection true
This feature only works when nginx (or any other HTTP/1.0+
client) is on the same machine as unicorn.
A huge thanks to Tom Burns for implementing and testing this
change in production with real traffic (including mitigating
an unexpected DoS attack).
ref: http://mid.gmane.org/CAK4qKG3rkfVYLyeqEqQyuNEh_nZ8yw0X_cwTxJfJ+TOU+y8F+w@mail.gmail.com
This release fixes broken Rainbows! compatibility in 4.5.0pre1.
=== unicorn 4.5.0pre1 - check_client_connection option / 2012-11-29 23:48 UTC
The new check_client_connection option allows unicorn to detect
most disconnected clients before potentially expensive
application processing begins.
This feature is useful for applications experiencing spikes of
traffic leading to undesirable queue times, as clients will
disconnect (and perhaps even retry, compounding the problem)
before unicorn can even start processing the request.
To enable this feature, add the following line to a unicorn
config file:
check_client_connection true
A huge thanks to Tom Burns for implementing and testing this
change in production with real traffic (including mitigating
an unexpected DoS attack).
=== unicorn 4.4.0 - minor updates / 2012-10-11 09:11 UTC
Non-regular files are no longer reopened on SIGUSR1. This
allows users to specify FIFOs as log destinations.
TCP_NOPUSH/TCP_CORK is no longer set/unset by default. Use
:tcp_nopush explicitly with the "listen" directive if you wish
to enable TCP_NOPUSH/TCP_CORK.
Listen sockets are now bound _after_ loading the application for
preload_app(true) users. This prevents load balancers from
sending traffic to an application server while the application
is still loading.
There are also minor test suite cleanups.
3.2.3
* sass --watch no longer crashs when a file in a watched directory is deleted.
* Allow @extend within bubbling nodes such as @media.
* Fix various JRuby incompatibilities and test failures.
* Work around a performance bug that arises from using @extend with
deeply-nested selectors.
3.2.2
* Add a --poll option to force sass --watch to use the polling backend to
Listen.
* Fix some error reporting bugs related to @import.
* Treat protocol-relative URLs in @imports as static URLs, just like http and
https URLs.
* Improve the error message for misplaced simple selectors.
* Fix an option-handling bug that was causing errors with the Compass URL
helpers.
* Fix a performance issue with @import that only appears when ActiveSupport is
loaded.
* Fix flushing of actions to stdout. Thanks to Russell Davis
(http://github.com/russelldavis).
* Fix the documentation for the max() function.
* Fix a @media parsing bug.
Deprecations -- Must Read!
* Sass will now print a warning when it encounters a single @import statement
that tries to import more than one file. For example, if you have @import
"screen" and both screen.scss and _screen.scss exist, a warning will be
printed. This will become an error in future versions of Sass.
=== 2.8 / 2012-10-17
* Minor enhancements
* Added Net::HTTP::Persistent::detect_idle_timeout which can be used to
determine the idle timeout for a host.
* The read timeout may now be updated for every request. Issue #33 by
Mislav Marohnić
* Added NO_PROXY support. Pull Request #31 by Laurence Rowe.
* Added #cert and #key aliases for Net::HTTP compatibility. Pull request
#26 by dlee.
* The artifice gem now disables SSL session reuse to prevent breakage of
testing frameworks. Pull Request #29 by Christopher Cooke.
* Disabled Net::HTTP::Persistent::SSLReuse on Ruby 2+. This feature is now
built-in to Net::HTTP.
* Bug fixes
* Socket options are set again following connection reset. Pull request #28
by cmaion.
* #shutdown now works even if no connections were made. Pull Request #24 by
James Tucker.
* Updated test RSA key size to 1024 bits. Bug #25 by Gunnar Wolf.
* The correct host:port are shown in the exception when a proxy connection
fails. Bug #30 by glebtv.
== 0.6.2 / 2012-09-27
* Minor enhancements
* Support HTTP PATCH method (Marjan Krekoten' #33)
* Preserve the exact query string when possible (Paul Grayson #63)
* Add a #delete method to CookieJar (Paul Grayson #63)
* Bug fixes
* Fix HTTP Digest authentication when the URI has query params
* Don't append default ports to HTTP_HOST (David Lee #57)
- Bug 3622: peerClearRRStart scheduling multiple events
- Bug 3615: configure check for default max number of FDs is broken
- Bug 3607: --enable-auth documented default action incorrect
- Bug 3593: socket failure: Address family not supported by protocol
- Bug 3584: Detection of setresuid() is broken
- Bug 3568: Consolidate external_acl_type config dumping and add missing %%
- Bug 3564: eCAP not supporting CoAP URI schemes
- Bug 3484: Docs: sslproxy_cert_error example flawed
- Bug 3462: Delay Pools and ICAP
- Bug 3133: better fix: Memory leak handling requests for sites that don't
exist
- Bug 2976: ERR_INVALID_URL for transparently captured requests when
reconfiguring
- Silence IOS 15.1 unknown capabilities messages.
- Account for Store disk client quota when bandwidth-limiting the server.
- ... and several documentation fixes
- ... and several compile fixes
Highlights
* New Media Manager
+ Beautiful interface: A streamlined, all-new experience
+ Create galleries faster with drag-and-drop reordering,
inline caption editing, and simplified controls
+ Insert multiple images at once with Shift/Ctrl+click
* New Default Theme - Twenty Twelve
+ Simple, flexible, elegant
+ Mobile-first, responsive design
+ Gorgeous Open Sans typeface
+ Uses the latest Theme Features
* Admin Enhancements
+ New Welcome Screen
+ Retina-Ready (HiDPI) Admin
+ Hide Link Manager for new installs
+ Better accessibility for screenreaders, touch devices, and
keyboard users
+ More polish on admin screens, including a new color picker
* For Developers
+ WP_Comment_Query and WP_User_Query accept now meta queries
just like WP_Query
+ Meta queries now support querying for objects without a
particular meta key
+ Post objects are now instances of a WP_Post class, which
improves performance and caching
+ Multisite's switch_to_blog() is now significantly faster and
more reliable
+ WordPress has added the Underscore and Backbone JavaScript
libraries
+ TinyMCE, jQuery, jQuery UI, and SimplePie have all been
updated to the latest versions
+ Image Editing API for cropping, scaling, etc., that uses
ImageMagick as well as GD
+ XML-RPC: Now always enabled and supports fetching users,
managing post revisions, searching
+ New "show_admin_column" parameter for register_taxonomy()
allows automatic creation of taxonomy columns on associated post-types.
0.7.7
More fixes for App Engine, now less likely to swallow important exceptions.
Adding proxy_info_from_* methods to Python3. Reviewed in https://codereview.appspot.com/6588078/.
Added GeoTrust cert
Make httplib2.Http() instances pickleable. Reviewed in https://codereview.appspot.com/6506074/
The following issues have been fixed:
229 python3 httplib2 clobbers multiple headers of same key
230 Expose meaningful exception for App Engine URLFetch ResponseTooLargeError
231 Expose App Engine URLFetch DeadlineExceededError for debugging purposes
## Rails 3.2.9 (unreleased) ##
* Clear url helpers when reloading routes.
*Santiago Pastorino*
* Revert the shorthand routes scoped with `:module` option fix
This added a regression since it is changing the URL mapping.
This makes the stable release backward compatible.
*Rafael Mendonça França*
* Revert the `assert_template` fix to not pass with ever string that matches the template name.
This added a regression since people were relying on this buggy behavior.
This will introduce back #3849 but this stable release will be backward compatible.
Fixes#8068.
*Rafael Mendonça França*
* Revert the rename of internal variable on ActionController::TemplateAssertions to prevent
naming collisions. This added a regression related with shoulda-matchers, since it is
expecting the [instance variable @layouts](9e1188eea6/lib/shoulda/matchers/action_controller/render_with_layout_matcher.rb (L74)).
This will introduce back #7459 but this stable release will be backward compatible.
Fixes#8068.
*Rafael Mendonça França*
* Accept :remote as symbolic option for `link_to` helper. *Riley Lynch*
* Warn when the `:locals` option is passed to `assert_template` outside of a view test case
Fix#3415
*Yves Senn*
* Rename internal variables on ActionController::TemplateAssertions to prevent
naming collisions. @partials, @templates and @layouts are now prefixed with an underscore.
Fix#7459
*Yves Senn*
* `resource` and `resources` don't modify the passed options hash
Fix#7777
*Yves Senn*
* Precompiled assets include aliases from foo.js to foo/index.js and vice versa.
# Precompiles phone-<digest>.css and aliases phone/index.css to phone.css.
config.assets.precompile = [ 'phone.css' ]
# Precompiles phone/index-<digest>.css and aliases phone.css to phone/index.css.
config.assets.precompile = [ 'phone/index.css' ]
# Both of these work with either precompile thanks to their aliases.
<%= stylesheet_link_tag 'phone', media: 'all' %>
<%= stylesheet_link_tag 'phone/index', media: 'all' %>
*Jeremy Kemper*
* `assert_template` is no more passing with what ever string that matches
with the template name.
Before when we have a template `/layout/hello.html.erb`, `assert_template`
was passing with any string that matches. This behavior allowed false
positive like:
assert_template "layout"
assert_template "out/hello"
Now it only passes with:
assert_template "layout/hello"
assert_template "hello"
Fixes#3849.
*Hugolnx*
* Handle `ActionDispatch::Http::UploadedFile` like `Rack::Test::UploadedFile`, don't call to_param on it. Since
`Rack::Test::UploadedFile` isn't API compatible this is needed to test file uploads that rely on `tempfile`
being available.
*Tim Vandecasteele*
* Respect `config.digest = false` for `asset_path`
Previously, the `asset_path` internals only respected the `:digest`
option, but ignored the global config setting. This meant that
`config.digest = false` could not be used in conjunction with
`config.compile = false` this corrects the behavior.
*Peter Wagenet*
* Fix#7646, the log now displays the correct status code when an exception is raised.
*Yves Senn*
* Fix handling of date selects when using both disabled and discard options.
Fixes#7431.
*Vasiliy Ermolovich*
* Fix select_tag when option_tags is nil.
Fixes#7404.
*Sandeep Ravichandran*
* `javascript_include_tag :all` will now not include `application.js` if the file does not exists. *Prem Sichanugrist*
* Support cookie jar options (e.g., domain :all) for all session stores.
Fixes GH#3047, GH#2483.
*Ravil Bayramgalin*
* Performance Improvement to send_file: Avoid having to pass an open file handle as the response body. Rack::Sendfile
will usually intercept the response and just uses the path directly, so no reason to open the file. This performance
improvement also resolves an issue with jRuby encodings, and is the reason for the backport, see issue #6844.
*Jeremy Kemper & Erich Menge*
* CVE-2012-4431 is fixed in 7.0.32
Changelog:
Tomcat 7.0.34 (markt) 2012-12-12
Catalina
fix 53871: Improve error message if annotation scanning fails during web application start due to poor configuration or illegal cyclic inheritance with the application's classes. (markt)
fix Fix unit test for AccessLogValve when using non-GMT time zone. (rjung)
fix 54170: Ensure correct registration of Filters and Servlets in the JMX registry if the Filter or Servlet name includes a character that must be quoted if used in an ObjectName value. (markt)
add Add new attribute renameOnRotate to the AccessLogValve. (rjung)
fix 54190: Correct unit tests for BASIC authentication so that session timeout is correctly tested. Also refactor unit test to make it easier to add additional tests. Patch by Brian Burch. (markt)
fix 54220: Ensure the ErrorReportValve only generates an error report if the error flag on the response has been set. (markt)
fix Simplify time zone handling in the access log valve and correctly handle various edge cases for non-standard DST changes. (markt)
Web applications
fix 54198: Clarify that HttpServletResponse.sendError(int) results in an HTML response by default. (markt)
fix 54207: Correct JNDI factory package name in Javadoc for org.apache.naming.java.javaURLContextFactory. (markt)
jdbc-pool
code Fix a handful of Eclipse warnings in the JDBC pool source code including the warnings reported in 53565. (markt)
fix 54150: Make sure that SlowQueryReportJmx mbean deregistered during webapp shutdown. Reported by Alex Franken. (kfujino)
fix 54194: Make sure that connection pool mbean is not registered when jmxEnabled is false. Patch provided by tobias.gierke. (kfujino)
Other
update Update to Eclipse JDT Compiler 4.2.1. (markt)
Tomcat 7.0.33 (markt) 2012-11-21
Catalina
add 53960, 54115: Extensions to HttpClient test helper class. Patches by Brian Burch. (markt/kkolinko)
fix 53993: Avoid a possible NPE in the AccessLogValve when the session ID is logged and a session is invalidated. (markt)
fix Add support for LAST_ACCESS_AT_START system property to PersistentManager. (kfujino)
add Update MIME type mapping with additional / updated mime.types from the Apache web server. (markt)
fix 54007: Fix a memory leak that prevented deletion of a context.xml file associated with a Context that had failed to deploy. Also fix the problems uncovered with undeploying such a Context once the leak had been fixed and the file could be deleted. (markt)
fix 54044: Correct bug in timestamp cache used by logging (including the access log valve) that meant entries could be made with an earlier timestamp than the true timestamp. (markt)
fix 54054: Do not share shell environment variables between multiple instances of the CGI servlet. (markt)
fix 54060: Use a simple parser rather than a regular expression to parse HTTP Digest authentication headers so the header is correctly parsed. The new approach is also faster and generates less garbage. (markt)
fix 54068: Rewrite the web fragment ordering algorithm to resolve multiple issues that resulted in incorrect ordering or failure to find a correct, valid order. (markt)
update The HTTP header parser added to address 52811 has been removed and replaced with the light-weight HTTP header parser created to address 54060. The new parser includes a work-around for a bug in the Adobe Acrobat Reader 9.x plug-in for Microsoft Internet Explorer that was identified when the old parser was introduced (53814).
fix 54076: Add an alternative work-around for clients that use SPNEGO authentication and expect the authenticated user to be cached per connection (Tomcat only does this if an HTTP session is available). (markt)
fix 54087: Correctly handle (ignore) invalid If-Modified-Since header rather than throwing an exception. (markt)
fix 54096: In web.xml, <env-entry> should accept any type that has a constructor that takes a single String or char. (markt)
add 54127: Add support for sending a WebSocket Ping. Patch provided by Sean Winterberger. (markt)
fix In FormAuthenticator: If it is configured to change Session IDs, do the change before displaying the login form. (kkolinko)
fix Ensure AsyncListener.timeout() and AsyncListener.complete() are called with the correct thread context class loader. (fhanik)
fix 54123: If an asynchronous request times out without any AsyncListeners defined, a 500 error will be triggered. (markt)
fix 54124: Correct provided value of request attribute javax.servlet.async.request_uri and add missing request attribute javax.servlet.async.path_info. (markt)
add Add denyStatus initialization parameter to CsrfPreventionFilter, allowing to customize the HTTP status code used for denied requests. (kkolinko)
fix 54141: Increase the permitted number of nested Realm levels from 2 to 3 by default and make the limit configurable via a system property. (markt)
fix Revert occasional API change in BaseDirContext class that was done in 7.0.32. Methods should not be final. (kkolinko)
fix Prevent failures in the AccessLogValve when running under a SecurityManager and the first request received is an asynchronous one. (markt)
Coyote
fix Correct an issue that prevented WebSockets from being used over SSL when using the HTTP NIO connector. (markt)
fix 54022: Ensure the Comet END event is triggered on client disconnect with APR/native on Windows Vista/2k8 or later. Patch provided by Douglas Beachy. (markt)
fix 54067: Ensure responses with 1xx response codes are correctly marked as not containing an entity body. This caused an issue for some WebSocket clients when an Transfer-Encoding header was sent with the 101 (HTTP upgrade) response. (markt)
Jasper
code 53867: Optimise the XML escaping provided by the PageContext implementation. Based on a patch by Sheldon Shao. (markt)
code 53896: Use an optimised CompositeELResolver for Jasper that skips resolvers that are known to be unable to resolve the value. Patch by Jarek Gawor. (markt)
fix 53986: Correct a regression introduced by the fix for 53713. JSP comments that ended with the sequence ---%> (or any similar sequence with a odd number of - characters) was not correctly parsed. (markt)
fix 54011: Fix a bug in the tag plug-in for <c:out> that triggered a JSP compilation error if the escapeXml attribute was used. Patch provided by Sheldon Shao. (markt)
code Follow up to 5401. Simplify generated code for <c:out>. Based on a patch by Sheldon Shao. (markt)
fix 54012: Fix a bug in the tag plug-in infrastructure that meant the <c:set> triggered a JSP compilation error when used in a tag file. Based on a patch provided byx 54144: Fix a bug in the tag plug-in for <c:out> that meant that if the value of the tag evaluated to a java.io.Reader object then it was not correctly handled. (markt)
Cluster
fix Add getSessionIdsFull operation to mbeans-descriptor. listSpplications
add 54143: Add display of the memory pools usage (including PermGen) to the Status page of the Manager web application. (kkolinko)
Tribes
fix 54045: Make sure getMembers() returns available member when TcpFailureDetector fix Revert multiple operation support for the JMXProxyServlet pending further discussion. (schultz)
fix CVE-2012-4431: Fix bypass of CsrfPreventionFilter when there is no session. Improve session management in the filter. (kkolinko)
Web apit servlets (JSP and default) are marked as override-able when using embedded mode. (markt)
fix When the DefaultServlet is under heavy load, the HTTP header parser added to address 52811 generates large amounts of garbage and uses significant CPU time. A cache has been added that significantly reduces the overhead of this parser. (markt)
fix 53854: Make directory listings work correctly when aliases are used. (markt)
Jasper
code 53713: Performance improvement of up to four times faster parsing of JSP pages. Patch provided by Sheldon Shao. (markt)
Cluster
add Make the cluster members and the cluster deployer associated with the cluster accessible via JMX. (markt)
fix Fix a behavior of TcpPingInterceptor#uhread. If set to false, ping thread is never started. (kfujino)
Web applications
add Improve the documentation web application to clarify the difference between the tag and version parameters when using text interface of the Manager web application. (markt)
add Make sessions saved in the Store associated with a Manager that extends PersistentManager optionally visible (via the showProxySessions Servlet initialisation parameter in web.xml) to the Manager web application. (markt)
* Language
** Generalized client values in server code
** Injections into client sections
* Tools
** Added eliom-destillery for generating project scaffolds
** Support Eliom interface files (.eliomi) in eliomc, eliomdep
** eliomdep: Generate dependencies between eliom-modules
** eliomc: infer only with option -infer, drop option -noinfer
** eliomc: Basic support for -i on eliom-files
** eliom{c,dep,opt},js_of_eliom: -dump to output the intermediate code
** eliomc,js_of_eliom: always open Eliom_pervasives in eliom files
* API
** Eliom_pervasives.server_function to easily access the from the client
** Get current state of a scope
** Module to access values of Eliom references in external states
(Eliom_state.Ext)
** Scope names are now named scope hierarchies
** Iterate the scope hierarchy (group > session > client > request)
** Adding Eliom_parameter.(type_checker, neopt)
** Add functions to insert html5 in atom feeds
** Eliom_tools.{F,D}.html to ease creation of head-tag
** Eliom_tools.wrap_handler as an easy alernative to
Eliom_registration.Customize
** Test for initial request of a client on the server
* Changed server behaviour
** Eliom_state.discard_everything now also discards request state
** Don't send nodes as data when they are part of the document
* Changed client behaviour
** Show progress cursor during navigation with change_page
** Improved error messages
** Fail on the client when a [server_function] or call_caml_service
fails on the server
* Bugfixes
** Allow % for injections directly after parentheses
* Support dropped for
** Xhtml
** OCamlDuce
** Eliom_compatibility_2_1
* A myriade of bugfixes
* Relative filenames when not running as daemon
* Small change in ocsigen_lib: encoding of parameters with "
* fix Ocsigen_http_client.get_url (and other) first "/" was missing
* Installation: Do not try to chown files to a different user
* Fix error on make logrotate
* redirectmod: fixing default to permanent (as written in manual)
* Minor additions in the API
Also, the package was updated, mostly to use PLIST_VARS.
Version 1.8.3
-------------
This release mostly fixes support for IPv6, and also some security
bugs. Fixes to messages, etc. were also made.
Bugs resolved since version 1.8.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#91: Fix upstream proxy support
* BB#95: Fix FilterURLs with transparent proxy support
* BB#90: Fix bug in ACL netmask generation
Contributors
~~~~~~~~~~~~
Daniel Egger, John Horne, Michael Adam, Mukund Sivaraman.
Version 1.8.2
-------------
* Minor formatting changes and typo fixes were made.
Bugs resolved since version 1.8.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#69: INET6 not available when configured to Listen and Bind in v4,
and vice versa
* BB#74: tinyproxy unable to reopen log files after receiving HUP
* BB#78: Warn if configuration results in an open proxy
* BB#82: https access not working
* BB#83: run_tests.sh relies on $USER
* BB#84: Unaligned access error on ia64 and alpha
* BB#87: Unable to listen on ports less than 1024 (regression in 1.8.1)
* BB#88: Crashes when reloading configuration
* BB#89: tinyproxy leaks memory over time
Contributors
~~~~~~~~~~~~
Dmitry Semyonov, John van der Kamp, Jordi Mallach, Michael Adam,
Mukund Sivaraman.
Version 1.8.1
-------------
* Tinyproxy now drops `root` user privileges more quickly.
* The log and pid files are now stored in a sub-directory in `/var/`.
* A format string vulnerability was fixed.
* Minor formatting changes and typo fixes were made.
Bugs fixed since version 1.8.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#74: tinyproxy unable to reopen log files after receiving HUP
* BB#79: Make the testsuite uninteractive
* BB#80: Handle errors in testsuite
* BB#81: Listen directive doesn't work as expected
* BB#72: upstream support is not reported with tinyproxy -h
* BB#73: generated tinyproxy.conf has the wrong location for the html
file installation
Contributors
~~~~~~~~~~~~
Michael Adam, Mukund Sivaraman.
Version 1.8.0
-------------
* Tinyproxy now reloads its configuration upon SIGHUP signal.
* Tinyproxy reopens its log file (instead of truncation) upon SIGHUP
signal. This is to play more nicely with logrotate.
* File logging is now the default.
Syslog is chosen if and only if "SysLog Yes" is in the config,
i.e., a present "SysLog Yes" in the config file now overrides
any LogFile setting.
* The XTinyProxy option is now documented as a global boolean.
Before it was documented to build a list of sites to add a
X-Tinyproxy header for, but it was implemented as global boolean.
* A new config option AddHeader allows the user to configure a list of
custom headers to send in outgoing HTTP requests.
* A new config option DisableViaHeader allows the user to disable
sending of the "Via:" header.
* Tinyproxy is now IPv6 capable.
* The config option PidFile now has a compiled in default.
Bugs fixed since version 1.7.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#9: Add support for the IPv6 protocol
* BB#17: Add support for custom headers
* BB#55: Error message response omits body when request has a body
* BB#60: Add config option to disable Via header
* BB#61: SIGHUP does not refresh filter list
* BB#62: Make tinyproxy reload the config upon SIGHUP
* BB#64: Config parsing error with reverse proxy option
* BB#65: Format string compile warnings
* BB#67: ACL processing error with multiple Allow statements
Contributors
~~~~~~~~~~~~
David Shanks, Mathew Mrosko, Michael Adam, Mukund Sivaraman.
Version 1.7.1
-------------
* Fixed all warnings reported by GCC.
* The tinyproxy manpage has been extended and converted to asciidoc.
* There is a new tinyproxy.conf manpage that describes all the options.
* The build system has been considerably cleaned up.
* Various other bugs have been fixed.
Bugs fixed since version 1.7.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#2: Fix Tinyproxy for requests like www.site.com:8001
* BB#5: Move templates from the doc directory to its own directory
* BB#8: Update README, INSTALL, NEWS and the manpage
* BB#10: Do not filter out transfer-encoding header
* BB#18: Fix pointer aliasing issues
* BB#53: Add a GPLv2 COPYING file
Contributors
~~~~~~~~~~~~
Andrew Stribblehill, Jeremy Hinegardner, Matthew Dempsky, Michael Adam,
Mukund Sivaraman, Robert James Kaes.
Version 1.7.0
-------------
* There is now support for reverse proxying.
* Tinyproxy does not bundle a vendor regular expressions library
anymore. It uses the system installed regular expressions library.
* The documentation has been updated.
* Tinyproxy now contains some code optimizations such as the use of a
hashmap internally for looking up error pages.
* Various other bugs have been fixed.
Contributors
~~~~~~~~~~~~
Kim Holviala, Marc Silver, Robert James Kaes, Steven Young.
Add more missing dependencies.
0.41
- Bugfixes
0.4
- Written tests
- HTTP::Server::EV::PortListener module
- Rewritten disk IO code. Now it can use built in perl functions or IO::AIO module.
- Fixed segfault when uploading zero size file
- Multipart processing callbacks.
- Coro support
0.31
- Fixed non ARRAY reference error when cgi->param called in list context with nonexistent param name
- Added explicit type-casting, no more compiler warnings
- Little documentation fix
* filecheck: Fix bug that prevented File::MimeInfo::Magic from ever
being used.
* openid: Display openid in Preferences page as a comment, so it can be
selected in all browsers.
management and manipulation functionality as well as a complete photo gallery
solution. The 2.x release adds more effects, including reflections and
transparent watermarks. It also introduces the ImageModel abstract base class
allowing developers to easily integrated the Photologue core functionality into
their own models. Photologue embraces the Django admin and smoothly integrates
with photo thumbnails and effect previews.
Fri Nov 9 21:36:46 CET 2012
Releasing libmicrohttpd 0.9.23. -CG
Thu Nov 8 22:32:59 CET 2012
Ship our own version of tsearch and friends if not provided by platform,
so that MHD works nicely on Android. -JJ
Mon Oct 22 13:05:01 CEST 2012
Immediately do a second read if we get a full buffer from
TLS as there might be more data in the TLS buffers even if
there is no activity on the socket. -CG
Tue Oct 16 01:33:55 CEST 2012
Consistently use "#ifdef" and "#ifndef" WINDOWS, and not
sometimes "#if". -CG
This release includes the following changes:
o metalink/md5: Use CommonCrypto on Apple operating systems
o href_extractor: new example code extracting href elements
o NSS can be used for metalink hashing [13]
This release includes the following bugfixes:
o Fix broken libmetalink-aware OpenSSL build
o gnutls: fix the error is fatal logic [1]
o darwinssl: un-broke iOS build, fix error on server disconnect
o asyn-ares: restore functionality with c-ares < 1.6.1 [2]
o tlsauthtype: deal with the string case insensitively [3]
o Fixed MSVC libssh2 static build
o evhiperfifo: fix the pointer passed to WRITEDATA [6]
o BUGS: fix the bug tracker URL [4]
o winbuild: Use machine type of development environment
o FTP: prevent the multi interface from blocking [5]
o uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES
o httpcustomheader.c: free the headers after use
o fix >2000 bytes POST over NTLM-using proxy [7]
o redirects to URLs with fragments [8]
o don't send '#' fragments when using proxy [9]
o OpenSSL: show full issuer string [10]
o fix HTTP auth regression [11]
o CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value [12]
o ftp: EPSV-disable fix over SOCKS [14]
o Digest: Add microseconds into nounce calculation [15]
o SCP/SFTP: improve error code used for send failures
o SSL: Several SSL-backend related fixes
o removed the notorious "additional stuff not fine" debug output
o OpenSSL: Disable SSL/TLS compression - avoid the "CRIME" attack
o FILE: Make upload-writes unbuffered
o custom memory callbacks failure with HTTP proxy (and more) [16]
o TFTP: handle resends
o autoconf: don't force-disable compiler debug option
o winbuild: Fix PDB file output [17]
o test2032: spurious failure caused by premature termination [18]
o memory leak: CURLOPT_RESOLVE with multi interface [19]
Changelog:
5.6.0.2 Release Notes
Behavioral Improvements
Improvements to ccm.app.css and ccm.app.js for coexistence with full bootstrap themes. Broke bootstrap.js into a separate JavaScript file.
Bug Fixes
Fixed bugs where certain block dialogs and add stack dialog were blank in IE8.
Fixed IE bugs where the sub-toolbar status bar wouldn¡Çt display
fixed inability to use page picker when register globals was on.
Fixed bug where deleting alias would delete source page (again).
fixing bug where blocks would disappear when adding a layout if the cache was on.
fix bug in simple permissions display when working with deleted groups.
Fixed blank file manager window in IE8.
Attempting to solve intermittent error in PagePermissionAssignments messages that happen on certain upgrades.
Fixed error when using group combinations on basic workflow.
Better permissions upgrading when using simple permissions.
Guestbook comments will now no longer be removed on update of guestbook block.
Attempting to solve ¡ÈIllegal Mix of Collations¡É MySQL error that can affect some setups when previewing pages.
Fixed: http ://www.concrete5.org/index.php?cID=380195
File manager saved search cosmetic improvements.
Removed old code from user avatar uploader that could cause problems if used maliciously.
Fixed bug where Schedule Guest Access would remove all but guest users from view permission.
http://www.concrete5.org/developers/bugs/5.6.0.1/getpermissionobject-incompatibles-between-5.5.x-and-5.6.x/
Pretty URLs are now honored in the Next/Previous block.
Fixed: http://www.concrete5.org/developers/bugs/5.6.0.1/wrong-notice-in-file-permissions-dialogue/
Fixed error where setting custom groups on Access User Search or Assign User Groups permission results in showing one group repeated over and over.
Added legacy getPermissionsObject back to Block Controller to fix Reviews add-on, others.
Fixed typo in the form block (Thanks Remo).
Fixing the error in loading the editor when using custom code and the Concrete TinyMCE theme.
Upstream changes:
MediaWiki 1.20.2
This is a maintenance release of the MediaWiki 1.20 branch
[edit]Changes since 1.20.1
(bug 42638) Fix API action=options&reset=1 & unit tests.
(bug 42370) Fixed backport of 60cc060 to use mDoneWrites.
Changelog:
Version 4.5.4 Dec 3th 2012
Fix a regression for system where output buffering is disabled
Fix a problem with old file versions stored in the filesystem cache
Fix group and subadmin ajax bug
Important LDAP fix
Improved Updater
Changelog:
The Select Addresses dialog came up blank if opened from a Compose window with a single To/Cc/Bcc field filled in (bug 814770).
A change to the User Agent string has been reverted since it caused some website incompatibilities (bug 816749).
Information failed to show on the message header pane under certain circumstances (bug 803322).
The display quality of fonts could be perceived as bad when Cleartype was turned off on Windows (bug 814101).
The permissions database was not read completely if it included an invalid entry (bug 814554).
Tomcat 6.0.36 (jfclere)
Catalina
++++++++
update 48692: Provide option to parse
application/x-www-form-urlencoded PUT requests. (schultz)
add 50306: New StuckThreadDetectionValve to detect requests
that take a long time to process, which might indicate that
their processing threads are stuck. Based on a patch
provided by TomLu. (kkolinko)
fix 50570: Enable FIPS mode to be set in AprLifecycleListener.
Based upon a patch from Chris Beckey. Note that this mode
requires tomcat-native 1.1.23 or later linked to a
FIPS-capable OpenSSL library, which one has to build by
themselves. (schultz/kkolinko)
fix Improve synchronization and error handling in
AprLifecycleListener. Do not allow to change SSL options
if SSL has already been initialized. (schultz/kkolinko)
fix 52225: Fix ClassCastException when adding an alias for an
existing host via JMX. (kkolinko)
fix 52293: Correctly handle the case when antiResourceLocking
is enabled at the Context level when unpackWARs is disabled
at the Host level. Correctly handle multi-level contexts
when antiResourceLocking is enabled. Patch by Justin Miller.
(kkolinko)
fix Do not throw IllegalArgumentException from parseParameters()
call when chunked POST request is too large, but treat it
like an IO error. The FailedRequestFilter filter can be
used to detect this condition. (kkolinko)
fix 52384: Do not fail with parameter parsing when debug
logging is enabled. (kkolinko)
fix Do not flag extra '&' characters in parameters as
parse errors. (kkolinko)
fix 52488: Correct typos: exipre -> expire. Based on a patch
by prockter. (markt)
fix Reduce log level for the message about hitting
maxParameterCount limit from WARN to INFO. Fix limit
comparison to allow exactly maxParameterCount parameters,
as documentation says, instead of (maxParameterCount-1).
(kkolinko)
fix Slightly improve performance of UDecoder.convert(). Align
%2f handling between implementations. (kkolinko)
add Add denyStatus attribute to RequestFilterValve
(RemoteAddrValve, RemoteHostValve valves). It allows to
use different HTTP response code when rejecting denied
request. E.g. 404 instead of 403. (kkolinko)
add Add SetCharacterEncodingFilter (similar to the one
contained in the examples web application) to the
org.apache.catalina.filters package so that it is
available for all web applications. (kkolinko)
add 52500: Added configurable mechanism to retrieve user
names from X509 client certificates. Based on a patch
provided by Michael Furman. (schultz/kkolinko)
fix 52719: Fix a theoretical resource leak in the JAR
validation that checks for non-permitted classes in
web application JARs. (markt)
fix 52830: Correct JNDI lookups when using javax.naming.Name
to identify the resource rather than a java.lang.String.
(markt)
add 52850: Extend memory leak prevention and detection
code to work with IBM as well as Oracle JVMs. Based on
a patch provided by Rohit Kelapure. (kkolinko)
add 52996: In StandardThreadExecutor: Add the ability to
configure a job queue size (maxQueueSize attribute).
Add a variant of execute method that allows to specify
a timeout for how long we want to try to add something
to the queue. Based on a patch by Rüdiger Plüm. (kkolinko)
fix 53047: If a JDBCRealm or DataSourceRealm is configured
for an all roles mode that only requires authorization
(and no roles) and no role table or column is defined,
don't populate the Principal's roles. (markt/kkolinko)
fix 53050: Fix handling of entropy value when initializing
session id generator in session manager. Based on proposal
by Andras Rozsa. (kkolinko)
fix 53056: Add APR version number to tcnative version INFO
log message. (schultz)
fix 53057: Add OpenSSL version number INFO log message
when initializing. (schultz)
fix 53071: Use the message from the Throwable for the error
report generated by the ErrorReportValve if none was
specified via sendError(). Use the standard text for
HTTP error codes. (markt/rjung)
update 53230: Change session managers to throw
TooManyActiveSessionsException instead of
IllegalStateException when the maximum number of sessions
has been exceeded and a new session will not be created.
(schultz/kkolinko)
fix 53267: Ensure that using the GC Daemon Protection feature
of the JreMemoryLeakPreventionListener does not trigger
a full GC every hour. (markt/kkolinko)
fix 53531: Fix ExpandWar.expand to check the return value
of File.mkdir and File.mkdirs. (schultz)
fix Make the CSRF nonce cache in CsrfPreventionFilter
serializable so that it can be replicated across a cluster
and/or persisted across Tomcat restarts. (markt)
fix 53584: Ignore path parameters when comparing URIs for
FORM authentication. This prevents users being prompted
twice for passwords when logging in when session IDs
are being encoded as path parameters. (markt)
fix Various improvements to the DIGEST authenticator
including 52954, the disabling caching of an authenticated
user in the session by default, tracking server rather
than client nonces and better handling of stale nonce
values. (markt)
fix Remove unneeded handling of FORM authentication in
RealmBase. (kkolinko)
fix 53800: FileDirContext.list() did not provide correct paths
for subdirectories. Patch provided by Kevin Wooten.
(kkolinko)
fix 53830: Better handling of Manager.randomFile default
value on Windows. (kkolinko)
fix Improve session management in CsrfPreventionFilter.
(kkolinko)
Coyote
++++++
fix 42181: Better handling of edge conditions in chunk
header processing. (kkolinko)
update 51477: Support all SSL protocol combinations in the
APR/native connector. This only works when using the
native library version 1.1.21 or later. (rjung)
fix 52055 (comment 14): Correctly reset
ChunkedInputFilter.needCRLFParse flag when the filter
is recycled. (kkolinko)
fix 52606: Ensure replayed POST bodies are available when
using AJP. (markt)
fix 52858: Fix high CPU load with SSL, NIO and sendfile
when client breaks the connection before reading all
the requested data. (fhanik/kkolinko)
fix 53119: Prevent buffer overflow errors being reported
when a client disconnects before the response has been
fully written from an AJP connection using the APR/native
connector. (kkolinko)
fix Improve InternalNioInputBuffer.parseHeaders(). (kkolinko)
add Implement maxHeaderCount attribute on Connector.
It is equivalent of LimitRequestFields directive of
Apache HTTPD. Default value is 100. (kkolinko)
fix In JkCoyoteHandler connector for AJP/1.3 protocol
(in JkMain.setProperty()): Fix setting of properties
when connector has already started for properties that
have aliases. E.g. it now allows to change maxHeaderCount
attribute on Connector MBean via JMX. (kkolinko)
fix 53725: Fix possible corruption of GZIP'd output. (kkolinko)
Jasper
++++++
fix 48097 (comment 7), 53366 (comment 1): If JSP page
unexpectedly fails to initialize PageContext instance,
write exception to the logs instead of silent swallowing.
(kkolinko)
fix 52335: Only handle <\% and not \% as escaped in
template text. (markt)
fix 52666: Correct coercion order in EL when processing the
equality and inequality operators. (markt)
fix 53001: Revert the fix for 46915 since the use case
described in the bug is invalid since it breaks the EL
specification. (markt)
fix 53032: Modify JspC so it extends org.apache.tools.ant.Task
enabling it to work with features such as namespaces
within build.xml files. (markt)
Cluster
+++++++
fix Replicate principal in ClusterSingleSignOn. (kfujino)
fix 53513: Fix race condition between the processing of
session sync message and transfer complete message. (kfujino)
fix 53606: Fix potential NPE in TcpPingInterceptor. Based
on a patch by F. Arnoud. (markt)
fix 53607: To avoid NPE, set TCP PING data to ChannelMessage.
Patch provided by F.Arnoud (kfujino)
fix Fix a behavior of TcpPingInterceptor#useThread. Do not
start a ping thread when useThread is set to false. (kfujino)
Web applications
++++++++++++++++
fix 52243: Improve windows service documentation to clarify
how to include # and/or ; in the value of an environment
variable that is passed to the service. (markt)
fix 52515: Make it clear in the Realm how-to in the
documentation web application that digested password
storage when using DIGEST authentication requires that
MD5 digests are used. (markt)
fix 52641: Remove mentioning of ldap.jar from docs. Patch
provided by Felix Schumacher. (rjung)
fix Remove obsolete bug warning from windows service
documentation page. (rjung)
fix 52983: Remove unnecessary code that makes switching to
other authentication methods difficult. (markt)
fix 53158: Fix documented defaults for DBCP. Patch provided
by ph.dezanneau at gmail.com. (rjung)
update Update JavaSE documentation links to point to the current
docs.oracle.com site, instead of obsolete ones
(download.oracle.com, java.sun.com). (kkolinko)
update 53289: Clarify ResourceLink example that uses
DataSource.getConnection(username, password) method.
Not all data source implementations support it. (kkolinko)
fix Prevent the custom error pages for the Manager and
Host Manager applications from being accessed directly.
Configure custom pages for error codes 401 and 403
in Host Manager application. (markt/kkolinko)
fix Correct documentation for enableLookups attribute of
a Connector. By default DNS lookups are disabled. (kkolinko)
fix Fix several HTML markup errors in servlets of examples
web application. (kkolinko)
update Change the index page of ROOT webapp to mention
"manager-gui" role instead of "manager" one. (kkolinko)
fix 53473: Correct the allowed values for the SSI option
isVirtualWebappRelative which are true or false. (markt)
fix 53664: Minor JNDI Howto document enhancement concerning
mail properties. Patch provided by Mark Eggers. (schultz)
fix 53601: Clarify that to build Apache Tomcat 6 from sources
a Java 5 JDK is recommended. (kkolinko)
fix 53793: Change links on the list of applications in the
Manager to point to /appname/ instead of /appname. (kkolinko)
Other
+++++
fix 49402, 52124: Fix Maven publishing script: make sure it
finds tomcat-juli.jar and use later version of wagon-ssh.
(jfclere)
fix Update Apache Commons Daemon to 1.0.10. It resolves
52548 which meant that services created with service.bat
did not set the catalina.home and catalina.base system
properties. (markt, kkolinko)
update Update Apache Commons Pool to 1.5.7. (kkolinko)
update 52579: Add a note about Sun's Charset.decode() bug to
the RELEASE-NOTES file. (kkolinko)
update 52805: Update to Eclipse JDT Compiler 3.7.2. (kkolinko)
update Update the native component of the APR/native connectors
to 1.1.23 and take advantage of the simplified distribution.
(kkolinko)
fix When building a Windows installer do not copy whole
"res" folder to output/dist, but only the files that
we need. Apply fixcrlf filter only after the files are
copied, so that INSTALLLICENSE file had correct line
ends. (kkolinko)
update Remove res/License.rtf. The file that is actually shown
by the Windows installer is res/INSTALLLICENSE. (kkolinko)
update Improve RUNNING.txt. (kkolinko)
update Align the script that deploys Maven jars for Tomcat
(res/maven/mvn-pub.xml) with the Tomcat 7 version, making
full use of Nexus. (markt)
add 53034: Add project.url and project.licenses sections to
the POMs for the Maven artifacts. (kkolinko)
fix 53454: Return correct content-length header for HEAD
requests when content length is greater than 2GB. (markt)
Upstream changes:
MediaWiki 1.20.1
This is a security release of the MediaWiki 1.20 branch
Changes since 1.20
(bug 42202) Validate options to prevent html injection
(bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
(bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
Javscript Lint fixes
(bug 40632) Remove CleanupPresentationalAttributes feature
[Database] Fixed case where trx idle callbacks might be lost.
MediaWiki 1.20
MediaWiki 1.20 is a stable release.
PHP 5.3 now required
Since 1.20, the lowest supported version of PHP is now 5.3.2. Please upgrade PHP if you have not done so prior to upgrading MediaWiki.
Configuration changes in 1.20
$wgGitRepositoryViewers defines a mapping from Git remote repository to the Gitweb instance URL used in Special:Version.
$wgUsePathInfo = true; is no longer needed to make $wgArticlePath work on servers using like nginx, lighttpd, and apache over fastcgi. MediaWiki now always extracts path info from REQUEST_URI if it's available.
The user right 'upload_by_url' is no longer given to sysops by default. This only affects installations which have $wgAllowCopyUploads set to true.
Removed f-prot support from $wgAntivirusSetup.
New variable $wgDBerrorLogTZ to provide dates in the error log in a different timezone than the wiki timezone set by $wgLocaltimezone.
New variables $wgDBssl and $wgDBcompress to enable SSL and compression for database connections, if either are available for the selected DB type.
$wgUseCombinedLoginLink now defaults to false, making MediaWiki output separate login and create account links by default.
New features in 1.20
Added TitleIsAlwaysKnown hook which gets called when determining if a page exists.
Added NamespaceIsMovable hook which gets called when determining if pages in a certain namespace can be moved.
Added SpecialPageBeforeExecute hook which gets called before SpecialPage::execute.
Added SpecialPageAfterExecute hook which gets called after SpecialPage::execute.
Added ORMTable, ORMRow and ORMResult classes for additional abstraction of database interaction.
Added CacheHelper and associated SpecialCachedPage and CachedAction helper classes.
(bug 32341) Add upload by URL domain limitation.
&useskin=default will now always display the default skin. Useful for users with a preference for the non-default skin to look at something using the default skin.
(bug 27619) Remove preference option to display broken links as link?
(bug 34896) jQuery JSON plugin upgraded to v2.3 (2011-09-17).
(bug 34302) Add CSS classes to email fields in user preferences.
Introduced $wgDebugDBTransactions to trace transaction status (currently PostgreSQL only).
(bug 23795) Add parser itself to ParserMakeImageParams hook.
Introduce a cryptographic random number generator source api for use when generating various tokens.
(bug 30963) Option on Special:Prefixindex and Special:Allpages to not show redirects.
(bug 18062) New message when edit or create the local page of a shared file.
(bug 22870) Separate interface message when creating a page.
(bug 17615) nosummary option should be reassigned on preview/captcha.
(bug 34355) Add a variable and parser function for the namespace number.
(bug 35649) Special:Version now shows hashes of extensions checked out from git.
(bug 35728) Git revisions are now linked on Special:Version.
"Show Changes" on default messages shows now diff against default message text
(bug 23006) create #speciale parser function.
generateSitemap can now optionally skip redirect pages.
(bug 27757) New API command just for retrieving tokens (not page-based).
Added GitViewers hook for extensions using external git repositories to have a web-based repository viewer linked to from Special:Version.
Memcached debug logs can now be sent to their own file logs by setting $wgDebugLogFile['memcached'] to some filepath.
(bug 35685) api.php URL and other entry point URLs are now listed on Special:Version
Edit notices can now be translated.
jQuery upgraded to 1.8.2.
jQuery UI upgraded to 1.8.23.
QUnit upgraded from v1.2.0 to v1.10.0.
(bug 37604) jquery.cookie upgraded to 2011 version.
(bug 22887) Add warning and tracking category for preprocessor errors
(bug 31704) Allow selection of associated namespace on the watchlist
(bug 5445) Now remove autoblocks when a user is unblocked.
Added $wgLogExceptionBacktrace, on by default, to allow logging of exception backtraces.
Added device detection for determining device capabilities.
QUnit.newMwEnvironment now supports passing a custom setup and/or teardown function. Arguments signature has changed. First arguments is now an options object of which 'config' can be a property. Previously 'config' itself was the first and only argument.
New getCreator and getOldestRevision methods added to WikiPage class
(bug 4220) the XML dump format schema now have unique identity constraints for page and revision identifiers. Patch by Elvis Stansvik.
cleanupSpam.php now can delete spam pages if --delete was specified instead of blanking them.
Added new hook ChangePasswordForm to allow adding of additional fields in Special:ChangePassword
Added new function getDomain to AuthPlugin for getting a user's domain
(bug 23427) New magic word {{PAGEID}} which gives the current page ID. Will be null on previewing a page being created.
(bug 37627) UserNotLoggedIn() exception to show a generic error page whenever a user is not logged in.
Watched status in changes lists are no longer indicated by <strong></strong> tags with class "mw-watched". Instead, each line now has a class "mw-changeslist-line-watched" or "mw-changeslist-line-not-watched", and the title itself is surrounded by <span></span> tags with class "mw-title".
Added ContribsPager::reallyDoQuery hook allowing extensions to data to MyContribs
Added new hook ParserAfterParse to allow extensions to affect parsed output after the parse is complete but before block level processing, link holder replacement, and so on.
(bug 34678) Added InternalParseBeforeSanitize hook which gets called during Parser's internalParse method just before the parser removes unwanted/dangerous HTML tags.
Added new hook AfterFinalPageOutput to allow modifications to buffered page output before sent to the client.
(bug 36783) Implement jQuery Promise interface in mediawiki.api module.
Make dates in sortable tables sort according to the page content language instead of the site content language
(bug 37926) Deleterevision will no longer allow users to delete log entries, the new deletelogentry permission is required for this.
(bug 14237) Allow PAGESINCATEGORY to distinguish between 'all', 'pages', 'files' and 'subcats'
(bug 38362) Make Special:Listuser includeable on wiki pages.
Added support in jquery.localize for placeholder attributes.
(bug 38151) Implemented mw.user.getRights for getting and caching the current user's user rights.
Session storage can now configured independently of general object cache storage, by using $wgSessionCacheType. $wgSessionsInMemcached has been renamed to $wgSessionsInObjectCache, with the old name retained for backwards compatibility. When this feature is enabled, the expiry time can now be configured with $wgObjectCacheSessionExpiry.
Added a Redis client for object caching.
Implemented mw.user.getGroups for getting and caching user groups.
(bug 37830) Added $wgRequirePasswordforEmailChange to control whether password confirmation is required for changing an email address or not.
HTMLForm mutators can now be chained (they return $this)
A new message, "api-error-filetype-banned-type", is available for formatting API upload errors due to the file extension blacklist.
New hook 'ParserTestGlobals' allows to set globals before running parser tests.
Allow importing pages as subpage.
Add lang and hreflang attributes to language links on Login page.
(bug 22749) Create Special:MostInterwikis.
Show change tags when transclude Special:Recentchanges(linked) or Special:Newpages.
(bug 23226) Add |class= parameter to image links in order to add class(es) to HTML img tag.
(bug 39431) SVG animated status is now shown in long description.
(bug 39376) jquery.form upgraded to 3.14.
SVG files will now show the actual width in the SVG's specified units in the metadata box.
Added ResourceLoader module "jquery.jStorage" (v0.3.0, http://jStorage.info/).
(bug 39273) Added AJAX support for "Show changes" (diff) in LivePreview.
Added ResourceLoader module "jquery.badge".
mw.util.$content now points to the overall content area in the skin rather than just page text content area. If you need the old behaviour please use $( '#mw-content-text').
jsMessage has been replaced with a floating bubble notification system complete with auto-hide, multi-message support, and message replacement tags.
jquery.messageBox which appears to be unused by both core and extensions has been removed.
(bug 34939) Made link parsing insensitive ([HttP://]).
(bug 40072) Add CSS classes to items in output of ChangesList pages.
Added $wgCopyUploadProxy global to define which proxy to use for copy uploads.
(bug 40448) mediawiki.legacy.mwsuggest has been replaced with a new module, mediawiki.searchSuggest, based on SimpleSeach from Extension:Vector.
Upstream changes:
Moodle 2.3.3 release notes
Highlights
MDL-35297 - Upgrading books from earlier versions now works correctly
MDL-21801 - References to the non-functional Powerpoint import option have been removed from the Lesson module
MDL-33166 - A capability has been introduced to consistently exempt specific users from forum auto-subscriptions and forced subscriptions
MDL-34607 - Folder resources now show files in sorted order
MDL-33646 - Viewing an empty book shows a friendly notice rather than an error messsage
Functional changes
MDL-34794 - Course reset now works with the new Assignment module
MDL-35370 - Blank answers in Cloze type quiz questions are treated accordingly, when an answer of zero is expected
MDL-33374 - When adding or updating a user profile, the action button displays 'Create user' and 'Update user' relatively
MDL-27786 - The title field of a new calendar event is now labelled "Event title" instead of "Name"
MDL-28235 - The close button on help dialogues have changed to provide greater accessibility. (Note: if debugging is turned on, a string error will appear during the upgrade process. This is expected and will be resolved once the upgrade process is complete.)
API changes
MDL-30667 - Maximum upload limits are enforced consistently in relation to various system variables
MDL-35395 - A method has been added so forms can work around form change checking when necessary
MDL-35442 - Local plugins now have settings and uninstall links on the plugins overview page
Security issues
MSA-12-0057 Access issue through repository
MSA-12-0058 Possible form data manipulation issue
MSA-12-0059 Information leak in Database activity module
MSA-12-0060 Cross-site scripting vulnerability in YUI2
MSA-12-0061 Remote code execution through Portfolio API
MSA-12-0062 Information leak in Database activity module
MSA-12-0063 Information leak in Check Permissions page
Fixes and improvements
MDL-35411 - Submissions and feedback are now saved with imported/restored assignments
MDL-35397 - Notifications page 'many other contributors' link leads to appropriate credits page
MDL-35726 - Feedback forms work correctly when grading a series of assignments
MDL-35754 - Quizzes in pop-up windows now work correctly
Also added Slovak language files.
Version 3.0.1 (2012-11-29)
--------------------------
### Fixed
Exclude the undo module from the list of allowable back end modules (see #5056).
### Fixed
`Validator::isAlias()` did not support Unicode characters (see #5033).
### Fixed
Group the search results by their parent IDs when searching the extended tree
view, e.g. the article tree (see #5051).
### Fixed
Correctly generate the debug bar markup on XHTML pages (see #5031).
### Fixed
Handle radial gradients when importing style sheets (see #4640).
### Fixed
More abstract and effective algorithm to determin the number of files in the
"purge data" maintenance module (see #5028).
### Fixed
Fixed two wrong class paths (see #5027).
### Fixed
Correctly add event images to the templates (see #5002).
### Changed
Replaced the automatic copyright notice with a meta generator tag.
### Fixed
Do not strip tags from passwords (see #4977).
### Fixed
Correctly show the number of returned rows in the debug bar (see #4981).
### Fixed
Correctly add the RSS feed base URLs (see #4994).
### Fixed
Fixed an issue in the mediaelement.js MooTools adapter (see #4917).
### Fixed
Correctly assing the classes "first" and "last" in the (mini) calendar if the
week does not start on Sunday (see #4970).
### Fixed
Correctly handle URL parameters appended to the empty domain (see #4972).
Version 2.11.7 (2012-11-29)
---------------------------
### Fixed
Only execute runonce files after the DB tables have been created (see #5061).
### Fixed
Add an empty option in the TimePeriod widget if there are none (see #5067).
### Fixed
Handle auto_items in the `Frontend::addToUrl()` method (see #5037).
### Fixed
Do not use `specialchars()` in the "page" insert tag (see #4687).
### Fixed
Set the return path when sending e-mails (see #5004).
### Fixed
Handle border color names when importing style sheets (see #5034).
### Fixed
Prevent the "Illegal string offset" error in back end widgets (see #4979).
### Fixed
Handle dependencies when updating extensions (see #3804).
### Fixed
Switched all comments of the example website to "moderated" (see #4995).
### Fixed
Replaced the automatic copyright notice with a meta generator tag.
### Fixed
Remove HTML tags when overriding the page title (see #4955).
### Fixed
Decode entities in meta tags like "description" (see #4949).
### Fixed
Remove newsletter subscriptions when a member closes his account (see #4943).
### Fixed
Prevent deleting referenced content elements using "edit multiple" (see #4898).
### Updated
Updated SwiftMailer to version 4.2.1 (see #4935).
### Fixed
Set the file permissions depending on the server's umask setting (see #4941).
### Fixed
Correctly handle external image URLs in the image element (see #4923).
### Fixed
Fixed the too eager IP address anonymization (see #4924).
### Fixed
Fixed the automatic page alias generator (see #4880).
* Change to 4.5 branch
Changelog:
Version 4.5.3 Nov 27th 2012
Fix the new from url button
Fix a memory overflow with downloading of big files via WebDAV
Better error output in case of DB problems
Fix problems with uploading files who have special characters in the name
Improved reverse proxy and load balancer support
Fix wrong folder size calculation
Improved share link generation
Fix the syncing of the Shared folder
Fix Sharing by link from within Shared folder
Several LDAP integration fixes
Fix support for PostgreSQL
Several WebDAV fixes
Fix drag and drop uploading
Improved translations
Several Gallery fixes
Several Contacts fixes
Smaller fixes
Version 4.5.2 Nov 14th 2012
Fix syncing of shared folder
Various sharing bugs fixed
Fix bug with deleting users
Fix check if resharing is allowed
Fix webdavauth app
Several ldap fixes
Fix data migration
Fix folder uploads
Fix generatino of etags
Fix user specific mount configuration
Several PostgreSQL fixes
Improved performance of file updates
Fix some php warnings
Fix filesize calculation
Add visual feedback if password is set
Various smaller fixes
Several critical security fixes
XSS vulnerability in user_webdavauth (oC-SA-2012-003)
Code Execution in /lib/migrate.php (oC-SA-2012-004)
Code Execution in /lib/filesystem.php (oC-SA-2012-005)
Changes with nginx 1.2.5 13 Nov 2012
*) Feature: the "optional_no_ca" parameter of the "ssl_verify_client"
directive.
Thanks to Mike Kazantsev and Eric O'Connor.
*) Feature: the $bytes_sent, $connection, and $connection_requests
variables can now be used not only in the "log_format" directive.
Thanks to Benjamin Grossing.
*) Feature: resolver now randomly rotates addresses returned from cache.
Thanks to Anton Jouline.
*) Feature: the "auto" parameter of the "worker_processes" directive.
*) Bugfix: "cache file ... has md5 collision" alert.
*) Bugfix: OpenSSL 0.9.7 compatibility.
Changes with nginx 1.2.4 25 Sep 2012
*) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14.
Thanks to Charles Chen.
*) Bugfix: nginx could not be built by gcc 4.7 with -O2 optimization if
the --with-ipv6 option was used.
*) Bugfix: a segmentation fault might occur in a worker process if the
"map" directive was used with variables as values.
*) Bugfix: a segmentation fault might occur in a worker process if the
"geo" directive was used with the "ranges" parameter but without the
"default" parameter; the bug had appeared in 0.8.43.
Thanks to Zhen Chen and Weibin Yao.
*) Bugfix: in the -p command-line parameter handling.
*) Bugfix: in the mail proxy server.
*) Bugfix: of minor potential bugs.
Thanks to Coverity.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2005
Express.
Thanks to HAYASHI Kentaro.
- Fixed WymEditor
- Fixed Norwegian translations
- Fixed a bug that could lead to slug clashes
- Fixed page change form (jQuery and permissions)
- Fixed placeholder field permission checks
ChangeLog since 2.0.0
2.0.2a (2012-11-15)
-------------------
Enhancements
- improved user rights editor in calendar module
- disable alarms for newly subsribed calendars
Bug fixes
- fixed typos in Spanish (Spain) translation
- fixed display of raw source for tasks
- fixed title display of cards with a photo
- fixed null address in reply-to header of messages
- fixed scrolling for calendar/addressbooks lists
- fixed display of invitations on BlackBerry devices
- fixed sogo-tool rename-user for MySQL database
- fixed corrupted attachments in Webmail
- fixed parsing of URLs that can throw an exception
- fixed password encoding in user sources
2.0.2 (2012-10-24)
------------------
New features
- added support for SMTP AUTH
- sogo configuration can now be set in /etc/sogo/sogo.conf
- added support for GNU TLS
Enhancements
- speed up of the parsing of IMAP traffic
- minor speed up of the web interface
- speed up the scrolling of the message list in the mail module
- speed up the deletion of a large amounts of entries in the contacts module
- updated the timezone files to the 2012.g edition
- openchange backend: miscellaneous speed up of the synchronization
operations
- open file descriptors are now closed when the process starts
Bug fixes
- the parameters included in the url of remote calendars are now taken into
account
- fixed an issue occurring with timezone definitions providing multiple entries
- openchange backend: miscellaneous crashes during certain Outlook
operations, which have appeared in version 2.0.0, have been fixed
- fixed issues occuring on OpenBSD and potentially other BSD flavours
2.0.1 (2012-10-10)
-------------------
Enhancements
- deletion of contacts is now performed in batch, which speeds up the
operation for large numbers of items
- scalability enhancements in the OpenChange backend that enables the first
synchronization of mailboxes in a more reasonable time and using less
memory
- the task list is now sortable
Bug Fixes
- improved support of IE 9
* Patches are synced with xulrunner-17.0, and regen patches
* Update Mozilla Lightning to 1.9
Changelog:
SeaMonkey-specific changes
None (see changes page for minor changes).
Mozilla platform changes
OS X 10.6 is now the minimum supported Mac version.
JavaScript Maps and Sets are now iterable.
SVG FillPaint and StrokePaint have been implemented.
The sandbox attribute has been implemented for iframes, enabling increased security.
Fixed several stability issues.
Security fixes
Fixed in SeaMonkey 2.14
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
* Add --enable-pulseaudio configure option (functionality is not tested)
Changelog:
NEW
First revision of the Social API and support for Facebook Messenger
NEW
Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission (see blog post)
CHANGED
Updated Awesome Bar experience with larger icons
CHANGED
Mac OS X 10.5 is no longer supported
DEVELOPER
JavaScript Maps and Sets are now iterable
DEVELOPER
SVG FillPaint and StrokePaint implemented
DEVELOPER
Improvements that make the Web Console, Debugger and Developer Toolbar faster and easier to use
DEVELOPER
New Markup panel in the Page Inspector allows easy editing of the DOM
HTML5
Sandbox attribute for iframes implemented, enabling increased security
FIXED
Over twenty performance improvements, including fixes around the New Tab page
FIXED
Pointer lock doesn't work in web apps (769150)
FIXED
Page scrolling on sites with fixed headers (780345)
As discussed on pkgsrc-users, x11/ftlk (1.1) is no longer maintained,
and 1.3 is believed to be almost entirely compatible.
Patch from Tim Larson, who has build-tested these packages on
NetBSD/amd64.
TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core
2012-11-08 54eab24 [RELEASE] Release of TYPO3 4.7.6 (TYPO3 Release Team)
2012-11-08 f5d3162 #42696 [SECURITY] Fix SQL injection and XSS in record history (Oliver Hader)
2012-11-08 07c3d63 #42774 [SECURITY] XSS in TCA Tree (Oliver Hader)
2012-11-08 7b916d0 #42776 [SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck (Helmut Hummel)
2012-11-08 389452e [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-11-07 3f2929d #39677 [BUGFIX] No sorting in TypoScript Object Browser when browsing (Nicole Cordes)
2012-11-02 b69dc9d #42281 [BUGFIX] Translated non-published page in workspace breaks live workspace (Oliver Hader)
2012-11-02 9330ab6 #38024 [BUGFIX] Illegal string offsets in t3lib_stdgraphic (Wouter Wolters)
2012-11-01 8098997 [TASK] Use correct branch for travis integration build (Helmut Hummel)
2012-11-01 24f4a8d#37578 [BUGFIX] PHP 5.4 warning in CLI context in switch back user (Christian Kuhn)
2012-10-31 dc73a91 #39662 [BUGFIX] RTE: Link class not always set in Firefox (Stanislas Rolland)
2012-10-31 ba8ead7 #42046 [BUGFIX] Restore display of mount points path (Francois Suter)
2012-10-29 fbd5057 #40733 [BUGFIX] Wrong call to TSFE in FrontendEditing (Steffen Ritter)
2012-10-29 4bf3cca #42054 [BUGFIX] PHP warning: open_basedir restriction (Xavier Perseguers)
2012-10-28 19f0cbb #42454 [BUGFIX] Fix usage of fileadminDir (Helmut Hummel)
2012-10-27 dd20440 #42444 [TASK] Fix generation of ext_emconf.php (Wouter Wolters)
2012-10-22 ce6ab74 #41980 [TASK] Clean-up EXT: aboutmodules, adapt to "TYPO3 CMS" (Felix Kopp)
2012-10-22 3440228 #38699 [BUGFIX] t3lib_div::unlink_tempfile does not always work on Windows (Stanislas Rolland)
2012-10-22 689f1fb #33504 [BUGFIX] New form wizard not loading in IE8 (Sebastian Schawohl)
2012-10-19 74c10e0 [BUGFIX] Unit test for saltedpasswords fail (Xavier Perseguers)
2012-10-18 bfb12db #36087 [BUGFIX] RTE: Link to disabled page doesn't show in FE, link icon does (Stanislas Rolland)
2012-10-18 9d621aa #29685 [BUGFIX] RTE: Words containing umlauts not added to personal dictionary (Stanislas Rolland)
2012-10-17 bd4645c #38406 [BUGFIX] Extension Import not working with postgresql and DBAL (Ernesto Baschny)
TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core
2012-11-08 948f241 [RELEASE] Release of TYPO3 4.6.14 (TYPO3 Release Team)
2012-11-08 c150b27 #42696 [SECURITY] Fix SQL injection and XSS in record history (Oliver Hader)
2012-11-08 b02026d #42774 [SECURITY] XSS in TCA Tree (Oliver Hader)
2012-11-08 f22dc79 #42776 [SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck (Helmut Hummel)
2012-11-08 72153cc [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-11-07 3ea5e0b #39677 [BUGFIX] No sorting in TypoScript Object Browser when browsing (Nicole Cordes)
2012-11-02 5de1807 #42281 [BUGFIX] Translated non-published page in workspace breaks live workspace (Oliver Hader)
2012-11-02 93bb671 #38024 [BUGFIX] Illegal string offsets in t3lib_stdgraphic (Wouter Wolters)
2012-11-01 84cb9b6 #37578 [BUGFIX] PHP 5.4 warning in CLI context in switch back user (Christian Kuhn)
2012-10-29 76d0b9c #28248 [BUGFIX] t3lib_div: adjust substUrlsInPlainText to also work on URLs at end of sentence (Robert Heel)
2012-10-29 3ff27f4 #40733 [BUGFIX] Wrong call to TSFE in FrontendEditing (Steffen Ritter)
2012-10-29 9767b86 #42054 [BUGFIX] PHP warning: open_basedir restriction (Xavier Perseguers)
2012-10-27 7381250 #42444 [TASK] Fix generation of ext_emconf.php (Wouter Wolters)
2012-10-22 ccebb50 #38699 [BUGFIX] t3lib_div::unlink_tempfile does not always work on Windows (Stanislas Rolland)
2012-10-22 2a0929b #33504 [BUGFIX] New form wizard not loading in IE8 (Sebastian Schawohl)
2012-10-19 b32e08c [BUGFIX] Fix case of tests folder (Xavier Perseguers)
2012-10-19 22bef48 [BUGFIX] Unit test for saltedpasswords fail (Xavier Perseguers)
2012-10-18 9ed2c6f #36087 [BUGFIX] RTE: Link to disabled page doesn't show in FE, link icon does (Stanislas Rolland)
2012-10-18 2e48486 #29685 [BUGFIX] RTE: Words containing umlauts not added to personal dictionary (Stanislas Rolland)
2012-10-17 a3a7417 #38406 [BUGFIX] Extension Import not working with postgresql and DBAL (Ernesto Baschny)
2012-10-17 a5fc128 #25021 [BUGFIX] Creating new pages via drag'n'drop respects page TS (Philipp Kitzberger)
Security fix for TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core.
2012-11-08 c211c0e [RELEASE] Release of TYPO3 4.5.21 (TYPO3 Release Team)
2012-11-08 5245e09 #42696 [SECURITY] Fix SQL injection and XSS in record history (Oliver Hader)
2012-11-08 ab335bc #42774 [SECURITY] XSS in TCA Tree (Oliver Hader)
2012-11-08 a768d97 #42776 [SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck (Helmut Hummel)
2012-11-08 ba187e5 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-11-07 b4f7658 #39677 [BUGFIX] No sorting in TypoScript Object Browser when browsing (Nicole Cordes)
2012-11-02 dba123b #42281 [BUGFIX] Translated non-published page in workspace breaks live workspace (Oliver Hader)
2012-11-02 fc6f82f #38024 [BUGFIX] Illegal string offsets in t3lib_stdgraphic (Wouter Wolters)
2012-11-01 ded3a6e #37578 [BUGFIX] PHP 5.4 warning in CLI context in switch back user (Christian Kuhn)
2012-10-29 c05e759 #28248 [BUGFIX] t3lib_div: adjust substUrlsInPlainText to also work on URLs at end of sentence (Robert Heel)
2012-10-29 d4c539d #40733 [BUGFIX] Wrong call to TSFE in FrontendEditing (Steffen Ritter)
2012-10-27 7b28c0e #42444 [TASK] Fix generation of ext_emconf.php (Wouter Wolters)
2012-10-22 7f0696f #38699 [BUGFIX] t3lib_div::unlink_tempfile does not always work on Windows (Stanislas Rolland)
2012-10-22 f50483d #27020 [BUGFIX] TCEForms.Suggest wizard in IRRE records (Nicole Cordes)
2012-10-19 b77171c [BUGFIX] Fix case of tests folder (Xavier Perseguers)
2012-10-19 2490737 [BUGFIX] Unit test for saltedpasswords fail (Xavier Perseguers)
2012-10-18 9a14bcf #36087 [BUGFIX] RTE: Link to disabled page doesn't show in FE, link icon does (Stanislas Rolland)
2012-10-18 f8fc399 #29685 [BUGFIX] RTE: Words containing umlauts not added to personal dictionary (Stanislas Rolland)
2012-10-17 17b1d65 #38406 [BUGFIX] Extension Import not working with postgresql and DBAL (Ernesto Baschny)
Drupal 7.17, 2012-11-07
-----------------------
- Changed the default value of the '404_fast_html' variable to have a DOCTYPE
declaration.
- Made it possible to use associative arrays for the 'items' variable in
theme_item_list().
- Fixed a bug which prevented required form elements without a title from being
given an "error" class when the form fails validation.
- Prevented duplicate HTML IDs from appearing when two forms are displayed on
the same page and one of them is submitted with invalid data (minor markup
change).
- Fixed a bug which prevented Drupal 6 to Drupal 7 upgrades on sites which had
stale data in the Upload module's database tables.
- Fixed a bug in the States API which prevented certain types of form elements
from being disabled when requested.
- Allowed aggregator feed items with author names longer than 255 characters to
have a truncated version saved to the database (rather than causing a fatal
error).
- Allowed aggregator feed items to have URLs longer than 255 characters
(schema change which results in several columns in the Aggregator module's
database tables changing from VARCHAR to TEXT fields).
- Added hook_taxonomy_term_view() and standardized the process for rendering
taxonomy terms to invoke hook_entity_view() and otherwise make it consistent
with other entities (API change: http://drupal.org/node/1808870).
- Added hook_entity_view_mode_alter() to allow modules to change entity view
modes on display (API addition: http://drupal.org/node/1833086).
- Fixed a bug which made database queries running a "LIKE" query on blob fields
fail on PostgreSQL databases. This caused errors during the Drupal 6 to
Drupal 7 upgrade.
- Changed the hook_menu() entry for Drupal's rss.xml page to prevent extra path
components from being accidentally passed to the page callback function (data
structure change).
- Removed a non-standard "name" attribute from Drupal's default Content-Type
header for file downloads.
- Fixed the theme settings form to properly clean up submitted values in
$form_state['values'] when the form is submitted (data structure change).
- Fixed an inconsistency by removing the colon from the end of the label on
multi-valued form fields (minor string change).
- Added support for 'weight' in hook_field_widget_info() to allow modules to
control the order in which widgets are displayed in the Field UI.
- Updated various tables in the OpenID and Book modules to use the default
"empty table" text pattern (string change).
- Added proxy server support to drupal_http_request().
- Added "lang" attributes to language links, to better support screen readers.
- Fixed double occurrence of a "ul" HTML tag on secondary local tasks in the
Seven theme (markup change).
- Fixed bugs which caused taxonomy vocabulary and shortcut set titles to be
double-escaped. The fix replaces the taxonomy vocabulary overview page and
"Edit shortcuts" menu items' title callback entries in hook_menu() with new
functions that do not escape HTML characters (data structure change).
- Modified the Update manager module to allow drupal.org to collect usage
statistics for individual modules and themes, rather than only for entire
projects.
- Modified the node listing database query on Drupal's default front page to
add table aliases for better query altering (this is a data structure change
affecting code which implements hook_query_alter() on this query).
- Improved the translatability of the "Field type(s) in use" message on the
modules page (admin-facing string change).
- Fixed a regression which caused a "call to undefined function
drupal_find_base_themes()" fatal error under rare circumstances.
- Numerous API documentation improvements.
- Additional automated test coverage.
Contao Open Source CMS 3.0.0 is new major release since Contao (as
TYPOlight) was publicly released.
Major changes from 2.11.
* Use PHP namespace and more flexible to extend.
* Improve performance with mapper class loader.
* Better support for mobile devices and responsive design
* Database supported file management and handling of file's meta data.
* jQuery support coexist with MooTools.
* Directories in URL path.
* HTML5 based audio/video player (also YouTube).
* Improve ease to use.
* Display of what has changed.
* Complete fix for CSRF.
Changelog:
Version 4.0.8 Oct 10th 2012
Show Login Button when user and password are autocompleted
Sanitize LDAP base, user and groups
Security: Fix for insufficiently Random Values (CVE-2008-4107)
Security: Fixed multiple XSS vulnerabilities (CVE-2012-5056)
Security: Fixed a HTTP header injection (CVE-2012-5057)
Security: Fixed an Auth bypass in /lib/base.php (CVE-2012-5336)
a) lang/see support was removed (see below)
b) lang/spidermonkey and wip/spidermonkey185 aren't recognized
ELinks 0.12pre6
---------------
Security fix:
* bug 1124, CVE-2012-4545: Do not delegate GSSAPI credentials in HTTP
Negotiate or GSS-Negotiate authentication. Reported by Marko Myllynen.
(ELinks 0.12pre1 was the first release that supported GSSAPI; earlier
releases are not vulnerable.)
Fixed crashes and hangs:
* critical bug 943: Don't let user JavaScripts call any methods of
``elinks.action'' in tabs that do not have the focus. If a tab was
closed with ``elinks.action.tab_close'' while it had pop-up windows,
ELinks could crash; as a precaution, don't allow other actions
either. (ELinks 0.12pre1 was the first release that supported
``elinks.action''.)
* critical bug 1083: Avoid an infinite loop when trying to decompress
malformed data. Caused by the bug 1068 fix in ELinks 0.12pre3.
* Fix a possible crash or information disclosure on big-endian 64-bit
systems using HTTP Negotiate or GSS-Negotiate authentication.
Incompatibilities:
* Dropped support for SEE. (ELinks 0.12pre1 was the first release
that supported SEE.)
* Guile 2.0.0 (released on 2011-02-16) changed its license to
LGPLv3-or-later, which is not compatible with the GPLv2 that covers
ELinks. Also, Guile has deprecated many of the functions that
ELinks calls.
Other changes:
* major bug 764: Correctly initialize options on big-endian 64-bit
systems.
* bug 983: Give preference to the Content-Type specified in the HTTP
header over that specified via the HTML meta tag.
* bug 1084: Allow option names containing '+' and '*' in the option
manager.
* bug 1112: Map most numeric character references € ... Ÿ
to graphical characters also when the output charset is UTF-8.
(ELinks 0.12pre1 was the first release that supported UTF-8 as the
terminal charset, and ELinks 0.12pre5 was the first release that
supported UTF-8 as the dump charset.)
* minor bug 1113: Fix a small memory leak if a mailcap file is malformed.
* minor bug 1114: Decode SGML entities and NCRs only once in link/@title
and other attributes.
* build: Fix several warnings reported by GCC 4.7.1. Harmless at
runtime but could break the build if configured --enable-debug.
(This version does not fix all such warnings.)
Enhancements:
- support for include directive
- added support for HTTPS backends
- support for SNI via multiple Cert directives (thanks to Joe Gooch)
Bug fixes:
- fixed problem with long input lines in http.c
- keep sessions for disabled back-ends, continue using them until the time-out
- fixed memory leak in session removal
- fix for possible request smuggling by using multiple headers
- changed long to long long for support of requests larger than 2GB
0.17
handle /(de)?objectify_text/ for <script> extraction
(Stanislaw Pusep)
0.16
commit 07b40205fd03564d476eff7675e9f19196939f2f
Author: Oleg G <verdrehung@gmail.com>
Date: Sat Mar 31 13:26:11 2012 +0700
added few methods to support Web::Query
5.03 2012-09-22
Release by Christopher J. Madsen
[THINGS THAT MAY BREAK YOUR CODE OR TESTS]
* as_HTML no longer indents <textarea> (Tomohiro Hosaka) (RT #70385)
[FIXES]
* as_trimmed_text did not accept '0' for extra_chars
[DOCUMENTATION]
* Explain that as_text never adds whitespace (RT #66498)
* Explain what extra_chars can contain for as_trimmed_text.
Upstream changes:
2012-10-21 HTTP-Message 6.06
Gisle Aas (2):
More forgiving test on croak message [RT#80302]
Added test for multipart parsing
Mark Overmeer (1):
Multipart end boundary doesn't need match a complete line [RT#79239]
_______________________________________________________________________________
2012-10-20 HTTP-Message 6.05
Gisle Aas (5):
Updated ignores
No need to prevent visiting field values starting with '_'
Report the correct croak caller for delegated methods
Disallow empty field names or field names containing ':'
Make the extra std_case entries local to each header
_______________________________________________________________________________
2012-09-30 HTTP-Message 6.04
Gisle Aas (5):
Updated repository URL
Avoid undef warning for empty content
Teach $m->content_charset about JSON
Use the canonical charset name for UTF-16LE (and frieds)
Add option to override the "(no content)" marker of $m->dump
Christopher J. Madsen (2):
Use IO::HTML for <meta> encoding sniffing
mime_name was introduced in Encode 2.21
Tom Hukins (1):
Remove an unneeded "require"
Ville Skytt. (1):
Spelling fixes.
chromatic (1):
Sanitized PERL_HTTP_URI_CLASS environment variable.
Martin H. Sluka (1):
Add test from RT#77466
Father Chrysostomos (1):
Fix doc grammo [RT#75831]
Changelog
=========
Since 2.2-rc
----------------
bugfix: calendar monthly view performance upgrades.
bugfix: translation tool for plugins fixed.
bugfix: email html signature puts br tags when composing email.
bugfix: Person email modification does not work.
bugfix: Prevent double task completion (when double clicking on complete link).
bugfix: Fixed company edit link from people tree.
Since 2.2-beta
----------------
bugfix: several fixes in custom reports display.
bugfix: custom reports csv/pdf export always show status column.
bugfix: dashboard activity widget does not control permissions correctly.
bugfix: dashboard activity widget shows username instead of person complete name.
bugfix: subworkspace creation does not inherit color.
bugfix: email autoclassification does not classify attachments.
bugfix: email view shows wrong "To" value when "To" field is empty or undefined.
bugfix: unclassified mails allows to subscribe other users.
bugfix: error when forwarding another user's account emails with attachments.
bugfix: several fixes in email classification functions.
bugfix: company comments are not displayed.
bugfix: dashboard's tasks widget breaks right widgets when scrolling (only in chrome).
bugfix: permissions check in Administration/Dimensions.
bugfix: css is being printed in csv exported reports.
bugfix: error subscribing users when instantiating templates with milestones and subtasks.
bugfix: don't use $this in static functions.
bugfix: archiving and unarchiving members is not done in a transaction.
bugfix: permissions in dimension member selectors.
bugfix: cannot set task's due date to 12:30 PM, always sets the same time but AM.
bugfix: tasks drag and drop losses some attributes.
usability: mouseover highlight on member properties/restrictions tables.
Since 2.1
----------------
bugfix: several fixes in repetitive tasks.
bugfix: quick add of tasks does not subscribe creator.
bugfix: google calendar import fixed.
bugfix: fixed event deletion.
bugfix: fixed email account sharing.
bugfix: fixed AM/PM issue when selecting task's dates.
bugfix: special characters in workspace when adding from quick add.
bugfix: error 500 in workspaces dashboard.
bugfix: error when searching emails by "From" field in advanced search.
bugfix: 1.7 -> 2.x upgrade fixed subtasks.
bugfix: permissions in user's card.
bugfix: task's drag and drop edition bugfixes.
bugfix: task's quick add does not keep the task name when switching to complete edition.
bugfix: several LDAP integration fixes.
bugfix: fixed contact phones display in list.
bugfix: config option descriptions added.
bugfix: user email is not required.
bugfix: milestone selector does not show all available milestones.
bugfix: person email cannot be edited.
bugfix: disabled users are shown in subscribers and invited people.
bugfix: permission groups upgrade does not set type.
bugfix: Javascript problems in IE.
bugfix: issues with breadcrumbs with special characters.
bugfix: VCard import/export fixed.
bugfix: cannot delete workspace with apostrophe.
bugfix: fixed "enters" issue in tasks description wysisyg editor.
bugfix: File copy makes two copies.
bugfix: permissions fixed for submembers.
bugfix: when updating a file, does not subscribe the updater user.
bugfix: milestones display diferent dates in milestone view and task list.
bugfix: "assigned to" filter in tasks does not work properly.
bugfix: cannot archive dimension members.
bugfix: cannot archive several tasks at once.
feature: activity widget.
feature: new workspace and tag selectors.
feature: add timeslot entries to application_logs.
feature: complete parent tasks asks to complete child tasks.
usability: sort email panel by "to" column.
usability: changes in advanced search for email fields.
usability: can change imported calendar names.
usability: email with attachments classification process upgraded.
usability: linked objects selector can filter by workspace and tags.
system: CKEditor updated.
system: translation module upgraded - translate plugins files.
system: German, Russian and French languages upgraded.
Release notes
Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the security announcement:
SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and
Information disclosure
No other fixes are included.
* monochrome: New theme, contributed by Jon Dowland.
* rst: Ported to python 3, while still also being valid python 2.
Thanks, W. Trevor King
* Try to avoid a situation in which so many ikiwiki cgi wrapper programs
are running, all waiting on some long-running thing like a site rebuild,
that it prevents the web server from doing anything else. The current
approach only avoids this problem for GET requests; if multiple cgi's
run GETs on a site at the same time, one will display a "please wait"
page for a configurable number of seconds, which then redirects to retry.
To enable this protection, set cgi_overload_delay to the number of
seconds to wait. This is not enabled by default.
* Add back a 1em margin between archivepage divs.
* recentchangesdiff: Correct broken template that resulted in duplicate
diff icons being displayed, and bloated the recentchanges page with
inline diffs when the configuration should have not allowed them.
mj_turner and jihbed.
A comprehensive Python HTTP client library that supports many features left out
of other HTTP libraries.
Features:
o HTTP and HTTPS
o Keep-Alive
o Authentication
o Caching
o All Methods
o Redirects
o Compression
o Lost update support
o Unit Tested
Changelog:
Fixed in Firefox ESR 10.0.9
MFSA 2012-89 defaultValue security checks not applied
Fixed in Firefox ESR 10.0.8
MFSA 2012-87 Use-after-free in the IME State Manager
MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
