Changelog:
FIXED Sites visited while in Private Browsing mode could be found through manual browser cache inspection (787743)
NEW Silent, background updates
NEW Support for SPDY networking protocol v3
NEW WebGL enhancements, including compressed textures for better performance
NEW Localization in Maithili (see all available locales)
CHANGED Optimized memory usage for add-ons
DEVELOPER JavaScript debugger integrated into developer tools
DEVELOPER New layout view added to Inspector
DEVELOPER High precision event timer implemented
DEVELOPER The CSS word-break property has been implemented.
DEVELOPER New responsive design tool allows web developers to switch between desktop and mobile views of sites
HTML5 Native support for the Opus audio codec added
HTML5 The <audio> and <video> elements now support the played attribute
HTML5 The <source> element now supports the media attribute
FIXED Focus rings keep growing when repeatedly tabbing through elements (720987)
Upstream changes:
1.0003 Wed Aug 29 13:44:53 PDT 2012
[BUG FIXES]
- Fix Basic authentication error in case password contains a colon #319
- Fix AccessLog middleware in platforms where %z strftime is not supported #318
- Escape $_ in Plack::Request path method due to a possible URI::Escape bug
1.0002 Mon Aug 13 17:04:25 PDT 2012
[NEW FEATURES]
- Added --no-default-middleware option to plackup #290
[BUG FIXES]
- Use C locale for AccessLog strftime #313
- Escape Plack::Request URI path using RFC 3986 definition (ssmccoy)
[IMPROVEMENTS]
- Documentation improvements (ether, Tom Heady)
- Skip displaying ".." in Plack::App::Directory #277
- Document load_class() doesn't validate user input. #285
1.0001 Thu Jul 26 16:24:13 PDT 2012
[INCOMPATIBLE CHANGES]
- Deleted lots of code, methods and warnings that have been deprecated since 0.99
(which should have been done in the 1.0000 release)
[DEVELOPERS]
- Added bootstrap script to install devel dependencies
[IMPROVEMENTS]
- Fixed version numbers in some of the modules that have their own $VERSION
1.0000 Thu Jul 19 18:59:18 PDT 2012
- This be 1.0! (Same as 0.9991)
0.9991 Thu Jul 19 17:27:52 PDT 2012
[NEW FEATURES]
- Added IIS7 fix middleware (t0m)
0.9990 Wed Jul 18 11:12:07 PDT 2012
[INCOMPATIBILE CHANGES]
- Plack::Request changes the way it parses QUERY_STRING for valueless keys such as
"?a&b=1". Now "a" becomes part of query_parameters with empty string as its value (yannk)
[IMPROVEMENTS]
- Support max-age options in Plack::Response cookies (remorse)
- Pass correct protocol from HTTP::Server::PSGI to display https URL correctly (siracusa)
- Copy Authorization header from FastCGI handler (ray1729)
- Stop special casing COOKIE environment variable in Plack::Request headers (doy)
0.9989 Thu Jun 21 13:39:11 PDT 2012
[IMPROVEMENTS]
- Support streaming in Head middleware (wreis)
- Document middleware prefixing (Jon Swartz)
- Make Basic authentication detection case insensitive per RFC (Mark Fowler)
- Added backlog option to FCGI handler (xaicron)
0.9988 Fri May 11 12:25:09 CEST 2012
[BUG FIXES]
- Fixes HTTP_HOST in HTTP::Message::PSGI #287 (doy)
0.9987 Thu May 10 07:06:32 CEST 2012
[IMPROVEMENTS]
- Support streaming in AccessLog::Timed (Peter Makholm)
- Support streaming in ErrorDocument
- Removed UTF8 hack in HTTP::Message::PSGI. Depends on URI.pm 1.59 (wreis)
- Set Host headers correctly in HTTP::Message::PSGI #177
- Added documentation on supported %-flags in AccessLog (ether)
- Skip unnecessary tests on non-developer environment
0.9986 Mon Mar 12 11:26:59 PDT 2012
[IMPROVEMENTS]
- Use I/O handles to FCGI::Request instead of global STDIN, STDOUT etc. (chansen)
- Improved FastCGI docs (osfameron)
- Cascade app now returns the last response code (aristotle)
upstream changes:
Version 3.60 Aug 15th, 2012
[BUG FIXES]
- In some caes, When unescapeHTML() hit something it didn't recognize with an ampersand and
and semicolon, it would throw away the semicolon and ampersand. It now does a better job.
of preserving content it doesn't recognize. Thanks to CEBJYRE@cpan.org (RT#75595)
- Remove trailing newline after <form> tag inserted by startform and start_form. It can
cause rendering problems in some cases. Thanks to SJOHNSTON@cpan.org (RT#67719)
- Workaround "Insecure Dependency" warning generated by some versions of Perl (RT#53733).
Thanks to degatcpan@ntlworld.com, klchu@lbl.gov and Anonymous Monk
[DOCUMENTATION]
- Clarify that when -status is used, the human-readable phase should be included, per RFC 2616.
Thanks to SREZIC@cpan.org (RT#76691).
[INTERNALS]
- More tests for header(), thanks to Ryo Anazawa.
- t/url.t has been fixed on VMS. Thanks to cberry@cpan.org (RT#72380)
- MANIFEST patched so that t/multipart_init.t is included again. Thanks to shay@cpan.org (RT#76189)
Version 3.59 Dec 29th, 2011
[BUG FIXES]
- We no longer read from STDIN when the Content-Length is not set, preventing
requests with no Content-Length from freezing in some cases. This is consistent
with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old
behavior may have been expected by some command-line uses of CGI.pm.
Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details:
https://rt.cpan.org/Public/Bug/Display.html?id=52469
[INTERNALS]
- remove tmpdirs more aggressively. Thanks to rjbs (RT#73288)
- use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio.
- remove use of define(@arr). Thanks to rjbs.
- spelling fixes. Thanks to Gregor Herrmann and Alessandro Ghedini.
- fix test count and warning in t/fast.t. Thanks to Yanick.
Changes:
* Fixes some issues in the admin area where some older browsers (IE7, in
particular) may slow down, lag, or freeze.
* Fixes an issue where a theme may not preview correctly, or its screenshot may
not be displayed.
* Fixes the use of multiple trackback URLs in a post.
* Prevents improperly sized images from being uploaded as headers from the
customizer.
* Ensures proper error messages can be shown to PHP4 installs. (WordPress
requires PHP 5.2.4 or later.)
* Fixes handling of oEmbed providers that only return XML responses.
* Addresses pagination problems with some category permalink structures.
* Adds more fields to be returned from the XML-RPC wp.getPost method.
* Avoids errors when updating automatically from very old versions of WordPress
(pre-3.0).
* Fixes problems with the visual editor when working with captions.
Additionally: Version 3.4.2 fixes a few security issues and contains some
security hardening. These issues were discovered and addressed by the WordPress
security team:
* Fix unfiltered HTML capabilities in multisite.
* Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
* Allow operations on network plugins only through the network admin.
* Hardening: Simplify error messages when uploads fail.
* Hardening: Validate a parameter passed to wp_get_object_terms().
* Update Mozilla Lightning to 1.7
* Update Enigmail to 1.4.4 (functionality is not tested yet; should
be updated)
* Regen patches
Changelog:
SeaMonkey-specific changes
None.
Mozilla platform changes
Added support for SPDY networking protocol v3.
Implemented WebGL enhancements, including compressed textures for better performance.
Optimized memory usage for add-ons.
Implemented the CSS word-break property.
Implemented high precision event timer.
HTML5: Added native support for the Opus audio codec.
HTML5: Added support for the source element media attribute.
HTML5: Added support for the audio element and video element played attribute.
Fixed several stability issues.
Fixed in SeaMonkey 2.12
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-69 Incorrect site SSL certificate data display
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
Changes with mod_fcgid 2.3.7
*) Introduce FcgidWin32PreventOrphans directive on Windows to use OS
Job Control Objects to terminate all running fcgi's when the worker
process has been abruptly terminated. PR: 51078
[Thangaraj AntonyCrouse <thangaraj gmail.com>]
*) Periodically clean out the brigades which are pulling in the request
body for handoff to the fcgid child. PR: 51749
[Dominic Benson <dominic.benson thirdlight.com>]
*) Resolve crash during graceful restarts. PR 50309
[Mario Brandt <JBlond gmail.com>]
*) Solve latency/cogestion of resolving effective user file access rights
when no such info is desired, for config related filename stats.
PR: 51020 [Thangaraj AntonyCrouse <thangaraj gmail.com>, William Rowe]
*) Fix regression in 2.3.6 which broke process controls when using vhost-
specific configuration. [Jeff Trawick]
*) Account for first process in class in the spawn score. [Jeff Trawick]
Releasing libmicrohttpd 0.9.22. -CG
Adding configure option to allow selecting support for basic
and digest authentication separately (#2525). -CG
Fixing URI argument parsing when string contained keys without
equals sign (i.e. '&bar&') in the middle of the argument (#2531).
Also replacing 'strstr' with more efficient 'strchr' when
possible. -CG
Use "int" instead of "enum X" in 'va_arg' calls to be nice to
compilers that use 'short' (i.e. 8 or 16 bit) enums but pass
enums still as "int" in varargs. (See discussion on mailinglist). -CG/MV
Reduce default size in post processor buffer (for small systems;
performance impact on large systems should be minimal). -CG/MV
It is a security update, fix CVE-2012-4377 CVE-2012-4378 CVE-2012-4379
CVE-2012-4380 CVE-2012-4381 CVE-2012-4382.
Upstream changes:
Changes since 1.19.1
(bug 39700) File: link to non-existing file can inject html
(bug 39823) Hidden block text leaking to admins
(bug 39184) LDAP password leakage
(bug 39180) Disallow framing of api results
(bug 37587) Enforce language codes to be html safe
(bug 39824) Check global blocks on account creation
Fixes and Stability Enhancements since Opera 12.01
* General and User Interface
* Several general fixes and stability improvements
* Resolved an issue with Speed Dial thumbnails when automatic scaling is enabled
Security
* Fixed an issue where truncated dialogs may be used to trick users; see our advisory:
http://www.opera.com/support/kb/view/1028/
Upstream changes:
0.022 2012-06-01 23:31:40 America/New_York
[ADDED]
- Supports local_address option to set local socket interface
[Chris Nehren, David Golden]
0.021 2012-05-15 22:38:57 America/New_York
[TESTING]
- Skip live SSL testing if $ENV{http_proxy} is set
0.020 2012-05-14 15:24:37 America/New_York
[TESTING]
- Capture prerequisite versions under AUTOMATED_TESTING to help
chase down some failures from CPAN Testers
0.019 2012-05-14 07:14:00 America/New_York
[ADDED]
- Require IO::Socket::SSL 1.56 (which added SSL_hostname support) when
doing HTTPS. [Mike Doherty]
[TESTING]
- Provide better diagnostic output in t/210_live_ssl.t [Mike
Doherty]
0.018 2012-04-18 09:39:50 America/New_York
[ADDED]
- Add verify_SSL option to do more secure SSL operations, incl.
attempting to validate against a CA bundle (Mozilla::CA
recommended, but will attempt to find some OS bundles). Also
add SSL_opts, which passes through IO::Socket::SSL's SSL_*
options to control SSL verification. (GH #6, #9) [Mike Doherty]
- Reponse hashref includes final URL (including any redirections)
[Lukas Eklund]
0.017 2012-02-22 21:57:37 EST5EDT
[DOCUMENTATION]
- Clarified how max_size exceptions work [rt.cpan.org #75142]
- Clarify that 2XX is success for most methods (except mirror
where 304 is also success) [rt.cpan.org #75141]
Upstream changes:
1.3100 25.08.2012
[ BUG FIXES ]
* GH #816: Improve wording when failed to load engine. (Sawyer X)
* GH #817: Fix CODE reference uncloned using Clone::clone.
(David Previous, Sawyer X)
[ ENHANCEMENTS ]
* GH #755: HTTP::Headers accepted by dancer_response. (Roberto Patriarca)
[ DOCUMENTATION ]
* GH #818: Use "MyWeb::App" instead of "mywebapp" in examples. (pdl)
1.3099 11.08.2012
[ BUG FIXES ]
* GH #683: Fix uninitialized warnings. (Sawyer X)
* GH #700: Take into account the app name in route caching. (Perlover)
* GH #775: Clone variables for templates.
(Reported by Wanradt Koell, fixed by David Precious, Sawyer X)
* GH #776: get should be default to get/head even it's inside any.
(Fayland Lam)
* GH #788: Make sure ID key in sessions are clobbered. (kocoureasy)
* Fix uninitialized variables in config file path. (Sawyer X)
* GH #809: Require all necessarily modules in Dancer::Config.
(John Wittkoski)
[ ENHANCEMENTS ]
* GH #799: New test function: response_redirect_location_is. (Martin Schut)
* send_file now accepts an IO::Scalar. (David Precious)
* Clean up $VERSION. (Damien Krotkine)
[ DOCUMENTATION ]
* GH #784: Synopsis fix in Dancer::Error. (Alex C)
* Document session_domain in Dancer::Config. (David Precious)
* Pod fixes in abstract session. (David Precious)
* Synopsis fix in Dancer::Test. (Stefan Hornburg <Racke>)
1.3098 28.07.2012
[ ENHANCEMENTS ]
* New keyword 'plugin_args' exported by Dancer::Plugin to provide
a consistent way with Dancer 2 to obtain arguments from a plugin
keyword. (Alberto Sim.es).
* Add 'execute_hook' and deprecate 'execute_hooks' for homogeneity
with Dancer 2.
* send_file will do the right thing if given an IO::Scalar object
(David Precious, prompted by Ilya Chesnokov).
[ DOCUMENTATION ]
* Fix escaping on some docs (Stefan Hornburg @racke).
* Use patches from https://bugzilla.mozilla.org/show_bug.cgi?id=753046
* Fix firefox.sh
Changelog:
NEW Preliminary native PDF support (Aurora/Beta only)
NEW Support for SPDY networking protocol v3
NEW WebGL enhancements, including compressed textures for better performance
CHANGED Optimized memory usage for add-ons
DEVELOPER JavaScript debugger integrated into developer tools
DEVELOPER New layout view added to Inspector
DEVELOPER The CSS word-break property has been implemented.
DEVELOPER High precision event timer implemented
DEVELOPER New responsive design tool allows web developers to switch between desktop and mobile views of sites
HTML5 Native support for the Opus audio codec added
HTML5 The <source> element now supports the media attribute
HTML5 The <audio> and <video> elements now support the played attribute
* recentchangesdiff: When diffurl is not set, provide inline diffs
in the recentchanges page, with visibility toggleable via javascript.
Thanks, Antoine Beaupré
* Split CFLAGS into words when building wrapper. Closes: #682237
* osm: Avoid calling urlto before generated files are registered.
Thanks, Philippe Gauthier and Antoine Beaupré
* osm: Add osm_openlayers_url configuration setting.
Thanks, Genevieve
* osm: osm_layers can be used to configured the layers displayed on the map.
Thanks, Antoine Beaupré
* comments: Remove ipv6 address specific code.
changes:
- Fix several security issues with accessibility support.
- Finishing merging NPAPI plugin support for Windows.
- Turn off the deletion UI during editing, as it caused issues with some sites.
* Introducing Django 1.4 support, dropped support for Django 1.2
* Lazy page tree loading in admin
* Toolbar isolation
* Plugin cancel button fixed
* Tests refactor
* Moving text plugins to different placeholders no longer loses inline plugins
* Minor improvements
comprehensive version control facilities.
Features
* Roll back to any point in a model's history - an unlimited undo facility!
* Recover deleted models - never lose data again!
* Admin integration for maximum usability.
* Group related changes into revisions that can be rolled back in a single
transaction.
* Automatically save a new version whenever your model changes using Django's
flexible signalling framework.
* Automate your revision management with easy-to-use middleware.
django-reversion can be easily added to your existing Django project with
an absolute minimum of code changes.
* Fix security problems.
* Build three Multi-Processing Model shared libraries,
and select default model with option
* Retire mod_cgi.so module, use mod_cgid.so; Add MESSAGE
Changelog:
Changes with Apache 2.4.3
*) SECURITY: CVE-2012-3502 (cve.mitre.org)
mod_proxy_ajp, mod_proxy_http: Fix an issue in back end
connection closing which could lead to privacy issues due
to a response mixup. PR 53727. [Rainer Jung]
*) SECURITY: CVE-2012-2687 (cve.mitre.org)
mod_negotiation: Escape filenames in variant list to prevent an
possible XSS for a site where untrusted users can upload files to
a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
*) mod_authnz_ldap: Don't try a potentially expensive nested groups
search before exhausting all AuthLDAPGroupAttribute checks on the
current group. PR 52464 [Eric Covener]
*) mod_lua: Add new directive LuaAuthzProvider to allow implementing an
authorization provider in lua. [Stefan Fritsch]
*) core: Be less strict when checking whether Content-Type is set to
"application/x-www-form-urlencoded" when parsing POST data,
or we risk losing data with an appended charset. PR 53698
[Petter Berntsen <petterb gmail.com>]
*) httpd.conf: Added configuration directives to set a bad_DNT environment
variable based on User-Agent and to remove the DNT header field from
incoming requests when a match occurs. This currently has the effect of
removing DNT from requests by MSIE 10.0 because it deliberately violates
the current specification of DNT semantics for HTTP. [Roy T. Fielding]
*) mod_socache_shmcb: Fix bus error due to a misalignment
in some 32 bit builds, especially on Solaris Sparc.
PR 53040. [Rainer Jung]
*) mod_cache: Set content type in case we return stale content.
[Ruediger Pluem]
*) Windows: Fix SSL failures on windows with AcceptFilter https none.
PR 52476. [Jeff Trawick]
*) ab: Fix read failure when targeting SSL server. [Jeff Trawick]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
- mod_auth_digest: shared memory file
[Jeff Trawick]
*) htpasswd: Use correct file mode for checking if file is writable.
PR 45923. [Stefan Fritsch]
*) mod_rewrite: Fix crash with dbd RewriteMaps. PR 53663. [Mikhail T.
<mi apache aldan algebra com>]
*) mod_ssl: Add new directive SSLCompression to disable TLS-level
compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
*) mod_lua: Add a few missing request_rec fields. Rename remote_ip to
client_ip to match conn_rec. [Stefan Fritsch]
*) mod_lua: Change prototype of vm_construct, to work around gcc bug which
causes a segfault. PR 52779. [Dick Snippe <Dick Snippe tech omroep nl>]
*) mpm_event: Don't count connections in lingering close state when
calculating how many additional connections may be accepted.
[Stefan Fritsch]
*) mod_ssl: If exiting during initialization because of a fatal error,
log a message to the main error log pointing to the appropriate
virtual host error log. [Stefan Fritsch]
*) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on
one connection. PR 52275. [Naohiro Ooiwa <naohiro ooiwa miraclelinux com>]
*) mod_proxy_balancer: Restore balancing after a failed worker has
recovered when using lbmethod_bybusyness. PR 48735. [Jeff Trawick]
*) mod_setenvif: Compile some global regex only once during startup.
This should save some memory, especially with .htaccess.
[Stefan Fritsch]
*) core: Add the port number to the vhost's name in the scoreboard.
[Stefan Fritsch]
*) mod_proxy: Fix ProxyPassReverse for balancer configurations.
PR 45434. [Joe Orton]
*) mod_lua: Add the parsebody function for parsing POST data. PR 53064.
[Daniel Gruno]
*) apxs: Use LDFLAGS from config_vars.mk in addition to CFLAGS and CPPFLAGS.
[Stefan Fritsch]
*) mod_proxy: Fix memory leak or possible corruption in ProxyBlock
implementation. [Ruediger Pluem, Joe Orton]
*) mod_proxy: Check hostname from request URI against ProxyBlock list,
not forward proxy, if ProxyRemote* is configured. [Joe Orton]
*) mod_proxy_connect: Avoid DNS lookup on hostname from request URI
if ProxyRemote* is configured. PR 43697. [Joe Orton]
*) mpm_event, mpm_worker: Remain active amidst prevalent child process
resource shortages. [Jeff Trawick]
*) Add "strict" and "warnings" pragmas to Perl scripts. [Rich Bowen]
*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
- core: the scoreboard (ScoreBoardFile), pid file (PidFile), and
mutexes (Mutex)
[Jim Jagielski]
*) ab: Fix bind() errors. [Joe Orton]
*) mpm_event: Don't do a blocking write when starting a lingering close
from the listener thread. PR 52229. [Stefan Fritsch]
*) mod_so: If a filename without slashes is specified for LoadFile or
LoadModule and the file cannot be found in the server root directory,
try to use the standard dlopen() search path. [Stefan Fritsch]
*) mpm_event, mpm_worker: Fix cases where the spawn rate wasn't reduced
after child process resource shortages. [Jeff Trawick]
*) mpm_prefork: Reduce spawn rate after a child process exits due to
unexpected poll or accept failure. [Jeff Trawick]
*) core: Log value of Status header line in script responses rather
than the fixed header name. [Chris Darroch]
*) mpm_ssl: Fix handling of empty response from OCSP server.
[Jim Meyering <meyering redhat.com>, Joe Orton]
*) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch]
*) mod_authz_core: If an expression in "Require expr" returns denied and
references %{REMOTE_USER}, trigger authentication and retry. PR 52892.
[Stefan Fritsch]
*) core: Always log if LimitRequestFieldSize triggers. [Stefan Fritsch]
*) mod_deflate: Skip compression if compression is enabled at SSL level.
[Stefan Fritsch]
*) core: Add missing HTTP status codes registered with IANA.
[Julian Reschke <julian.reschke gmx.de>, Rainer Jung]
*) mod_ldap: Treat the "server unavailable" condition as a transient
error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]
*) core: Fix spurious "not allowed here" error returned when the Options
directive is used in .htaccess and "AllowOverride Options" (with no
specific options restricted) is configured. PR 53444. [Eric Covener]
*) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
PR 53048. [Stefan Fritsch]
*) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
PR 53104. [Greg Ames]
*) mod_ext_filter: Fix error_log spam when input filters are configured.
[Joe Orton]
*) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]
*) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
[Paul Wouters <pwouters redhat.com>, Joe Orton]
*) core: Use a TLS 1.0 close_notify alert for internal dummy connection if
the chosen listener is configured for https. [Joe Orton]
*) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
forwarding to SSL backends. PR 53134.
[Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
*) mod_info: Display all registered providers. [Stefan Fritsch]
*) mod_ssl: Send the error message for speaking http to an https port using
HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
using SNI. PR 50823. [Stefan Fritsch]
*) core: Fix segfault in logging if r->useragent_addr or c->client_addr is
unset. PR 53265. [Stefan Fritsch]
*) log_server_status: Bring Perl style forward to the present, use
standard modules, update for new format of server-status output.
PR 45424. [Richard Bowen, Dave Brondsema, and others]
*) mod_sed, mod_log_debug, mod_rewrite: Symbol namespace cleanups.
[Joe Orton, André Malo]
*) core: Prevent "httpd -k restart" from killing server in presence of
config error. [Joe Orton]
*) mod_proxy_fcgi: If there is an error reading the headers from the
backend, send an error to the client. PR 52879. [Stefan Fritsch]
If selected, the existing apache-mpm-event, apache-mpm-prefork and
apache-mpm-worker options determine which will be loaded in the default
config file.
Note: if worker is in the mix, the build will simply never build mod_cgi,
regardless of which MPM is the default.
Upstream changes:
0.9507 Fri Dec 9 09:44:49 EET 2011
- patch for XSS vulnerability in HTML::Template::Pro
thanks to Shigeki Morimoto shigeki.morimoto mixi.co.jp
0.9508 Mon Dec 26 16:13:37 EET 2011
- use unicode quoting in XSS vulnerability patch (more portable)
thanks to Shigeki Morimoto shigeki.morimoto mixi.co.jp
0.9509 Tue Feb 28 21:15:28 EET 2012
- more verbose messages for tag stack underflow
== Changes
= Changes in 2.2.7 =
August 14, 2012 - version 2.2.7
* Bug fixes
* Fix arity incompatibility introduced in 2.2.6. It broke Webmock.
Thanks Andrew France for the report!
= Changes in 2.2.6 =
August 14, 2012 - version 2.2.6
* Bug fixes
* Make get_content doesn't raise a BadResponseError for perfectly good
responses like 304 Not Modified. Thanks to Florian Hars.
* Add 'Content-Type: application/x-www-form-urlencoded' for the PUT
request that has urlencoded entity-body.
* Features
* Add HTTPClient::IncludeClient by Jonathan Rochkind, a mix-in for easily
adding a thread-safe lazily initialized class-level HTTPClient object
to your class.
* Proxy DigestAuth support. Thanks to Alexander Kotov and Florian Hars.
* Accept an array of strings (and IO-likes) as a query value
e.g. `{ x: 'a', y: [1,2,3] }` is encoded into `"x=a&y=1&y=2&y=3"`.
Thanks to Akinori MUSHA.
* Allow body for DELETE method.
* Allow :follow_redirect => true for HEAD request.
* Fill request parameters request_method, request_uri and request_query
as part of response Message::Header.
- Fixed bug (apc_bin_dump doesn't swizzle bucket arKey in HashTable)
(Laruence)
- Fixed bug #62825 (php carshed OR return PHP Fatal error when used
apc_bin_dump after apc_store) (Laruence)
- Fixed bug due to Conditional "jump or move depends on uninitialised
value(s)" in apc_op_ZEND_INCLUDE_OR_EVAL and apc_bin_dump (Laruence)
- Fixed bug #62802 (Crash when use apc_bin_dump/load) (Laruence)
- Fixed bug #62757 (php-fpm carshed when used apc_bin_dumpfile with
apc.serializer) (Laruence)
- Fixed bug #62765 (apc_bin_dumpfile report Fatal error when there is "goto"
in function) (Laruence)
- Fixed bug #61133 (segfault in tests/apc_bin_002.phpt) (Laruence)
- Fixed handling of userspace stream wrappers simulating file
inclusion/requiring (Anatoliy, Rasmus)
- Fixed bug #62699 trait aliases and precedences handling (Anatoliy)
- Added cli built-in server tests (Anatoliy)
- Fixed filter regex freeing on request shutdown (Anatoliy)
- Fixed interned strings storage freeing on module shutdown (Anatoily)
- Fixed bug #61742 preload_path does not work due to incorrect string length
(Anatoliy)
- Fixed several memory leaks it APCIterator (Anatoliy)
- Fixed potential overflows in bin dumps (Anatoliy)
1.1.1:
There are no database changes in this release
Bug Fixes
Unassigned variable warning in Principal.php calling BuildDeadPropertyXML
Notification of deletes when hide_older_than is set
Fixes to URL encoding of some CalDAV/CardDAV properties
Fix to Basic Auth handling in admin UI
Fix CalDAV client library to handle multiple 'Allow' headers in OPTIONS response
Fix ldap driver to handle numeric usernames correctly.
Add handling for allprop and ommission of prop tag in calendar-query, calendar-multiget and addressbook-query
Fix parsing of relative alarm times where the event has a timezone
Correct detection of suhosin.server_strip status (from Christoph Anton Mitterer via debian bug #656392).
Other minor bugfixes.
Other Changes
Add support for ldap mapping of multiple fields to one DAViCal field (from Sylvain BURGER)
Generally improved support for a wider range of DAV/CalDAV/CardDAV properties in calendar-query, calendar-multiget and addressbook-query
1.1.0:
Database Upgrade
There are several changes to in-database functions.
Bug Fixes
Obscure password in LDAP debug log messages
Fix bugs parsing some RFC5545 duration values
Fix handling of ?mode=append when uploading calendar data.
Various fixes to external BIND support.
Fix some errors in content-type detection & handling.
Correct round-trip handling of arbitrary XML in dead properties.
Fix bugs in editing of existing grants.
Other Changes
Support for WebDAV Synchronisation is updated to match the final RFC.
Support If-Modified-Since header.
Merge iSchedule support from Rob Ostenson.
Add support for initialising an addressbook from a file of VCARDs
Add support for 'Prefer' and 'Brief' headers.
Reduce logging noise from 401 and 404 responses.
Some query performance improvements.
When someone is delegated 'write' by a principal they can now maintain that principal's details in the Admin UI.
New default_collections setting which replaces home_calendar_name and home_addressbook_name (these are deprecated)
