Brief changes for 7.0.16:
- Pre-load the CoyoteOutputStream class to prevent a potential
exception when running under a security manager. Patch provided by Johnathan
Gilday. (markt)
- Refactor the Default servlet to provide a single method that can be
overridden (generateETag()) should a custom entity tag format be required.
(markt)
- Improve the validation of entity tags provided with conditional
requests. Requests with headers that contain invalid entity tags will be
rejected with a 400 response code. Improve the matching algorithm used to
compare entity tags in conditional requests with the entity tag for the
requested resource. Based on a pull request by Sergey Ponomarev. (markt)
- Deprecate the JDBCRealm. (markt)
Full changelog is available at:
https://tomcat.apache.org/tomcat-7.0-doc/changelog.html
Also CONFLICTS have been adjusted.
Changes for 8.5.59:
- Refactor the handling of closed HTTP/2 streams to reduce the heap usage
associated with used streams and to retain information for more streams in
the priority tree.
- Deprecate the JDBCRealm.
- Ensure that none of the methods on a ServletContext instance always fail
when running under a SecurityManager.
Full changelog is available at:
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.59_(markt)
Also CONFLICTS have been adjusted.
Changes for 9.0.39:
- Refactor the handling of closed HTTP/2 streams to reduce the heap usage
associated with used streams and to retain information for more streams in
the priority tree.
- Allow using the utility executor for annotation scanning.
- Add a bloom filter to speed up archive lookup and improve deployment speed
of applications with a large number of JARs.
Full changelog is available at:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39
Also CONFLICTS have been adjusted.
5.0.8
- Add optional support for using `fastjsonschema` as the JSON validation library.
To enable fast validation, install `fastjsonschema` and set the environment
variable `NBFORMAT_VALIDATOR` to the value `fastjsonschema`.
ChangeLog:
This release has two new lexers: one for e-mails (yes, I am aware it is
only me that spells it that way) and one for J (why not another language
starting with J?). There's also fixes for the Apex, HTTP, Janet, JavaScript
and Rust lexers. And on top of all of that, there are some improvements to
Rouge itself, including a new CLI debug command and a line highlighting
option.
o also set -D_GNU_SOURCE in Makefile.boot. from
hadrien.lacour@posteo.net.
o fix array size botch (assertion, not exploitable.) from
martin@netbsd.org.
o also match %2F as well as %2f. from leah@vuxu.org.
o many manual and help fixes. clean ups for higher lint levels,
consistency/style clean ups. various option fixes including made
-f imply -b. from <henrik@gulbra.net> for freebsd.
o add .m4a and .m4v file extensions.
o make this work on sun2 by reducing mmap window there.
o fix SSL shutdown sequence. from spz@netbsd.org.
o add readme support to directory indexing. from jmcneill@netbsd.org
o add blocklist(8) support. from jruoho@netbsd.org.
1.6.2
Bugfixes
- Provide generated ``.c`` files in TarBall distribution.
1.6.1
Features
- Provide wheels for ``aarch64``, ``i686``, ``ppc64le``, ``s390x`` architectures on
Linux as well as ``x86_64``.
- Provide wheels for Python 3.9.
Bugfixes
- ``human_repr()`` now always produces valid representation equivalent to the original URL (if the original URL is valid).
- Fixed requoting a single percent followed by a percent-encoded character in the Cython implementation.
- Fix ValueError when decoding ``%`` which is not followed by two hexadecimal digits.
- Fix decoding ``%`` followed by a space and hexadecimal digit.
- Fix annotation of ``with_query()``/``update_query()`` methods for ``key=[val1, val2]`` case.
Removal
- Drop Python 3.5 support; Python 3.6 is the minimal supported Python version.
2.10.2 (25.09.2020)
~~~~~~~~~~~~~~~~~~~
* Fix: Avoid use of `icon` class name on userbar icon to prevent clashes
with front-end styles (Karran Besen)
* Fix: Prevent focused button labels from displaying as white on white
(Karran Bessen)
* Fix: Avoid showing preview button on moderation dashboard for page
types with preview disabled (Dino Perovic)
* Fix: Prevent oversized buttons in moderation dashboard panel (Dan
Braghis)
* Fix: `create_log_entries_from_revisions` now handles revisions that
cannot be restored due to foreign key constraints (Matt Westcott)
2.10.1 (26.08.2020)
~~~~~~~~~~~~~~~~~~~
* Fix: Prevent `create_log_entries_from_revisions` command from failing
when page model classes are missing (Dan Braghis)
* Fix: Prevent page audit log views from failing for user models without
a `username` field (Vyacheslav Matyukhin)
* Fix: Fix icon alignment on menu items (Coen van der Kamp)
* Fix: Page editor header bar now correctly shows 'Published' or 'Draft'
status when no revisions exist (Matt Westcott)
* Fix: Prevent page editor from failing when `USE_TZ` is false (Matt
Westcott)
* Fix: Ensure whitespace between block-level elements is preserved when
stripping tags from rich text for search indexing (Matt Westcott)
0.16.1
Fixed
* Support literal IPv6 addresses in URLs.
* Force lowercase headers in ASGI scope dictionaries.
0.16.0
Changed
* Preserve HTTP header casing.
* Drop `response.next()` and `response.anext()` methods in favour of `response.next_request` attribute.
* Closed clients now raise a runtime error if attempting to send a request.
Added
* Add Python 3.9 to officially supported versions.
* Type annotate `__enter__`/`__exit__`/`__aenter__`/`__aexit__` in a way that supports subclasses of `Client` and `AsyncClient`.
0.12.0
Changed
- HTTP header casing is now preserved, rather than always sent in lowercase.
Added
- Add Python 3.9 to officially supported versions.
Fixed
- Gracefully handle a stdlib asyncio bug when a connection is closed while it is in a paused-for-reading state.
3.3.0:
* sync_to_async now defaults to thread-sensitive mode being on
* async_to_sync now works inside of forked processes
* WsgiToAsgi now correctly clamps its response body when Content-Length is set
Gumbo is an implementation of the HTML5 parsing algorithm implemented
as a pure C99 library with no outside dependencies. It's designed to
serve as a building block for other tools and libraries such as
linters, validators, templating languages, and refactoring and analysis
tools.
1.12.3:
Bug Fixes
deps: update setup.py to install httplib2>=0.15.0
1.12.2:
Bug Fixes
add method to close httplib2 connections
1.12.1:
Bug Fixes
deps: require six>=1.13.0
1.12.0:
Features
add quota_project, credentials_file, and scopes support
Documentation
convert print statement to function
remove http from batch execute docs
Upstream changes since 0.56:
1.0:
* Parse body of PATCH requests
* Scientific notation in json
* Log clarification
* Fixed country code when geoip library fail to get geolocation or ip is private/local address
* Fixed issues to setup nxapi on ES5 and added country location on stats and generated whitelists
1.1:
* Fixed various compilation issues
* Fixed valid JSON blocked by Rule ID 15
* Fixed documentation
* Updated libinjection to 3.9.2
* Added Content-type: application/vnd.api+json
* Added JSON logging output for events
* Implemented Whitelist for IPs and CIDRs and support for IPv4 and IPv6
1.1a:
* Fixed 3 vulnerabilities related to the WAF.
* Fixed build on FreeBSD
v0.11.0
New features:
* h11 now stores and makes available the raw header name as
received. In addition h11 will write out header names with the same
casing as passed to it. This allows compatibility with systems that
expect titlecased header names.
* Multiple content length headers are now merged into a single header
if all the values are equal, if any are unequal a LocalProtocol
error is raised (as before).
Backwards **in**\compatible changes:
* Headers added by h11, rather than passed to it, now have titlecased
names. Whilst this should help compatibility it replaces the
previous lowercased header names.
Upstream changes (from 4.0.4) :
* src/cookie.c Fixed an issue with expires
* src/cookies.c Fixed an issue with persistence
* src/version.c Version increment: 4.0.7
* src/init.c Minor bug fix
* src/auth.c Fixed initialization error
* src/version.c Version increment: 4.0.6
* src/creds.c Fixed an initialization problem
* src/cookies.c Fixed locking issue
* src/url.c Fixed an initialization problem
* src/init.c Fixed an initialization problem
* src/memory.c Formatting change
* src/version.c Version increment: 4.0.5
* src/main.c Added -j/--json-output
* src/init.c Added -j/--json-output - force quiet mode
* src/setup.h Added variable for json output
* doc/siegerc.in Added documentation to the config file
* src/url.c Adding DELETE and OPTIONS support.
* src/browser.c Adding DELETE and OPTIONS support.
* src/http.c Correct capitalization for Content-Type & Content-Length
* src/response.c Handle case of incorrect server response header
* README.md Make readme's title nice
* src/page.c Remove needless memset(2)
* src/cookies.c Bug fix - prevent segfault when getenv(HOME) is null
* src/load.c Bug fix - allow content-type override at cmd line
* src/version.c Version increment: 4.0.4r3
* src/url.c Skipped URL escaping for the host and port
* src/version.c Version increment: 4.0.4r2
* src/sock.c Added support for IPv6
* src/url.c Added support for parsing IPv6 addresses
* src/version.c Version increment: 4.0.4r1
Upstream changes (no version published between 4.2.0 and 4.5.0):
* List registered plugins via pelican-plugins command
* Override settings via -e / --extra-settings CLI option flags
* Add settings for custom Jinja globals and tests
* Customize article summary ellipsis via SUMMARY_END_SUFFIX setting
* Customize Typogrify dash handling via new TYPOGRIFY_DASHES setting
* Support Unicode when generating slugs
* Support Asciidoc .adoc file generation in Pelican importer
* Improve user experience when pelican --listen web server is quit
* Improve Invoke tasks template
* Include tests in source distributions
* Switch CI from Travis to GitHub Actions
* Remove support for Python 2.7
Pkgsrc changes:
* package is now incompatible with lang/python27
Changes for 8.5.58:
- For requests containing the Expect: 100-continue header, optional
support has been added to delay sending an intermediate 100 status
response until the servlet reads the request body, allowing the
servlet the opportunity to respond without asking for the request
body. Based on a pull request by malaysf.
- Add support for a read idle timeout and a write idle timeout to the
WebSocket session via custom properties in the user properties
instance associated with the session. Based on a pull request by
sakshamverma.
- Update the packaged version of the Tomcat Native Library to 1.2.25
Changes for 8.5.57:
- Improvements to the creation of OSGi manifests.
- Reduce the memory footprint of closed HTTP/2 streams
Changes for 8.5.56:
- Add support for ALPN on recent OpenJDK 8 releases.
- Add support for the CATALINA_OUT_CMD environment variable that
defines a command to which captured stdout and stderr will be
redirected. For use with, for example, rotatelogs. Patch provided by
Harald Dunkel.
- Be more flexible with respect to the ordering of groups, roles and
users in the tomcat-users.xml file.
Changes for 8.5.55:
- Improve the handling of requests that use an expectation. Do not
disable keep-alive where the response has a non-2xx status code but
the request body has been fully read.
- Change default value separator for property replacement to ":-" due
to possible conflicts. The syntax is now "${name:-default}".
- Update the packaged version of the Tomcat Native Library to 1.2.24.
For full list of changes see
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html
Changes for 9.0.38:
- For requests containing the Expect: 100-continue header, optional
support has been added to delay sending an intermediate 100 status
response until the servlet reads the request body, allowing the
servlet the opportunity to respond without asking for the request
body. Based on a pull request by malaysf.
- Add support for a read idle timeout and a write idle timeout to the
WebSocket session via custom properties in the user properties
instance associated with the session. Based on a pull request by
sakshamverma.
- Update the packaged version of the Tomcat Native Library to 1.2.25
Changes for 9.0.37:
- Implement a significant portion of the TLS environment variables for
the rewrite valve.
- Improvements to the creation of OSGi manifests.
- Reduce the memory footprint of closed HTTP/2 streams
- Improve parsing of RFC 2109 cookies
Changes for 9.0.36:
- Add support for ALPN on recent OpenJDK 8 releases.
- Add support for the CATALINA_OUT_CMD environment variable that
defines a command to which captured stdout and stderr will be
redirected. For use with, for example, rotatelogs. Patch provided by
Harald Dunkel.
- Be more flexible with respect to the ordering of groups, roles and
users in the tomcat-users.xml file
Changes for 9.0.35:
- Improve the handling of requests that use an expectation. Do not
disable keep-alive where the response has a non-2xx status code but
the request body has been fully read.
- Change default value separator for property replacement to ":-" due
to possible conflicts. The syntax is now "${name:-default}".
- Update the packaged version of the Tomcat Native Library to 1.2.24.
### Changed
- Removed debug symbol generation for default make.
- Changed the C standard from gnu99 to c11 because Webkit wants it.
### Fixed
- Fixed bounding box not spanning over whole element.
- Fixed an issue where styled hint labels caused intransparent bounding boxes.
- Fixed a race condition when a tab is closed on NetBSD.
Update pear-HTTP_Request2 package to 2.4.2.
Update
2.4.2 (2020-09-24 18:13 UTC)
Changelog:
Socket adapter could prematurely end receiving the response body due to
fread() call returning an empty string
2.4.1 (2020-08-01 05:16 UTC)
Changelog:
Switch socket to blocking mode when enabling crypto, this fixes HTTPS
requests through proxy with Socket adapter
https://github.com/pear/HTTP_Request2/issues/20
2.4.0 (2020-07-26 13:43 UTC)
Changelog:
* Minimum required version is now PHP 5.6, as using older versions for HTTPS
requests may be insecure
* Removed support for magic_quotes_runtime, as get_magic_quotes_runtime()
was deprecated in PHP 7.4 and the functionality itself was disabled since
PHP 5.4 (bug #23839)
* Socket adapter now uses socket in non-blocking mode, as some configurations
could have problems with timeouts in HTTPS requests (bug #21229)
* Fixed bogus size check error with gzipped responses larger than 4 GiB
uncompressed (bug #21239)
* Use current "Intermediate compatibility" cipher list
* Updated Public Suffix List
The package is now 100% autoload-compatible, when installed with composer it
no longer uses include-path and does not contain require_once statements
0.17.0:
- Dropped py27, py33 and py34 support
0.16.9:
- Added support for JSON type in TypeMap
0.16.8:
- Fixed QuerySelectField.query allowing no results
0.16.7:
- Fixed UnknownTypeException being thrown correctly for unsupported types
0.16.6:
- Added SQLAlchemy 1.2 support
0.16.5:
- Fixed GroupedQuerySelectMultipleField validator to support empty data
0.16.4:
- Fixed GroupedQuerySelectMultipleField validator
0.16.3:
- Fixed ChoiceType conversion for Enums
0.16.2:
- Added GroupedQueryMultipleSelectField
0.16.1:
- Updated SQLAlchemy-Utils requirement to 0.32.6
- Fixed PhoneNumberType conversion
0.16.0:
- Dropped python 2.6 support
- Made PhoneNumberField work correctly together with DataRequired
0.15.0:
- Moved GroupedQuerySelectField from WTForms-Components package to WTForms-Alchemy
- Moved WeekdaysField from WTForms-Components package to WTForms-Alchemy
- Moved PhoneNumberField from WTForms-Components package to WTForms-Alchemy
- Moved Unique validator from WTForms-Components package to WTForms-Alchemy
0.14.0:
- Added QuerySelectField and QuerySelectMultipleField which were deprecated from
WTForms as of version 2.1
0.13.3:
- Removed ClassMap's inheritance sorting. This never really worked properly and resulted in weird undeterministic bugs on Python 3.
0.13.2:
- Added support for callables in type map argument
0.13.1:
- Added flake8 checks
- Added isort checks
- Fixed country import caused by SQLAlchemy-Utils 0.30.0
- Update SQLAlchemy-Utils dependency to 0.30.0
0.10.4:
- Added JSONField
0.10.3:
- Made SelectWidget backwards compatible
0.10.2:
- Made read_only also add disabled attribute
0.10.1:
- Added seconds support for TimeField
0.10.0:
- Moved GroupedQuerySelectField to WTForms-Alchemy
- Moved PhoneNumber to WTForms-Alchemy
- Moved WeekdaysField to WTForms-Alchemy
- Moved Unique validator to WTForms-Alchemy
- Remove AJAXField dependency on SQLAlchemy-Utils
- Added PyPy support
- Fixed IntervalFields to work with intervals 0.6.0
- Updated intervals requirement to 0.6.0
4.0.0:
API Changes (Backward-Incompatible)
Support for Python 2.7 has been removed.
Support for Python 3.4 has been removed.
Support for Python 3.5 has been removed.
Support for PyPy (Python 2.7 compatible) has been removed.
Support for Python 3.8 has been added.
Receiving DATA before HEADERS now raises a ProtocolError (see https://tools.ietf.org/html/rfc7540#section-8.1)
6.0.0:
API Changes (Backward-incompatible)
Introduce HyperframeError base exception class for all errors raised within hyperframe.
Change exception base class of UnknownFrameError to HyperframeError
Change exception base class of InvalidPaddingError to HyperframeError
Change exception base class of InvalidFrameError to HyperframeError
Invalid frames with wrong stream id (zero vs. non-zero) now raise InvalidDataError.
Invalid SETTINGS frames (non-empty but ACK) now raise InvalidDataError.
Invalid ALTSVC frames with non-bytestring field or origin now raise InvalidDataError.
API Changes (Backward-compatible)
Deprecate total_padding - use pad_length instead.
Improve repr() output for all frame classes.
Introduce Frame.explain(data) for quick introspection of raw data.
Bugfixes
Fixed padding parsing for PushPromiseFrame.
Fixed unchecked frame length for PriorityFrame. It now correctly raises InvalidFrameError.
Fixed promised stream id validation for PushPromiseFrame. It now raises InvalidDataError.
Fixed unchecked frame length for WindowUpdateFrame. It now correctly raises InvalidFrameError.
Fixed window increment value range validation. It now raises InvalidDataError.
Fixed parsing of SettingsFrame with mutual exclusion of ACK flag and payload.
Other Changes
Removed support for Python 2.7, 3.4, 3.5, pypy.
Added support for Python 3.8.
v3.10.0
Improvements
Officialy support Django 3.1
Preliminary supoprt for upcoming Django 3.2
Support for pytest-xdist 2.0
Misc
Fix running pytest-django’s own tests against pytest 6.0
3.12.1
Add TokenProxy migration.
3.12.0
Add --file option to generateschema command.
Support tags for OpenAPI schema generation. See the schema docs.
Support customising the operation ID for schema generation. See the schema docs.
Support OpenAPI components for schema generation. See the schema docs.
The following methods on AutoSchema become public API: get_path_parameters, get_pagination_parameters, get_filter_parameters, get_request_body, get_responses, get_serializer, get_paginator, map_serializer, map_field, map_choice_field, map_field_validators, allows_filters. See the schema docs
Add support for Django 3.1's database-agnositic JSONField.
SearchFilter now supports nested search on JSONField and HStoreField model fields.
SearchFilter now supports searching on annotate() fields.
The authtoken model no longer exposes the pk in the admin URL.
Add __repr__ for Request instances.
UTF-8 decoding with Latin-1 fallback for basic auth credentials.
CharField treats surrogate characters as a validation failure.
Don't include callables as default values in schemas.
Improve ListField schema output to include all available child information.
Allow default=False to be included for BooleanField schema outputs.
Include "type" information in ChoiceField schema outputs.
Include "type": "object" on schema objects.
Don't include component in schema output for DELETE requests.
Fix schema types for DecimalField.
Fix schema generation for ObtainAuthToken view.
Support passing context=... to view .get_serializer() methods.
Pass custom code to PermissionDenied if permission class has one set.
Include "example" in schema pagination output.
Default status code of 201 on schema output for POST requests.
Use camelCase for operation IDs in schema output.
Warn if duplicate operation IDs exist in schema output.
Improve handling of decimal type when mapping ChoiceField to a schema output.
Disable YAML aliases for OpenAPI schema outputs.
Fix action URL names for APIs included under a namespaced URL.
Update jQuery version from 3.4 to 3.5.
Fix UniqueTogether handling when serializer fields use source=....
HTTP HEAD requests now set self.action correctly on a ViewSet instance.
Return a valid OpenAPI schema for the case where no API schema paths exist.
Include tests in package distribution.
Allow type checkers to support annotations like ModelSerializer[Author].
Don't include invalid charset=None portion in the request Content-Type header when using APIClient.
Fix \Z/\z tokens in OpenAPI regexs.
Fix PrimaryKeyRelatedField and HyperlinkedRelatedField when source field is actually a property.
Token.generate_key is now a class method.
@action warns if method is wrapped in a decorator that does not preserve information using
3.0.8:
- Added ``use_natural_foreign_keys`` option to ``reversion.register()``.
- Documentation improvments and minor fixes.
- Dropped support for Django 1.11 LTS.
Changelog:
Fixed
Fixed missing content on Blackboard course listings (bug 1665447)
Resolved incorrect scaling of Flash content on HiDPI macOS
systems (bug 1667267)
Fixes for various printing issues (bug 1667342, bug 1667510,
bug 1667723)
Fixed legacy preferences not being properly applied when set
via GPO (bug 1666836)
Fixed Picture-in-Picture controls being visible on audio-only
page elements (bug 1666775)
Fixed high memory growth with addons such as Disconnect installed,
causing browser responsiveness issues over time (bug 1658571)
Various stability improvements (bug 1661485, bug 1664542, bug
1664843)
