Two security issues have been fixed in this release which affect users of specific PostgreSQL features:
CVE-2015-5289: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service.
CVE-2015-5288: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed.
A substantial revision of the build system and GhostPDL directory structure, meaning the GhostPCL and GhostXPS "products" are now built by the Ghostscript build system "proper" rather than having their own builds which called the Ghostscript build system for certain parts of the builds.
Ghostscript-only users should not be affected by this change.
For users of the PCL and XPS interpreters (collectively downloaded as "GhostPDL") there is a new, "flatter" directory structure and only one configure and one make invocation to build all the products. There are also some executable default name changes to bring the PCL and XPS binaries in line with the Ghostscript ones. All executables now end up in the "bin" directory (or build specific variant thereof, e.g. "debugbin"). The PCL executable, by default, is now "gpcl6" on Unix like systems and "gpcl6win??.exe" (where "??" is either "32" or "64"). The XPS executable remains "gxps" on Unix-like systems, but similarly becomes "gxpswin??.exe" on Windows.
Those using scripts or other automated processes will need to take steps to cope with these changes.
A new method of internally inserting devices into the device chain has been developed, named "device subclassing". This allows suitably written devices to be more easily and consistently as "filter" devices.
The first fruit of this is a new implementation of the "-dFirstPage"/"-dLastPage" feature which functions a device filter in the Ghostscript graphics library, meaning it works consistently with all input languages.
The "ghostpdl.inf" file, provided to simplify installing a Postscript printer configure to produce output to suit Ghostscript's "pdfwrite" device is now available as a digitally signed version: "ghostpdl.cat".
Plus the usual round of bug fixes, compatibility changes, and incremental improvements.
Two security issues have been fixed in this release which affect users of specific PostgreSQL features:
CVE-2015-5289: json or jsonb input values constructed from arbitrary user input can crash the PostgreSQL server and cause a denial of service.
CVE-2015-5288: The crypt() function included with the optional pgCrypto extension could be exploited to read a few additional bytes of memory. No working exploit for this issue has been developed.
Changhelog:
== 2015-09-20 v3.1.1
* Feature #11253: Total time spent from subtasks on the issue list
* Feature #20688: Add Total estimated hours column on issue list
* Feature #20738: Upgrade Rails 4.2.4
* Defect #19577: Open redirect vulnerability
* Defect #20761: Fix typo of Japanese translation for notice_gantt_chart_truncated
* Defect #20427: Cannot create a custom query visibility is "to these roles only"
* Defect #20454: Mail handler: unwanted assignment to a group occurs
* Defect #20278: Wrong syntax for resizing inline images will throw a 500 error
* Defect #20401: "Spent time" panel: columns not wrapping
* Defect #20407: Monospace font-family values are differ between application.css and scm.css
* Defect #20456: 3.1-stable/3.1.0: missing commits (omitted from being merged from trunk)
* Defect #20466: Broken email notification layout in Outlook
* Defect #20490: WARNING: Can't mass-assign protected attributes for User
* Defect #20633: Help cursor showing up since r14154
* Patch #20293: Russian translation for 2.6-stable
* Patch #20294: Russian translation for 2.6-stable
* Patch #20408: Turkish translation for 2.6-stable
* Patch #20557: Czech translation for 2.6-stable
* Patch #20735: Markdown: Upgrade redcarpet gem to 3.3 (ruby 1.9 and higher)
* Patch #20745: Portuguese translation for 2.6-stable
* Patch #20512: Project.copy_from deletes enabled_modules on source
* Patch #20737: Czech translation for 3.0-stable
* Patch #20746: Portuguese translation for 3.0-stable
* Patch #20243: Use https links instead of http links in ApplicationHelper#avatar_edit_link and Redmine::Info class methods
* Patch #20410: Turkish translation for 3.1-stable
* Patch #20452: Czech localisation update
* Patch #20731: Change Japanese translation for "spent time"
* Patch #20747: Portuguese translation for 3.1-stable
Changelog:
Release Overview
The features for this release include support of CLDR 28 and Unicode 8.0.
For more details, including migration issues, see below.
Common Changes
CLDR 28: For details of the many changes in CLDR, see CLDR 28.
Unicode data updated to Unicode 8.0: 41 new emoji characters, 5,771 new ideographs for Chinese/Japanese/Korean, 6 new scripts, improved character properties data, etc.
ICU data size reduced by about 7.2% (1.8MB) via sharing string values across resource bundles. [#11537]
DateIntervalFormat now handles intervals with seconds, and sets FieldPosition more consistently. [#11706, #11726]
DateFormat::createInstanceForSkeleton() caches DateFormat patterns rather than DateTimePatternGenerator instances, for better performance (for cache hits) and lower heap memory consumption. [#11780]
StringSearch (based on collation) defaults to matches on normalization boundaries rather than grapheme cluster boundaries, which yields more matches on Indic text. [#11750]
RuleBasedNumberFormat (spelled-out numbers) now handles rounding (Java only), infinity, NaN. [#11653, #11760, #8223]
Most of the old Normalizer/unorm.h had been replaced by (and reimplemented via) Normalizer2, and is now deprecated. [#7303]
COLON has been withdrawn as a date pattern character corresponding to the date field [UDAT_]TIME_SEPARATOR_FIELD; there is currently no pattern character corresponding to that field. [#11773]
Support for locale key "cf" to specify currency format style, and interaction with NumberFormat values for UNumberFormatStyle: [#11787]
For NumberFormat style UNUM_CURRENCY / CURRENCYSTYLE, the default is "standard" currency style (typically using minus sign for negative numbers), but the new locale key "cf" may be used with values "standard" or "account" to specify currency format style ("account" indicates accounting style, often using parentheses for negative numbers).
For other NumberFormat styles, the locale key "cf" is ignored (they override the locale preference):
UNUM_CURRENCY_ISO / ISOCURRENCYSTYLE
UNUM_CURRENCY_PLURAL / PLURALCURRENCYSTYLE
UNUM_CURRENCY_ACCOUNTING / ACCOUNTINGCURRENCYSTYLE
UNUM_CASH_CURRENCY / CASHCURRENCYSTYLE
A new NumberFormat style is availble to explicitly specify standard style, ignoring the the locale key "cf"
UNUM_CURRENCY_STANDARD / STANDARDCURRENCYSTYLE
ICU4C Specific Changes
C API support for CompactDecimalFormat via UNumberFormatStyle additions: UNUM_DECIMAL_COMPACT_SHORT, UNUM_DECIMAL_COMPACT_LONG [#11693]
Larger UnicodeString object stores more characters inside the object without heap allocation; the UnicodeString object size is now build-time-configurable. [#11551]
On 64-bit machines, increase from object size 40 bytes with 15 internal UChars to a new default of 64 bytes with 27 UChars.
Some C++ classes now have swap() and moveFrom() methods, and support C++11 move semantics on compilers that support them. [#10086]
UnicodeString, LocalPointer, LocalArray
DecimalFormat code refactored to fix bugs, improve maintainability, and improve performance. [#10458]
New FilteredBreakIterator suppresses certain segment boundaries. For example, it can suppress the sentence boundary in the middle of "Mr. Smith". [#11248]
The internal, shared cache has been changed from unbounded to bounded. [#11767]
For [U]BreakIterator with type UBRK_SENTENCE, the locale key "ss" can now be used with value "standard" to specify that standard sentence break suppression data should be used, or with value "none" to indicate that no break suppression data should be used (the default). [#11770]
Collator: first-time startup time improved 20% due to precalculated unsafe-backward table [#11886]
A number of memory leaks and buffer overruns have been fixed based on static code analysis, mostly in data build tools
(C lib).
ZooKeeper is a centralized service for maintaining configuration information,
naming, providing distributed synchronization, and providing group services.
ChangeLog:
Sun, 04 Oct 2015 10:01:20 +0200
* Release v2.14
* Add --xinerama-index option for background setting
(patch by James Knight)
* When removing the last image in slidsehow mode, stay on the last
(previously second-to-last) image (patch by Lior Shiponi)
* Allow --sort and --randomize to override each other (most recently
specified option wins) instead of always preferring --sort
* Thumbnail mode: Mark image as processed when executing an action
(--action) by clicking on an image
* It is now possible to override feh's idea of the active xinerama screen
using the --xinerama-index option
* Remove (undocumented) feature allowing to override feh's idea of the
active xinerama screen by setting the XINERAMA_SCREEN environment
variable
Fixed build error related to zlib on systems with older make versions (regression in ccache 3.2.3).
Made conversion-to-bool explicit to avoid build warnings (and potential runtime errors) on legacy systems.
Improved signal handling: Kill compiler on SIGTERM; wait for compiler to exit before exiting; die appropriately.
Minor fixes related to Windows support.
The correct compression level is now used if compression is requested.
Fixed a bug where cache cleanup could be run too early for caches larger than 64 GiB on 32-bit systems.
Major changes (besides bugfixes):
- opencv_contrib (http://github.com/itseez/opencv_contrib) repository
has been added.
- a subset of Intel IPP (IPPCV) is given to us and our users free
of charge, free of licensing fees, for commercial and non-commerical
use.
- T-API (transparent API) has been introduced, this is transparent GPU
acceleration layer using OpenCL. It does not add any compile-time or
runtime dependency of OpenCL. When OpenCL is available, it's detected
and used, but it can be disabled at compile time or at runtime.
- ~40 OpenCV functions have been accelerated using NEON intrinsics and
because these are mostly basic functions, some higher-level functions
got accelerated as well.
- There is also new OpenCV HAL layer that will simplifies creation
of NEON-optimized code and that should form a base for the open-source
and proprietary OpenCV accelerators.
- The documentation is now in Doxygen: http://docs.opencv.org/master/
- We cleaned up API of many high-level algorithms from features2d, calib3d,
objdetect etc. They now follow the uniform "abstract interface - hidden
implementation" pattern and make extensive use of smart pointers (Ptr<>).
- Greatly improved and extended Python & Java bindings (also, see below on
the Python bindings), newly introduced Matlab bindings
- Improved Android support - now OpenCV Manager is in Java and supports
both 2.4 and 3.0.
- Greatly improved WinRT support, including video capturing and
multi-threading capabilities. Thanks for Microsoft team for this!
- Big thanks to Google who funded several successive GSoC programs and
let OpenCV in. The results of many successful GSoC 2013 and 2014 projects
have been integrated in opencv 3.0 and opencv_contrib (earlier results
are also available in OpenCV 2.4.x). We can name:
- text detection
- many computational photography algorithms (HDR, inpainting, edge-aware
filters, superpixels,...)
- tracking and optical flow algorithms
- new features, including line descriptors, KAZE/AKAZE
- general use optimization (hill climbing, linear programming)
- greatly improved Python support, including Python 3.0 support, many new
tutorials & samples on how to use OpenCV with Python.
- 2d shape matching module and 3d surface matching module
- RGB-D module
- VTK-based 3D visualization module
For full changelog see:
http://code.opencv.org/projects/opencv/wiki/ChangeLog
For 2.4 to 3.0 transition, see the transition guide:
http://docs.opencv.org/master/db/dfa/tutorial_transition_guide.html
Release date: 2015-09-13 13:48 UTC
Release state: stable
Changelog:
* Add possibility to add externally created Mail_mimePart objects as
attachments [alec]
* Add possibility to set preamble text for multipart messages [alec]
Bugs fixed
- fixed a bug with the Cython speedups not being included
in package.
- documented how to create models with no primary key.
- allow bare INSERT statements.
- regarding foreign key / one-to-one relationships.
- allow ArrayField to accept tuples in addition to lists.
- fix regarding unsaved relations.
- refactored QueryResultWrapper to allow multiple independent
iterations over the same underlying result cache.
- fix bug with multiple joins to same table + eager loading.
- fix bug when connection fails while using an execution context.
- use correct column names with non-standard django foreign keys.
- return datetime.time instead of timedelta for MySQL time fields.
- fixed SQLite migrator regular expressions. Thanks @sroebert.
New features
- added support for RETURNING clauses. Update, Insert and Delete
queries can now be called with RETURNING to retrieve the rows
that were affected.
- added web request hook docs.
- allowed arbitrary model attributes and methods to be serialized
by model_to_dict(). Docs.
- allow model_to_dict() to introspect query for which fields
to serialize.
- Added backend-agnostic truncate_date() implementation.
- Added a FixedCharField which uses column type CHAR.
- Added support for arbitrary PRAGMA statements to be run on new
SQLite connections. Docs.
- Removed berkeley_build.sh script. See instructions on my blog
instead.
