The mod_brotli module provides the BROTLI_COMPRESS output filter that
allows output from your server to be compressed using the brotli
compression format before being sent to the client over the network.
Upstream changes:
6.04 2019-04-02 13:09:45Z
- Remove circular dependency on LWP::RobotUA introduced in 6.02 (GH#29)
(Olaf Alders)
6.03 2019-04-01 20:56:38Z
- Remove circular dependency with LWP::UserAgent introduced in 6.02 (GH#27)
(Olaf Alders)
6.02 2019-04-01 16:03:37Z
- Added a .mailmap to properly keep up with contributors to the dist.
- Revised the changelog to follow current format styles
- Change port number in test (GH#5) (Perlover)
Changes since 1.26.5:
Cliqz Browser release 1.27.0 includes all changes of Firefox's latest version
67.0. A "What's new" page informs you about important new features and you can
now easily check add-on permissions.
New features
* Annoying auto-play content is now by default turned off
* By default any new extension you add to Cliqz won't run in Forget mode
unless you specifically allow it
* Cliqz is now also available for enterprise environment
* Added the possibility to Manage Extension Shortcuts from the settings on
“Manage your extensions� page
Improvements
* Cliqz got updated to Firefox 67.0 with various improvements and fixes
* To make sure you are even more protected, we added certificate checking for
System Addons folder (which is distributed with the browser) to prevent
potential malitious attacks
Fixes
* We fixed the issue with lost German translation on About:preferences#privacy
page
* You can now import all you data from Chrome to Cliqz with ease (if you wish,
also cookies)
Changes with nginx 1.17.0:
*) Feature: variables support in the "limit_rate" and "limit_rate_after"
directives.
*) Feature: variables support in the "proxy_upload_rate" and
"proxy_download_rate" directives in the stream module.
*) Change: minimum supported OpenSSL version is 0.9.8.
*) Change: now the postpone filter is always built.
*) Bugfix: the "include" directive did not work inside the "if" and
"limit_except" blocks.
*) Bugfix: in byte ranges processing.
6.2.2:
Features / Enhancements
Security: Prevent CSV formula injection attack when exporting data.
Bug Fixes
CloudWatch: Fixes error when hiding/disabling queries.
Database: Fixed slow permission query in folder/dashboard search.
Explore: Fixed updating time range before running queries.
Plugins: Fixed plugin config page navigation when using subpath.
6.2.1:
Features / Enhancements
CLI: Add command to migrate all datasources to use encrypted password fields.
Gauge/BarGauge: Improvements to auto value font size.
Bug Fixes
Auth Proxy: Resolve database is locked errors.
Database: Retry transaction if sqlite returns database is locked error.
Explore: Fixes so clicking in a Prometheus Table the query is filtered by clicked value.
Singlestat: Fixes issue with value placement and line wraps.
Tech: Update jQuery to 3.4.1 to fix issue on iOS 10 based browers as well as Chrome 53.x.
6.2.0:
Bug Fixes
BarGauge: Fix for negative min values.
Gauge/BarGauge: Fix for issues editing min & max options.
Search: Make only folder name only open search with current folder filter.
AzureMonitor: Revert to clearing chained dropdowns.
Breaking Changes
Plugins: Data source plugins that process hidden queries need to add a “hiddenQueries: true” attribute in plugin.json.
Changes:
7.65.1
------
This release includes the following bugfixes:
o CURLOPT_LOW_SPEED_* repaired
o NTLM: reset proxy "multipass" state when CONNECT request is done
o PolarSSL: deprecate support step 1. Removed from configure
o appveyor: add Visual Studio solution build
o cmake: check for if_nametoindex()
o cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
o config-win32: add support for if_nametoindex and getsockname
o conncache: Remove the DEBUGASSERT on length check
o conncache: make "bundles" per host name when doing proxy tunnels
o curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version
o curl_share_setopt.3: improve wording
o dump-header.d: spell out that no headers == empty file
o example/http2-download: fix format specifier
o examples: cleanups and compiler warning fixes
o http2: Stop drain from being permanently set
o http: don't parse body-related headers in bodyless responses
o md4: build correctly with openssl without MD4
o md4: include the mbedtls config.h to get the MD4 info
o multi: track users of a socket better
o nss: allow to specify TLS 1.3 ciphers if supported by NSS
o parse_proxy: make sure portptr is initialized
o parse_proxy: use the IPv6 zone id if given
o sectransp: handle errSSLPeerAuthCompleted from SSLRead()
o singlesocket: use separate variable for inner loop
o ssl: Update outdated "openssl-only" comments for supported backends
o tests: add HAProxy keywords
o tests: add support to test against OpenSSH for Windows
o tests: make test 1420 and 1406 work with rtsp-disabled libcurl
o tls13-docs: mention it is only for OpenSSL >= 1.1.1
o tool_parse_cfg: Avoid 2 fopen() for WIN32
o tool_setopt: for builds with disabled-proxy, skip all proxy setopts()
o url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows
o url: fix bad feature-disable #ifdef
o url: use correct port in ConnectionExists()
o winbuild: Use two space indentation
Changelog:
In this version, Firefox helps you get better acquainted with our
family of products and services through a new experience that
includes a set of web pages and in-browser notifications. All
Firefox products and services have powerful privacy protection
built in; joining Firefox provides users with additional features
and capabilities. These experiences will highlight these benefits.
The new experience will roll out for English (en-US, en-GB, en-CA),
French (fr) and German (de) browser users today, expanding to other
languages in the coming weeks.
With the new experience, there will be an opportunity for users
to opt in for test-driving upcoming products during registration.
For new users, this release will come with Enhanced Tracking
Protection (ETP), stronger privacy protections on by default as
“Standard” in the Privacy & Security setting. Firefox Enhanced
Tracking Protection will now automatically block third-party tracking
cookies that appear on the Disconnect list. Firefox will continue
to block third-party tracking loads in private windows, as it has
done since version 42.
For existing users, while ETP will be rolling out by default
in the coming months, you can turn this feature on today under
Preferences, select Privacy & Security to select the Custom
menu, and under the Content Blocking section, mark the Cookies
checkbox and choose “Third-party trackers” in the Cookies pull
down menu.
3.5.0:
Features
* Run tests in the same order as Django
* Use verbosity=0 with disabled migrations
Bugfixes
* django_db_setup: warn instead of crash with teardown errors
Misc
* tests: fix test_sqlite_database_renamed
* tests/conftest.py: move import of db_helpers
* Cleanup/improve coverage, mainly with tests
* Slightly revisit unittest handling
2.2.2:
CVE-2019-12308: AdminURLFieldWidget XSS
The clickable "Current URL" link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.
AdminURLFieldWidget now validates the provided value using URLValidator before displaying the clickable link. You may customise the validator by passing a validator_class kwarg to AdminURLFieldWidget.__init__(), e.g. when using ModelAdmin.formfield_overrides.
2.2.1:
Bugfixes
Fixed a regression in Django 2.1 that caused the incorrect quoting of database user password when using dbshell on Oracle
Added compatibility for psycopg2 2.8
Fixed a regression in Django 2.2 that caused a crash when loading the template for the technical 500 debug page
Fixed crash of ordering argument in ArrayAgg and StringAgg when it contains an expression with params
Fixed a regression in Django 2.2 that caused a single instance fast-delete to not set the primary key to None
Prevented makemigrations from generating infinite migrations for check constraints and partial indexes when condition contains a range object
Reverted an optimization in Django 2.2
Fixed a regression in Django 2.2 where Paginator crashes if object_list is a queryset ordered or aggregated over a nested JSONField key transform
Fixed a regression in Django 2.2 where IntegerField validation of database limits crashes if limit_value attribute in a custom validator is callable
Fixed a regression in Django 2.2 where SearchVector generates SQL that is not indexable
Fixed a regression in Django 2.2 that caused an exception to be raised when a custom error handler could not be imported
Relaxed the system check added in Django 2.2 for the admin app’s dependencies to reallow use of SessionMiddleware subclasses, rather than requiring django.contrib.sessions to be in INSTALLED_APPS
Increased the default timeout when using Watchman to 5 seconds to prevent falling back to StatReloader on larger projects and made it customizable via the DJANGO_WATCHMAN_TIMEOUT environment variable
Fixed a regression in Django 2.2 that caused a crash when migrating permissions for proxy models if the target permissions already existed. For example, when a permission had been created manually or a model had been migrated from concrete to proxy
Fixed a regression in Django 2.2 that caused a crash of runserver when URLConf modules raised exceptions
Fixed a regression in Django 2.2 where changes were not reliably detected by auto-reloader when using StatReloader
Fixed a migration crash on Oracle and PostgreSQL when adding a check constraint with a contains, startswith, or endswith lookup (or their case-insensitive variant)
Fixed a migration crash on Oracle and SQLite when adding a check constraint with condition contains | (OR) operator
Django 2.2.2 release notesDjango 2.2 release notes
2.2:
This version has been designated as a long-term support (LTS) release, which means that security and data loss fixes will be applied for at least the next three years. It will also receive fixes for crashing bugs, major functionality bugs in newly-introduced features, and regressions from older versions of Django for the next eight months until December 2019.
As always, the release notes cover the salmagundi of new features in detail, but a few highlights are:
* HttpRequest.headers to allow simple access to a request’s headers.
* Database-level constraints on models.
* Watchman compatibility for runserver to improve the performance of watching a large number of files for changes.
Django 1.11.21 release notes
CVE-2019-12308: AdminURLFieldWidget XSS
The clickable “Current URL” link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.
AdminURLFieldWidget now validates the provided value using URLValidator before displaying the clickable link. You may customise the validator by passing a validator_class kwarg to AdminURLFieldWidget.__init__(), e.g. when using formfield_overrides.
HTML::Template::Compiled is a template system which can be used for HTML::Template
templates with almost the same API. It offers more flexible template delimiters,
additional tags and features, and by compiling the template into perl code it can
run significantly faster in persistent environments such as FastCGI or mod_perl.
The goal is to offer more features for flexibility but keep the basic syntax
as easy as it is.
configure.log from bulkbuild shows following:
| ERROR: nasm 2.13 or greater is required for AV1 support. Either install nasm or add --disable-av1 to your configure options.
| *** Error code 1
v0.9.0:
Bug fixes:
* Allow a broader range of characters in header values. This violates
the RFC, but is apparently required for compatibility with
real-world code, like Google Analytics cookies
* Validate incoming and outgoing request paths for invalid
characters. This prevents a variety of potential security issues
that have affected other HTTP clients.
* Force status codes to be integers, thereby allowing stdlib
HTTPStatus IntEnums to be used when constructing responses
Other changes:
* Make all sentinel values inspectable by IDEs, and split
SEND_BODY_DONE into SEND_BODY, and DONE
* Drop support for Python 3.3.
* LocalProtocolError raised in start_next_cycle now shows states for
more informative errors
19.0.0
A query parameter-centric release, with two enhancements:
"equals sign" characters in query parameter values are no longer escaped.
URL.remove() now accepts value and limit parameters, allowing for removal of specific name-value pairs, as well as limiting the number of removals.
19.5.1
fix: authextra merging
fix: set default retry_delay_jitter
new: add rawsocket + twisted example
new: WebSocket testing support, via Agent-style interface
new: decorator for on_connectfailure
fix: delayed call leakage
new: CLI client
fix: set up TLS over proxy properly
new: expose ser modules
fix: base64 encodings, add hex encoding
new: onConnecting callback (with TransportDetails and ConnectingRequest). Note: if you've implemented a pure IWebSocketChannel without inheriting from Autobahn base classes, you'll need to add an onConnecting() method that just does return None.
copy tsutsui's commit to firefox:
fix wrong latency unit in stream_init() function.
Based on a patch in PR pkg/54206 from Y.Sugahara.
Bump PKGREVISION.
pkgsrc changes:
Replace use of legacy GeoIP library with libmaxminddb.
Uses a different module.
Changes:
Highlights
behavior change: strict URL parsing and normalization (configurable)
behavior change: mod_webdav now rejects partial PUT (configurable)
mod_auth: HTTP Auth Digest algorithm=SHA-256
mod_webdav: major rewrite: robustness, performance, RFC compliance
mod_maxminddb: new; obsoletes discontinued mod_geoip
Changes from 1.4.53
[mod_evhost] handle IPv6 literal addr; add tests
[core] separate server_main_loop() func, mark hot
[core] mark startup/shutdown funcs cold
[core] some server_main_loop() cleanup
[core] fdevent_process()
[core] srv→max_fds_lowat and srv→max_fds_hiwat
[core] remove server.h
[mod_staticfile] search ext array if not empty
[core] store joblist pointer on stack
[core] quickly clear request buffer for reuse
[core] helper funcs for connection_state_machine()
[core] perf: optimize connection_read_header()
[core] parse request in connection_read_header()
[core] log_request_header_on_error in one place
[core] copy request only if might need for logging
[core] make parse_request,request.request same buf
[core] prefer buffer_caseless_compare()
[core] pass req hdrs buffer to http_request_parse
[core] replace con→response.keep_alive
[core] mark log_error_write*() funcs cold
[core] http_request_parse() mark error paths cold
[core] lift code out of request line parse loop
[core] get_http_method_key() match by strlen first
[core] RFC7230 HTTP-version parse
[mod_accesslog] attempt to reconstruct req line
[multiple] minor: remove duplicated conditions
[mod_deflate] honor request for x-gzip, x-bzip2
[mod_auth] minor: adjust config validation
[core] discard oversized trailers
[core] no keep-alive if POLLRDHUP,empty read queue
[core] fix gw_backend spelling of directive in err
[multiple] reduce code dup in list resizing
[core] con→is_ssl_sock
[core] connection_handle_write() updates con state
[core] skip plugins_call_cleanup if not init’ed
[core] simpler loops to run plugin hooks
[core] fix mixed use of srv→split_vals array (fixes#2932)
[core] dispatch events from within event framework
[core] don’t call fd event handlers more than once, they might already be gone (fixes segfault)
[core] poll: fdarray uses fd as index, not fde_ndx
[core] map FDEVENT_* to OS system event frameworks
[core] prefer memchr() over strchr()
[core] use openssl to read,discard request body
[mod_openssl] inherit cipherlist from global scope
[mod_openssl] default: ssl.cipher-list = “HIGH”
[mod_proxy] pass Content-Length to backend if > 0
[core] config option to allow GET w/ request body
[core] some fdevent code streamlining
[core] remove fde_ndx member outside fdevents
[core] remove redundant check for allow_http11
[mod_openssl] use 16k static buffer instead of 64k
[core] pull server load checks out of main loop
[core] isolate fdevent processing
[core] release empty chunk buf when nothing read
[core] perf: pass (fdnode *) to epoll and kqueue
[core] modify config parser to handle multiple }
[core] pass (fdnode *) for registered fdevent fd
[mod_auth] http_auth_digest_hex2bin()
[mod_auth] http_auth_info_t digest abstraction
[mod_auth] pass http_auth_require_t for 401 Unauth
[core] no SOCK_NONBLOCK on QNX 7.0
[mod_auth] HTTP Auth Digest algorithm=SHA-256
[core] silence coverity warning
[mod_magnet] fix invalid script return-type crash (fixes#2938)
[build] remove -Wdeclaration-after-statement
[core] pass conf.follow_symlink in more places
[core] fix assertion with server.error-handler (fixes#2941)
[core] extend dir redirection to take HTTP status
[doc] minor adjust create-mime.conf.pl regex match (#2942)
[core] attribute((fallthrough)) for GCC 7.0
[core] fdevent_mkstemp_append() (shared)
[core] off_t upload_temp_file_size
[core] clear FDEVENT_RDHUP if no POLLRDHUP
[mod_wstunnel] fix ping-interval for big-endian (fixes#2944)
[core] fix abort in http-parseopts (fixes#2945)
[core] remove repeated slashes in http-parseopts
[core] fix 1.4.52 regression in mem use with POST (fixes#2948)
[multiple] cleaner calloc use in SETDEFAULTS_FUNC
[core] add const to some etag prototypes
[core] attribute((format …))
[core] struct log_error_st for error logging
[core] log_error, log_perror using printf-like fmt
[core] new worker_init hook to follow parent fork
[core] replace open() with fdevent_open_cloexec()
[mod_webdav] major rewrite (fixes#1818)
[core] 200 for OPTIONS /non-existent/path HTTP/1.1 (fixes#2939)
[mod_webdav] surround Lock-Token with “<…>”
[mod_webdav] fix uuid detection macro
[mod_webdav] fix misbehavior on blank nodes in PROPPATCH
[mod_webdav] clean up resources after do{}while(0)
[mod_webdav] check If-Match, If-Unmodified-Since (#1818)
[mod_webdav] deprecated unsafe partial PUT compat
[mod_webdav] provide ETag in more responses
[mod_webdav] platform portability fixes
[mod_webdav] disable elftc_copyfile() on FreeBSD
[mod_webdav] special-case If: ()
[mod_webdav] check If-None-Match (#1818)
[stat_cache] separate func for symlink policy chk
[stat_cache] separate symlink pol from data struct
[stat_cache] store entries without trailing slash
[stat_cache] pass age param for stat cache cleanup
[stat_cache] remove splaytree ins/del debug code
[stat_cache] FAM: reduce string copying
[stat_cache] FAM: check FAMNextEvent() return code
[stat_cache] FAM: use entry hash index as userdata
[stat_cache] FAM: improve handling modified file
[stat_cache] FAM: ignore follow-symlink config
[stat_cache] FAM: check hash collision before add
[stat_cache] FAM: ignore event with no valid match
[stat_cache] FAM: funcs to invalidate entries
[stat_cache] interfaces to invalidate entries
[mod_webdav] update stat_cache after file mod
[core] use high precision stat timestamp in etag
[scons] adjustment for static build under CentOS
[core] emit trace using path before clearing path
[core] http_chunk_append_file_fd()
[multiple] open target file earlier in some cases
[stat_cache] no longer stat() and open() for stat
[stat_cache] FAM: improve monitoring, cache 16 sec
[stat_cache] FAM: separate routine for FDEVENT_IN
[stat_cache] FAM: whitespace-only change
[mod_webdav] quiet coverity warnings
[doc] highlight relevance of module load order (fixes#2946)
[core] behavior change: stricter URL normalization
[stat_cache] fix compilation error for cmake
[cmake] help cmake on FreeBSD find sys/event.h
[scons] help scons on FreeBSD find sys/event.h
[build] detect FreeBSD elftc_copyfile()
[mod_openssl] use SSL_CTX_set_client_hello_cb()
[core] support weak etags with If-None-Match
[core] store log_state_handling flag on stack
[core] check if splay_tree NULL before invalidate
[mod_webdav] workaround Microsoft-WebDAV-MiniRedir
[mod_webdav] doc Microsoft-WebDAV-MiniRedir bugs
[mod_webdav] invalidate parent dir in stat_cache
[doc] systemd socket activation config example
[core] chunkqueue perf: code reuse
[core] chunkqueue perf: specialized buffer.h funcs
[core] chunkqueue perf: skip opening 0-length file
[core] chunkqueue perf: read small files into mem
[core] buffer_reset() should not be passed NULL
[tests] has_feature() helper func
[tests] skip mod-secdownload HMAC-SHA1,HMAC-SHA256
[core] use high precision stat timestamp on OS X
[mod_magnet] expose server addr (local IP) to lua
[core] adjust http_chunk read() retry loop
[mod_maxminddb] MaxMind GeoIP2 support
[mod_authn_ldap] ldap_set_option LDAP_OPT_RESTART (fixes#2940)
Changelog:
Version 1.12.0
(12 Apr 2019, from /branches/1.12.x)
https://svn.apache.org/repos/asf/subversion/tags/1.12.0
User-visible changes:
- Major new features:
- Minor new features and improvements:
* 'move vs. move' merge conflicts can now be resolved (r1846851, r1851913)
* 'svn --version --verbose' shows loaded libraries on Linux (r1843774)
* 'svnrdump' can read/write a file instead of stdin/stdout (r1844906)
* 'svn list' tries to not truncate the author's name (r1847384 et al.)
* 'svn list' can show sizes in base-2 unit suffixes (r1847384 et al.)
* 'svn info' shows the size of files in the repository (r1847441 et al.)
* 'svn cleanup' can remove read-only directories (#4806, r1854072 et al.)
- Client-side bugfixes:
* Repos-to-WC copy with --parents works with absent target (r1843888)
* Repos-to-WC copy from foreign repo with peg/operative revs (#4785)
- Server-side bugfixes:
* Ignore empty group definitions in authz files (#4802, r1851687)
- Client-side and server-side bugfixes:
- Other tool improvements and bugfixes:
* svnauthz: warn about empty groups in authz files (#4803, r1851823)
* Storing passwords in plain text on disk is disabled by default (r1845377)
Developer-visible changes:
- General:
* Updated the required libtool version to 2.x (r1845716)
* get-deps.sh: Remove references to Googlemock and Googletest (r1849200)
* All C++ code is compiled in C++11 mode by default (r1849202)
- Bindings:
* JavaHL: Fixed potential core dump in ISVNClient.diff (r1845408)
* JavaHL: Let clients decode file contents from ISVNClient.blame (r1851333)
Version 1.11.1
(11 Jan 2019, from /branches/1.11.x)
http://svn.apache.org/repos/asf/subversion/tags/1.11.1
User-visible changes:
- Minor new features and improvements:
* Conflict resolver support for added vs unversioned file (r1845577)
* Conflict resolver support for unversioned directories (r1846299)
* Improve help for 'svn add' and the '-N' option (r1842814 et al.)
* Improve display of Mac OS name in 'svn --version --verbose' (r1842334)
- Client-side bugfixes:
* Fix: repos-to-WC copy with --parents doesn't create dirs (#4768)
* Fix: foreign repo copy with peg/operative revisions (#4785)
* Fix: foreign repo copy of file adding mergeinfo (#4792)
* Fix: assertion failure using -rPREV on a working copy at r0 (#4532)
* Fix: tree conflict message ends a sentence with a colon (#4717)
- Server-side bugfixes:
* Fix CVE-2018-11803: malicious SVN clients can crash mod_dav_svn
* Fix: unexpected SVN_ERR_FS_NOT_DIRECTORY errors (#4791)
* Fix: mod_dav_svn's SVNUseUTF8 had no effect in some setups (r1844882)
* Fix crash in mod_http2 (#4782)
- Other tool improvements and bugfixes:
* svndumpfilter: Clarify error messages by including node path (r1845261)
- Bindings bugfixes:
* JavaHL: Fix crash in client code when using external diff (r1845408)
Developer-visible changes:
- General:
* Fix build on systems without python in $PATH (r1845555)
* Fix compiler warnings about indentation (r1845556 et al.)
- API changes:
(none)
Version 1.11.0
(30 Oct 2018, from /branches/1.11.x)
http://svn.apache.org/repos/asf/subversion/tags/1.11.0
User-visible changes:
- Major new features:
* Shelving is no longer based on patch files (experimental) (issue #3625)
* Checkpointing (experimental) (issue #3626)
* Viewspec output command (experimental) (issue #4753)
- Minor new features and improvements:
* Improvements to tree conflict resolution (issue #4694#4766 ...)
* 'patch' can now read non-pretty-printed svn:mergeinfo diffs (r1822151)
* Better error when http:// URL is not a Subversion repository (r1825302)
* Add 'schedule' and 'depth' items to 'svn info --show-item' (r1827032)
* Allow the client cert password to be saved (r1836762)
- Client-side bugfixes:
* Fix a crash in a repo:WC summary diff of a local copy (r1835218)
* Fix double diff headers (r1836746)
* Tree conflict resolver: avoid endless scan in some cases (r1839662)
- Server-side bugfixes:
* svnadmin dump shouldn't canonicalize svn:date (issue #4767)
* 'svnadmin verify --keep-going --quiet' shows an error summary (r1837790)
* Let 'svnadmin recover' prune the rep-cache even if disabled (r1838813)
- Client-side and server-side bugfixes:
* Fix pattern-matching of top level path in listing with search (r1830599)
* Allow commands like 'svn ci --file X' to work when X is a FIFO (r1836306)
- Other tool improvements and bugfixes:
* tools/client-side/bash_completion: Add '--password-from-stdin' (r1820045)
Developer-visible changes:
- General:
* new tool: tools/dist/edit-N-log-messages (r1819207)
* tools/dev/unix-build/Makefile.svn: various fixes
* Expose the diff option 'pretty_print_mergeinfo' in APIs (r1822014)
* In 'revert' APIs, choose whether to delete schedule-add nodes (r1822534)
- Bindings:
* Fix Python binding fs.FileDiff behaviour with python-future (r1823802)
* Fix Python unit test, fs.SubversionFSTestCase, on Windows (r1824410)
* Bump minimum JDK version required for JavaHL to 1.8 (r1831895)
* Enable building against Java 10 (r1841180 et al)
* Fix a potential crash in JavaHL (issue #4764)
From Piotr Meyer, thank you.
Changelog:
changed:
Font and date adjustments to accommodate the new Reiwa era in Japan
fixed:
#CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
#CVE-2019-9816: Type confusion with object groups and UnboxedObjects
#CVE-2019-9817: Stealing of cross-domain images using canvas
#CVE-2019-9818: Use-after-free in crash generation server
#CVE-2019-9819: Compartment mismatch with fetch API
#CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
#CVE-2019-11691: Use-after-free in XMLHttpRequest
#CVE-2019-11692: Use-after-free removing listeners in the event listener manager
#CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
#CVE-2019-7317: Use-after-free in png_image_free of libpng library
#CVE-2019-9797: Cross-origin theft of images with createImageBitmap
#CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
#CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
#CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
#CVE-2019-5798: Out-of-bounds read in Skia
#CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
1.25.3:
* Change HTTPSConnection to load system CA certificates
when ca_certs, ca_cert_dir, and ssl_context are
unspecified.
* Upgrade bundled rfc3986 to v1.3.2.
bindings (at least on NetBSD and OS X, as built from pkgsrc). This
leaves us falling through to getConfDir(), which has been gone
rather longer.
From highlight git, it appears searchFile() and getFiletypesConfPath()
both originated in the 3.14 release. The latter is still available in
3.51, and returns the same result searchFile() used to. Switch to it.
(From upstream git 4d06df9583e6c4145f8c6fc2fd51d7894c0b85ce.)
Bump PKGREVISION.
Upstream changes:
Major features
Forum
MDL-22077 - Private reply option
MDL-65033 - Ability to star discussions
MDL-64956 - In-page forum post reply
MDL-65032 - Ability to lock discussions manually
MDL-65069 - Ability to create discussions without changing page
MDL-64820 - Forum display updated to use templates
MDL-65071 - List of discussions is sortable
MDL-65034 - Accessibility improvements to forum discussions
MDL-65394 - Forum rendering speed improvements
MDL-46881 - Forum scheduled task (cron) has been refactored into several smaller cron tasks
Messaging
MDL-65015 - HTML in messages is cleaned according to site/role "trusttext" configuration
MDL-64715 - Personal space in messaging drawer for draft messages etc.
MDL-64495 - New settings page for messaging-related settings
MDL-63620 - Group conversations can be created from both the auto-create groups edit page and the import groups tool
MDL-63915 - Old messaging user interface removed and replaced with a new widget
MDL-64773 - Messaging conversations can be muted
MDL-65132 - New capability for deleting messages for all users within group conversations
MDL-64017 - Message processors can identify and handle group messages
MDL-64703 - Updated interface on the messaging index page
MDL-64137 - Searches highlight text that matches the search term
MDL-65114 - Timestamps in the main conversation list include days and years
MDL-64093 - New admin setting to set the site default for using enter key to send messages
MDL-60680 - Improved push notifications
Themes
MDL-58428 - All Boost templates moved to core
MDL-64505 - Classic theme introduced to core
MDL-64506 - Bootstrapbase and related themes (Clean/More) removed from core
MDL-65449 - Themes can override the course pattern used on the dashboard
LTI
MDL-62599 - LTI 1.3 support introduced
Open Badges
MDL-63262 - Support added for Open Badges 2.0 platforms
MDL-63876 - Moodle competencies can be linked to criteria for badges in Open Badges 2.0
Dashboard and Course Overview
MDL-63794 - Course categories can be displayed on courses in the course overview block
MDL-64855 - New admin setting to control the output of the course category in the myoverview block
MDL-64376 - Scrolling improved in the recently accessed courses block
MDL-64903 - Course filters are logically grouped in the myoverview block
MDL-64898 - The completion progress bar is no longer displayed for teachers in the myoverview block
Learning Analytics
MDL-61667 - Improvements to the install/uninstall procedure the Analytics API offers to plugins
MDL-64783 - New “upcoming activities due” model added
MDL-65582 - The "upcoming activities due" model is enabled by default
MDL-64786 - Users can overwrite default model names
MDL-64693 - New target added for course competencies achievement
MDL-64636 - New target added for course completion
MDL-65176 - New target added for students at risk of not getting the minimum grade to pass a course
MDL-64954 - A "More info" link provides more information about different core analytics elements
MDL-64777 - Default models can be restored
MDL-64787 - Analytics models can be evaluated using a trained machine learning backend
MDL-60944 - Models can be created, deleted, imported and exported
MDL-64779 - Ability to choose whether to include trained model weights in an export
MDL-65175 - When evaluating a model, the time-splitting method can be set using the web interface
MDL-65177 - It is possible to set the frequency of insight generation for models based on assumptions (e.g. the "upcoming activities due" model)
MDL-60936 - "Enabled time-splitting methods" analytics setting converted to a list of default time-splitting methods for a model's evaluation
Usability improvements
MDL-5311 - Choices can be cleared for single-answer multiple-choice questions
MDL-43385 - Print output of books has been improved
MDL-28505 - Course backup and restore can be performed asynchronously
MDL-61537 - Ability to rotate pages when annotating PDFs in assignment feedback
MDL-63773 - Assignment settings form hides irrelevant options instead of disabling them
MDL-64552 - Moodle forms inside the admin top level directory hide irrelevant options instead of disabling them
MDL-64557 - Moodle forms inside the course directory hide irrelevant options instead of disabling them
MDL-60474 - The student selection tool in the grading interface reflects the sorting order of the grading table
MDL-39261 - File support added to lesson essay questions
MDL-60913 - Global search results can be split into tabs by category
MDL-50793 - Teachers can see hidden pages in book activities
MDL-60059 - Workshop activity action events support drag and drop in the calendar
MDL-62142 - Accessibility improvements for Boost course landing page
Other Highlights
Functional changes
MDL-31355 - Forum due dates are added to the calendar
MDL-36088 - Adding/modifying questions to/in the question bank is logged
MDL-49673 - Assignment has an option to not display the grader to students
MDL-31852 - HTML tags allowed in the title of Lesson "content pages"
MDL-64377 - Ability to delete assignment file submissions
MDL-64243 - Nextcloud serves "offline" files consistent with other integrations (e.g. OneDrive and Google Docs)
MDL-53346 - User competencies in courses show the linked learning plans
MDL-62223 - Improved submission statements for assignments
MDL-52828 - Competencies can be graded when grading an activity
MDL-65154 - Course competencies page shows students which competencies are linked to an activity
MDL-64414 - "AND" and "OR" are available in if-conditions for grade calculations
For administrators
MDL-10965 - There is a new capability available to view the list of non-hidden courses
MDL-57898 - New custom field types plugin and course custom fields functionality
MDL-49399 - Output can be captured during cron and task runs
MDL-62869 - Global search can be configured to include all visible courses
MDL-64322 - New data privacy capability to restrict submission of deletion requests for other users
MDL-63569 - A constant can be added to the subject of all emails
MDL-62907 - The standard log table 'other' field can be set to store in JSON format
MDL-64281 - Frame embedding is always allowed for requests coming from the Moodle app
MDL-61164 - Tasks using legacy cron functionality moved to scheduled tasks
MDL-57900 - Added fields to provide site metadata to support learning analytics
MDL-63623 - Plugins can be uninstalled via command line
MDL-64323 - Additional fields are included in user searches when making new data requests on behalf of a user
MDL-64347 - Improved processing of scheduled and ad-hoc tasks
MDL-65142 - Tables can be downloaded in PDF format (new dataformat)
MDL-64314 - Insights notification enable web notifications by default
MDL-65138 - Course sharing to Moodle.net is disabled by default (configured via a new setting)
MDL-64454 - Site administration page warns if cron does not run frequently
MDL-62728 - The language packs page displays a warning when locales are not fully supported
MDL-64071 - Improved diagnostics when testing LDAP settings
MDL-64823 - Disabling mobile plugins works as expected
MDL-44484 - Theme field available in the bulk upload users tool
MDL-64477 - Learning analytics usage data is included with site usage data
MDL-64337 - Mobile app enabled sites prompt users that do not use the app to download it in notification emails
MDL-64339 - User names provided in the comments report are hyperlinked to the user's profile
For developers
MDL-54592 - MongoDB cache store upgraded to use PHP 7 compatible library
MDL-63977 - Behat testing available for mobile app features and plugins
MDL-63986 - Behat testing added for the messaging drawer
MDL-64449 - New debug feature to expose code issues with session locks
MDL-52167 - Core functionality added to enable site administration settings to be hidden if dependent on another disabled setting
MDL-63366 - Ability to specify filters for unit testing coverage
MDL-65130 - Improved unit testing coverage generation by only respecting the @covers annotation
MDL-60470 - New "after_require_login" hook introduced
MDL-65204 - Phpunit upgraded to version 7.5.x
MDL-64348 - Improved AJAX template fetching
MDL-59986 - External database enrolment sync moved to a scheduled task
MDL-63880 - Some templates common in dashboard blocks have been moved to increase reusability
MDL-64587 - New option in the XMLDB editor to add the mandatory persistent fields
MDL-64324 - ID collisions are avoided when forms are loaded from AJAX
MDL-64684 - When JavaScript caching is disabled, jQuery and RequireJS are no longer minified
New web services
MDL-64252 - New SCORM web service to return user capabilities
MDL-64656 - New web service to return the tag associated with an element
MDL-64655 - New forum web service to return user access information
MDL-64642 - New web service to call multiple external functions
Version 0.15.4
- Fix a SyntaxError on Python 2.7.5. (:issue:1544)
Version 0.15.3
- Properly handle multi-line header folding in development server in
Python 2.7. (:issue:1080)
- Restore the response argument to :exc:~exceptions.Unauthorized.
(:pr:1527)
- :exc:~exceptions.Unauthorized doesn't add the WWW-Authenticate
header if www_authenticate is not given. (:issue:1516)
- The default URL converter correctly encodes bytes to string rather
than representing them with b''. (:issue:1502)
- Fix the filename format string in
:class:~middleware.profiler.ProfilerMiddleware to correctly handle
float values. (:issue:1511)
- Update :class:~middleware.lint.LintMiddleware to work on Python 3.
(:issue:1510)
- The debugger detects cycles in chained exceptions and does not time
out in that case. (:issue:1536)
- When running the development server in Docker, the debugger security
pin is now unique per container.
