Django 3.2.12 fixes two security issues with severity “medium” in 3.2.11.
CVE-2022-22818: Possible XSS via {% debug %} template tag
CVE-2022-23833: Denial-of-service possibility in file uploads
Django 2.2.27 fixes two security issues with severity “medium” in 2.2.26.
CVE-2022-22818: Possible XSS via {% debug %} template tag
CVE-2022-23833: Denial-of-service possibility in file uploads
bkt (pronounced bucket) is a subprocess caching utility written in Rust,
inspired by bash-cache.
Wrapping expensive process invocations with bkt allows callers to reuse recent
invocations without complicating their application logic. This can be useful in
shell prompts, interactive applications such as fzf, and long-running programs
that poll other processes.
When bkt is passed a command it hasn't seen before (or recently) it executes
the command synchronously and caches its stdout, stderr, and exit code.
Calling bkt again with the same command reads the data from the cache and
outputs it as if the command had been run again.
-enable to show/hide hidden items ( #34 @balroggg )
-felix keeps the state of show_hidden(whether to show hidden items) and
sort_by(by name or by modified time): The change remains after exit.
ship accumulated bugfixes and catchup with wayback machine changes.
special thanks to Paul Wise for the immesurable patience on
the wayback plugin and test suite, and to Jelmer Vernooij for the
Debian Janitor.
New features:
* Add support for saving page resources to the Wayback Machine too,
thanks Paul Wise!
API changes:
* we now generate a standard message-id, which has brackets around it
Bugfixes:
* fix rare crash in feed2exec parse with an empty `mailbox` setting
* fix feedparser dependencies for newer python
* catchup with html2text again (2020.1.16)
* add failing test and fix for cachecontrol 0.12.10 new API (Closes: GL#22)
* do not cache requests in plugins (Closes: #1001412, GL#26)
* Require feedparser 5 as minimum version for Python 3, thanks Paul Wise
Documentation:
* mention (lack of) Gemini and other protocol support
* leave Freenode for oftc.net
Cleanup, CI, linting:
* avoid dateparser bug workaround in newer versions
* drop support for python 3.5, add 3.9
* enforce black in tox, but not in CI
* first pass at type checking with mypy, with failures allowed
* switch to setup.cfg as much as possible
* fix rst syntax since we are not hacking it anymore
* mention build module, which may be necessary for newer setuptools_scm
* move fixtures to conftest.py
* use pytest.mark.network instead of xfail
### libopenmpt 0.6.1 (2022-01-30)
* [**Bug**] Linking libmpg123 no longer fails on OpenBSD.
* [**Bug**] Possible hang with malformed DMF, DSM, MED, MUS, OKT and SymMOD
files containing 65536 or more patterns when destroying the module.
* [**Bug**] Avoid NaNs and infinite values with custom tunings and in the
I3DL2Reverb plugin.
* The letter "z" is now evaluated in fixed MIDI macros (Z80...ZFF) the same
way as in Impulse Tracker.
* MOD: Loosened VBlank timing heuristics so that "frame of mind" by Dascon
plays correctly.
* MOD: Validate the contents of "hidden" patterns beyond the end of the order
list when the file size matches the expected size when only taken "official"
patterns into account. This fixes Shofixti Ditty.mod from Star Control 2
while keeping other (partly broken) modules working.
* MED: Command 20 (reverse sample) is now only applied when it's next to a
note.
* S3M: Introducing the "Send OPL key-off when triggering notes" compatibility
setting broke retrigger for OPL notes again (they retriggered rather than
not retriggering).
* S3M: Retriggering a note no longer resets its pitch after a portamento.
* S3M: Partially implement retrigger behaviour for stopped notes in
SoundBlaster mode: Like in IT, it is not possible to retrigger a sample that
has already stopped playing.
* DIGI: Improve compatibility with E3x reverse sample command.
* DSym: Tempos < 32 were treated as tempo slides.
* SymMOD: Key-off command was not implemented properly.
mold 1.0.3 is a maintenance release of the high-speed linker. It contains
only the following bug fix:
build-static.sh didn't create a statically-linked mold executable (#315).
The problem is now fixed. (601b9e6)
Release 2.4.4 Sun January 30 2022
Security fixes:
#550 CVE-2022-23852 -- Fix signed integer overflow
(undefined behavior) in function XML_GetBuffer
(that is also called by function XML_Parse internally)
for when XML_CONTEXT_BYTES is defined to >0 (which is both
common and default).
Impact is denial of service or more.
#551 CVE-2022-23990 -- Fix unsigned integer overflow in function
doProlog triggered by large content in element type
declarations when there is an element declaration handler
present (from a prior call to XML_SetElementDeclHandler).
Impact is denial of service or more.
Bug fixes:
#544#545 xmlwf: Fix a memory leak on output file opening error
Other changes:
#546 Autotools: Fix broken CMake support under Cygwin
#554 Windows: Add missing files to the installer to fix
compilation with CMake from installed sources
#552#554 Version info bumped from 9:3:8 to 9:4:8;
see https://verbump.de/ for what these numbers do
2.0.12 January 30, 2022
Add bug tracker information to README, and add CONTRIBUTING.md. [Steve Hay]
Fix detection of APR's threading support on RHEL 8. [Petr Písař]
Fix build for perl >= 5.33.7. [Leon Timmermans]
Fix SIGSEGV crash due to wrong use of perl_parse(). [Charles Pigott]
Improve installation instructions for AIX. [Rainer Tammer]
iperf-3.11
----------
* Notable user-visible changes
* Update links to Discussions in documentation
* Fix DSCP so that TOS = DSCP * 4
* Fix --bind-dev for TCP streams
* Fix interface specification so doesn't overlap with IPv6 link-local addresses for -c and -B
* Add get/set test_unit_format function declaration to iperf_api.h
* Auto adjustment of test-end condition for file transfers (-F), if no end condition is set, it will automatically adjust it to file size in bytes
* Exit if idle time expires waiting for a connection in one-off mode
* Support zerocopy by reverse mode
* Update help and manpage text for 1157, support bind device
* Consistently print target_bandwidth in JSON start section
* Test bitrate added to JSON output
* Remove fsync call after every write to receiving --file
* Update documentation for -w
* Fix for 952, different JSON object names for bidir reverse channel
Version 2.8 -> 2.8.1
--------------------
- renamed _icu extension module to _icu_ and moved it into icu module
- moved icu python module sources into py directory
- deleted long deprecated PyICU.py file
