Subversion 1.14.1.
This is a stable bugfix and security release of the Apache Subversion
open source version control system.
THIS RELEASE CONTAINS AN IMPORTANT SECURITY FIX:
CVE-2020-17525
"Remote unauthenticated denial-of-service in Subversion mod_authz_svn"
The full security advisory for CVE-2020-17525 is available at:
https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
A brief summary of this advisory follows:
Subversion's mod_authz_svn module will crash if the server is using
in-repository authz rules with the AuthzSVNReposRelativeAccessFile
option and a client sends a request for a non-existing repository URL.
This can lead to disruption for users of the service.
We recommend all users to upgrade to the 1.10.7 or 1.14.1 release
of the Subversion mod_dav_svn server.
As a workaround, the use of in-repository authz rules files with
the AuthzSVNReposRelativeAccessFile can be avoided by switching
to an alternative configuration which fetches an authz rules file
from the server's filesystem, rather than from an SVN repository.
Ruby on Rails is a full-stack web framework optimized for programmer
happiness and sustainable productivity. It encourages beautiful code
by favoring convention over configuration.
This is for Ruby on Rails 6.1.
Action Cable - Integrated WebSockets for Rails
Action Cable seamlessly integrates WebSockets with the rest of your Rails
application. It allows for real-time features to be written in Ruby in the
same style and form as the rest of your Rails application, while still being
performant and scalable. It's a full-stack offering that provides both a
client-side JavaScript framework and a server-side Ruby framework. You have
access to your full domain model written with Active Record or your ORM of
choice.
This is for Ruby on Rails 6.1.
Action Pack is a framework for handling and responding to web requests. It
provides mechanisms for *routing* (mapping request URLs to actions), defining
*controllers* that implement actions, and generating responses by rendering
*views*, which are templates of various formats. In short, Action Pack
provides the view and controller layers in the MVC paradigm.
This is for Ruby on Rails 6.1.
5.2.1 (2021-02-05)
Bugfixes
* Fix TCP cork/uncork operations to work with ssl clients ([#2550])
* Require rack/common_logger explicitly if :verbose is true ([#2547])
* MiniSSL::Socket#write - use data.byteslice(wrote..-1) ([#2543])
* Set @env[CONTENT_LENGTH] value as string. ([#2549])
NGINX Unit is a polyglot app server, a reverse proxy, and a static file server,
available for Unix-like systems. It was built by nginx team members from
scratch to be highly efficient and fully configurable at runtime.
Vast majority of work done by Sergey A. Osokin <osa@FreeBSD.org>
WWW: http://unit.nginx.org/
The python-socks package provides a core proxy client functionality for Python.
Supports SOCKS4(a), SOCKS5, HTTP (tunneling) proxy and provides sync and async
(asyncio, trio, curio) APIs. You probably don't need to use python-socks
directly. It is used internally by aiohttp-socks and httpx-socks packages.
databases/ruby-activerecord60:
## Rails 6.0.3.5 (February 10, 2021) ##
* Fix possible DoS vector in PostgreSQL money type
Carefully crafted input can cause a DoS via the regular expressions used
for validating the money format in the PostgreSQL adapter. This patch
fixes the regexp.
Thanks to @dee-see from Hackerone for this patch!
[CVE-2021-22880]
*Aaron Patterson*
www/ruby-actionpack60
## Rails 6.0.3.5 (February 10, 2021) ##
* Prevent open redirect when allowed host starts with a dot
[CVE-2021-22881]
Thanks to @tktech (https://hackerone.com/tktech) for reporting this
issue and the patch!
*Aaron Patterson*
## Rails 5.2.4.5 (February 10, 2021) ##
* Fix possible DoS vector in PostgreSQL money type
Carefully crafted input can cause a DoS via the regular expressions used
for validating the money format in the PostgreSQL adapter. This patch
fixes the regexp.
Thanks to @dee-see from Hackerone for this patch!
[CVE-2021-22880]
*Aaron Patterson*
Changes:
2.30.5
======
- Bring back the WebKitPluginProcess intallation that was removed by mistake.
- Fix RunLoop objects leaked in worker threads.
- Fix aarch64 llint build with JIT disabled.
- Use Internet Explorer quirk for Google Docs.
Command-line utility to search DuckDuckGo from the terminal. While googler is
extremely popular among command line users, in many forums the need of a similar
utility for privacy-aware DuckDuckGo came up. So here's `ddgr` for you!
Unlike the web interface, you can specify the number of search results you would
like to see per page. It's more convenient than skimming through 30-odd search
results per page.
The default interface is carefully designed to use minimum space without
sacrificing readability.
A big advantage of ddgr over googler is DuckDuckGo works over the Tor network.
Upstream changes:
2.03 2020-11-10 14:47:04Z
[FIXED]
- Validate exclusive button selectors (GH#314) (Ferenc Erki)
2.02 2020-10-13 13:50:28Z
[ENHANCEMENTS]
- Add redirects() as a short to HTTP::Response->redirects (GH#116) (Julien Fiegehenn)
- click_button( value => $foo) now also works for button tags and image buttons
(GH#131) (Spencer Christensen) and (Julien Fiegehenn)
[DOCUMENTATION]
- Document that click_button() will die when it cannot find a button (GH#136) (Julien Fiegehenn)
- Document that content() returns undef before a request was made (GH#134) (Julien Fiegehenn)
[TESTS]
- Add a test for dump_forms() with multiselect (GH#133) (Julien Fiegehenn)
- Add tests for select multiple (GH#132) (Michael G. Schwern) and (Julien Fiegehenn)
- Remove use of discouraged vars pragma (James Raspass)
- Add tests for dump_forms() and field() with empty attributes (GH#125) (Julien Fiegehenn)
3.11.0:
Unknown changes
3.9.0
* Now tested under Python 3.8.
* Better clean up connections when using the low-level client.py API.
* Fixed a display issue when `swift delete` made multiple attempts to bulk
delete objects.
3.8.1
* Deleting or overwriting a symlink to an SLO or DLO will no longer attempt
to clean up the large object's segments.
* Fixed an issue sending non-ASCII metadata keys on Python 3.
Note that receiving such metadata on py3 is still broken;
see https://bugs.python.org/issue37093
* Documentation can now be rendered as a PDF.
* Dropped Python 3.5 testing.
3.8.0
* Added a new `--json` option to `swift list`.
* Fixed an issue introduced in 3.5.0 where re-uploading an SLO with
the same size, mtime, and segment size would delete all of the
just-uploaded segments.
* Various other minor bug fixes and improvements.
3.7.0
* Added the delimiter keyword parameter to `get_account()` to match the
functionality of `get_container()`.
* Fixed an issue in the client module where socket connections weren't
closed properly before being dereferenced.
* Various other minor bug fixes and improvements.
3.6.0
* Add the `--prompt` option for the CLI which will cause the user to be
prompted to enter a password. Any password otherwise specified by
`--key`, `--os-password` or an environment variable will be ignored.
* Added bash completion support to the `swift` CLI. Enable this by sourcing
the included `tools/swift.bash_completion` file. Make it permanent by
including this file in the system's `/etc/bash_completion.d` directory.
* Add ability to generate a temporary URL with an IP range restriction.
TempURLs with IP restrictions are supported in Swift 2.19.0 or later.
* The client.py SDK now supports a `query_string` option on the
`head_object()` method. This is useful for finding information on
SLO/DLO manifests without fetching the entire manifest.
* The client.py SDK now respects `region_name` when using sessions.
* Added a `.close()` method to an object response, allowing clients to give
up on reading the rest of the response body, if they so choose.
* Fixed a bug where using `--debug` in the CLI with unicode account names
would cause a client crash.
* Make OS_AUTH_URL work in DevStack (for testing) by default.
* Dropped Python 3.4 testing.
* Various other minor bug fixes and improvements.
Changelog:
0.80.0
Enhancements
Templates
* Regenerate templates a2d146ec @bep
* tpl/internal/go_templates: Revert formatting 718e09ed @bep
* Add title parameter to YouTube shortcode 4fc918e0 @azenk
Output
* Add missing OutputStyle option 428b0b32 @bep
Other
* Allow Dart Sass transformations to be cached on disk ffbf5e45 @bep
* Dart Sass only supports expanded and compressed 48994ea7 @bep
* Update emoji import paths and version 1f7e9f73 @moorereason
* Add Dart Sass support cea15740 @bep #7380#8102
* GroupByParamDate now supports datetimes f9f77978 @zerok
* Skip para test when not on CI a9718f44 @bep #6963
* Update SECURITY.md f802bb23 @bep
* Improve LookPath 10ae7c32 @bep
* create a SECURITY.md ae2d1bd5 @davidsneighbour #8074
* Show more detail on failed time test 8103188b @moorereason #6963
* Add images.Overlay filter 3ba147e7 @bep #8057#4595#6731
* Bump github.com/spf13/cobra from 0.15.0 to 0.20.0 c84ad8db @anthonyfok
* configure proper link to discourse.gohugo.io (#8020) 4e0acb89
@davidsneighbour
* Format code with gofumpt d90e37e0 @bep
* bump github.com/evanw/esbuild from 0.8.15 to 0.8.17 32471b57 @dependabot
[bot]
* Use --baseURL path for live-reload URL 0ad378b0 @sth #6595
* bump github.com/getkin/kin-openapi from 0.31.0 to 0.32.0 907d9e92
@dependabot[bot]
Fixes
Templates
* Fix series detection in opengraph d2d493ab @Humberd
* Fix substr when length parameter is zero 5862fd2a @moorereason #7993
* Refactor and fix substr logic 64789fb5 @moorereason #7993
Other
* Fix Resource.ResourceType so it always returns MIME's main type 81975f84
@bep #8052
* hugolib/paths: Fix typo ce96895d @mayocream
* Fix minor typos 04b89857 @phil-davis
* Fix BenchmarkMergeByLanguage 21fa1e86 @bep #7914
* Fix RelURL and AbsURL when path starts with language aebfe156
@ivan-meridianbanc-com
0.79.1:
Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc
documents if these binaries are found in the system %PATH% on Windows. However,
if a malicious file with the same name (exe or bat) was found in the current
working directory at the time of running hugo, the malicious command would be
invoked instead of the system one.
Windows users who ran hugo inside untrusted Hugo sites was affected.
The origin of this issue comes from Go, see golang/go#38736
We have fixed this in Hugo by using a patched version of exec.LookPath from
https://github.com/cli/safeexec (thanks to @mislav for the implementation).
Thanks to @Ry0taK for the bug report.
0.79.0:
Hugo 0.79.0 is a small, but useful release. You can now set custom .Params in
your menu configuration, and you can now also override deeply nested
snake_cased configuration variables with OS environment variables. Other than
that we have refreshed all the core upstream dependencies. A special thanks to
@alecthomas (some new Chroma lexers and fixes) and @evanw (ESBuild).
This release represents 33 contributions by 8 contributors to the main Hugo
code base. @bep leads the Hugo development with a significant amount of
contributions, but also a big shoutout @AdamKorcz, and @davidejones for their
ongoing contributions. And a big thanks to @digitalcraftsman for his relentless
work on keeping the themes site in pristine condition and to @davidsneighbour,
@coliff and @kaushalmodi for all the great work on the documentation site.
Many have also been busy writing and fixing the documentation in hugoDocs,
which has received 13 contributions by 11 contributors. A special thanks to
@Valac01, @bep, @mhansen, and @chanjarster for their work on the documentation
site.
Enhancements
Templates
* Add more layout lookup tests 34061706 @moorereason #7964
Other
* bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 17e0bbe8 @dependabot[bot]
* Allow setting the delimiter used for setting config via OS env, e.g. HUGO_
7e223b3b @bep #7829
* Update to github.com/evanw/esbuild 0.8.11 to 0.8.14 8a6e7060 @bep #7986
* bump github.com/google/go-cmp from 0.5.2 to 0.5.3 6f7633df @dependabot[bot]
* Remove unneeded meta tag from blog example a546059a @coliff
* bump github.com/getkin/kin-openapi from 0.30.0 to 0.31.0 b5d906e3
@dependabot[bot]
* Regen docshelper fd70bdaf @bep
* Add menu params 8f5c9a74 @davidejones #7951
* Preserve url set in frontmatter without sanitizing e4fcb672 @satotake #6007
* Add file deleted by accident 18c13adc @bep #7972
* Regenerate docshelper" 20a35374 @bep #7972
* Regenerate docshelper caf16c20 @bep
* Update to Chroma v0.8.2 b298c06e @bep #7970
* bump github.com/evanw/esbuild from 0.8.8 to 0.8.11 55e290af @dependabot
[bot]
* bump github.com/getkin/kin-openapi from 0.26.0 to 0.30.0 506a190a
@dependabot[bot]
* bump github.com/evanw/esbuild from 0.8.6 to 0.8.8 fc81de64 @dependabot[bot]
* Let ESBuild handle all imports from node_modules 78f227b6 @bep #7948
* bump github.com/evanw/esbuild from 0.8.5 to 0.8.6 5e03f644 @dependabot[bot]
* bump github.com/evanw/esbuild from 0.8.4 to 0.8.5 a92ef20f @dependabot[bot]
* bump github.com/getkin/kin-openapi from 0.22.1 to 0.26.0 0d54a844
@dependabot[bot]
* Update GH docs to say "main" as default branch 943f3c93 @maco
* Updated year in header 4f20bf29 @AdamKorcz
* Added first fuzzer 4c613d5d @AdamKorcz
* bump github.com/frankban/quicktest from 1.11.1 to 1.11.2 82a182e5
@dependabot[bot]
* bump golang.org/x/text from 0.3.3 to 0.3.4 dfc662b2 @dependabot[bot]
* bump github.com/evanw/esbuild from 0.8.3 to 0.8.4 2f0917cc @dependabot[bot]
* Disable NPM test on Travis on Windows 3437174c @bep
* Install nodejs on Windows f66302ca @bep
* Remove external source map option 944150ba @bep #7932
Fixes
Other
* Fix memory usage in writeStats d162bbd7 @bep #7945
* Fix server rebuild issue with partials referenced from render hooks
e442cf30 @bep #7990
* Misc fixes bf2837a3 @bep #7924#7923
CHangelog:
What's New in SeaMonkey 2.53.6
SeaMonkey 2.53.6 contains (among other changes) the following major changes
relative to SeaMonkey 2.53.5.1:
* Improve usability of multiple mailboxes/folders selectionbug 1600103.
* Add Greek localisation (el).
* Remove more RDF from mailnews code.
* Switch to mozilla as topsrcdir and component for building is comm/suite
now.
* Rust support is now up to 1.48 and official build is now using 1.47.0
* Various security and general platform fixes.
SeaMonkey 2.53.6 contains (among other changes) the following major changes
relative to SeaMonkey 2.49.5:
* The Bookmarks Manager has switched its name to Library, and now also
includes the History list. When invoking History, the Library will be shown
with the History list selected. The extensive modifications were needed
because of Mozilla Gecko platform API changes.
* Download Manager has been migrated to a new API. Although it looks pretty
much the same as before, the search option is missing and some other minor
details work differently. The previous downloads history is removed during
the upgrade.
* The layout panel was added to the CSS Grid tools.
* TLS 1.3 is the default SSL version now.
* The only NPAPI plugin which will work with SeaMonkey 2.53.6 is Flash.
Support for other NPAPI plugins like Java and Silverlight has been removed.
For displaying pdf files in the browser you can use pdf.js-seamonkey from
Isaac Schemm.
* SeaMonkey now uses a new api for formatting regional data like time and
date. Default is to use the application locale of the current SeaMonkey
build. If you use a language pack or a different OS formatting this is
usually not desired. You can change the formatting from the application
locale to the regional settings locale (OS) in the preferences dialog under
"Appearance".
SeaMonkey 2.53.6 uses the same backend as Firefox and contains the relevant
Firefox 60.8 security fixes.
SeaMonkey 2.53.6 shares most parts of the mail and news code with Thunderbird.
Please read the Thunderbird 60.0 release notes for specific changes and
security fixes in this release.
Additional important security fixes up to Current Firefox 78.6 ESR and a few
enhancements have been backported. We will continue to enhance SeaMonkey
security in subsequent 2.53.x beta and release versions as fast as we are able
to.
SeaMonkey-specific changes
* SeaMonkey now uses gtk3 on Linux. If you experience a problem because of
this please file a bug and link it to bug 1367257. Please try another OS
theme first. Some of them are buggy and cause problems with SeaMonkey,
Thunderbird and Firefox.
upstream changes:
-----------------
7.4.0 (2021-02-04)
Features and enhancements
CDN: Adds support for serving assets over a CDN. #30691, @torkelo
DashboardLinks: Support variable expression in to tooltip - Issue #30409. #30569, @huynhsamha
Explore: Set Explore's GraphNG to be connected. #30707, @ivanahuckova
InfluxDB: Add http configuration when selecting InfluxDB v2 flavor. #30827, @aocenas
InfluxDB: Show all datapoints for dynamically windowed flux query. #30688, @davkal
Loki: Improve live tailing errors. #30517, @ivanahuckova
Bug fixes
Admin: Fixes so form values are filled in from backend. #30544, @hugohaggmark
Admin: Fixes so whole org drop down is visible when adding users to org. #30481, @hugohaggmark
Alerting: Hides threshold handle for percentual thresholds. #30431, @hugohaggmark
CloudWatch: Prevent field config from being overwritten. #30437, @sunker
Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1. #30519, @torkelo
Explore: Fix jumpy live tailing. #30650, @ivanahuckova
Explore: Fix loading visualisation on the top of the new time series panel. #30553, @ivanahuckova
Footer: Fixes layout issue in footer. #30443, @torkelo
Graph: Fixes so only users with correct permissions can add annotations. #30419, @hugohaggmark
Mobile: Fixes issue scrolling on mobile in chrome. #30746, @torkelo
PanelEdit: Trigger refresh when changing data source. #30744, @torkelo
Panels: Fixes so panels are refreshed when scrolling past them fast. #30784, @hugohaggmark
Prometheus: Fix show query instead of Value if no name and metric. #30511, @zoltanbedi
TimeSeriesPanel: Fixes default value for Gradient mode. #30484, @torkelo
Variables: Clears drop down state when leaving dashboard. #30810, @hugohaggmark
Variables: Fixes display value when using capture groups in regex. #30636, @hugohaggmark
Variables: Fixes so queries work for numbers values too. #30602, @hugohaggmark
Variables: Fixes so text format will show All instead of custom all value. #30730, @hugohaggmark
Plugin development fixes & changes
Plugins: Fix failing plugin builds because of wrong internal import. #30439, @aocenas
7.4.0-beta1 (2021-01-20)
Features and enhancements
API: Add ID to snapshot API responses. #29600, @AgnesToulet
AlertListPanel: Add options to sort by Time(asc) and Time(desc). #29764, @dboslee
AlertListPanel: Changed alert url to to go the panel view instead of panel edit. #29060, @zakiharis
Alerting: Add support for Sensu Go notification channel. #28012, @nixwiz
Alerting: Add support for alert notification query label interpolation. #29908, @wbrowne
Annotations: Remove annotation_tag entries as part of annotations cleanup. #29534, @dafydd-t
Azure Monitor: Add Microsoft.Network/natGateways. #29479, @JoeyLemur
Backend plugins: Support Forward OAuth Identity for backend data source plugins. #27055, @billoley
Cloud Monitoring: MQL support. #26551, @mtanda
CloudWatch: Add 'EventBusName' dimension to CloudWatch 'AWS/Events' namespace. #28402, @tomdaly
CloudWatch: Add support for AWS DirectConnect ConnectionErrorCount metric. #29583, @haeringer
CloudWatch: Add support for AWS/ClientVPN metrics and dimensions. #29055, @marefr
CloudWatch: Added HTTP API Gateway specific metrics and dimensions. #28780, @karlatkinson
Configuration: Add an option to hide certain users in the UI. #28942, @AgnesToulet
Currency: Adds Indonesian IDR currency. #28363, @hiddenrebel
Dashboards: Delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder. #28826, @AgnesToulet
Dependencies: Update angularjs to 1.8.2. #28736, @torkelo
Docker: Use root group in the custom Dockerfile. #28639, @chugunov
Elasticsearch: Add Moving Function Pipeline Aggregation. #28131, @simianhacker
Elasticsearch: Add Support for Serial Differencing Pipeline Aggregation. #28618, @simianhacker
Elasticsearch: Deprecate browser access mode. #29649, @Elfo404
Elasticsearch: Interpolate variables in Filters Bucket Aggregation. #28969, @Elfo404
Elasticsearch: Support extended stats and percentiles in terms order by. #28910, @simianhacker
Elasticsearch: View in context feature for logs. #28764, @simianhacker
Explore/Logs: Alphabetically sort unique labels, labels and parsed fields. #29030, @ivanahuckova
Explore/Logs: Update Parsed fields to Detected fields. #28881, @ivanahuckova
Field overrides: Added matcher to match all fields returned by a specific query. #28872, @mckn
Graph: Add support for spline interpolation (smoothing) added in new time series panel. #4303
Instrumentation: Add histograms for database queries. #29662, @dafydd-t
Jaeger: Remove browser access mode. #30349, @zoltanbedi
LogsPanel: Don't show scroll bars when not needed. #28972, @aocenas
Loki: Add query type and line limit to query editor in dashboard. #29356, @ivanahuckova
Loki: Add query type selector to query editor in Explore. #28817, @ivanahuckova
Loki: Retry web socket connection when connection is closed abnormally. #29438, @ivanahuckova
MS SQL: Integrated security. #30369, @daniellee
Middleware: Add CSP support. #29740, @aknuds1
OAuth: Configurable user name attribute. #28286, @alexanderzobnin
PanelEditor: Render panel field config categories as separate option group sections. #30301, @dprokop
Postgres: SSL certification. #30352, @ying-jeanne
Prometheus: Add support for Exemplars. #28057, @zoltanbedi
Prometheus: Improve autocomplete performance and remove disabling of dynamic label lookup. #30199, @ivanahuckova
Prometheus: Update default query type option to "Both" in Explore query editor. #28935, @ivanahuckova
Prometheus: Use customQueryParameters for all queries. #28949, @alexbumbacea
Security: Prefer server cipher suites for http2. #29379, @bergquist
Security: Remove insecure cipher suit as default option. #29378, @bergquist
StatPanels: Add new calculation option for percentage difference. #26369, @jedstar
StatPanels: Change default stats option to "Last (not null)". #28617, @ryantxu
Table: migrate old-table config to new table config. #30142, @jackw
Templating: Custom variable edit UI, change options input into textarea. #28322, @darrylsepeda
TimeSeriesPanel: The new graph panel now supports y-axis value mapping. #30272, @torkelo
Tracing: Tag spans with user login and datasource name instead of id. #29183, @bergquist
Transformations: Add "Rename By Regex" transformer. #29281, @simianhacker
Transformations: Added new transform for excluding and including rows based on their values. #26884, @Totalus
Transforms: Add sort by transformer. #30370, @ryantxu
Variables: Add deprecation warning for value group tags. #30160, @torkelo
Variables: Added __user.email to global variable. #28853, @mckn
Variables: Adds description field. #29332, @hugohaggmark
Variables: Adds variables inspection. #25214, @hugohaggmark
Variables: New Variables are stored immediately. #29178, @hugohaggmark
Zipkin: Remove browser access mode. #30360, @zoltanbedi
Bug fixes
API: Query database from /api/health endpoint. #28349, @ceh
Alerting: Return proper status code when trying to create alert notification channel with duplicate name or uid. #28043, @jgulick48
Auth: Fix default maximum lifetime an authenticated user can be logged in. #30030, @papagian
Backend: Fix IPv6 address parsing erroneous. #28585, @taciomcosta
CloudWatch: Make sure stats grow horizontally and not vertically in the Query Editor. #30106, @sunker
Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data. #28761, @torkelo
Dashboards: Hide playlist edit functionality from viewers and snapshots link from unauthenticated users. #28992, @jackw
Data source proxy: Convert 401 HTTP status code from data source to 400. #28962, @aknuds1
Decimals: Improving auto decimals logic for high numbers and scaled units. #30262, @torkelo
Elasticsearch: Fix date histogram auto interval handling for alert queries. #30049, @simianhacker
Elasticsearch: Fix index pattern not working with multiple base sections. #28348, @tomdaly
Explore: Clear errors after running a new query. #30367, @ivanahuckova
Graph: Fixes stacking issues like floating bars when data is not aligned. #29051, @torkelo
Graph: Staircase and null value=null calculates auto Y-Min incorrectly (fixed in new Time series panel). #12995
Graph: Staircase mode, do now draw line segment from zero when drawing null values as null (Fixed in new Time series panel). #17838
Image uploader: Fix uploading of images to GCS. #26493, @gastonqiu
Influx: Fixes issue with many queries being issued as you type in the variable query field. #29968, @dprokop
Logs Panel: Fix inconsistent highlighting. #28971, @ivanahuckova
Logs Panel: Fixes problem dragging scrollbar inside logs panel. #28974, @aocenas
Loki: Fix hiding of series in table if labels have number values. #30185, @ivanahuckova
Loki: Lower min step to 1ms. #30135, @ivanahuckova
Loki: Remove showing of unique labels with the empty string value. #30363, @ivanahuckova
Loki: Timeseries should not produce 0-values for missing data. #30116, @davkal
Plugins: Fix panic when using complex dynamic URLs in app plugin routes. #27977, @cinaglia
Prometheus: Fix link to Prometheus graph in dashboard. #29543, @ivanahuckova
Provisioning: Build paths in an os independent way. #29143, @amattheisen
Provisioning: Fixed problem with getting started panel being added to custom home dashboard. #28750, @torkelo
SAML: Fixes bug in processing SAML response with empty element by updating saml library (Enterprise). #29991, @alexanderzobnin
SQL: Define primary key for tables without it. #22255, @azhiltsov
Tracing: Fix issue showing more than 300 spans. #29377, @zoltanbedi
Units: Changes FLOP/s to FLOPS and some other rates per second units get /s suffix. #28825, @Berbe
Variables: Fixes Constant variable persistence confusion. #29407, @hugohaggmark
Variables: Fixes Textbox current value persistence. #29481, @hugohaggmark
Variables: Fixes loading with a custom all value in url. #28958, @hugohaggmark
Variables: Fixes so clicking on Selected in drop down will exclude All value from selection. #29844, @hugohaggmark
Breaking changes
Constant variables
In order to minimize the confusion with Constant variable usage, we've removed the ability to make Constant variables visible. This change will also migrate all existing visible Constant variables to Textbox variables because which we think this is a more appropriate type of variable for this use case. Issue #29407
Plugin compatibility
We have upgraded AngularJS from version 1.6.6 to 1.8.2. Due to this upgrade some old angular plugins might stop working and will require a small update. This is due to the deprecation and removal of pre-assigned bindings. So if your custom angular controllers expect component bindings in the controller constructor you need to move this code to an $onInit function. For more details on how to migrate AngularJS code open the migration guide and search for pre-assigning bindings.
In order not to break all angular panel plugins and data sources we have some custom angular inject behavior that makes sure that bindings for these controllers are still set before constructor is called so many old angular panels and data source plugins will still work. Issue #28736
Deprecations
Query variable value group tags
This option to group query variable values into groups by tags has been an experimental feature since it was introduced. It was introduced to work around the lack of tags support in time series databases at the time. Now that tags (ie. labels) are the norm there is no longer any great need for this feature. This feature will be removed in Grafana v8 later this year. Issue #30160
Plugin development fixes & changes
AngularPlugins: Angular controller events emitter is now a separate emitter and not the same as PanelModel events emitter. #30379, @torkelo
FieldConfig API: Add ability to hide field option or disable it from the overrides. #29879, @dprokop
Select: Changes default menu placement for Select from auto to bottom. #29837, @hugohaggmark
Collapse: Allow component children to use height: 100% styling. #29776, @aocenas
DataSourceWithBackend: Throw error if health check fails in DataSourceWithBackend. #29743, @aocenas
NodeGraph: Add node graph visualization. #29706, @aocenas
FieldColor: Handling color changes when switching panel types. #28875, @dprokop
CodeEditor: Added support for javascript language. #28818, @ae3e
grafana/toolkit: Allow builds with lint warnings. #28810, @dprokop
grafana/toolkit: Drop console and debugger statements by default when building plugin. #28776, @dprokop
Card: Add new Card component. #28216, @Clarity-89
FieldConfig: Implementation slider editor (#27592). #28007, @isaozlerfm
MutableDataFrame: Remove unique field name constraint and values field index and unused/seldom used stuff. #27573, @torkelo
7.3.7 (2021-01-14)
Bug fixes
Auth: Add missing request headers to SigV4 middleware allowlist. #30115, @wbrowne
Elasticsearch: Sort results by index order as well as @timestamp. #29761, @STEELBADGE
SAML: Fixes bug in processing SAML response with empty element by updating saml library (Enterprise). #30179, @alexanderzobnin
SeriesToRows: Fixes issue in transform so that value field is always named Value. #30054, @torkelo
7.3.6 (2020-12-17)
Security
SAML: Fixes encoding/xml SAML vulnerability in Grafana Enterprise. #29875
7.3.5 (2020-12-10)
Features and enhancements
Alerting: Improve Prometheus Alert Rule error message. #29390, @wbrowne
Bug fixes
Alerting: Fix alarm message formatting in Dingding. #29482, @tomowang
AzureMonitor: Fix unit translation for MilliSeconds. #29399, @secustor
Instrumentation: Fix bug with invalid handler label value for HTTP request metrics. #29529, @bergquist
Prometheus: Fixes problem where changing display name in Field tab had no effect. #29441, @zoltanbedi
Tracing: Fixed issue showing more than 300 spans. #29377, @zoltanbedi
7.3.4 (2020-11-24)
Bug fixes
Dashboard: Fixes kiosk state after being redirected to login page and back. #29273, @torkelo
InfluxDB: Update flux library to fix support for boolean label values. #29310, @ryantxu
Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests. #29330, @wbrowne
Table: Fixes issues with phantom extra 0 for zero values. #29165, @dprokop
7.3.3 (2020-11-17)
Bug fixes
Cloud monitoring: Fix for multi-value template variable for project selector. #29042, @papagian
LogsPanel: Fixes problem dragging scrollbar inside logs panel. #28974, @aocenas
Provisioning: Fixes application not pinned to the sidebar when it's enabled. #29084, @alexanderzobnin
StatPanel: Fixes hanging issue when all values are zero. #29077, @torkelo
Thresholds: Fixes color assigned to null values. #29010, @torkelo
7.3.2 (2020-11-11)
Features / Enhancements
CloudWatch Logs: Change how we measure query progress. #28912, @aocenas
Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder. #28826, @AgnesToulet
Gauge: Improve font size auto sizing. #28797, @torkelo
Short URL: Cleanup unvisited/stale short URLs. #28867, @wbrowne
Templating: Custom variable edit UI, change options input into textarea. #28322, @darrylsepeda
Bug Fixes
Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data. #28761, @torkelo
Dashboard: fix view panel mode for Safari / iOS. #28702, @jackw
Elasticsearch: Exclude pipeline aggregations from order by options. #28620, @simianhacker
Panel inspect: Interpolate variables in panel inspect title. #28779, @dprokop
Prometheus: Fix copy paste behaving as cut and paste. #28622, @aocenas
StatPanels: Fixes auto min max when latest value is zero. #28982, @torkelo
TableFilters: Fixes filtering with field overrides. #28690, @hugohaggmark
Templating: Speeds up certain variable queries for Postgres MySql MSSql. #28686, @hugohaggmark
Units: added support to handle negative fractional numbers. #28849, @mckn
Variables: Fix backward compatibility in custom variable options that contain colon. #28896, @mckn
Changes:
1.0.0
=====
This is the last release that will support Python 2.7. Thanks to the
many contributors that made this release possible!
Main changes
------------
- Added support for Python 3.8 and 3.9.
- StatefulBrowser has new properties page, form, and url, which can be
used in place of the methods get_current_page, get_current_form and
get_url respectively (e.g. the new x.page is equivalent to
x.get_current_page()). These methods may be deprecated in a future
release. [#175]
- StatefulBrowser.form will raise an AttributeError instead of
returning None if no form has been selected yet. Note that
StatefulBrowser.get_current_form() still returns None for backward
compatibility.
Bug fixes
---------
- Decompose <select> elements with the same name when adding a new
input element to a form. [#297]
- The params and data kwargs passed to submit will now properly be
forwarded to the underlying request for GET methods (whereas previously
params was being overwritten by data). [#343]
* Set new HOMEPAGE and MASTER_SITES.
Changelog:
Changes in release neon 0.31.2, 20th June 2020
Fix ne_md5_read_ctx() with OpenSSL on big-endian architectures.
Fix GCC 10 warning in PKCS#11 build.
Fix OpenSSL build w/o deprecated APIs (Rosen Penev).
Fix unnecessary MD5 test for non-Digest auth (Sebastian Reschke).
Fix hang on SSL connection close with IIS (issue #11).
Fix ar, ranlib detection when cross-compiling (Sergei Trofimovich).
Changes in release neon 0.31.1, 17th April 2020
ADMIN: The neon website has moved to https://notroj.github.io/neon/
Restore ne_md5_read_ctx() in OpenSSL build.
Fix gcc warnings on Ubuntu (Jan-Marek Glogowski).
Fix various spelling mistakes in docs and headers (thanks to FOSSIES).
Fix ne_asctime_parse() (Eugenij-W).
Fix build with LibreSSL (Juan RP).
Changes in release neon 0.31.0, 24th March 2020
Interface changes:
none, API and ABI backwards-compatible with 0.27.x and later
New interfaces and features:
add more gcc “nonnull” attributes to ne_request_* functions.
for OpenSSL builds, ne_md5 code uses the OpenSSL implementation
add NE_SESSFLAG_SHAREPOINT session flag which enables workarounds< for RFC non-compliance issues in Sharepoint (thanks to Jan-Marek Glogowski and Giuseppe Castagno)
ne_uri.h: add ne_path_escapef() in support of above
ne_207.h: add ne_207_set_flags() likewise in support of above
API clarification:
ne_version_match() behaviour now matches actual 0.27+ ABI history
Bug fixes:
fixes for OpenSSL 1.1.1 and TLSv1.3 support
fix crash with GnuTLS in client cert support (Henrik Holst)
fix possible crash in ne_set_request_flag()
fix build with libxml2 2.9.10 and later
fix handling lock timeouts >LONG_MAX (Giuseppe Castagno)
Changelog:
Fixed
Security fix
Prevent access to NTFS special paths that could lead to filesystem corruption.
Fixed a crash when authenticating to websites using SPNEGO on macOS devices with Apple Silicon CPUs (bug 1685427).
Avoid printing an extra blank page at the end of some documents (bug 1689789).
Fixed a browser crash in case of unexpected Cache API state (bug 1684838).
Fixed external URL scheme handlers when using the Firefox flatpak (bug 1688966)
Security fix:
#MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures
Changelog:
Fixed
Security fix
Prevent access to NTFS special paths that could lead to filesystem corruption.
Security fix:
#MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures
0.12.3
Fixed
- Abort SSL connections on close rather than waiting for remote EOF when using `asyncio`.
- Fix exception raised in case of connect timeouts when using the `anyio` backend.
- Fix `Host` header precedence for `:authority` in HTTP/2.
- Handle extra edge case when detecting for socket readability when using `asyncio`.
- Fix `asyncio` SSL warning when using proxy tunneling.
