Version 2.4.0
- Allowed configuration of the Django settings module to be used via a
commandline argument
- If Django settings are not specified via a commandline argument or environment
variable, an error is issued but defaults are loaded from Django, removing the
fatal error behaviour.
- Fixed tests to work with pylint>2.6
- Fixed ``AttributeError: 'Subscript' object has no attribute 'name'`` error.
- Pin Faker version to Prevent Asteroid Crash
- Remove Python 3.5 Support (EOL since Sept 2020 and Faker requires 3.6 anyway)
- Fixed reverse manager ``update_or_create`` calls
## 3.0.10
* Adds support for PPC64 and ARM64 builds for distribution.
Thanks @sreekanth370
* Fixes warnings for invalid escape sequences Thanks @tirkarthi
Django 3.1.5 fixes several bugs in 3.1.4.
Fixed __isnull=True lookup on key transforms for JSONField with Oracle and SQLite.
Fixed a bug in Django 3.1 that caused a crash when processing middlewares in an async context with a middleware that raises a MiddlewareNotUsed exception.
Fixed a regression in Django 3.1 that caused the incorrect prefixing of STATIC_URL and MEDIA_URL settings, by the server-provided value of SCRIPT_NAME (or / if not set), when set to a URL specifying the protocol but without a top-level domain, e.g. http://myhost/
0.13.3
Fixed
Prevent swallowing of return codes from subprocess when running with Gunicorn by properly resetting signals.
Tweak detection of app factories to be more robust. A warning is now logged when passing a factory without the --factory flag.
Properly clean tasks when handshake is aborted when running with --ws websockets.
Mon 28 Dec 2020 21:36:00 MSK
Releasing libmicrohttpd 0.9.72. -EG
Mon 28 Dec 2020 09:37:00 MSK
Completely reworked and rewritten TCP_CORK, TCP_NOPUSH, TCP_NODELAY and
MSG_MORE handling. Reduced number of sys-calls, fixed portability for
FreeBSD, OpenBSD, NetBSD, Darwin, W32, Solaris.
Removed usage of gnutls_record_cork() as it fully blocks stream until
final block is ready.
Fixed compatibility with C90 compilers.
Really started using sendmsg() for header + body combined single-call
response sending.
Fixed sending of response body by sendmsg() when it shouldn't be sent,
like responses for HEAD requests.
Improved error handling for gnutls_record_send().
Updated W32 resources for .DLLs.
Fixed building with various disabled features (like messages, HTTPS,
http-upgrade, authorization etc.)
Fixed possible SIGPIPE generation when sendfile() is used (it was always
possible on Linux that sendfile() produce SIGPIPE, now it's fixed).
Several compiler warnings muted and/or fixed in the lib code and in
the examples. -EG
Sun 01 Nov 2020 17:17:00 MSK
Fixed conflict with system CPU_COUNT macro.
Minor improvements of error reporting in MHD daemon.
Fixed FTBFS with GnuTLS versions before 3.1.9
Fixed test_add_conn for multi-CPU machines.
Fixed analyzer warnings.
Fixed use-after-free and resources leaks for upgraded connections
in TLS mode with thread-per-connection. -EG
Sun 25 Oct 2020 19:31:00 MSK
Fixed epoll mode without listening socket.
Minor improvements of thread sync.
Fixed broken sendfile on FreeBSD.
Fixed broken MHD with thread-pool and without listening socket.
Added four tests for MHD_add_connection().
Fixed several resources leaks in error handlers.
Re-implemented scheme of handling of externally added connections,
fixed thread-safety. -EG
Wed 21 Oct 2020 10:00:58 AM CEST
Corking should be OFF when sending the footer (#6610). -AP/CG
Wed 07 Oct 2020 11:07:00 MSK
W32 default target version changed to Vista, XP is still supported.
Minor fixes and additional asserts for memorypool.
IPv6 tests are not used if IPv6 is disabled at run-time. -EG
Sun 27 Sep 2020 10:08:03 PM CEST
Fixed incorrect triggering of epoll edge polling for
"upgraded" TLS connections. Fixed a few cases where
gnutls_record_uncork() return value was still ignored,
possibly causing buffer to not be flushed correctly. -CG
Sat 26 Sep 2020 08:18:02 PM CEST
Make MHD_USE_NO_LISTEN_SOCKET work in conjunction with
MHD internal threads. -CG/DE
Thu 24 Sep 2020 16:55:00 MSK
Fixed compiler warnings on W32.
Minor optimisation of MHD_YES/MHD_NO internal usage.
Refactor and cleanup of internal debugging macros.
Updated HTTP status codes, header names and methods from
the registries.
Fixed portability of test_upgrade_large.
Minor testsuite fixes.
Restored parallel build of libmicrohttpd (except tests). -EG
Fri 11 Sep 2020 10:08:22 PM CEST
Fix crash problem in PostProcessor reported by MD. -CG
Fix GnuTLS configure test to check for gnutls_record_uncork. -CG
Wed 19 Aug 2020 09:40:39 AM CEST
Add logic to check on MHD_pool_reallocate() failure reported on the
mailinglist (will NOT yet fix the issue). -CG
Sun 26 Jul 2020 01:56:54 PM CEST
Add MHD_create_response_from_pipe() to allow creating a response based
on data read from a pipe. -CG
Fri Jul 10 15:04:51 CEST 2020
Fixed Postprocessor URL-encoded parsing if '%' fell on boundary. -CG/MD
Thu 02 Jul 2020 09:56:23 PM CEST
Fixed return type of MHD_queue_basic_auth_fail_response. -CA/CG
pkgsrc change:
* add LICENSE.
* remove restriction to PHP versions.
1.1.3 (2020-01-28)
- Improved documentation and examples included in the release package
1.1.2 (2020-01-26)
- PHP 8 compatibility; this now builds on PHP 5, PHP 7, and PHP 8
1.1.1 (2020-01-26)
- Mark maximum PHP version as 8.0.0; this will not build on PHP 8
1.1.0 (2020-01-26)
- PHP 7 compatibility
pkgsrc change: Switch to use PHP_VERSIONS_INCOMPATIBLE.
5.1.19 (2020-10-05)
- Fixed apcu_store() with integer keys (#388).
- Made apc.use_request_time=0 the default (#391).
- Made apcu compatible with PHP 8.0.
Changelog:
Fixed
* Fixed problems loading secure websites and crashes for users with certain
third-party PKCS11 modules and smartcards installed (bug 1682881).
* Fixed slower than expected performance and flickering on Canvas elements
for some Windows users (bug 1683116).
* Fixed a bug causing some Unity JS games to not load on Apple Silicon
devices due to improper detection of the OS version (bug 1680516).
* Fixed crashes caused by various third-party antivirus software.
=== RELEASE 2.21 ===
Sun Aug 2 15:26:02 cet 2020 mikulas:
Workaround for a crash on OS/2 caused by gcc3 bug
Thu Apr 16 18:17:39 CEST 2020 Emir Yasin SARI <bitigchi@me.com>:
Updated Turkish translation
Wed Jan 8 18:25:17 CET 2020 mikulas:
Fix a bug that textarea was broken if it immediatelly followed a list
Sun Nov 3 09:33:08 CET 2019 pluvano <me@pluvano.com>:
Delete the 4-pixel border in Xwindow
Tue Oct 8 20:26:47 CEST 2019 mikulas:
Fix a bug that an image would not be properly resized sometimes
Security Vulnerabilities fixed in Firefox ESR 78.6
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized
memory to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
#CVE-2020-26978: Internal network hosts could have been probed by a
malicious webpage
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
Changelog:
New
* Native support for macOS devices built with Apple Silicon CPUs brings
dramatic performance improvements over the non-native build that was
shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps
are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest Firefox.
* WebRender rolls out to MacOS Big Sur, Windows devices with Intel Gen 6
GPUs, and Intel laptops running Windows 7 and 8. Additionally we'll ship an
accelerated rendering pipeline for Linux/GNOME/X11 users for the first
time, ever!
* Firefox now uses more modern techniques for allocating shared memory on
Linux, improving performance and increasing compatibility with Docker.
* Firefox 84 is the final release to support Adobe Flash.
Fixed
* Various security fixes
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory
to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26972: Use-After-Free in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
#CVE-2020-26975: Malicious applications on Android could have induced Firefox
for Android into sending arbitrary attacker-specified headers
#CVE-2020-26976: HTTPS pages could have been intercepted by a registered
service worker when they should not have been
#CVE-2020-26977: URL spoofing via unresponsive port in Firefox for Android
#CVE-2020-26978: Internal network hosts could have been probed by a malicious
webpage
#CVE-2020-26979: When entering an address in the address or search bars, a
website could have redirected the user before they were navigated to the
intended url
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
Changes with nginx 1.19.6 15 Dec 2020
*) Bugfix: "no live upstreams" errors if a "server" inside "upstream"
block was marked as "down".
*) Bugfix: a segmentation fault might occur in a worker process if HTTPS
was used; the bug had appeared in 1.19.5.
*) Bugfix: nginx returned the 400 response on requests like
"GET http://example.com?args HTTP/1.0".
*) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module.
And while here, also update naxsi to 1.3.
Changes for naxsi 1.3:
*) Fixed regression on FILE_EXT confusion
*) Documented id 19 and 20 to rules
Changelog:
Version 20.0.4 December 17 2020
Changes
* Avoid dashboard crash when accessibility app is not installed (server#
24636)
* Bump ini from 1.3.5 to 1.3.7 (server#24649)
* Handle owncloud migration to latest release (server#24653)
* Use string for storing a OCM remote id (server#24654)
* Fix MySQL database size calculation (serverinfo#262)
* Bump cypress-io/github-action@v2 (viewer#722)
* Fix] sidebar opening animation (viewer#723)
* Fix not.exist cypress and TESTING checks (viewer#725)
Note: the main improvement in this very small release is the migration support.
Version 20.0.3 December 10 2020
Changes
* Check quota of subdirectories when uploading to them (server#24181)
* CircleId too short in some request (server#24196)
* Missing level in ScopedPsrLogger (server#24212)
* Fix nextcloud logo in email notifications misalignment (server#24228)
* Allow selecting multiple columns with SELECT DISTINCT (server#24230)
* Use file name instead of path in 'not allowed to share' message (server#
24231)
* Fix setting images through occ for theming (server#24232)
* Use regex when searching on single file shares (server#24239)
* Harden EncryptionLegacyCipher a bit (server#24249)
* Update ScanLegacyFormat.php (server#24258)
* Simple typo in comments (server#24259)
* Use correct year for generated birthdays events (server#24263)
* Delete files that exceed trashbin size immediately (server#24297)
* Update sabre/xml to fix XML parsing errors (server#24311)
* Only check path for being accessible when the storage is a object home
(server#24325)
* Avoid empty null default with value that will be inserted anyways (server#
24333)
* Fix contacts menu position and show uid as a tooltip (server#24342)
* Fix the config key on the sharing expire checkbox (server#24346)
* Set the display name of federated sharees from addressbook (server#24353)
* Catch storage not available in versions expire command (server#24367)
* Use proper bundles for files client and fileinfo (server#24377)
* Properly encode path when fetching inherited shares (server#24387)
* Formatting remote sharer should take protocol, path into account (server#
24391)
* Make sure we add new line between vcf groups exports (server#24443)
* Fix public calendars shared to circles (server#24446)
* Store scss variables under a different prefix for each theming config
version (server#24453)
* External storages: save group ids not display names in configuration
(server#24455)
* Use correct l10n source in files_sharing JS code (server#24462)
* Set frame-ancestors to none if none are filled (server#24477)
* Move the password fiels of chaging passwords to post (server#24478)
* Move the global password for files external to post (server#24479)
* Only attempt to move to trash if a file is not in appdata (server#24483)
* Fix loading mtime of new file in conflict dialog in firefox (server#24491)
* Harden setup check for TLS version if host is not reachable (server#24502)
* Fix file size computation on 32bit platforms (server#24509)
* Allow subscription to indicate that a userlimit is reached (server#24511)
* Set mountid for personal external storage mounts (server#24513)
* Only execute plain mimetype check for directories and do the fallback…
(server#24517)
* Fix vsprint parameter (server#24527)
* Replace abandoned log normalizer with our fork (server#24530)
* Add icon to user limit notification (server#24531)
* Also run repair steps when encryption is disabled but a legacy key is
present (server#24532)
* [3rdparty][security] Archive TAR to 1.4.11 (server#24534)
* Generate a new session id if the decrypting the session data fails (server#
24553)
* Revert "Do not read certificate bundle from data dir by default" (server#
24556)
* Dont use system composer for autoload checker (server#24557)
* Remember me is not an app_password (server#24563)
* Do not load nonexisting setup.js (server#24582)
* Update sabre/xml to fix XML parsing errors (3rdparty#529)
* Use composer v1 on CI (3rdparty#532)
* Bump pear/archive_tar from 1.4.9 to 1.4.11 (3rdparty#536)
* Replace abandoned log normalizer with our fork (3rdparty#543)
* Allow nullable values as subject params (activity#535)
* Don't log when unknown array is null (notifications#803)
* Feat/virtual grid (photos#550)
* Make sure we have a string to localecompare to (photos#583)
* Always get recommendations for dashboard if enabled (recommendations#336)
* Properly fetch oracle database information (serverinfo#258)
* Also register to urlChanged event to update RichWorkspace (text#1181)
* Move away from GET (text#1214)
pkgsrc changes:
- Remove ICU 68.1 patches applied upstream
Changes:
WebKitGTK 2.30.4
================
- Fix text data sent with WebSockets when using libsoup < 2.68.
- Fix the rendering on Raspberry Pi 3 using the proprietary video driver.
- Fix clipping of descedant layers of a mask layer.
- Fix the build with ICU 68.1.
3.1.0
Changes:
Improvement: pipchecker, sleep 60s if pypi raises a fault
Improvement: add django_zero_downtime_migrations to list of supported postgresql engines
Improvement: use list of supported database engines from settings for all database commands
Improvement: reset_db, documentation
Fix: tests, Python 3.9 fixes for some tests
Fix: runserver_plus, parsing of RUNSERVER_PLUS_EXTRA_FILES
3.0.9
Changes:
Improvement: runserver_plus, survive syntax and configuration errors part II
Improvement: tests, refactor test runner
Improvement: sqlcreate, support postgresql unix domain socket
3.0.8
Changes:
Improvement: setup.cfg, remove universal flag from wheel, we only support Python 3 and up
Improvement: sqlcreate, fixed mentioned of old syncdb
Fix: runserver_plus, stop catching SyntaxError since reload for it was not working properly
3.0.7
Changes:
Improvement: runserver_plus, survive syntax and configuration errors
Improvement: runscript, use exit-code 1 if script is not found
3.0.6
Changes:
Improvement: runscript, add --continue-on-error unless set runscript will exit on errors
Improvement: runscript, allow to return exit-code
Improvement: runscript, support raise CommandError(... returncode=...)
Improvement: runscript, run Django checks() and check_migrations() before executing scripts
Improvement: shell_plus, set application name on all postgresql backends
3.0.5
Changes:
Fix: runserver_plus, exceptions must derive from BaseException error
3.0.4
Changes:
Various cleanups
Deprecated using --router instead use --database
Locales: Indonesian and Polish, updated
Improvement: show_dsn, fix crash with django-postgres-extra
Improvement: print_settings, added wildcard support
Improvement: print_settings, added --fail option
Improvement: delete_squashed_migrations, add --database option
Improvement: runserver_plus, added RUNSERVER_PLUS_EXTRA_FILES setting
Improvement: runserver_plus, added runserver_plus_started signal
3.0.3
Changes:
New: InternalIPS, allows to specify CIDRs for INTERNAL_IPS
Docs: restructure toctree
3.0.2
Changes:
Fix: shell_plus, fix honouring SHELL_PLUS in settings.py
3.0.1
Changes:
Fix: setup.py, add python_requires and remove legacy trove classifiers
3.0.0
This is the first Django Extensions release which only targets Django 2.2 and above. It drops official support for Python 2.7.
Changes:
Removal of Python 2 support
Removal of deprecated keyczar encrypted fields EncryptedTextField and EncryptedCharField
Removal of deprecated passwd command
Removal of truncate_letters filter
Change: TimeStampedModel; Removed default ordering on abstract model
New: DjangoExtensionsConfig AppConfig
New: shell_plus, JupyterLab support
New: list_signals, List all signals by model and signal type
Improvement: shell_plus, use -- to directly pass additional arguments to Jupyter
Improvement: shell_plus, improvements to MySQL support
Improvement: jobs, use logging to record errors
Improvement: syncdata, added --remove-before flag
Improvement: graph_models, add field and model to template context
Fix: syncdata, fix non existent field in fixture data
Fix: pipchecker, compatibility with pip 20.1
v1.1.8
- Explicitly support Python v3.8
- Test Python v3.7 and v3.8 with CI
- Fix sample slideshow link in `setup.py`
v1.1.7
- Change "PrinceXML" references to "Prince"
- Upgrade `Jinja2` from v2.10 to v2.10.1
- Support `markdown` v3.0+
- Fix Prince integration for PDF output
- Use HTTPS URLs in generated HTML code
0.13.1
Fixed
Prevent exceptions when the ASGI application rejects a connection during the WebSocket handshake, when running on both --ws wsproto or --ws websockets.
Ensure connection scope doesn't leak in logs when using JSON log formatters.
Added devel/R-waldo version 0.2.3
Added devel/R-diffobj version 0.3.2
Added devel/R-brio version 1.1.0
Added www/R-diffviewer version 0.1.0
Updated sysutils/R-ps to 1.5.0
ChangeLog:
- We have two new lexers: one for OCL and one for ReScript.
- There are also fixes for the CMake, Crystal, JSL, Python, ReasonML
and Rust lexers.
Changelog for 8.5.61:
- Align the behaviour of ServletContext.getRealPath(String path) with the
recent clarification from the Servlet specification project. If the path
parameter does not start with / then Tomcat processes the call as if / is
appended to the beginning of the provided path.
- Fix a potential file descriptor leak when WebSocket connections are
attempted and fail.
- Ensure that the LoadBalancerDrainingValve uses the correct setting for the
secure attribute for any session cookies it creates.
Changelog for 8.5.60:
- Statistics are now available (via JMX) for HTTP/2, WebSocket and HTTP/1.1
upgraded connections
- Stability improvements for HTTP/2
- Improvements to error handling in the connection pool used by the JNDI
Realm
Changelog for 9.0.41:
- Align the behaviour of ServletContext.getRealPath(String path) with the
recent clarification from the Servlet specification project. If the path
parameter does not start with / then Tomcat processes the call as if / is
appended to the beginning of the provided path.
- Fix a potential file descriptor leak when WebSocket connections are
attempted and fail.
- Ensure that the LoadBalancerDrainingValve uses the correct setting for the
secure attribute for any session cookies it creates.
Changelog for 9.0.40:
- Statistics are now available (via JMX) for HTTP/2, WebSocket and HTTP/1.1
upgraded connections
- Stability improvements for HTTP/2
- Stability improvements for the NIO connector
0.13.0:
Added
Add --factory flag to support factory-style application imports.
Skip installation of signal handlers when not in the main thread. Allows using Server in multithreaded contexts without having to override .install_signal_handlers().
curl and libcurl 7.74.0
This release includes the following changes:
o hsts: add experimental support for Strict-Transport-Security
This release includes the following bugfixes:
o CVE-2020-8286: Inferior OCSP verification
o CVE-2020-8285: FTP wildcard stack overflow
o CVE-2020-8284: trusting FTP PASV responses
o acinclude: detect manually set minimum macos/ipod version
o alt-svc: enable (in the build) by default
o alt-svc: minimize variable scope and avoid "DEAD_STORE"
o asyn: use 'struct thread_data *' instead of 'void *'
o checksrc: warn on empty line before open brace
o CI/appveyor: disable test 571 in two cmake builds
o CI/azure: improve on flakiness by avoiding libtool wrappers
o CI/tests: enable test target on TravisCI for CMake builds
o CI/travis: add brotli and zstd to the libssh2 build
o cirrus: build with FreeBSD 12.2 in CirrusCI
o cmake: call the feature unixsockets without dash
o cmake: check for linux/tcp.h
o cmake: correctly handle linker flags for static libs
o cmake: don't pass -fvisibility=hidden to clang-cl on Windows
o cmake: don't use reserved target name 'test'
o cmake: make BUILD_TESTING dependent option
o cmake: make CURL_ZLIB a tri-state variable
o cmake: set the unicode feature in curl-config on Windows
o cmake: store IDN2 information in curl_config.h
o cmake: use libcurl.rc in all Windows builds
o configure: pass -pthread to Libs.private for pkg-config
o configure: use pkgconfig to find openSSL when cross-compiling
o connect: repair build without ipv6 availability
o curl.1: add an "OUTPUT" section at the top of the manpage
o curl.se: new home
o curl: add compatibility for Amiga and GCC 6.5
o curl: only warn not fail, if not finding the home dir
o curl_easy_escape: limit output string length to 3 * max input
o Curl_pgrsStartNow: init speed limit time stamps at start
o curl_setup: USE_RESOLVE_ON_IPS is for Apple native resolver use
o curl_url_set.3: fix typo in the RETURN VALUE section
o CURLOPT_DNS_USE_GLOBAL_CACHE.3: fix typo
o CURLOPT_HSTS.3: document the file format
o CURLOPT_NOBODY.3: fix typo
o CURLOPT_TCP_NODELAY.3: fix comment in example code
o CURLOPT_URL.3: clarify SCP/SFTP URLs are for uploads as well
o docs: document the 8MB input string limit
o docs: fix typos and markup in ETag manpage sections
o docs: Fix various typos in documentation
o examples/httpput: remove use of CURLOPT_PUT
o FAQ: refreshed
o file: avoid duplicated code sequence
o ftp: retry getpeername for FTP with TCP_FASTOPEN
o gnutls: fix memory leaks (certfields memory wasn't released)
o header.d: mention the "Transfer-Encoding: chunked" handling
o HISTORY: the new domain
o http3: fix two build errors, silence warnings
o http3: use the master branch of GnuTLS for testing
o http: pass correct header size to debug callback for chunked post
o http_proxy: use enum with state names for 'keepon'
o httpput-postfields.c: new example doing PUT with POSTFIELDS
o infof/failf calls: fix format specifiers
o libssh2: fix build with disabled proxy support
o libssh2: fix transport over HTTPS proxy
o libssh2: require version 1.0 or later
o Makefile.m32: add support for HTTP/3 via ngtcp2+nghttp3
o Makefile.m32: add support for UNICODE builds
o mqttd: fclose test file when done
o NEW-PROTOCOL: document what needs to be done to add one
o ngtcp2: adapt to recent nghttp3 updates
o ngtcp2: advertise h3 ALPN unconditionally
o ngtcp2: Fix build error due to symbol name change
o ngtcp2: use the minimal version of QUIC supported by ngtcp2
o ntlm: avoid malloc(0) on zero length user and domain
o openssl: acknowledge SRP disabling in configure properly
o openssl: free mem_buf in error path
o openssl: guard against OOM on context creation
o openssl: use OPENSSL_init_ssl() with >= 1.1.0
o os400: Sync libcurl API options
o packages/OS400: make the source code-style compliant
o quiche: close the connection
o quiche: remove 'static' from local buffer
o range.d: clarify that curl will not parse multipart responses
o range.d: fix typo
o Revert "multi: implement wait using winsock events"
o rtsp: error out on empty Session ID, unified the code
o rtsp: fixed Session ID comparison to refuse prefix
o rtsp: fixed the RTST Session ID mismatch in test 570
o runtests: return error if no tests ran
o runtests: revert the mistaken edit of $CURL
o runtests: show keywords when no tests ran
o scripts/completion.pl: parse all opts
o socks: check for DNS entries with the right port number
o src/tool_filetime: disable -Wformat on mingw for this file
o strerror: use 'const' as the string should never be modified
o test122[12]: remove these two tests
o test506: make it not run in c-ares builds
o tests/*server.py: close log file after each log line
o tests/server/tftpd.c: close upload file right after transfer
o tests/util.py: fix compatibility with Python 2
o tests: add missing global_init/cleanup calls
o tests: fix some http/2 tests for older versions of nghttpx
o tool_debug_cb: do not assume zero-terminated data
o tool_help: make "output" description less confusing
o tool_operate: --retry for HTTP 408 responses too
o tool_operate: bail out proper on errors during parallel transfers
o tool_operate: fix compiler warning when --libcurl is disabled
o tool_writeout: use off_t getinfo-types instead of doubles
o travis: use ninja-build for CMake builds
o travis: use valgrind when running tests for debug builds
o urlapi: don't accept blank port number field without scheme
o urlapi: URL encode a '+' in the query part
o urldata: remove 'void *protop' and create the union 'p'
o vquic/ngtcp2.h: define local_addr as sockaddr_storage
Django 3.1.4 fixes several bugs in 3.1.3.
Bugfixes
Fixed setting the Content-Length HTTP header in AsyncRequestFactory.
Fixed passing extra HTTP headers to AsyncRequestFactory request methods.
Fixed crash of key transforms for JSONField on PostgreSQL when using on a Subquery() annotation.
Fixed a regression in Django 3.1 that caused a crash of auto-reloader for certain invocations of runserver on Windows with Python 3.7 and below.
Fixed a regression in Django 3.1 that caused the incorrect grouping by a Q object annotation.
Fixed a regression in Django 3.1 that caused suppressing connection errors when JSONField is used on SQLite.
Fixed a crash on SQLite, when QuerySet.values()/values_list() contained key transforms for JSONField returning non-string primitive values
v1.9.6 for CVE-2019-16278 and CVE-2019-16279 which were later
integrated by the nostromo author in version v1.9.7.
A while later, the author also released v1.9.8 and then re-released
it as v1.9.9 containing the security patches (including one more to
catch a potential buffer overflow in libmy, part of nostromo).
This update obviates the need for pkgsrc patches as they are included
in v1.9.9 now.
No functional changes to nostromo between v1.9.6 and v.1.9.9.
Changelog:
* nginx modules:
*) Feature: introduced global "ngx" object.
The following methods were added:
ngx.log(level, msg)
The following properties were added:
ngx.INFO,
ngx.WARN,
ngx.ERR.
*) Feature: added support for Buffer object where string
is expected.
*) Feature: added Buffer version of existing properties.
The following properties were added:
r.requestBuffer (r.requestBody),
r.responseBuffer (r.responseBody),
r.rawVariables (r.variables),
s.rawVariables (s.variables).
The following events were added in stream module:
upstream (upload),
downstream (download).
*) Improvement: added aliases to existing properties.
The following properties were added:
r.requestText (r.requestBody),
r.responseText (r.responseBody).
*) Improvement: throwing an exception in r.internalRedirect()
for a subrequest.
*) Bugfix: fixed promise r.subrequest() with error_page redirect.
*) Bugfix: fixed promise events handling.
* Core:
*) Feature: added TypeScript definitions for built-in
modules.
Thanks to Jakub Jirutka.
*) Feature: tracking unhandled promise rejection.
*) Feature: added initial iterator support.
Thanks to Artem S. Povalyukhin.
*) Improvement: TypeScript definitions are refactored.
Thanks to Jakub Jirutka.
*) Improvement: added forgotten support for
Object.prototype.valueOf() in Buffer.from().
*) Bugfix: fixed heap-use-after-free in JSON.parse().
*) Bugfix: fixed heap-use-after-free in JSON.stringify().
*) Bugfix: fixed JSON.stringify() for arrays resizable via
getters.
*) Bugfix: fixed heap-buffer-overflow for
RegExp.prototype[Symbol.replace].
*) Bugfix: fixed returned value for Buffer.prototype.write*
functions.
*) Bugfix: fixed querystring.stringify().
Thanks to Artem S. Povalyukhin.
*) Bugfix: fixed the catch handler for
Promise.prototype.finally().
*) Bugfix: fixed querystring.parse().
add options for other SSL libraries later. Add 'libdbi' option to enable
mod_vhostdb_dbi and the new mod_authn_dbi module, off by default. Bump
PKGREVISION.
# Highlights
- HTTP/2 support
- must be enabled in lighttpd.conf in lighttpd 1.4.56;
may be enabled by default in a future release
- `server.feature-flags += ("server.h2proto" => "enable", "server.h2c" => "enable")`
- TLS library options: OpenSSL, mbedTLS, wolfSSL, GnuTLS, NSS
- mod_openssl (existing)
- mod_mbedtls (experimental)
- mod_wolfssl (experimental)
- mod_gnutls (experimental)
- mod_nss (experimental)
- TLS OCSP stapling
(except mbedTLS; not currently supported by mbedTLS)
- TLS session ticket key rotation control
(except NSS; API limitation in NSS)
- mod_deflate brotli support
- mod_proxy makes HTTP/1.1 requests to backends (change from HTTP/1.0)
- RFC 8297 support for 103 Early Hints produced by backends (scripts)
- graceful restart option to transfer listen fds (minimal pause)
- `server.systemd-socket-activation = "enable"`
- `server.feature-flags += ("server.graceful-restart-bg" => "enable", "server.graceful-shutdown-timeout" => "15")`
# Behavior Changes
- mod_openssl
- default MinProtocol TLSv1.2
TLSv1 and TLSv1.1 are deprecated and no longer supported by major browsers.
<https://news.netcraft.com/archives/2020/03/03/browsers-on-track-to-block-850000-tls-1-0-sites.html>
If prior behavior is required, configure:
`ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1")`
If using openssl <= 1.0.2 (end-of-life)
`ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1, TLSv1.1, TLSv1.2")`
- (internal) TLS session cache is disabled by default,
replaced by lighttpd robust TLSv1.2 session ticket support
If backward compatibility is needed:
`server.feature-flags += ("ssl.session-cache" => "enable")`
- (internal) openssl creates a session ticket encryption key per SSL_CTX.
lighttpd 1.4.56 and later assigns a single session ticket encryption key
for the lighttpd server (across all SSL_CTX) for consistency.
- behavior change with ssl.ca-dn-file (uncommon); applies to client
certificate verification and ssl.ca-dn-file (uncommon)
If client certificate verification is enabled
(ssl.verifyclient.activate = "enable"),
all CAs used for client certificate verification must be present in
ssl.ca-file. This is the typical use case when client certificate
verification is enabled. Certificates in (optional) ssl.ca-dn-file
are used to send issuer names to client when the server sends a
client certificate request. These names are use by the client
during certificate selection, and the server requires that the
certificate sent by the client be issued by one of the subjects
in ssl.ca-dn-file.
(Prior behavior merged ssl.ca-file and ssl.ca-dn-file for trusted CAs.
New behavior requires all trusted CAs be listed in ssl.ca-file,
and a subset be duplicated into ssl.ca-dn-file to specify allowed
client cert issuer.)
- mod_deflate: support for bzip2 is now disabled by default in the build
- (enable using `./configure --with-bzip2`)
bzip2 Content-Encoding is not widely supported
Prefer to build `--with-brotli`
brotli Content-Encoding is more widely supported than bzip2
# Future Scheduled Behavior Changes
- HTTP/2 support will be enabled by default in a future release
- graceful restart/shutdown default timeout will change from
0 (infinite/no timeout) to 5 seconds (or some similar non-zero period)
configure an alternative with:
`server.feature-flags += ("server.graceful-shutdown-timeout" => 5)`
- mod_compress is DEPRECATED; use mod_deflate
mod_compress has been subsumed by mod_deflate
Note: mod_compress config options may be removed in a future release
- mod_geoip is DEPRECATED; use mod_maxminddb
Note: mod_geoip will be removed from a future lighttpd release
- mod_authn_mysql is DEPRECATED; use mod_authn_dbi
Note: mod_authn_mysql will be removed from a future lighttpd release
- mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
Note: mod_mysql_vhost will be removed from a future lighttpd release
- mod_cml is DEPRECATED; use mod_magnet
Note: mod_cml will be removed from a future lighttpd release
Changelog:
Changes
Inidicate preview availability in share api responses (server#23419)
CalDavBackend: check if timerange is array before accessing (server#23563)
Some emojis are in CHAR_CATEGORY_GENERAL_OTHER_TYPES (server#23575)
Also expire share type email (server#23583)
Only use index of mount point when it is there (server#23611)
Only retry fetching app store data once every 5 minutes in case it fails (server#23633)
Bring back the restore share button (server#23636)
Fix updates of NULL appconfig values (server#23641)
Fix sharing input placeholder for emails (server#23646)
Use bigint for fileid in filecache_extended (server#23690)
Enable theming background transparency (server#23699)
Fix sharer flag on ldap:show-remnants when user owned more than a single share (server#23702)
Make sure the function signatures of the backgroundjob match (server#23710)
Check if array elements exist before using them (server#23713)
Fix default quota display value in user row (server#23726)
Use lib instead if core as l10n module in OC_Files (server#23727)
Specify accept argument to avatar upload input field (server#23732)
Save email as lower case (server#23733)
Reset avatar cropper before showing (server#23736)
Also run the SabreAuthInitEvent for the main server (server#23745)
Type the \OCP\IUserManager::callForAllUsers closure with Psalm (server#23749)
Type the \OCP\AppFramework\Services\IInitialState::provideLazyInitial… (server#23751)
Don't overwrite the event if we use it later (server#23753)
Inform the user when flow config data exceeds thresholds (server#23759)
Type the \OCP\IUserManager::callForSeenUsers closure with Psalm (server#23763)
Catch errors when closing file conflict dialog (server#23774)
Document the backend registered events of LDAP (server#23779)
Fetch the logger and system config once for all query builder instances (server#23787)
Type the event dispatcher listener callables with Psalm (server#23789)
Only run phpunit when "php" changed (server#23794)
Remove bold font-weight and lower font-size for empty search box (server#23829)
No need to check if there is an avatar available, because it is gener… (server#23846)
Ensure filepicker list is empty before populating (server#23850)
UserStatus: clear status message if message is null (server#23858)
Fix grid view toggle in tags view (server#23874)
Restrict query when searching for versions of trashbin files (server#23884)
Fix potentially passing null to events where IUser is expected (server#23894)
Make user status styles scoped (server#23899)
Move help to separate stylesheet (server#23900)
Add default font size (server#23902)
Do not emit UserCreatedEvent twice (server#23917)
Bearer must be in the start of the auth header (server#23924)
Fix casting of integer and boolean on Oracle (server#23935)
Skip already loaded apps in loadApps (server#23948)
Fix repair mimetype step to not leave stray cursors (server#23950)
Improve query type detection (server#23951)
Fix iLike() falsely turning escaped % and _ into wildcards (server#23954)
Replace some usages of OC_DB in OC\Share\* with query builder (server#23955)
Use query builder instead of OC_DB in trashbin (server#23971)
Fix greatest/least order for oracle (server#23975)
Fix link share label placeholder not showing (server#23992)
Unlock when promoting to exclusive lock fails (server#23995)
Make sure root storage is valid before checking its size (server#23996)
Use query builder instead of OC_DB in OC\Files\* (server#23998)
Shortcut to avoid file system setup when generating the logo URL (server#24001)
Remove old legacy scripts references (server#24004)
Fix js search in undefined ocs response (server#24012)
Don't leave cursors open (server#24033)
Fix sharing tab state not matching resharing admin settings (server#24044)
Run unit tests against oracle (server#24049)
Use png icons in caldav reminder emails (server#24050)
Manually iterate over calendardata when oracle is used (server#24058)
Make is_user_defined nullable so we can store false on oracle (server#24079)
Fix default internal expiration date enforce (server#24081)
Register new command db:add-missing-primary-keys (server#24106)
Convert the card resource to a string if necessary (server#24114)
Don't throw on SHOW VERSION query (server#24147)
Bump dompurify to 2.2.2 (server#24153)
Set up FS before querying storage info in settings (server#24156)
Fix default internal expiration date (server#24159)
CircleId too short in some request (server#24178)
Revert "circleId too short in some request" (server#24183)
Missing level in ScopedPsrLogger (server#24212)
Fix activity spinner on empty activity (activity#523)
Add OCI github action (activity#528)
Disable download button by default (files_pdfviewer#257)
Feat/dependabot ga/stable20 (firstrunwizard#442)
Fix loading notifications without a message on oracle (notifications#796)
Do not setup appdata in constructor to avoid errors causing the whole instance to stop working (text#1105)
Bump eslint-plugin-standard from 4.0.1 to 4.0.2 (text#1125)
Bump sass-loader from 10.0.1 to 10.0.5 (text#1134)
Bump webpack from 4.44.1 to 4.44.2 (text#1140)
Bump dependencies to version in range (text#1164)
Validate link on click (text#1166)
Add migration to fix oracle issues with the database schema (text#1177)
Bump cypress from 4.12.1 to 5.1.0 (text#1179)
Fix URL escaping of shared files (viewer#681)
Fix component click outside and cleanup structure (viewer#684)
Perhaps this contains a fix for the buffer overflows seen in PR pkg/55809.
Fixes:
o Fix sporadic eol problem with some IIS/W3C logs
o Fix compiler directive syntax error (broke some 64 bit systems)
Changes/Additions:
o Modest speed improvements in hash table code
Nghttp2 v1.42.0
This release includes security advisory.
lib
The UBSAN errors are now fixed.
nghttp2_map is now backed by tree for storing collisions.
doc
Some clarifications are made for nghttp2_session_send function.
build
The missing cmake/FindSystemd.cmake has been added to the tar distribution.
1.9.2
* WARNING: This *is* the last version supporting Python 2.
* Confirmed support for Django 3.0.
* Prevented deprecation warnings with Django 3.0.
* Updated Danish and Indonesian translations.
0.12.2
Fixed
- Properly wrap connect errors on the asyncio backend.
- Fix `ImportError` occurring on Python 3.9 when using the HTTP/1.1 sync client in a multithreaded context.
0.12.1
Added
- Add connect retries.
Fixed
- Tweak detection of dropped connections, resolving an issue with open files limits on Linux.
- Avoid leaking connections when establishing an HTTP tunnel to a proxy has failed.
- Properly wrap OS errors when using `trio`.
Changes with nginx 1.19.5 24 Nov 2020
*) Feature: the -e switch.
*) Feature: the same source files can now be specified in different
modules while building addon modules.
*) Bugfix: SSL shutdown did not work when lingering close was used.
*) Bugfix: "upstream sent frame for closed stream" errors might occur
when working with gRPC backends.
*) Bugfix: in request body filters internal API.
0.12.3
Fixed
Fix race condition that leads Quart to hang with uvicorn
Use latin1 when decoding X-Forwarded-* headers
Rework IPv6 support
Cancel old keepalive-trigger before setting new one.
1.12.8
Documentation
add httplib2 authorization to thread_safety
1.12.7
Documentation
Update Webmasters API sample
1.12.6
Documentation
Change error parsing to check for 'message'
Update oauth docs to include snippet to get email address of authenticated user
From the Changelog:
* pytz is an explicit dependency.
* pytz.gae, used for Google App Engine, is no longer necessary and has been removed.
* Fixed a deprecated werkzeug import.
* Fix issues switching locales in threaded contexts.
Changes:
2.30.3
======
- Add new build option USE(64KB_PAGE_BLOCK).
- Fix backdrop filters with rounded borders.
- Fix scrolling iframes when async scrolling is enabled.
- Allow applications to handle drag and drop on the web view again.
- Update Outlook user agent quirk.
- Fix the build with video support disabled.
- Fix several crashes and rendering issues.
3.7.3
=====
Features
--------
- Use Brotli instead of brotlipy
- Made exceptions pickleable. Also changed the repr of some exceptions.
Bugfixes
--------
- Raise a ClientResponseError instead of an AssertionError for a blank
HTTP Reason Phrase.
- Fix ``web_middlewares.normalize_path_middleware`` behavior for patch without slash.
- Fix overshadowing of overlapped sub-applications prefixes.
- Make `BaseConnector.close()` a coroutine and wait until the client closes all connections. Drop deprecated "with Connector():" syntax.
- Reset the ``sock_read`` timeout each time data is received for a ``aiohttp.client`` response.
- Fixed type annotation for add_view method of UrlDispatcher to accept any subclass of View
- Fixed querying the address families from DNS that the current host supports.
- Change return type of MultipartReader.__aiter__() and BodyPartReader.__aiter__() to AsyncIterator.
- Provide x86 Windows wheels.
Improved Documentation
----------------------
- Add documentation for ``aiohttp.web.FileResponse``.
- Removed deprecation warning in tracing example docs
- Fixed wrong "Usage" docstring of ``aiohttp.client.request``.
- Add aiohttp-pydantic to third party libraries
Switch to go-modules and tidy up.
There have been 59 releases and nearly 3,000 lines of changelog since 0.55.6,
so apologies, but if you want a changelog you'll need to browse:
https://github.com/gohugoio/hugo/releases
to see what changed as it's impractical to list them here.
Security Vulnerabilities fixed in Firefox ESR 78.5
#CVE-2020-26951: Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during
drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security
UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local
network
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
Fixes pkgsrc handling of the frontend artefacts, various files were previously
missing, leading to errors in the web interface.
Changes since 1.12.1:
## [1.12.6](https://github.com/go-gitea/gitea/releases/tag/v1.12.6) - 2020-11-11
* SECURITY
* Prevent git operations for inactive users (#13527) (#13537)
* Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
* BUGFIXES
* API should only return Json (#13511) (#13564)
* Fix before and since query arguments at API (#13559) (#13560)
* Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
* Fix link detection in repository description with tailing '_' (#13407) (#13408)
* Remove obsolete change of email on profile page (#13341) (#13348)
* Fix permission check on get Reactions API endpoints (#13344) (#13346)
* Add migrated pulls to pull request task queue (#13331) (#13335)
* API deny wrong pull creation options (#13308) (#13327)
* Fix initial commit page & binary munching problem (#13249) (#13259)
* Fix diff parsing (#13157) (#13136) (#13139)
* Return error 404 not 500 from API if team does not exist (#13118) (#13119)
* Prohibit automatic downgrades (#13108) (#13111)
* Fix GitLab Migration Option AuthToken (#13101)
* GitLab Label Color Normalizer (#12793) (#13100)
* Log the underlying panic in runMigrateTask (#13096) (#13098)
* Fix attachments list in edit comment (#13036) (#13097)
* Fix deadlock when deleting team user (#13093)
* Fix error create comment on outdated file (#13041) (#13042)
* Fix repository create/delete event webhooks (#13008) (#13027)
* Fix internal server error on README in submodule (#13006) (#13016)
## [1.12.5](https://github.com/go-gitea/gitea/releases/tag/v1.12.5) - 2020-10-01
* BUGFIXES
* Allow U2F with default settings for gitea in subpath (#12990) (#13001)
* Prevent empty div when editing comment (#12404) (#12991)
* On mirror update also update address in DB (#12964) (#12967)
* Allow extended config on cron settings (#12939) (#12943)
* Open transaction when adding Avatar email-hash pairs to the DB (#12577) (#12940)
* Fix internal server error from ListUserOrgs API (#12910) (#12915)
* Update only the repository columns that need updating (#12900) (#12912)
* Fix panic when adding long comment (#12892) (#12894)
* Add size limit for content of comment on action ui (#12881) (#12890)
* Convert User expose ID each time (#12855) (#12883)
* Support slashes in release tags (#12864) (#12882)
* Add missing information to CreateRepo API endpoint (#12848) (#12867)
* On Migration respect old DefaultBranch (#12843) (#12858)
* Fix notifications page links (#12838) (#12853)
* Stop cloning unnecessarily on PR update (#12839) (#12852)
* Escape more things that are passed through str2html (#12622) (#12850)
* Remove double escape on labels addition in comments (#12809) (#12810)
* Fix "only mail on mention" bug (#12775) (#12789)
* Fix yet another bug with diff file names (#12771) (#12776)
* RepoInit Respect AlternateDefaultBranch (#12746) (#12751)
* Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) (#12750)
* ENHANCEMENTS
* gitea dump: include version & Check InstallLock (#12760) (#12762)
## [1.12.4](https://github.com/go-gitea/gitea/releases/tag/v1.12.4) - 2020-09-02
* SECURITY
* Escape provider name in oauth2 provider redirect (#12648) (#12650)
* Escape Email on password reset page (#12610) (#12612)
* When reading expired sessions - expire them (#12686) (#12690)
* ENHANCEMENTS
* StaticRootPath configurable at compile time (#12371) (#12652)
* BUGFIXES
* Fix to show an issue that is related to a deleted issue (#12651) (#12692)
* Expire time acknowledged for cache (#12605) (#12611)
* Fix diff path unquoting (#12554) (#12575)
* Improve HTML escaping helper (#12562)
* models: break out of loop (#12386) (#12561)
* Default empty merger list to those with write permissions (#12535) (#12560)
* Skip SSPI authentication attempts for /api/internal (#12556) (#12559)
* Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)
* Remove hardcoded ES indexername (#12521) (#12526)
* Fix bug preventing transfer to private organization (#12497) (#12501)
* Keys should not verify revoked email addresses (#12486) (#12495)
* Do not add prefix on http/https submodule links (#12477) (#12479)
* Fix ignored login on compare (#12476) (#12478)
* Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422)
* Upgrade google/go-github to v32.1.0 (#12361) (#12390)
* Render emoji's of Commit message on feed-page (#12373)
* Fix handling of diff on unrelated branches when Git 2.28 used (#12370)
## [1.12.3](https://github.com/go-gitea/gitea/releases/tag/v1.12.3) - 2020-07-28
* BUGFIXES
* Don't change creation date when updating Release (#12343) (#12351)
* Show 404 page when release not found (#12328) (#12332)
* Fix emoji detection in certain cases (#12320) (#12327)
* Reduce emoji size (#12317) (#12327)
* Fix double-indirection bug in logging IDs (#12294) (#12308)
* Link to pull list page on sidebar when view pr (#12256) (#12263)
* Extend Notifications API and return pinned notifications by default (#12164) (#12232)
## [1.12.2](https://github.com/go-gitea/gitea/releases/tag/v1.12.2) - 2020-07-11
* BUGFIXES
* When deleting repository decrese user repository count in cache (#11954) (#12188)
* Return full commit message instead of summary in commits API (#12186) (#12187)
* Properly set HEAD when a repo is created with a default branch that is not named 'master' (#12135) (#12182)
* Ensure GPG Subkeys are verified (#12155) (#12168)
* Fix failing to cache last commit with key being to long (#12151) (#12161)
* Multiple small admin dashboard fixes (#12153) (#12156)
* Remove spurious logging of " Delete all repository archives" at startup (#12139) (#12148)
* Fix repository setup instructions when default branch is not named 'master' (#12122) (#12147)
* Move EventSource to SharedWorker (#12095) (#12130)
* Fix ui bug in wiki commit page (#12089) (#12125)
* Fix gitgraph branch continues after merge (#12044) (#12105)
* Set the base url when migrating from Gitlab using access token or username without password (#11852) (#12104)
* Ensure BlameReaders close at end of request (#12102) (#12103)
* Fix panic when adding review comment (#12058)
* ENHANCEMENTS
* Disable dropzone's timeout for file uploads (#12024) (#12032)
Changelog:
Version 83.0, first offered to Release channel users on November 17, 2020
New
* Firefox keeps getting faster as a result of significant updates to
SpiderMonkey, our JavaScript engine, you will now experience improved page
load performance by up to 15%, page responsiveness by up to 12%, and
reduced memory usage by up to 8%. We have replaced part of the JavaScript
engine that helps to compile and display websites for you, improving
security and maintainability of the engine at the same time.
* Firefox introduces HTTPS-Only Mode. When enabled, this new mode ensures
that every connection Firefox makes to the web is secure and alerts you
when a secure connection is not available. You can enable it in Firefox
Preferences.
* Pinch zooming will now be supported for our users with Windows touchscreen
devices and touchpads on Mac devices. Firefox users may now use pinch to
zoom on touch-capable devices to zoom in and out of webpages.
* Picture-in-Picture now supports keyboard shortcuts for fast forwarding and
rewinding videos: use the arrow keys to move forward and back 15 seconds,
along with volume controls. For a list of supported commands see Support
Mozilla
* When you are presenting your screen on a video conference in Firefox, you
will see our improved user interface that makes it clearer which devices or
displays are being shared.
* We've improved functionality and design for a number of Firefox search
features:
+ Selecting a search engine at the bottom of the search panel now enters
search mode for that engine, allowing you to see suggestions (if
available) for your search terms. The old behavior (immediately
performing a search) is available with a shift-click.
+ When Firefox autocompletes the URL of one of your search engines, you
can now search with that engine directly in the address bar by
selecting the shortcut in the address bar results.
+ We've added buttons at the bottom of the search panel to allow you to
search your bookmarks, open tabs, and history.
* Firefox supports AcroForm, which will allow you to fill in, print, and save
supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in India on the English build of Firefox will now see Pocket
recommendations in their new tab featuring some of the best stories on the
web. If you don't see them, you can turn on Pocket articles in your new
tab by following these steps.
* For the recently released Apple devices built with Apple Silicon CPUs, you
can use Firefox 83 and future releases without any change. This release
(83) will support emulation under Apple's Rosetta 2 that ships with macOS
Big Sur. We are working toward Firefox being natively-compiled for these
CPUs in a future release.
* This is a major release for WebRender as we roll out to more Firefox users
on Windows 7 and 8 as well as on macOS 10.12 to 10.15.
Fixed
* This release also includes a number of accessibility fixes:
+ Screen reader features which report paragraphs now correctly report
paragraphs instead of lines in Google Docs
+ When reading by word using a screen reader, words are now correctly
reported when there is punctuation nearby
+ The arrow keys now work correctly after tabbing in the
picture-in-picture window
* For users on macOS restoring a session with minimized windows, Firefox now
uses much less power and you should see much longer battery life.
* Various security fixes
Security fixes:
#CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
#CVE-2020-26952: Out of memory handling of JITed, inlined functions could lead to a memory corruption
#CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
#CVE-2020-26954: Local spoofing of web manifests for arbitrary pages in Firefox for Android
#CVE-2020-26955: Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26957: OneCRL was not working in Firefox for Android
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26962: Cross-origin iframes supported login autofill
#CVE-2020-26963: History and Location interfaces could have been used to hang the browser
#CVE-2020-26964: Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local network
#CVE-2020-26967: Mutation Observers could break or confuse Firefox Screenshots feature
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
#CVE-2020-26969: Memory safety bugs fixed in Firefox 83
1.6.3:
Bugfixes
- No longer loose characters when decoding incorrect percent-sequences (like ``%e2%82%f8``). All non-decodable percent-sequences are now preserved.
- Provide x86 Windows wheels.
ChangeLog:
- General
- Use `Enumerator#with_index` to detect line numbers
- Batchfile Lexer
- Add support for long options to Batchfile lexer
- C++ Lexer
- Fix binary literal digit separator in C++ lexer
- Docker Lexer
- Add `Dockerfile` as an alias for the Docker lexer
- JavaScript Lexer
- Fix template string lexing in JavaScript lexer
- Kotlin Lexer
- Ensure word break follows keywords in Kotlin lexer
- Perl Lexer
- Improve support for sigils in Perl lexer
- PowerShell Lexer
- Improve lexing of nested data structures in PowerShell lexer
- Improve handling of data structure literals in PowerShell lexer
- Ruby Lexer
- Revert empty patterns in Ruby lexer
- Rust Lexer
- Add continue to keywords in Rust lexer
- Velocity Lexer
- Fix lexing of brackets in Velocity lexer
1.26.1 (2020-11-11)
-------------------
* Fixed an issue where two ``User-Agent`` headers would be sent if a
``User-Agent`` header key is passed as ``bytes``
1.26.0 (2020-11-10)
-------------------
* **NOTE: urllib3 v2.0 will drop support for Python 2**.
`Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_.
* Added support for HTTPS proxies contacting HTTPS servers
* Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that
still wish to use TLS earlier than 1.2 without a deprecation warning
should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1``
**Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail**
* Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST``
and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``,
``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)``
* Added default ``User-Agent`` header to every request
* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
and ``Host`` headers from being automatically emitted with requests
* Collapse ``transfer-encoding: chunked`` request data and framing into
the same ``socket.send()`` call
* Send ``http/1.1`` ALPN identifier with every TLS handshake by default
* Properly terminate SecureTransport connections when CA verification fails
* Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None``
to SecureTransport
* Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3
* Suppress ``BrokenPipeError`` when writing request body after the server
has closed the socket
* Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC")
into an ``urllib3.exceptions.SSLError``
The python 2 dependency was seemingly removed in Firefox 78.0 so we
can remove those old hacks.
Firefox needs clang for some unknown part of the build process (rust
related?), even if building with GCC.
The previous solution in pkgsrc was to force the use of clang, because
pkgsrc provides cwrappers which provided gcc-as-clang, which broke
everything. Instead, override the clang wrapper with the actual clang
executable.
This means the majority of the build happens with GCC (or ccache, distcc,
whatever the user chooses, rather than overriding it with clang). Should help
sparc64, where clang doesn't work too well.
Full build tested on NetBSD/amd64.
The python 2 dependency was seemingly removed in Firefox 78.0 so we
can remove those old hacks.
Firefox needs clang for some unknown part of the build process (rust
related?), even if building with GCC.
The previous solution in pkgsrc was to force the use of clang, because
pkgsrc provides cwrappers which provided gcc-as-clang, which broke
everything. Instead, override the clang wrapper with the actual clang
executable.
This means the majority of the build happens with GCC (or ccache, distcc,
whatever the user chooses, rather than overriding it with clang). Should help
sparc64, where clang doesn't work too well.
Full build tested on NetBSD/amd64.
mk/endian.mk included mk/compiler.mk and PKG_CC and PKG_CXX were
effective.
Now mk/endian.mk has been removed and include mk/compiler.mk
explicitly to use clang only.
mk/endian.mk includes mk/compiler.mk and PKG_CC and PKG_CXX were
effective.
Now mk/endian.mk has been removed and include mk/compiler.mk
explicitly to use clang only.
Reported by martin@ on tech-pkg@.
Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2
#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for
Only a few pieces of software are using the ICU integration library,
these aren't the big harfbuzz users (i.e. gtk). this is intended to lessen
the impact of icu's frequent ABI breaks.
What's new in Grafana v7.3
Google Cloud Monitoring: Out of the box dashboards
Shorten URL for dashboards and Explore
Table improvements and new image cell mode
New color scheme option
SigV4 Authentication for Amazon Elasticsearch Service
CSV exports for Excel
What's new in Grafana v7.2
New date formatting options added
Field options are out of beta!
Added table column filters
New field override selection options
New transformations and enhancements
Drag to reorder queries
Inspect queries in Explore
$__rate_interval for Prometheus
Toggle parsed log fields
Sensitive alert channel settings are now encrypted
Grafana Enterprise features
Report time range
Organization-wide report settings
Report grid layout
What’s new in other parts of the Grafana ecosystem
ADX (Azure Data Explorer) plugin
X-Ray data source plugin
Tested on amd64. This means that text relocations are now fatal.
Hopefully other architectures don't have additional ways to be not-mprotect-
safe, but there is always the possibility.
No obvious performance difference in an older (non-wasm) javascript benchmark.
Version 3.2.1
* change linkifier to add rel="nofollow" as documented.
* suppress html5lib sanitizer DeprecationWarnings
Version 3.2.0
* ``html5lib`` dependency to version 1.1.0.
* update tests_website terminology.
Libwebsockets (LWS) is a flexible, lightweight pure C library for implementing
modern network protocols easily with a tiny footprint, using a nonblocking
event loop. It has been developed continuously since 2010 and is used in
tens of millions of devices and by thousands of developers around the world.
Django 3.1.3 fixes several bugs in 3.1.2 and adds compatibility with Python 3.9.
Bugfixes
Fixed a regression in Django 3.1.2 that caused the incorrect height of the admin changelist search bar
Fixed a regression in Django 3.1.2 that caused the incorrect width of the admin changelist search bar on a filtered page
Fixed displaying Unicode characters in forms.JSONField and read-only models.JSONField values in the admin
Fixed a regression in Django 3.1 that caused a crash of ArrayAgg and StringAgg with ordering on key transforms for JSONField
Fixed a regression in Django 3.1 that caused a crash of __in lookup when using key transforms for JSONField in the lookup value
Fixed a regression in Django 3.1 that caused a crash of ExpressionWrapper with key transforms for JSONField
Fixed a regression in Django 3.1 that caused a migrations crash on PostgreSQL when adding an ExclusionConstraint with key transforms for JSONField in expressions
Fixed a regression in Django 3.1 where ProtectedError.protected_objects and RestrictedError.restricted_objects attributes returned iterators instead of set of objects
Fixed a regression in Django 3.1.2 that caused incorrect form input layout on small screens in the admin change form view
Fixed a regression in Django 3.1 that invalidated pre-Django 3.1 password reset tokens
Added support for asgiref 3.3
Fixed a regression in Django 3.1 that caused incorrect textarea layout on medium-sized screens in the admin change form view with the sidebar open
Fixed a regression in Django 3.0.7 that didn’t use Subquery() aliases in the GROUP BY clause
5.5.3:
This maintenance release fixes an issue introduced in WordPress 5.5.2
which makes it impossible to install WordPress on a brand new website
that does not have an existing database connection configuration.
This release does not affect sites where a database connection is
already configured, for example, via one-click installers or
an existing wp-config.php file.
5.5.2:
Security updates:
- Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
- Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
- Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
- Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
- Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
- Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
- Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
- And a special thanks to @zieladam who was integral in many of the releases and patches during this release.
Maintenance updates:
#51130 Events displayed in venue timezone instead of user’s
#51659 Update Gutenberg Dependencies for WordPress 5.5.2
#50861 Remove Facebook and Instagram as an oEmbed Source
#50903 Set the local environment to a development environment type by default
#50949 Posts show wrong time when user is in a different time zone than the site’s
#51053 Video Embeds set to align left disappear in Gutenberg editor
#51175 Wrong reply box title
#51219 Theme editor page showing undefined variable notice
#51251 Fix PHP notice when opening the edit image popup
#51263 PHP warning when editing comments in the administration comment edit screen
#51320 PHP Notice while moving post to trash (post_type has 2 registered taxonomies both with default_term set)
#51400 Undefined index during automatic plugin/theme updates
#51595 Unable to make anonymous comments via XML-RPC
#51645 Undefined index: echo in core files
Changes with nginx 1.19.4 27 Oct 2020
*) Feature: the "ssl_conf_command", "proxy_ssl_conf_command",
"grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives.
*) Feature: the "ssl_reject_handshake" directive.
*) Feature: the "proxy_smtp_auth" directive in mail proxy.
Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715)
Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370)
Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529)
Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755)
Stability fix (bug 1660539)
Changelog:
Version 20.0.1 October 24 2020
Changes
Add mount point to quota warning message (server#23170)
Dont hold a transaction during the move to trash (server#23185)
Fix dashboard rendering if accessibility app is disabled (server#23192)
Fix legacy update notifications (server#23195)
Fix the user email issue while creating a user (server#23203)
Make BeforeTemplateRenderedEvent aware of the actual response (server#23205)
Fix array to string conversion on event search (server#23207)
Also check the path based mimetype for flow rule checks (server#23211)
Allow configuring the activity update interval of token (server#23213)
Don't influence toastify errors and always use white (server#23216)
Only run the query to get the account data once (server#23220)
Fix appid in translation (server#23235)
Use the correct l10n for activities (server#23254)
Make sure getUsersFavoritingObject can be run without a user (server#23256)
Fix sidebar updateTabs method (server#23271)
Fix the user remove from group in UI (server#23281)
Fix dashboard statuses sort (server#23288)
Fix database password visibility toggle (server#23336)
Add template typing to the QBMapper (server#23375)
Add Psalm type for the bootstrap registration context (server#23383)
Fix adminpass strengthify margin (server#23384)
Fix typo 'shared' (server#23388)
Expose CLOUD federation for local users in the recent addressbook (server#23390)
Stop transfer of ownership between same users (server#23395)
VersioningTest.php:729 is unreliable and should be disabled (server#23403)
Encode requesttoken for logout url in auto logout (server#23420)
Fix undefined index and consequential damages in versions code (server#23422)
Allow using saved login credentials for notify (server#23426)
Add option to disable notify self check (server#23438)
Annotate IContainer so Psalm knows what resove and query return (server#23446)
Fix app sidebar mountpoint (server#23458)
Bump @nextcloud/vue to 2.6.9 (server#23466)
Add psalm types for the migration schema closure (server#23472)
Remove posix_getpwuid and compare only userid (server#23473)
Use own psalm instead of a global one (server#23480)
Add psalm types for the event dispatcher (server#23491)
SharedMountTest.php:367 is unreliable (server#23498)
Provide log statements for SCSS cache (server#23503)
SCSSCacher - Lock should not be removed (server#23510)
Clear cached app config while waiting for the SCSSCache lock to return (server#23513)
Fixes potential passing of null to getUserGroupIds (server#23514)
Add local version of escapeHTML (server#23548)
LDAP: when nesting is not enabled, the group filter can be applied right away (server#23570)
Disable unreliable app-files.feature:108 (server#23621)
Disable unreliable app-files-sharing.feature:338 (server#23622)
Set current user when parsing activities for digest (activity#507)
Fix mail table columns to match the activity table (activity#511)
Fix the comments added to the activity table (activity#515)
GetUsersFavoritingObject is moved to the manager (activity#517)
Remove close button (files_pdfviewer#244)
Update phpunit.yml (files_pdfviewer#245)
Hide the download button by default (files_pdfviewer#247)
Better debug output on public pages (files_pdfviewer#249)
Pass preview availability too (photos#510)
FIx loading speed of dashboard by loading the data async (recommendations#307)
Fix Memory (#240) (serverinfo#245)
Fix num_shares_link_no_password for NC >= 15 (serverinfo#247)
Fix FreeBSD Interface Exception (serverinfo#252)
Fix player controls on Firefox (viewer#627)
Make div display: none (viewer#629)
Fix theming chaining (viewer#633)
Fix cypress branch (viewer#643)
3.7.1
Bugfixes
- Fixed a type error caused by the conditional import of `Protocol`.
- Server doesn't send Content-Length for 1xx or 204
- Fix run_app typing
- Always require ``typing_extensions`` library.
- Fix a variable-shadowing bug causing `ThreadedResolver.resolve` to
return the resolved IP as the ``hostname`` in each record, which prevented
validation of HTTPS connections.
- Added annotations to all public attributes.
- Fix flaky test_when_timeout_smaller_second
- Ensure sending a zero byte file does not throw an exception
- Fix a bug in ``web.run_app()`` about Python version checking on Windows
Changelog:
20.0.0
The three biggest features we introduce with Nextcloud 20 are:
Our new dashboard provides a great starting point for the day with over a dozen widgets ranging from Twitter and Github to Moodle and Zammad already available
Search was unified, bringing search results of Nextcloud apps as well as external services like Gitlab, Jira and Discourse in one place
Talk introduced bridging to other platforms including MS Teams, Slack, IRC, Matrix and a dozen others
Some other improvements we want to highlight include:
Notifications and Activities were brought together, making sure you won't miss anything important
We added a 'status' setting so you can communicate to other users what you are up to
Talk also brings dashboard and search integration, emoji picker, upload view, camera and microphone settings, mute and more
Calendar integrates in dashboard and search, introduced a list view and design improvements
Mail introduces threaded view, mailbox management and more
Deck integrates with dashboard and search, introduces Calendar integration, modal view for card editing and series of smaller improvements
Flow adds push notification and webhooks so other web apps can easily integrate with Nextcloud
Text introduced direct linking to files in Nextcloud
Files lets you add a description to public link shares
Changes:
2.30.2
======
- Fix scrolling when smooth scrolling is enabled in async scrolling mode.
- Fix WebSocket requests with same-site cookies.
- Fix TLS certificate information for service workers.
- Handle chassis type when its value is quoted.
- Fix the build with ENABLE_MEDIA_STREAM enabled and ENABLE_WEB_RTC_DISABLED.
- Fix the build with ENABLE_GAMEPAD enabled.
- Fix several crashes and rendering issues.
New:
With this release, Firefox introduces a number of improvements that make watching videos more delightful:
the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
Firefox is faster than ever with improved performance on both page loads and start up time:
Websites that use flexbox-based layouts load 20% faster than before;
Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
For Windows users, opening new windows got quicker by 10%.
You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
WebRender continues to roll out to more Firefox users on Windows.
Fixed:
Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.
Various security fixes.
Logswan 2.1.8 (2020-10-19)
- Make displayUsage() static
- Removing some leading whitespace characters
- Constify methods and protocols names array
- Constify countries and continents names and ID arrays
- Enable FORTIFY_SOURCE level 2
- Call memset() to set all entry_data struct fields to zero
0.12.2
Added
Adding ability to decrypt ssl key file
Support .yml log config files
Added python 3.9 support
Fixed
Fixes watchgod with common prefixes
Fix reload with ipv6 host
Added cli suport for headers containing colon
Sharing socket across workers on windows
Note the need to configure trusted "ips" when using unix sockets
1.25.11
* Fix retry backoff time parsed from ``Retry-After`` header when given
in the HTTP date format. The HTTP date was parsed as the local timezone
rather than accounting for the timezone in the HTTP date (typically
UTC)
* Fix issue where an error would be raised when the ``SSLKEYLOGFILE``
environment variable was set to the empty string. Now ``SSLContext.keylog_file``
is not set in this situation
Update Ruby on Rails 6.0 related packages to 6.0.3.4.
This is security fix for ruby-actionpack60.
## Rails 6.0.3.4 (October 07, 2020) ##
* [CVE-2020-8264] Prevent XSS in Actionable Exceptions
curl and libcurl 7.73.0
Public curl releases: 195
Command line options: 234
curl_easy_setopt() options: 278
Public functions in libcurl: 85
Contributors: 2270
This release includes the following changes:
o curl: add --output-dir [25]
o curl: support XDG_CONFIG_HOME to find .curlrc [3]
o curl: update --help with categories [77]
o curl_easy_option_*: new API for meta-data about easy options [40]
o CURLE_PROXY: new error code [7]
o mqtt: enable by default [28]
o sftp: add new quote commands 'atime' and 'mtime' [6]
o ssh: add the option CURLKHSTAT_FINE_REPLACE [27]
o tls: add CURLOPT_SSL_EC_CURVES and --curves [29]
This release includes the following bugfixes:
o altsvc: clone setting in curl_easy_duphandle [60]
o base64: also build for smtp, pop3 and imap [81]
o BUGS: convert document to markdown [107]
o build-wolfssl: fix build with Visual Studio 2019 [114]
o buildconf: invoke 'autoreconf -fi' instead [37]
o checksrc: detect // comments on column 0 [132]
o checksrc: verify do-while and spaces between the braces [2]
o checksrc: warn on space after exclamation mark [129]
o CI/azure: disable test 571 in the msys2 builds [93]
o CI/azure: MQTT is now enabled by default [64]
o CI/azure: no longer ignore results of test 1013 [43]
o CI/tests: fix invocation of tests for CMake builds [117]
o CI/travis: add a CI job with openssl3 (from git master) [51]
o cleanups: avoid curl_ on local variables [53]
o CMake: add option to enable Unicode on Windows [48]
o cmake: make HTTP_ONLY also disable MQTT [58]
o CMake: remove explicit `CMAKE_ANSI_CFLAGS` [45]
o cmake: remove scary warning [96]
o cmdline-opts/gen.pl: generate nicer "See Also" in curl.1 [66]
o configure: don't say HTTPS-proxy is enabled when disabled [120]
o configure: fix pkg-config detecting wolfssl [26]
o configure: let --enable-debug set -Wenum-conversion with gcc >= 10 [56]
o conn: check for connection being dead before reuse [39]
o connect.c: remove superfluous 'else' in Curl_getconnectinfo [42]
o curl.1: add see also no-progress-meter on two spots [67]
o curl.1: fix typo invokved -> invoked [36]
o curl: in retry output don't call all problems "transient" [74]
o curl: make --libcurl show binary posts correctly [130]
o curl: make checkpasswd use dynbuf [100]
o curl: make file2memory use dynbuf [102]
o curl: make file2string use dynbuf [103]
o curl: make glob_match_url use dynbuf [101]
o curl: make sure setopt CURLOPT_IPRESOLVE passes on a long [134]
o curl: retry delays in parallel mode no longer sleeps blocking [70]
o curl: use curlx_dynbuf for realloc when loading config files [73]
o curl:parallel_transfers: make sure retry readds the transfer [71]
o curl_get_line: build only if cookies or alt-svc are enabled [13]
o curl_mime_headers.3: fix the example's use of curl_slist_append [83]
o Curl_pgrsTime - return new time to avoid timeout integer overflow [32]
o Curl_send: return error when pre_receive_plain can't malloc [111]
o dist: add missing CMake Find modules to the distribution [14]
o docs/LICENSE-MIXING: remove [79]
o docs/opts: fix typos in two manual pages [119]
o docs/RESOURCES: remove [105]
o docs/TheArtOfHttpScripting: convert to markdown [106]
o docs: add description about CI platforms to CONTRIBUTE.md [44]
o docs: correct non-existing macros in man pages [35]
o doh: add error message for DOH_DNS_NAME_TOO_LONG [17]
o dynbuf: make sure Curl_dyn_tail() zero terminates [78]
o easy_reset: clear retry counter [82]
o easygetopt: pass a valid enum to avoid compiler warning [75]
o etag: save and use the full received contents [4]
o ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND [99]
o ftp: avoid risk of reading uninitialized integers [76]
o ftp: get rid of the PPSENDF macro [85]
o ftp: make a 552 response return CURLE_REMOTE_DISK_FULL [87]
o ftp: separate FTPS from FTP over "HTTPS proxy" [112]
o git: ignore libtests in 3XXX area [16]
o github: use new issue template feature [88]
o HISTORY: mention alt-svc added in 2019
o HTTP/3: update to OpenSSL_1_1_1g-quic-draft-29 [41]
o http: consolidate nghttp2_session_mem_recv() call paths [80]
o http_proxy: do not count proxy headers in the header bytecount [90]
o http_proxy: do not crash with HTTPS_PROXY and NO_PROXY set [50]
o imap: make imap_send use dynbuf for the send buffer management [110]
o imap: set cselect_bits to CURL_CSELECT_IN initially [104]
o ldap: reduce the amount of #ifdefs needed [124]
o lib/Makefile.am: bump VERSIONINFO due to new functions [65]
o lib1560: verify "redirect" to double-slash leading URL [20]
o lib583: fix enum mixup
o lib: fix -Wassign-enum warnings [84]
o lib: make Curl_gethostname accept a const pointer [38]
o libssh2: handle the SSH protocols done over HTTPS proxy [125]
o libssh2: pass on the error from ssh_force_knownhost_key_type [47]
o Makefile.m32: add ability to override zstd libs [ci skip] [10]
o man pages: switch to https://example.com URLs [86]
o MANUAL: update examples to resolve without redirects [122]
o mbedtls: add missing header when defining MBEDTLS_DEBUG [133]
o memdebug: remove 9 year old unused debug function [126]
o multi: expand pre-check for socket readiness [21]
o multi: handle connection state winsock events [31]
o multi: implement wait using winsock events [22]
o ngtcp2: adapt to new NGTCP2_PROTO_VER_MAX define [108]
o ngtcp2: adapt to the new pkt_info arguments [18]
o ntlm: fix condition for curl_ntlm_core usage [46]
o openssl: avoid error conditions when importing native CA [52]
o openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification [57]
o openssl: Fix wincrypt symbols conflict with BoringSSL [9]
o parsedate: tune the date to epoch conversion [95]
o pause: only trigger a reread if the unpause sticks [92]
o pingpong: use a dynbuf for the *_pp_sendf() function [113]
o READMEs: convert several to markdown [115]
o runtests: add %repeat[]% for test files [116]
o runtests: allow creating files without newlines [72]
o runtests: allow generating a binary sequence from hex
o runtests: clear pid variables when failing to start a server [12]
o runtests: make cleardir() erase dot files too [8]
o runtests: provide curl's version string as %VERSION for tests [127]
o schannel: fix memory leak when using get_cert_location [15]
o schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root [128]
o scripts: improve the "get latest curl release tag" logic
o sectransp: make it build with --disable-proxy [123]
o select.h: make socket validation macros test for INVALID_SOCKET [24]
o select: align poll emulation to return all relevant events [63]
o select: fix poll-based check not detecting connect failure
o select: reduce duplication of Curl_poll in Curl_socket_check [23]
o select: simplify return code handling for poll and select [49]
o setopt: if the buffer exists, refuse the new BUFFERSIZE [5]
o setopt: return CURLE_BAD_FUNCTION_ARGUMENT on bad argument [91]
o socketpair: allow CURL_DISABLE_SOCKETPAIR [11]
o sockfilt: handle FD_CLOSE winsock event on write socket [30]
o src: spell whitespace without whitespace [121]
o SSLCERTS: fix English syntax [34]
o strerror: honor Unicode API choice on Windows [109]
o symbian: drop support [118]
o telnet.c: depend on static requirement of WinSock version 2 [61]
o test1541: remove since it is a known bug [68]
o test163[12]: require http to be built-in to run [94]
o test434: test -K use in a single line without newline [59]
o test971: show test mismatches "inline"
o tests/data: Fix some mismatched XML tags in test cases
o tests/FILEFORMAT: document nonewline support for <file>
o tests/FILEFORMAT: document type=shell for <command>
o tests/server/util.c: fix support for Windows Unicode builds [131]
o tests: remove pipelining tests [69]
o tls: fix SRP detection by using the proper #ifdefs [33]
o tls: provide the CApath verbose log on its own line [1]
o tool_setopt: escape binary data to hex, not octal
o tool_writeout: add new writeout variable, %{num_headers} [97]
o travis: add a build using libressl (from git master) [55]
o url: use blank credentials when using proxy w/o username and password [54]
o urlapi: use more Curl_safefree [89]
o vtls: deduplicate client certificates in ssl_config_data [98]
o win32: drop support for WinSock version 1, require version 2 [62]
o winbuild: convert the instruction text to README.md [19]
Brief changes for 7.0.16:
- Pre-load the CoyoteOutputStream class to prevent a potential
exception when running under a security manager. Patch provided by Johnathan
Gilday. (markt)
- Refactor the Default servlet to provide a single method that can be
overridden (generateETag()) should a custom entity tag format be required.
(markt)
- Improve the validation of entity tags provided with conditional
requests. Requests with headers that contain invalid entity tags will be
rejected with a 400 response code. Improve the matching algorithm used to
compare entity tags in conditional requests with the entity tag for the
requested resource. Based on a pull request by Sergey Ponomarev. (markt)
- Deprecate the JDBCRealm. (markt)
Full changelog is available at:
https://tomcat.apache.org/tomcat-7.0-doc/changelog.html
Also CONFLICTS have been adjusted.
Changes for 8.5.59:
- Refactor the handling of closed HTTP/2 streams to reduce the heap usage
associated with used streams and to retain information for more streams in
the priority tree.
- Deprecate the JDBCRealm.
- Ensure that none of the methods on a ServletContext instance always fail
when running under a SecurityManager.
Full changelog is available at:
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.59_(markt)
Also CONFLICTS have been adjusted.
Changes for 9.0.39:
- Refactor the handling of closed HTTP/2 streams to reduce the heap usage
associated with used streams and to retain information for more streams in
the priority tree.
- Allow using the utility executor for annotation scanning.
- Add a bloom filter to speed up archive lookup and improve deployment speed
of applications with a large number of JARs.
Full changelog is available at:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39
Also CONFLICTS have been adjusted.
5.0.8
- Add optional support for using `fastjsonschema` as the JSON validation library.
To enable fast validation, install `fastjsonschema` and set the environment
variable `NBFORMAT_VALIDATOR` to the value `fastjsonschema`.
