= Changes in 2.2.5 =
May 06, 2012 - version 2.2.5
* Bug fixes
* Added Magic encoding comment to hexdump.rb to avoid encoding error.
* Add workaround for JRuby issue on Windows (JRUBY-6136)
On Windows, calling File#size fails with an Unknown error (20047).
This workaround uses File#lstat instead.
* Require open-uri only on ruby 1.9, since it is not needed on 1.8.
* Features
* Allow symbol Header name for HTTP request.
* Dump more SSL certificate information under $DEBUG.
* Add HTTPClient::SSLConfig#ssl_version property.
* Add 'Accept: */*' header to request by default. Rails requies it.
It doesn't override given Accept header from API.
* Add HTTPClient::SSLConfig#set_default_paths. This method makes
HTTPClient instance to use OpenSSL's default trusted CA certificates.
* Allow to set Date header manually.
ex. clent.get(uri, :header => {'Date' => Time.now.httpdate})
pkgsrc change: install .htaccess as configuration file with .htaccess.default
as an example.
* Fix permission checking problem of Task center.
* Provide improved .htaccess.default.
* Several bug fixes and improvements.
Changelog:
5.5.2.1
Behavioral Improvements
* Better update checking for new versions of concrete5.
* Attribute types have friendlier names (Checkbox instead of Boolean, etc...)
* When a fixed footprint isn't set, the image cropper in the file manager now defaults to the full size of the image.
* Improved performance of intelligent search
* Fixed http://www.concrete5.org/developers/bugs/5-5-2/login-and-error-pages-dont-use-the-menu-logo-settings/
And bugfixes
5.5.2
Feature Updates
* Replaced Picnik with built-in crop, rotate and zoom functionality. Crop+Zoom provided by jQuery Cropzoom by Gaston Robledo (http://www.cropzoom.com.ar/)
* Added ability to specify a file set on a form block for files uploaded through form. (Thanks danklassen!)
* Prettier edit/add experience for image block.
* Image block can now automatically resize thumbnails (previous default) or accept a fixed size, which can be passed to the image editor directly as a fixed width/height
* Ability to receive an email when new users register (Thanks Mnkras.)
Behavioral Improvements
* Made better use of space on dashboard home and system & settings
* Newsflow arrows are more prominent
* Moved sessions into filers/tmp/ on each site for better security.
* Download File script now redirects to files instead of forcing all files to download (to allow PDFs, images to display in browser)
* Fixed: http://www.concrete5.org/developers/bugs/5-5-1/cant-open-sitemap-visit-links-in-new-tab-5.5/
* Improved installation will remove user-created configuration files if something goes wrong in installation, removing an infinite installation loop unless the files were removed by hand.
* More robust UI handling when concrete5 is used with themes with greedy center styles.
* Adding wmode=transparent to youtube videos for better display
* File blocks now are searchable through the site-wide search block.
And bugfixes
5.5.1
Feature Updates
* New Interface Settings page in Systems & Settings that lets you control your dashboard background image, and the behavior of the quick nav.
* Newsflow One is now located at /dashboard/news. /dashboard now houses a table of contents for the dashboard. You can navigate to this by clicking the dashboard button.
* Page attributes that are setup to be viewed by default will now show when adding pages of that type. Better add page experience (more page types, etc...)
* Improved the marketplace browsing experience by simplifying and increasing the number of results in a given request. Now able to filter by compatible marketplace packages.
Behavioral Improvements
* Better Edit Bar Interaction
* ccm.app.js is now minified
* Content Importer library now reindexes pages after content is imported.
* Move the content down when edit bar appears (this used to work so just figure out what got lost and bring it back)
* Add multiple files window now closes after using multiple file uploader
* The language name should always be displayed in that language when editing a user's record in the dashboard on a multilingual site.
* Brought back enter key event when adding values to select attribute
And bugfixes
5.5.0
Feature Updates
* Completely revampled, overhauled and refined interface in the front-end and in the dashboard. Too many improvements to list here.
* No more scrapbook! Simpler, streamlined, faster clipboard for copy and paste, and "Stacks" for managing global areas, with support for version control and block reordering.
* Improved Installation that lets you specify your admin password, an installation language, gives you more access to sample content.
* Comprehensive white-labeling support, including the ability to specify alternate install packages, an alternate logo.
* Deleted pages now go into the trash for easy restore or bulk deletion.
* Better Page Attributes, including the ability to define attribute sets for page attributes, including reordering. Attributes can also be used with page defaults. Much better interface for choosing page attributes.
* Better marketplace integration, including the ability to read full descriptions, better search, a more attractive and fully informative informative, and the ability to purchase items directly from your website.
* Beautiful new "Greek Yogurt" Theme, installed with the sample content.
* New bulk commands in page search, including bulk delete, bulk move/copy, bulk design, and bulk speed settings
* Page Search and User Search now have fully customizable columns
* Better Anti-Spam Controls. Easy installation of new captcha libraries like reCAPTCHA (available for free download from concrete5.org) and anti-spam libraries like Akismet.
Performance Improvements
* Extensive CSS and JavaScript Minification and Combination. Far fewer files and code loaded.
* UI now uses sprites for better performance.
* Much JavaScript is now loaded in the footer to prevent blocking.
* Make Config values use one database query at startup to load, or one cache call. (Integrated and modified pull request from christiaan)
* More optimized dynamic PHP function calls (thanks christiaan)
* Page List is lighter weight with system pages no longer cached or calculated on the fly.
* Included an optimization job that can remove all but the most recent 10 versions of pages.
* Page reindexing no longer happens every time we set attribute or exit edit mode. Now instead it happens when running the index search job, or when visiting a page you have edit access to (through a silent, non-blocked reindex AJAX request.) (Note: this behavior can be modified by defining ENABLE_PROGRESSIVE_PAGE_REINDEX to false.)
* Much improved performance on the better designed Form Results page.
* Removed the Database class. Instead just go directly to ADODB and add our functions as stubs
Additional Features and behavioral Improvements
* Updated TinyMCE to 3.4.6, fixing bugs, improving stability, and enabling editing on iOS devices.
* Dialog windows should no longer be larger than the container browser window.
* Cleaner page list block template (thanks jordanlev)
* Departments of France are now included when checking France as an active country (thanks marcandre)
* Default mod_rewrite rules now make it so that pages like "jobs" that match directory names can be created (thanks christiaan)
* Included iPhone home screen thumbnail in the site icons dashboard page.
and bugfixes and Developer Updates
Drupal 7.14 2012-05-02
----------------------
- Fixed "integrity constraint" fatal errors when rebuilding registry.
- Fixed custom logo and favicon functionality referencing incorrect paths.
- Fixed DB Case Sensitivity: Allow BINARY attribute in MySQL.
- Split field_bundle_settings out per bundle.
- Improve UX for machine names for fields (UI change).
- Fixed User pictures are not removed properly.
- Fixed HTTPS sessions not working in all cases.
- Fixed Regression: Required radios throw illegal choice error when none
selected.
- Fixed allow autocompletion requests to include slashes.
- Eliminate $user->cache and {session}.cache in favor of
$_SESSION['cache_expiration'][$bin] (Performance).
- Fixed focus jumps to tab when pressing enter on a form element within tab.
- Fixed race condition in locale() - duplicates in {locales_source}.
- Fixed Missing "Default image" per field instance.
- Quit clobbering people's work when they click the filter tips link
- Form API #states: Fix conditionals to allow OR and XOR constructions.
- Fixed Focus jumps to tab when pressing enter on a form element within tab.
(Accessibility)
- Improved performance of node_access queries.
- Fixed Fieldsets inside vertical tabs have no title and can't be collapsed.
- Reduce size of cache_menu table (Performance).
- Fixed unnecessary aggregation of CSS/JS (Performance).
- Fixed taxonomy_autocomplete() produces SQL error for nonexistent field.
- Fixed HTML filter is not run first by default, despite default weight.
- Fixed Overlay does not work with prefixed URL paths.
- Better debug info for field errors (string change).
- Fixed Data corruption in comment IDs (results in broken threading on
PostgreSQL).
- Fixed machine name not editable if every character is replaced.
- Fixed user picture not appearing in comment preview (Markup change).
- Added optional vid argument for taxonomy_get_term_by_name().
- Fixed Invalid Unicode code range in PREG_CLASS_UNICODE_WORD_BOUNDARY fails
with PCRE 8.30.
- Fixed {trigger_assignments()}.hook has only 32 characters, is too short.
- Numerous fixes to run-tests.sh.
- Fixed Tests in profiles/[name]/modules cannot be run and cannot use a
different profile for running tests.
- Numerous JavaScript performance fixes.
- Numerous documentation fixes.
- Fixed All pager links have an 'active' CSS class.
- Numerous upgrade path fixes; notably:
- system_update_7061() fails on inserting files with same name but different
case.
- system_update_7061() converts filepaths too aggressively.
- Trigger upgrade path: Node triggers removed when upgrading to 7-x from 6.25.
- Add PHP 5.4 support (Dmitry, Anatoliy, Pierre)
- Fixed bug #22679: Fix apc_bin_dump for constants. Use IS_CONSTANT_TYPE_MASK
to handle all the constants, including the unqalified ones (instead of
~IS_CONSTANT_INDEX check)
- Fixed bug #23822, php crashes on apache restart
Patches from Bernd Ernesti on pkgsrc-users.
Changelog:
The following problems are fixed.
* Security fixes
* extensions.checkCompatibility.* prefs didn't work as expected
in ESR releases (734848)
* Firefox ESR 10.0.3 opened "Whats New" page after update (737535)
=== 2.4
* Security fix:
Mechanize#auth and Mechanize#basic_auth allowed disclosure of passwords to
malicious servers and have been removed.
In prior versions of mechanize only one set of HTTP authentication
credentials were allowed for all connections. If a mechanize instance
connected to more than one server then a malicious server detecting
mechanize could ask for HTTP Basic authentication. This would expose the
username and password intended only for one server.
Mechanize#auth and Mechanize#basic_auth now warn when used.
To fix the warning switch to Mechanize#add_auth which requires at the URI
the credentials are intended for, the username and the password.
Optionally an HTTP authentication realm or NTLM domain may be provided.
* Minor enhancement
* Improved exception messages for 401 Unauthorized responses. Mechanize now
tells you if you were missing credentials, had an incorrect password, etc.
Changelog
* The Redis adapter (Ramaze::Cache::Redis) has been fixed so that it works
with sessions, previously this would result in "Can't convert into symbol"
errors and the like. This problem was caused by not encoding data using
Marshal. Thanks to EdvardM for reporting the issue.
* The Redis cache adapter namespaces keys just like the other adapters.
* Ramaze::Cache::MemCache has been updated for the latest version of Dalli and
should no longer display deprecation warnings. The minimum required version
of Dalli has been set to at least 2.0.2.
* Various documentation improvements and additions.
* The HTML of the pagination helper can now be customized, thanks to Leucos
and bougyman for adding it.
=== unicorn 4.3.1 - shutdown() fixes / 2012-04-29 07:04 UTC
* Call shutdown(2) if a client EOFs on us during upload.
We can avoid holding a socket open if the Rack app forked a
process during uploads.
* ignore potential Errno::ENOTCONN errors (from shutdown(2)).
Even on LANs, connections can occasionally be accept()-ed but
be unusable afterwards.
Thanks to Joel Nimety <jnimety@continuity.net>,
Matt Smith <matt@nearapogee.com> and George <lists@southernohio.net>
on the mongrel-unicorn@rubyforge.org mailing list for their
feedback and testing for this release.
=== unicorn 4.3.0 - minor fixes and updates / 2012-04-17 21:51 UTC
* PATH_INFO (aka REQUEST_PATH) increased to 4096 (from 1024).
This allows requests with longer path components and matches
the system PATH_MAX value common to GNU/Linux systems for
serving filesystem components with long names.
* Apps that fork() (but do not exec()) internally for background
tasks now indicate the end-of-request immediately after
writing the Rack response.
Thanks to Hongli Lai, Lawrence Pit, Patrick Wenger and Nuo Yan
for their valuable feedback for this release.
=== unicorn 4.2.1 - minor fix and doc updates / 2012-03-26 21:39 UTC
* Stale pid files are detected if a pid is recycled by processes
belonging to another user, thanks to Graham Bleach.
* nginx example config updates thanks to to Eike Herzbach.
* KNOWN_ISSUES now documents issues with apps/libs that install
conflicting signal handlers.
3.1.16
* Fix some bugs in sass-convert selector parsing when converting from CSS.
* Substantially improve compilation performance on Ruby 1.8.
* Support the @-moz-document directive¡Çs non-standard url-prefix and domain
function syntax.
* Support the @supports directive.
* Fix a performance issue when using /*! */ comments with the Rails asset
pipeline.
* Support -moz-element.
* Properly handle empty lists in sass-convert.
* Move from FSSM to Listen for file-system monitoring.
=== 2.6 / 2010-03-26
* Minor enhancement
* Net::HTTP::Persistent#idle_timeout may be set to nil to disable expiration
of connections. Pull Request #21 by Aaron Stone
## 2.0.2 (03 April 2012)
- Updated to jQuery 1.7.2
- Updated to jQuery UI 1.8.18
- Updated to latest jquery-ujs
- Override provided for obtaining `href`
- Edit `crossDomain` and `dataType` from `ajax:before` event
## Rails 3.2.3 (unreleased) ##
* Remove the leading \n added by textarea on assert_select. *Santiago Pastorino*
* Fix#5632, render :inline set the proper rendered format. *Santiago Pastorino*
* Fix textarea rendering when using plugins like HAML. Such plugins encode the first newline character in the content. This issue was introduced in https://github.com/rails/rails/pull/5191 *James Coleman*
* Add `config.action_view.embed_authenticity_token_in_remote_forms` (defaults to true) which allows to set if authenticity token will be included by default in remote forms. If you change it to false, you can still force authenticity token by passing `:authenticity_token => true` in form options *Piotr Sarnacki*
* Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value *DHH*
* Turn off verbose mode of rack-cache, we still have X-Rack-Cache to
check that info. Closes#5245. *Santiago Pastorino*
* Fix#5238, rendered_format is not set when template is not rendered. *Piotr Sarnacki*
* Upgrade rack-cache to 1.2. *José Valim*
* ActionController::SessionManagement is deprecated. *Santiago Pastorino*
* Since the router holds references to many parts of the system like engines, controllers and the application itself, inspecting the route set can actually be really slow, therefore we default alias inspect to to_s. *José Valim*
* Add a new line after the textarea opening tag. Closes#393 *Rafael Mendonça França*
* Always pass a respond block from to responder. We should let the responder to decide what to do with the given overridden response block, and not short circuit it. *sikachu*
* Fixes layout rendering regression from 3.2.2. *José Valim*
* Remove unused option.
* Restore jemalloc option.
Changelog:
* The File and Move Bookmarks dialogs are resizable now.
* HTML5 videos that do not start automatically show a large play button now.
* Add-ons Sync can now be configured without the Add-ons Sync Prefs add-on.
* Pasting a URL from the clipboard into the Download Manager window will
download it.
* Plugins can be disabled for the whole suite now in addition to
Mail & Newsgroups only.
* View Source now has line numbers.
* Line breaks are now supported in the title attribute.
* Find in Page search results are scrolled into view now.
* The column-fill CSS property has been implemented.
* Support for the text-align-last CSS property has been added.
* Experimental support for ECMAScript 6 Map and Set objects has been
implemented.
* Fixed several stability issues.
Changelog:
* Page Source now has line numbers
* Line breaks are now supported in the title attribute
* Improvements to "Find in Page" to center search result
* URLs pasted into the download manager window are now automatically downloaded
* Support for the text-align-last CSS property has been added
* Various security fixes
* Some TinyMCE-based editors failed to load (739141)
Upstream changes:
Highlights
MDL-27891 Tag flagging is now logged
Functional changes
MDL-31095 Quiz max grade maintained when adding and removing questions
MDL-30031 Quiz Adaptive mode ignores invalid answers without penalty
Security issues
MSA-12-0013 - Database activity export permission issue
MSA-12-0014 - Password and Web services issue
MSA-12-0015 - Backup and private files issue
MSA-12-0016 - Default repository capabilities issue
MSA-12-0017 - Personal information leak issue
MSA-12-0018 - Course information leak in Gradebook export
MSA-12-0019 - Overview report and hidden course issue
MSA-12-0020 - Forum subscription permission issue
MSA-12-0021 - Course information leak through tags
MSA-12-0022 - Security conflict in Web services
Fixes and improvements
MDL-31248 Change to RC4 encryption is now backwards compatible
- Note: all users will need to log in to set a new cookie after this update
MDL-31213 Problem with new password form was fixed
MDL-29254 Problem adding blog entries after an update from 1.9 was resolved
MDL-22896 Forum messages with ampersands are now sent correctly by email
MDL-27793 Login names now appear consistently in all themes across all languages
MDL-26037 When importing in a site with lots of courses, all courses are checked
MDL-30484 Regrading quiz causes essay attachments to disappear
MDL-28364 Correct import formats accepted when importing questions
MDL-31407 Quiz grades are saved properly when the submitter is not the user taking the quiz
MDL-31876, MDL-31495 Quiz performance improvements have been made
Three external libraries included in WordPress received security updates:
* Plupload (version 1.5.4), which WordPress uses for uploading media.
* SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
* SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
WordPress 3.3.2 also addresses:
* Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
* Cross-site scripting vulnerability when making URLs clickable.
* Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
