Changes in release 0.25.5:
* ne_ssl_clicert_decrypt(): catch and fail to load a client cert
with mismatched key/cert pair.
* Fix build issue on AIX 5.1.
* Fix warnings if built against OpenSSL >= 0.9.8.
* Win32: fix issues in SSPI implementation (Stefan Küng).
2006-01-17 Lars Lindner
Version 1.0.1
* Fixes a compatibility issue with Firefox 1.5
that might cause crashes when running with both
the Mozilla Suite and Firefox are installed.
(Gentoo bug #118700 reported by Ed Katmur)
* Removes vfolder nodes when exporting the feed list.
(SF #1407742 reported by Duilio J. Protti)
"extract" script for extraction. Many cases where a custom EXTRACT_CMD
simply copied the distfile into the work directory are no longer
needed. The extract script also hides differences between pax and
tar behind a common command-line interface, so we no longer need code
that's conditional on whether EXTRACT_USING is tar or pax.
Changes
* Work around crash caused by https://bugzilla.mozilla.org/show_bug.cgi?id=312241 .
* Use gtk stock icons for fullscreen
* Add more mime types to the list of known types
* Use the history window as parent for the new-bookmark dialogue [#320329]
* Scroll the view so the selected cert is visible [#320758]
* Allow compilation against xulrunner
* Don't put the prefs/pdm dialogue over all windows
* Vastly improve PDM dialogue opening time
* Delay reloads when we get many change notifications in a short time [#319993]
* Fix HTML forms and scrollbars in lockdown mode [#316498]
Contributors to this release:
Robert O'Callahan.
Updated translations:
* Ivar Smolin (et)
* Clytie Siddall (vi)
* Liu Songhe (zh_CN)
* Fixed security bug that could allow attacker to execute arbitrary
commands as the apache user. [Digital Armaments, seregon at bughunter
dot net]
* Fixed bug that sometimes resulted in segfaults during periodic cache
cleanup. [Stefan Gaffga]
* Add AuthLDAPVersion option to specify which LDAP version to use on
LDAP server. [Hans Petter Selasky]
* Support ldaps:// urls automatically under OpenLDAP. No need to compile
with --with-ssl; this is just to enable SSL with the Netscape SDK.
[Andrew McAllister, Malcolm Locke]
* Fixed bug where auth_ldap didn't always rebind as the AuthLDAPBindDN
after doing an authorization. [Stephen Lombardo, Brent Putnam, Ace
Suares, Ted Cabeen, others].
* Fixed bug where we forgot to note a failed auth attempt which would
result in the browser never giving the user a second chance to enter a
password. [Thanks to many other people]
vulnerabilities.
A Java based HTTP/HTTPS proxy for assessing web application vulnerabilities.
It supports editing/viewing HTTP messages on-the-fly. Other features include
spiders, client certificate, proxy-chaining, intelligent scanning for XSS
and SQL injections and more.
2005-12-23 Lars Lindner
Version 1.0
* Notifications are now always kept on top.
(patch from Scott Harmon)
* HTML view cleared when subscription is removed.
* Added <Del> as accelerator for deleting items.
* Now double clicking an item behaves according
to the open-link-in-Liferea preference.
(SF 1362228, reported by jphendrix)
Bugfixes:
* Fixes crash on "Next Unread" when no feed list
selection is available.
* Fixes a memory corruption caused by a bug in
the Atom 1.0 parsing code. (SF #1366369,
reported by Stephane Bortzmeyer)
* Fixes crash when removing items from the "Unread"
vfolder. (reported by Liberty Young)
* Fixes missing dates for RSS feeds that specify
RFC822 date definitions without seconds.
(reported by Aristotle Pagaltzis)
* Right clicking the enclosure download arrow
now opens the enclosures menu and not the
standard hyperlink context menu.
* Lockfiles are correctly checked for hostnames containing
periods.
Translations:
* Update of Japanese translation (Takeshi AIHANA)
* Update of Bulgarian translation (Vladimir Petkov)
* Update of Italian translation (Dario Coniglario)
* Update of Spanish translation (Calos Fenollosa Bielsa)
* Update of Brazilian Portugese translation
(Fernando Ike de Oliveira)
* Update of Slovakian translation (Tibor Pittich)
* Update of Korean translation (Park Ji-In)
* Update of Swedish translation (Sigge Kotliar)
2005-11-18 Lars Lindner
Version 1.0 RC4
* SF feed removed from all default feed lists.
* Updated some default feed lists to include the
standard vfolders.
* Adds a lot of missing accelerator keys to
the different dialogs.
* An offline FAQ was added to the program.
There is a new FAQ option in the help menu.
* Help contents index extended with links to
online support sites.
Bugfixes:
* Fixes a minor problem when downloading favicons
that were at least once downloaded in the past
and are not available online anymore.
* Fixes a bug that prevented using hotkeys with
Mozilla and hidden menu bar.
* Fixes a bug about using Ctrl-F with GtkHTML2
(SF #1358949, reported by noltec)
* Repaired some broken translation strings.
* Fixes several typos.
Translations:
* Update of Italian translation (Dario Coniglario)
* Update of Bulgarian translation (Vladimir Petkov)
* Update of Swedish translation (Sigge Kotliar)
* Update of French translation (Vincent Levefre)
2005-11-04 Lars Lindner
Version 1.0 RC3
* Display vfolder properties when a vfolder is created.
* New preference to hide all read items when viewing
a folder. (Patch from Bjorn Monnens)
* Improved GNOME HIG compliance, better dialog padding
and spacing. (Patch from Christian Persch)
* Added Ctrl-F hotkey to open the search dialog.
Bugfixes:
* Prevents next unread jumping into a vfolder.
(reported by Sigge Kotliar)
* Prevents deferred item removal in the wrong
feed when changing from a "unread" vfolder
to any other feed.
* Fixes the bug that all items of a feed were
dropped as soon as "disable cache" was enabled.
(SF #1318391 reported by Matt Brubeck)
* Certain favicons are no longer downloaded in an
endless loop.
* Fixes a RFC822 date parsing problem on MacOS.
(Patch from Vincent Lefevre)
Translations:
* Update of Spanish translation (Carlos Fennelosa)
* Update of Japanese translation (Takeshi AIHANA)
Closes PR 32465.
Most Important Changes Since 3.1
* The ZServer has been replaced with the Twisted server. The Twisted
server supports all that the ZServer supporting has well
has HTTP over SSL natively and SFTP (disabled for now because of
error handling problems). Also in the future it brings a
better chance of other non-HTTP related protocols from being
implemented for Zope3, like SMTP-in and IMAP.
ZServer is still supported and will be used if you use the --zserver
when you run mkzopeinstance.
* Added a test browser. The test browser simulates a real Web browser
as much as possible as a Python object. This allows us to
write functional tests the same way the site would be
experienced by the user. This greatly simplifies functional tests,
makes documentation better and even helps analyzing usability. And
of course, it can be used in functional doctests.
* Changed the way returning large results is handled. The
response.write method is no longer supported. Applications can now
simply return files to the publisher.
* Implemented the password managers proposal. Main idea
beside the proposal is a standard way to implement password
encoders/checkers, see
zope.app.authentication.interfaces.IPasswordManager for
details.
+ Added basic password managers: Plain Text, MD5, SHA1.
+ Support for password managers added for ZCML principals
and principals saved in local PrincipalFolers.
+ Added bin/zpasswd command line script which helps to create ZCML
principals.
+ Password managers support integrated into bin/mkzopeinstance.
+ New database generation created for convert local principals to
new format.
* Implemented the language namespace proposal. Now you can
override the browser preferred language through the URL,
like this:
http://site.org/++lang++ru/path
Note: If you want to use a custom IUserPreferredLanguages
adapter and the ++lang++ feature together you should use
zope.app.publisher.browser.CacheableBrowserLanguages adapter as a
base class or at least as example.
* Implemented a new object introspector. Instead of just
providing information of the object's class, the new
introspector focuses on providing information that is specific to
the instance, such as directly provided interfaces and data, for
example attribute values and annotation values.
* Implemented the `devmode` switch for `zope.conf`. When turned on a
ZCML feature called `devmode` is provided. Packages can then
register functionality based on this feature. In Zope 3
itself, the devmode is used to only load the API doc is
devmode; turning off the devmode thus closes a potential
security hole and increases the start time by more than a
second.
* addMenuItem directive supports a `layer` attribute.
* Added a re-implementation of i18n message IDs (now simply
called ``Message``) that is immutable and thus can be treated like
unicode strings with respect to security proxying. This
implementation will replace the old one in upcoming versions.
* Added "test" message catalog for testing i18n. If you specify
++lang++test in a URL, then all translated strings will be
translated to [[domain][message_id], as in "[[zope][Preview]]". Text
without the domain marker isn't translated.
For a complete list of changes see the CHANGES.txt file.
Temporary files used to accept file uploads were not closed properly. This
resulted in a file descriptor leak, which was unlikely to be serious because of
the short lifespan of CGI programs and the fact that very few forms upload many
files at once. However, on the Windows platform and possibly some others, file
locking semantics prevented file uploads from working at all with these files
not properly closed. Fixed in 2.05.
Changes 2.04:
Documentation fixes: the cgiHtmlEscape, cgiHtmlEscapeData, cgiValueEscape, and
cgiValueEscapeData routines were named incorrectly in the manual. No code
changes in version 2.04.
Changes 2.03:
Support for setting cookies has been reimplemented. The new code closely
follows the actual practice of web sites that successfully use cookies, rather
than attempting to implement the specification. The new code can successfully
set more than one cookie at a time in typical web browsers.
