* language namespaces for apphooks (reverse("de:myview"), reverse("en:myview"))
* video plugin switch to http://github.com/FlashJunior/OSFlashVideoPlayer
* frontediting added (cms.middlware.toolbar.ToolbarMiddleware)
* testsuite works now under sqlite and postgres
* orphaned text embed plugins get now deleted if not referenced in the text
anymore
* placeholder templatetag: "theme" attribute removed in favor of "width"
(backward incompatible change if theme was used)
* menu is its own app now
* menu modifiers (you can register menu modifiers that can change menu nodes
or rearrange them)
* menus are now class based.
* apphooks are now class based and can bring multiple menus and urls.py with
them.
* menus and apphooks are auto-discovered now
* example templates look a lot better now.
* languages are not a dropdown anymore but fancy tabs
* placeholderend templatetag added: {% placeholder "content" %}There is no
content here{% endplaceholder %}
* plugins can now be used in other apps :) see cms/docs/placeholders.txt
* plugins can now be grouped
* a lot of bugfixes
* the cms now depends on the cms.middleware.media.PlaceholderMediaMiddleware
middleware
* templatetags refactored: see cms/docs/templatetags.txt for new signatures.
* placeholder has new option: or and a endpalceholder templatetag
* comments: Fix commenting, broken by security fix.
* blogspam: Don't check modifications from admins for spam, and
also allow the blogspam_pagespec to do other matches against who
the user is.
* inline: Fix regression in feed titles. Closes: #610878 (Thanks, Paul Wise)
* Adapt autoindex test suite to work with old Test::More.
* inline: Pass feed titles to templates and add title and rel attributes
to feed links. (Giuseppe Bilotta)
* inline: Use class rather than id for feedlinks and blogform.
(Giuseppe Bilotta)
* comments: Fix XSS security hole due to missing validation of page name.
CVE-2011-0428 (Thanks, Dave B.)
* rename: Fix crash when renaming a page that is linked to by a page
in an underlay.
rewording while here.
XXX: I don't see what w3m-img does differently?
Changes:
w3m 0.5.3 - 2011-01-15
* security fix
- fix vulnerabilities indicated by bugs.debian.org.
- suppress sending Referer, if https:// -> http://
* new features
- adapt w3mimg to native windows on MS Windows.
- support xterm-incompatible terminals without gpm.
- add "xhtml" to default guess.
- introduce option pseudo_inlines.
- add option to avoid "wrong number of dots" error in cookies.
* other bug fixes
- fix "important" bugs from bugs.debian.org
- preserve spaces in multibyte context.
- fix proxy authentication.
* Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
* Bug 3113: Consuming too much memory when uploading files
* Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for
* Bug 3096: Consuming too much memory when delaying traffic
* Bug 3091: Bypassed ICAP errors are not counted as service failures
* Bug 3090: Polish FTP login error handing
* Bug 3068: cache_dir capacity and usage overflows
* Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
* Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests
* Fix memory leak in adaptation_access
* Fix /dev/poll and poll() selection priority
* Fix PREFIX/var/run creation during install
* Fix cachemgr http_port config report display
* Add upgrade help process for obsolete options
* Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known'
* HTTP/1.1: entry is stale if request has max-age=0
* HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
* Toolchain update to support newer auto-tools
* ... and updated error page translations
* ... and updated documentation
* ... and some code optimization/simplification polish
on different sites. Django CMS handles the navigation rendering for you in
multiple languages with internationalization (i18n) slugs, and the navigation
can be extended by your own models. Pages are rendered with a template that
has placeholders which get filled via plugins.
By sane, we mean that the status of every migration is tracked individually,
rather than just the number of the top migration reached; this means South
can detect when you have an unapplied migration that's sitting in the middle
of a whole load of applied ones, and will let you apply it straight off,
or let you roll back to it, and apply from there forward.
which is fully compatible with the current Django templating infrastructure.
This new way should be easy, clean and require as little boilerplate code as
possible while still staying as powerful as possible.
Features:
* Class based template tags.
* Template tag argument parser.
* Declarative way to define arguments.
* Supports (theoretically infinite) parse-until blocks.
* Extensible!
ok by pettai@.
Changes:
1. New version of the slideshow module now uses PicLens to provide a rich, full screen slideshow.
2. Comment module now offers moderation and Akismet support to help weed out spam comments.
3. New email notification module allowing users to configure events they wish to get notified for. You can watch albums for changes, items for new comments, etc.
4. New Jpegtran module to support rotation and cropping of jpeg images with no loss in image quality.
5. New SnapGalaxy module for prints from snapgalaxy.com.
6. Registration module can now send a welcome email to new users upon account activation.
7. EXIF block now uses AJAX to switch between summary and detail display.
8. External image block now has a "rawImage" mode to return a single binary image instead of HTML output.
9. Support in RSS module for Media RSS format and random RSS streams.
10. Remote module now bundles the Gallery Remote client and makes it available via Java Web Start. Users with a Java enabled browser can then launch Gallery Remote with a single click instead of manually downloading and installing.
11. Hybrid theme now uses automatic navigation between pages in its image viewer and slideshow. This means the slideshow will show all images in the album, moving between album pages as needed. Requesting the next/previous image in the image viewer will also load a new album page as needed.
12. Webcam module now accepts file:// URLs to retrieve image from local filesystem.
13. Dcraw module now supports Adobe Digital Negative (dng) files, when used with dcraw v7.0 or newer.
14. Added support for Windows Vista in PublishXP module.
15. New database backup feature. Backup at start of upgrade, or anytime from Site Admin / Maintenance. Restore a backup from lib/support interface.
16. Can now put Gallery into maintenance mode from Site Admin / Maintenance. Setting in config.php file is still available too.
17. New event logging system records Gallery errors, viewable in the Site Admin interface.
18. Themes can now override module template files, allowing a themed look to more aspects of the application.
19. New Language Manager that allows the addition or removal of translations.
20. User interface changes.
* Use AJAX to speed up deleting comments(spam) on items/albums.
* Use quick DHTML confirm dialog for deleting single items. Dialog offers link to bulk delete several items from an album.
* Use YUI ItemTree instead of plain select box to select target album when moving items, creating replicas or link items.
21. Performance and stability improvements.
* Smarty templates now permanently cached by default. Turn this off in Site Admin / Performance when working on tpl files, so changes take effect immediately during development.
* Avoid reading EXIF data multiple times in Carbon theme.
* Some added caching in GalleryUrlGenerator.
* Use progress bar when adding items to avoid server or browser timeouts. Particularly helpful when adding many items from local server.
* Restructuring to greatly reduce the number of directories for language files.
* Refactor of translator hints to avoid some processing when translations are not used (en_US).
* Faster plugin and language package downloads.
* Refactor of event system working towards a performance improvement in the next release.
22. New database options.
* Support for SQLite 3.x
* Support for PostgreSQL schemas
23. New install package options.
* English only variants of installation downloads. The minimal is English only. In addition, Typical and Full are available in English language only variants.
* Greatly reduced the number of directories for language files.
24. Upgraded to newer versions of several bundled software packages: YUI! 2.3.1, ADOdb 4.98, Smarty 2.6.20, GetID3 1.7.7, BBCode 0.3.3.
25. Updates to improve compatibility with PHP 5.3.
26. Many bugs fixed.
* Security fix for ASP.NET (XSP / mod_mono) source code disclosure
(CVE-2010-4225)
* Backport ParallelFx improvements from master (jlaval)
* Fix state check for short-circuiting with SupportRecursion in
ReaderWriterLockSlim #655361 (jlaval)
* Increment Count even on single-processor in SpinWait.
Fix#624849. (jlaval)
* Update ThreadLocal to use default(T) for initialization with
parameterless ctor. Fix#658689. (jlaval)
This release has essentially security fixes, covering the following
CVEs:
CVE-2010-4198 CVE-2010-4197 CVE-2010-4204 CVE-2010-4206
CVE-2010-1791 CVE-2010-3812 CVE-2010-3813
(plus 2 patches from upstream which fix crashes)
* tag: Do not include tagbase in rss/atom category tags. (Giuseppe Bilotta)
* tag: Improve display of tags with a slash in their names.
(Giuseppe Bilotta)
* Fix redirect to use a full url. Was broken (in theory) by baseurl
changes in last release.
* Fix `<base>` output by cgi to have a full url again, broken by last
release.
* Fix permalinks to recentchanges items and comments, broken by last
release.
* Export three cgi env vars needed for CGI->url to work. Fixed
openid breakage from last release.
* Removed `IkiWiki::misctemplate()` function. Any plugins using
it should use `IkiWiki::cgitemplate()` instead.
Version 2.9.3 (2011-01-06)
--------------------------
- Fixed: custom templates were not always shown in "override all" mode (#2725)
- Fixed: prevent the X_FORWARDED_FOR header against XSS attacks (#2751)
- Fixed: preserve the selector fields in the personal data module (#2609)
- Fixed: skip mounted folders in the file manager if they do not exist (#2708)
- Fixed: the quick navigation modules failed to work when aliases were
disabled (#2718)
- Fixed some minor issues
Jan 2, 2011 (1.7.1sr1)
------------
This release addresses the following security issue:
Aung Khant of the YGN Ethical Hacker Group reported an XSS in the admin's
configuration panel.
* Better support for serving the same site on multiple urls. (Such as
a http and a https url, or a ipv4 and an ipv6 url.)
(Thanks, smcv)
* API: urlto without a defined second parameter now generates an url
that starts with "/" (when possible; eg when the site's url and cgiurl
are on the same domain).
* Now when users log in via https, ikiwiki sends a secure cookie, that can
only be used over https. If the user switches to using http, they will
need to re-login. (smcv)
* inline: Display feed buttons for nested inlines, linking to the inlined
page's feed. (Giuseppe Bilotta)
* goldtype: New theme, based on blueview, contributed by Lars Wirzenius.
* po: do not override homepage title when it was overridden. (intrigeri)
* Set HTML::Template's parent_global_vars option to allow using parameters
like title_overridden that do not appear on the template. (intrigeri)
(See https://rt.cpan.org/Public/Bug/Display.html?id=64158)
* inline: Force an absolute page location when the inline postform is used.
* editpage, comment: Clean up title when editing or creating a page or
comment.
* teximg: Use `[` and `]` instead of not recommended `$$`. (Paul Menzel)
Closes: #596084
* monotone: Improve version parsing to support patch and development
versions of the monotone binary. (tommyd3mdi)
* highlight: Support highlight 3.2+svn19 (note that released version 3.2
is not supported). Closes: #605779 (David Bremner)
* Add a second parameter to the rcs_diff hook, and avoid bloating memory
reading in enormous commits.
* git: Fix bug involving attempting to web revert a commit that included
changes to attachments.
Updating during the freeze for bugfixes to this leaf package.
