Redis 6.2.0 GA Released Tue Feb 22 14:00:00 IST 2021
================================================================================
Upgrade urgency: SECURITY if you use 32bit build of redis (see bellow), MODERATE
if you used earlier versions of Redis 6.2, LOW otherwise.
Integer overflow on 32-bit systems (CVE-2021-21309):
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk
input size. By default, it is 512MB which is a safe value for all platforms.
If the limit is significantly increased, receiving a large request from a client
may trigger several integer overflow scenarios, which would result with buffer
overflow and heap corruption.
Bug fixes:
* Avoid 32-bit overflows when proto-max-bulk-len is set high
* Fix broken protocol in client tracking tracking-redir-broken message
* Avoid unsafe field name characters in INFO commandstats, errorstats, modules
* XINFO able to access expired keys during CLIENT PAUSE WRITE
* Fix allowed length for REPLCONF ip-address, needed due to Sentinel's support for hostnames
* Fix broken protocol in redis-benchmark when used with -a or --dbnum
* XADD counts deleted records too when considering switching to a new listpack
Bug fixes that are only applicable to previous releases of Redis 6.2:
* Fixes in GEOSEARCH bybox (accuracy and mismatch between width and height)
* Fix risk of OOM panic in HRANDFIELD, ZRANDMEMBER commands with huge negative count
* Fix duplicate replicas issue in Sentinel, needed due to hostname support
* Fix Sentinel configuration rewrite
Command behavior changes:
* SRANDMEMBER uses RESP3 array type instead of set type
* EXPIRE, EXPIREAT, SETEX, GETEX: Return error when provided expire time overflows
Other behavior changes:
* Remove ACL subcommand validation if fully added command exists.
Improvements:
* Optimize sorting in GEORADIUS / GEOSEARCH with COUNT
* Optimize HRANDFIELD and ZRANDMEMBER case 4 when ziplist encoded
* Optimize in-place replacement of elements in HSET, HINCRBY, LSET
* Remove redundant list to store pubsub patterns
* Add --insecure option to command line tools
Info fields and introspection changes:
* Add INFO fields to track progress of BGSAVE, AOFRW, replication
Modules:
* RM_ZsetRem: Delete key if empty, the bug could leave empty zset keys
* RM_HashSet: Add COUNT_ALL flag and set errno
Redis 6.2 RC3 Released Tue Feb 1 14:00:00 IST 2021
================================================================================
Upgrade urgency LOW: This is the third Release Candidate of Redis 6.2.
New commands / args:
* Add HRANDFIELD and ZRANDMEMBER commands
* Add FAILOVER command
* Add GETEX, GETDEL commands
* Add PXAT/EXAT arguments to SET command
* Add SYNC arg to FLUSHALL and FLUSHDB, and ASYNC/SYNC arg to SCRIPT FLUSH
Sentinel:
* Add hostname support to Sentinel
* Prevent file descriptors from leaking into Sentinel scripts
* Fix config file line order dependency and config rewrite sequence
New configuration options:
* Add set-proc-title config option to disable changes to the process title
* Add proc-title-template option to control what's shown in the process title
* Add lazyfree-lazy-user-flush config option to control FLUSHALL, FLUSHDB and SCRIPT FLUSH
Bug fixes:
* AOF: recover from last write error by turning on/off appendonly config
* Exit on fsync error when the AOF fsync policy is 'always'
* Avoid assertions (on older kernels) when testing arm64 CoW bug
* CONFIG REWRITE should honor umask settings
* Fix firstkey,lastkey,step in COMMAND command for some commands
Special considerations:
* Fix misleading description of the save configuration directive
Improvements:
* A way to get RDB file via replication without excessive replication buffers
* Optimize performance of clusterGenNodesDescription for large clusters
Info fields and introspection changes:
* SLOWLOG and LATENCY monitor include unblocking time of blocked commands
Modules:
* Add modules API for streams
* Add event for fork child birth and termination
* Add RM_BlockedClientMeasureTime* etc, to track background processing in commandstats
* Fix bug in v6.2, wrong value passed to the new unlink callback
* Fix bug in v6.2, modules blocked on keys unblock on commands like LPUSH
Redis 6.2 RC2 Released Tue Jan 12 16:17:20 IST 2021
================================================================================
Upgrade urgency LOW: This is the second Release Candidate of Redis 6.2.
IMPORTANT: If you're running Redis on ARM64 or a big-endian system, upgrade may
have significant implications. Please be sure to read the notes below.
New commands / args:
* Add the REV, BYLEX and BYSCORE arguments to ZRANGE, and the ZRANGESTORE command
* Add the XAUTOCLAIM command
* Add the MINID trimming strategy and the LIMIT argument to XADD and XTRIM
* Add the ANY argument to GEOSEARCH and GEORADIUS
* Add the CH, NX, XX arguments to GEOADD
* Add the COUNT argument to LPOP and RPOP
* Add the WRITE argument to CLIENT PAUSE for pausing write commands exclusively
* Change the proto-ver argument of HELLO to optional
* Add the CLIENT TRACKINGINFO subcommand
Command behavior changes:
* CLIENT TRACKING yields an error when given overlapping BCAST prefixes
* SWAPDB invalidates WATCHed keys
* SORT command behaves differently when used on a writable replica
Other behavior changes:
* Avoid propagating MULTI/EXEC for read-only transactions
* Remove the read-only flag from TIME, ECHO, ROLE, LASTSAVE
* Fix the command flags of PFDEBUG
* Tracking clients will no longer receive unnecessary key invalidation messages after FLUSHDB
* Sentinel: Fix missing updates to the config file after SENTINEL SET command
Bug fixes with compatibility implications (bugs introduced in Redis 6.0):
* Fix RDB CRC64 checksum on big-endian systems
If you're using big-endian please consider the compatibility implications with
RESTORE, replication and persistence.
* Fix wrong order of key/value in Lua's map response
If your scripts use redis.setresp() or return a map (new in Redis 6.0), please
consider the implications.
Bug fixes that are only applicable to previous releases of Redis 6.2:
* Resolve rare assertions in active defragmentation while loading
Bug fixes:
* Fix the selection of a random element from large hash tables
* Fix an issue where a forked process deletes the parent's pidfile
* Fix crashes when enabling io-threads-do-reads
* Fix a crash in redis-cli after executing cluster backup
* Fix redis-benchmark to use an IP address for the first cluster node
* Fix saving of strings larger than 2GB into RDB files
Additional improvements:
* Improve replication handshake time
* Release client tracking table memory asynchronously in cases where the DB is also freed asynchronously
* Avoid wasteful transient memory allocation in certain cases
* Handle binary string values by the 'requirepass' and 'masterauth' configs
Platform and deployment-related changes:
* Install redis-check-rdb and redis-check-aof as symlinks to redis-server
* Add a check for an ARM64 Linux kernel bug
Due to the potential severity of this issue, Redis will refuse to run on
affected platforms by default.
Info fields and introspection changes:
* Add the errorstats section to the INFO command
* Add the failed_calls and rejected_calls fields INFO's commandstats section
* Report child copy-on-write metrics continuously
Module API changes:
* Add the RedisModule_SendChildCOWInfo API
* Add the may-replicate command flag
Redis 6.2 RC1 Released Mon Dec 14 11:50:00 IST 2020
================================================================================
Upgrade urgency LOW: This is the first Release Candidate of Redis 6.2.
Introduction to the Redis 6.2 release
=====================================
This release is the first significant Redis release managed by the core team
under the new project governance model.
Redis 6.2 includes many new commands and improvements, but no big features. It
mainly makes Redis more complete and addresses issues that have been requested
by many users frequently or for a long time.
Many of these changes were not eligible for 6.0.x for several reasons:
1. They are not backward compatible, which is always the case with new or
extended commands (that cannot be replicated to an older replica).
2. They require a longer release-candidate test cycle.
New commands / args:
* Add SMISMEMBER command that checks multiple members
* Add ZMSCORE command that returns an array of scores
* Add LMOVE and BLMOVE commands that pop and push arbitrarily
* Add RESET command that resets client connection state
* Add COPY command that copies keys
* Add ZDIFF and ZDIFFSTORE commands
* Add ZINTER and ZUNION commands
* Add GEOSEARCH/GEOSEARCHSTORE commands for bounding box spatial queries
* Add GET parameter to SET command, for more powerful GETSET
* Add exclusive range query to XPENDING
* Add exclusive range query to X[REV]RANGE
* Add GT and LT options to ZADD for conditional score updates
* Add CLIENT INFO and CLIENT LIST for specific ids
* Add IDLE argument to XPENDING command
* Add local address to CLIENT LIST, and a CLIENT KILL filter.
* Add NOMKSTREAM option to XADD command
* Add command introspection to Sentinel
* Add SENTINEL MYID subcommand
New features:
* Dump payload sanitization: prevent corrupt payload causing crashes
Has flags to enable full O(N) validation (disabled by default).
* ACL patterns for Pub/Sub channels
* Support ACL for Sentinel mode
* Support getting configuration from both stdin and file at the same time
Lets you avoid storing secrets on the disk.
New features in CLI tools:
* redis-cli RESP3 push support
* redis-cli cluster import support source and target that require auth
* redis-cli URIs able to provide user name in addition to password
* redis-cli/redis-benchmark allow specifying the prefered ciphers/ciphersuites
* redis-cli add -e option to exit with code when command execution fails
Command behavior changes:
* EXISTS should not alter LRU
In Redis 5.0 and 6.0 it would have touched the LRU/LFU of the key.
* OBJECT should not reveal logically expired keys
Will now behave the same TYPE or any other non-DEBUG command.
* Improve db id range check for SELECT and MOVE
Changes the error message text on a wrong db index.
* Modify AUTH / HELLO error message
Changes the error message text when the user isn't found or is disabled.
* BITOPS length limited to proto_max_bulk_len rather than 512MB
The limit is now configurable like in SETRANGE, and APPEND.
* GEORADIUS[BYMEMBER] can fail with -OOM if Redis is over the memory limit
Other behavior changes:
* Optionally (default) fail to start if requested bind address is not available
If you rely on Redis starting successfully even if one of the bind addresses
is not available, you'll need to tune the new config.
* Limit the main db dictionaries expansion to prevent key eviction
In the past big dictionary rehashing could result in massive data eviction.
Now this rehashing is delayed (up to a limit), which can result in performance
loss due to hash collisions.
* CONFIG REWRITE is atomic and safer, but requires write access to the config file's folder
This change was already present in 6.0.9, but was missing from the release
notes.
* A new incremental eviction mechanism that reduces latency on eviction spikes
In pathological cases this can cause memory to grow uncontrolled and may require
specific tuning.
* Not resetting "save" config when Redis is started with command line arguments.
In case you provide command line arguments without "save" and count on it
being disabled, Now the defaults "save" config will kick in.
* Update memory metrics for INFO during loading
* When "supervised" config is enabled, it takes precedence over "daemonize".
* Assertion and panic, print crash log without generating SIGSEGV
* Added crash log report on SIGABRT, instead of silently exiting
* Disable THP (Transparent Huge Pages) if enabled
If you deliberately enabled it, you'll need to config Redis to keep it.
Bug fixes:
* Handle output buffer limits for module blocked clients
Could result in a module sending reply to a blocked client to go beyond the
limit.
* Fix setproctitle related crashes.
Caused various crashes on startup, mainly on Apple M1 chips or under
instrumentation.
* A module doing RM_Call could cause replicas to get nested MULTI
* Backup/restore cluster mode keys to slots map for repl-diskless-load=swapdb
In cluster mode with repl-diskless-load, when loading failed, slot map
wouldn't have been restored.
* Fix oom-score-adj-values range, and bug when used in config file
Enabling setting this in the config file in a line after enabling it, would
have been buggy.
* Reset average ttl when empty databases
Just causing misleading metric in INFO
* Disable rehash when Redis has child process
This could have caused excessive CoW during BGSAVE, replication or AOFRW.
* Further improved ACL algorithm for picking categories
Output of ACL GETUSER is now more similar to the one provided by ACL SETUSER.
* Fix bug with module GIL being released prematurely
Could in theory (and rarely) cause multi-threaded modules to corrupt memory.
* Fix cluster redirect for module command with no firstkey.
* Reduce effect of client tracking causing feedback loop in key eviction
* Kill disk-based fork child when all replicas drop and 'save' is not enabled
* Rewritten commands (modified for propagation) are logged as their original command
* Fix cluster access to unaligned memory (SIGBUS on old ARM)
* If diskless repl child is killed, make sure to reap the child pid
* Broadcast a PONG message when slot's migration is over, may reduce MOVED responses
Other improvements:
* TLS Support in redis-benchmark
* Accelerate diskless master connections, and general re-connections
* Run active defrag while blocked / loading
* Performance and memory reporting improvement - sds take control of its internal fragmentation
* Speedup cluster failover.
Platform / toolchain support related improvements:
* Optionally (not by default) use H/W Monotonic clock for faster time sampling
* Remove the requirements for C11 and _Atomic supporting compiler
This would allow to more easily build and use Redis on older systems and
compilers again.
* Fix crash log registers output on ARM.
* Raspberry build fix.
* Setting process title support for Haiku.
* DragonFlyBSD RSS memory sampling support.
New configuration options:
* Enable configuring OpenSSL using the standard openssl.cnf
* oom-score-adj-values config can now take absolute values (besides relative ones)
* TLS: Add different client cert support.
* Note that a few other changes listed above added their config options.
Info fields and introspection changes:
* Add INFO fields to track diskless and disk-based replication progress
* Add INFO field for main thread cpu time, and scrape system time.
* Add total_forks to INFO STATS
* Add maxclients and cluster_connections to INFO CLIENTS
* Add tracking bcast flag and client redirection in client list
* Fixed INFO client_recent_max_input_buffer includes argv array
* Note that a few other changes listed above added their info fields.
Module API changes:
* Add CTX_FLAGS_DENY_BLOCKING as a unified the way to know if blocking is allowed
* Add data type callbacks for lazy free effort, and unlink
* Add data type callback for COPY command
* Add callbacks for defrag support.
* Add module event for repl-diskless-load swapdb
Module related fixes:
* Moved RMAPI_FUNC_SUPPORTED so that it's usable
* Improve timer accuracy
* Allow '\0' inside of result of RM_CreateStringPrintf
Changelog:
Bugfixes since 1.4.2
Fixed "-d:fulldebug switch does not compile with gc:arc" (#16214)
Fixed "Strange behavior when calling into Nim" (#16249)
Fixed "VC++ winnt.h fatal error "No Target Architecture" in stdlib_io." (#14259)
Fixed "osLastError may randomly raise defect and crash" (#16359)
Fixed "& shows as & in docs" (#16364)
Fixed "gc:arc - SIGSEGV for rawAlloc on windows" (#16365)
Fixed "generic importc proc's don't work (breaking lots of vmops procs for js)" (#16428)
Fixed "[ARC] Compiler error with a closure proc in a macro " (#15043)
Fixed "genericAssignAux runtime error" (#16706)
Fixed "Concept: codegen ignores parameter passing" (#16897)
Fixed "{.push exportc.} interacts with anonymous functions" (#16967)
Fixed "ARC exports a dangerous 'dispose' proc" (#17003)
Fixed "Cursor inference leading to corrupt memory with a tuple" (#17033)
Fixed "toOpenArray doesn't work in VM; toOpenArray with var openArray doesn't work in nim js" (#15952)
Fixed "memory allocation during {.global.} init breaks GC" (#17085)
Django 2.2.19 fixes a security issue in 2.2.18.
CVE-2021-23336: Web cache poisoning via django.utils.http.limited_parse_qsl()
Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes. A further security fix has been issued recently such that parse_qsl() no longer allows using ; as a query parameter separator by default. Django now includes this fix. See bpo-42967 for further details.
Django 3.1.7 fixes a security issue and a bug in 3.1.6.
CVE-2021-23336: Web cache poisoning via django.utils.http.limited_parse_qsl()
Django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes. A further security fix has been issued recently such that parse_qsl() no longer allows using ; as a query parameter separator by default. Django now includes this fix. See bpo-42967 for further details.
Bugfixes
Fixed a regression in Django 3.1 that caused RuntimeError instead of connection errors when using only the 'postgres' database
The main change is that it builds again.
# New and Noteworthy in OGRE 1.12
This is only a high level overview. For a detailed changes, see the git changelog.
## Core changes
### Component Media files
Previously all of our bundled Media files lived in the `Samples/Media` subdirectory - including the `RTShaderLib`.
However the latter is not a sample, but required to use the RTSS component.
Therefore, we now put media files that are required by a component into `Media/*` and install them independent of the Sample Media.
This allows you to merely reference these locations instead of having to copy them into your project.
Consequently, this allowed us to move various embedded resources to the filesystem for easier editing.
**ACTION REQUIRED** you must add the `Media/ShadowVolume` resource location to use the build-in algorithms.
### NEON intrinsics on all ARM platforms
We converted our SSE based OptimisedMath using SSE2NEON. While the gains are not as substantial as on x86, you can expect an speedup of about 30% for e.g. CPU skeletal animation.
### Automatic Plugin discovery for Windows Debug builds
Ogre now automatically append the `_d` suffix to plugin library names on windows.
Consequently it does not need a `plugins_d.cfg` any more. Therefore you can now use the same config files for release and debug with the same content.
### Separate UV skyboxes removed
Ogre no longer supports `cubic_texture .. separateUV` textures. Previously it was possible to create a "fake" cubic texture unit which would actually contain 6 individual 2d textures. These could be used to render skyboxes. Only skyboxes that is.
For everything else you would need real hardware cubic textures.
Ogre will ignore the `separateUV` part now, and create a real cubic texture anyway.
The advantage is that ogre renders the skybox with only one draw call.
**ACTION REQUIRED** If you use custom shaders on such materials, you will have to update them to cope with real cubic textures.
### RenderSystem - unified API for fixed-function and shaders
The `RenderSystem` API was modernized and streamlined for programmable pipeline usage. Consequently most of the legacy fixed function API calls were removed (e.g. `_setProjectionMatrix`, `_setSurfaceParams`).
Instead these parameters are now passed through the `GpuProgramParameters` structure to the fixed function unifying the API between fixed and programmable pipeline.
RenderSystems supporting `RSC_FIXED_FUNCTION`, now export the respective parameters through `getFixedFunctionParams`.
You can query and modify those and then apply them using `applyFixedFunctionParams`.
If you bypass the SceneManager and use the RenderSystem directly, e.g. `_setProjectionMatrix` becomes
```cpp
auto params = rs->getFixedFunctionParams(TVC_NONE, FOG_NONE);
params->setConstant(8, Matrix4()); // the "magic" 8 is defined in getFixedFunctionParams
rs->applyFixedFunctionParams(params, GPV_GLOBAL);
```
### Improved Profiling
The instrumentation code inside Ogre was improved to be less costy compared to the measured code. At this we also improved the labels to be more readable (camera name vs. "_renderScene") - see [the updated Profiling tutorial](https://codedocs.xyz/OGRECave/ogre/profiler.html#profRead).
Additionally the Profiler class can now use [Remotery](https://github.com/Celtoys/Remotery) as its backend. Again see the tutorial for more details.
### Breaking non-API changes
These changes require unit testing on your side as compilation will succeed, but the rendering result may vary compared to 1.11.
* `fog_override` semantics changed: previously it would only affect fixed function fog and shader autoparams would still get the global scene fog. Now both autparams and fixed function settings are affected.
* `SubMesh::setMaterialName` now immediately queries the `MaterialManager` instead of merely storing the name. This means that if you do not load any `.material` files and do an import/ export cycle of a `.mesh`, the material names will be lost. This is a common use case for offline processing of mesh files. Register a `MeshSerializerListener` to create dummy materials in this case.
* `Ogre::any_cast` now throws a `std::bad_cast` exception instead of a `Ogre::InvalidParametersException` for compatibility with `std::any_cast`. Both derive from `std::exception`, in case you want to preserve legacy compatibility.
* The `OGRE_BUILD_*` defines moved to a separate `OgreComponents.h` header. As those were typically checked with `#ifdef`, these check will silently fail. Migrate to the `Ogre.h` header instead of including headers form OgreMain directly.
* compute shaders are no longer automatically dispatched when the according material is used during rendering. You now have to explicitly reference the respective material in a [*compute* compisitor pass](https://ogrecave.github.io/ogre/api/latest/_compositor-_scripts.html#Compositor-Passes).
## Samples
As a side-effect of the stable media files effort, the Sample media files were refactored as well.
Now all GL rendersystems share a common GLSL shader codebase - likewise the D3D rendersystems and the Cg plugin use the same Cg shaders (which is just HLSL9 really).
Additionally we took advantage of the RTSS improvements and replaced any custom depth shadow code by the unified RTSS solution.
## Bites
The `ApplicationContext` class was split into `ApplicationContextBase` and `ApplicationContextSDL`. This allows additional implementations (like Qt) and eases consumption in projects that do not use SDL.
## Real Time Shader System 3.0
The RTSS API was overhauled and is now more flexible and easy to use. You can now directly acquire shaders for an arbitrary Pass using `TargetRenderState` - without having to go through any Viewport Scheme juggling. This means that `TargetRenderState` can now replace any ad-hoc shader generator that you might have in place to leverage the Ogre maintained RTSS shader snippets.
The RTSS now defaults to Per-Pixel lighting, consequently making it the default for GL3+/ GLES2 and D3D11.
### Depth Shadowmap Support
The PSSM3 shadow stage now supports hardware PCF and automatically uses it if your shadow textures are compatible (i.e. of type `PF_DEPTH`).
Furthermore you can now use it generally for depth based textures by not calling `setSplitPoints` - it will use only the first depth shadow texture then.
### Merged Lighting calculations
The Fixed Function, Per-Pixel and Normal map sub-render states now all share the same shader code.
**ACTION REQUIRED** you must update your `RTShaderLib` for the 1.12 shaders.
## Terrain
To allow usage `PF_DEPTH` shadow textures, the "linear" depth code was dropped from the `SM2Profile`.
Where previously you were expected to write an interpolated value of `(gl_Position.z - depthRange.x) * depthRange.w` in the fragment shader, it is now enough to just write `gl_FragCoord.z`.
This enables early-z optimizations by the hardware and generally eases the workflow.
Refer to the Terrain Sample for the updated depth shadow scene setup.
Furthermore it is now possible to load legacy 1.7 style Terrains (aka "terrain.cfg") using `TerrainGroup::loadLegacyTerrain`.
**ACTION REQUIRED** you have to add the `Media/Terrain` resource location to use the SM2Profile Shader Generator.
## D3D9 RenderSystem
Direct3D9 feature level 9.1 is now required.
## GL/ GLES2/ GL3+
`#include` directives in GLSL shaders are now resolved by OGRE. The lookup is performed by filename using the Resource System. (based on the existing code of the Cg plugin)
Monolithic shaders are used instead of separable shader objects (SSO) by default again due to better performance and better driver support.
Changes: builds again;
August 22nd 2020 ivtools-2.0.3
* add Golang style "%v" format descriptor to comterp print func.
July 5th 2020 ivtools-2.0.2
* Change priority of "$$" (stream) operator to line up with other stream operators (i.e. ".." and "**").
June 30th 2020 ivtools-2.0.1
* Fix nested user defined funcs in comterp (the func() command).
* Change isalpha(), isdigit(), and isspace() funcs to return 0 or 1
(instead of the bitmask which is returned for C).
* Add comterp_run utility script for hands-free launching of comterp scripts.
Write scripts with this header:
#! /usr/bin/env comterp_run
* Add csvfilt comterp script as an example of using comterp_run.
After installing both try "csvfilt --help".
June 21st 2020 ivtools-2.0.0
Non-backward compatible changes from ivtools-1.2.11:
* Swap "$$" and "$" operators in comterp. The "$$" operator is now stream() (which matches
the other double-character stream operators - "..", "**", and ",,") and "$" is now list().
* Reverse the priority of ".." (iterate()) and "**" (repeat()), giving ".." precedence over "**".
The reason is because ".." is more complex than "**", like multiplication is more complex than
addition.
* Remove symmax() and symcnt() commands because they were redundant with symid() which accepts
:max and :cnt keywords.
Other changes;
* remove patches directory, sourceforge102203.xml, aclocal.m4, README.cygwin, README.ivmkcm, and comtop.tgz
* migrated all CHANGES-* files to a CHANGES directory
3.0.3 (2020-12-28)
------------------
* Fixed a bug in Channels 3.0 where the legacy ``channels.http.AsgiHandler``
would not correctly isolate per-request scopes.
This is a security release for CVE-2020-35681. Please see the `Version 3.0.3
release notes
<https://channels.readthedocs.io/en/latest/releases/3.0.3.html>`_ for full
details.
3.0.2 (2020-11-9)
-----------------
* Fixes a bug in Channels 3.0 where ``StaticFilesWrapper`` was not updated to
the ASGI 3 single-callable interface.
* Users of the ``runworker`` command should ensure to update ``asgiref`` to
version 3.3.1 or later.
3.0.1 (2020-11-4)
-----------------
* Fixes a bug in Channels 3.0 where ``SessionMiddleware`` would not correctly
isolate per-instance scopes.
3.0.0 (2020-10-30)
------------------
Updated to ASGI v3, and added support for Django 3.0+.
This is a major version change requiring updates to consumers and middleware.
Please see the full `Version 3.0.0 release notes
<https://channels.readthedocs.io/en/latest/releases/3.0.0.html>`_ for details.
3.0.1 (2020-11-12)
* Fixed a bug where ``asyncio.CancelledError`` was not correctly handled on
Python 3.8+, resulting in incorrect protocol application cleanup.
3.0.0 (2020-10-28)
* Updates internals to use ASGI v3 throughout. ``asgiref.compatibility`` is
used for older applications.
* Consequently, the `--asgi-protocol` command-line option is removed.
* HTTP request bodies are now read, and passed to the application, in chunks.
* Added support for Python 3.9.
* Dropped support for Python 3.5.
What's New in Pylint 2.7.2?
* Fix False Positive on `Enum.__members__.items()`, `Enum.__members__.values`, and `Enum.__members__.keys`
* Properly strip dangerous sys.path entries (not just the first one)
What's New in astroid 2.5.1?
* The ``context.path`` is reverted to a set because otherwise it leads to false positives
for non `numpy` functions.
* Don't transform dataclass ClassVars
* Improve typing.TypedDict inference
* Fix the `Duplicates found in MROs` false positive.
this has been broken in all platforms' bulk builds for quite some time.
there is a much newer version being worked on in wip, but for now it is
probably best to start by installing lang/rakudo.
This is an update from the 3.10 LTR to the newly-designated 3.16 LTR.
Besides hand-re-applying patches, and believing the new PLIST, the
only change is a new dependency on protobuf.
Upstream NEWS
# 3.16
This release brings a wealth of new options for 3D mapping, mesh
generation from other data types, additional spatial analysis tools,
symbology and user interface enhancements to name but a few! A host of
tools have been incorporated into the ever-expanding processing
framework, and the QGIS browser now supports advanced database
interaction functionality that was previously reserved for the DB
Manager plugin.
https://www.qgis.org/en/site/forusers/visualchangelog316/index.html
# 3.14
Some of the marquee features include vector tile support, huge
advances in mdal / mesh support, native support for temporal data in
WMS-T, PG Raster, vector providers, and mesh layers. Users focussed on
cartography and digitising haven’t been left out either, with many new
options for you!
https://www.qgis.org/en/site/forusers/visualchangelog314/index.html
# What's new in Version 3.12 'București'?
This release has following new features:
- User Interface: Deselecting tables when adding PostgreSQL data after add button is clicked.
- Symbology: Vector Trace Animation and Streamlines for Mesh Layer
- Rendering: Play/Stop Buttons for Mesh Layer Playback
- Rendering: On the Fly Resampling of Data Defined on Faces to Vertices (Mesh Layer)
- Rendering: Support for Mesh Reference Time
- 3D Features: 3D Mesh Layer Terrain Renderer
- 3D Features: Harmonize 3D map view widget with 2D ones to display the map theme drop-down menu
- Expressions: Search Tags for Functions
- Expressions: List Referenced Layer Values
- Expressions: New functions to check if a geometry is empty or null
- Expressions: Hash expressions
- Digitizing: Edit Invalid Attributes on Copy/Paste to Another Layer
- Digitizing: Snapping cache parallelization
- Data Management: DXF Export Improvements
- Forms and Widgets: Create geometric feature from the relation editor
- Forms and Widgets: Improve feature selection dialog
- Analysis Tools: Smooth Export of the Contours from Mesh Layer
- Analysis Tools: Support of Datasets Defined on Faces in QGIS Mesh Calculator
- Processing: Package new layers to existing GeoPackage
- Browser: Customization of the items shown in browser
- Data Providers: Changed WMTS layer collection icon
- Data Providers: Added Metadata URL property in the layer metadata tab for WMS / WMTS and WCS services
- Data Providers: Fetch and show dimensions metadata for a WMS layer metadata
- Data Providers: Added refresh action to OGC services entries
- Data Providers: 3d Stacked Meshes
- Data Providers: Oracle curve type edition support
- Programmability: Exposes shape digitizing methods to QgisInterface
- Notable Fixes: Bug fixes by Stephen Knox
https://www.qgis.org/en/site/forusers/visualchangelog312/index.html
0.17.0
Added
Add httpx.MockTransport(), allowing to mock out a transport using pre-determined responses.
Add httpx.HTTPTransport() and httpx.AsyncHTTPTransport() default transports.
Add mount API support, using httpx.Client(mounts=...).
Add chunk_size parameter to iter_raw(), iter_bytes(), iter_text().
Add keepalive_expiry parameter to httpx.Limits() configuration.
Add repr to httpx.Cookies to display available cookies.
Add support for params=<tuple> (previously only params=<list> was supported).
Fixed
Add missing raw_path to ASGI scope.
Tweak create_ssl_context defaults to use trust_env=True.
Properly URL-escape WSGI PATH_INFO.
Properly set default ports in WSGI transport.
Properly encode slashes when using base_url.
Properly map exceptions in request.aclose().
0.15.2
Backwards Compatibility Notes
ZstdCompressor.multi_compress_to_buffer() and
ZstdDecompressor.multi_decompress_to_buffer() are no longer
available when linking against a system zstd library. These
experimental features are only available when building against the
bundled single file zstd C source file distribution.
Changes
setup.py now recognizes a ZSTD_EXTRA_COMPILER_ARGS
environment variable to specify additional compiler arguments
to use when compiling the C backend.
PyPy build and test coverage has been added to CI.
Added CI jobs for building against external zstd library.
Wheels supporting macOS ARM/M1 devices are now being produced.
References to Python 2 have been removed from the in-repo Debian packaging
code.
Significant work has been made on a Rust backend. It is currently feature
complete but not yet optimized. We are not yet shipping the backend as part
of the distributed wheels until it is more mature.
The .pyi type annotations file has replaced various default argument
values with ....
0.103.1 (2021-01-31)
ClamAV 0.103.1 is a patch release with the following fixes and improvements.
Notable changes
* Added a new scan option to alert on broken media (graphics) file formats.
This feature mitigates the risk of malformed media files intended to
exploit vulnerabilities in other software. At present media validation
exists for JPEG, TIFF, PNG, and GIF files. To enable this feature, set
AlertBrokenMedia yes in clamd.conf, or use the --alert-broken-media option
when using clamscan. These options are disabled by default in this patch
release, but may be enabled in a subsequent release. Application
developers may enable this scan option by enabling
CL_SCAN_HEURISTIC_BROKEN_MEDIA for the heuristic scan option bit field.
* Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing behavior.
BMP and JPEG 2000 files will continue to detect as CL_TYPE_GRAPHICS
because ClamAV does not yet have BMP or JPEG 2000 format checking
capabilities.
Bug fixes
* Fixed PNG parser logic bugs that caused an excess of parsing errors and
fixed a stack exhaustion issue affecting some systems when scanning PNG
files. PNG file type detection was disabled via signature database update
for ClamAV version 0.103.0 to mitigate the effects from these bugs.
* Fixed an issue where PNG and GIF files no longer work with Target:5
graphics signatures if detected as CL_TYPE_PNG/GIF rather than as
CL_TYPE_GRAPHICS. Target types now support up to 10 possible file types
to make way for additional graphics types in future releases.
* Fixed clamonacc's --fdpass option.
* File descriptor passing (or "fd-passing") is a mechanism by which
clamonacc and clamdscan may transfer an open file to clamd to scan, even
if clamd is running as a non-privileged user and wouldn't otherwise have
read-access to the file. This enables clamd to scan all files without
having to run clamd as root. If possible, clamd should never be run as
root so as to mitigate the risk in case clamd is somehow compromised while
scanning malware.
* Interprocess file descriptor passing for clamonacc was broken since
version 0.102.0 due to a bug introduced by the switch to curl for
communicating with clamd. On Linux, passing file descriptors from one
process to another is handled by the kernel, so we reverted clamonacc to
use standard system calls for socket communication when fd passing is
enabled.
* Fixed a clamonacc stack corruption issue on some systems when using an
older version of libcurl. Patch courtesy of Emilio Pozuelo Monfort.
* Allow clamscan and clamdscan scans to proceed even if the realpath lookup
failed. This alleviates an issue on Windows scanning files hosted on
file- systems that do not support the GetMappedFileNameW() API such as on
ImDisk RAM-disks.
* Fixed freshclam --on-update-execute=EXIT_1 temporary directory cleanup
issue.
* clamd's log output and VirusEvent now provide the scan target's file path
instead of a file descriptor. The clamd socket API for submitting a scan
by FD-passing doesn't include a file path, this feature works by looking
up the file path by file descriptor. This feature works on Mac and Linux
but is not yet implemented for other UNIX operating systems. FD-passing
is not available for Windows.
* Fixed an issue where freshclam database validation didn't work correctly
when run in daemon mode on Linux/Unix.
Other improvements
* Scanning JPEG, TIFF, PNG, and GIF files will no longer return "parse"
errors when file format validation fails. Instead, the scan will alert
with the "Heuristics.Broken.Media" signature prefix and a descriptive
suffix to indicate the issue, provided that the "alert broken media"
feature is enabled.
* GIF format validation will no longer fail if the GIF image is missing the
trailer byte, as this appears to be a relatively common issue in otherwise
functional GIF files.
* Added a TIFF dynamic configuration (DCONF) option, which was missing.
This will allow us to disable TIFF format validation via signature
database update in the event that it proves to be problematic. This
feature already exists for many other file types.
Acknowledgements
The ClamAV team thanks the following individuals for their code submissions:
Emilio Pozuelo Monfort
pkgsrc change: use standard PECL site as MASTER_SITES.
Mon, Feb 22, 2021 - Xdebug 3.0.3
Fixed bugs:
- Fixed issue #1930: No local variables with trigger and xdebug_break()
- Fixed issue #1931: xdebug_info() output misses configuration
settings if phpinfo() has been called
- Fixed issue #1932: One line in multi-line string concatenation is
not covered
- Fixed issue #1940: Wrong type used for showing GC Stats reports
