Contao Manager
Contao Manager is a tool for the Contao Managed Edition. It fetch,
install and mange Contao Open Source CMS with Web GUI.
For more information, please refer Installation guide for Contao:
https://to.contao.org/quickstart
4.17.0 (2024-01-22)
* Logger defaults output to stderr instead of stdout
* Fully support Chrome 120+ old headless mode (#13271)
* Add ruby to Selenium Manager input for tracking (see #13288)
* Define default command_list (fixes#13307)
* Fix issues with incorrectly named edge browser
* Check for whether driver supports full page screenshots to error (#12799)
* Add CDP for Chrome 121 and remove 118
6.4.1 (2024-01-03)
Bugfixes
* DSL#warn_if_in_single_mode - fixup when workers set via CLI (#3256)
* Fix idle-timeout not working in cluster mode (#3235, #3228, #3282, #3283)
* Fix worker 0 timing out during phased restart (#3225, #2786)
* context_builder.rb - require openssl if verify_mode != 'none' (#3179)
* Make puma cluster process suitable as PID 1 (#3255)
* Improve Puma::NullIO consistency with real IO (#3276)
* extconf.rb - fixup to detect openssl info in Ruby build (#3271, #3266)
* MiniSSL.java - set serialVersionUID, fix RaiseException deprecation
(#3270)
* dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set (#3265,
#3264)
Maintenance
* LOTS of test refactoring to make tests more stable and easier to write -
thanks to @MSP-Greg!
* Fix bug in tests re: TestPuma::HOST4 (#3254)
* Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed
(#3245)
* fix define_method calls, use Symbol parameter instead of String (#3293)
6.4.2 (2024-01-08)
Security
* Limit the size of chunk extensions. Without this limit, an attacker could
cause unbounded resource (CPU, network bandwidth) consumption.
(GHSA-c2f4-cvqm-65w2)
3.1.0 Latest (2024-01-09)
What's Changed
* Adds Ruby 3.2 to CI by @petergoldstein in #30
* Add net-http dependency to gemspec. by @simi in #31
* CI: Use Ruby 3.3 for linting by @olleolleolle in #35
* CI: Tell dependabot to update GH Actions by @olleolleolle in #34
* Bump actions/checkout from 3 to 4 by @dependabot in #36
New Contributors
* @simi made their first contribution in #31
* @dependabot made their first contribution in #36
2.8.0 (2023-12-20)
What's Changed
New features
* Configurable JSON encoders and decoders by @ne006 in #1539
Misc/Docs
* Update testing.md by @geemus in #1535
* Lint by @olleolleolle in #1536
* CI: tell dependabot to update GH Actions by @olleolleolle in #1537
* Bump actions/checkout from 3 to 4 by @dependabot in #1538
New Contributors
* @geemus made their first contribution in #1535
* @dependabot made their first contribution in #1538
* @ne006 made their first contribution in #1539
2.8.1 (2023-12-21)
What's Changed
* Fix: Add back support for Hash#pretty_inspect by @olleolleolle in #1540
2.9.0 (2024-01-09)
What's Changed
NOTE: This release removes support for Ruby 2.6 and 2.7, making Ruby 3.0 the
minimum version.
* Remove runtime dependency on base64 by @Earlopain in #1541
* Make Ruby 3.0 the min version by @iMacTia in #1544
* Bump faraday-net_http version to allow 3.1 by @iMacTia in #1546
New Contributors
* @Earlopain made their first contribution in #1541
Note: repository in GitHub became read-only (archieved).
0.3.4 (2024-01-05)
* Update to required Regexp syntax for ruby 3.3.0.
Also correct deprecation warnings in specs.
3.40.0 (2024-01-26)
Changned
* Dropped support for Ruby 2.7, 3.0+ is now required
* Dropped support for Selenium < 4.8
* Use the new headless option on chromedriver with registered selenium
driver [Neil Carvalho]
Added
* Capybara::Result#to_ary to support multiple assignment [Sean Doyle]
* has_element? and related matchers [Sean Doyle]
* Rack 3 support
Fixed
* Forward save_screenshot options to selenium - Issue 2738
* Rack test - don't auto submit forms with multiple inputs [Mitchell Henke]
* Table row selector matches cell values in order - Issue 2686 [Jeff Parr]
* Table row selector fixes for first column - Issue 2685 [Jeff Par]
3.191.0 (2024-01-26)
* Feature - Updated Aws::STS::Client with the latest API changes.
* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
* Feature - Updated Aws::SSO::Client with the latest API changes.
* Feature - Add RBS signature files to support static type checking.
3.190.3 (2024-01-16)
* Issue - Add mutex around accessing stub api_requests.
3.190.2 (2024-01-09)
* Issue - Minor performance optimization.
1.887.0 (2024-02-02)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.886.0 (2024-02-01)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.885.0 (2024-01-31)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.884.0 (2024-01-29)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.883.0 (2024-01-19)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.882.0 (2024-01-18)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.881.0 (2024-01-16)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.880.0 (2024-01-12)
* Feature - Added support for enumerating regions for Aws::SupplyChain.
1.879.0 (2024-01-11)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.878.0 (2024-01-10)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
changes include:
o add some more default mime types.
o fix memory leaks. from shm.
o fix reading 2 bytes beyond '%', possibly not mapped. from shm.
o support openssl 3. from christos.
o add -q option to not log. from martin.
o fix default return value of bozo_set_defaults(), PR#54785.
o remove obsolete .bzdirect handling.
o new "-m tlsversion" option to set the minimum TLS version
available. partially from <sunil@nimmagadda.net>.
o extend the list of available ciphers to include most of the
openssl "HIGH" with some additional disables. retain the current
list of bad options. should deal with PR#51278.
v4.8.0 (2024-01-30)
Improvements
* Add `pytest.asserts.assertMessages()` to mimic the behaviour of the
``django.contrib.messages.test.MessagesTestMixin.assertMessages`` function
for Django versions >= 5.0.
Bugfixes
* Fix `--help`/`--version` crash in a partially configured app.
2.1.0
- Add support for Python 3.7 to 3.12, end support for older Python versions
- Context.set() now works as a context manager
- Fix binary of swedish translation
- Some internal code cleanup and modernization
0.60.1 (2024-01-15)
*******************
Fixes
-----
- User sessions: after changing your password in case of ``ACCOUNT_LOGOUT_ON_PASSWORD_CHANGE = False``, the list of
sessions woud be empty instead of showing your current session.
- SAML: accessing the SLS/ACS views using a GET request would result in a crash (500).
- SAML: the login view did not obey the ``SOCIALACCOUNT_LOGIN_ON_GET = False`` setting.
0.60.0 (2024-01-05)
*******************
Note worthy changes
-------------------
- Google One Tap Sign-In is now supported.
- You can now more easily change the URL to redirect to after a successful password
change/set via the newly introduced ``get_password_change_redirect_url()``
adapter method.
- You can now configure the primary key of all models by configuring
``ALLAUTH_DEFAULT_AUTO_FIELD``, for example to:
``"hashid_field.HashidAutoField"``.
Backwards incompatible changes
------------------------------
- You can now specify the URL path prefix that is used for all OpenID Connect
providers using ``SOCIALACCOUNT_OPENID_CONNECT_URL_PREFIX``. By default, it is
set to ``"oidc"``, meaning, an OpenID Connect provider with provider ID
``foo`` uses ``/accounts/oidc/foo/login/`` as its login URL. Set it to empty
(``""``) to keep the previous URL structure (``/accounts/foo/login/``).
- The SAML default attribute mapping for ``uid`` has been changed to only
include ``urn:oasis:names:tc:SAML:attribute:subject-id``. If the SAML response
does not contain that, it will fallback to use ``NameID``.
Changelog:
115.7.0:
Mozilla Foundation Security Advisory 2024-02
#CVE-2024-0741: Out of bounds write in ANGLE
#CVE-2024-0742: Failure to update user input timestamp
#CVE-2024-0746: Crash when listing printers on Linux
#CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline
was set
#CVE-2024-0749: Phishing site popup could show local origin in address bar
#CVE-2024-0750: Potential permissions request bypass via clickjacking
#CVE-2024-0751: Privilege escalation through devtools
#CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
#CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and
Thunderbird 115.7
CHangelog:
122.0:
New
* Firefox now displays images and descriptions for search suggestions when
provided by the search engine.
* The translations feature received an improvement in the quality of
translated webpages. The results should be much more stable. This fixes
issues where the content of a page could disappear when translated, or
interactive widgets could break.
* Firefox now supports creating and using passkeys stored in the iCloud
Keychain on macOS.
* MDN Web Docs article suggestions from Firefox Suggest will be available in
the address bar for users searching for web development-related
information.
* The line breaking rules of Web content now match the Unicode Standard. This
improves Web Browser compatibility for line breaking. An additional
improvement for East Asian and South East Asian end users, Firefox now
supports proper language-aware word selection when double-clicking on text
for languages including Chinese, Japanese, Burmese, Lao, Khmer, and Thai.
* Firefox now ships with a new .deb package for Linux users on Ubuntu,
Debian, and Linux Mint.
Fixed
* Various security fixes.
Security fixes:
Mozilla Foundation Security Advisory 2024-01
#CVE-2024-0741: Out of bounds write in ANGLE
#CVE-2024-0742: Failure to update user input timestamp
#CVE-2024-0743: Crash in NSS TLS method
#CVE-2024-0744: Wild pointer dereference in JavaScript
#CVE-2024-0745: Stack buffer overflow in WebAudio
#CVE-2024-0746: Crash when listing printers on Linux
#CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline
was set
#CVE-2024-0748: Compromised content process could modify document URI
#CVE-2024-0749: Phishing site popup could show local origin in address bar
#CVE-2024-0750: Potential permissions request bypass via clickjacking
#CVE-2024-0751: Privilege escalation through devtools
#CVE-2024-0752: Use-after-free could occur when applying update on macOS
#CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
#CVE-2024-0754: Crash when using some WASM files in devtools
#CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and
Thunderbird 115.7
This release includes the following changes:
o add CURLE_TOO_LARGE [48]
o add CURLINFO_QUEUE_TIME_T [76]
o add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add [39]
o asyn-thread: use GetAddrInfoExW on >= Windows 8 [55]
o configure: make libpsl detection failure cause error [109]
o docs/cmdline: change to .md for cmdline docs [77]
o docs: introduce "curldown" for libcurl man page format [102]
o runtests: support -gl. Like -g but for lldb. [47]
This release includes the following bugfixes:
o altsvc: free 'as' when returning error [23]
o appveyor: replace PowerShell with bash + parallel autotools [54]
o appveyor: switch to out-of-tree builds [29]
o asyn-ares: with modern c-ares, use its default timeout [127]
o build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` [4]
o build: delete/replace clang warning pragmas [111]
o build: enable missing OpenSSF-recommended warnings, with fixes [11]
o build: fix `-Wconversion`/`-Wsign-conversion` warnings [26]
o build: fix Windows ADDRESS_FAMILY detection [35]
o build: more `-Wformat` fixes [40]
o build: remove redundant `CURL_PULL_*` settings [8]
o cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper [133]
o cf-socket: show errno in tcpkeepalive error messages [120]
o CI/distcheck: run full tests [31]
o cmake: add option to disable building docs
o cmake: fix generation for system name iOS [53]
o cmake: fix typo [5]
o cmake: freshen up docs/INSTALL.cmake [101]
o cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` [45]
o cmake: rework options to enable curl and libcurl docs [161]
o cmake: when USE_MANUAL=YES, build the curl.1 man page [113]
o cmdline-opts/write-out.d: remove spurious double quotes
o cmdline-opts: update availability for the *-ca-native options [66]
o cmdline/gen: fix the sorting of the man page options [33]
o configure: add libngtcp2_crypto_boringssl detection [155]
o configure: fix no default int compile error in ipv6 detection [69]
o configure: when enabling QUIC, check that TLS supports QUIC [87]
o connect: remove margin from eyeballer alloc [79]
o content_encoding: change return code to typedef'ed enum [94]
o cookie.d: document use of empty string to enable cookie engine [106]
o cookie: avoid fopen with empty file name [24]
o curl.h: CURLOPT_DNS_SERVERS is only available with c-ares [131]
o curl: show ipfs and ipns as supported "protocols" [15]
o curl_easy_getinfo.3: remove the wrong time value count [116]
o curl_multi_fdset.3: remove mention of null pointer support [134]
o CURLINFO_REFERER.3: clarify that it is the *request* header [70]
o CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER
o CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example [27]
o CURLOPT_SSH_*_KEYFILE: clarify [57]
o dist: add tests/errorcodes.pl to the tarball [6]
o docs: clean up Protocols: for cmdline options [32]
o docs: describe and highlight super cookies [80]
o docs: do not start lines/sentences with So, But nor And [140]
o docs: install curl.1 with cmake [166]
o docs: mention env vars not used by schannel [124]
o doh: remove unused local variable [34]
o examples: add four new examples [99]
o file+ftp: use stack buffers instead of data->state.buffer [138]
o ftp: handle the PORT parsing without allocation [44]
o ftp: use dynbuf to store entrypath [83]
o ftp: use memdup0 to store the OS from a SYST 215 response [82]
o ftpserver.pl: send 213 SIZE response without spurious newline
o gen.pl: support ## for doing .IP in table-like lists [105]
o gen: do italics/bold for a range of letters, not just single word [78]
o GHA: add a job scanning for "bad words" in markdown [164]
o GHA: bump ngtcp2, gnutls, mod_h2, quiche [158]
o gnutls: fix build with --disable-verbose [3]
o haproxy-clientip.d: document the arg [68]
o headers: make sure the trailing newline is not stored [97]
o headers: remove assert from Curl_headers_push [115]
o hostip: return error immediately when Curl_ip2addr() fails [19]
o hsts: remove assert for zero length domain [96]
o http2: improved on_stream_close/data_done handling [49]
o http3/quiche: fix result code on a stream reset [91]
o http3: initial support for OpenSSL 3.2 QUIC stack [110]
o http: adjust_pollset fix [85]
o http: check for "Host:" case insensitively [154]
o http: fix off-by-one error in request method length check [14]
o http: only act on 101 responses when they are HTTP/1.1 [98]
o http: remove comment reference to a removed solution [156]
o http: use stack scratch buffer [150]
o http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT [90]
o krb5: add prototype to silence clang warnings on mvsnprintf() [119]
o lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT [62]
o lib: error out on multissl + http3 [13]
o lib: fix variable undeclared error caused by `infof` changes [2]
o lib: reduce use of strncpy [30]
o lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding [36]
o lib: replace readwrite with write_resp [137]
o lib: strndup/memdup instead of malloc, memcpy and null-terminate [42]
o libssh2: use `libssh2_session_callback_set2()` with v1.11.1 [103]
o libssh: improve the deprecation warning dismissal [20]
o libssh: supress warnings without version check [18]
o Makefile.am: fix the MSVC project generation [22]
o Makefile.mk: drop Windows support [12]
o mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` [117]
o mbedtls: free the entropy when threaded [46]
o mime: use memdup0 instead of malloc + memcpy [63]
o mksymbolsmanpage.pl: provide references to where the symbol is used
o mprintf: overhaul and bugfixes [52]
o mqtt: use stack scratch buffer for recv+publish [148]
o multi: remove total timer reset in file_do() while fetching file:// [89]
o ngtcp2: put h3 at the front of alpn [58]
o ntlm_wb: do not use data->state.buffer any longer [151]
o openldap: fix an LDAP crash [75]
o openldap: fix STARTTLS [67]
o openssl: re-match LibreSSL deinit with init [17]
o openssl: when verifystatus fails, remove session id from cache [100]
o OS400: sync ILE/RPG binding [114]
o pingpong: stop using the download buffer [159]
o pop3: replace calloc + memcpy with memdup0 [60]
o pytest: scorecard tracking CPU and RSS [157]
o quiche: return CURLE_HTTP3 on send to invalid stream [65]
o readwrite_data: loop less [21]
o Revert "urldata: move async resolver state from easy handle to connectdata" [16]
o rtsp: deal with borked server responses [129]
o runtests: for mode="text" on <stdout>, fix newlines on both parts [64]
o sasl: make login option string override http auth [142]
o schannel: fix `-Warith-conversion` gcc 13 warning [28]
o sectransp: do verify_cert without memdup for blobs [93]
o sectransp_ make TLSCipherNameForNumber() available in non-verbose config [1]
o sendf: fix compiler warning with CURL_DISABLE_HEADERS_API [38]
o setopt: clear mimepost when formp is freed [92]
o setopt: use memdup0 when cloning COPYPOSTFIELDS [107]
o socks: fix generic output string to say SOCKS instead of SOCKS4 [144]
o socks: use own buffer instead of data->state.buffer [143]
o ssh: fix namespace of two local macros [51]
o ssh: use stack scratch buffer for seeks [146]
o strerror: repair get_winsock_error() [56]
o system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers [9]
o system_win32: fix a function pointer assignment warning [71]
o telnet: use dynbuf instad of malloc for escape buffer [108]
o telnet: use stack scratch buffer for do [149]
o tests/server: delete workaround for old-mingw [25]
o tests: avoid int/size_t conversion size/sign warnings [163]
o tests: respect $TMPDIR when creating unix domain sockets [50]
o tool: make parser reject blank arguments if not supported [86]
o tool: prepend output_dir in header callback [95]
o tool_getparam: bsearch cmdline options [74]
o tool_getparam: do not try to expand without an argument [59]
o tool_getparam: stop supporting `@filename` style for --cookie [121]
o tool_listhelp: regenerate after recent .d updates [61]
o tool_operate: make --remove-on-error only remove "real" files [125]
o tool_operate: stop setting the file comment on Amiga [128]
o transfer: adjust_pollset improvements [81]
o transfer: fix upload rate limiting, add test cases [37]
o transfer: make the select_bits_paused condition check both directions [104]
o transfer: remove warning: Value stored to 'blen' is never read [136]
o url: don't set default CA paths for Secure Transport backend [126]
o url: for disabled protocols, mention if found in redirect [7]
o urlapi: remove assert [162]
o verify-examples.pl: fail verification on unescaped backslash [72]
o version: show only the libpsl version, not its dependencies [130]
o vquic: extract TLS setup into own source [88]
o vtls: fix missing multissl version info [73]
o vtls: receive max buffer [139]
o vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY [41]
o websockets: check for negative payload lengths [123]
o websockets: refactor decode chain [122]
o windows: delete redundant headers [43]
o windows: simplify detecting and using system headers [10]
o wolfssl: load certificate *chain* for PEM client certs [84]
o x509asn1: remove code for WANT_VERIFYHOST [132]
o x509asn1: switch from malloc to dynbuf [112]
2.2.0 (2024-01-30)
- Added support for `Emscripten and Pyodide <https://urllib3.readthedocs.io/en/latest/reference/contrib/emscripten.html>`__, including streaming support in cross-origin isolated browser environments where threading is enabled.
- Added support for ``HTTPResponse.read1()`` method.
- Added rudimentary support for HTTP/2.
- Fixed issue where requests against urls with trailing dots were failing due to SSL errors
when using proxy.
- Fixed ``HTTPConnection.proxy_is_verified`` and ``HTTPSConnection.proxy_is_verified``
to be always set to a boolean after connecting to a proxy. It could be
``None`` in some cases previously.
- Fixed an issue where ``headers`` passed in a request with ``json=`` would be mutated
- Fixed ``HTTPSConnection.is_verified`` to be set to ``False`` when connecting
from a HTTPS proxy to an HTTP target. It was set to ``True`` previously.
- Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS
- Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled
- Note for downstream distributors: To run integration tests, you now need to run the tests a second
time with the ``--integration`` pytest flag.
3.9.3 (2024-01-29)
Bug fixes
- Fixed backwards compatibility breakage (in 3.9.2) of ``ssl`` parameter when set outside
of ``ClientSession`` (e.g. directly in ``TCPConnector``)
[0.21.0] - 2024-01-28
Features
- Display remote address in metadata when -vv or --meta flag is used,
see #348 (@zuisong)
Other
- Default XH_CONFIG_DIR to ~/.config/xh in macOS, see #353 (@ducaale)
3.9.2 (2024-01-28)
Bug fixes
- Fixed server-side websocket connection leak.
- Fixed ``web.FileResponse`` doing blocking I/O in the event loop.
- Fixed double compress when compression enabled and compressed file exists in server file responses.
- Added runtime type check for ``ClientSession`` ``timeout`` parameter.
- Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon
Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected.
Invalid header field names containing question mark or slash are now rejected.
Such requests are incompatible with :rfc:`9110#section-5.6.2` and are not known to be of any legitimate use.
- Improved validation of paths for static resources requests to the server
Features
- Added support for passing :py:data:`True` to ``ssl`` parameter in ``ClientSession`` while
deprecating :py:data:`None`
Breaking changes
- Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon
Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected.
Invalid header field names containing question mark or slash are now rejected.
Such requests are incompatible with :rfc:`9110#section-5.6.2` and are not known to be of any legitimate use.
Improved documentation
- Fixed examples of ``fallback_charset_resolver`` function in the :doc:`client_advanced` document.
- The Sphinx setup was updated to avoid showing the empty
changelog draft section in the tagged release documentation
builds on Read The Docs
* v1.0.2.2:
* Added new settings to ``UserManager`` which can be used to customize page
footers: ``USER_APP_VERSION``, ``USER_CORPORATION_NAME``, and
``USER_COPYRIGHT_YEAR``
* Fixed crash when one tried to change username and ``USER_ENABLE_EMAIL``
was falsy
* v1.0.2.1:
* Added Slovak, Polish and Ukrainian translations.
* Fixed bug in "Password Changed" email template
* Fixed crash when USER_ENABLE_INVITE_USER is set
* Updated min allowed version of ``passlib`` from 1.6 to 1.7
* v1.0.2.0 - Production/Stable release. Dropped support for Python 2.6 and 3.3.
Version 1.2.1
- Fix a bug introduced with :pr:`556` where file validators were editing
the file fields content.
Version 1.2.0
- Add field ``MultipleFileField``. ``FileRequired``, ``FileAllowed``, ``FileSize``
now can be used to validate multiple files
6.76 2024-01-25 18:31:25Z
- Simplify code slightly for Perl v5.8+ (GH#455) (James Raspass)
- Move HTTP::CookieJar::LWP to test requires (GH#453) (Olaf Alders)
6.75 2024-01-24 14:29:17Z
- Update lwp-request to suport PATCH HTTP method (GH#452) (Javier Puche)
6.74 2024-01-22 17:48:18Z
- Making it possible to use IPv6 in https call through https proxy
environment (in case of using CONNECT method to create a tunnel) (GH#450)
(Dmitriy Shamatrin)
5.25 2024-01-27 16:11:41Z
- cache scheme so it never attempt to load it again (GH#55) (mschae94)
5.24 2024-01-26 04:36:32Z
- Really revert "use Scalar::Util::reftype instead of ref to check for
ARRAY" (GH#136) (Olaf Alders)
5.23 2024-01-25 21:02:18Z
- Revert the reftype change introduced in 5.22 as it causes warnings.
(GH#134) (Olaf Alders)
5.22 2024-01-25 15:22:54Z
- Use Scalar::Util::reftype instead of ref to check for ARRAY (GH#132)
(Jacques Deguest)
6.12 2024-01-22 17:51:31Z
- Enable MultiHomed for IO::Socket::SSL (GH#61) (ℕicolas ℝ.)
- Making it possible to use IPv6 in https call through https proxy
environment (in case of using CONNECT method to create a tunnel) (GH#74)
(Dmitriy Shamatrin)
3.4.0 (2024-01-22)
* Correct working with PasteDeploy >=3. Thanks brondsem.
3.3.0 (2023-01-03)
* Remove support for Python 2 in tests. It may still work outside tests.
* Fix homepage link. Thanks to Guillaume Gauvrit (mardiros).
* Stop using nose to run tests.
* Run tests in GitHub actions instead of travis CI.
3.2.1 (2021-04-27)
* Require ``setuptools`` in ``install_requires``. Thanks to Tomáš Hrnčiar
(hrnciar)
* Fix tests to run again.
3.2.0 (2019-09-24)
* Use wsgiserver.WSGIServer instead of wsgiutils.wsgiServer.WSGIServer
for Python 3 compatibility.
3.1.0 (2019-03-04)
* Remove dependency on ``unittest2``.
3.0.0 (2018-11-26)
* Moved to `GitHub <https://github.com/cdent/pastescript>`_.
* Put into maintenance mode, meaning: critical bugs will be fixed,
and support for new versions of Python will be handled, but new
features are not being considered.
3.7.0
* End Python 2 support.
* Remove use of distutils.
* Fix double query processing in parse_formvars.
3.6.1
* Tiny release to confirm release automation.
3.6.0
* Provide kwarg for timestamp format in Translogger.
Release 2.5.1 (October 13, 2020)
* Add compatibility for Python 3.7+.
Release 2.5.0 (October 13, 2020)
* Add graceful fallback for invalid character encoding from request object. Patch by Phillip Baker.
* Enhanced performance for matching routes that share the same static prefix. Patch by George Sakkis.
* Fixed issue with child routes not passing route conditions to the Mapper.connect call. Patch by
Robin Abbi.
* Fixed documentation to reflect default value for minimization. Patch by Marcin Raczyński.
* Allow backslash to escape special characters in route paths. Patch by Orhan Kavrakoğlu.
* Resolve invalid escape sequences. Patch by Stephen Finucane.
* Remove support for Python 2.6, 3.3, and 3.4. Patch by Stephen Finucane.
* Remove obsolete Python 2.3 compat code. Patch by Jakub Wilk.
3.0.0 (2021-08-19)
- Dropped support for Python 2.7 and 3.5.
- Added support for Python 3.9.
- Clean up dependencies and requirements.
- Switch from Travis to GitHub Actions for building and testing.
- Prevent PytestCollectionWarning for TestApp
3.1.0 (2023-11-20)
------------------
* Support Python 3.11 and 3.12.
* Remove deprecated usage of ``inspect.getargspec`` that is no longer
supported in Python 3.12.
3.0.1 (2022-10-17)
------------------
* Fix ``python_requires`` package metadata to support Python 3.7+.
3.0 (2022-10-16)
----------------
* Drop support for Python 2, as well as 3.4, 3.5, and 3.6.
* Fix a broken compatibility shim that would cause the ConfigParser to fail
on Python 3.12 when ``ConfigParser.readfp`` is removed.
* Drop setuptools dependency and start using ``importlib.metadata`` instead.
* Refactor repository into a src folder layout.
2.1.2
-----
Bugfix
~~~~~~
- When expose_tracebacks is enabled waitress would fail to properly encode
unicode thereby causing another error during error handling. See
https://github.com/Pylons/waitress/pull/378
- Header length checking had a calculation that was done incorrectly when the
data was received across multple socket reads. This calculation has been
corrected, and no longer will Waitress send back a 413 Request Entity Too
Large. See https://github.com/Pylons/waitress/pull/376
Security Bugfix
~~~~~~~~~~~~~~~
- in 2.1.0 a new feature was introduced that allowed the WSGI thread to start
sending data to the socket. However this introduced a race condition whereby
a socket may be closed in the sending thread while the main thread is about
to call select() therey causing the entire application to be taken down.
Waitress will no longer close the socket in the WSGI thread, instead waking
up the main thread to cleanup. See https://github.com/Pylons/waitress/pull/377
2.1.1
-----
Security Bugfix
~~~~~~~~~~~~~~~
- Waitress now validates that chunked encoding extensions are valid, and don't
contain invalid characters that are not allowed. They are still skipped/not
processed, but if they contain invalid data we no longer continue in and
return a 400 Bad Request. This stops potential HTTP desync/HTTP request
smuggling. Thanks to Zhang Zeyu for reporting this issue. See
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
- Waitress now validates that the chunk length is only valid hex digits when
parsing chunked encoding, and values such as ``0x01`` and ``+01`` are no
longer supported. This stops potential HTTP desync/HTTP request smuggling.
Thanks to Zhang Zeyu for reporting this issue. See
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
- Waitress now validates that the Content-Length sent by a remote contains only
digits in accordance with RFC7230 and will return a 400 Bad Request when the
Content-Length header contains invalid data, such as ``+10`` which would
previously get parsed as ``10`` and accepted. This stops potential HTTP
desync/HTTP request smuggling Thanks to Zhang Zeyu for reporting this issue. See
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
2.1.0
-----
Python Version Support
~~~~~~~~~~~~~~~~~~~~~~
- Python 3.6 is no longer supported by Waitress
- Python 3.10 is fully supported by Waitress
Bugfix
~~~~~~
- ``wsgi.file_wrapper`` now sets the ``seekable``, ``seek``, and ``tell``
attributes from the underlying file if the underlying file is seekable. This
allows WSGI middleware to implement things like range requests for example
See https://github.com/Pylons/waitress/issues/359 and
https://github.com/Pylons/waitress/pull/363
- In Python 3 ``OSError`` is no longer subscriptable, this caused failures on
Windows attempting to loop to find an socket that would work for use in the
trigger.
See https://github.com/Pylons/waitress/pull/361
- Fixed an issue whereby ``BytesIO`` objects were not properly closed, and
thereby would not get cleaned up until garbage collection would get around to
it.
This led to potential for random memory spikes/memory issues, see
https://github.com/Pylons/waitress/pull/358 and
https://github.com/Pylons/waitress/issues/357 .
With thanks to Florian Schulze for testing/vaidating this fix!
Features
~~~~~~~~
- When the WSGI app starts sending data to the output buffer, we now attempt to
send data directly to the socket. This avoids needing to wake up the main
thread to start sending data. Allowing faster transmission of the first byte.
See https://github.com/Pylons/waitress/pull/364
With thanks to Michael Merickel for being a great rubber ducky!
- Add REQUEST_URI to the WSGI environment.
REQUEST_URI is similar to ``request_uri`` in nginx. It is a string that
contains the request path before separating the query string and
decoding ``%``-escaped characters.
6.1.0 (2023-11-25)
Add support for django 5.0
Add support for python 3.12
Fix issue with Factory timezone on some BSD systems
6.0.1 (2023-09-07)
Use correct default backend when running with django 3.X
6.0 (2023-08-20)
BREAKING: pytz removed from dependencies. If you use this package with use_pytz=True, you'll need to install pytz yourself.
Drop support for django 2.2
Drop support for python 3.7
0.16
Fixed get_cached_trees if there are multiple trees in the queryset.
Added support for Python 3.12, Django 5.0.
Added codespell and ruff checks to the CI.
Fixed rebuilding using custom managers not named objects.
7.0.7
Enhancements made
- Update to JupyterLab 4.0.11
Maintenance and upkeep improvements
- Update ruff config and typing
- Clean up lint handling
- Adopt ruff format
- \[7.0.x\] Install stable JupyterLab 4.0 in the releaser hook
- Update publish-release workflow for PyPI trusted publisher
lib
This release adds API to get and parse RFC 9218 priority.
nghttp2_select_next_protocol() has been deprecated. Use nghttp2_select_alpn() instead.
build
The following dependencies have been updated:
ngtcp2
libbpf
h2load
h2load now considers all h2 HEADERS when counting bytes and recording TTFB.
This release fixes the bug that TTFB is not recorded if h3 stream has no data.
h2load now ignores 1xx status code.
IPv6 address is now enclosed by square brackets when set in :authority header field.
nghttpx
This release adds SSL_CTX_set_recv_max_early_data() call which OpenSSL requires.
__FILE_NAME__ macro is preferred if available.
nghttpx now propagates stream priority from backend to frontend.
This release fixes the bug that nghttpx sends QUIC RESET_STREAM when it receives RESET_STREAM from client.
src
This release drops old OpenSSL (< 1.1.1) support.
Now bundled applications can be built with aws-lc.
Make ruby-liquid 4.0.3 work with ruby32 (and maybe ruby33). There is newer
version 5.4.0, but www/ruby-jekyll dose not support liquid 5 yet.
Bump PKGREVISION.
0.14.1
Add the missing install requirement packaging
0.14.0
Submodule to use https protocol after unencrypted git proto deprecated
Add ARIA role to toolbar for accessibility improvement
Permit scrolling for content panels
Expand HTTP codes on which the toolbar will be displayed
docs: Fix a few typos
Fixed scrollbar issues
Replace deprecated threading.currentThread with threading.current_thread
updated to work with flask 2.2+
Flask-SQLAlchemy 3 compatibility
Fix outdated docs links
Point at new location of django-debug-toolbar
Fix Flask SQLAlchemy quickstart link
Point URLs at pallets-eco/flask-debugtoolbar
fix: migrate from deprecated flask.Markup to markupsafe.Markup
fix: use urllib.parse.quote_plus and drop werkzeug.urls.url_quote_plus
fix: drop response.charset because charset deprecated
Set up GitHub actions to replace Travis
No need to specify custom default value if key not found
Remove deprecated charset property from process_response content crafting
Fix tox and GitHub actions settings
Remove the use of before_first_request
Fix lint issues and lint config
Fix the test for basic app
Use standard Python gitignore file
Drop CHANGES.rst in favor of GitHub Releases
v0.8.2
This is a maintenance release to give some much-needed TLC to the
project. It primarily address operational issues like docs, testing,
supported python versions, and packaging with setuptools.
2.2.2
bug fixes:
address warning about renamed extension_points
fix compatibility with jupyter server 1.x
fix an authentication-related security vulnerability (see the advisory for details)
enhancements:
add authorization support (lsp resource, jupyter-server v2+ only) - this allows server operators for fine grained access control, e.g. in case if specific users (such as guest or read-only users) should not be allowed to access LSP; this is in addition to authentication fixes
Version 2.1.0
fix type signature in flask_caching.utils.make_template_fragment_key.
Added docs and example for make_cache_key
support Flask 3
Version 2.0.2
fix issue with boto3 dependencie due to latest cachelib released
migrate flask_caching.backends.RedisCluster dependency from redis-py-cluster to redis-py
bug fix: make the make_cache_key attributed of decorated view functions writeable.
Version 2.0.1
Relax dependency pin to allow Flask 2.x.x
Version 2.0.0
fix bug where flask_caching.backends.RedisSentinelCache.get_many would query wrong host&port combination.
Remove flask_caching.backends.FileSystemCache method overrides. It now shares 100% of cachelib.FileSystemCache API and is fully compatible. Functionality relient on implementation details of said overrides from older releases might not work anymore.
Add proxy to underlaying has method of cache clients.
flask_caching.backends.FileSystemCache now stores timestamps in a universal (non-frammed) way following the lastest version of cachelib.FileSystemCache. The change also reduces overhead from 17 bytes (via previous method using pickle) to 4 bytes (using python's struct). This, however, will break compatibily since older timestamps are serialized with a different strategy.
0.6.0
- Use ``should_set_cookie`` for preventing each request from saving the session again.
- Permanent session otherwise empty will not be saved.
- Use `secrets` module to generate session identifiers, with 256 bits of
entropy (was previously 122).
- Explicitly name support for python-memcached, pylibmc and pymemcache.
- Introduce SESSION_KEY_LENGTH to control the length of the session key in bytes, default is 32.
- Fix pymongo 4.0 compatibility.
- Fix expiry is None bug in SQLAlchemy.
- Fix bug when existing SQLAlchemy db instance.
- Support SQLAlchemy SESSION_SQLALCHEMY_SEQUENCE, SESSION_SQLALCHEMY_SCHEMA and SESSION_SQLALCHEMY_BINDKEY
- Drop support for Redis < 2.6.12.
- Fix empty sessions being saved.
- Support Flask 3.0 and Werkzeug 3.0
Version 3.0.1
- Correct type for ``path`` argument to ``send_file``.
- Fix a typo in an error message for the ``flask run --key`` option.
- Session data is untagged without relying on the built-in ``json.loads``
``object_hook``. This allows other JSON providers that don't implement that.
- Address more type findings when using mypy strict mode.
23.12.0 - 2023-12-22
* Fixed a compatibility issue with Werkzeug versions greater than 2.2.
* Added explicit support for Python 3.10 and 3.11, although in practice they did work previously in 21.8.
* Python 3.6 is no longer supported by Klein.
0.3.0
Changed requirements:
Dropped support for Python 2.7, 3.5, 3.6, and 3.7, and added support for 3.11 and for the upcoming 3.12.
six is no longer a dependency.
Added support for the Visit-Time directive.
Fixed leading asterisks in allow and disallow values not being properly interpreted.
Protego.parse() now raises value error when content is not a string.
0.26.0
Update --root-path to include the root path prefix in the full ASGI path as per the ASGI spec
Use __future__.annotations on some internal modules
4.12.3 (20240117)
* The Beautiful Soup documentation now has a Spanish translation, thanks
to Carlos Romero. Delong Wang's Chinese translation has been updated
to cover Beautiful Soup 4.12.0.
* Fixed a regression such that if you set .hidden on a tag, the tag
becomes invisible but its contents are still visible. User manipulation
of .hidden is not a documented or supported feature, so don't do this,
but it wasn't too difficult to keep the old behavior working.
* Fixed a case found by Mengyuhan where html.parser giving up on
markup would result in an AssertionError instead of a
ParserRejectedMarkup exception.
* Added the correct stacklevel to instances of the XMLParsedAsHTMLWarning.
[bug=2034451]
* Corrected the syntax of the license definition in pyproject.toml. Patch
by Louis Maddox. [bug=2032848]
* Corrected a typo in a test that was causing test failures when run against
libxml2 2.12.1. [bug=2045481]
Update prepared in wip by Kevin Bloom.
0.12.0 -> 0.12.1:
- Fix empty the end of the tag <form>
- Correctly handle text in <form> elements
- Fix tag name filtering that could result in XSS
- Return visualc/include/strings.h file
0.11.1 -> 0.12.0:
- Add support for <dialog> tag
- Fix TAGSET_INCLUDES macro to work properly with multiple bit flags
0.10.1 -> 0.11.0:
- Add support for <picture> tag
- Make genperf.py script compatible with Python 3
- Change maintainer to Grigory Kirillov
3.2.1 (released 2023-11-23)
---------------------------
* Increased the default request timeout of the twill browser to 10 seconds
(from 5 seconds in 3.2) and added a command to change the timeout
3.2 (released 2023-11-02)
-------------------------
* The supported Python versions are now 3.8 to 3.12.
* A new method 'find_links' was added to the twill browser
* Twill now uses httpx_ instead of requests_.
* WSGI apps are now supported via httpx, wsgi_intercept is not needed anymore.
* We now use 'pyproject.toml' instead of 'setup.py'.
* Type hints and code style have been improved and are checked with ruff.
* Internal code was reformatted using ruff format (compatible with black).
v1.0.0
Fix flake8 complaints
Update dependency versions
Switch to GitHub Actions
Add missing iTunes tags
Fix a few comment typos
Improve module documentation
docs: Fix a few typos
Fix etree to string conversion in FeedGenerator
Use Unittest Asserts
Allow integer to be used for enclosure length
Fixed category documentation
Fixex generating Atom feed when adding description as summary
Include tests in release tarball
Update RPM Specfile (tests, pypi, py3)
2.5.1 (2023-12-19)
- Version 2.5 was never released on PyPi due to a pyproject.toml
misconfiguration.
2.5 (2023-11-28)
- Confirmed support for Python 3.12 and Django 5.0.
- Replaced deprecated pkg_resources usage by importlib.metadata.
- Applied PEP 621 (replaced setup.py with pyproject.toml).
- Removed Python 3.7 support.
- Updated translations (Galician, Portuguese, Slovenian, Serbian).
2.1.2 (2023-08-03)
------------------
- Fix test failures on Python 3.11.4+
- Fix an incorrect type hint
- Add project URLs to setup.py
2.1.1 (2022-12-09)
------------------
- :func:`~w3lib.url.safe_url_string`, :func:`~w3lib.url.safe_download_url`
and :func:`~w3lib.url.canonicalize_url` now strip whitespace and control
characters urls according to the URL living standard.
2.1.0 (2022-11-28)
------------------
- Dropped Python 3.6 support, and made Python 3.11 support official.
- :func:`~w3lib.url.safe_url_string` now generates safer URLs.
To make URLs safer for the `URL living standard`_:
.. _URL living standard: https://url.spec.whatwg.org/
- ``;=`` are percent-encoded in the URL username.
- ``;:=`` are percent-encoded in the URL password.
- ``'`` is percent-encoded in the URL query if the URL scheme is `special
<https://url.spec.whatwg.org/#special-scheme>`__.
To make URLs safer for `RFC 2396`_ and `RFC 3986`_, ``|[]`` are
percent-encoded in URL paths, queries, and fragments.
.. _RFC 2396: https://www.ietf.org/rfc/rfc2396.txt
.. _RFC 3986: https://www.ietf.org/rfc/rfc3986.txt
- :func:`~w3lib.encoding.html_to_unicode` now checks for the `byte order
mark`_ before inspecting the ``Content-Type`` header when determining the
content encoding, in line with the `URL living standard`_.
.. _byte order mark: https://en.wikipedia.org/wiki/Byte_order_mark
- :func:`~w3lib.url.canonicalize_url` now strips spaces from the input URL,
to be more in line with the `URL living standard`_.
- :func:`~w3lib.html.get_base_url` now ignores HTML comments.
- Fixed :func:`~w3lib.url.safe_url_string` re-encoding percent signs on
the URL username and password even when they were being used as part of an
escape sequence.
- Fixed :func:`~w3lib.http.basic_auth_header` using the wrong flavor of
base64 encoding, which could prevent authentication in rare cases.
- Fixed :func:`~w3lib.html.replace_entities` raising :exc:`OverflowError` in
some cases due to `a bug in CPython
<https://github.com/python/cpython/issues/76763>`__.
- Improved typing and fixed typing issues.
- Made CI and test improvements.
- Adopted a Code of Conduct.
2.0.1 (2022-08-11)
------------------
Minor documentation fix (release date is set in the changelog).
2.0.0 (2022-08-11)
------------------
Backwards incompatible changes:
- Python 2 is no longer supported; Python 3.6+ is required now
- :func:`w3lib.url.safe_url_string` and :func:`w3lib.url.canonicalize_url`
no longer convert "%23" to "#" when it appears in the URL path. This is a bug
fix. It's listed as a backward-incomatible change because in some cases the
output of :func:`w3lib.url.canonicalize_url` is going to change, and so, if
this output is used to generate URL fingerprints, new fingerprints might be
incompatible with those created with the previous w3lib versions
Deprecation removals
- The ``w3lib.form`` module is removed.
- The ``w3lib.html.remove_entities`` function is removed.
- The ``w3lib.url.urljoin_rfc`` function is removed.
The following functions are deprecated, and will be removed in future releases:
- ``w3lib.util.str_to_unicode``
- ``w3lib.util.unicode_to_str``
- ``w3lib.util.to_native_str``
Other improvements and bug fixes:
- Type annotations are added
- Added support for Python 3.9 and 3.10
- Fixed :func:`w3lib.html.get_meta_refresh` for ``<meta>`` tags where
``http-equiv`` is written after ``content``
- Fixed :func:`w3lib.url.safe_url_string` for IDNA domains with ports
- :func:`w3lib.url.url_query_cleaner` no longer adds an unneeded ``#`` when
``keep_fragments=True`` is passed, and the URL doesn't have a fragment
- Removed a workaround for an ancient pathname2url bug
- CI is migrated to GitHub Actions
- The code is formatted using black
1.22.0 (2020-05-13)
-------------------
- Python 3.4 is no longer supported
- :func:`w3lib.url.safe_url_string` now supports an optional ``quote_path``
parameter to disable the percent-encoding of the URL path
- :func:`w3lib.url.add_or_replace_parameter` and
:func:`w3lib.url.add_or_replace_parameters` no longer remove duplicate
parameters from the original query string that are not being added or
replaced
- :func:`w3lib.html.remove_tags` now raises a :exc:`ValueError` exception
instead of :exc:`AssertionError` when using both the ``which_ones`` and the
``keep`` parameters
- Test improvements
- Documentation improvements
- Code cleanup
v1.4.0 / 2023-12-29
Add support for httpx
Enable mocket integration tests for Python >= 3.11
v1.3.0 / 2023-12-25
This release modernizes Pook build and development environments.
Drop support for EOL'd Python versions (in other words, 3.6 and 3.7)
Use pyproject.toml
Use ruff to lint files
Use pre-commit to add pre-commit hooks
Use hatch to manage test, development, and build environments
Fix the test configuration to actually run the example tests
Fix the documentation build
Fix support for asynchronous functions in the activate decorator (this was a direct result of re-enabling the example tests and finding lots of little issues)
Remove all mention of the unsupported pycurl library
Clean up tests that can use pytest parametrize to do so (and get better debugging information during tests runs as a result)
Use pytest-pook to clean up a bunch of unnecessary test fixtures
Fix deprecation warning for invalid string escape sequences caused by untagged regex strings
v1.2.1 / 2023-12-23
Fix usage of regex values in header matchers
Fix urllib SSL handling
v1.2.0 / 2023-12-17
feat(api): add support for binary bodies
fix(urllib3): don't put non-strings into HTTP header dict
refactor: drop Python 3.5 support
v1.1.0 / 2023-01-01
chore(version): bump minor v1.1.0
Switch to Python >= 3.5 and fix latest aiohttp compatability
fix: remove print cal
7.14.1
Bugs fixed
- Fix broken image scaling in case a custom width or height is provided for the image
Maintenance and upkeep improvements
- Allow pre-fetch of css files without attempting download
- Bump the actions group with 1 update
4.0.10
Bugs fixed
- Backport: Improve scrolling to heading
- Workaround focus leaving input box on consecutive submissions
- Fix search coming back in notebook and editor
- Fix `jupyter labextension watch --help`
- Fix `FormComponent` showing error indicators in all fields when using a `customValidate` function
- Fix Shift + L not working in stdin
Maintenance and upkeep improvements
- Backport: Adopt ruff format
- Pin `actions/labeler` to v4 to fix failing CI action
- Fix URLs in debugger-extension
- More robust galata/UI tests
Documentation improvements
- Backport: Adopt ruff format
2.12.3
Bugs fixed
- Import User unconditionally
Maintenance and upkeep improvements
- Simplify the jupytext downstream test
- Fix test param for pytest-xdist
2.12.2
Bugs fixed
- Fix a typo in error message
- Force legacy ws subprotocol when using gateway
Maintenance and upkeep improvements
- Update pre-commit deps
- Use ruff docstring-code-format
Documentation improvements
- Enable htmlzip and epub on readthedocs
Changelog (taken from https://github.com/superseriousbusiness/gotosocial/releases)
v0.13.1 Spiderier Sloth
Release highlights
Fixes a couple small issues with poll vote counts and poll expiry, and an issue where domain blocks were sometimes not being properly enforced when deeper- and higher-level domain blocks were used in combination (eg., when combining blocks for say example.org, bad.example.org, also-bad.example.org).
Migration notes
Upgrading
See the release notes for 0.13.0 but replace 0.13.0 with 0.13.1 throughout. Easy peasy!
config.yaml
No changes since 0.13.0, see 0.13.0 for migration notes from versions < 0.13.0.
Database Migrations
No changes since 0.13.0, see 0.13.0 for migration notes from versions < 0.13.0.
Detailed Changelog
ccecf5a [bugfix] fix higher-level explicit domain rules causing issues with lower-level domain blocking (#2513)
d5c305d [bugfix] misc dereferencer fixes (#2475)
1c56192 [feature] Log pubKeyID for http-signed requests (#2501)
f33d05c [bugfix] fix check for closed poll to account for non-zero closed time but in the future (#2486)
b141500 [bugfix] fix poll total vote double count (#2464)
v0.13.0 Spider Sloth 🕷️
Spider Sloth, Spider Sloth, does whatever a .... sloth does?
Release highlights
Create, view, and vote in polls. It's been a while in the making but GoToSocial now has support for polls, aka Question activity types. You can create, view, and vote in polls using your client of choice.
Show unsupported media placeholders in incoming posts, where media could not be downloaded (temporarily or otherwise). No more dropped media on posts! You'll instead now get a link to the media on the originating instance, that you can click through in your (mobile) browser.
Mute threads that you're being overwhelmed by. Notifications for replies, likes, and boosts in that thread will no longer be generated.
Media cleanup scheduling. Previously media scheduling took place every night at 12am. With the new media scheduling settings in the config, you can customize the schedule to run it at different times and frequencies. https://docs.gotosocial.org/en/latest/admin/media_caching/#cleanup
Support for setting instance language . You can use the new instance-languages setting to indicate one or more primary languages for your instance. https://docs.gotosocial.org/en/latest/configuration/instance/
Support for language tags on posts. Language of posts is now correctly federated in and out of your instance. The language of posts is also shown on the web view of statuses and threads.
Gather and expose prometheus format metrics. You can now expose a /metrics endpoint to allow a Prometheus instance to scrape metrics about Go runtime memory usage, http request and database metrics, and more. https://docs.gotosocial.org/en/latest/advanced/metrics/
Migration notes
Error #01: authentication NOT PASSED for public key
You will see lots of errors in your logs now that look like this. This is normal, and not a new bug! Previously, we were not surfacing these authentication errors, and now we are. They are caused by #894, which we will fix some time in the new year. Again, not a new bug. This will not effect normal running of your instance.
Upgrading
To upgrade to 0.13.0 from a previous release:
Binary/tar
Stop GoToSocial
Untar the new release, including the web assets and html templates.
Edit your config.yaml file as necessary (see below).
Start GoToSocial
Docker
Stop GoToSocial.
Pull the new docker container (superseriousbusiness/gotosocial:0.13.0 or superseriousbusiness/gotosocial:latest)
Start GoToSocial.
config.yaml
The configuration file has changed since the previous release. You can see a diff of the config file here: v0.12.2...v0.13.0#diff-c071e03510b2c57e193a44503fd9528a785f0f411497cc75841a9f8d0b1ac622
Database Migrations
This release contains several database migrations which will run the first time you start up this new version. Be sure not to interrupt this migration process. This will take anywhere between a couple seconds and ten minutes (on slower hardware). Please be patient!
Detailed Changelog
Features + performance
[feature] Status thread mute/unmute functionality by @tsmethurst in #2278
[feature] attach any request errors if found, only set level=ERROR if code >= 500 by @NyaaaWhatsUpDoc in #2300
[feature] Customizable media cleaner schedule by @tsmethurst in #2304
[feature] add per-uri dereferencer locks by @NyaaaWhatsUpDoc in #2291
[feature] support canceling scheduled tasks, some federation API performance improvements by @NyaaaWhatsUpDoc in #2329
[feature] add support for polls + receiving federated status edits by @NyaaaWhatsUpDoc in #2330
[feature] Media attachment placeholders by @tsmethurst in #2331
[feature/performance] Wrap incoming HTTP requests in timeout handler by @tsmethurst in #2353
[feature] Set/show instance language(s); show post language on frontend by @tsmethurst in #2362
[feature] Initial metrics by @Tsuribori in #2334
[feature] Federate status language in and out by @tsmethurst in #2366
[feature] Poll web view by @tsmethurst in #2377
[performance] http response encoding / writing improvements by @NyaaaWhatsUpDoc in #2374
[feature] Add /api/v1/admin/debug/apurl endpoint by @tsmethurst in #2359
[performance/postgres] Rename constraints, remove duplicate indexes by @tsmethurst in #2392
Bugfixes
[bugfix] serialize instance terms via API by @tsmethurst in #2293
[bugfix/frontend] Export/import CSV correctly by @tsmethurst in #2294
[bugfix] allow store smaller PNG image than 261 bytes (#2263) by @KEINOS in #2298
[bugfix/frontend] Add nosubmit option to form fields; use it when instance custom CSS disabled by @tsmethurst in #2290
[bugfix] Extract description as summary first, fall back to name by @tsmethurst in #2303
[bugfix] Allow blocked accounts to show in precise search by @tsmethurst in #2321
[bugfix] Relax Mention parsing, allowing either href or name by @tsmethurst in #2320
Remove account_suspended_at_idx to resolve slow query issues by @Sentynel in #2310
[bugfix] fix poll vote count responses on client and fedi API vote creation by @NyaaaWhatsUpDoc in #2343
[bugfix] actually decrement votes during poll vote delete ... by @NyaaaWhatsUpDoc in #2344
[bugfix/docs] Poll api fixups + swagger docs by @tsmethurst in #2345
[bugfix] Don't try to update suspended accounts by @tsmethurst in #2348
[chore/bugfix/horror] Allow expires_in and poll choices to be parsed from strings by @tsmethurst in #2346
[bugfix] support endless polls, and misskey's' method of inferring expiry in closed polls by @NyaaaWhatsUpDoc in #2349
[bugfix] Update poll delete/update db queries by @tsmethurst in #2361
[bugfix] process account delete side effects in serial, not in parallel by @tsmethurst in #2360
[bugfix] self-referencing collection pages for status replies by @NyaaaWhatsUpDoc in #2364
[bugfix] Add Actor to outgoing poll vote Create; other fixes by @tsmethurst in #2384
[bugfix] Don't copy ptr fields in caches by @tsmethurst in #2386
[bugfix] Correctly handle range > content-length by @Jadeiin in #2395
[bugfix] Update exif-terminator (fix png issue) by @tsmethurst in #2391
[bugfix] always go through status parent dereferencing on isNew, even on data-race by @NyaaaWhatsUpDoc in #2402
[bugfix] return 400 Bad Request on more cases of malformed AS data by @NyaaaWhatsUpDoc in #2399
[bugfix] in fedi API CreateStatus(), handle case of data-race and return early by @NyaaaWhatsUpDoc in #2403
[bugfix/chore] Announce reliability updates by @tsmethurst in #2405
[bug] Fix an import statement in the gen template by @daenney in #2426
[bugfix] Fix wrong notification type sent for poll end by @tsmethurst in #2429
[bugfix] Fix web media not showing as sensitive by @tsmethurst in #2433
[bugfix] Ensure pre renders as expected, fix orderedCollectionPage by @tsmethurst in #2434
[bugfix] Narrow search scope for accounts starting with '@'; don't LOWER SQLite text searches by @tsmethurst in #2435
[bugfix] Make screenreaders read out Language of posts properly by @tsmethurst in #2436
[bugfix] ensure the 'Closing' flag doesn't get cached by @NyaaaWhatsUpDoc in #2443
[bugfix] pol...
v0.13.0-rc2
Hiya! Here's the second release candidate for 0.13.0!
For installation / migration instructions, please see the release notes for the RC1, but replace rc1 with rc2 throughout:
https://github.com/superseriousbusiness/gotosocial/releases/tag/v0.13.0-rc1
Happy bug hunting!
Detailed Changelog
Bugfixes
d0bb8f0 [bugfix] Let templates deref pointers, as a treat (#2448)
ac48192 [bugfix] poll vote count fixes (#2444)
2191c7d [bugfix] ensure the 'Closing' flag doesn't get cached (#2443)
bca9b2c [bugfix] Make screenreaders read out Language of posts properly (#2436)
3f070a4 [bugfix] Narrow search scope for accounts starting with '@'; don't LOWER SQLite text searches (#2435)
d60edf7 [bugfix] Ensure pre renders as expected, fix orderedCollectionPage (#2434)
cc91ea0 [bugfix] Fix web media not showing as sensitive (#2433)
c6d6fec [bugfix] Fix wrong notification type sent for poll end (#2429)
455064f [bug] Fix an import statement in the gen template (#2426)
Chores / version bumps
cd16113 [chore]: Bump github.com/KimMachineGun/automemlimit from 0.3.0 to 0.4.0 (#2440)
9b03840 [chore]: Bump github.com/miekg/dns from 1.1.56 to 1.1.57 (#2439)
cdeba94 [chore]: Bump golang.org/x/oauth2 from 0.13.0 to 0.15.0 (#2438)
a968a03 [chore]: Bump github.com/coreos/go-oidc/v3 from 3.7.0 to 3.9.0 (#2442)
4779aec [chore] Run ANALYZE for SQLite after latest migrations (#2427)
dacfd41 [chore/frontend] Refactor status templates slightly, put polls behind CWs if present (#2419)
18d850e [chore]: Bump go.opentelemetry.io/otel/exporters/prometheus (#2412)
ca1a581 [chore]: Bump github.com/tdewolff/minify/v2 from 2.20.7 to 2.20.9 (#2416)
bdc43a9 [chore]: Bump github.com/minio/minio-go/v7 from 7.0.63 to 7.0.65 (#2415)
b576fbb [chore]: Bump golang.org/x/crypto from 0.15.0 to 0.16.0 (#2413)
bffc67d [chore]: Bump github.com/gorilla/feeds from 1.1.1 to 1.1.2 (#2414)
Docs
5556767 [docs] Change configuration creation instructions (#2408)
v0.13.0-rc1
Well well well, look what the sloth dragged in... the first release candidate for v0.13.0, Spider Sloth.
Release highlights
Create, view, and vote in polls. It's been a while in the making but GoToSocial now has support for polls, aka Question activity types. You can create, view, and vote in polls using your client of choice.
Show unsupported media placeholders in incoming posts, where media could not be downloaded (temporarily or otherwise). No more dropped media on posts! You'll instead now get a link to the media on the originating instance, that you can click through in your (mobile) browser.
Mute threads that you're being overwhelmed by. Notifications for replies, likes, and boosts in that thread will no longer be generated.
Media cleanup scheduling. Previously media scheduling took place every night at 12am. With the new media scheduling settings in the config, you can customize the schedule to run it at different times and frequencies. https://docs.gotosocial.org/en/latest/admin/media_caching/#cleanup
Support for setting instance language . You can use the new instance-languages setting to indicate one or more primary languages for your instance. https://docs.gotosocial.org/en/latest/configuration/instance/
Support for language tags on posts. Language of posts is now correctly federated in and out of your instance. The language of posts is also shown on the web view of statuses and threads.
Gather and expose prometheus format metrics. You can now expose a /metrics endpoint to allow a Prometheus instance to scrape metrics about Go runtime memory usage, http request and database metrics, and more. https://docs.gotosocial.org/en/latest/advanced/metrics/
Migration notes
Upgrading
To upgrade to 0.13.0-rc1 from a previous release:
Binary/tar
Stop GoToSocial
Untar the new release, including the web assets and html templates.
Edit your config.yaml file as necessary (see below).
Start GoToSocial
Docker
Stop GoToSocial.
Pull the new docker container (superseriousbusiness/gotosocial:0.13.0-rc1 or superseriousbusiness/gotosocial:latest)
Start GoToSocial.
config.yaml
The configuration file has changed since the previous release. You can see a diff of the config file here: v0.12.2...v0.13.0-rc1#diff-c071e03510b2c57e193a44503fd9528a785f0f411497cc75841a9f8d0b1ac622
Database Migrations
This release contains several database migrations which will run the first time you start up this new version. Be sure not to interrupt this migration process. This will take anywhere between a couple seconds and ten minutes (on slower hardware). Please be patient!
Detailed Changelog
Feature / performance
[feature] Status thread mute/unmute functionality by @tsmethurst in #2278
[feature] attach any request errors if found, only set level=ERROR if code >= 500 by @NyaaaWhatsUpDoc in #2300
[feature] Customizable media cleaner schedule by @tsmethurst in #2304
[feature] add per-uri dereferencer locks by @NyaaaWhatsUpDoc in #2291
[performance] Remove account_suspended_at_idx to resolve slow query issues by @Sentynel in #2310
[feature] support canceling scheduled tasks, some federation API performance improvements by @NyaaaWhatsUpDoc in #2329
[feature] add support for polls + receiving federated status edits by @NyaaaWhatsUpDoc in #2330
[feature] Media attachment placeholders by @tsmethurst in #2331
[feature/performance] Wrap incoming HTTP requests in timeout handler by @tsmethurst in #2353
[feature] Set/show instance language(s); show post language on frontend by @tsmethurst in #2362
[feature] Initial metrics by @Tsuribori in #2334
[feature] Federate status language in and out by @tsmethurst in #2366
[feature] Poll web view by @tsmethurst in #2377
[performance] http response encoding / writing improvements by @NyaaaWhatsUpDoc in #2374
[feature] Add /api/v1/admin/debug/apurl endpoint by @tsmethurst in #2359
[performance/postgres] Rename constraints, remove duplicate indexes by @tsmethurst in #2392
Bugfixes
[bugfix/frontend] Add nosubmit option to form fields; use it when instance custom CSS disabled by @tsmethurst in #2290
[bugfix] serialize instance terms via API by @tsmethurst in #2293
[bugfix/frontend] Export/import CSV correctly by @tsmethurst in #2294
[bugfix] allow store smaller PNG image than 261 bytes (#2263) by @KEINOS in #2298
[bugfix] Extract description as summary first, fall back to name by @tsmethurst in #2303
[bugfix] Allow blocked accounts to show in precise search by @tsmethurst in #2321
[bugfix] Relax Mention parsing, allowing either href or name by @tsmethurst in #2320
[bugfix] fix poll vote count responses on client and fedi API vote creation by @NyaaaWhatsUpDoc in #2343
[bugfix] actually decrement votes during poll vote delete ... by @NyaaaWhatsUpDoc in #2344
[bugfix/docs] Poll api fixups + swagger docs by @tsmethurst in #2345
[bugfix] Don't try to update suspended accounts by @tsmethurst in #2348
[chore/bugfix/horror] Allow expires_in and poll choices to be parsed from strings by @tsmethurst in #2346
[bugfix] support incoming endless polls, and misskey's' method of inferring expiry in closed polls by @NyaaaWhatsUpDoc in #2349
[bugfix] Update poll delete/update db queries by @tsmethurst in #2361
[bugfix] process account delete side effects in serial, not in parallel by @tsmethurst in #2360
[bugfix] self-referencing collection pages for status replies by @NyaaaWhatsUpDoc in #2364
[bugfix] Add Actor to outgoing poll vote Create; other fixes by @tsmethurst in #2384
[bugfix] Don't copy ptr fields in caches by @tsmethurst in #2386
[bugfix] Correctly handle range > content-length by @Jadeiin in #2395
[bugfix] Update exif-terminator (fix png issue) by @tsmethurst in #2391
[bugfix] always go through status parent dereferencing on isNew, even on data-race by @NyaaaWhatsUpDoc in #2402
[bugfix] return 400 Bad Request on more cases of malformed AS data by @NyaaaWhatsUpDoc in #2399
[bugfix] in fedi API CreateStatus(), handle case of data-race and return early by @NyaaaWhatsUpDoc in #2403
[bugfix/chore] Announce reliability updates by @tsmethurst in #2405
Chores and version bumps
[chore]: Bump github.com/coreos/go-oidc/v3 from 3.6.0 to 3.7.0 by @dependabot in #2284
[chore] de-interface{} the federator and dereferencer structs by @NyaaaWhatsUpDoc in #2285
[chore] bump go version -> 1.21.x by @tsmethurst in #2287
Bump @babel/traverse from 7.23.0 to 7.23.2 in /web/source by @dependabot in #2269
[chore] update minify library by @NyaaaWhatsUpDoc in #2286
[chore] bump go swagger version in Docker build by @tsmethurst in #2292
[chore]: Bump google.golang.org/grpc from 1.58.2 to 1.58.3 by @dependabot in #2301
[chore]: Bump github.com/tdewolff/minify/v2 from 2.19.10 to 2.20.0 by @dependabot in #2316
[chore]: Bump github.com/yuin/goldmark from 1.5.6 to 1.6.0 by @dependabot in #2318
Bump browserify-sign from 4.2.1 to 4.2.2 in /web/source by @dependabot in #2...
This is a very simple HTTP/1.1 client, designed for doing simple
requests without the overhead of a large framework like LWP::UserAgent.
It is more correct and more complete than HTTP::Lite. It supports
proxies and redirection. It also correctly resumes after EINTR.
Changelog:
115.6.0:
* Security fixes.
Mozilla Foundation Security Advisory 2023-54
#CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced
method with Mesa VM driver
#CVE-2023-6865: Potential exposure of uninitialized data in
EncryptingOutputStream
#CVE-2023-6857: Symlinks may resolve to smaller than expected buffers
#CVE-2023-6858: Heap buffer overflow in nsTextFragment
#CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer
#CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture
validation
#CVE-2023-6867: Clickjacking permission prompts using the popup transition
#CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in
headless mode
#CVE-2023-6862: Use-after-free in nsDNSService
#CVE-2023-6863: Undefined behavior in ShutdownObserver()
#CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and
Thunderbird 115.6
Changelog:
121.0.1:
Fixed
* Fixed unexpected line wrapping in some CJK contexts caused by changes in
ideographic space handling. (Bug 1870973)
* Fixed a hang when loading sites containing column-based layouts under some
circumstances. (Bug 1867784)
* Fixed missing rounded corners for videos playing over another video. (Bug
1869994)
* Fixed Firefox not closing properly and other applications being unable to
use a USB security key after being previously used during a Firefox
session. (Bug 1863135)
0.25.0 - 2023-12-17
Added
Support the WebSocket Denial Response ASGI extension
Fixed
Allow explicit hidden file paths on --reload-include
Properly annotate uvicorn.run()
0.24.0.post1 - 2023-11-06
Fixed
Revert mkdocs-material from 9.1.21 to 9.2.6
0.24.0 - 2023-11-04
Added
Support Python 3.12
Allow setting app via environment variable UVICORN_APP
0.23.2 - 2023-07-31
Fixed
Maintain the same behavior of websockets from 10.4 on 11.0
0.23.1 - 2023-07-18
Fixed
Add typing_extensions for Python 3.10 and lower
0.23.0 - 2023-07-10
Added
Add --ws-max-queue parameter WebSockets
Removed
Drop support for Python 3.7
Remove asgiref as typing dependency
Fixed
Set scope["scheme"] to ws or wss instead of http or https on ProxyHeadersMiddleware for WebSockets
Changed
Raise ImportError on circular import
Use logger.getEffectiveLevel() instead of logger.level to check if log level is TRACE
0.22.0 - 2023-04-28
Added
Add --timeout-graceful-shutdown parameter
Handle SIGBREAK on Windows
Fixed
Shutdown event is now being triggered on Windows when using hot reload
--reload-delay is effectively used on the watchfiles reloader
0.21.1 - 2023-03-16
Fixed
Reset lifespan state on each request
0.21.0 - 2023-03-09
Added
Introduce lifespan state
Allow headers to be sent as iterables on H11 implementation
Improve discoverability when --port=0 is used
Changed
Avoid importing h11 and pyyaml when not needed to improve import time
Replace current native WSGIMiddleware implementation by a2wsgi
Change default --app-dir from "." (dot) to "" (empty string)
Fixed
Send code 1012 on shutdown for WebSockets
Use surrogateescape to encode headers on websockets implementation
Fix warning message on reload failure
0.20.0 - 2022-11-20
Added
Check if handshake is completed before sending frame on wsproto shutdown
Add default headers to WebSockets implementations
Warn user when reload and workers flag are used together
Fixed
Use correct WebSocket error codes on close
Send disconnect event on connection lost for wsproto
Add SIGQUIT handler to UvicornWorker
Fix crash on exist with "--uds" if socket doesn't exist
Annotate CONFIG_KWARGS in UvicornWorker class
Removed
Remove conditional on RemoteProtocolError.event_hint on wsproto
Remove unused handle_no_connect on wsproto implementation
7.14.0
Enhancements made
- Convert `coalescese_streams` function to `CoalesceStreamsPreprocessor`
Maintenance and upkeep improvements
- chore: update pre-commit hooks
- Fix webpdf test on Python 3.12
- Clean up import
7.13.1
Bugs fixed
- Restore removed import
7.13.0
Enhancements made
- Add table, td, tr to allowed list of tags
Maintenance and upkeep improvements
- Remove twitter links that cause linkcheck to fail
- Update ruff config
- chore: update pre-commit hooks
Sync replace-moz.build.awk with firefox{102,} so that X11 desktop
capture works.
(Re)Fix PR pkg/56955.
(While here define PKGREVISION only once.)
PKGREVISION++
1.877.0 (2024-01-03)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.876.0 (2023-12-28)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.875.0 (2023-12-27)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.874.0 (2023-12-26)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.873.0 (2023-12-22)
* Feature - Added support for enumerating regions for Aws::NetworkMonitor.
1.872.0 (2023-12-21)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.871.0 (2023-12-20)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.870.0 (2023-12-19)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.869.0 (2023-12-18)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
Upstream changes:
Changes for version 4.60 - 2023-11-01
TESTING
move t/changes.t to xt/ as is now broken by the recent rewrite of Test::CPAN::Changes (GH #260)
aioquic is a library for the QUIC network protocol in Python. It
features a minimal TLS 1.3 implementation, a QUIC stack and an HTTP/3
stack.
QUIC was standardised in RFC 9000 and HTTP/3 in RFC 9114
aioquic is regularly tested for interoperability against other QUIC
implementations.
pylsqpack is a wrapper around the ls-qpack library. It provides Python
Decoder and Encoder objects to read or write HTTP/3 headers compressed
with QPACK.
Version 23.12.0
Features
* Start and restart arbitrary processes
* Cleaner process management in shutdown
* Suppress task cancel traceback on open websocket
* Listener and signal prioritization
* Reduce memory consumption
* Accept bare cookies
* Add websocket.handler.<before/after/exception> signals
* Add changed files to reload trigger listeners
* Allow for simple signals
* Improve functionality and consistency of Sanic.event()
* Allow range requests for a single byte
* Better Request.scheme for websocket requests
* Convert Sanic Request to a Websockets Request for handshake
* Add a REPL to the sanic CLI
* Add Python 3.12 support
* Better exception on multiprocessing context conflicts
Bugfixes
* Fix MOTD display for extra data
4.0.0 (2022-10-15)
------------------
Channels 4 is the next major version of the Channels package. Together with the
matching Daphne v4 and channels-redis v4 releases, it updates dependencies,
fixes issues, and removes outdated code. It so provides the foundation for
Channels development going forward.
In most cases, you can update now by updating ``channels``, ``daphne``, and
``channels-redis`` as appropriate, with ``pip``, and by adding ``daphne`` at
the top of your ``INSTALLED_APPS`` setting.
First ``pip``::
pip install -U 'channels[daphne]' channels-redis
Then in your Django settings file::
INSTALLED_APPS = [
"daphne",
...
]
Again, this is a major version change. Amongst other changes, large amounts of
the Django-wrapping code deprecated in Channels v3 has now been removed, in
favour of Django's own ASGI handling, and the ``runserver`` command has been
moved into the Daphne package.
4.0.0 (2022-10-07)
------------------
Major versioning targeting use with Channels 4.0 and beyond. Except where
noted should remain usable with Channels v3 projects, but updating Channels to the latest version is recommended.
* Added a ``runserver`` command to run an ASGI Django development server.
Added ``"daphne"`` to the ``INSTALLED_APPS`` setting, before
``"django.contrib.staticfiles"`` to enable:
INSTALLED_APPS = [
"daphne",
...
]
This replaces the Channels implementation of ``runserver``, which is removed
in Channels 4.0.
* Made the ``DaphneProcess`` tests helper class compatible with the ``spawn``
process start method, which is used on macOS and Windows.
Note that requires Channels v4 if using with ``ChannelsLiveServerTestCase``.
* Dropped support for Python 3.6.
* Updated dependencies to the latest versions.
Previously a range of Twisted versions have been supported. Recent Twisted
releases (22.2, 22.4) have issued security fixes, so those are now the
minimum supported version. Given the stability of Twisted, supporting a
range of versions does not represent a good use of maintainer time. Going
forward the latest Twisted version will be required.
* Set ``daphne`` as default ``Server`` header.
This can be configured with the ``--server-name`` CLI argument.
Added the new ``--no-server-name`` CLI argument to disable the ``Server``
header, which is equivalent to ``--server-name=` (an empty name).
* Added ``--log-fmt`` CLI argument.
* Added support for ``ASGI_THREADS`` environment variable, setting the maximum
number of workers used by a ``SyncToAsync`` thread-pool executor.
Set e.g. ``ASGI_THREADS=4 daphne ...`` when running to limit the number of
workers.
* Removed deprecated ``--ws_protocols`` CLI option.
Version 1.5.1 - Security Release
This is a minor security release to fix a potential DoS for applications that allow the use of symmetric keys with pbkdf2.
What's Changed
Fix X22519 import/export from PEM
Read the Docs now requires a config file
chore: refactor for removing pdb symbols
Fix potential DoS issue with p2c header
6.72 2023-07-17 22:01:19Z
- Don't mangle protocol scheme and don't require it to be valid if
implementor is already known (GH#436) (mwgamera)
6.71 2023-06-20 19:44:19Z
- Use rather than require Module::Load (GH#435) (Olaf Alders)
6.11 2023-07-09 15:10:30Z
- Remove Authority section from dist.ini (GH#64) (Olaf Alders)
- Add very basic diagnostic information via test (GH#73) (Olaf Alders)
- CVE-2014-3230 - don't disable verification if only hostnames should not
(GH#14) (Steffen Ullrich)
- Make explicit requirement of Mozilla::CA obsolete (GH#72) (Steffen
Ullrich and Olaf Alders)
- Remove _in_san and _cn_match. Empty out the _check_sock hook (GH#71)
(Chase Whitener)
- Use warnings (GH#69) (Pete Houston)
0.26.0 (20th December, 2023)
Added
* The `proxy` argument was added. You should use the `proxy` argument instead of the deprecated `proxies`, or use `mounts=` for more complex configurations.
Deprecated
* The `proxies` argument is now deprecated. It will still continue to work, but it will be removed in the future.
Fixed
* Fix cases of double escaping of URL path components. Allow / as a safe character in the query portion.
* Handle `NO_PROXY` envvar cases when a fully qualified URL is supplied as the value.
* Allow URLs where username or password contains unescaped '@'.
* Ensure ASGI `raw_path` does not include URL query component.
* Ensure `Response.iter_text()` cannot yield empty strings.
