0.5.0 2018/3/21
Breaking Changes
* Ruby 2.0 or higher required. Ruby 1.8.7 and Ruby 1.9.3 are not supported.
* MySQL 5.5 or higher required. MySQL 5.0 and 5.1 are not supported.
New Features
* Expose mysql_set_server_option to turn multiple statements on and off (#943)
* Accept query options on Statement#execute (#912)
* Support connect attributes and the program_name attribute (#760)
* Make server_status variable available (#755)
Bug Fixes
* Fix wrong value of type YEAR on big endian environment (#921)
* MySQL 8.0.3 Release Candidate removes MYSQL_SECURE_AUTH (#891)
* Suppress Fixnum and Bignum warnings on Ruby 2.4 (#907)
Changes
* Resolve warnings for my_bool vs. bool types (#916, #919)
* Call BigDecimal(num) instead of BigDecimal.new(num) (#925, #928)
* GitHub is HTTPS by default (#922)
* Misc Cleanups (#918)
* More specific exception classes (#260, #404, #870, 911)
* Update RuboCop to 0.50.x (#752)
* Prefix more C functions with rb_mysql_ (#910)
* Fix compat with RubyInstaller-2.4 on Windows (#875)
Changelog:
Tomcat 8.5.29 (markt)
Catalina
Fix: Minor optimization when calling class transformers. (rjung)
Fix: Prevent Tomcat from applying gzip compression to content that is already compressed with brotli compression. Based on a patch provided by burka. (markt)
Fix: 62090: Null container names are not allowed. (remm)
Fix: 62104: Fix programmatic login regression as the NonLoginAuthenticator has to be set for it to work (if no login method is specified). (remm)
Fix: 62117: Improve error message in catalina.sh when calling kill -0 <pid> fails. Based on a suggestion from Mark Morschhaeuser. (markt)
Fix: 62118: Correctly create a JNDI ServiceRef using the specified interface rather than the concrete type. Based on a suggestion by Ángel Álvarez Páscua. (markt)
Fix: Fix for RequestDumperFilter log attribute. Patch provided by Kirill Romanov via Github. (violetagg)
Fix: 62123: Avoid ConcurrentModificationException when attempting to clean up application triggered RMI memory leaks on web application stop. (markt)
Fix: Correct a regression in the fix for 60276 that meant that compression was applied to all MIME types. Patch provided by Stefan Knoblich. (markt)
Coyote
Fix: Add minor HPACK fixes, based on fixes by Stuart Douglas. (remm)
Fix: 61751: Follow up fix so that OpenSSL engine returns underflow when unwrapping if no bytes were produced and the input is empty. (remm)
Fix: Minor OpenSSL engine cleanups. (remm)
Fix: NIO SSL handshake should throw an exception on overflow status, like NIO2 SSL. (remm)
Web applications
Add: 48672: Add documentation for the Host Manager web application. Patch provided by Marek Czernek. (markt)
Add: Work-around a known, non-specification compliant behaviour in some versions of IE that can allow XSS when the Manager application generates a plain text response. Based on a suggestion from Muthukumar Marikani. (markt)
Other
Update the build script so MD5 hashes are no longer generated for releases as per the change in the ASF distribution policy. (markt)
2018-02-11 Tomcat 8.5.28 (markt)
Catalina
Fix: Prevent a stack trace being written to standard out when running on Java 10 due to changes in the LogManager implementation. (markt)
Fix: 62000: When a JNDI reference cannot be resolved, ensure that the root cause exception is reported rather than swallowed. (markt)
Fix: 62036: When caching an authenticated user Principal in the session when the web application is configured with the NonLoginAuthenticator, cache the internal Principal object rather than the user facing Principal object as Tomcat requires the internal object to correctly process later authorization checks. (markt)
Fix: Avoid duplicate load attempts if one has been made already. (remm)
Fix: Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm)
Fix: 62067: Correctly apply security constraints mapped to the context root using a URL pattern of "". (markt)
Fix: When using Tomcat embedded, only perform Authenticator configuration once during web application start. (markt)
Fix: Process all ServletSecurity annotations at web application start rather than at servlet load time to ensure constraints are applied consistently. (markt)
Coyote
Fix: 61751: Fix truncated request input streams when using NIO2 with TLS. (markt)
Fix: 62023: Log error reporting multiple SSLHostConfig elements when using the APR Connector instead of crashing Tomcat. (csutherl)
Fix: 62032: Fix NullPointerException when certificateFile is not defined on an SSLHostConfig and unify the behavior when a certificateFile is defined but the file does not exist for both JKS and PEM file types. (csutherl)
WebSocket
Fix: 62024: When closing a connection with an abnormal close, close the socket immediately rather than waiting for a close message from the client that may never arrive. (markt)
Webapps
Fix: 62049: Fix missing class from manager 404 JSP error page. (remm)
jdbc-pool
Add: Enhance the JMX support for jdbc-pool in order to expose PooledConnection and JdbcInterceptors. (kfujino)
Add: Add MBean for PooledConnection. (kfujino)
Add: 62011: Add MBean for StatementCache. (kfujino)
Add: Expose the cache size for each connection via JMX in StatementCache. (kfujino)
Add: Add MBean for ResetAbandonedTimer. (kfujino)
Other
Update: Update the NSIS Installer used to build the Windows installer to version 3.03. (kkolinko)
Changelog:
Tomcat 8.0.50 (violetagg)
Catalina
Fix: Prevent a stack trace being written to standard out when running on Java 10 due to changes in the LogManager implementation. (markt)
Fix: Avoid duplicate load attempts if one has been made already. (remm)
Fix: Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm)
Fix: 62000: When a JNDI reference cannot be resolved, ensure that the root cause exception is reported rather than swallowed. (markt)
Fix: 62036: When caching an authenticated user Principal in the session when the web application is configured with the NonLoginAuthenticator, cache the internal Principal object rather than the user facing Principal object as Tomcat requires the internal object to correctly process later authorization checks. (markt)
Fix: 62067: Correctly apply security constraints mapped to the context root using a URL pattern of "". (markt)
Fix: When using Tomcat embedded, only perform Authenticator configuration once during web application start. (markt)
Fix: Process all ServletSecurity annotations at web application start rather than at servlet load time to ensure constraints are applied consistently. (markt)
Fix: Minor optimization when calling class tranformers. (rjung)
Web applications
Add: 48672: Add documentation for the Host Manager web application. Patch provided by Marek Czernek. (markt)
Other
Update: Update the NSIS Installer used to build the Windows installer to version 3.03. (kkolinko)
Changelog:
Tomcat 7.0.85 (violetagg)
Catalina
fix Prevent a stack trace being written to standard out when running on Java 10 due to changes in the LogManager implementation. (markt)
fix Avoid duplicate load attempts if one has been made already. (remm)
fix Avoid NPE in ThreadLocalLeakPreventionListener if there is no Engine. (remm)
fix 58143: Fix calling classloading transformers broken in 7.0.70 by the fix for 59619. This was observed when using Spring weaving. (rjung)
fix 62000: When a JNDI reference cannot be resolved, ensure that the root cause exception is reported rather than swallowed. (markt)
fix 62036: When caching an authenticated user Principal in the session when the web application is configured with the NonLoginAuthenticator, cache the internal Principal object rather than the user facing Principal object as Tomcat requires the internal object to correctly process later authorization checks. (markt)
fix 62067: Correctly apply security constraints mapped to the context root using a URL pattern of "". (markt)
fix When using Tomcat embedded, only perform Authenticator configuration once during web application start. (markt)
fix Process all ServletSecurity annotations at web application start rather than at servlet load time to ensure constraints are applied consistently. (markt)
fix Minor optimization when calling class tranformers. (rjung)
Web applications
add 48672: Add documentation for the Host Manager web application. Patch provided by Marek Czernek. (markt)
Other
update Update the NSIS Installer used to build the Windows installer to version 3.03. (kkolinko)
version 2.79
Fix parsing of CNAME arguments, which are confused by extra spaces.
Thanks to Diego Aguirre for spotting the bug.
Where available, use IP_UNICAST_IF or IPV6_UNICAST_IF to bind
upstream servers to an interface, rather than SO_BINDTODEVICE.
Thanks to Beniamino Galvani for the patch.
Always return a SERVFAIL answer to DNS queries without the
recursion desired bit set, UNLESS acting as an authoritative
DNS server. This avoids a potential route to cache snooping.
Add support for Ed25519 signatures in DNSSEC validation.
No longer support RSA/MD5 signatures in DNSSEC validation,
since these are not secure. This behaviour is mandated in
RFC-6944.
Fix incorrect error exit code from dhcp_release6 utility.
Thanks Gaudenz Steinlin for the bug report.
Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC
time validation when --dnssec-no-timecheck is in use.
Note that this is an incompatible change from earlier releases.
Allow more than one --bridge-interface option to refer to an
interface, so that we can use
--bridge-interface=int1,alias1
--bridge-interface=int1,alias2
as an alternative to
--bridge-interface=int1,alias1,alias2
Thanks to Neil Jerram for work on this.
Fix for DNSSEC with wildcard-derived NSEC records.
It's OK for NSEC records to be expanded from wildcards,
but in that case, the proof of non-existence is only valid
starting at the wildcard name, *.<domain> NOT the name expanded
from the wildcard. Without this check it's possible for an
attacker to craft an NSEC which wrongly proves non-existence.
Thanks to Ralph Dolmans for finding this, and co-ordinating
the vulnerability tracking and fix release.
CVE-2017-15107 applies.
Remove special handling of A-for-A DNS queries. These
are no longer a significant problem in the global DNS.
http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf
Thanks to Mattias Hellström for the initial patch.
Fix failure to delete dynamically created dhcp options
from files in -dhcp-optsdir directories. Thanks to
Lindgren Fredrik for the bug report.
Add to --synth-domain the ability to create names using
sequential numbers, as well as encodings of IP addresses.
For instance,
--synth-domain=thekelleys.org.uk,192.168.0.50,192.168.0.70,internal-*
creates 21 domain names of the form
internal-4.thekelleys.org.uk over the address range given, with
internal-0.thekelleys.org.uk being 192.168.0.50 and
internal-20.thekelleys.org.uk being 192.168.0.70
Thanks to Andy Hawkins for the suggestion.
Tidy up Crypto code, removing workarounds for ancient
versions of libnettle. We now require libnettle 3.
Version 1.2.15 - 2018-03-21
- made build on Solaris again
- made build on AIX
- bugfix: invalid handling of snprintf() return code
- bugfix: invalid assert predicate
- some code cleanup
- bugfix: error message on open error was truncated
- [CritFix] Fix lowercase comparison
- [CritFix] Timezone defines seconds WEST UTC not East
- [Feature] Add filename to log format
- [Feature] Add lua rules squeezing
- [Feature] Add related symbols analysis to rspamd_stats
- [Feature] Remove upstream `X-Spam: Yes` header by default
- [Feature] rspamd_stats: Output progress info on STDERR
- [Feature] Whitelist for emails module
- [Fix] Do not allow dependencies on self
- [Fix] Do not cache metric result
- [Fix] Do not trust all issuers as a client certificate
- [Fix] Fix dependencies in lua squeeze
- [Fix] Fix enabling/disabling squeezed rules
- [Fix] Fix enabling/disabling symbols
- [Fix] Fix external dependencies
- [Fix] Fix processing of a single compressed file
- [Fix] Fix some typos
- [Fix] Fix various modules in case of empty message
- [Fix] Handle callbacks that returns table of options
- [Fix] Improve cached action interaction
- [Fix] Make dynamic conf more NaN aware
- [Fix] Never hide actions from WebUI `configuration` tab
- [Project] Implementation of Lua rules squeezing
DEPRECATIONS/CHANGES:
- The AWS authentication backend now allows binds for inputs as either a
comma-delimited string or a string array. However, to keep consistency with
input and output, when reading a role the binds will now be returned as
string arrays rather than strings.
- In order to prefix-match IAM role and instance profile ARNs in AWS auth
backend, you now must explicitly opt-in by adding a `*` to the end of the
ARN. Existing configurations will be upgraded automatically, but when
writing a new role configuration the updated behavior will be used.
FEATURES:
- Replication Activation Enhancements: When activating a replication
secondary, a public key can now be fetched first from the target cluster.
This public key can be provided to the primary when requesting the
activation token. If provided, the public key will be used to perform a
Diffie-Hellman key exchange resulting in a shared key that encrypts the
contents of the activation token. The purpose is to protect against
accidental disclosure of the contents of the token if unwrapped by the wrong
party, given that the contents of the token are highly sensitive. If
accidentally unwrapped, the contents of the token are not usable by the
unwrapping party. It is important to note that just as a malicious operator
could unwrap the contents of the token, a malicious operator can pretend to
be a secondary and complete the Diffie-Hellman exchange on their own; this
feature provides defense in depth but still requires due diligence around
replication activation, including multiple eyes on the commands/tokens and
proper auditing.
IMPROVEMENTS:
- api: Update renewer grace period logic. It no longer is static, but rather
dynamically calculates one based on the current lease duration after each
renew.
- auth/approle: Allow array input for bound_cidr_list
- auth/aws: Allow using lists in role bind parameters
- auth/aws: Allow binding by EC2 instance IDs
- auth/aws: Allow non-prefix-matched IAM role and instance profile ARNs
- auth/ldap: Set a very large size limit on queries
- core: Log info notifications of revoked leases for all leases/reasons, not
just expirations
- physical/couchdb: Removed limit on the listing of items
- secret/pki: Support certificate policies
- secret/pki: Add ability to have CA:true encoded into intermediate CSRs, to
improve compatibility with some ADFS scenarios
- secret/transit: Allow selecting signature algorithm as well as hash
algorithm when signing/verifying
- server: Make sure `tls_disable_client_cert` is actually a true value rather
than just set
- storage/dynamodb: Allow specifying max retries for dynamo client
- storage/gcs: Allow specifying chunk size for transfers, which can reduce
memory utilization
- sys/capabilities: Add the ability to use multiple paths for capability
checking
BUG FIXES:
- auth/aws: Fix honoring `max_ttl` when a corresponding role `ttl` is not also
set
- auth/okta: Fix honoring configured `max_ttl` value
- auth/token: If a periodic token being issued has a period greater than the
max_lease_ttl configured on the token store mount, truncate it. This matches
renewal behavior; before it was inconsistent between issuance and renewal.
- cli: Improve error messages around `vault auth help` when there is no CLI
helper for a particular method
1.4.2:
Use relative imports in pkginfo modules. Supports vendoring of the package into setuptools.
Add support for Provides-Extra and Description-Content-Type fields. Per https://packaging.python.org/specifications/. See: PEP 566.
Remove support for old setuptools leaving PKG-INFO in the root of the project directory.
1.4.4:
Fixed extension building script.
1.4.3:
Fixed an error when adding intervals to a Pendulum instance across DST transition.
Fixed an error when subtracting two pendulum instances in the same timezone.
0.9.9:
feature
Added new flag --indicate-current to the alembic history command. When listing versions, it will include the token “(current)” to indicate the given version is a current head in the target database.
bug
The fix for 455 in version 0.9.6 involving MySQL server default comparison was entirely non functional, as the test itself was also broken and didn’t reveal that it wasn’t working. The regular expression to compare server default values like CURRENT_TIMESTAMP to current_timestamp() is repaired.
Fixed bug where MySQL server default comparisons were basically not working at all due to incorrect regexp added in 455. Also accommodates for MariaDB 10.2 quoting differences in reporting integer based server defaults.
Fixed bug in op.drop_constraint() for MySQL where quoting rules would not be applied to the constraint name.
3.5.0:
Deprecations and Removals
record_xml_property fixture is now deprecated in favor of the more generic record_property.
Defining pytest_plugins is now deprecated in non-top-level conftest.py files, because they “leak” to the entire directory tree.
Features
New --show-capture command-line option that allows to specify how to display captured output when tests fail: no, stdout, stderr, log or all
New --rootdir command-line option to override the rules for discovering the root directory. See customize in the documentation for details.
Fixtures are now instantiated based on their scopes, with higher-scoped fixtures
record_xml_property renamed to record_property and is now compatible with xdist, markers and any reporter. record_xml_property name is now deprecated.
New --nf, --new-first options: run new tests first followed by the rest of the tests, in both cases tests are also sorted by the file modified time, with more recent files coming first.
New --last-failed-no-failures command-line option that allows to specify the behavior of the cache plugin’s `--last-failed feature when no tests failed in the last run
New --doctest-continue-on-failure command-line option to enable doctests to show multiple failures for each snippet, instead of stopping at the first failure.
Captured log messages are added to the <system-out> tag in the generated junit xml file if the junit_logging ini option is set to system-out. If the value of this ini option is system-err`, the logs are written to ``<system-err>. The default value for junit_logging is no, meaning captured logs are not written to the output file.
Allow the logging plugin to handle pytest_runtest_logstart and pytest_runtest_logfinish hooks when live logs are enabled.
Passing –log-cli-level in the command-line now automatically activates live logging.
Add command line option --deselect to allow deselection of individual tests at collection time.
Captured logs are printed before entering pdb.
Deselected item count is now shown before tests are run, e.g. collected X items / Y deselected.
The builtin module platform is now available for use in expressions in pytest.mark.
The short test summary info section now is displayed after tracebacks and warnings in the terminal.
New --verbosity flag to set verbosity level explicitly.
pytest.approx now accepts comparing a numpy array with a scalar.
Bug Fixes
Suppress IOError when closing the temporary file used for capturing streams in Python 2.7.
Fixed clear() method on caplog fixture which cleared records, but not the text property.
During test collection, when stdin is not allowed to be read, the DontReadFromStdin object still allow itself to be iterable and resolved to an iterator without crashing.
Improved Documentation
Added a reference page to the docs.
Trivial/Internal Changes
Change minimum requirement of attrs to 17.4.0.
Renamed example directories so all tests pass when ran from the base directory.
Internal mark.py module has been turned into a package.
pytest now depends on the more_itertools package.
Added warning when [pytest] section is used in a .cfg file passed with -c
nodeids can now be passed explicitly to FSCollector and Node constructors.
Internal refactoring of FormattedExcinfo to use attrs facilities and remove old support code for legacy Python versions.
Refactoring to unify how verbosity is handled internally.
Internal refactoring to better integrate with argparse.
Fix a python example when calling a fixture in doc/en/usage.rst
3.50.2:
This has no user-visible changes except one slight formatting change to one docstring, to avoid a deprecation warning.
3.50.1:
This patch fixes an internal error introduced in 3.48.0, where a check for the Django test runner would expose import-time errors in Django configuration.
3.50.0:
This release improves validation of numeric bounds for some strategies.
Release 1.7.2:
Incompatible changes
* apidoc: folders with an empty __init__.py are no longer excluded from TOC
Bugs fixed
* sphinx.build_main and sphinx.make_main throw NameError
* autosummary emits meaningless warnings
* autodoc: crashed when invalid options given
* pydomain: always strip parenthesis if empty
* autosummary: unexpectedly strips docstrings containing “i.e.”
* viewcode: Misplaced <div> in viewcode html output
* Don’t require numfig to use :numref: on sections
* Option clash for package textcomp
* Sphinx does not work with python 3.5.0 and 3.5.1
* Generation PDF file with TexLive on Windows, file not found error
* vertical space before equation in latex
* message when an image is mismatched for builder is not clear
* Incomplete localization strings in Polish and Chinese
* Sphinx crashes when error is happens in rendering HTML pages
* Error to download remote images having long URL
* sphinx/pycode/__init__.py raises AttributeError
* qthelp builder should htmlescape keywords
* epub: Fix docTitle elements of toc.ncx is not escaped
* apidoc: Subpackage not in toc (introduced in 1.6.6) now fixed
