Changelog:
Release "7.0.3"
Oct 22. 2014
- Some OS X server fixes
- Several external storage fixes and improvements
- Close session early to speedup apps page loading
- Add overwrite.cli.url config option
- Fix finding old versions in special cases
- Make versions and encryption aware of copy operations
- Force loading encryption app in all needed cases
- Better filesystem scanning error messages
- LDAP wizard fixes
- Add configuration switch to enable preview mimetypes
- Create backup of all encryption keys before recovery
- Add displayname for admins
- Better config.sample documentation
- Better apps descriptions
- Improve visual feedback if recovery key password gets changed
- Fix some object store integration issues
- Improved data directory configuration
- Fix DAV permissions without create permissions
- Fix filepicker home icon being partly hidden
- Do only follow http and https redirects
- Properly delete old previews
- Prevent upgrades between more than one major versions
- Several security fixes
- Lots of smaller improvements
-----------------------------
Release "6.0.6"
Oct 22. 2014
- Fix finding old versions in special cases
- Make versions and encryption aware of copy operations
- Force loading encryption app in all needed cases
- Better filesystem scanning error messages
- LDAP wizard fixes
- Add configuration switch to enable preview mimetypes
- Create backup of all encryption keys before recovery
- Add displayname for admins
- Several security fixes
- Lots of smaller improvements
-----------------------------
Release "5.0.18"
Oct 22. 2014
- Only allow http and https redirects
- Documentation fixes
- Several security fixes
- Several smaller fixes
-----------------------------
Release "7.0.2"
Aug 26. 2014
- App upgrading stability improvements
- Make default share folder configurable
- Improve readability of error messages
- Log failed authentication
- S3 key fixes
- Fix range requests with encryption
- Several LDAP fixes
- Remove obsolete 'Download preparing' message for zip downloads
- Remove not working checks from code checker
- No error if we try to delete a file which no longer exists
- Fix detection of system wide mount points
- Simplify App navigation
- Add group management to public api
- Remove confusing 'automatic logon rejected' message
- Implement a txt preview fallback for the case that ttf is not support
- Fix tiny thumbnail bug
- Don't display share permission if resharing was disabled by the admin
- Close session right before the download starts
- Fix date display in filepicker
- Don't touch non-oc tables when doing the InnoDB repair step
- Several Documents fixes
- Correctly handle public uploads activities
- Add better 4 image previews to gallery
-----------------------------
Release "6.0.5"
Aug 26. 2014
- Documentation improvements
- fix anonymous upload if logged-in
- Fix handling of special characters in group names
- Fix downloading of big files in special situations
- More consistent handling of debug mode
- Fix sharing email notifications
- Disabling upload button if upload is not possible
- Fix detection of system wide mount points
- Handle video viewer in sharing links correctly
- Update encryption keys recursively if a folder was moved
- Enable download button for public folders
- Handle exceptions if file to too big for trash-bin correctly
- Quota fixes
- Avoid unnecessary writing to the DB when preferences are not changed
- Disable download button if zip download is disabled
- Fix searching for users in special situations
- Mount-point handling fixes
- Correctly handle storage stats for trash bin
- Remove etag warning for trash bin
- Hardened SFTP host verification
-----------------------------
Release "7.0.1"
Aug 4. 2014
- Set maximum width for notification so they don´t overlap the whole header
- Don't preload videos on public sharing
- Fix preview size calculation under certain conditions
- Fix to always show all available versions in the versions dropdown
- Support WebDAV copy operation and make encryption aware of it
- Make sure to set the expire date if a date is set as default
- Improved link icon for better UX
- Fix rendering of blank template
- Only call exec if is is enabled by PHP
- Limit app menu icon size
- Show a warning in the personal settings and admin settins if the encyption keys are not yet initialized
- Always remove share permission if user is excluded from sharing
- Add OCS api call to set expire date for link shares
- Improved db schema migration for sqlite
- Don't try to execute background jobs that no longer exist
- Improve look of search on mobile, save space in top bar
- Set core version after a successful update to make upgrade more robust of app upgrades fail
- Verify whether download URLs are valid
- Fix preview animation on uploading
- Prevent cron.php to trigger apps updating
- Fix remote share when remote server is installed at the root
- Fix files sorting
- Fix calendar import
- Fix gallery pause icon
- Several contacts fixes specifically for PHP 5.3
- Make updater more robust
-----------------------------
Release "7.0.0"
July 23. 2014
- New files view including sorting and endless scrolling
- Server to Server sharing
- Sharing overview
- Improved sharing admin control
- No more mandatory Shared folder
- Improved ownCloud Documents features
- Hugely improved Activity app including email notifications
- Mobile optimized webinterface
- Password strength indicator
- Significant speed improvements
- New user-management
- Support for Swift object stores
- Email configuration wizard
- Email template editor
- Improved upgrade process`
* Numerous updates to the documentation
* Numerous updates to the tutorial
* Updates to better support South 1.0
* Adds some new, user-facing documentation
Bug fixes:
* Fixes an issue with placeholderadmin permissions
* Numerous fixes for minor issues with the frontend UI
* Fixes issue where the CMS would not reload pages properly if the URL contained a # symbol
* Fixes an issue relating to limit_choices_to in forms.MultiValueFields
* Fixes PageField to work in Django 1.7 environments
Brief summary of new features from Contao 3.3:
* Add supports of SVG and SVGZ images.
* Responsive images support.
* Specify the order of the internal and external style sheets.
* Additional form field classes.
* Asynchronous JavaScript.
* Image links in TinyMCE.
* Active page in the navigation menu.
* Theme export with SQL files.
* Timing attack prevention.
* Login to comment.
* Skip images without meta data.
* Registration and password mails.
* Insert tag link_name.
* DCA flag "doNotTrim".
* Non-negative natural numbers.
* New hooks and callbacks.
Changes:
- Three cross-site scripting issues that a contributor or author could use to
compromise a site.
- A cross-site request forgery that could be used to trick a user into changing
their password.
- An issue that could lead to a denial of service when passwords are checked.
- Additional protections for server-side request forgery attacks when WordPress
makes HTTP requests.
- An extremely unlikely hash collision could allow a user’s account to be
compromised, that also required that they haven’t logged in since 2008 (I
wish I were kidding).
- WordPress now invalidates the links in a password reset email if the user
remembers their password, logs in, and changes their email address.
More details on http://codex.wordpress.org/Version_4.0.1.
Upstream changes:
1.56 2014-11-14
[ BUG FIXES ]
- Fix a packaging issue with the last release that prevent PAUSE from
indexing some modules in the tarball.
1.55 2014-11-14
[ BUG FIXES ]
- Shut up warnings from recent versions of CGI.pm. Patch by Kevin
Falcone.
Add missing DEPENDS
Upstream changes:
0.154000 2014-11-17 15:36:31+01:00 Europe/Amsterdam
[ BUG FIXES ]
* GH #744: Serialize anything, not just references. (Sawyer X)
* GH #744: Serialize regardless of content_type of serializer. (Sawyer X)
* GH #764: Catch template render errors. (Russell Jenkins, Steven Humphrey)
* Calling uri_for(undef) doesn't crash. (Sawyer X)
* GH #732: Correct name for 403 (Forbidden, not Unauthorized).
(Theo van Hoesel, Sawyer X, Mickey Nasriachi, Omar M. Othman)
* GH #753: Syntax of parameterized types. (Russell Jenkins)
* GH #734: Failing tests on Windows. (Russell Jenkins, Sawyer X)
[ ENHANCEMENTS ]
* GH #664, #684, #715: Handler::File replaced for static files with
Plack::Middleware::Static, allowing files to be served *before* routes.
This means hooks do not apply to static files anymore!
(Russell Jenkins, DavsX)
* Engines now have "logger" attribute to log errors. It sends the
Dancer2::Logger:: object, if one exists. (Sawyer X)
* Serializers do not need to implement "loaded" method. (Sawyer X)
* GH #733: In core: response_xxx removed in favor of generic
standard_response. (Sawyer X, Mickey Nasriachi, Omar M. Othman)
* GH #514, #642, #729: Allow mixing named params, splat, and
megasplat. (Russell Jenkins, Johan Spade, D谩vid Kov谩cs)
* GH #596: no_server_tokens works, as well as DANCER_NO_SERVER_TOKENS.
(Omar M. Othman, Sawyer X, Mickey Nasriachi)
* GH #639: Validate engine types in configuration.
(Sawyer X, Omar M. Othman, Mickey Nasriachi, Russell Jenkins)
* GH #663, #741: Remove "accept_type" attribute and other references.
(Mickey Nasriachi, Theo van Hoesel)
* GH #748: Provide forwarded_host, forwarded_protocol. (Sawyer X)
* GH #748: Do not provide a default env, require env for a request.
(Sawyer X)
* GH #742: Update test skeleton to use to_app. (D谩vid Kov谩cs)
* GH #636: Use Plack::Test in more tests. (D谩vid Kov谩cs)
[ DOCUMENTATION ]
* GH #656: Dancer2::Manual::Testing as a guide for testing Dancer2
applications. (Sawyer X)
* Improved documentation of route matching. (Russell Jenkins)
* Migration document update relating to enhancements.
(Sawyer X, Mickey Nasriachi)
* GH #731: Document changes in session.
(racke, Sawyer X, Mickey Nasriachi, Omar M. Othman)
* Document "id" attribute in Request object. (Sawyer X)
* Correct Cookbook examples on command line scripts. (Sawyer X)
Version 3.3.7 (2014-11-24)
--------------------------
### Fixed
Fixed a potential directory traversal vulnerability.
### Fixed
Fixed a severe XSS vulnerability. In this context, the insert tag flags
`base64_encode` and `base64_decode` have been removed.
### Fixed
Handle nested insert tags in strip_insert_tags().
### Fixed
Correctly store the model in Dbafs::addResource() (see #7440).
### Fixed
Send the request token when toggling the visibility of an element (see #7406).
### Fixed
Always apply the IE security fix in the Environment class (see #7453).
### Fixed
Correctly handle archives being part of multiple RSS feeds (see #7398).
### Fixed
Correctly handle `0` in utf8_convert_encoding() (see #7403).
### Fixed
Send a 301 redirect to forward to the language root page (see #7420).
Version 3.2.16 (2014-11-24)
---------------------------
### Fixed
Fixed a potential directory traversal vulnerability.
### Fixed
Fixed a severe XSS vulnerability. In this context, the insert tag flags
`base64_encode` and `base64_decode` have been removed.
### Fixed
Handle nested insert tags in strip_insert_tags().
### Fixed
Correctly store the model in Dbafs::addResource() (see #7440).
### Fixed
Send the request token when toggling the visibility of an element (see #7406).
### Fixed
Always apply the IE security fix in the Environment class (see #7453).
### Fixed
Correctly handle archives being part of multiple RSS feeds (see #7398).
### Fixed
Correctly handle `0` in utf8_convert_encoding() (see #7403).
### Fixed
Send a 301 redirect to forward to the language root page (see #7420).
. Allow cookies without regular CGI POST/GET variables
. Use GNU autotools for strndup() detection and shared library building
Version 0.6, 2008/04/06
. Support for ';' as delimiter
. Properly return NULL when no value was found
. Support for multipart/form-data
. Support for file upload
. Added support for inclusion into C++
. Declare some arguments const (Neil Spring)
. Decode variable names and data
- Add gnu-gpl-v3 to LICENSE
- Add comment on patch-ac
- Add following include, pkglint recommended,
.include "../../graphics/hicolor-icon-theme/buildlink3.mk"
(upstream) update 2.2.4 to 2.2.6
* 2.2.6 *
Bluefish 2.2.6 is mostly a bug fix release. This release fixes a critical bug
(segfault) in filebrowser that could be triggered if the root directory was set
as basedir. It also has a fix for a specific CSS-in-HTML-tag highlighting issue.
The filter code furthermore caused a segfault if the command did not exist. The
Windows version finally supports open in running process. Next to these bugs
many small issues have been resolved. Development checks are now only enabled if
Bluefish is compiled from svn, not if compiled from tarball. Various language
files have small improvements, most notably C, Javascript and CSS. Several
translations have been updated. A corner case for a new document from a template
that does not exist was fixed. The "open" submenu now opens SVG files from the
filebrowser instead of inserting an image tag. The included cssmin and jsbeatify
have been updated. A syntax scanning issue when replacing large chunks of text
was fixed, he "Report bug" link was broken, a new "conditional" option to the
language file that makes re-using certain blocks of language files easier was
added, and error reporting in outputbox was improved. On OSX filebrowser icons
and the "open file" dialog size have been improved.
* 2.2.5 *
Bluefish 2.2.5 is a minor bug fix release but has also quite some new features.
The syntax scanning engine is faster after small changes to the text. The
filebrowser is also much faster with less memory usage, with various fixes and
new features. Projects now store the active document and active line numbers.
Indenting is improved in auto-completion and the smart indenting. Bookmarks and
paste special also have been improved. On OSX there are many improvements, such
as Mavericks support, Retina display support, working system hotkeys, native
input methods (Japanese, Chinese, etc.), opening files from the finder and
Widget bindings on MacOSX are moved to Cmd+C|V|X|A and working. Furthermore
almost all syntax highlighting has been improved, most notable jquery in
javascript, HTML5, and HTML5 in PHP files. There are also many bug fixes, such
as in wrap text on right margin, in the replace engine, the jsmin licence, the
split lines feature, the auto-recovery and many obscure bugs. Last bluefish now
has an appdata file.
v1.14
-----
Author: Neil Schemenauer <nas@arctrix.com>
Date: Sat Nov 21 17:02:23 2009 -0600
Update version numbers for v1.14 release.
Author: Neil Schemenauer <nas@arctrix.com>
Date: Tue Oct 27 17:06:12 2009 -0600
Improve logic for reaping dead child processes.
Simply the logic for reaping dead children. This also fixes some
corner case bugs related to signal handling.
Author: Neil Schemenauer <nas@arctrix.com>
Date: Mon Jul 20 11:16:23 2009 -0600
Properly handle interrupted system calls while doing a restart.
Author: Neil Schemenauer <nas@arctrix.com>
Date: Thu Jul 9 21:35:42 2009 -0600
Drop GIL when passing file descriptors.
Author: Neil Schemenauer <nas@arctrix.com>
Date: Sat Aug 9 18:12:22 2008 -0600
Add target to build multi-architecture mod_scgi for Mac OS.
Drupal 7.34, 2014-11-19
----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2014-006.
Drupal 7.33, 2014-11-07
-----------------------
- Began storing the file modification time of each module and theme in the
{system} database table so that contributed modules can use it to identify
recently changed modules and themes (minor data structure change to the
return value of system_get_info() and other related functions).
- Added a "Did you mean?" feature to the run-tests.sh script for running
automated tests from the command line, to help developers who are attempting
to run a particular test class or group.
- Changed the date format used in various HTTP headers output by Drupal core
from RFC 1123 format to RFC 7231 format.
- Added a "block_cache_bypass_node_grants" variable to allow sites which have
node access modules enabled to use the block cache if desired (API addition).
- Made image derivative generation HTTP requests return a 404 error (rather
than a 500 error) when the source image does not exist.
- Fixed a bug which caused user pictures to be removed from the user object
after saving, and resulted in data loss if the user account was subsequently
re-saved.
- Fixed a bug in which field_has_data() did not return TRUE for fields that
only had data in older entity revisions, leading to loss of the field's data
when the field configuration was edited.
- Fixed a bug which caused the Ajax progress throbber to appear misaligned in
many situatons (minor styling change).
- Prevented the Bartik theme from lower-casing the "Permalink" link on
comments, for improved multilingual support (minor UI change).
- Added a "preferred_menu_links" tag to the database query that is used by
menu_link_get_preferred() to find the preferred menu link for a given path,
to make it easier to alter.
- Increased the maximum allowed length of block titles to 255 characters
(database schema change to the {block} table).
- Removed the Field module's field_modules_uninstalled() function, since it did
not do anything when it was invoked.
- Added a "theme_hook_original" variable to templates and theme functions and
an optional sitewide theme debug mode, to provide contextual information in
the page's HTML to theme developers. The theme debug mode is based on the one
used with Twig in Drupal 8 and can be accessed by setting the "theme_debug"
variable to TRUE (API addition).
- Added an entity_view_mode_prepare() API function to allow entity-defining
modules to properly invoke hook_entity_view_mode_alter(), and used it
throughout Drupal core to fix bugs with the invocation of that hook (API
change: https://www.drupal.org/node/2369141).
- Security improvement: Made the database API's orderBy() method sanitize the
sort direction ("ASC" or "DESC") for queries built with db_select(), so that
calling code does not have to.
- Changed the RDF module to consistently output RDF metadata for nodes and
comments near where the node is rendered in the HTML (minor markup and data
structure change).
- Added an HTML class to RDFa metatags throughout Drupal to prevent them from
accidentally affecting the site appearance (minor markup change).
- Fixed a bug in the Unicode requirements check which prevented installing
Drupal on PHP 5.6.
- Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap
when called early in the page request.
- Renamed the "Search result" view mode to "Search result highlighting input"
to better reflect how it is used (UI change).
- Improved database queries generated by EntityFieldQuery in the case where
delta or language condition groups are used, to reduce the number of INNER
JOINs (this is a minor data structure change affecting code which implements
hook_query_alter() on these queries).
- Removed special-case behavior for file uploads which allowed user #1 to
bypass maximum file size and user quota limits.
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
Experimental full Django 1.7 migrations support
Added CMSPlugin.get_render_model to get the plugin model at render time
Added simplified API to handle toolbar for page extensions
Fixed a few frontend glitches
Fixed menu when hide untranslated is set to False
Added option to publish all the pages in a language / site in publisher_publish command
Fixed sitemap ordering
Fixed plugin table name generation fixes
This release fixes a couple regressions in the 1.6.6 security release.
Bugfixes
Allowed related many-to-many fields to be referenced in the admin
Allowed inline and hidden references to admin fields
- Added the `canonical_engine` accessor, which returns the canonical
engine name.
- Added `the canonical` method, which will replace the engine name with
its canonical value if it's not already canonical.
- The `dbi_dsn` method of URI::vertica now returns an ODBC DSN instead
of DBD::Pg, since the latter apparently does not work with Verica.
- Added a note to the `dbi_dsn` documentation that query params are
included in the returned value.
This is a small bugfix release of South with two changes:
- Python 3 compatability has been fixed (it was broken in 1.0 by an accidental
introduction of ``iteritems()``)
- South will explicitly error if it detects Django 1.7 or above rather than
failing with cryptic errors.
* Added support for proxy models
* Allowing registration of models with django-reversion using custom signals
* Fixing some Django deprecation warnings
(upstream) update 1.88 to 1.93
1.93 2014-04-12
- even more test fixes
1.92 2014-03-08
- more test fixes
1.91 2014-01-07 by Alexandr Ciornii, Perl 26th birthday version
- Add a test for RT#50896
- 99mysql.t will work more correctly in some corner cases
1.90 2013-01-27 by Alexandr Ciornii, Perl 25th birthday version
- Allow specifying table for Oracle
- Use Test::Database for tests
1.89 2010-09-22 by Alexandr Ciornii
- require Digest::MD5
- all semaphore tests were removed
- Apache::Session::Store::File::materialize should not append to $session->{serialized}
- Apache::Session::Store::File will flush after writing to file
(upstream) update 0.33 to 0.34
0.34 2010-05-20
- Rerelease 0.33_01 as 0.34
0.33_01 2009-12-31
- Fix user defined options handling and fix default of optional options.
See http://rt.cpan.org/Public/Bug/Display.html?id=49561.
- Trap possibly clobbered $@.
- New maintainer.
pkglint flags and follow the two similar packages:
-PERL5_PACKLIST= auto/Apache/AuthCookie/.packlist
+PERL5_PACKLIST= auto/Apache2/AuthCookie/.packlist
(upstream)
- Update 3.18 to 3.22
3.22 2014-05-07
3.21 2014-05-07
- Bad release - deleted
3.20 2013-12-09
- login_form: return OK for mobile IE 10, which also ignores content for
FORBIDDEN response.
- test .pl registry scripts: do not try to load mod_perl.pm
- escape html tags in destination.
- fix abstract in FAQ pod.
3.19 2012-12-28
- split out CGI data handling into ::AuthCookie::Params modules
- use Apache::Request/Apache2::Request from libapreq if available. Otherwise,
fall back to CGI.pm for handling CGI data.
- improve "removed cookie" debug log message
- add dependencies: autobox, Class::Load
- allow username to be '0'
- login_form: return OK for SymbianOS, which ignores content for FORBIDDEN responses.
- add login_form_status() to override HTTP status returned by login form
- recognize_user: return DECLINED if user is not recognized
Upstream changes:
2.01 Wed Nov 19 10:48:04 GMT 2014
(patch contributed by Michi Steiner)
- clean buffer needs an extra char when emit_spaces=1 and the input has
nothing to be removed (RT#41035)
2.00 Tue Nov 18 16:14:42 GMT 2014
- utf8 support via libicu (RT#42834)
- smoke test and utf8 test, tests ordered
1.10 Tue Sep 30 14:34:47 UTC 2014
- Fix for RT#99207 (script mathematical symbol bug)
1.09 Tue Sep 30 10:39:47 UTC 2014
- offbyone.t disabled under Windows (RT#99219)
1.08 Fri Sep 26 15:02:37 UTC 2014
- system perl used in offbyone.t (RT#99151)
1.07 Tue Sep 23 14:44:08 UTC 2014
- fix to bug RT#19036 - tags not replaced with spaces when only a single
character is between the tags
- fix to bug RT#35345 - mathematical conparisons within <script> tags
misunderstood
(patches contributed by Adriano Ferreira)
- Exporter was never needed
- Allow other filtering operations than just decoding of HTML entities
- Modernised test suite
- Adds 'auto_reset' attribute, which allows automagic use of $hs->eof
- fixes quotes in html comments (RT#32355)
(patch contributed by Reini Urban)
- MSVC doesnt define strcasecmp, use stricmp instead
(patch contributed by Damyan Ivanov)
- fixes POD errors
