Collection.
Gunicorn 'Green Unicorn' is a Python WSGI HTTP Server for UNIX. It's a
pre-fork worker model ported from Ruby's Unicorn project. The Gunicorn
server is broadly compatible with various web frameworks, simply
implemented, light on server resource usage, and fairly speedy.
CHangelog:
Fixed in Firefox ESR 24.5
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
* Logformat annotation fixes
* Resolve 'dying from an unhandled exception: c'
* Fix order dependency between cache_dir and maximum_object_size
* Bug 4051: fix inverted test on CONNECT payload existence
- Change CSS to adjust calendar position.
- Add Czech language file.
- Add Ukrainian translation file.
- Add CustomHeader to allow custom definition of the logo and title.
See squidanalyzer.conf or documentation for more explanation and
example.
- Replace logrotate example that was too simplistic.
- Update documentation about -P option.
- Prevents the script to run multiple instances using a pid file. This
patch adds a new command line option -P to change the default pid file
(/tmp/squid-analyzer.pid).
- Remove useless command to delete special files because those files are
not installed by make install.
- Fix spec file to build RPM.
- Fix usage to show $DEFAULT_CONFIGFILE that may not always be the
right place following the installation.
- Remove squid requirement from RPM spec file.
- Add spanish language file.
- Remove ^M when reading translation files.
- Add new weekly reports.
- Add build and storage of weekly statistics.
- Fix CSS to reduce font size used in the calendar and increase size
of the header.
- Add WeekDay translation string.
- Remove link on week, the week view is not available yet.
- Add week day and week number to the calendar.
- Fix bug where statistics from the last parsed day was count twice
in months and years statisics.
- Add file etc/included to limit entries to matching users, networks
or ip address.
- Show values of all dataset when mouse is over graph.
- Update pt_BR.txt language file.
- Update flotr2 to most recent version. Replace bars in graphs with
line to have mouse tracking on each dataset. Change line graphs
colors and reformat label shown on mouse over graph data.
- Remove special hidden character from documentation that prevent
pod2man from working.
- Add TCP DENIED report in cache statistics.
- Fix missing semi-colon after graph width definition. Add missing
graph on mime type.
- Add russian translation.
- Fix german lang file about new second level domain label.
- Update translation files with new Second_domain_graph_hits_title
and Second_domain_graph_bytes_title variables.
- Add ordering of pie legend following percentage.
- Change trackFormatter so that mouse over the pie-chart color shows
the domain/TLD name also with the value.
- Add advice about parsing access.log after logrotate.
- Fix some more issue on top second level report.
The CherryPy team is proud to announce the release of CherryPy
3.3.0!
After a long stable life, CherryPy 3.2 is now superseded by CherryPy
3.3. In addition to several bugs fixed, the latest release also
includes a few improvements, detailed in the Release Notes.
Beginning with this release, the CherryPy maintainers will seek to
make more frequent updates and follow semver versioning. The more
frequent releases will allow improvements and bug fixes to quickly
percolate and get frequent feedback. The semver scheme will allow
package maintainers to manage their expectations when upgrading.
We hope these changes to the release cycle will spur innovation
and reinvigorate the project.
Given that changes in this 3.3.0 release include changes going back
several years, please do upgrade with caution. If you encounter
any issues, please report those to the issue tracker.
Wishing you Voodoo-free HTTP, The CherryPy team
* Fix issue 125: no reverse lookup during Negotiate authentication for proxies.
* Fix a crash caused by incorrect reuse of the ssltunnel CONNECT request
* Cancel request if response parsing failed + authn callback set
* Update the expired certificates in the test suite.
Fixed an issue where logout doesn't refresh once the user logs out;
Updated the toolbar menu item to "Logout [name of user]" when available;
Updated the Page: Advanced Settings form to automatically show/hide the application instance name field when appropriate and to separate language-dependent fields from language-independent ones;
Fixed sitemaps to no longer lists pages which only redirect;
Fixes for the plugin clipboard to behave correctly;
Updates to the fix-mptt management command;
Various fixes to target the top frame when clicking links in the sideframe;
Fixed a number of refresh issues;
Various documentation updates.
Shortly after last week's security releases were issued, we received reports of a potential regression in using reverse() with views created by functools.partial. We were able to confirm the bug, and test and commit a fix for it.
Upstream changes:
0.1024 2013-10-12 11:35:35 PDT
- Fix a bug where exit_guard is not correctly decremented when writing header failed (maedama) #37
0.1023 2013-06-15 01:51:22 PDT
- Move the bin directory (moznion) #35
0.1022 2013-06-12 12:36:16 PDT
- convert to use Milla
- Fix dependency for LWP
0.1021 Fri Oct 19 15:09:17 PDT 2012
- Repackage with the latest Module::Install
0.1020 Mon Feb 20 16:31:44 PST 2012
- Improve SEREVR_PORT when binding multiple ports
- Documentation fixes (Pedro Melo)
- Suppres 400 if client disconnected (athomason)
- Don't restrict parsing the request body to PUT and POST requests (Moritz Onken)
- Fixed broken POST data processing (und3f, hidekiy)
Upstream changes:
4.97 2014-04-30
- Deprecated support for "X-Forwarded-HTTPS" in favor of
"X-Forwarded-Proto".
- Added multi-name support to param method in Mojo::Parameters.
4.96 2014-04-28
- Improved Mojo::IOLoop to use Mojo::IOLoop::Delay more consistently.
4.95 2014-04-27
- Improved Mojo::IOLoop::Delay with circular reference protection.
- Improved Mojo::IOLoop::Delay to allow argument splicing.
- Improved Mojo::IOLoop::Server to reuse cipher list from IO::Socket::SSL.
- Fixed memory leak in Mojo::UserAgent::Server.
4.94 2014-04-20
- Added reverse_proxy attribute to Mojo::Server::Daemon.
- Added reverse_proxy attribute to Mojo::Message::Request.
- Added prefork and upgrade_timeout attributes to Mojo::Server::Hypnotoad.
- Added configure method to Mojo::Server::Hypnotoad.
- Relaxed name handling in Mojo::Headers a little.
- Fixed small bug in online tests.
This is a simple Flask extension that configures your Flask application to
redirect all incoming requests to https. Redirects only occur when app.debug is
False.
Upstream changes:
MediaWiki 1.22.6[edit | edit source]
This is a security release of the MediaWiki 1.22 branch.
Changes since 1.22.5[edit | edit source]
(bug 63251) SECURITY: Escape sortKey in pageInfo.
MediaWiki 1.22.5[edit | edit source]
This is a security and maintenance release of the MediaWiki 1.22 branch.
Changes since 1.22.4[edit | edit source]
(bug 62497) SECURITY: Add CSRF token on Special:ChangePassword.
(bug 62467) Set a title for the context during import on the cli.
Fix custom local MediaWiki:Helppage values.
mediawiki.js: Fix documentation breakage.
(bug 58153) Make MySQLi work with non standard port.
(bug 53887) Reintroduced a link to help pages in the default sidebar, that any sysop can customize by editing MediaWiki:Sidebar locally. The link now points to a mediawiki.org page which is guaranteed to exist. Nothing needs to be done on your end, but remember to adjust MediaWiki:Sidebar for the needs of your wikis. Everyone can help with the shared documentation by translating: https://www.mediawiki.org/wiki/Special:Translate/agg-Help_pages .
(bug 53888) Corrected a regression in 1.22 which introduced red links on the login page. If you previously installed 1.22.x and have created a local page to make the red link blue, write its title as in MediaWiki:helplogin-url if you didn't already. Otherwise, you don't need to do anything, but you can translate the help page at https://www.mediawiki.org/wiki/Help:Logging_in
Upstream changes:
0.140001 2014-05-01 10:49:25CEST+0200 Europe/Amsterdam
[ BUG FIXES ]
* Bugfix for extracting multiple cookies within a request.
(Cymon, Russell Jenkins)
* Require minimum version of Plack to make sure we can add the Head
middleware. Not exactly a bug, but not a feature. (Sawyer X)
[ DOCUMENTATION ]
* Correct reference to HTTP::Server::Simple::PSGI. (Russell Jenkins)
0.140000 2014-04-28 23:14:31CEST+0200 Europe/Amsterdam
[ ENHANCEMENTS ]
* Replace Config role with better ConfigReader role.
(Mickey Nasriachi, Stefan Hornburg, Sawyer X)
* Move App-related attributes (engines) to App instead of config role.
(Mickey Nasriachi, Stefan Hornburg, Sawyer X)
* Untangle Runner-Server (removing Server entirely).
(Mickey Nasriachi, Stefan Hornburg, Sawyer X)
* Replace HTTP::Server::Simple::PSGI with HTTP::Server::PSGI.
(Mickey Nasriachi, Stefan Hornburg, Sawyer X)
* GH #527: Build request cookie objects from request headers, not env.
(Russell Jenkins)
* GH #569: Transform cookie using the HTTP_COOKIE header, per PSGI spec.
(Russell Jenkins)
* GH #559, #544: Use Plack middleware for HEAD request content removal.
(Russell Jenkins)
* GH #513, #483: Deserialize body content for DELETE requests.
(Russell Jenkins, Yanick Champoux, Sawyer X)
0.13 2014-04-13 19:19:44CEST+0200 Europe/Amsterdam
[ ENHANCEMENTS ]
* GH #562: Change YAML::Any to YAML (Steven Humphrey, Russell Jenkins).
[ BUG FIXES ]
* GH #524: Double encoding for YAML sessions.
* GH #557: Switch to using YAML::Old.
* GH #548: Deserializer test failure.
The new gprbuild configuration files must have a slight difference
because it can no longer work with the standard buildlink. Passing
an additional directory in the pass will fix it though.
The new gprbuild configuration files must have a slight difference
because it can no longer work with the standard buildlink. Passing
an additional directory in the pass will fix it though.
* Restore html5 audio playback under NetBSD
Changelog:
New
Significant new customization mode makes it easy to personalize your Web experience to access the features you use the most (learn more)
New
A new, easy to access menu sits in the right hand corner of Firefox and includes popular browser controls
New
Sleek new tabs provide an overall smoother look and fade into the background when not active
New
An interactive onboarding tour to guide users through the new Firefox changes
New
The ability to set up Firefox Sync by creating a Firefox account (learn more)
New
Gamepad API finalized and enabled (learn more)
New
HTTPS used for Yahoo Searches performed in en-US locale
New
Malay [ma] locale added
Changed
Clicking on a W3C Web Notification will switch to the originating tab
Developer
'box-sizing' (dropping the -moz- prefix) implemented (learn more)
Developer
Console object available in Web Workers (learn more)
Developer
Promises enabled by default (learn more)
Developer
SharedWorker enabled by default
Developer
<input type="number"> implemented and enabled
Developer
<input type="color"> implemented and enabled
Developer
Enabled ECMAScript Internationalization API
Developer
Add-on bar has been removed, content moved to navigation bar
Developer
Implemented URLSearchParams from the URL specification (see MDN for details )
Fixed
Various security fixes
Fixed in Firefox 29
MFSA 2014-47 Debugger can bypass XrayWrappers with JavaScript
MFSA 2014-46 Use-after-free in nsHostResolve
MFSA 2014-45 Incorrect IDNA domain name matching for wildcard certificates
MFSA 2014-44 Use-after-free in imgLoader while resizing images
MFSA 2014-43 Cross-site scripting (XSS) using history navigations
MFSA 2014-42 Privilege escalation through Web Notification API
MFSA 2014-41 Out-of-bounds write in Cairo
MFSA 2014-40 Firefox for Android addressbar suppression
MFSA 2014-39 Use-after-free in the Text Track Manager for HTML video
MFSA 2014-38 Buffer overflow when using non-XBL object as XBL
MFSA 2014-37 Out of bounds read while decoding JPG images
MFSA 2014-36 Web Audio memory corruption issues
MFSA 2014-35 Privilege escalation through Mozilla Maintenance Service Installer
MFSA 2014-34 Miscellaneous memory safety hazards (rv:29.0 / rv:24.5)
As seen on FreeBSD 8, aws doesn't build with the shared runtime option
with the upcoming gcc-aux version 4.9.0. Disable the option completely.
The option may return when AWS is updated to the latest version.
features from the previous development branch (1.5.x) - including various
SSL improvements, SPDY 3.1 support, cache revalidation with conditional
requests, auth request module and more. Resolves CVE-2013-4547.
files/nginx.sh now has a configtest command for lazy admins (me) who don't
want to remember command line options. CHANGELOG:
Changes with nginx 1.5.13 08 Apr 2014
*) Change: improved hash table handling; the default values of the
"variables_hash_max_size" and "types_hash_bucket_size" were changed
to 1024 and 64 respectively.
*) Feature: the ngx_http_mp4_module now supports the "end" argument.
*) Feature: byte ranges support in the ngx_http_mp4_module and while
saving responses to cache.
*) Bugfix: alerts "ngx_slab_alloc() failed: no memory" no longer logged
when using shared memory in the "ssl_session_cache" directive and in
the ngx_http_limit_req_module.
*) Bugfix: the "underscores_in_headers" directive did not allow
underscore as a first character of a header.
*) Bugfix: cache manager might hog CPU on exit in nginx/Windows.
*) Bugfix: nginx/Windows terminated abnormally if the
"ssl_session_cache" directive was used with the "shared" parameter.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.12 18 Mar 2014
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
*) Feature: the "proxy_protocol" parameters of the "listen" and
"real_ip_header" directives, the $proxy_protocol_addr variable.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Changes with nginx 1.5.11 04 Mar 2014
*) Security: memory corruption might occur in a worker process on 32-bit
platforms while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0088); the bug had appeared in 1.5.10.
*) Feature: the $ssl_session_reused variable.
*) Bugfix: the "client_max_body_size" directive might not work when
reading a request body using chunked transfer encoding; the bug had
appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process when
proxying WebSocket connections.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used on 32-bit platforms; the bug had
appeared in 1.5.10.
*) Bugfix: the $upstream_status variable might contain wrong data if the
"proxy_cache_use_stale" or "proxy_cache_revalidate" directives were
used.
*) Bugfix: a segmentation fault might occur in a worker process if
errors with code 400 were redirected to a named location using the
"error_page" directive.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2013.
Changes with nginx 1.5.10 04 Feb 2014
*) Feature: the ngx_http_spdy_module now uses SPDY 3.1 protocol.
*) Feature: the ngx_http_mp4_module now skips tracks too short for a
seek requested.
*) Bugfix: a segmentation fault might occur in a worker process if the
$ssl_session_id variable was used in logs; the bug had appeared in
1.5.9.
*) Bugfix: the $date_local and $date_gmt variables used wrong format
outside of the ngx_http_ssi_filter_module.
*) Bugfix: client connections might be immediately closed if deferred
accept was used; the bug had appeared in 1.3.15.
*) Bugfix: alerts "getsockopt(TCP_FASTOPEN) ... failed" appeared in logs
during binary upgrade on Linux; the bug had appeared in 1.5.8.
Changes with nginx 1.5.9 22 Jan 2014
*) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers.
*) Feature: the "ssl_buffer_size" directive.
*) Feature: the "limit_rate" directive can now be used to rate limit
responses sent in SPDY connections.
*) Feature: the "spdy_chunk_size" directive.
*) Feature: the "ssl_session_tickets" directive.
*) Bugfix: the $ssl_session_id variable contained full session
serialized instead of just a session id.
*) Bugfix: nginx incorrectly handled escaped "?" character in the
"include" SSI command.
*) Bugfix: the ngx_http_dav_module did not unescape destination URI of
the COPY and MOVE methods.
*) Bugfix: resolver did not understand domain names with a trailing dot.
*) Bugfix: alerts "zero size buf in output" might appear in logs while
proxying; the bug had appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used.
*) Bugfix: proxied WebSocket connections might hang right after
handshake if the select, poll, or /dev/poll methods were used.
*) Bugfix: the "xclient" directive of the mail proxy module incorrectly
handled IPv6 client addresses.
Changes with nginx 1.5.8 17 Dec 2013
*) Feature: IPv6 support in resolver.
*) Feature: the "listen" directive supports the "fastopen" parameter.
*) Feature: SSL support in the ngx_http_uwsgi_module.
*) Feature: vim syntax highlighting scripts were added to contrib.
*) Bugfix: a timeout might occur while reading client request body in an
SSL connection using chunked transfer encoding.
*) Bugfix: the "master_process" directive did not work correctly in
nginx/Windows.
*) Bugfix: the "setfib" parameter of the "listen" directive might not
work.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.7 19 Nov 2013
*) Security: a character following an unescaped space in a request line
was handled incorrectly (CVE-2013-4547); the bug had appeared in
0.8.41.
*) Change: a logging level of auth_basic errors about no user/password
provided has been lowered from "error" to "info".
*) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate",
"scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives.
*) Feature: the "ssl_session_ticket_key" directive.
*) Bugfix: the directive "add_header Cache-Control ''" added a
"Cache-Control" response header line with an empty value.
*) Bugfix: the "satisfy any" directive might return 403 error instead of
401 if auth_request and auth_basic directives were used.
*) Bugfix: the "accept_filter" and "deferred" parameters of the "listen"
directive were ignored for listen sockets created during binary
upgrade.
*) Bugfix: some data received from a backend with unbufferred proxy
might not be sent to a client immediately if "gzip" or "gunzip"
directives were used.
*) Bugfix: in error handling in ngx_http_gunzip_filter_module.
*) Bugfix: responses might hang if the ngx_http_spdy_module was used
with the "auth_request" directive.
*) Bugfix: memory leak in nginx/Windows.
Changes with nginx 1.5.6 01 Oct 2013
*) Feature: the "fastcgi_buffering" directive.
*) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
directives.
*) Feature: optimization of SSL handshakes when using long certificate
chains.
*) Feature: the mail proxy supports SMTP pipelining.
*) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$"
password encryption method.
*) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might
be used to process a request if locations were given using characters
in different cases.
*) Bugfix: automatic redirect with appended trailing slash for proxied
locations might not work.
*) Bugfix: in the mail proxy server.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.5 17 Sep 2013
*) Change: now nginx assumes HTTP/1.0 by default if it is not able to
detect protocol reliably.
*) Feature: the "disable_symlinks" directive now uses O_PATH on Linux.
*) Feature: now nginx uses EPOLLRDHUP events to detect premature
connection close by clients if the "epoll" method is used.
*) Bugfix: in the "valid_referers" directive if the "server_names"
parameter was used.
*) Bugfix: the $request_time variable did not work in nginx/Windows.
*) Bugfix: in the "image_filter" directive.
*) Bugfix: OpenSSL 1.0.1f compatibility.
Changes with nginx 1.5.4 27 Aug 2013
*) Change: the "js" extension MIME type has been changed to
"application/javascript"; default value of the "charset_types"
directive was changed accordingly.
*) Change: now the "image_filter" directive with the "size" parameter
returns responses with the "application/json" MIME type.
*) Feature: the ngx_http_auth_request_module.
*) Bugfix: a segmentation fault might occur on start or during
reconfiguration if the "try_files" directive was used with an empty
parameter.
*) Bugfix: memory leak if relative paths were specified using variables
in the "root" or "auth_basic_user_file" directives.
*) Bugfix: the "valid_referers" directive incorrectly executed regular
expressions if a "Referer" header started with "https://".
*) Bugfix: responses might hang if subrequests were used and an SSL
handshake error happened during subrequest processing.
*) Bugfix: in the ngx_http_autoindex_module.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.5.3 30 Jul 2013
*) Change in internal API: now u->length defaults to -1 if working with
backends in unbuffered mode.
*) Change: now after receiving an incomplete response from a backend
server nginx tries to send an available part of the response to a
client, and then closes client connection.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used with the "client_body_in_file_only"
directive.
*) Bugfix: the "so_keepalive" parameter of the "listen" directive might
be handled incorrectly on DragonFlyBSD.
*) Bugfix: in the ngx_http_xslt_filter_module.
*) Bugfix: in the ngx_http_sub_filter_module.
Changes with nginx 1.5.2 02 Jul 2013
*) Feature: now several "error_log" directives can be used.
*) Bugfix: the $r->header_in() embedded perl method did not return value
of the "Cookie" and "X-Forwarded-For" request header lines; the bug
had appeared in 1.3.14.
*) Bugfix: in the ngx_http_spdy_module.
*) Bugfix: nginx could not be built on Linux with x32 ABI.
Changes with nginx 1.5.1 04 Jun 2013
*) Feature: the "ssi_last_modified", "sub_filter_last_modified", and
"xslt_last_modified" directives.
*) Feature: the "http_403" parameter of the "proxy_next_upstream",
"fastcgi_next_upstream", "scgi_next_upstream", and
"uwsgi_next_upstream" directives.
*) Feature: the "allow" and "deny" directives now support unix domain
sockets.
*) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but
without ngx_http_ssl_module; the bug had appeared in 1.3.14.
*) Bugfix: in the "proxy_set_body" directive.
*) Bugfix: in the "lingering_time" directive.
*) Bugfix: the "fail_timeout" parameter of the "server" directive in the
"upstream" context might not work if "max_fails" parameter was used;
the bug had appeared in 1.3.0.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_stapling" directive was used.
*) Bugfix: in the mail proxy server.
*) Bugfix: nginx/Windows might stop accepting connections if several
worker processes were used.
Changes with nginx 1.5.0 07 May 2013
*) Security: a stack-based buffer overflow might occur in a worker
process while handling a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2013-2028); the bug had
appeared in 1.3.9.
1.0.8
-----
Highlights:
* Cleaned up documentation, many thanks to Petrus Janse van Rensburg.
* More flexible menu system, ability to add links to menus
* Human-readable filter URLs
* Callable filter `options`
* `EmailField` filter
* Simple accessibility fixes
* `InlineFormField` now accepts `widget_args` and `form_rules` arguments
* Support for newer wtforms versions
* `form_rules` property that affects both create and edit forms
* Lots of bugfixes
Version 0.13 2014-04-21
```````````````````````
- Port to Python >= 3.3 (requiring Python 2.6/2.7 for 2.x).
- Fixed bug with using per-memoize timeouts greater than the default timeout
- Added better support for per-instance memoization.
- Various bug fixes
