In django-registration 2.3, the new validators :func:`~registration.validators.validate_confusables` and :func:`~registration.validators.validate_confusables_email` were added, and are applied by default to the username field and email field, respectively, of registration forms. This may cause some usernames which previously were accepted to no longer be accepted, but like the reserved-name validator this change was made because its security benefits significantly outweigh the edge cases in which it might disallow an otherwise-acceptable username or email address. If for some reason you need to allow registration with usernames or email addresses containing potentially dangerous use of Unicode, you can subclass the registration form and remove these validators, though doing so is not recommended.
2.0.12:
Fixed MySQL error in get_deleted()
2.0.11:
Dramatically improved performance of get_deleted() over large datasets
Ukranian translation
Bugfixes
From upstream's changelog:
>From the Release Notes
(https://wiki.davical.org/index.php/Release_Notes/1.1.6):
Bug Fixes
=========
* Only one set of angle brackets around cannot-modify-protected-property error tag (#112)
* Fix sync of deleted events when hide_todo is set (#100)
* Modify hide_older_than logic to allow through recurring events (#103)
* Fix modified mapping in the LDAP driver (#108)
* Do not output unescaped XML special characters in if-match error message (#113)
* Don't crash on principal-property-search REPORT without a proper match clause (#114)
* Various CardDAV and CalDAV fixes highlighted by caldav-tester
* Fix $SERVER variable names used when operating behind a proxy (!38)
* Use modern class constructors that even work with PHP7 (fixes: #119)
* Card search invalid when negate-condition="no" (#126)
* Propagate database error to client (#127)
* Add a log entry for login failures (#105)
Other Changes
=============
* Updates to the test suites, which are mostly passing now
* Improved logging in certain error conditions
* Set $c->external_ua_string to fetch external calendars posing as a certain user-agent (#115)
* Improve parsing of RFC5545 durations
* Improve support for /principals/users/..., /principals/resources/...
and /__uids__/... URLs
* Improve use of create-database.sh and update-davical-database with non-default values (see #124)
* Experimental $c->enable_attendee_group_resolution will resolve
attendee group names to a list of individual users (from !21)
* Add support for calendar-user-type (!39)
* Update caldav_functions.sql for Postgresql 10 (#129)
Database Upgrade
================
* Run dba/upgrade-davical-database to get Postgresql-10-compatible functions
Upgrades of Other Software
==========================
* AWL 0.58 is required for best PHP7 compatibility
0.7.0:
Fixed a bug where trigger_events didn't actually trigger events in async create_server
Changed strict_slashes to be True by default
Changed Unauthorized exception __init__ to be more like the rest of the exceptions
Added an option to define a name for a route
Made the prefixes for the environment variables configurable
Fixed windows support where syslog raises an ImportError
Added support for vhosts in static routes
Split RequestTimeout, ResponseTimeout, and KeepAliveTimeout into different timeouts
Fixed Connection lost before response written
SanicTestClient now gets its own port
0.6.17:
Fixes 171: Adhere to Content Security Policy best practices by removing inline scripts.
Adopted to Django-2.0 keeping downwards compatibility until Django-1.9.
Changelog:
Fixed
Fix a video color distortion issue on YouTube and other video sites
with some AMD devices (bug 1417442)
Fix an issue with prefs.js when the profile path has non-ascii
characters (bug 1420427)
Various security fixes
Google map crashes on OSX with Intel HD Graphics 3000
Changed
Block injection of a client library associated with the RealPlayer
Free player which is known to cause performance problems in Firefox.
(Bug 1418535)
Security fixes:
Not available
Django 1.11.8 fixes several bugs in 1.11.7:
* Reallowed, following a regression in Django 1.10, AuthenticationForm to raise the inactive user error when using ModelBackend.
* Added support for QuerySet.values() and values_list() for union(), difference(), and intersection() queries.
* Fixed incorrect index name truncation when using a namespaced db_table.
* Made QuerySet.iterator() use server-side cursors on PostgreSQL after values() and values_list().
* Fixed crash on SQLite and MySQL when ordering by a filtered subquery that uses nulls_first or nulls_last.
* Made query lookups for CICharField, CIEmailField, and CITextField use a citext cast.
* Fixed a regression in caching of a GenericForeignKey when the referenced model instance uses multi-table inheritance.
* Fixed “Cannot change column ‘x’: used in a foreign key constraint” crash on MySQL with a sequence of AlterField and/or RenameField operations in a migration
Selenium 3.8.0
* Firefox options can now be imported from selenium.webdriver as FirefoxOptions
* Headless mode can now be set in Chrome Options using `set_headless`
* Headless mode can now be set in Firefox Options using `set_headless`
* Add the WebKitGTK WebDriver and options class
* Browser options can now be passed to remote WebDriver via the `options` parameter
* Browser option parameters are now standardized across drivers as `options`. `firefox_options`,
`chrome_options`, and `ie_options` are now deprecated
* Added missing W3C Error Codes
* Support has been removed for Python versions 2.6 and 3.3
2.0.1:
* Bugfix release to have HTTP response content message as the correct
"http.response.content" not the older "http.response.chunk".
2.0.0:
* Complete rewrite for new async-based ASGI mechanisms and removal of
channel layers.
2.3.5:
Fix compatibility with pytest 3.3+
2.3.4:
Make request.app point to proper application instance when using nested applications (with middlewares).
Change base class of ClientConnectorSSLError to ClientSSLError from ClientConnectorError.
Return client connection back to free pool on error in connector.connect().
v12.0.1
* Fixed issues importing cherrypy.test.webtest (by creating
a module and importing classes from cheroot) and added a
corresponding DeprecationWarning.
Mon Nov 27 22:24:00 MSK 2017
Releasing GNU libmicrohttpd 0.9.57. -EG
Mon Nov 27 21:36:00 MSK 2017
Updated README. -EG
Mon Nov 27 18:37:00 MSK 2017
Corrected names in W32 DLL resources.
Reordered and clarified configure summary message.
Additional compiler warning mutes for builds with various configure
parameters.
Fixed tests on Cygwin.
Used larger SETSIZE for Cygwin (same value as for native W32).
Minor fixes for Cygwin.
Added configure parameter to force disable usage of sendfile().
Minor testsuite fixes.
Really fixed builds with optimisation for size. -EG
Sat Nov 25 18:37:00 MSK 2017
Fixed build with optimisation for size. -EG
Fri Nov 24 20:14:02 CET 2017
Releasing GNU libmicrohttpd 0.9.56. -CG
Thu Nov 23 17:40:00 MSK 2017
Added MHD_FEATURE_SENDFILE enum value and report. -EG
Thu Nov 23 08:56:00 MSK 2017
Fixed receiving large requests in TLS mode with epoll.
Improved GnuTLS and libgcrypt detection in configure, do not ignore
flags in GNUTLS_{CFLAGS,LIBS} variables.
Added special trick for Solaris/Openindiana to find GnuTLS-3 with
right bitness.
Added support for Solaris sendfile(3) function.
Fixed dataraces with thread ID on W32 and pthread. Now check for
correct thread in MHD_queue_response() works correctly.
Fixed and silenced compiler warnings in tests and examples.
Removed usage of TLS flags in examples where TLS is not required.
Added support for MultiSSL in https tests with libcurl >= 7.56.0.
Improved detection of OFF_T_MAX, SIZE_MAX. Added macros for
SSIZE_MAX in mhd_limits.h. There are some platforms that really
require those macros.
Added support for Darwin's sendfile() function.
Updated .gitignore files.
Reworked mhd_sys_extentions.m4 with better support of modern
platforms, more reliable detection of required macros, and
detection of disabling of system-specific features by
_XOPEN_SOURCE macro. -EG
Wed Nov 1 20:43:00 MSK 2017
Mixed and muted many compiler warnings. Now GCC's flags
-Wall -Wextra could be used for building.
Fixed compilation of examples without libmagic.
Better detection of libgnutls in configure.
Reworked launch of nested configure in "po" directory to
prevent useless reconfiguration.
Fixed some wrong asserts.
Enabled "test_options" test.
Use "test_start_stop" without libcurl.
Use chunks with sendfile() to prevent locking thread for
single connection with large file.
Added support for FreeBSD's sendfile with additional
optimisations for FreeBSD 11.
Refactoring and improvements for MHD_start_daemon_va() and
MHD_stop_daemon().
Fixed testing with GnuTLS >= 3.6.0. -EG
Mon Oct 9 22:38:07 CEST 2017
Add MHD_free() to allow proper free()-ing of username/password
data returned via MHD_digest_auth_get_username() or
MHD_basic_auth_get_username_password() on Windows. -CG
Tue Sep 26 14:00:58 CEST 2017
Fixing race involving setting "at_limit" flag. -CG
Tue Sep 08 21:39:00 MSK 2017
Fixed build of examples when MHD build with non-pthread lib.
MHD_queue_response(): added check for using in correct thread.
Fixed sending responses larger 16 KiB in TLS mode with epoll.
Improved doxy for MHD_get_timeout() and related functions.
Minor internal refactoring. -EG
Tue Jul 23 11:32:00 MSK 2017
Updated chunked_example.c to provide real illustration of usage of
chunked encoding. -EG
Thu Jul 13 21:41:00 MSK 2017
Restored SIGPIPE suppression in TLS mode.
Added new value MHD_FEATURE_AUTOSUPPRESS_SIGPIPE so application could
check whether SIGPIPE handling is required.
Used GNUTLS_NONBLOCK for TLS sessions. -EG
Tue Jun 20 23:52:00 MSK 2017
Libgcrypt is now optional and required only for old GnuTLS versions. -EG
Wed Jun 14 21:42:00 MSK 2017
Added support for debug assert() and new configure parameter
--enable-asserts for debug builds.
Removed non-functional Symbian support. -EG
Mon Jun 05 23:34:00 MSK 2017
More internal refactoring:
merged MHD_tls_connection_handle_read/write() with non-TLS version,
reduced and unified number of layers for network processing (before
refactoring MHD_tls_connection_handle_read->MHD_connection_handle_read->
do_read->recv_tls_adapter->GnuTLS->recv_param_adapter - 5 MHD layers;
after refactoring MHD_connection_handle_read->recv_tls_adapter->GnuTLS -
2 MHD layers),
simplified and removed dead code from
MHD_connection_handle_read/write() without functional change. -EG
Mon Jun 05 22:20:00 MSK 2017
Internal refactoring:
used TCP sockets directly with GnuTLS (performance improvement),
moved some connection-related code from daemon.c to
connection.c/connection_https.c,
removed hacks around sendfile() and implemented correct support of
sendfile(),
removed do_read() and do_write() to reduce number of layer around send()
and recv() and to improve readability and maintainability of code,
implemented separate tracking of TLS layer state, independent of HTTP
connection stage. -EG
Sun Jun 04 15:02:00 MSK 2017
Improved thread-safety of MHD_add_connection() and
internal_add_connection(), minor optimisations. -EG
Curl and libcurl 7.57.0
o auth: add support for RFC7616 - HTTP Digest access authentication [12]
o share: add support for sharing the connection cache [31]
o HTTP: implement Brotli content encoding [28]
This release includes the following bugfixes:
o CVE-2017-8816: NTLM buffer overflow via integer overflow [47]
o CVE-2017-8817: FTP wildcard out of bounds read [48]
o CVE-2017-8818: SSL out of buffer access [49]
o curl_mime_filedata.3: fix typos [1]
o libtest: Add required test libraries for lib1552 and lib1553 [2]
o fix time diffs for systems using unsigned time_t [3]
o ftplistparser: memory leak fix: free temporary memory always [4]
o multi: allow table handle sizes to be overridden [5]
o wildcards: don't use with non-supported protocols [6]
o curl_fnmatch: return error on illegal wildcard pattern [7]
o transfer: Fix chunked-encoding upload too early exit [8]
o curl_setup: Improve detection of CURL_WINDOWS_APP [9]
o resolvers: only include anything if needed [10]
o setopt: fix CURLOPT_SSH_AUTH_TYPES option read
o appveyor: add a win32 build
o Curl_timeleft: change return type to timediff_t [11]
o cmake: Export libcurl and curl targets to use by other cmake projects [13]
o curl: in -F option arg, comma is a delimiter for files only [14]
o curl: improved ";type=" handling in -F option arguments
o timeval: use mach_absolute_time() on MacOS [15]
o curlx: the timeval functions are no longer provided as curlx_* [16]
o mkhelp.pl: do not generate comment with current date [17]
o memdebug: use send/recv signature for curl_dosend/curl_dorecv [18]
o cookie: avoid NULL dereference [19]
o url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 [20]
o include: remove conncache.h inclusion from where its not needed
o CURLOPT_MAXREDIRS: allow -1 as a value [21]
o tests: Fixed torture tests on tests 556 and 650
o http2: Fixed OOM handling in upgrade request
o url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
o CURLOPT_INFILESIZE: accept -1 [22]
o curl: pass through [] in URLs instead of calling globbing error [23]
o curl: speed up handling of many URLs [24]
o ntlm: avoid malloc(0) for zero length passwords [25]
o url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES [26]
o HTTP: support multiple Content-Encodings [27]
o travis: add a job with brotli enabled
o url: remove unncessary NULL-check
o fnmatch: remove dead code
o connect: store IPv6 connection status after valid connection [29]
o imap: deal with commands case insensitively [30]
o --interface: add support for Linux VRF [32]
o content_encoding: fix inflate_stream for no bytes available [33]
o cmake: Correctly include curl.rc in Windows builds [34]
o cmake: Add missing setmode check [35]
o connect.c: remove executable bit on file [36]
o SMB: fix uninitialized local variable
o zlib/brotli: only include header files in modules needing them [37]
o URL: return error on malformed URLs with junk after IPv6 bracket [38]
o openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY [39]
o macOS: Fix missing connectx function with Xcode version older than 9.0 [40]
o --resolve: allow IP address within [] brackets [41]
o examples/curlx: Fix code style [42]
o ntlm: remove unnecessary NULL-check to please scan-build [43]
o Curl_llist_remove: fix potential NULL pointer deref [43]
o mime: fix "Value stored to 'sz' is never read" scan-build error [43]
o openssl: fix "Value stored to 'rc' is never read" scan-build error [43]
o http2: fix "Value stored to 'hdbuf' is never read" scan-build error [43]
o http2: fix "Value stored to 'end' is never read" scan-build error [43]
o Curl_open: fix OOM return error correctly [43]
o url: reject ASCII control characters and space in host names [44]
o examples/rtsp: clear RANGE again after use [45]
o connect: improve the bind error message [46]
o make: fix "make distclean" [50]
o connect: add support for new TCP Fast Open API on Linux [51]
o metalink: fix memory-leak and NULL pointer dereference [52]
o URL: update "file:" URL handling [53]
o ssh: remove check for a NULL pointer [54]
o global_init: ignore CURL_GLOBAL_SSL's absense [55]
0.6.0:
Refactor import_row call by using keyword arguments
Added {{ block.super }} call in block bodyclass in admin/base_site.html
Add support for the Django DurationField with DurationWidget
GitHub bmihelac -> django-import-export Account Update
Add intersphinx links to documentation
Add Resource.get_import_fields()
Fixed readme mistake
Bugfix/fix m2m widget clean
Allow injection of context data for template rendered by import_action() and export_action()
Bugfix/fix exception in generate_log_entries()
Process import dataset and result in separate methods
Bugfix/fix error in converting exceptions to strings
Fix admin integration tests for the new "Import finished..." message, update Czech translations to 100% coverage.
Make import form type easier to override
Add saves_null_values attribute to Field to control whether null values are saved on the object
Add Bulgarian translations
Add django 1.11 to TravisCI
Make Signals code example format correctly in documentation
Add Django as requirement to setup.py
Update import of reverse for django 2.x
Add Django-version classifiers to setup.py’s CLASSIFIERS
Some fixes for Django 2.0
Strip whitespace when looking up ManyToMany fields
Fix all ResourceWarnings during tests in Python 3.x
Remove downloads count badge from README since shields.io no longer supports it for PyPi
Add coveralls support and README badge
Highlights:
- The new Postgres Data Source
- Create your own Annotations for the Graph panel
- Cloudwatch Alerting Support
- Prometheus query editor enhancements
Raven is a Python client for Sentry (https://sentry.io/). It provides full
out-of-the-box support for many of the popular frameworks, including Django,
Flask, and Pylons. Raven also includes drop-in support for any WSGI-compatible
web application.
Changes with nginx 1.13.7:
*) Bugfix: in the $upstream_status variable.
*) Bugfix: a segmentation fault might occur in a worker process if a
backend returned a "101 Switching Protocols" response to a
subrequest.
*) Bugfix: a segmentation fault occurred in a master process if a shared
memory zone size was changed during a reconfiguration and the
reconfiguration failed.
*) Bugfix: in the ngx_http_fastcgi_module.
*) Bugfix: nginx returned the 500 error if parameters without variables
were specified in the "xslt_stylesheet" directive.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using a zlib library variant from Intel.
*) Bugfix: the "worker_shutdown_timeout" directive did not work when
using mail proxy and when proxying WebSocket connections.
nghttp2 v1.28.0
lib: Add nghttp2_error_callback2
build: Add deprecation warning when spdylay support is enabled
Switch to clang-format-5.0
examples: Make client and server work with libevent-2.1.8
third-party: Update neverbleed
integration: Fix issues reported by the go vet tool.
nghttpx: Fix affinity retry
nghttpx: Fix stalled backend connection on retry
nghttpx: Cookie based session affinity
nghttpx: Expose additional TLS related variables to mruby and accesslog
