From the Changelog:
* pytz is an explicit dependency.
* pytz.gae, used for Google App Engine, is no longer necessary and has been removed.
* Fixed a deprecated werkzeug import.
* Fix issues switching locales in threaded contexts.
Changes:
2.30.3
======
- Add new build option USE(64KB_PAGE_BLOCK).
- Fix backdrop filters with rounded borders.
- Fix scrolling iframes when async scrolling is enabled.
- Allow applications to handle drag and drop on the web view again.
- Update Outlook user agent quirk.
- Fix the build with video support disabled.
- Fix several crashes and rendering issues.
3.7.3
=====
Features
--------
- Use Brotli instead of brotlipy
- Made exceptions pickleable. Also changed the repr of some exceptions.
Bugfixes
--------
- Raise a ClientResponseError instead of an AssertionError for a blank
HTTP Reason Phrase.
- Fix ``web_middlewares.normalize_path_middleware`` behavior for patch without slash.
- Fix overshadowing of overlapped sub-applications prefixes.
- Make `BaseConnector.close()` a coroutine and wait until the client closes all connections. Drop deprecated "with Connector():" syntax.
- Reset the ``sock_read`` timeout each time data is received for a ``aiohttp.client`` response.
- Fixed type annotation for add_view method of UrlDispatcher to accept any subclass of View
- Fixed querying the address families from DNS that the current host supports.
- Change return type of MultipartReader.__aiter__() and BodyPartReader.__aiter__() to AsyncIterator.
- Provide x86 Windows wheels.
Improved Documentation
----------------------
- Add documentation for ``aiohttp.web.FileResponse``.
- Removed deprecation warning in tracing example docs
- Fixed wrong "Usage" docstring of ``aiohttp.client.request``.
- Add aiohttp-pydantic to third party libraries
Switch to go-modules and tidy up.
There have been 59 releases and nearly 3,000 lines of changelog since 0.55.6,
so apologies, but if you want a changelog you'll need to browse:
https://github.com/gohugoio/hugo/releases
to see what changed as it's impractical to list them here.
Security Vulnerabilities fixed in Firefox ESR 78.5
#CVE-2020-26951: Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during
drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security
UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local
network
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
Fixes pkgsrc handling of the frontend artefacts, various files were previously
missing, leading to errors in the web interface.
Changes since 1.12.1:
## [1.12.6](https://github.com/go-gitea/gitea/releases/tag/v1.12.6) - 2020-11-11
* SECURITY
* Prevent git operations for inactive users (#13527) (#13537)
* Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
* BUGFIXES
* API should only return Json (#13511) (#13564)
* Fix before and since query arguments at API (#13559) (#13560)
* Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
* Fix link detection in repository description with tailing '_' (#13407) (#13408)
* Remove obsolete change of email on profile page (#13341) (#13348)
* Fix permission check on get Reactions API endpoints (#13344) (#13346)
* Add migrated pulls to pull request task queue (#13331) (#13335)
* API deny wrong pull creation options (#13308) (#13327)
* Fix initial commit page & binary munching problem (#13249) (#13259)
* Fix diff parsing (#13157) (#13136) (#13139)
* Return error 404 not 500 from API if team does not exist (#13118) (#13119)
* Prohibit automatic downgrades (#13108) (#13111)
* Fix GitLab Migration Option AuthToken (#13101)
* GitLab Label Color Normalizer (#12793) (#13100)
* Log the underlying panic in runMigrateTask (#13096) (#13098)
* Fix attachments list in edit comment (#13036) (#13097)
* Fix deadlock when deleting team user (#13093)
* Fix error create comment on outdated file (#13041) (#13042)
* Fix repository create/delete event webhooks (#13008) (#13027)
* Fix internal server error on README in submodule (#13006) (#13016)
## [1.12.5](https://github.com/go-gitea/gitea/releases/tag/v1.12.5) - 2020-10-01
* BUGFIXES
* Allow U2F with default settings for gitea in subpath (#12990) (#13001)
* Prevent empty div when editing comment (#12404) (#12991)
* On mirror update also update address in DB (#12964) (#12967)
* Allow extended config on cron settings (#12939) (#12943)
* Open transaction when adding Avatar email-hash pairs to the DB (#12577) (#12940)
* Fix internal server error from ListUserOrgs API (#12910) (#12915)
* Update only the repository columns that need updating (#12900) (#12912)
* Fix panic when adding long comment (#12892) (#12894)
* Add size limit for content of comment on action ui (#12881) (#12890)
* Convert User expose ID each time (#12855) (#12883)
* Support slashes in release tags (#12864) (#12882)
* Add missing information to CreateRepo API endpoint (#12848) (#12867)
* On Migration respect old DefaultBranch (#12843) (#12858)
* Fix notifications page links (#12838) (#12853)
* Stop cloning unnecessarily on PR update (#12839) (#12852)
* Escape more things that are passed through str2html (#12622) (#12850)
* Remove double escape on labels addition in comments (#12809) (#12810)
* Fix "only mail on mention" bug (#12775) (#12789)
* Fix yet another bug with diff file names (#12771) (#12776)
* RepoInit Respect AlternateDefaultBranch (#12746) (#12751)
* Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) (#12750)
* ENHANCEMENTS
* gitea dump: include version & Check InstallLock (#12760) (#12762)
## [1.12.4](https://github.com/go-gitea/gitea/releases/tag/v1.12.4) - 2020-09-02
* SECURITY
* Escape provider name in oauth2 provider redirect (#12648) (#12650)
* Escape Email on password reset page (#12610) (#12612)
* When reading expired sessions - expire them (#12686) (#12690)
* ENHANCEMENTS
* StaticRootPath configurable at compile time (#12371) (#12652)
* BUGFIXES
* Fix to show an issue that is related to a deleted issue (#12651) (#12692)
* Expire time acknowledged for cache (#12605) (#12611)
* Fix diff path unquoting (#12554) (#12575)
* Improve HTML escaping helper (#12562)
* models: break out of loop (#12386) (#12561)
* Default empty merger list to those with write permissions (#12535) (#12560)
* Skip SSPI authentication attempts for /api/internal (#12556) (#12559)
* Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)
* Remove hardcoded ES indexername (#12521) (#12526)
* Fix bug preventing transfer to private organization (#12497) (#12501)
* Keys should not verify revoked email addresses (#12486) (#12495)
* Do not add prefix on http/https submodule links (#12477) (#12479)
* Fix ignored login on compare (#12476) (#12478)
* Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422)
* Upgrade google/go-github to v32.1.0 (#12361) (#12390)
* Render emoji's of Commit message on feed-page (#12373)
* Fix handling of diff on unrelated branches when Git 2.28 used (#12370)
## [1.12.3](https://github.com/go-gitea/gitea/releases/tag/v1.12.3) - 2020-07-28
* BUGFIXES
* Don't change creation date when updating Release (#12343) (#12351)
* Show 404 page when release not found (#12328) (#12332)
* Fix emoji detection in certain cases (#12320) (#12327)
* Reduce emoji size (#12317) (#12327)
* Fix double-indirection bug in logging IDs (#12294) (#12308)
* Link to pull list page on sidebar when view pr (#12256) (#12263)
* Extend Notifications API and return pinned notifications by default (#12164) (#12232)
## [1.12.2](https://github.com/go-gitea/gitea/releases/tag/v1.12.2) - 2020-07-11
* BUGFIXES
* When deleting repository decrese user repository count in cache (#11954) (#12188)
* Return full commit message instead of summary in commits API (#12186) (#12187)
* Properly set HEAD when a repo is created with a default branch that is not named 'master' (#12135) (#12182)
* Ensure GPG Subkeys are verified (#12155) (#12168)
* Fix failing to cache last commit with key being to long (#12151) (#12161)
* Multiple small admin dashboard fixes (#12153) (#12156)
* Remove spurious logging of " Delete all repository archives" at startup (#12139) (#12148)
* Fix repository setup instructions when default branch is not named 'master' (#12122) (#12147)
* Move EventSource to SharedWorker (#12095) (#12130)
* Fix ui bug in wiki commit page (#12089) (#12125)
* Fix gitgraph branch continues after merge (#12044) (#12105)
* Set the base url when migrating from Gitlab using access token or username without password (#11852) (#12104)
* Ensure BlameReaders close at end of request (#12102) (#12103)
* Fix panic when adding review comment (#12058)
* ENHANCEMENTS
* Disable dropzone's timeout for file uploads (#12024) (#12032)
Changelog:
Version 83.0, first offered to Release channel users on November 17, 2020
New
* Firefox keeps getting faster as a result of significant updates to
SpiderMonkey, our JavaScript engine, you will now experience improved page
load performance by up to 15%, page responsiveness by up to 12%, and
reduced memory usage by up to 8%. We have replaced part of the JavaScript
engine that helps to compile and display websites for you, improving
security and maintainability of the engine at the same time.
* Firefox introduces HTTPS-Only Mode. When enabled, this new mode ensures
that every connection Firefox makes to the web is secure and alerts you
when a secure connection is not available. You can enable it in Firefox
Preferences.
* Pinch zooming will now be supported for our users with Windows touchscreen
devices and touchpads on Mac devices. Firefox users may now use pinch to
zoom on touch-capable devices to zoom in and out of webpages.
* Picture-in-Picture now supports keyboard shortcuts for fast forwarding and
rewinding videos: use the arrow keys to move forward and back 15 seconds,
along with volume controls. For a list of supported commands see Support
Mozilla
* When you are presenting your screen on a video conference in Firefox, you
will see our improved user interface that makes it clearer which devices or
displays are being shared.
* We've improved functionality and design for a number of Firefox search
features:
+ Selecting a search engine at the bottom of the search panel now enters
search mode for that engine, allowing you to see suggestions (if
available) for your search terms. The old behavior (immediately
performing a search) is available with a shift-click.
+ When Firefox autocompletes the URL of one of your search engines, you
can now search with that engine directly in the address bar by
selecting the shortcut in the address bar results.
+ We've added buttons at the bottom of the search panel to allow you to
search your bookmarks, open tabs, and history.
* Firefox supports AcroForm, which will allow you to fill in, print, and save
supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in India on the English build of Firefox will now see Pocket
recommendations in their new tab featuring some of the best stories on the
web. If you don't see them, you can turn on Pocket articles in your new
tab by following these steps.
* For the recently released Apple devices built with Apple Silicon CPUs, you
can use Firefox 83 and future releases without any change. This release
(83) will support emulation under Apple's Rosetta 2 that ships with macOS
Big Sur. We are working toward Firefox being natively-compiled for these
CPUs in a future release.
* This is a major release for WebRender as we roll out to more Firefox users
on Windows 7 and 8 as well as on macOS 10.12 to 10.15.
Fixed
* This release also includes a number of accessibility fixes:
+ Screen reader features which report paragraphs now correctly report
paragraphs instead of lines in Google Docs
+ When reading by word using a screen reader, words are now correctly
reported when there is punctuation nearby
+ The arrow keys now work correctly after tabbing in the
picture-in-picture window
* For users on macOS restoring a session with minimized windows, Firefox now
uses much less power and you should see much longer battery life.
* Various security fixes
Security fixes:
#CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
#CVE-2020-26952: Out of memory handling of JITed, inlined functions could lead to a memory corruption
#CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
#CVE-2020-26954: Local spoofing of web manifests for arbitrary pages in Firefox for Android
#CVE-2020-26955: Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26957: OneCRL was not working in Firefox for Android
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26962: Cross-origin iframes supported login autofill
#CVE-2020-26963: History and Location interfaces could have been used to hang the browser
#CVE-2020-26964: Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local network
#CVE-2020-26967: Mutation Observers could break or confuse Firefox Screenshots feature
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
#CVE-2020-26969: Memory safety bugs fixed in Firefox 83
1.6.3:
Bugfixes
- No longer loose characters when decoding incorrect percent-sequences (like ``%e2%82%f8``). All non-decodable percent-sequences are now preserved.
- Provide x86 Windows wheels.
ChangeLog:
- General
- Use `Enumerator#with_index` to detect line numbers
- Batchfile Lexer
- Add support for long options to Batchfile lexer
- C++ Lexer
- Fix binary literal digit separator in C++ lexer
- Docker Lexer
- Add `Dockerfile` as an alias for the Docker lexer
- JavaScript Lexer
- Fix template string lexing in JavaScript lexer
- Kotlin Lexer
- Ensure word break follows keywords in Kotlin lexer
- Perl Lexer
- Improve support for sigils in Perl lexer
- PowerShell Lexer
- Improve lexing of nested data structures in PowerShell lexer
- Improve handling of data structure literals in PowerShell lexer
- Ruby Lexer
- Revert empty patterns in Ruby lexer
- Rust Lexer
- Add continue to keywords in Rust lexer
- Velocity Lexer
- Fix lexing of brackets in Velocity lexer
1.26.1 (2020-11-11)
-------------------
* Fixed an issue where two ``User-Agent`` headers would be sent if a
``User-Agent`` header key is passed as ``bytes``
1.26.0 (2020-11-10)
-------------------
* **NOTE: urllib3 v2.0 will drop support for Python 2**.
`Read more in the v2.0 Roadmap <https://urllib3.readthedocs.io/en/latest/v2-roadmap.html>`_.
* Added support for HTTPS proxies contacting HTTPS servers
* Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that
still wish to use TLS earlier than 1.2 without a deprecation warning
should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1``
**Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail**
* Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST``
and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``,
``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)``
* Added default ``User-Agent`` header to every request
* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
and ``Host`` headers from being automatically emitted with requests
* Collapse ``transfer-encoding: chunked`` request data and framing into
the same ``socket.send()`` call
* Send ``http/1.1`` ALPN identifier with every TLS handshake by default
* Properly terminate SecureTransport connections when CA verification fails
* Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None``
to SecureTransport
* Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3
* Suppress ``BrokenPipeError`` when writing request body after the server
has closed the socket
* Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC")
into an ``urllib3.exceptions.SSLError``
The python 2 dependency was seemingly removed in Firefox 78.0 so we
can remove those old hacks.
Firefox needs clang for some unknown part of the build process (rust
related?), even if building with GCC.
The previous solution in pkgsrc was to force the use of clang, because
pkgsrc provides cwrappers which provided gcc-as-clang, which broke
everything. Instead, override the clang wrapper with the actual clang
executable.
This means the majority of the build happens with GCC (or ccache, distcc,
whatever the user chooses, rather than overriding it with clang). Should help
sparc64, where clang doesn't work too well.
Full build tested on NetBSD/amd64.
The python 2 dependency was seemingly removed in Firefox 78.0 so we
can remove those old hacks.
Firefox needs clang for some unknown part of the build process (rust
related?), even if building with GCC.
The previous solution in pkgsrc was to force the use of clang, because
pkgsrc provides cwrappers which provided gcc-as-clang, which broke
everything. Instead, override the clang wrapper with the actual clang
executable.
This means the majority of the build happens with GCC (or ccache, distcc,
whatever the user chooses, rather than overriding it with clang). Should help
sparc64, where clang doesn't work too well.
Full build tested on NetBSD/amd64.
mk/endian.mk included mk/compiler.mk and PKG_CC and PKG_CXX were
effective.
Now mk/endian.mk has been removed and include mk/compiler.mk
explicitly to use clang only.
mk/endian.mk includes mk/compiler.mk and PKG_CC and PKG_CXX were
effective.
Now mk/endian.mk has been removed and include mk/compiler.mk
explicitly to use clang only.
Reported by martin@ on tech-pkg@.
Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2
#CVE-2020-26950: Write side effects in MCallGetProperty opcode not accounted for
Only a few pieces of software are using the ICU integration library,
these aren't the big harfbuzz users (i.e. gtk). this is intended to lessen
the impact of icu's frequent ABI breaks.
What's new in Grafana v7.3
Google Cloud Monitoring: Out of the box dashboards
Shorten URL for dashboards and Explore
Table improvements and new image cell mode
New color scheme option
SigV4 Authentication for Amazon Elasticsearch Service
CSV exports for Excel
What's new in Grafana v7.2
New date formatting options added
Field options are out of beta!
Added table column filters
New field override selection options
New transformations and enhancements
Drag to reorder queries
Inspect queries in Explore
$__rate_interval for Prometheus
Toggle parsed log fields
Sensitive alert channel settings are now encrypted
Grafana Enterprise features
Report time range
Organization-wide report settings
Report grid layout
What’s new in other parts of the Grafana ecosystem
ADX (Azure Data Explorer) plugin
X-Ray data source plugin
Tested on amd64. This means that text relocations are now fatal.
Hopefully other architectures don't have additional ways to be not-mprotect-
safe, but there is always the possibility.
No obvious performance difference in an older (non-wasm) javascript benchmark.
Version 3.2.1
* change linkifier to add rel="nofollow" as documented.
* suppress html5lib sanitizer DeprecationWarnings
Version 3.2.0
* ``html5lib`` dependency to version 1.1.0.
* update tests_website terminology.
Libwebsockets (LWS) is a flexible, lightweight pure C library for implementing
modern network protocols easily with a tiny footprint, using a nonblocking
event loop. It has been developed continuously since 2010 and is used in
tens of millions of devices and by thousands of developers around the world.
Django 3.1.3 fixes several bugs in 3.1.2 and adds compatibility with Python 3.9.
Bugfixes
Fixed a regression in Django 3.1.2 that caused the incorrect height of the admin changelist search bar
Fixed a regression in Django 3.1.2 that caused the incorrect width of the admin changelist search bar on a filtered page
Fixed displaying Unicode characters in forms.JSONField and read-only models.JSONField values in the admin
Fixed a regression in Django 3.1 that caused a crash of ArrayAgg and StringAgg with ordering on key transforms for JSONField
Fixed a regression in Django 3.1 that caused a crash of __in lookup when using key transforms for JSONField in the lookup value
Fixed a regression in Django 3.1 that caused a crash of ExpressionWrapper with key transforms for JSONField
Fixed a regression in Django 3.1 that caused a migrations crash on PostgreSQL when adding an ExclusionConstraint with key transforms for JSONField in expressions
Fixed a regression in Django 3.1 where ProtectedError.protected_objects and RestrictedError.restricted_objects attributes returned iterators instead of set of objects
Fixed a regression in Django 3.1.2 that caused incorrect form input layout on small screens in the admin change form view
Fixed a regression in Django 3.1 that invalidated pre-Django 3.1 password reset tokens
Added support for asgiref 3.3
Fixed a regression in Django 3.1 that caused incorrect textarea layout on medium-sized screens in the admin change form view with the sidebar open
Fixed a regression in Django 3.0.7 that didn’t use Subquery() aliases in the GROUP BY clause
5.5.3:
This maintenance release fixes an issue introduced in WordPress 5.5.2
which makes it impossible to install WordPress on a brand new website
that does not have an existing database connection configuration.
This release does not affect sites where a database connection is
already configured, for example, via one-click installers or
an existing wp-config.php file.
5.5.2:
Security updates:
- Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
- Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
- Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
- Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
- Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
- Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
- Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
- And a special thanks to @zieladam who was integral in many of the releases and patches during this release.
Maintenance updates:
#51130 Events displayed in venue timezone instead of user’s
#51659 Update Gutenberg Dependencies for WordPress 5.5.2
#50861 Remove Facebook and Instagram as an oEmbed Source
#50903 Set the local environment to a development environment type by default
#50949 Posts show wrong time when user is in a different time zone than the site’s
#51053 Video Embeds set to align left disappear in Gutenberg editor
#51175 Wrong reply box title
#51219 Theme editor page showing undefined variable notice
#51251 Fix PHP notice when opening the edit image popup
#51263 PHP warning when editing comments in the administration comment edit screen
#51320 PHP Notice while moving post to trash (post_type has 2 registered taxonomies both with default_term set)
#51400 Undefined index during automatic plugin/theme updates
#51595 Unable to make anonymous comments via XML-RPC
#51645 Undefined index: echo in core files
Changes with nginx 1.19.4 27 Oct 2020
*) Feature: the "ssl_conf_command", "proxy_ssl_conf_command",
"grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives.
*) Feature: the "ssl_reject_handshake" directive.
*) Feature: the "proxy_smtp_auth" directive in mail proxy.
Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715)
Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370)
Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529)
Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755)
Stability fix (bug 1660539)
Changelog:
Version 20.0.1 October 24 2020
Changes
Add mount point to quota warning message (server#23170)
Dont hold a transaction during the move to trash (server#23185)
Fix dashboard rendering if accessibility app is disabled (server#23192)
Fix legacy update notifications (server#23195)
Fix the user email issue while creating a user (server#23203)
Make BeforeTemplateRenderedEvent aware of the actual response (server#23205)
Fix array to string conversion on event search (server#23207)
Also check the path based mimetype for flow rule checks (server#23211)
Allow configuring the activity update interval of token (server#23213)
Don't influence toastify errors and always use white (server#23216)
Only run the query to get the account data once (server#23220)
Fix appid in translation (server#23235)
Use the correct l10n for activities (server#23254)
Make sure getUsersFavoritingObject can be run without a user (server#23256)
Fix sidebar updateTabs method (server#23271)
Fix the user remove from group in UI (server#23281)
Fix dashboard statuses sort (server#23288)
Fix database password visibility toggle (server#23336)
Add template typing to the QBMapper (server#23375)
Add Psalm type for the bootstrap registration context (server#23383)
Fix adminpass strengthify margin (server#23384)
Fix typo 'shared' (server#23388)
Expose CLOUD federation for local users in the recent addressbook (server#23390)
Stop transfer of ownership between same users (server#23395)
VersioningTest.php:729 is unreliable and should be disabled (server#23403)
Encode requesttoken for logout url in auto logout (server#23420)
Fix undefined index and consequential damages in versions code (server#23422)
Allow using saved login credentials for notify (server#23426)
Add option to disable notify self check (server#23438)
Annotate IContainer so Psalm knows what resove and query return (server#23446)
Fix app sidebar mountpoint (server#23458)
Bump @nextcloud/vue to 2.6.9 (server#23466)
Add psalm types for the migration schema closure (server#23472)
Remove posix_getpwuid and compare only userid (server#23473)
Use own psalm instead of a global one (server#23480)
Add psalm types for the event dispatcher (server#23491)
SharedMountTest.php:367 is unreliable (server#23498)
Provide log statements for SCSS cache (server#23503)
SCSSCacher - Lock should not be removed (server#23510)
Clear cached app config while waiting for the SCSSCache lock to return (server#23513)
Fixes potential passing of null to getUserGroupIds (server#23514)
Add local version of escapeHTML (server#23548)
LDAP: when nesting is not enabled, the group filter can be applied right away (server#23570)
Disable unreliable app-files.feature:108 (server#23621)
Disable unreliable app-files-sharing.feature:338 (server#23622)
Set current user when parsing activities for digest (activity#507)
Fix mail table columns to match the activity table (activity#511)
Fix the comments added to the activity table (activity#515)
GetUsersFavoritingObject is moved to the manager (activity#517)
Remove close button (files_pdfviewer#244)
Update phpunit.yml (files_pdfviewer#245)
Hide the download button by default (files_pdfviewer#247)
Better debug output on public pages (files_pdfviewer#249)
Pass preview availability too (photos#510)
FIx loading speed of dashboard by loading the data async (recommendations#307)
Fix Memory (#240) (serverinfo#245)
Fix num_shares_link_no_password for NC >= 15 (serverinfo#247)
Fix FreeBSD Interface Exception (serverinfo#252)
Fix player controls on Firefox (viewer#627)
Make div display: none (viewer#629)
Fix theming chaining (viewer#633)
Fix cypress branch (viewer#643)
3.7.1
Bugfixes
- Fixed a type error caused by the conditional import of `Protocol`.
- Server doesn't send Content-Length for 1xx or 204
- Fix run_app typing
- Always require ``typing_extensions`` library.
- Fix a variable-shadowing bug causing `ThreadedResolver.resolve` to
return the resolved IP as the ``hostname`` in each record, which prevented
validation of HTTPS connections.
- Added annotations to all public attributes.
- Fix flaky test_when_timeout_smaller_second
- Ensure sending a zero byte file does not throw an exception
- Fix a bug in ``web.run_app()`` about Python version checking on Windows
Changelog:
20.0.0
The three biggest features we introduce with Nextcloud 20 are:
Our new dashboard provides a great starting point for the day with over a dozen widgets ranging from Twitter and Github to Moodle and Zammad already available
Search was unified, bringing search results of Nextcloud apps as well as external services like Gitlab, Jira and Discourse in one place
Talk introduced bridging to other platforms including MS Teams, Slack, IRC, Matrix and a dozen others
Some other improvements we want to highlight include:
Notifications and Activities were brought together, making sure you won't miss anything important
We added a 'status' setting so you can communicate to other users what you are up to
Talk also brings dashboard and search integration, emoji picker, upload view, camera and microphone settings, mute and more
Calendar integrates in dashboard and search, introduced a list view and design improvements
Mail introduces threaded view, mailbox management and more
Deck integrates with dashboard and search, introduces Calendar integration, modal view for card editing and series of smaller improvements
Flow adds push notification and webhooks so other web apps can easily integrate with Nextcloud
Text introduced direct linking to files in Nextcloud
Files lets you add a description to public link shares
Changes:
2.30.2
======
- Fix scrolling when smooth scrolling is enabled in async scrolling mode.
- Fix WebSocket requests with same-site cookies.
- Fix TLS certificate information for service workers.
- Handle chassis type when its value is quoted.
- Fix the build with ENABLE_MEDIA_STREAM enabled and ENABLE_WEB_RTC_DISABLED.
- Fix the build with ENABLE_GAMEPAD enabled.
- Fix several crashes and rendering issues.
New:
With this release, Firefox introduces a number of improvements that make watching videos more delightful:
the Picture-In-Picture button has a new look and position, making it easier for you to find and use the feature.
Picture-In-Picture now has a keyboard shortcut for Mac users (Option + Command + Shift + Right bracket) that works before you start playing the video.
For Windows users, Firefox now uses DirectComposition for hardware decoded video, which will improve CPU and GPU usage during video playback, improving battery life.
Firefox is faster than ever with improved performance on both page loads and start up time:
Websites that use flexbox-based layouts load 20% faster than before;
Restoring a session is 17% quicker, meaning you can more quickly pick up where you left off;
For Windows users, opening new windows got quicker by 10%.
You can now explore new articles when you save a webpage to Pocket from the Firefox toolbar.
WebRender continues to roll out to more Firefox users on Windows.
Fixed:
Screen reader features which report paragraphs now correctly report paragraphs in Firefox instead of lines.
Various security fixes.
Logswan 2.1.8 (2020-10-19)
- Make displayUsage() static
- Removing some leading whitespace characters
- Constify methods and protocols names array
- Constify countries and continents names and ID arrays
- Enable FORTIFY_SOURCE level 2
- Call memset() to set all entry_data struct fields to zero
0.12.2
Added
Adding ability to decrypt ssl key file
Support .yml log config files
Added python 3.9 support
Fixed
Fixes watchgod with common prefixes
Fix reload with ipv6 host
Added cli suport for headers containing colon
Sharing socket across workers on windows
Note the need to configure trusted "ips" when using unix sockets
1.25.11
* Fix retry backoff time parsed from ``Retry-After`` header when given
in the HTTP date format. The HTTP date was parsed as the local timezone
rather than accounting for the timezone in the HTTP date (typically
UTC)
* Fix issue where an error would be raised when the ``SSLKEYLOGFILE``
environment variable was set to the empty string. Now ``SSLContext.keylog_file``
is not set in this situation
Update Ruby on Rails 6.0 related packages to 6.0.3.4.
This is security fix for ruby-actionpack60.
## Rails 6.0.3.4 (October 07, 2020) ##
* [CVE-2020-8264] Prevent XSS in Actionable Exceptions
curl and libcurl 7.73.0
Public curl releases: 195
Command line options: 234
curl_easy_setopt() options: 278
Public functions in libcurl: 85
Contributors: 2270
This release includes the following changes:
o curl: add --output-dir [25]
o curl: support XDG_CONFIG_HOME to find .curlrc [3]
o curl: update --help with categories [77]
o curl_easy_option_*: new API for meta-data about easy options [40]
o CURLE_PROXY: new error code [7]
o mqtt: enable by default [28]
o sftp: add new quote commands 'atime' and 'mtime' [6]
o ssh: add the option CURLKHSTAT_FINE_REPLACE [27]
o tls: add CURLOPT_SSL_EC_CURVES and --curves [29]
This release includes the following bugfixes:
o altsvc: clone setting in curl_easy_duphandle [60]
o base64: also build for smtp, pop3 and imap [81]
o BUGS: convert document to markdown [107]
o build-wolfssl: fix build with Visual Studio 2019 [114]
o buildconf: invoke 'autoreconf -fi' instead [37]
o checksrc: detect // comments on column 0 [132]
o checksrc: verify do-while and spaces between the braces [2]
o checksrc: warn on space after exclamation mark [129]
o CI/azure: disable test 571 in the msys2 builds [93]
o CI/azure: MQTT is now enabled by default [64]
o CI/azure: no longer ignore results of test 1013 [43]
o CI/tests: fix invocation of tests for CMake builds [117]
o CI/travis: add a CI job with openssl3 (from git master) [51]
o cleanups: avoid curl_ on local variables [53]
o CMake: add option to enable Unicode on Windows [48]
o cmake: make HTTP_ONLY also disable MQTT [58]
o CMake: remove explicit `CMAKE_ANSI_CFLAGS` [45]
o cmake: remove scary warning [96]
o cmdline-opts/gen.pl: generate nicer "See Also" in curl.1 [66]
o configure: don't say HTTPS-proxy is enabled when disabled [120]
o configure: fix pkg-config detecting wolfssl [26]
o configure: let --enable-debug set -Wenum-conversion with gcc >= 10 [56]
o conn: check for connection being dead before reuse [39]
o connect.c: remove superfluous 'else' in Curl_getconnectinfo [42]
o curl.1: add see also no-progress-meter on two spots [67]
o curl.1: fix typo invokved -> invoked [36]
o curl: in retry output don't call all problems "transient" [74]
o curl: make --libcurl show binary posts correctly [130]
o curl: make checkpasswd use dynbuf [100]
o curl: make file2memory use dynbuf [102]
o curl: make file2string use dynbuf [103]
o curl: make glob_match_url use dynbuf [101]
o curl: make sure setopt CURLOPT_IPRESOLVE passes on a long [134]
o curl: retry delays in parallel mode no longer sleeps blocking [70]
o curl: use curlx_dynbuf for realloc when loading config files [73]
o curl:parallel_transfers: make sure retry readds the transfer [71]
o curl_get_line: build only if cookies or alt-svc are enabled [13]
o curl_mime_headers.3: fix the example's use of curl_slist_append [83]
o Curl_pgrsTime - return new time to avoid timeout integer overflow [32]
o Curl_send: return error when pre_receive_plain can't malloc [111]
o dist: add missing CMake Find modules to the distribution [14]
o docs/LICENSE-MIXING: remove [79]
o docs/opts: fix typos in two manual pages [119]
o docs/RESOURCES: remove [105]
o docs/TheArtOfHttpScripting: convert to markdown [106]
o docs: add description about CI platforms to CONTRIBUTE.md [44]
o docs: correct non-existing macros in man pages [35]
o doh: add error message for DOH_DNS_NAME_TOO_LONG [17]
o dynbuf: make sure Curl_dyn_tail() zero terminates [78]
o easy_reset: clear retry counter [82]
o easygetopt: pass a valid enum to avoid compiler warning [75]
o etag: save and use the full received contents [4]
o ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND [99]
o ftp: avoid risk of reading uninitialized integers [76]
o ftp: get rid of the PPSENDF macro [85]
o ftp: make a 552 response return CURLE_REMOTE_DISK_FULL [87]
o ftp: separate FTPS from FTP over "HTTPS proxy" [112]
o git: ignore libtests in 3XXX area [16]
o github: use new issue template feature [88]
o HISTORY: mention alt-svc added in 2019
o HTTP/3: update to OpenSSL_1_1_1g-quic-draft-29 [41]
o http: consolidate nghttp2_session_mem_recv() call paths [80]
o http_proxy: do not count proxy headers in the header bytecount [90]
o http_proxy: do not crash with HTTPS_PROXY and NO_PROXY set [50]
o imap: make imap_send use dynbuf for the send buffer management [110]
o imap: set cselect_bits to CURL_CSELECT_IN initially [104]
o ldap: reduce the amount of #ifdefs needed [124]
o lib/Makefile.am: bump VERSIONINFO due to new functions [65]
o lib1560: verify "redirect" to double-slash leading URL [20]
o lib583: fix enum mixup
o lib: fix -Wassign-enum warnings [84]
o lib: make Curl_gethostname accept a const pointer [38]
o libssh2: handle the SSH protocols done over HTTPS proxy [125]
o libssh2: pass on the error from ssh_force_knownhost_key_type [47]
o Makefile.m32: add ability to override zstd libs [ci skip] [10]
o man pages: switch to https://example.com URLs [86]
o MANUAL: update examples to resolve without redirects [122]
o mbedtls: add missing header when defining MBEDTLS_DEBUG [133]
o memdebug: remove 9 year old unused debug function [126]
o multi: expand pre-check for socket readiness [21]
o multi: handle connection state winsock events [31]
o multi: implement wait using winsock events [22]
o ngtcp2: adapt to new NGTCP2_PROTO_VER_MAX define [108]
o ngtcp2: adapt to the new pkt_info arguments [18]
o ntlm: fix condition for curl_ntlm_core usage [46]
o openssl: avoid error conditions when importing native CA [52]
o openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification [57]
o openssl: Fix wincrypt symbols conflict with BoringSSL [9]
o parsedate: tune the date to epoch conversion [95]
o pause: only trigger a reread if the unpause sticks [92]
o pingpong: use a dynbuf for the *_pp_sendf() function [113]
o READMEs: convert several to markdown [115]
o runtests: add %repeat[]% for test files [116]
o runtests: allow creating files without newlines [72]
o runtests: allow generating a binary sequence from hex
o runtests: clear pid variables when failing to start a server [12]
o runtests: make cleardir() erase dot files too [8]
o runtests: provide curl's version string as %VERSION for tests [127]
o schannel: fix memory leak when using get_cert_location [15]
o schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root [128]
o scripts: improve the "get latest curl release tag" logic
o sectransp: make it build with --disable-proxy [123]
o select.h: make socket validation macros test for INVALID_SOCKET [24]
o select: align poll emulation to return all relevant events [63]
o select: fix poll-based check not detecting connect failure
o select: reduce duplication of Curl_poll in Curl_socket_check [23]
o select: simplify return code handling for poll and select [49]
o setopt: if the buffer exists, refuse the new BUFFERSIZE [5]
o setopt: return CURLE_BAD_FUNCTION_ARGUMENT on bad argument [91]
o socketpair: allow CURL_DISABLE_SOCKETPAIR [11]
o sockfilt: handle FD_CLOSE winsock event on write socket [30]
o src: spell whitespace without whitespace [121]
o SSLCERTS: fix English syntax [34]
o strerror: honor Unicode API choice on Windows [109]
o symbian: drop support [118]
o telnet.c: depend on static requirement of WinSock version 2 [61]
o test1541: remove since it is a known bug [68]
o test163[12]: require http to be built-in to run [94]
o test434: test -K use in a single line without newline [59]
o test971: show test mismatches "inline"
o tests/data: Fix some mismatched XML tags in test cases
o tests/FILEFORMAT: document nonewline support for <file>
o tests/FILEFORMAT: document type=shell for <command>
o tests/server/util.c: fix support for Windows Unicode builds [131]
o tests: remove pipelining tests [69]
o tls: fix SRP detection by using the proper #ifdefs [33]
o tls: provide the CApath verbose log on its own line [1]
o tool_setopt: escape binary data to hex, not octal
o tool_writeout: add new writeout variable, %{num_headers} [97]
o travis: add a build using libressl (from git master) [55]
o url: use blank credentials when using proxy w/o username and password [54]
o urlapi: use more Curl_safefree [89]
o vtls: deduplicate client certificates in ssl_config_data [98]
o win32: drop support for WinSock version 1, require version 2 [62]
o winbuild: convert the instruction text to README.md [19]
Brief changes for 7.0.16:
- Pre-load the CoyoteOutputStream class to prevent a potential
exception when running under a security manager. Patch provided by Johnathan
Gilday. (markt)
- Refactor the Default servlet to provide a single method that can be
overridden (generateETag()) should a custom entity tag format be required.
(markt)
- Improve the validation of entity tags provided with conditional
requests. Requests with headers that contain invalid entity tags will be
rejected with a 400 response code. Improve the matching algorithm used to
compare entity tags in conditional requests with the entity tag for the
requested resource. Based on a pull request by Sergey Ponomarev. (markt)
- Deprecate the JDBCRealm. (markt)
Full changelog is available at:
https://tomcat.apache.org/tomcat-7.0-doc/changelog.html
Also CONFLICTS have been adjusted.
Changes for 8.5.59:
- Refactor the handling of closed HTTP/2 streams to reduce the heap usage
associated with used streams and to retain information for more streams in
the priority tree.
- Deprecate the JDBCRealm.
- Ensure that none of the methods on a ServletContext instance always fail
when running under a SecurityManager.
Full changelog is available at:
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.59_(markt)
Also CONFLICTS have been adjusted.
Changes for 9.0.39:
- Refactor the handling of closed HTTP/2 streams to reduce the heap usage
associated with used streams and to retain information for more streams in
the priority tree.
- Allow using the utility executor for annotation scanning.
- Add a bloom filter to speed up archive lookup and improve deployment speed
of applications with a large number of JARs.
Full changelog is available at:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.39
Also CONFLICTS have been adjusted.
5.0.8
- Add optional support for using `fastjsonschema` as the JSON validation library.
To enable fast validation, install `fastjsonschema` and set the environment
variable `NBFORMAT_VALIDATOR` to the value `fastjsonschema`.
ChangeLog:
This release has two new lexers: one for e-mails (yes, I am aware it is
only me that spells it that way) and one for J (why not another language
starting with J?). There's also fixes for the Apex, HTTP, Janet, JavaScript
and Rust lexers. And on top of all of that, there are some improvements to
Rouge itself, including a new CLI debug command and a line highlighting
option.
o also set -D_GNU_SOURCE in Makefile.boot. from
hadrien.lacour@posteo.net.
o fix array size botch (assertion, not exploitable.) from
martin@netbsd.org.
o also match %2F as well as %2f. from leah@vuxu.org.
o many manual and help fixes. clean ups for higher lint levels,
consistency/style clean ups. various option fixes including made
-f imply -b. from <henrik@gulbra.net> for freebsd.
o add .m4a and .m4v file extensions.
o make this work on sun2 by reducing mmap window there.
o fix SSL shutdown sequence. from spz@netbsd.org.
o add readme support to directory indexing. from jmcneill@netbsd.org
o add blocklist(8) support. from jruoho@netbsd.org.
1.6.2
Bugfixes
- Provide generated ``.c`` files in TarBall distribution.
1.6.1
Features
- Provide wheels for ``aarch64``, ``i686``, ``ppc64le``, ``s390x`` architectures on
Linux as well as ``x86_64``.
- Provide wheels for Python 3.9.
Bugfixes
- ``human_repr()`` now always produces valid representation equivalent to the original URL (if the original URL is valid).
- Fixed requoting a single percent followed by a percent-encoded character in the Cython implementation.
- Fix ValueError when decoding ``%`` which is not followed by two hexadecimal digits.
- Fix decoding ``%`` followed by a space and hexadecimal digit.
- Fix annotation of ``with_query()``/``update_query()`` methods for ``key=[val1, val2]`` case.
Removal
- Drop Python 3.5 support; Python 3.6 is the minimal supported Python version.
2.10.2 (25.09.2020)
~~~~~~~~~~~~~~~~~~~
* Fix: Avoid use of `icon` class name on userbar icon to prevent clashes
with front-end styles (Karran Besen)
* Fix: Prevent focused button labels from displaying as white on white
(Karran Bessen)
* Fix: Avoid showing preview button on moderation dashboard for page
types with preview disabled (Dino Perovic)
* Fix: Prevent oversized buttons in moderation dashboard panel (Dan
Braghis)
* Fix: `create_log_entries_from_revisions` now handles revisions that
cannot be restored due to foreign key constraints (Matt Westcott)
2.10.1 (26.08.2020)
~~~~~~~~~~~~~~~~~~~
* Fix: Prevent `create_log_entries_from_revisions` command from failing
when page model classes are missing (Dan Braghis)
* Fix: Prevent page audit log views from failing for user models without
a `username` field (Vyacheslav Matyukhin)
* Fix: Fix icon alignment on menu items (Coen van der Kamp)
* Fix: Page editor header bar now correctly shows 'Published' or 'Draft'
status when no revisions exist (Matt Westcott)
* Fix: Prevent page editor from failing when `USE_TZ` is false (Matt
Westcott)
* Fix: Ensure whitespace between block-level elements is preserved when
stripping tags from rich text for search indexing (Matt Westcott)
0.16.1
Fixed
* Support literal IPv6 addresses in URLs.
* Force lowercase headers in ASGI scope dictionaries.
0.16.0
Changed
* Preserve HTTP header casing.
* Drop `response.next()` and `response.anext()` methods in favour of `response.next_request` attribute.
* Closed clients now raise a runtime error if attempting to send a request.
Added
* Add Python 3.9 to officially supported versions.
* Type annotate `__enter__`/`__exit__`/`__aenter__`/`__aexit__` in a way that supports subclasses of `Client` and `AsyncClient`.
0.12.0
Changed
- HTTP header casing is now preserved, rather than always sent in lowercase.
Added
- Add Python 3.9 to officially supported versions.
Fixed
- Gracefully handle a stdlib asyncio bug when a connection is closed while it is in a paused-for-reading state.
3.3.0:
* sync_to_async now defaults to thread-sensitive mode being on
* async_to_sync now works inside of forked processes
* WsgiToAsgi now correctly clamps its response body when Content-Length is set
Gumbo is an implementation of the HTML5 parsing algorithm implemented
as a pure C99 library with no outside dependencies. It's designed to
serve as a building block for other tools and libraries such as
linters, validators, templating languages, and refactoring and analysis
tools.
1.12.3:
Bug Fixes
deps: update setup.py to install httplib2>=0.15.0
1.12.2:
Bug Fixes
add method to close httplib2 connections
1.12.1:
Bug Fixes
deps: require six>=1.13.0
1.12.0:
Features
add quota_project, credentials_file, and scopes support
Documentation
convert print statement to function
remove http from batch execute docs
Upstream changes since 0.56:
1.0:
* Parse body of PATCH requests
* Scientific notation in json
* Log clarification
* Fixed country code when geoip library fail to get geolocation or ip is private/local address
* Fixed issues to setup nxapi on ES5 and added country location on stats and generated whitelists
1.1:
* Fixed various compilation issues
* Fixed valid JSON blocked by Rule ID 15
* Fixed documentation
* Updated libinjection to 3.9.2
* Added Content-type: application/vnd.api+json
* Added JSON logging output for events
* Implemented Whitelist for IPs and CIDRs and support for IPv4 and IPv6
1.1a:
* Fixed 3 vulnerabilities related to the WAF.
* Fixed build on FreeBSD
v0.11.0
New features:
* h11 now stores and makes available the raw header name as
received. In addition h11 will write out header names with the same
casing as passed to it. This allows compatibility with systems that
expect titlecased header names.
* Multiple content length headers are now merged into a single header
if all the values are equal, if any are unequal a LocalProtocol
error is raised (as before).
Backwards **in**\compatible changes:
* Headers added by h11, rather than passed to it, now have titlecased
names. Whilst this should help compatibility it replaces the
previous lowercased header names.
Upstream changes (from 4.0.4) :
* src/cookie.c Fixed an issue with expires
* src/cookies.c Fixed an issue with persistence
* src/version.c Version increment: 4.0.7
* src/init.c Minor bug fix
* src/auth.c Fixed initialization error
* src/version.c Version increment: 4.0.6
* src/creds.c Fixed an initialization problem
* src/cookies.c Fixed locking issue
* src/url.c Fixed an initialization problem
* src/init.c Fixed an initialization problem
* src/memory.c Formatting change
* src/version.c Version increment: 4.0.5
* src/main.c Added -j/--json-output
* src/init.c Added -j/--json-output - force quiet mode
* src/setup.h Added variable for json output
* doc/siegerc.in Added documentation to the config file
* src/url.c Adding DELETE and OPTIONS support.
* src/browser.c Adding DELETE and OPTIONS support.
* src/http.c Correct capitalization for Content-Type & Content-Length
* src/response.c Handle case of incorrect server response header
* README.md Make readme's title nice
* src/page.c Remove needless memset(2)
* src/cookies.c Bug fix - prevent segfault when getenv(HOME) is null
* src/load.c Bug fix - allow content-type override at cmd line
* src/version.c Version increment: 4.0.4r3
* src/url.c Skipped URL escaping for the host and port
* src/version.c Version increment: 4.0.4r2
* src/sock.c Added support for IPv6
* src/url.c Added support for parsing IPv6 addresses
* src/version.c Version increment: 4.0.4r1
Upstream changes (no version published between 4.2.0 and 4.5.0):
* List registered plugins via pelican-plugins command
* Override settings via -e / --extra-settings CLI option flags
* Add settings for custom Jinja globals and tests
* Customize article summary ellipsis via SUMMARY_END_SUFFIX setting
* Customize Typogrify dash handling via new TYPOGRIFY_DASHES setting
* Support Unicode when generating slugs
* Support Asciidoc .adoc file generation in Pelican importer
* Improve user experience when pelican --listen web server is quit
* Improve Invoke tasks template
* Include tests in source distributions
* Switch CI from Travis to GitHub Actions
* Remove support for Python 2.7
Pkgsrc changes:
* package is now incompatible with lang/python27
Changes for 8.5.58:
- For requests containing the Expect: 100-continue header, optional
support has been added to delay sending an intermediate 100 status
response until the servlet reads the request body, allowing the
servlet the opportunity to respond without asking for the request
body. Based on a pull request by malaysf.
- Add support for a read idle timeout and a write idle timeout to the
WebSocket session via custom properties in the user properties
instance associated with the session. Based on a pull request by
sakshamverma.
- Update the packaged version of the Tomcat Native Library to 1.2.25
Changes for 8.5.57:
- Improvements to the creation of OSGi manifests.
- Reduce the memory footprint of closed HTTP/2 streams
Changes for 8.5.56:
- Add support for ALPN on recent OpenJDK 8 releases.
- Add support for the CATALINA_OUT_CMD environment variable that
defines a command to which captured stdout and stderr will be
redirected. For use with, for example, rotatelogs. Patch provided by
Harald Dunkel.
- Be more flexible with respect to the ordering of groups, roles and
users in the tomcat-users.xml file.
Changes for 8.5.55:
- Improve the handling of requests that use an expectation. Do not
disable keep-alive where the response has a non-2xx status code but
the request body has been fully read.
- Change default value separator for property replacement to ":-" due
to possible conflicts. The syntax is now "${name:-default}".
- Update the packaged version of the Tomcat Native Library to 1.2.24.
For full list of changes see
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html
Changes for 9.0.38:
- For requests containing the Expect: 100-continue header, optional
support has been added to delay sending an intermediate 100 status
response until the servlet reads the request body, allowing the
servlet the opportunity to respond without asking for the request
body. Based on a pull request by malaysf.
- Add support for a read idle timeout and a write idle timeout to the
WebSocket session via custom properties in the user properties
instance associated with the session. Based on a pull request by
sakshamverma.
- Update the packaged version of the Tomcat Native Library to 1.2.25
Changes for 9.0.37:
- Implement a significant portion of the TLS environment variables for
the rewrite valve.
- Improvements to the creation of OSGi manifests.
- Reduce the memory footprint of closed HTTP/2 streams
- Improve parsing of RFC 2109 cookies
Changes for 9.0.36:
- Add support for ALPN on recent OpenJDK 8 releases.
- Add support for the CATALINA_OUT_CMD environment variable that
defines a command to which captured stdout and stderr will be
redirected. For use with, for example, rotatelogs. Patch provided by
Harald Dunkel.
- Be more flexible with respect to the ordering of groups, roles and
users in the tomcat-users.xml file
Changes for 9.0.35:
- Improve the handling of requests that use an expectation. Do not
disable keep-alive where the response has a non-2xx status code but
the request body has been fully read.
- Change default value separator for property replacement to ":-" due
to possible conflicts. The syntax is now "${name:-default}".
- Update the packaged version of the Tomcat Native Library to 1.2.24.
### Changed
- Removed debug symbol generation for default make.
- Changed the C standard from gnu99 to c11 because Webkit wants it.
### Fixed
- Fixed bounding box not spanning over whole element.
- Fixed an issue where styled hint labels caused intransparent bounding boxes.
- Fixed a race condition when a tab is closed on NetBSD.
Update pear-HTTP_Request2 package to 2.4.2.
Update
2.4.2 (2020-09-24 18:13 UTC)
Changelog:
Socket adapter could prematurely end receiving the response body due to
fread() call returning an empty string
2.4.1 (2020-08-01 05:16 UTC)
Changelog:
Switch socket to blocking mode when enabling crypto, this fixes HTTPS
requests through proxy with Socket adapter
https://github.com/pear/HTTP_Request2/issues/20
2.4.0 (2020-07-26 13:43 UTC)
Changelog:
* Minimum required version is now PHP 5.6, as using older versions for HTTPS
requests may be insecure
* Removed support for magic_quotes_runtime, as get_magic_quotes_runtime()
was deprecated in PHP 7.4 and the functionality itself was disabled since
PHP 5.4 (bug #23839)
* Socket adapter now uses socket in non-blocking mode, as some configurations
could have problems with timeouts in HTTPS requests (bug #21229)
* Fixed bogus size check error with gzipped responses larger than 4 GiB
uncompressed (bug #21239)
* Use current "Intermediate compatibility" cipher list
* Updated Public Suffix List
The package is now 100% autoload-compatible, when installed with composer it
no longer uses include-path and does not contain require_once statements
0.17.0:
- Dropped py27, py33 and py34 support
0.16.9:
- Added support for JSON type in TypeMap
0.16.8:
- Fixed QuerySelectField.query allowing no results
0.16.7:
- Fixed UnknownTypeException being thrown correctly for unsupported types
0.16.6:
- Added SQLAlchemy 1.2 support
0.16.5:
- Fixed GroupedQuerySelectMultipleField validator to support empty data
0.16.4:
- Fixed GroupedQuerySelectMultipleField validator
0.16.3:
- Fixed ChoiceType conversion for Enums
0.16.2:
- Added GroupedQueryMultipleSelectField
0.16.1:
- Updated SQLAlchemy-Utils requirement to 0.32.6
- Fixed PhoneNumberType conversion
0.16.0:
- Dropped python 2.6 support
- Made PhoneNumberField work correctly together with DataRequired
0.15.0:
- Moved GroupedQuerySelectField from WTForms-Components package to WTForms-Alchemy
- Moved WeekdaysField from WTForms-Components package to WTForms-Alchemy
- Moved PhoneNumberField from WTForms-Components package to WTForms-Alchemy
- Moved Unique validator from WTForms-Components package to WTForms-Alchemy
0.14.0:
- Added QuerySelectField and QuerySelectMultipleField which were deprecated from
WTForms as of version 2.1
0.13.3:
- Removed ClassMap's inheritance sorting. This never really worked properly and resulted in weird undeterministic bugs on Python 3.
0.13.2:
- Added support for callables in type map argument
0.13.1:
- Added flake8 checks
- Added isort checks
- Fixed country import caused by SQLAlchemy-Utils 0.30.0
- Update SQLAlchemy-Utils dependency to 0.30.0
0.10.4:
- Added JSONField
0.10.3:
- Made SelectWidget backwards compatible
0.10.2:
- Made read_only also add disabled attribute
0.10.1:
- Added seconds support for TimeField
0.10.0:
- Moved GroupedQuerySelectField to WTForms-Alchemy
- Moved PhoneNumber to WTForms-Alchemy
- Moved WeekdaysField to WTForms-Alchemy
- Moved Unique validator to WTForms-Alchemy
- Remove AJAXField dependency on SQLAlchemy-Utils
- Added PyPy support
- Fixed IntervalFields to work with intervals 0.6.0
- Updated intervals requirement to 0.6.0
4.0.0:
API Changes (Backward-Incompatible)
Support for Python 2.7 has been removed.
Support for Python 3.4 has been removed.
Support for Python 3.5 has been removed.
Support for PyPy (Python 2.7 compatible) has been removed.
Support for Python 3.8 has been added.
Receiving DATA before HEADERS now raises a ProtocolError (see https://tools.ietf.org/html/rfc7540#section-8.1)
6.0.0:
API Changes (Backward-incompatible)
Introduce HyperframeError base exception class for all errors raised within hyperframe.
Change exception base class of UnknownFrameError to HyperframeError
Change exception base class of InvalidPaddingError to HyperframeError
Change exception base class of InvalidFrameError to HyperframeError
Invalid frames with wrong stream id (zero vs. non-zero) now raise InvalidDataError.
Invalid SETTINGS frames (non-empty but ACK) now raise InvalidDataError.
Invalid ALTSVC frames with non-bytestring field or origin now raise InvalidDataError.
API Changes (Backward-compatible)
Deprecate total_padding - use pad_length instead.
Improve repr() output for all frame classes.
Introduce Frame.explain(data) for quick introspection of raw data.
Bugfixes
Fixed padding parsing for PushPromiseFrame.
Fixed unchecked frame length for PriorityFrame. It now correctly raises InvalidFrameError.
Fixed promised stream id validation for PushPromiseFrame. It now raises InvalidDataError.
Fixed unchecked frame length for WindowUpdateFrame. It now correctly raises InvalidFrameError.
Fixed window increment value range validation. It now raises InvalidDataError.
Fixed parsing of SettingsFrame with mutual exclusion of ACK flag and payload.
Other Changes
Removed support for Python 2.7, 3.4, 3.5, pypy.
Added support for Python 3.8.
v3.10.0
Improvements
Officialy support Django 3.1
Preliminary supoprt for upcoming Django 3.2
Support for pytest-xdist 2.0
Misc
Fix running pytest-django’s own tests against pytest 6.0
3.12.1
Add TokenProxy migration.
3.12.0
Add --file option to generateschema command.
Support tags for OpenAPI schema generation. See the schema docs.
Support customising the operation ID for schema generation. See the schema docs.
Support OpenAPI components for schema generation. See the schema docs.
The following methods on AutoSchema become public API: get_path_parameters, get_pagination_parameters, get_filter_parameters, get_request_body, get_responses, get_serializer, get_paginator, map_serializer, map_field, map_choice_field, map_field_validators, allows_filters. See the schema docs
Add support for Django 3.1's database-agnositic JSONField.
SearchFilter now supports nested search on JSONField and HStoreField model fields.
SearchFilter now supports searching on annotate() fields.
The authtoken model no longer exposes the pk in the admin URL.
Add __repr__ for Request instances.
UTF-8 decoding with Latin-1 fallback for basic auth credentials.
CharField treats surrogate characters as a validation failure.
Don't include callables as default values in schemas.
Improve ListField schema output to include all available child information.
Allow default=False to be included for BooleanField schema outputs.
Include "type" information in ChoiceField schema outputs.
Include "type": "object" on schema objects.
Don't include component in schema output for DELETE requests.
Fix schema types for DecimalField.
Fix schema generation for ObtainAuthToken view.
Support passing context=... to view .get_serializer() methods.
Pass custom code to PermissionDenied if permission class has one set.
Include "example" in schema pagination output.
Default status code of 201 on schema output for POST requests.
Use camelCase for operation IDs in schema output.
Warn if duplicate operation IDs exist in schema output.
Improve handling of decimal type when mapping ChoiceField to a schema output.
Disable YAML aliases for OpenAPI schema outputs.
Fix action URL names for APIs included under a namespaced URL.
Update jQuery version from 3.4 to 3.5.
Fix UniqueTogether handling when serializer fields use source=....
HTTP HEAD requests now set self.action correctly on a ViewSet instance.
Return a valid OpenAPI schema for the case where no API schema paths exist.
Include tests in package distribution.
Allow type checkers to support annotations like ModelSerializer[Author].
Don't include invalid charset=None portion in the request Content-Type header when using APIClient.
Fix \Z/\z tokens in OpenAPI regexs.
Fix PrimaryKeyRelatedField and HyperlinkedRelatedField when source field is actually a property.
Token.generate_key is now a class method.
@action warns if method is wrapped in a decorator that does not preserve information using
3.0.8:
- Added ``use_natural_foreign_keys`` option to ``reversion.register()``.
- Documentation improvments and minor fixes.
- Dropped support for Django 1.11 LTS.
Changelog:
Fixed
Fixed missing content on Blackboard course listings (bug 1665447)
Resolved incorrect scaling of Flash content on HiDPI macOS
systems (bug 1667267)
Fixes for various printing issues (bug 1667342, bug 1667510,
bug 1667723)
Fixed legacy preferences not being properly applied when set
via GPO (bug 1666836)
Fixed Picture-in-Picture controls being visible on audio-only
page elements (bug 1666775)
Fixed high memory growth with addons such as Disconnect installed,
causing browser responsiveness issues over time (bug 1658571)
Various stability improvements (bug 1661485, bug 1664542, bug
1664843)
0.12.1
Changed
Pinning h11 and python-dotenv to min versions
Get docs/index.md in sync with README.md
Fixed
Improve changelog by pointing out breaking changes
Upstream changes:
Django 3.1.2 release notes¶
October 1, 2020
Django 3.1.2 fixes several bugs in 3.1.1.
Bugfixes¶
Fixed a bug in Django 3.1 where FileField instances with a callable storage were not correctly deconstructed (#31941).
Fixed a regression in Django 3.1 where the QuerySet.ordered attribute returned incorrectly True for GROUP BY queries (e.g. .annotate().values()) on models with Meta.ordering. A model’s Meta.ordering doesn’t affect such queries (#31990).
Fixed a regression in Django 3.1 where a queryset would crash if it contained an aggregation and a Q object annotation (#32007).
Fixed a bug in Django 3.1 where a test database was not synced during creation when using the MIGRATE test database setting (#32012).
Fixed a django.contrib.admin.EmptyFieldListFilter crash when using on a GenericRelation (#32038).
Fixed a regression in Django 3.1.1 where the admin changelist filter sidebar would not scroll for a long list of available filters (#31986).
Version 20.9.0
Features
* Pass subprotocols in websockets (both sanic server and ASGI)
* Automatically set test_mode flag on app instance
* Add new unified method for updating app values
* Adds WEBSOCKET_PING_TIMEOUT and WEBSOCKET_PING_INTERVAL configuration values
* httpx version dependency updated, it is slated for removal as a dependency in v20.12
* Added auto, text, and json fallback error handlers (in v21.3, the default will change form html to auto)
Bugfixes
* Resolves exception from unread bytes in stream
Deprecations and Removals
* config.from_envar, config.from_pyfile, and config.from_object are deprecated and set to be removed in v21.3
Developer infrastructure
* Update isort calls to be compatible with new API
* Remove version section from setup.cfg
* Adding --strict-markers for pytest
Improved Documentation
* Add explicit ASGI compliance to the README
0.15.4
Added
* Support direct comparisons between `Headers` and dicts or lists of two-tuples. Eg. `assert response.headers == {"Content-Length": 24}`
Fixed
* Fix automatic `.read()` when `Response` instances are created with `content=<str>`
0.15.3
Fixed
* Fixed connection leak in async client due to improper closing of response streams.
0.15.2
Fixed
* Fixed `response.elapsed` property.
* Fixed client authentication interaction with `.stream()`.
0.15.1
Fixed
* ASGITransport now properly applies URL decoding to the `path` component, as-per the ASGI spec.
0.15.0
Added
* Added support for curio. (Pull https://github.com/encode/httpcore/pull/168)
* Added support for event hooks.
* Added support for authentication flows which require either sync or async I/O.
* Added support for monitoring download progress with `response.num_bytes_downloaded`.
* Added `Request(content=...)` for byte content, instead of overloading `Request(data=...)`
* Added support for all URL components as parameter names when using `url.copy_with(...)`.
* Neater split between automatically populated headers on `Request` instances, vs default `client.headers`.
* Unclosed `AsyncClient` instances will now raise warnings if garbage collected.
* Support `Response(content=..., text=..., html=..., json=...)` for creating usable response instances in code.
* Support instantiating requests from the low-level transport API.
* Raise errors on invalid URL types.
Changed
* Cleaned up expected behaviour for URL escaping. `url.path` is now URL escaped.
* Cleaned up expected behaviour for bytes vs str in URL components. `url.userinfo` and `url.query` are not URL escaped, and so return bytes.
* Drop `url.authority` property in favour of `url.netloc`, since "authority" was semantically incorrect.
* Drop `url.full_path` property in favour of `url.raw_path`, for better consistency with other parts of the API.
* No longer use the `chardet` library for auto-detecting charsets, instead defaulting to a simpler approach when no charset is specified.
Fixed
* Swapped ordering of redirects and authentication flow.
* `.netrc` lookups should use host, not host+port.
Removed
* The `URLLib3Transport` class no longer exists. We've published it instead as an example of [a custom transport class](https://gist.github.com/florimondmanca/d56764d78d748eb9f73165da388e546e).
* Drop `request.timer` attribute, which was being used internally to set `response.elapsed`.
* Drop `response.decoder` attribute, which was being used internally.
* `Request.prepare()` is now a private method.
* The `Headers.getlist()` method had previously been deprecated in favour of `Headers.get_list()`. It is now fully removed.
* The `QueryParams.getlist()` method had previously been deprecated in favour of `QueryParams.get_list()`. It is now fully removed.
* The `URL.is_ssl` property had previously been deprecated in favour of `URL.scheme == "https"`. It is now fully removed.
* The `httpx.PoolLimits` class had previously been deprecated in favour of `httpx.Limits`. It is now fully removed.
* The `max_keepalive` setting had previously been deprecated in favour of the more explicit `max_keepalive_connections`. It is now fully removed.
* The verbose `httpx.Timeout(5.0, connect_timeout=60.0)` style had previously been deprecated in favour of `httpx.Timeout(5.0, connect=60.0)`. It is now fully removed.
* Support for instantiating a timeout config missing some defaults, such as `httpx.Timeout(connect=60.0)`, had previously been deprecated in favour of enforcing a more explicit style, such as `httpx.Timeout(5.0, connect=60.0)`. This is now strictly enforced.
0.14.3
Added
* `http.Response()` may now be instantiated without a `request=...` parameter. Useful for some unit testing cases.
* Add `103 Early Hints` and `425 Too Early` status codes.
Fixed
* `DigestAuth` now handles responses that include multiple 'WWW-Authenticate' headers.
* Call into transport `__enter__`/`__exit__` or `__aenter__`/`__aexit__` when client is used in a context manager style.
0.14.2
Added
* Support `client.get(..., auth=None)` to bypass the default authentication on a clients.
* Support `client.auth = ...` property setter.
* Support `httpx.get(..., proxies=...)` on top-level request functions.
* Display instances with nicer import styles. (Eg. <httpx.ReadTimeout ...>)
* Support `cookies=[(key, value)]` list-of-two-tuples style usage.
Fixed
* Ensure that automatically included headers on a request may be modified.
* Allow explicit `Content-Length` header on streaming requests.
* Handle URL quoted usernames and passwords properly.
* Use more consistent default for `HEAD` requests, setting `allow_redirects=True`.
* If a transport error occurs while streaming the response, raise an `httpx` exception, not the underlying `httpcore` exception.
* Include the underlying `httpcore` traceback, when transport exceptions occur.
0.14.1
Added
* The `httpx.URL(...)` class now raises `httpx.InvalidURL` on invalid URLs, rather than exposing the underlying `rfc3986` exception. If a redirect response includes an invalid 'Location' header, then a `RemoteProtocolError` exception is raised, which will be associated with the request that caused it.
Fixed
* Handling multiple `Set-Cookie` headers became broken in the 0.14.0 release, and is now resolved.
0.14.0
The 0.14 release includes a range of improvements to the public API, intended on preparing for our upcoming 1.0 release.
* Our HTTP/2 support is now fully optional. **You now need to use `pip install httpx[http2]` if you want to include the HTTP/2 dependancies.**
* Our HSTS support has now been removed. Rewriting URLs from `http` to `https` if the host is on the HSTS list can be beneficial in avoiding roundtrips to incorrectly formed URLs, but on balance we've decided to remove this feature, on the principle of least surprise. Most programmatic clients do not include HSTS support, and for now we're opting to remove our support for it.
* Our exception hierarchy has been overhauled. Most users will want to stick with their existing `httpx.HTTPError` usage, but we've got a clearer overall structure now. See https://www.python-httpx.org/exceptions/ for more details.
When upgrading you should be aware of the following public API changes. Note that deprecated usages will currently continue to function, but will issue warnings.
* You should now use `httpx.codes` consistently instead of `httpx.StatusCodes`.
* Usage of `httpx.Timeout()` should now always include an explicit default. Eg. `httpx.Timeout(None, pool=5.0)`.
* When using `httpx.Timeout()`, we now have more concisely named keyword arguments. Eg. `read=5.0`, instead of `read_timeout=5.0`.
* Use `httpx.Limits()` instead of `httpx.PoolLimits()`, and `limits=...` instead of `pool_limits=...`.
* The `httpx.Limits(max_keepalive=...)` argument is now deprecated in favour of a more explicit `httpx.Limits(max_keepalive_connections=...)`.
* Keys used with `Client(proxies={...})` should now be in the style of `{"http://": ...}`, rather than `{"http": ...}`.
* The multidict methods `Headers.getlist()` and `QueryParams.getlist()` are deprecated in favour of more consistent `.get_list()` variants.
* The `URL.is_ssl` property is deprecated in favour of `URL.scheme == "https"`.
* The `URL.join(relative_url=...)` method is now `URL.join(url=...)`. This change does not support warnings for the deprecated usage style.
One notable aspect of the 0.14.0 release is that it tightens up the public API for `httpx`, by ensuring that several internal attributes and methods have now become strictly private.
The following previously had nominally public names on the client, but were all undocumented and intended solely for internal usage. They are all now replaced with underscored names, and should not be relied on or accessed.
These changes should not affect users who have been working from the `httpx` documentation.
* `.merge_url()`, `.merge_headers()`, `.merge_cookies()`, `.merge_queryparams()`
* `.build_auth()`, `.build_redirect_request()`
* `.redirect_method()`, `.redirect_url()`, `.redirect_headers()`, `.redirect_stream()`
* `.send_handling_redirects()`, `.send_handling_auth()`, `.send_single_request()`
* `.init_transport()`, `.init_proxy_transport()`
* `.proxies`, `.transport`, `.netrc`, `.get_proxy_map()`
Some areas of API which were already on the deprecation path, and were raising warnings or errors in 0.13.x have now been escalated to being fully removed.
* Drop `ASGIDispatch`, `WSGIDispatch`, which have been replaced by `ASGITransport`, `WSGITransport`.
* Drop `dispatch=...`` on client, which has been replaced by `transport=...``
* Drop `soft_limit`, `hard_limit`, which have been replaced by `max_keepalive` and `max_connections`.
* Drop `Response.stream` and` `Response.raw`, which have been replaced by ``.aiter_bytes` and `.aiter_raw`.
* Drop `proxies=<transport instance>` in favor of `proxies=httpx.Proxy(...)`.
Added
* Added dedicated exception class `httpx.HTTPStatusError` for `.raise_for_status()` exceptions.
* Added `httpx.create_ssl_context()` helper function.
* Support for proxy exlcusions like `proxies={"https://www.example.com": None}`.
* Support `QueryParams(None)` and `client.params = None`.
Changed
* Use `httpx.codes` consistently in favour of `httpx.StatusCodes` which is placed into deprecation.
* Usage of `httpx.Timeout()` should now always include an explicit default. Eg. `httpx.Timeout(None, pool=5.0)`.
* Switch to more concise `httpx.Timeout()` keyword arguments. Eg. `read=5.0`, instead of `read_timeout=5.0`.
* Use `httpx.Limits()` instead of `httpx.PoolLimits()`, and `limits=...` instead of `pool_limits=...`.
* Keys used with `Client(proxies={...})` should now be in the style of `{"http://": ...}`, rather than `{"http": ...}`.
* The multidict methods `Headers.getlist` and `QueryParams.getlist` are deprecated in favour of more consistent `.get_list()` variants.
* `URL.port` becomes `Optional[int]`. Now only returns a port if one is explicitly included in the URL string.
* The `URL(..., allow_relative=[bool])` parameter no longer exists. All URL instances may be relative.
* Drop unnecessary `url.full_path = ...` property setter.
* The `URL.join(relative_url=...)` method is now `URL.join(url=...)`.
* The `URL.is_ssl` property is deprecated in favour of `URL.scheme == "https"`.
Fixed
* Add missing `Response.next()` method.
* Ensure all exception classes are exposed as public API.
* Support multiple items with an identical field name in multipart encodings.
* Skip HSTS preloading on single-label domains.
* Fixes for `Response.iter_lines()`.
* Ignore permission errors when accessing `.netrc` files.
* Allow bare hostnames in `HTTP_PROXY` etc... environment variables.
* Settings `app=...` or `transport=...` bypasses any environment based proxy defaults.
* Fix handling of `.base_url` when a path component is included in the base URL.
0.11.1
Fixed
- Add await to async semaphore release() coroutine
- Drop incorrect curio classifier
0.11.0
The Transport API with 0.11.0 has a couple of significant changes.
Firstly we've moved changed the request interface in order to allow extensions, which will later enable us to support features
such as trailing headers, HTTP/2 server push, and CONNECT/Upgrade connections.
The interface changes from:
```python
def request(method, url, headers, stream, timeout):
return (http_version, status_code, reason, headers, stream)
```
To instead including an optional dictionary of extensions on the request and response:
```python
def request(method, url, headers, stream, ext):
return (status_code, headers, stream, ext)
```
Having an open-ended extensions point will allow us to add later support for various optional features, that wouldn't otherwise be supported without these API changes.
In particular:
* Trailing headers support.
* HTTP/2 Server Push
* sendfile.
* Exposing raw connection on CONNECT, Upgrade, HTTP/2 bi-di streaming.
* Exposing debug information out of the API, including template name, template context.
Currently extensions are limited to:
* request: `timeout` - Optional. Timeout dictionary.
* response: `http_version` - Optional. Include the HTTP version used on the response.
* response: `reason` - Optional. Include the reason phrase used on the response. Only valid with HTTP/1.*.
See https://github.com/encode/httpx/issues/1274#issuecomment-694884553 for the history behind this.
Secondly, the async version of `request` is now namespaced as `arequest`.
This allows concrete transports to support both sync and async implementations on the same class.
Added
- Add curio support.
- Add anyio support, with `backend="anyio"`.
Changed
- Update the Transport API to use 'ext' for optional extensions.
- Update the Transport API to use `.request` and `.arequest` so implementations can support both sync and async.
0.10.2
Added
- Added Unix Domain Socket support.
Fixed
- Always include the port on proxy CONNECT requests.
- Fix `max_keepalive_connections` configuration.
- Fixes behaviour in HTTP/1.1 where server disconnects can be used to signal the end of the response body.
0.10.1
- Include `max_keepalive_connections` on `AsyncHTTPProxy`/`SyncHTTPProxy` classes.
0.10.0
The most notable change in the 0.10.0 release is that HTTP/2 support is now fully optional.
Use either `pip install httpcore` for HTTP/1.1 support only, or `pip install httpcore[http2]` for HTTP/1.1 and HTTP/2 support.
Added
- HTTP/2 support becomes optional.
- Add `local_address=...` support.
- Add `PlainByteStream`, `IteratorByteStream`, `AsyncIteratorByteStream`. The `AsyncByteSteam` and `SyncByteStream` classes are now pure interface classes.
- Add `LocalProtocolError`, `RemoteProtocolError` exceptions.
- Add `UnsupportedProtocol` exception.
- Add `.get_connection_info()` method.
- Add better TRACE logs.
Changed
- `max_keepalive` is deprecated in favour of `max_keepalive_connections`.
Fixed
- Improve handling of server disconnects.
Upstream changes:
3.9.2
General fixes and improvements
MDL-63375 - Workshop rubric display issue in grid view
MDL-60574 - Atto editor undo/redo (crtl-y/z) can sometimes wipe all content
MDL-26401 - Byte order mark at the beginning of import groups file fail the process with the confusing error message
MDL-51709 - Gradebook single view has a hard coded name format in grade view
MDL-40227 - Numerical question in lesson - decimal fractions problem
MDL-66665 - Reopened assignment shown as graded by student themselves
MDL-61215 - Badge and user profile picture using an svg file doesn't display
MDL-66810 - Allow microphone and camera to be accessed from content iframe
MDL-69079 - Activity chooser does not display if site contains plugins missing from disk
MDL-68178 - Email-based self-registration confirmation email is not re-sent
MDL-67831 - The Message reply box is not fixed
MDL-66670 - list bullet points are cut off in some browsers
MDL-69246 - Question manual grading: floating point issues can lead to valid grades being rejected
MDL-65819 - Contact request email must respect the receiver's language
MDL-68715 - Condition: "Completion of other courses" is set without the course creator intervention
MDL-52052 - Import grades with an empty identifier causes bad upload but it doesn't show error message
MDL-55340 - Export labels from feedback
MDL-67671 - Backup step 2 show type options missing activity names
MDL-67440 - \core\task\analytics_cleanup_task extremely slow on Postgres site.
MDL-68210 - Unable to edit user overrides if assignment is not available to student
MDL-66900 - "Alternate image" gets removed upon editing course category settings.
MDL-66755 - After editing a forum post, a user is unsubscribed from the discussion
MDL-66626 - Assignfeedback_editpdf sending infinite request when page ready is not equal to page number of combined pdf
MDL-69297 - File-based Assignments shouldn't accept submissions without any files
MDL-69168 - Recently Accessed Items block uses stock LTI icon even if it has been customized
MDL-69215 - load_fontawesome_icon_map web service does not respect current theme
MDL-69414 - 3.9 regression - "Drag and drop onto image" flips in RTL lang.
MDL-69336 - Collapsing columns in dynamic tables no longer functions
MDL-55299 - Single and double quotes encoded in HTML characters in downloaded files
MDL-68618 - Forum idnumber update not working
MDL-68558 - Admin can get stuck on the Plugin dependencies check failure page
MDL-68444 - Calendar accessibility followups
MDL-69401 - Book's chapter title not showing max length limit
MDL-69358 - The 'backup_cleanup_task' task deletes records related to incompleted adhoc tasks
MDL-69375 - LTI Names and Roles Provisioning Service generates Link headers with incorrect format
MDL-66818 - Portfolio "export whole discussion" button should not be visible if the user has inadequate permissions
MDL-66707 - Forum too eager to mark messages as read (threaded view)
MDL-69296 - Pressing cancel on a resource activity settings page may result in a file download
MDL-69241 - Participants page pagination doesn't reset when applying filters
MDL-69199 - Complete user report incorrectly shows last modified time of quiz attempts, not time submitted
MDL-69112 - Underscore in folder name breaks assign feedback multi-upload
MDL-69089 - Content bank allows empty names
MDL-69069 - Insufficient colour contrast for in-place editable and drag and drop upload status
MDL-69054 - Edit button for badge backpack not displayed when version is OBv1.0
MDL-68964 - Swapping theme in chat window causing notice error
MDL-68889 - Recently accessed courses not functioning on small view ports
MDL-68731 - Forum digest processing does not mark posts as read
MDL-68706 - Course Custom field text area cant be emptied
MDL-42434 - Chat activity needs user help
MDL-69448 - Course Copy in 3.9 and 3.9.1 not working for teacher with extended permissions
MDL-69204 - User A can see the privacy and policies + data retention summary link on user B's profile page
MDL-69645 - Preferences window can be opened on Safe Exam Browser Mac clients during quizzes using manual configuration
Accessibility improvements
MDL-69394 - Insufficient colour contrast for calendar event colour indicators
MDL-68344 - File Picker: focus lost on upload
MDL-69391 - Some dropdown menus have insufficient colour contrast between text and background
MDL-69389 - Insufficient colour contrast between link text and normal text
MDL-69387 - Completion checkbox images don't have sufficient colour contrast
MDL-69214 - Error reading database on Participants page if site:accessallgroups is set to prohibit
MDL-69115 - Course and category management page accessibility followups
MDL-69114 - Insufficient colour contrast for .*-info classes
MDL-69111 - Forum grading panel cannot be used when zoomed to 400%
For developers
MDL-69068 - Allow behat generators to be pivoted
Security fixes
MSA-20-0011 Stored XSS via moodlenetprofile parameter in user profile
MSA-20-0012 Reflected XSS in tag manager
MSA-20-0013 "Log in as" capability in a course context may lead to some privilege escalation
MSA-20-0014 Denial of service risk in file picker unzip functionality
MSA-20-0015 Chapter name in book not always escaped with forceclean enabled
3.9.1
General fixes and improvements
MDL-60827 - OAuth 2 still expecting email verification after "Require email verification" has been disabled
MDL-68436 - Atto RecordRTC (record audio/video) plugin only works in the first editor on a page
MDL-69049 - Moodle 3.9 upgrade fails due to missing column in privacy plugins if standalone GDPR plugins were used
MDL-69106 - convert_submissions task with asynchronous document conversion cannot be completed by cron
MDL-69109 - Theme icons are lost after web upgrade in 3.9 or theme change in other versions
MDL-68992 - Update minimal age of digital consent according to current legislation
MDL-68215 - Make the Activity results block styling consistent with other blocks
MDL-69110 - Sorting does not work anymore in non-dynamic tables
MDL-66899 - Regrading quiz attempts should be logged
MDL-69077 - The capabilities moodle/question:tag* are not visible in the "Check permissions" page in the activity context
MDL-69021 - Alert links hard to distinguish
MDL-69099 - Some scheduled tasks are incorrectly labelled as "Disabled"
MDL-67294 - Choosing bulk removal of empty submissions causes an error
MDL-69031 - Missing Moodle app disable features settings for 3.9
Accessibility improvements
MDL-69008 - Accessibility issues in the pagination bar template
Security improvements
MDL-69047 - Content bank status message should be hard coded
Security fixes
MSA-20-0008 Reflected XSS in admin task logs filter
MSA-20-0009 Course enrolments allowed privilege escalation from teacher role into manager role
MSA-20-0010 yui_combo should mitigate denial of service risk
3.9
Please visit: https://docs.moodle.org/dev/Moodle_3.9_release_notes#
