Drupal 7.14 2012-05-02
----------------------
- Fixed "integrity constraint" fatal errors when rebuilding registry.
- Fixed custom logo and favicon functionality referencing incorrect paths.
- Fixed DB Case Sensitivity: Allow BINARY attribute in MySQL.
- Split field_bundle_settings out per bundle.
- Improve UX for machine names for fields (UI change).
- Fixed User pictures are not removed properly.
- Fixed HTTPS sessions not working in all cases.
- Fixed Regression: Required radios throw illegal choice error when none
selected.
- Fixed allow autocompletion requests to include slashes.
- Eliminate $user->cache and {session}.cache in favor of
$_SESSION['cache_expiration'][$bin] (Performance).
- Fixed focus jumps to tab when pressing enter on a form element within tab.
- Fixed race condition in locale() - duplicates in {locales_source}.
- Fixed Missing "Default image" per field instance.
- Quit clobbering people's work when they click the filter tips link
- Form API #states: Fix conditionals to allow OR and XOR constructions.
- Fixed Focus jumps to tab when pressing enter on a form element within tab.
(Accessibility)
- Improved performance of node_access queries.
- Fixed Fieldsets inside vertical tabs have no title and can't be collapsed.
- Reduce size of cache_menu table (Performance).
- Fixed unnecessary aggregation of CSS/JS (Performance).
- Fixed taxonomy_autocomplete() produces SQL error for nonexistent field.
- Fixed HTML filter is not run first by default, despite default weight.
- Fixed Overlay does not work with prefixed URL paths.
- Better debug info for field errors (string change).
- Fixed Data corruption in comment IDs (results in broken threading on
PostgreSQL).
- Fixed machine name not editable if every character is replaced.
- Fixed user picture not appearing in comment preview (Markup change).
- Added optional vid argument for taxonomy_get_term_by_name().
- Fixed Invalid Unicode code range in PREG_CLASS_UNICODE_WORD_BOUNDARY fails
with PCRE 8.30.
- Fixed {trigger_assignments()}.hook has only 32 characters, is too short.
- Numerous fixes to run-tests.sh.
- Fixed Tests in profiles/[name]/modules cannot be run and cannot use a
different profile for running tests.
- Numerous JavaScript performance fixes.
- Numerous documentation fixes.
- Fixed All pager links have an 'active' CSS class.
- Numerous upgrade path fixes; notably:
- system_update_7061() fails on inserting files with same name but different
case.
- system_update_7061() converts filepaths too aggressively.
- Trigger upgrade path: Node triggers removed when upgrading to 7-x from 6.25.
- Add PHP 5.4 support (Dmitry, Anatoliy, Pierre)
- Fixed bug #22679: Fix apc_bin_dump for constants. Use IS_CONSTANT_TYPE_MASK
to handle all the constants, including the unqalified ones (instead of
~IS_CONSTANT_INDEX check)
- Fixed bug #23822, php crashes on apache restart
Patches from Bernd Ernesti on pkgsrc-users.
Changelog:
The following problems are fixed.
* Security fixes
* extensions.checkCompatibility.* prefs didn't work as expected
in ESR releases (734848)
* Firefox ESR 10.0.3 opened "Whats New" page after update (737535)
=== 2.4
* Security fix:
Mechanize#auth and Mechanize#basic_auth allowed disclosure of passwords to
malicious servers and have been removed.
In prior versions of mechanize only one set of HTTP authentication
credentials were allowed for all connections. If a mechanize instance
connected to more than one server then a malicious server detecting
mechanize could ask for HTTP Basic authentication. This would expose the
username and password intended only for one server.
Mechanize#auth and Mechanize#basic_auth now warn when used.
To fix the warning switch to Mechanize#add_auth which requires at the URI
the credentials are intended for, the username and the password.
Optionally an HTTP authentication realm or NTLM domain may be provided.
* Minor enhancement
* Improved exception messages for 401 Unauthorized responses. Mechanize now
tells you if you were missing credentials, had an incorrect password, etc.
Changelog
* The Redis adapter (Ramaze::Cache::Redis) has been fixed so that it works
with sessions, previously this would result in "Can't convert into symbol"
errors and the like. This problem was caused by not encoding data using
Marshal. Thanks to EdvardM for reporting the issue.
* The Redis cache adapter namespaces keys just like the other adapters.
* Ramaze::Cache::MemCache has been updated for the latest version of Dalli and
should no longer display deprecation warnings. The minimum required version
of Dalli has been set to at least 2.0.2.
* Various documentation improvements and additions.
* The HTML of the pagination helper can now be customized, thanks to Leucos
and bougyman for adding it.
=== unicorn 4.3.1 - shutdown() fixes / 2012-04-29 07:04 UTC
* Call shutdown(2) if a client EOFs on us during upload.
We can avoid holding a socket open if the Rack app forked a
process during uploads.
* ignore potential Errno::ENOTCONN errors (from shutdown(2)).
Even on LANs, connections can occasionally be accept()-ed but
be unusable afterwards.
Thanks to Joel Nimety <jnimety@continuity.net>,
Matt Smith <matt@nearapogee.com> and George <lists@southernohio.net>
on the mongrel-unicorn@rubyforge.org mailing list for their
feedback and testing for this release.
=== unicorn 4.3.0 - minor fixes and updates / 2012-04-17 21:51 UTC
* PATH_INFO (aka REQUEST_PATH) increased to 4096 (from 1024).
This allows requests with longer path components and matches
the system PATH_MAX value common to GNU/Linux systems for
serving filesystem components with long names.
* Apps that fork() (but do not exec()) internally for background
tasks now indicate the end-of-request immediately after
writing the Rack response.
Thanks to Hongli Lai, Lawrence Pit, Patrick Wenger and Nuo Yan
for their valuable feedback for this release.
=== unicorn 4.2.1 - minor fix and doc updates / 2012-03-26 21:39 UTC
* Stale pid files are detected if a pid is recycled by processes
belonging to another user, thanks to Graham Bleach.
* nginx example config updates thanks to to Eike Herzbach.
* KNOWN_ISSUES now documents issues with apps/libs that install
conflicting signal handlers.
3.1.16
* Fix some bugs in sass-convert selector parsing when converting from CSS.
* Substantially improve compilation performance on Ruby 1.8.
* Support the @-moz-document directive¡Çs non-standard url-prefix and domain
function syntax.
* Support the @supports directive.
* Fix a performance issue when using /*! */ comments with the Rails asset
pipeline.
* Support -moz-element.
* Properly handle empty lists in sass-convert.
* Move from FSSM to Listen for file-system monitoring.
=== 2.6 / 2010-03-26
* Minor enhancement
* Net::HTTP::Persistent#idle_timeout may be set to nil to disable expiration
of connections. Pull Request #21 by Aaron Stone
## 2.0.2 (03 April 2012)
- Updated to jQuery 1.7.2
- Updated to jQuery UI 1.8.18
- Updated to latest jquery-ujs
- Override provided for obtaining `href`
- Edit `crossDomain` and `dataType` from `ajax:before` event
## Rails 3.2.3 (unreleased) ##
* Remove the leading \n added by textarea on assert_select. *Santiago Pastorino*
* Fix#5632, render :inline set the proper rendered format. *Santiago Pastorino*
* Fix textarea rendering when using plugins like HAML. Such plugins encode the first newline character in the content. This issue was introduced in https://github.com/rails/rails/pull/5191 *James Coleman*
* Add `config.action_view.embed_authenticity_token_in_remote_forms` (defaults to true) which allows to set if authenticity token will be included by default in remote forms. If you change it to false, you can still force authenticity token by passing `:authenticity_token => true` in form options *Piotr Sarnacki*
* Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value *DHH*
* Turn off verbose mode of rack-cache, we still have X-Rack-Cache to
check that info. Closes#5245. *Santiago Pastorino*
* Fix#5238, rendered_format is not set when template is not rendered. *Piotr Sarnacki*
* Upgrade rack-cache to 1.2. *José Valim*
* ActionController::SessionManagement is deprecated. *Santiago Pastorino*
* Since the router holds references to many parts of the system like engines, controllers and the application itself, inspecting the route set can actually be really slow, therefore we default alias inspect to to_s. *José Valim*
* Add a new line after the textarea opening tag. Closes#393 *Rafael Mendonça França*
* Always pass a respond block from to responder. We should let the responder to decide what to do with the given overridden response block, and not short circuit it. *sikachu*
* Fixes layout rendering regression from 3.2.2. *José Valim*
* Remove unused option.
* Restore jemalloc option.
Changelog:
* The File and Move Bookmarks dialogs are resizable now.
* HTML5 videos that do not start automatically show a large play button now.
* Add-ons Sync can now be configured without the Add-ons Sync Prefs add-on.
* Pasting a URL from the clipboard into the Download Manager window will
download it.
* Plugins can be disabled for the whole suite now in addition to
Mail & Newsgroups only.
* View Source now has line numbers.
* Line breaks are now supported in the title attribute.
* Find in Page search results are scrolled into view now.
* The column-fill CSS property has been implemented.
* Support for the text-align-last CSS property has been added.
* Experimental support for ECMAScript 6 Map and Set objects has been
implemented.
* Fixed several stability issues.
Changelog:
* Page Source now has line numbers
* Line breaks are now supported in the title attribute
* Improvements to "Find in Page" to center search result
* URLs pasted into the download manager window are now automatically downloaded
* Support for the text-align-last CSS property has been added
* Various security fixes
* Some TinyMCE-based editors failed to load (739141)
Upstream changes:
Highlights
MDL-27891 Tag flagging is now logged
Functional changes
MDL-31095 Quiz max grade maintained when adding and removing questions
MDL-30031 Quiz Adaptive mode ignores invalid answers without penalty
Security issues
MSA-12-0013 - Database activity export permission issue
MSA-12-0014 - Password and Web services issue
MSA-12-0015 - Backup and private files issue
MSA-12-0016 - Default repository capabilities issue
MSA-12-0017 - Personal information leak issue
MSA-12-0018 - Course information leak in Gradebook export
MSA-12-0019 - Overview report and hidden course issue
MSA-12-0020 - Forum subscription permission issue
MSA-12-0021 - Course information leak through tags
MSA-12-0022 - Security conflict in Web services
Fixes and improvements
MDL-31248 Change to RC4 encryption is now backwards compatible
- Note: all users will need to log in to set a new cookie after this update
MDL-31213 Problem with new password form was fixed
MDL-29254 Problem adding blog entries after an update from 1.9 was resolved
MDL-22896 Forum messages with ampersands are now sent correctly by email
MDL-27793 Login names now appear consistently in all themes across all languages
MDL-26037 When importing in a site with lots of courses, all courses are checked
MDL-30484 Regrading quiz causes essay attachments to disappear
MDL-28364 Correct import formats accepted when importing questions
MDL-31407 Quiz grades are saved properly when the submitter is not the user taking the quiz
MDL-31876, MDL-31495 Quiz performance improvements have been made
Three external libraries included in WordPress received security updates:
* Plupload (version 1.5.4), which WordPress uses for uploading media.
* SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
* SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
WordPress 3.3.2 also addresses:
* Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
* Cross-site scripting vulnerability when making URLs clickable.
* Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
2012-02-16 HTTP-Message 6.03
Support 'bzip2' as alternative to Content-Encoding: x-bzip2. Some
servers seem to return it.
Make newlines in forms be "\r\n" terminated.
Added some more status codes.
Restore perl-5.8.1 compatiblity.
2012-03-25 Gisle Aas <gisle@ActiveState.com>
Release 1.60
Gisle Aas (3):
Merge pull request #4 from hiratara/fix-repourl
Updated repository URL
Avoid failure if the local hostname is 'foo' [RT#75519]
Masahiro Honma (1):
Fix the URL of the repository.
Matt Lawrence (1):
Do not reverse the order of new parameters
Peter Rabbitson (1):
Fix RT#59274 - courtesy of a stupid 5.8.[12] join bug
* Remove dead link from plugins/teximg. Closes: #664885
* inline: When the pagenames list includes pages that do not exist, skip
them.
* meta: Export author information in html <meta> tag. Closes: #664779
Thanks, Martin Michlmayr
* notifyemail: New plugin, sends email notifications about new and
changed pages, and allows subscribing to comments.
* Added a "changes" hook. Renamed the "change" hook to "rendered", but
the old hook name is called for now for back-compat.
* meta: Support keywords header. Closes: #664780
Thanks, Martin Michlmayr
* passwordauth: Fix url in password recovery email to be absolute.
* httpauth: When it's the only auth method, avoid a pointless and
confusing signin form, and go right to the httpauthurl.
* rename: Allow rename to be started not from the edit page; return to
the renamed page in this case.
* remove: Support removing of pages in the transient underlay. (smcv)
* inline, trail: The pagenames parameter is now a list of absolute
pagenames, not relative wikilink type names. This is necessary to fix
a bug, and makes pagenames more consistent with the pagespec used
in the pages parameter. (smcv)
* link: Fix renaming wikilinks that contain embedded urls.
* graphviz: Handle self-links.
* trail: Improve CSS, also display trail links at bottom of page,
and a bug fix. (smcv)
Add dependency on p5-HTML-Tree, suggested by Matthias Rampke in PR pkg/45688.
