Perform common useful JavaScript operations in Shiny apps that will
greatly improve your apps without having to know any JavaScript.
Examples include: hiding an element, disabling an input, resetting an
input back to its original value, delaying code execution by a few
seconds, and many more useful functions for both the end user and the
developer. 'shinyjs' can also be used to easily call your own custom
JavaScript functions from R.
Makes it incredibly easy to build interactive web applications with R.
Automatic "reactive" binding between inputs and outputs and extensive
prebuilt widgets make it possible to build beautiful, responsive, and
powerful applications with minimal effort.
Provides low-level socket and protocol support for handling HTTP and
WebSocket requests directly from within R. It is primarily intended as
a building block for other packages, rather than making it
particularly easy to create complete web applications using httpuv
alone. httpuv is built on top of the libuv and http-parser C
libraries, both of which were developed by Joyent, Inc. (See LICENSE
file for libuv and http-parser license information.)
Useful tools for working with HTTP organised by HTTP verbs (GET(),
POST(), etc). Configuration functions make it easy to control
additional request components (authenticate(), add_headers() and so
on).
The canonical form [1] of an R package Makefile includes the
following:
- The first stanza includes R_PKGNAME, R_PKGVER, PKGREVISION (as
needed), and CATEGORIES.
- HOMEPAGE is not present but defined in math/R/Makefile.extension to
refer to the CRAN web page describing the package. Other relevant
web pages are often linked from there via the URL field.
This updates all current R packages to this form, which will make
regular updates _much_ easier, especially using pkgtools/R2pkg.
[1] http://mail-index.netbsd.org/tech-pkg/2019/08/02/msg021711.html
3.2.1:
* sys.exc_info() is now propagated across thread boundaries
3.2.0:
* New "thread_sensitive" argument to SyncToAsync allows for pinning of code into
the same thread as other thread_sensitive code.
* Test collection on Python 3.7 fixed
Django 2.2.4:
* CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator
* CVE-2019-14233: Denial-of-service possibility in strip_tags()
* CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField
* CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri()
* Fixed a regression in Django 2.2 when ordering a QuerySet.union(), intersection(), or difference() by a field type present more than once results in the wrong ordering being used
* Fixed a migration crash on PostgreSQL when adding a check constraint with a contains lookup on DateRangeField or DateTimeRangeField, if the right hand side of an expression is the same type
* Fixed a regression in Django 2.2 where auto-reloader crashes if a file path contains nulls characters ('\x00')
* Fixed a regression in Django 2.2 where auto-reloader crashes if a translation directory cannot be resolved
Django 1.11.23:
* CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator
* CVE-2019-14233: Denial-of-service possibility in strip_tags()
* CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField
* CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri()
Version 0.15.5
- Fix a TypeError due to changes to ast.Module in Python 3.8.
- Fix a C assertion failure in debug builds of some Python 2.7
releases.
- :class:~exceptions.BadRequestKeyError adds the KeyError
message to the description if e.show_exception is set to
True. This is a more secure default than the original 0.15.0
behavior and makes it easier to control without losing information.
- Upgrade the debugger to jQuery 3.4.1.
- Work around an issue in some external debuggers that caused the
reloader to fail.
- Work around an issue where the reloader couldn't introspect a
setuptools script installed as an egg.
- The reloader will use sys.executable even if the script is
marked executable, reverting a behavior intended for NixOS
introduced in 0.15. The reloader should no longer cause
OSError: [Errno 8] Exec format error.
- SharedDataMiddleware safely handles paths with Windows drive
names.
3.21.0
Require flask 1.0 or greater
Move docs to pallets-sphinx-themes
Add a new JWT_DECODE_ISSUER option for use with other JWT providers
Gracefully handle errors for malformed tokens
BREAKING
* Better logging (#6038) (#6095)
SECURITY
* Shadow the password on cache and session config on admin panel (#7300)
* Fix markdown invoke sequence (#7513) (#7560)
* Reserve .well-known username (#7638)
* Do not leak secrets via timing side channel (#7364)
* Ensure that decryption of cookie actually suceeds (#7363)
FEATURE
* Content API for Creating, Updating, Deleting Files (#6314)
* Enable tls-alpn-01: Use certmanager provided TLSConfig for LetsEncrypt (#7229)
* Add command to convert mysql database from utf8 to utf8mb4 (#7144)
* Fixes#2738 - Adds the /git/tags API endpoint (#7138)
* Compare branches, commits and tags with each other (#6991)
* Show Pull Request button or status of latest PR in branch list (#6990)
* Repository avatars (#6986)
* Show git-notes (#6984)
* Add commit statuses reports on pull request view (#6845)
* Number of commits ahead/behind in branch overview (#6695)
* Add CLI commands to manage LDAP authentication source (#6681)
* Add support for MS Teams webhooks (#6632)
* OAuth2 Grant UI (#6625)
* Add SUBJECT_PREFIX mailer config option (#6605)
* Include custom configuration file in dump (#6516)
* Add API for manipulating Git hooks (#6436)
* Improve migrations to support migrating milestones/labels/issues/comments/pullrequests (#6290)
* Add option to blame files (#5721)
* Implement Default Webhooks (#4299)
* Telegram webhook (#4227)
BUGFIXES
* Send webhook after commit when creating issue with assignees (#7681) (#7684)
* Upgrade macaron/captcha to fix random error problem (#7407) (#7683)
* Move add to hook queue for created repo to outside xorm session. (#7682) (#7675)
* Show protection symbol if needed on default branch (#7660) (#7668)
* Hide delete/restore button on archived repos (#7660)
* Fix bug on migrating milestone from github (#7665) (#7666)
* Use flex to fix floating paginate (#7656) (#7662)
* Change length of some repository's columns (#7652) (#7655)
* Fix wrong email when use gitea as OAuth2 provider (#7640) (#7647)
* Fix syntax highlight initialization (#7617) (#7626)
* Fix bug create/edit wiki pages when code master branch protected (#7580) (#7623)
* Fix panic on push at #7611 (#7615) (#7618)
* Handle ErrUserProhibitLogin in http git (#7586, #7591) (#7590)
* Fix color of split-diff view in dark theme (#7587) (#7589)
* Fix file header overflow in file and blame views (#7562) (#7579)
* Malformed URLs in API git/commits response (#7565) (#7567)
* Fix empty commits now showing in repo overview (#7521) (#7563)
* Fix repository's pull request count error (#7518) (#7524)
* Remove duplicated webhook trigger (#7511) (#7516)
* Handles all redirects for Web UI File CRUD (#7478) (#7507)
* Fix regex for issues in commit messages (#7444) (#7466)
* cmd/serv: actually exit after fatal errors (#7458) (#7460)
* Fix an issue with some pages throwing 'not defined' js exceptions #7450 (#7453)
* Fix Dropzone.js integration (#7445) (#7448)
* Create class for inline positioned lists (#7439) (#7393)
* Diff: Fix indentation on unhighlighted code (#7435) (#7443)
* jQuery 3 (#7442) (#7425)
* Only show "New Pull Request" button if repo allows pulls (#7426) (#7432)
* Fix vendor references (#7394) (#7396)
* Only return head: null if source branch was deleted (#6705) (#7376)
* Add missing template variable on organisation settings (#7386) (#7385)
* Fix post parameter on issue list which had unset assignee (#7380) (#7383)
* Fix migration tests due to issue 7 being resolved (#7375) (#7381)
* Correctly adjust mirror url (#6593)
* Handle early git version's lack of get-url (#7065)
* Fix icon position in issue view (#7354)
* Cut timeline length with last element on issue view (#7355)
* Fix mirror repository webhooks (#7366)
* Fix api route for hooks (#7346)
* Fix bug conflict between SyncReleasesWithTags and InsertReleases (#7337)
* Fix pull view ui merge section (#7335)
* Fix 7303 - remove unnessesary buttons on archived repos (#7326)
* Fix topic bar to allow prefixes (#7325)
* Fixes#7152 - Allow create/update/delete message to be empty, use default message (#7324)
* Fixes#7238 - Annotated tag commit ID incorrect (#7321)
* Dark theme fixes (#7319)
* Gitea own dark codemirror theme (#7317)
* Fixes#7292 - API File Contents bug (#7301)
* Fix API link header (#7298)
* Fix extra newlines when copying from diff in Firefox (#7288)
* Make diff line-marker non-selectable (#7279)
* Fix Submodule dection in subdir (#7275)
* Fix error log when loading issues caused by a xorm bug (#7271)
* Add .fa icon margin like .octicon (#7258)
* Fix hljs unintenionally highlighting commit links (#7244)
* Only check and config git on web subcommand but not others (#7236)
* Fix migration panic when Head.User is not exist (#7226)
* Only warn on errors in deleting LFS orphaned files during repo deletion (#7213)
* Fix duplicated file on pull request conflicted files (#7211)
* Allow colon between fixing word and issue (#7207)
* Fix overflow issues in repo (#7190)
* API error cleanup (#7186)
* Add error for fork already existing (#7185)
* Fixes diff on merged pull requests (#7171)
* If milestone id is zero don't get it from database (#7169)
* Fix pusher name via ssh push (#7167)
* Fix database lock when use random repository fallback image (#7166)
* Various fixes for issue mail notifications (#7165)
* Allow archived repos to be (un)starred and (un)watched (#7163)
* Fix GCArgs load from ini (#7156)
* Detect noreply email address as user (#7133)
* Avoid arbitrary format strings upon calling fail() function (#7112)
* Validate External Tracker URL Format (#7089)
* Repository avatar fallback configuration (#7087)
* Fix#732: Add LFS objects to base repository on merging (#7082)
* Install page - Handle invalid administrator username better (#7060)
* Workaround for posting single comments in split diff view (#7052)
* Fix possbile mysql invalid connnection error (#7051)
* Fix charset was not saved after installation finished (#7048)
* Handle insecure and ports in go get (#7041)
* Avoid bad database state after failed migration (#7040)
* Fix wrong init dependency on markup extensions (#7038)
* Fix default for allowing new organization creation for new users (#7017)
* Fix content download and /verify LFS handler expecting wrong content-type (#7015)
* Fix missing repo description when migrating (#7000)
* Fix LFS Locks over SSH (#6999)
* Do not attempt to return blob on submodule (#6996)
* Fix U2F for Chrome >= 74 (#6980)
* Fix index produces problem when issues/pulls deleted (#6973)
* Allow collaborators to view repo owned by private org (#6965)
* Stop running hooks on pr merge (#6963)
* Run hooks on merge/edit and cope with protected branches (#6961)
* Webhook Logs show proper HTTP Method, and allow change HTTP method in form (#6953)
* Stop colorizing log files by default (#6949)
* Rotate serv.log, http.log and hook logs and stop stacktracing in these (#6935)
* Fix plain text overflow line wrap (#6915)
* Fix input size for dependency select (#6913)
* Change drone token name to let users know to use oauth2 (#6912)
* Fix syntax highlight in blame view #6895 (#6909)
* Use AppURL for Oauth user link (#6894)
* Fixes#6881 - API users search fix (#6882)
* Fix 404 when send pull request some situation (#6871)
* Enforce osusergo build tag for releases (#6862)
* Fix 500 when reviewer is deleted with integration tests (#6856)
* Fix v85.go (#6851)
* Make dropTableColumns drop columns on sqlite and constraints on all (#6849)
* Fix double-generation of scratch token (#6832) (#6833)
* When mirroring we should set the remote to mirror (#6824)
* Fix the v78 migration "Drop is_bare" on MSSQL #6707 (#6823)
* Change verbose flag in dump command to avoid colliding with global version flag (#6822)
* Fix#6813: Allow git.GetTree to take both commit and tree names (#6816)
* Remove seen map from getLastCommitForPaths (#6807)
* Show scrollbar only when needed (#6802)
* Restore IsWindows variable assignment (#6722) (#6790)
* Service worker js is a missing comma (#6788)
* Fix team edit API panic (#6780)
* Set user search base field optional in LDAP (simple auth) edit page (#6779)
* Ignore already existing public keys after ldap sync (#6766)
* Fix pulls broken when fork repository deleted (#6754)
* Fix missing return (#6751)
* Fix new team 500 (#6749)
* OAuth2 token can be used in basic auth (#6747)
* Fix org visibility bug when git cloning (#6743)
* Fix bug when sort repos on org home page login with non-admin (#6741)
* Stricter domain name pattern in email regex (#6739)
* Fix admin template error (#6737)
* Drop is_bare IDX only when it exists for MySQL and MariaDB (#6736)
* UI: Detect and restore encoding and BOM in content (#6727)
* Load issue attributes when editing an issue with API (#6723)
* Fix team members API (#6714)
* Unfortunately MemProvider Init does not actually Init properly (#6692)
* Fix partial reversion of #6657 caused by #6314 (#6685)
* Prevent creating empty sessions (#6677)
* Fixes#6659 - Swagger schemes selection default to page's protocol (#6660)
* Update highlight.js to 9.15.6 (#6658)
* Properly escape on the redirect from the web editor (#6657)
* Fix#6655 - Don't EscapePound .Link as it is already escaped (#6656)
* Use ctx.metas for SHA hash links (#6645)
* Fix wrong GPG expire date (#6643)
* upgrade version of lib/pq to v1.1.0 (#6640)
* Fix forking an empty repository (#6637)
* Fix issuer of OTP URI should be URI-encoded. (#6634)
* Return a UserList from /api/v1/admin/users (#6629)
* Add json tags for oauth2 form (#6627)
* Remove extra slash from twitter card (#6619)
* remove bash requirement in makefile (#6617)
* Fix Open Graph og:image link (#6612)
* Fix cross-compile builds (#6609)
* Change commit summary to full message in API (#6591)
* Fix bug user search API pagesize didn't obey ExplorePagingNum (#6579)
* Prevent server 500 on compare branches with no common history (#6555)
* Properly escape release attachment URL (#6512)
* Delete local branch when repo branch is deleted (#6497)
* Fix bug when user login and want to resend register confirmation email (#6482)
* Fix upload attachments (#6481)
* Avoid multi-clicks in oauth2 login (#6467)
* Hacky fix for alignment of the create-organization dialog (#6455)
* Change order that PostProcess Processors are run (#6445)
* Clean up ref name rules (#6437)
* Fix Hook & HookList in Swagger (#6432)
* Fixed unitTypeCode not being used in accessLevelUnit (#6419)
* Display correct error for invalid mirror interval (#6414)
* Don't Unescape redirect_to cookie value (#6399)
* Fix dump table name error and add some test for dump database (#6394)
* Fix migrations 82 to ignore unsynced tags between database and git data and missing is_archived on repository table (#6387)
* Make sure units of a team are returned (#6379)
* Fix bug manifest.json will not request with cookie so that session will created every request (#6372)
* Disable benchmarking during tag events on DroneIO (#6365)
* Comments list performance optimization (#5305)
ENHANCEMENT
* Update Drone docker generation to standard format (#7480) (#7496) (#7504)
* Add API Endpoint for Repo Edit (#7006)
* Add state param to milestone listing API (#7131)
* Make captcha and password optional for external accounts (#6606)
* Detect migrating batch size (#7353)
* Fix 7255 - wrap long texts on user profile info (#7333)
* Use commit graph files for listing pages (#7314)
* Add git command line commitgraph support global default true when git version >= 2.18 (#7313)
* Add LFS_START_SERVER option to control git-lfs support (#7281)
* Dark theme markdown fixes (#7260)
* Update go-git to v4.12.0 (#7249)
* Show lfs config on admin panel (#7220)
* Disable same user check for internal SSH (#7215)
* Add LastLogin to the User API (#7196)
* Add missing description of label on API (#7159)
* Use go method to calculate ssh key fingerprint (#7128)
* Enable Rust highlighting (#7125)
* Refactor submodule URL parsing (#7100)
* Change issue mail title. (#7064)
* Use batch insert on migrating repository to make the process faster (#7050)
* Improve github downloader on migrations (#7049)
* When git version >= 2.18, git command could run with git wire protocol version 2 param if enabled (#7047)
* Fix Erlang and Elixir highlight mappings (#7044)
* API Org Visibility (#7028)
* Improve handling of non-square avatars (#7025)
* Bugfix: Align comment label and actions to the right (#7024)
* Change UpdateRepoIndex api to include watchers (#7012)
* Move serv hook functionality & drop GitLogger (#6993)
* Add support of utf8mb4 for mysql (#6992)
* Make webhook http connections resuable (#6976)
* Move xorm logger bridge from log to models so that log module could be a standalone package (#6944)
* Refactor models.NewRepoContext to extract git related codes to modules/git (#6941)
* Remove macaron dependent on models (#6940)
* Add less linter via npx (#6936)
* Remove macaron dependent on modules/log (#6933)
* Remove macaron dependent on models/mail.go (#6931)
* Clean less files (#6921)
* Fix code overflow (#6914)
* Style orgs list in user profile (#6911)
* Improve description of branch protection (fix#6886) (#6906)
* Move sdk structs to modules/structs (#6905)
* update sdk to latest (#6903)
* Escape the commit message on issues update and title in telegram hook (#6901)
* SearchRepositoryByName improvements and unification (#6897)
* Change the color of issues/pulls list, merged is purple and closed is red (#6874)
* Refactor table width to have more info shown in file list (#6867)
* Monitor all git commands; move blame to git package and replace git as a variable (#6864)
* Fix config ui error about cache ttl (#6861)
* Improve localization of git activity stats (#6848)
* Generate access token in admin cli (#6847)
* Update github.com/urfave/cli to version 1.2.0 (#6838)
* Rename LFS_JWT_SECRET cli option to include OAUTH2 as well (#6826)
* internal/ssh: ignore env command totally (#6825)
* Allow Recaptcha service url to be configured (#6820)
* update github.com/mcuadros/go-version to v0.0.0-20190308113854-92cdf37c5b75 (#6815)
* Use modules/git for git commands (#6775)
* Add GET requests to webhook (#6771)
* Move PushUpdate dependency from models to repofiles (#6763)
* Tweak tab text and icon colors (#6760)
* Ignore non-standard refs in git push (#6758)
* Disable web preview for telegram webhook (#6719)
* Show full name if DEFAULT_SHOW_FULL_NAME setting enabled (#6710)
* Reorder file actions (#6706)
* README WordPress the code is overflowing #6679 (#6696)
* Improve issue reference on commit (#6694)
* Handle redirects for git clone commands (#6688)
* Fix one performance/correctness regression in #6478 found on Rails repository. (#6686)
* API OTP Context (#6674)
* Remove local clones & make hooks run on merge/edit/upload (#6672)
* Bump github.com/stretchr/testify from 1.2.2 to 1.3.0 (#6663)
* Bump gopkg.in/src-d/go-git.v4 from 4.8.0 to 4.10.0 (#6662)
* Fix dropdown icon padding (#6651)
* Add more title attributes on shortened names (#6647)
* Update UI for topics labels on projects (#6639)
* Trace Logging on Permission Denied & ColorFormat (#6618)
* Add .gpg url (match github behaviour) (#6610)
* Support for custom GITEA_CUSTOM env var in docker(#6608)
* Show "delete branch" button on closed pull requests (#6570) (#6601)
* Add option to disable refresh token invalidation (#6584)
* Fix new repo dropdown alignment (#6583)
* Fix mail notification when close/reopen issue (#6581)
* Pre-calculate the absolute path of git (#6575)
* Minor CSS cleanup for the navbar (#6553)
* Render SHA1 links as code blocks (#6546)
* Add username flag in create-user command (#6534)
* Unifies pagination template usage (#6531) (#6533)
* Fixes pagination width on mobile view (#5711) (#6532)
* Improve SHA1 link detection (#6526)
* Fixes#6446 - Sort team members and team's repositories (#6525)
* Use stricter boundaries for auto-link detection (#6522)
* Use regular line-height on frontpage entries (#6518)
* Fixes#6514 - New Pull Request on files and pulls pages the same (#6515)
* Make distinction between DisplayName and Username in email templates (#6495)
* Add X-Auto-Response-Suppress header to outgoing messages (#6492)
* Cleaned permission checks for API -> site admin can now do anything (#6483)
* Support search operators for commits search (#6479)
* Improve listing performance by using go-git (#6478)
* Fix repo sub_menu font color in arc-green (#6477)
* Show last commit status in pull request lists (#6465)
* Add signatures to webhooks (#6428)
* Optimize all images in public/img (#6427)
* Add golangci (#6418)
* Make "Ghost" not link to 404 page (#6410)
* Include more variables on admin/config page (#6378)
* Markdown: enable some more extensions (#6362)
* Include repo name in page title tag (#6343)
* Show locale string on timestamp (#6324)
* Handle CORS requests (#6289)
* Improve issue autolinks (#6273)
* Migration Tweaks (#6260)
* Add title attributes to all items in the repo list viewer (#6258)
* Issue indexer queue redis support (#6218)
* Add bio field for user (#6113)
* Make the version within makefile overwriteable (#6080)
* Updates to API 404 responses (#6077)
* Use Go1.11 module (#5743)
* UX + Security current user password reset (#5042)
* Refactor: append, build variable and type switch (#4940)
* Git statistics in Activity tab (#4724)
* Drop the bits argument when generating an ed25519 key (#6504)
TESTING
* Exclude pull_request from fetch-tags step, fixes#7108 (#7120)
* Refactor and improve git test (#7086)
* Fix TestSearchRepo by waiting till indexing is done (#7004)
* Add mssql migration tests (needs #6823) (#6852)
* Add tests for Org API (#6731)
* Context.ServerError and NotFound should log from their caller (#6550)
TRANSLATION
* Add french specific rule for translating plural texts (#6846)
BUILD
* Update mssql driver to last working version 20180314172330-6a30f4e59a44 (#7306)
* Alpine 3.10 (#7256)
* Use vfsgen instead of go-bindata (#7080)
* remove and disable package-lock (#6969)
* add make targets for js and css, add js linter (#6952)
* Added tags pull step to drone config to show correct version hashes i… (#6836)
* Make CustomPath, CustomConf and AppWorkPath configurable at build (#6631)
* chore: update drone format to 1.0 (#6602)
* Fix race in integration testlogger (#6556)
* Quieter Integration Tests (#6513)
* Drop the docker Makefile from the image (#6507)
* Add make version on gitea version (#6485)
* Fix#6468 - Uses space match and adds newline for all sed flavors (#6473)
* Move code.gitea.io/git to code.gitea.io/gitea/modules/git (#6364)
* Update npm dependencies and various tweaks (#7344)
* Fix updated drone file (#7336)
* Add 'npm' and 'npm-update' make targets and lockfile (#7246)
DOCS
* Add work path CLI option (#6922)
* Fix logging documentation (#6904)
* Some logging documentation (#6498)
* Fix link to Hacking on Gitea on From-Source doc page (#6471)
* Fix typos in docs command-line examples (#6466)
* Added docker example for backup (#5846)
Version 1.7.10
Bugfix release
Implementation Changes
- Decode service to utf-8
- Use print() function in both Python2 and Python 3
- Make http.MediaFileUpload close its file descriptor
- Never make 'body' required
Documentation
- Add compatability check badges to README
- Regenerate docs
- Create index file for dynamically generated docs
- Add docs folder with guides from developers.google.com
Internal / Testing Changes
- Fix http.py, lint errors, unit test
- tox.ini: Look for Python syntax errors and undefined names
Changes:
9.0
---
- Use OpenGraph images for Speed Dial shortcuts
- Better support for Javascript popups
- (Re)store pinned tabs in the session
- Re-introduce the Trust (certificate) button
- Avoid key input recursion causing high CPU
- Close Tab/ Other context menu items
- Paste and Proceed option in the urlbar
- Better urlbar suggestion escaping
- Web extensions: Support for a sidebar action (experimental)
- Merge app and page menu into one
- Better focus handling of re-opened and background tabs
- Show volume icon for tabs playing music
Changes:
3.5.0
=====
Vimb 3.5.0 is out now with following changes.
Added
-----
* Add external download command #543#348.
* Added ephemeral mode by new option `--incognito` #562.
Changed
-------
* Hinting shows the current focused elements URI in the statusbar.
* Show error if printing with `:hardcopy` fails #564.
Fixed
-----
* Fixed compilation if source is not in a git repo (Thanks to Patrick Steinhardt).
* Fixed partial hidden hint labels on top of screen.
* Fix segfault on open in new tabe from context menu #556.
* Fix "... (null)" shown in title during url sanitization.
Removed
-------
* Setting `private-browsing` was removed in favor of `--incognito` option.
Thanks to the contributors for their work!
Changelog:
Fixed
Fixed missing Full Screen button when watching videos in full
screen mode on HBO GO (bug 1562837)
Fixed a bug causing incorrect messages to appear for some
locales when sites try to request the use of the Storage Access
API (bug 1558503)
Users in Russian regions may have their default search engine
changed (bug 1565315)
Built-in search engines in some locales do not function correctly
(bug 1565779)
Added
Introduces strictFileInteractability capability
Added new endpoint GET /session/{session id}/moz/screenshot/full
Added new --marionette-host <HOSTNAME> flag
Added new endpoint POST /session/{session_id}/window/new
Changed
Allow file uploads to hidden <input type=file> elements
Allow use of an indefinite script timeout for the Set Timeouts
command, thanks to reimu.
Fixed
Corrected Content-Type of response header to utf-8 to fix
an HTTP/1.1 compatibility bug.
Relaxed the deserialization of timeouts parameters to allow unknown
fields for the Set Timeouts command.
Fixed a regression in the Take Element Screenshot to not screenshot
the viewport, but the requested element.
4.8.0:
This release focuses on making it easier to customize Beautiful Soup's
input mechanism (the TreeBuilder) and output mechanism (the Formatter).
* You can customize the TreeBuilder object by passing keyword
arguments into the BeautifulSoup constructor. Those keyword
arguments will be passed along into the TreeBuilder constructor.
The main reason to do this right now is to change how which
attributes are treated as multi-valued attributes (the way 'class'
is treated by default). You can do this with the
'multi_valued_attributes' argument.
* The role of Formatter objects has been greatly expanded. The Formatter
class now controls the following:
- The function to call to perform entity substitution. (This was
previously Formatter's only job.)
- Which tags should be treated as containing CDATA and have their
contents exempt from entity substitution.
- The order in which a tag's attributes are output.
- Whether or not to put a '/' inside a void element, e.g. '<br/>' vs '<br>'
All preexisting code should work as before.
* Added a new method to the API, Tag.smooth(), which consolidates
multiple adjacent NavigableString elements.
* ' (which is valid in XML, XHTML, and HTML 5, but not HTML 4) is always
recognized as a named entity and converted to a single quote.
2.2.1
Changes:
Fix: tests, support for newer versions of pytest
Fix: tests, disable test with drf dependency for older python versions
2.2.0
Changes:
Fix: removing wrongly released text_tags template
Fix: graph_models, support for Python <3.6
Improvement: ForeignKeySearchInput, wrap media files in static()
Improvement: UniqField, added tests
Improvement: dumpscript, fix orm_item_locator to use dateutil
Improvement: graph_models, added argument to change arrow_shape
Changes:
7.65.2
------
This release includes the following bugfixes:
o CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
o CMake: Convert errant elseif() to else()
o CMake: Fix finding Brotli on case-sensitive file systems
o CURLMOPT_SOCKETFUNCTION.3: clarified
o CURLMOPT_SOCKETFUNCTION.3: fix typo
o CURLOPT_CAINFO.3: polished wording
o CURLOPT_HEADEROPT.3: Fix example
o CURLOPT_RANGE.3: Caution against using it for HTTP PUT
o CURLOPT_SEEKDATA.3: fix variable name
o DEPRECATE: fixup versions and spelling
o bindlocal: detect and avoid IP version mismatches in bind()
o build: fix Codacy warnings
o buildconf.bat: fix header filename
o c-ares: honor port numbers in CURLOPT_DNS_SERVERS
o config-os400: add getpeername and getsockname defines
o configure: --disable-progress-meter
o configure: fix --disable-code-coverage
o configure: fix typo '--disable-http-uath'
o configure: more --disable switches to toggle off individual features
o configure: remove CURL_DISABLE_TLS_SRP
o conn_maxage: move the check to prune_dead_connections()
o curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
o curl_multi_wait.3: escape backslash in example
o docs: Explain behavior change in --tlsv1. options since 7.54
o docs: Fix links to OpenSSL docs
o docs: fix string suggesting HTTP/2 is not the default
o examples/fopen: fix comparison
o examples/htmltitle: use C++ casts between pointer types
o headers: Remove no longer exported functions
o http2: call done_sending on end of upload
o http2: don't call stream-close on already closed streams
o http2: remove CURL_DISABLE_TYPECHECK define
o http: allow overriding timecond with custom header
o http: clarify header buffer size calculation
o krb5: fix compiler warning
o lib: Use UTF-8 encoding in comments
o libcurl-tutorial.3: Fix small typo (mutipart -> multipart)
o libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS
o multi: enable multiplexing by default (again)
o multi: fix the transfer hashes in the socket hash entries
o multi: make sure 'data' can present in several sockhash entries
o netrc: Return the correct error code when out of memory
o nss: don't set unused parameter
o nss: inspect returnvalue of token check
o nss: only cache valid CRL entries
o nss: support using libnss on macOS
o openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
o openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
o openssl: fix pubkey/signature algorithm detection in certinfo
o openssl: remove outdated comment
o os400: make vsetopt() non-static as Curl_vsetopt() for os400 support
o quote.d: asterisk prefix works for SFTP as well
o runtests: keep logfiles around by default
o runtests: report single test time + total duration
o smb: Use the correct error code for access denied on file open
o sws: remove unused variables
o system_win32: fix clang warning
o system_win32: fix typo
o test1165: verify that CURL_DISABLE_ symbols are in sync
o test1521: adapt to SLISTPOINT
o test1523: test CURLOPT_LOW_SPEED_LIMIT
o test153: fix content-length to avoid occasional hang
o test188/189: fix Content-Length
o tests: have runtests figure out disabled features
o tests: support non-localhost HOSTIP for dict/smb servers
o tests: update fixed IP for hostip/clientip split
o tool_cb_prg: Fix integer overflow in progress bar
o travis: disable threaded resolver for coverage build
o travis: enable alt-svc for coverage build
o travis: enable brotli for all xenial jobs
o travis: enable libssh2 for coverage build
o travis: enable warnings-as-errors for coverage build
o travis: update scan-build job to xenial
o typecheck: CURLOPT_CONNECT_TO takes an slist too
o typecheck: add 3 missing strings and a callback data pointer
o unit1654: cleanup on memory failure
o unpause: trigger a timeout for event-based transfers
o url: Fix CURLOPT_MAXAGE_CONN time comparison
o win32: make DLL loading a no-op for UWP
o winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG
o winbuild: use WITH_PREFIX if given
o wolfssl: refer to it as wolfSSL only
5.2:
- Site Health
- PHP Error Protection
- Accessibility Updates
- New Dashboard Icons
- Plugin Compatibility Checks
- Privacy Updates
- New Body Hook
- Building JavaScript
5.2.1:
- 47180: An issue typing in the block editor while using a RTL language
has been fixed.
- 47186: An bug causing 32-bit systems to run out of memory when using
sodium_compat was fixed.
- 47189: The "Update your plugins" link in Site Health now links to the
correct page in multisite installs.
- 47185: An issue in wp_delete_file_from_directory() where files were
not deleting on Windows systems has been fixed.
- 47205: A bug was fixed where spaces could not be added in the Classic
Editor after pressing shift+enter.
- 47265: 2 fatal errors on the error protection page when a PHP error
was encountered in a drop-in (such as advanced-cache.php) were fixed.
- 47244: wp_targeted_link_rel() has been improved to prevent instances
where single and double quotation marks were incorrectly staggered.
- 47169: PHP/MySQL minimum version requirement checks now return proper
error codes when requirements are not met in test environments.
- 47177: The backwards compatibility of get_search_form() was improved.
- 47297: The accuracy of the HTTP requests test in Site Health was improved.
- 47229: TinyMCE has been updated to version 4.9.4.
- 47323: Prevents a fatal error that occurs when upgrading to 5.2.1 from
WordPress < 5.2.
- 47304: Fixes a regression that can affect the accuracy of
<lastBuildDate> in feeds.
- 47312: Changes the string used on the About page for 5.2.1 to one that
is already translated.
5.2.2:
- 45094: Dashboard elements don't always have clear focus states, tab order
- 46289: RTL Bug – wrong navigation arrows in media modal
- 46749: Extra border is displaying at bottom of Help section in Firefox
(Responsive : 778 * 841)
- 46881: Site Health: improve the header elements horizontal centering
- 46957: Site Health: Make site health page access be filterable
- 46960: Site Health: Table design issue in small devices (iphone 5/SE).
- 46997: Theme update links show in Customizer and don't work
- 47070: Recovery Mode Exit button not visible in responsive view
- 47158: Merge similar strings introduced in WP 5.2
- 47227: I18n: Merge similar translation strings – site health tabs
- 47475: I18n: Merge similar strings and fix typo
- 47429: Editor: Update packages for WordPress 5.2.2
- 47457: Fix the mediaelements player controls bar sizing
Changelog:
Tomcat 9.0.22 (markt)
Catalina
Fix: Improve parsing of Range request headers. (markt)
Fix: Range headers that specify a range unit Tomcat does not recognise should be ignored rather than triggering a 416 response. Based on a pull request by zhanhb. (markt)
Fix: When comparing a date from a If-Range header, an exact match is required. Based on a pull request by zhanhb. (markt)
Fix: Add an option to the default servlet to disable processing of PUT requests with Content-Range headers as partial PUTs. The default behaviour (processing as partial PUT) is unchanged. Based on a pull request by zhanhb. (markt)
Fix: Improve parsing of Content-Range headers. (markt)
Update: Update the recommended minimum Tomcat Native version to 1.2.23. (markt)
Coyote
Fix: Remove a source of potential deadlocks when using HTTP/2 when the Connector is configured with useAsyncIO as true. (markt)
Fix: 63523: Restore SSLUtilBase methods as protected to preserve compatibility. (remm)
Fix: Fix typo in UTF-32LE charset name. Patch by zhanhb vi Github. (fschumacher)
Fix: Once a URI is identified as invalid don't attempt to process it further. Based on a PR by Alex Repert. (markt)
Fix: Fix to avoid the possibility of long poll times for individual pollers when using mutliple pollers with APR. (markt)
Fix: Refactor the fix for 63205 so it only applies when using PKCS12 keystores as regressions have been reported with some other keystore types. (markt)
Jasper
Add: Include file names if SMAP processor is unable to delete or rename a class file during SMAP generation. (markt)
Update: Update to the Eclipse JDT compiler 4.12. (markt)
WebSocket
Fix: 63521: As required by the WebSocket specification, if a POJO that is deployed as a result of the SCI scan for annotated POJOs is subsequently deployed via the programmatic API ignore the programmatic deployment. (markt)
Other
Fix: Switch the check for terminal availability to test for stdin as using stdout does not work when output is piped to another process. Patch provided by Radosław Józwik. (markt)
Add: Add user buildable optional modules for easier CDI 2 and JAX-RS support. Also include a new documentation page describing how to use it. (remm)
2019-06-07 Tomcat 9.0.21 (markt)
Catalina
Add: 57287: Add file sorting to DefaultServlet (schultz)
Fix: Fix --no-jmx flag processing, which was called after registry initialization. (remm)
Fix: Ensure that a default request character encoding set on a ServletContext is used when calling ServletRequest#getReader(). (markt)
Fix: Make a best efforts attempt to clean-up if a request fails during processing due to an OutOfMemoryException. (markt)
Fix: Improve the BoM detection for static files handled by the default servlet for the rarely used UTF-32 encodings. Identified by Coverity Scan. (markt)
Fix: Ensure that the default servlet reads the entire global XSLT file if one is defined. Identified by Coverity Scan. (markt)
Fix: Avoid potential NullPointerException when generating an HTTP Allow header. Identified by Coverity Scan. (markt)
Code: Add Context.createInstanceManager() for easier framework integration. (remm)
Code: Add utility org.apache.catalina.core.FrameworkListener to allow replicating adding a Listener to context.xml in a programmatic way. (remm)
Code: Move Container.ADD_CHILD_EVENT to before the child container start, and Container.REMOVE_CHILD_EVENT to before removal of the child from the internal child collection. (remm)
Add: Remove any fragment included in the target path used to obtain a RequestDispatcher. The requested target path is logged as a warning since this is an application error. (markt)
Coyote
Fix: NIO poller seems to create some unwanted concurrency, causing rare CI test failures. Add sync when processing async operation to avoid this. (remm)
Fix: Fix concurrency issue that lead to incorrect HTTP/2 connection timeout. (remm/markt)
Fix: Avoid useless exception wrapping in async IO. (remm)
Fix: 63412: Security manager failure when using the async IO API from a webapp. (remm)
Fix: Remove acceptorThreadCount Connector attribute, one accept thread is sufficient. As documented, value 2 was the only other sensible value, but without and impact beyond certain microbenchmarks. (remm)
Fix: Avoid possible NPEs on connector stop. (remm)
Update: Remove pollerThreadCount Connector attribute for NIO, one poller thread is sufficient. (remm)
Add: Add async IO for APR connector for consistency, but disable it by default due to low performance. (remm)
Fix: Avoid blocking write of internal buffer when using async IO. (remm)
Code: Refactor async IO implementation to the SocketWrapperBase. (remm)
Update: Refactor SocketWrapperBase close using an atomic boolean and a doClose method that subclasses will implement, with a guarantee that it will be run only once. (remm)
Fix: Decouple the socket wrapper, which is not recycled, from the NIOx channel after close, and replace it with a dummy static object. (remm)
Fix: Clear buffers on socket wrapper close. (remm)
Fix: NIO2 failed to properly close sockets on connector stop. (remm)
Update: Reduce the default for maxConcurrentStreams on the Http2Protocol from 200 to 100 to align with typical defaults for HTTP/2 implementations. (markt)
Update: Reduce the default HTTP/2 header list size from 4GB to 32kB to align with typical HTTP/2 implementations. (markt)
Add: Add support for same-site cookie attribute. Patch provided by John Kelly. (markt)
Fix: Drop legacy NIO double socket close (close channel, then close socket). (remm)
Fix: Fix HTTP/2 end of stream concurrency with async. (remm)
Fix: Correct a bug in the stream flushing code that could lead to multiple threads processing the stream concurrently which in turn could cause errors processing the stream. (markt)
Cluster
Fix: 62841: Refactor the DeltaRequest serialization to reduce the window during which the DeltaSession is locked and to remove a potential cause of deadlocks during serialization. (markt)
Fix: 63441: Further streamline the processing of session creation messages in the DeltaManager to reduce the possibility of a session update message being processed before the session has been created. (markt)
WebSocket
d: Expand the explanation of how deprecated TLS configuration attributes are converted to the new TLS configuration style. (markt)
Tribes
Fix: Treat NoRouteToHostException the same way as SocketTimeoutException when checking the health of group membaven packaging. (remm)
Fix: 63403: Fix TestHttp2InitialConnection test failures when running with a non-English locale. (kkolinko)
Fix: Add Graal JreCompat, and use it to disable JMX and URL stream handlers. (remm)
Add: Expand the coverage and Expand the coverage and quality of the Simplified Chinese translations provided with Apache Tomcat. Includes contributions by 諵. (markt)
Fix: Use the test command to check for terminal availability rather than the tty command since the tty based te
Fix: Fix some edge cases where the docBase was not being set using a canonical path which in turn meant resource URLs were not being constructed as expected. (markt)
Fix: Fix a potential resource leak when executing CGI scripts from a WAR file. Identified by Coverity scan. (markt)
Fix: Fix a potential concurrency issue in the StringCache identified by Coverity scan. (markt)
Fix: Fix a potential concurrency issue in the main Sendfile thread of the APR connector. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak when running a web application from a WAR file. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak on some exception paths in the DataSourceRealm. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak on an exception path when parsing JSP files. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak when a JNDI lookup returns an object of an in compatible class. Identified by Coverity scan. (markt)
Code: Refactor ManagerServlet to avoid loading classes when filtering JNDI resources for resources of a specified type. (markt)
Fix: 63324: Refactor the CrawlerSessionManagerValve so that the object placed in the session is compatible with session serialization with mem-cached. Patch provided by Martin Lemanski. (markt)
Add: 63358: Expand the throwOnFailure support in the Connector to include the adding of a Connector to a running Service. (markt)
Add: 63361: Add a new method (Registry.disableRegistry()) that can be used to disable JMX registration of Tomcat components providing it is called before the first component is registered. (markt)
Fix: Avoid OutOfMemoryErrors and ArrayIndexOutOfBoundsExceptions when accessing large files via the default servlet when resource caching has been disabled. (markt)
Fix: Avoid a NullPointerException when a Context is defined in server.xml with a docBase but not the optional path. (markt)
Fix: 63333: Override the isAvailable() method in the JAASRealm so that only login failures caused by invalid credentials trigger account lock out when the LockOutRealm is in use. Patch provided by jchobantonov. (markt)
Fix: Add --no-jmx flag to allow disabling JMX in startup.Tomcat.main. (remm)
Coyote
Fix: The useAsyncIO boolean attribute on the Connector element value now defaults to true. (remm)
Fix: Possible HTTP/2 connection leak issue when using async with NIO. (remm)
Fix: Fix socket close discrepancies for NIO, now the wrapper close is used everywhere except for socket accept problems. (remm)
Fix: Implement poller timeout when using async IO with NIO. (remm)
Fix: Avoid creating and using object caches when they are disabled. (remm)
Fix: When running on newer JREs that don't support SSLv2Hello, don't warn that it is not available unless explicitly configured. (markt)
Fix: Change default value of pollerThreadCount of NIO to 1. (remm)
Fix: Associate BlockPoller thread name with its NIO connector for better readability. (remm)
Fix: The async HTTP/2 frame parser should tolerate concurrency so clearing shared buffers before attempting a read is not possible. (remm)
Update: Update the HTTP/2 connection preface and initial frame reading to be asynchronous instead of blocking IO. (remm)
Code: Refactor Hostname validation to improve performance. Patch provided by Uwe Hees. (markt)
Update: Add additional NIO2 style read and write methods closer to core NIO2, for possible use with an asynchronous workflow like CompletableFuture. (remm)
Fix: Expand HTTP/2 timeout handling to include connection window exhaustion on write. This is the fix for CVE-2019-10072. (markt)
Jasper
Fix: 63359: Ensure that the type conversions used when converting from strings for jsp:setProperty actions are correctly implemented as per section JSP.1.14.2.1 of the JSP 2.3 specification. (markt)
Other
Fix: 63335: Ensure that stack traces written by the OneLineFormatter are fully indented. The entire stack trace is now indented by an additional TAB character. (markt)
Fix: 63370: Message files (LocalStrings_*.properties) of the examples webapp not converted to ascii. (woonsan)
Add: Expand the coverage and quality of the French translations provided with Apache Tomcat. (remm)
Add: Expand the coverage and quality of the Japanese translations provided with Apache Tomcat. Includes contributions by motohashi.yuki. (markt)
Add: Expand the coverage and quality of the Czech translations provided with Apache Tomcat. Includes contributions by Arnošt Havelka. (markt)
Fix: When using the OneLineFormatter, don't print a blank line in the log after printing a stack trace. (markt)
Update: Update the internal fork of Apache Commons FileUpload to 41e4047 (2019-04-24) pick up some enhancements. (markt)
Update: Update the internal fork of Apache Commons DBCP 2 to dcdbc72 (2019-04-24) to pick up some clean-up and enhancements. (markt)
Update: Update the internal fork of Apache Commons Pool 2 to 0664f4d (2019-04-30) to pick up some enhancements and bug fixes. (markt)
2019-04-13 Tomcat 9.0.19 (markt)
Catalina
Fix: Fix wrong JMX registration regression in 9.0.18. (remm)
Coyote
Update: Add vectoring for NIO in the base and SSL channels. (remm)
Add: Add asynchronous IO from NIO2 to the NIO connector, with support for the async IO implementations for HTTP/2 and Websockets. The useAsyncIO boolean attribute on the Connector element allows enabling use of the asynchronous IO API. (remm)
Other
Fix: Ensure that the correct files are included in the source distribution for javacc based parsers depending on whether jjtree is used or not. (markt)
Fix: Ensure that text files in the source distribution have the correct line endings for the target platform. (markt)
not released Tomcat 9.0.18 (markt)
Catalina
Fix: 63196: Provide a default (X-Forwarded-Proto) for the protocolHeader attribute of the RemoteIpFilter and RemoteIpValve. (markt)
Fix: 63235: Refactor Charset cache to reduce start time. (markt)
Fix: 63249: Use a consistent log level (WARN) when logging the failure to register or deregister a JMX Bean. (markt)
Fix: 63249: Use a consistent log level (ERROR) when logging the LifecycleException associated with the failure to start or stop a component. (markt)
Fix: When the SSI directive fsize is used with an invalid target, return a file size of - rather than 1k. (markt)
Fix: 63251: Implement a work-around for a known JRE bug (JDK-8194653) that may cause a dead-lock when Tomcat starts. (markt)
Fix: 63275: When using a RequestDispatcher ensure that HttpServletRequest.getContextPath() returns an encoded path in the dispatched request. (markt)
Update: Add optional listeners for Server/Listener, as a slight variant of a standard listener. The difference is that loading is not fatal when it fails. This would allow adding example configuration to the standard server.xml if deemed useful. Storeconfig will not attempt to persist the new listener. (remm)
Fix: 63286: Document the differences in behaviour between the LogFormat directive in httpd and the pattern attribute in the AccessLogValve for %D and %T. (markt)
Fix: 63287: Make logging levels more consistent for similar issues of similar severity. (markt)
Fix: 63311: Add support for https URLs to the local resolver within Tomcat used to resolve standard XML DTDs and schemas when Tomcat is configured to validate XML configuration files such as web.xml. (markt)
Fix: Encode the output of the SSI printenv command. This is the fix for CVE-2019-0221. (markt)
Code: Use constants for SSI encoding values. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to true, limit the encoded form of the individual command line arguments to those values allowed by RFC 3875. This restriction may be relaxed by the use of the new initialisation parameter cmdLineArgumentsEncoded. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to true, limit the decoded form of the individual command line arguments to known safe values when running on Windows. This restriction may be relaxed by the use of the new initialisation parameter cmdLineArgumentsDecoded. This is the fix for CVE-2019-0232. (markt)
Coyote
Fix: Fix bad interaction between NIO2 async read API and the regular read. (remm)
Fix: Refactor NIO2 write pending strategy for the classic IO API. (remm)
Fix: Restore original maxConnections default for NIO2 as the underlying close issues have been fixed. (remm)
Fix: Harmonize NIO2 isReadyForWrite with isReadyForRead code. (remm)
Fix: When using a JSSE TLS connector that supported ALPN (Java 9 onwards) and a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and instead dropped the connection. (markt)
Fix: Correct a regression in the TLS connector refactoring in Tomcat 9.0.17 that prevented the use of PKCS#8 private keys with OpenSSL based connectors. (markt)
Fix: Fix NIO2 SSL edge cases. (remm)
Fix: When performing an upgrade from HTTP/1.1 to HTTP/2, ensure that any query string present in the original HTTP/1.1 request is passed to the HTTP/2 request processing. (markt)
Fix: When Tomcat writes a final response without reading all of an HTTP/2 request, reset the stream to inform the client that the remaining request body is not required. (markt)
Jasper
Add: Add support for specifying Java 11 (with the value 11) as the compiler source and/or compiler target for JSP compilation. (markt)
Add: Add support for specifying Java 12 (with the value 12) and Java 13 (with the value 13) as the compiler source and/or compiler target for JSP compilation. If used with an ECJ version that does not support these values, a warning will be logged and the latest supported version will used. Based on a patch by Thomas Collignon. (markt)
Web applications
Fix: 63184: Expand the SSI documentation to provide more information on the supported directives and their attributes. Patch provided by nightwatchcyber. (markt)
Add: Add a note to the documentation about the risk of DoS with poorly written regular expressions and the RewriteValve. Patch provided by salgattas. (markt)
jdbc-pool
Fix: Improved maxAge handling. Add support for age check on idle connections. Connection that expired reconnects rather than closes it. Patch provided by toby1984. (kfujino)
Fix: 63320: Ensure that StatementCache caches statements that include arrays in arguments. (kfujino)
Other
Update: Update to the Eclipse JDT compiler 4.10. (markt)
Add: Expand the coverage and quality of the Spanish translations provided with Apache Tomcat. Includes contributions by Ulises Gonzalez Horta. (markt)
Add: Expand the coverage and quality of the Czech translations provided with Apache Tomcat. Includes contributions by Arnošt Havelka. (markt)
Add: Expand the coverage and quality of the Chinese translations provided with Apache Tomcat. Includes contributions by winsonzhao and wjt. (markt)
Add: Expand the coverage and quality of the Russian translations provided with Apache Tomcat. (kkolinko)
Add: Expand the coverage and quality of the Japanese translations provided with Apache Tomcat. (kfujino)
Add: Expand the coverage and quality of the Korean translations provided with Apache Tomcat. (woonsan)
Add: Expand the coverage and quality of the German translations provided with Apache Tomcat. (fschumacher)
Add: Expand the coverage and quality of the French translations provided with Apache Tomcat. (remm)
Changelog:
Tomcat 8.5.43 (markt)
Catalina
Update: Modify the Default and WebDAV Servlets so that a 405 status code is returned for PUT and DELETE requests when disabled via the readonly initialisation parameter.
Fix: Align the contents of the Allow header with the response code for the Default and WebDAV Servlets. For any given resource a method that returns a 405 status code will not be listed in the Allow header and a method listed in the Allow header will not return a 405 status code. (markt)
Fix: When using WebDAV to copy a file resource to a destination that requires a collection to be overwritten, ensure that the operation succeeds rather than fails (with a 500 response). This enables Tomcat to pass two additional tests from the Litmus WebDAV test suite. (markt)
Fix: 49464: Improve the Default Servlet's handling of static files when the file encoding is not compatible with the required response encoding. (markt)
Fix: Fix typo in UTF-32LE charset name. Patch by zhanhb vi Github. (fschumacher)
Add: 58590: Add the ability for a UserDatabase to monitor the backing XML file for changes and reload the source file if a change in the last modified time is detected. This is enabled by default meaning that changes to $CATALINA_BASE/conf/tomcat-users.xml will now take effect a short time after the file is saved. (markt)
Fix: Improve parsing of Range request headers. (markt)
Fix: Range headers that specify a range unit Tomcat does not recognise should be ignored rather than triggering a 416 response. Based on a pull request by zhanhb. (markt)
Fix: When comparing a date from a If-Range header, an exact match is required. Based on a pull request by zhanhb. (markt)
Fix: Add an option to the default servlet to disable processing of PUT requests with Content-Range headers as partial PUTs. The default behaviour (processing as partial PUT) is unchanged. Based on a pull request by zhanhb. (markt)
Fix: Improve parsing of Content-Range headers. (markt)
Fix: Ensure that the HEAD response is consistent with the GET response when HttpServlet is relied upon to generate the HEAD response and the GET response uses chunking. (markt)
Update: Update the recommended minimum Tomcat Native version to 1.2.23. (markt)
Coyote
Fix: Avoid a potential hang when a client connects using TLS 1.0 to a Tomcat HTTPS connector configured to use NIO or NIO with OpenSSL 1.1.1 or later. (markt)
Fix: Once a URI is identified as invalid don't attempt to process it further. Based on a PR by Alex Repert. (markt)
Fix: Fix to avoid the possibility of long poll times for individual pollers when using mutliple pollers with APR. (markt)
Fix: Refactor the fix for 63205 so it only applies when using PKCS12 keystores as regressions have been reported with some other keystore types. (markt)
Jasper
Add: Include file names in error messages if SMAP processor is unable to delete or rename a class file during SMAP generation. (markt)
WebSocket
Fix: 63521: As required by the WebSocket specification, if a POJO that is deployed as a result of the SCI scan for annotated POJOs is subsequently deployed via the programmatic API ignore the programmatic deployment. (markt)
Other
Code: Switch i18n message files to use UTF-8 and convert to ASCII at build time. (markt)
Fix: 63523: Restore SSLUtilBase methods as protected to preserve compatibility. (remm)
Fix: Switch the check for terminal availability to test for stdin as using stdout does not work when output is piped to another process. Patch provided by Radosław Józwik. (markt)
2019-06-07 Tomcat 8.5.42 (markt)
Catalina
Add: 57287: Add file sorting to DefaultServlet (schultz)
Fix: Ensure that the default servlet reads the entire global XSLT file if one is defined. Identified by Coverity Scan. (markt)
Fix: Avoid potential NullPointerException when generating an HTTP Allow header. Identified by Coverity Scan. (markt)
Add: Remove any fragment included in the target path used to obtain a RequestDispatcher. The requested target path is logged as a warning since this is an application error. (markt)
Coyote
Update: Add additional NIO2 style read and write methods closer to core NIO2, for possible use with an asynchronous workflow like CompletableFuture. (remm)
Fix: Avoid useless exception wrapping in async IO. (remm)
Fix: 63412: Security manager failure when using the async IO API from a webapp. (remm)
Fix: Fix concurrency issue that lead to incorrect HTTP/2 connection timeout. (remm/markt)
Update: Reduce the default for maxConcurrentStreams on the Http2Protocol from 200 to 100 to align with typical defaults for HTTP/2 implementations. (markt)
Update: Reduce the default HTTP/2 header list size from 4GB to 32kB to align with typical HTTP/2 implementations. (markt)
Add: Add support for same-site cookie attribute. Patch provided by John Kelly. (markt)
Fix: Correct a bug in the stream flushing code that could lead to multiple threads processing the stream concurrently which in turn could cause errors processing the stream. (markt)
Cluster
Fix: 62841: Refactor the DeltaRequest serialization to reduce the window during which the DeltaSession is locked and to remove a potential cause of deadlocks during serialization. (markt)
Fix: 63441: Further streamline the processing of session creation messages in the DeltaManager to reduce the possibility of a session update message being processed before the session has been created. (markt)
Tribes
Fix: Treat NoRouteToHostException the same way as SocketTimeoutException when checking the health of group members. This avoids a SEVERE log message every time the check is performed when the host associated with a group member is not powered on. (markt)
Other
Update: Switch from FindBugs to SpotBugs. (fschumacher)and to check for terminal availability rather than the tty command since the tty based test fails on non-English locales. (markt)
2019-05-13 Tomcat 8.5.41 (markt)
Catalina
Fix: Fix a potential resource leak when executing CGI scripts from a WAR fileread of the APR connector. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak when running a web application from a WAR file. Identified by Coverity scan. (markt)
Fix: Fix a potential resource leak on some exception paths in ttified by Coverity scan. (markt)
Fix: Fix a potential resource leak when a JNDI lookup returns an object of an in compatible class. Identified by Coverity scan. (markt)
Code: Refactor ManagerServlet to avoid loading classes when filtering JNDI rescaching has been disabled. (markt)
Fix: Avoid a NullPointerException when a Context is defined in server.xml with a docBase but not the optional path. (markt)
Fix: 63324: Refactor the CrawlerSessionManagerValve so that the object placed in the sesials trigger account lock out when the LockOutRealm is in use. Patch provided by jchobantonov. (markt)
Coyote
Fix: When running on newer JREs that don't support SSLv2Hello, don't warn that it is not available unless explicitly configured. (markt)
Code: Refactor Hostname validation to improve performance. Patch provided by Uwe Hees. (markt)
Fix: Expand HTTP/2 timeout handling to include connection window exhaustion on write. This is the fix for CVE-2019-10072. (markt)
Other
Fix: 63335: Ensure that stack traces written by the OneLineFormatter are fully indented. The entire stack trace is now indented by an additional TAB character. (markt)
Fix: When using the OneLineFormatter, don't print a blank line in the log after printing a stack trace. (markt)
Update: Update the internal fork of Apache Commons DBCP 2 to dcdbc72 (2019-04-24) to pick up some clean-up and enhancements less the JDBC 4.2 related changes that require Java 8. (markt)
Update: Update the internal fork of Apache Commons Pool 2 to 0664f4d (2019-04-30) to pick up some enhancements and bug fixes. (markt)
Update: Update the internal fork of Apache Commons FileUpload to 41e4047 (2019-04-24) pick up some enhancements. (markt)
2019-04-12 Tomcat 8.5.40 (markt)
Catalina
Fix: 63196: Provide a default (X-Forwarded-Proto) for the protocolHeader attribute of the RemoteIpFilter and RemoteIpValve. (markt)
Fix: 63235: Refactor Charset cache to reduce start time. (markt)
Fix: 63249: Use a consistent log level (WARN) when logging the failure to register or deregister a JMX Bean. (markt)
Fix: 63249: Use a consistent log level (ERROR) when logging the LifecycleException associated with the failure to start or stop a component. (markt)
Fix: When the SSI directive fsize is used with an invalid target, return a file size of - rather than 1k. (markt)
Fix: 63251: Implement a work-around for a known JRE bug (JDK-8194653) that may cause a dead-lock when Tomcat starts. (markt)
Fix: 63275: When using a RequestDispatcher ensure that HttpServletRequest.getContextPath() returns an encoded path in the dispatched request. (markt)
Fix: 63286: Document the differences in behaviour between the LogFormat directive in httpd and the pattern attribute in the AccessLogValve for %D and %T. (markt)
Fix: 63311: Add support for https URLs to the local resolver within Tomcat used to resolve standard XML DTDs and schemas when Tomcat is configured to validate XML configuration files such as web.xml. (markt)
Fix: Encode the output of the SSI printenv command. This is the fix for CVE-2019-0221. (markt)
Code: Use constants for SSI encoding values. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to true, limit the encoded form of the individual command line arguments to those values allowed by RFC 3875. This restriction may be relaxed by the use of the new initialisation parameter cmdLineArgumentsEncoded. (markt)
Add: When the CGI Servlet is configured with enableCmdLineArguments set to true, limit the decoded form of the individual command line arguments to known safe values when running on Windows. This restriction may be relaxed by the use of the new initialisation parameter cmdLineArgumentsDecoded. This is the fix for CVE-2019-0232. (markt)
Update: Change the default for the enableCmdLineArguments parameter of the CGI servlet from true to false as additional hardening against CVE-2019-0232. (markt)
Coyote
Fix: Fix bad interaction between NIO2 async read API and the regular read. (remm)
Fix: Refactor NIO2 write pending strategy for the classic IO API. (remm)
Fix: Harmonize NIO2 isReadyForWrite with isReadyForRead code. (remm)
Fix: When using a JSSE TLS connector that supported ALPN (Java 9 onwards) and a protocol was not negotiated, Tomcat failed to fallback to HTTP/1.1 and instead dropped the connection. (markt)
Fix: Correct a regression in the TLS connector refactoring in Tomcat 9.0.17 that prevented the use of PKCS#8 private keys with OpenSSL based connectors. (markt)
Fix: When performing an upgrade from HTTP/1.1 to HTTP/2, ensure that any query string present in the original HTTP/1.1 request is passed to the HTTP/2 request processing. (markt)
Fix: When Tomcat writes a final response without reading all of an HTTP/2 request, reset the stream to inform the client that the remaining request body is not required. (markt)
Fix: 63312: Correct a regression in the error page handling that prevented error pages from issuing redirects or taking other action that required the response status code to be changed. (markt)
Jasper
Add: Add support for specifying Java 11 (with the value 11) as the compiler source and/or compiler target for JSP compilation. (markt)
Add: Add support for specifying Java 12 (with the value 12) and Java 13 (with the value 13) as the compiler source and/or compiler target for JSP compilation. If used with an ECJ version that does not support these values, a warning will be logged and the latest supported version will used. Based on a patch by Thomas Collignon. (markt)
WebSocket
Fix: Improve the handling of exceptions during TLS handshakes for the WebSocket client. (markt)
Web applications
Fix: 63184: Expand the SSI documentation to provide more information on the supported directives and their attributes. Patch provided by nightwatchcyber. (markt)
Add: Add a note to the documentation about the risk of DoS with poorly written regular expressions and the RewriteValve. Patch provided by salgattas. (markt)
jdbc-pool
Fix: 63320: Ensure that StatementCache caches statements that include arrays in arguments. (kfujino)
From ng0 via pkgsrc-wip.
Fri Jul 05 2019 22:30:40 MSK
Releasing libmicrohttpd 0.9.65. -EG
Sun Jun 23 2019 21:27:43 MSK
Many fixes and improvements for connection-specific memory pool:
* Added asserts;
* Added testing of reallocation;
* Reallocation code rewritten to avoid extra allocation, when
possible to reuse already allocated memory;
* Large memory pools aligned to system page size;
* Large memory pools on W32 are cleared more securely after use,
optimised usage of system memory.
Better handled connection's memory shortage situations:
* error response could be sent to client even if all buffer space
was used;
* if buffer space become low when receiving, do not allocate last
buffer space and use small receive blocks instead.
Improved sending speed by using all available buffer space for
sending. -EG
Sun Jun 09 2019 20:27:04 MSK
Releasing libmicrohttpd 0.9.64. -EG
Sun Jun 09 2019 20:03:16 MSK
Updated HTTP headers, methods and status codes from registries,
Added scripts to import new headers, methods and status codes from
registries,
Minor doxyget comment fix,
Added missing MSVS project files to tarball.
Reodered includes in microhttpd.h -EG
Mon 03 Jun 2019 11:45:52 PM CEST
Apply MHD_-prefix to hash functions, even if they are not in the
officially exported API. -CG/DB
Sun Jun 02 01:52:11 MSK 2019
Support usage of SOCK_NOSIGPIPE on Solaris 11.4 and NetBSD 7+,
finally avoid SIGPIPE on Solaris. -EG
Sat Jun 01 22:51:50 MSK 2019
Do not report errors if AF_UNIX socket is used on *BSD. -EG
Thu May 30 23:32:09 MSK 2019
Improved detection of 'getsockname()' in configure.
Avoided using 'getsockname()' in code if not detected. -EG
Sun May 26 23:32:49 MSK 2019
Fixed some tests on W32. -EG
Sun May 26 23:05:42 MSK 2019
Better detection of sockaddr member in configure, fixed build on *BSD,
Fixed compiler warnings,
Updated and fixed libcurl tests. -EG
Tue May 21 22:12:43 MSK 2019
Fixed doxygen comments,
Avoid dropping 'const' qualifier in macros,
Fixed some compiler warnings,
Properly support automatic port detections on some platforms,
Added checks for too long TLS parameters strings. -EG
Tue May 21 17:52:48 MSK 2019
Spelling fixes. -EG
Mon May 20 15:39:35 MSK 2019
Compiler warning fixes. -EG/CG
Fixed example for non-64bits platforms. -EG
Web May 15 23:51:49 MSK 2019
Optimized and improved processing speed by using precalculated and
already calculated lengths of strings. -EG
Web May 15 14:54:00 MSK 2019
Fixed build from source on GNU Hurd. -EG
Mon May 6 11:58:00 MSK 2019
Updated README and COPYING files. MHD remains LGPLv2.1-licensed. -EG
Fri May 3 20:08:00 MSK 2019
Store connection's keys and values with sizes;
Speedup keys search be comparing key length first;
Added functions for working with keys and values with binary zeros;
Fixed test_postprocessor_amp to fail on problems. -EG
Wed May 1 16:40:00 MSK 2019
Reverted change of MHD_KeyValueIterator, implemented MHD_KeyValueIteratorN
with sizes for connection's key and value to get keys and values
with binary zeros. -EG
Mon 29 Apr 2019 01:26:39 AM BRT
Fixed signed/unsigned comparison in example http_chunked_compression.c. -SC/TR
Sun Apr 21 16:40:00 MSK 2019
Improved compatibility with MSVC compilers;
Fixed MHD compilation by Clang/LLVM in VS;
Used MSVC intrinsics for bit rotations and bytes swap;
Added project files for VS2019. -EG
Fri Apr 19 23:00:00 MSK 2019
Rewritten SHA-256 calculations from scratch to avoid changing LGPL version;
Added usage of GCC/Clang built-ins for bytes swap to significantly improve
speed of MD5 and SHA-256 calculation on platforms with known endianness.
Added test for SHA-256 calculations. -EG
Wed Apr 17 20:52:00 MSK 2019
Refactoring of mhd5.c: optimized, dead code removed;
Faster MD5 calculation on little endian platforms;
Bit manipulations moved to separate header file.
Added tests for MD5 calculations. -EG
Mon 15 Apr 2019 05:33:52 PM CEST
Add MHD_USE_POST_HANDSHAKE_AUTH_SUPPORT and
MHD_USE_INSECURE_TLS_EARLY_DATA flags. -CG
Thu Apr 11 11:37:00 MSK 2019
Fixed MSVC 'Release' builds;
Fixed usage of MSVC's assert. -EG
Wed Apr 10 14:31:00 MSK 2019
Improved shell compatibility for 'bootstrap', removed bash-ism.
Added wrapper script 'autogen.sh'. -EG
Mon 08 Apr 2019 03:06:05 PM CEST
Fix close() checks as suggested by MK on the mailinglist
(#3926). -MK/CG
Wed 20 Mar 2019 10:20:24 AM CET
Adding additional "value_length" argument to MHD_KeyValueIterator
callback to support binary zeros in values. This is done in a
backwards-compatible way, but may require adding a cast to existing
code to avoid a compiler warning. -CG
Sun Feb 10 21:00:37 BRT 2019
Added example for how to compress a chunked HTTP response. -SC
Sun 10 Feb 2019 05:03:44 PM CET
Releasing libmicrohttpd 0.9.63. -CG
Sat 09 Feb 2019 01:51:02 PM CET
Extended test_get to test URI logging and query string parsing
to avoid regression fixed in previous patch in the future. -CG
Thu Feb 7 16:16:12 CET 2019
Preliminary patch for the raw query string issue, to be tested. -CG
Tue Jan 8 02:57:21 BRT 2019
Added minimal example for how to compress HTTP response. -SC
Wed Dec 19 00:06:03 CET 2018
Check for GNUTLS_E_AGAIN instead of GNUTLS_E_INTERRUPTED when
giving up on a TLS connection. -LM/CG
Thu Dec 13 22:48:14 CET 2018
Fix connection timeout logic if in thread-per-connection mode the
working thread takes longer than the timeout to queue the response. -CG
Tue Dec 11 09:58:32 CET 2018
Add logic to avoid VLA arrays with compilers that do not support them. -CG
Sat Dec 8 23:15:53 CET 2018
Fixed missing WSA_FLAG_OVERLAPPED which can cause W32 to block on
socket races when using threadpool. (See very detailed description
of the issue in the libmicrohttpd mailinglist post of today.) -JM
Sat Dec 8 22:53:56 CET 2018
Added test for RFC 7616 and documented new API.
Releasing libmicrohttpd 0.9.62. -CG
Sat Dec 8 17:34:58 CET 2018
Adding support for RFC 7616, experimental, needs
testing and documentation still! -CG
Fri Dec 7 12:37:17 CET 2018
Add option to build MHD without any threads
and MHD_FEATURE_THREADS to test for it. -CG
Thu Dec 6 13:25:08 BRT 2018
Renamed all occurrences from _model(s)_ to _mode(s)_. -SC
Thu Dec 6 12:50:11 BRT 2018
Optimized the function MHD_create_response_from_callback() for
Windows by increasing its internal buffer size and allowed to customize
it via macro MHD_FD_BLOCK_SIZE. -SC
Thu Dec 6 02:11:15 BRT 2018
Referenced the gnutls_load_file() function in the HTTPs examples. -SC
Wed Dec 5 18:08:59 CET 2018
Fix regression causing URLs to be unescaped twice. -CG
Sun Nov 18 13:08:11 CET 2018
Parse arguments with (properly) escaped URLs correctly.
(making things work with recent cURL changes, #5473).
Replace sprintf with snprintf in testcases.
Releasing libmicrohttpd 0.9.61. -CG
Wed Nov 14 14:01:21 CET 2018
Fix build issue with GnuTLS < 3.0. -CG
Mon Nov 12 19:50:43 CET 2018
Fix#5473 (test case failure due to change in libcurl). -eworm
Thu Nov 8 14:53:27 CET 2018
Add MHD_create_response_from_buffer_with_free_callback. -CG
Tue Nov 6 19:43:47 CET 2018
Upgrading to gettext 0.19.8.
Releasing libmicrohttpd 0.9.60. -CG
Thu Nov 1 16:29:59 CET 2018
Enable using epoll() without listen socket. -JB
Sat Oct 20 12:44:16 CEST 2018
In thread-per-connection mode, signal main thread for
thread termination for instant clean-up and application
notification about closed connections. -CG
Tue Oct 16 20:43:41 CEST 2018
Add MHD_RF_HTTP_VERSION_1_0_RESPONSE option to make MHD
act more like an HTTP/1.0 server. -GH
Fri Oct 5 18:44:45 CEST 2018
MHD_add_response_header() now prevents applications from
setting a "Transfer-Encoding" header to values other than
"identity" or "chunked" as other transfer encodings are
not supported by MHD. (Note that usually MHD will pick the
transfer encoding correctly automatically, but applications
can use the header to force a particular behavior.)
Fixing #5411 (never set Content-length if Transfer-Encoding
is given). -CG
Sat Jul 14 11:42:15 CEST 2018
Add MHD_OPTION_GNUTLS_PSK_CRED_HANDLER to allow use of PSK with
TLS connections. -CG/TM
Sat Jul 14 11:03:37 CEST 2018
Integrate patch for checking digest authentication based on
a digest, allowing servers to store passwords only hashed.
Adding new function MHD_digest_auth_check_digest(). -CG/DB
Sat Mar 10 12:15:35 CET 2018
Upgrade to gettext-0.19.8.1. Switching to more canonical
gettext integration. -CG
Fri Mar 2 21:44:24 CET 2018
Ensure MHD_RequestCompletedCallback is always called from
the correct thread (even on shutdown and for upgraded connections). -CG
Tue Feb 27 23:27:02 CET 2018
Ensure MHD_RequestCompletedCallback is also called for
upgraded connections. -CG
Fri Feb 16 03:09:33 CET 2018
Fixing #5278 as suggested by reporter. -CG/texec
Thu Feb 1 10:12:22 CET 2018
Releasing GNU libicrohttpd 0.9.59. -CG
Thu Feb 1 08:39:50 CET 2018
Fix masking operation. -CG/silvioprog
Mon Jan 29 17:33:54 CET 2018
Fix deadlock when failing to prepare chunked response
(#5260). -CG/ghaderer
Thu Jan 4 12:24:33 CET 2018
Fix __clang_major__ related warnings for non-clang
compilers reported by Tim on the mailinglist. -CG
Mon Dec 11 17:11:00 MSK 2017
Fixed tests on platforms with huge number of CPUs.
Doxygen configuration was updated.
Various doxygen fixes. -EG
Mon Dec 07 21:08:00 MSK 2017
Releasing GNU libmicrohttpd 0.9.58. -EG
Mon Dec 07 16:01:00 MSK 2017
Fixed HTTPS tests on modern platforms. -EG
Mon Dec 04 15:43:00 MSK 2017
Minor documentation installation fixes. -EG
Mon Nov 27 22:58:38 CET 2017
Tolerate AF_UNIX when trying to determine our binding port
from socket. Use `sockaddr_storage` instead of trying to
guess the sockaddr type before calling getsockname(). -CG
Version 1.1.1
The flask.json_available flag was added back for compatibility with some extensions. It will raise a deprecation warning when used, and will be removed in version 2.0.0.
Version 1.1.0
Bump minimum Werkzeug version to >= 0.15.
Drop support for Python 3.4.
Error handlers for InternalServerError or 500 will always be passed an instance of InternalServerError. If they are invoked due to an unhandled exception, that original exception is now available as e.original_exception rather than being passed directly to the handler. The same is true if the handler is for the base HTTPException. This makes error handler behavior more consistent.
Flask.finalize_request() is called for all unhandled exceptions even if there is no 500 error handler.
Flask.logger takes the same name as Flask.name (the value passed as Flask(import_name). This reverts 1.0’s behavior of always logging to "flask.app", in order to support multiple apps in the same process. A warning will be shown if old configuration is detected that needs to be moved.
flask.RequestContext.copy() includes the current session object in the request context copy. This prevents session pointing to an out-of-date object.
Using built-in RequestContext, unprintable Unicode characters in Host header will result in a HTTP 400 response and not HTTP 500 as previously.
send_file() supports PathLike objects as described in PEP 0519, to support pathlib in Python 3.
send_file() supports BytesIO partial content.
open_resource() accepts the “rt” file mode. This still does the same thing as “r”.
The MethodView.methods attribute set in a base class is used by subclasses.
Flask.jinja_options is a dict instead of an ImmutableDict to allow easier configuration. Changes must still be made before creating the environment.
Flask’s JSONMixin for the request and response wrappers was moved into Werkzeug. Use Werkzeug’s version with Flask-specific support. This bumps the Werkzeug dependency to >= 0.15.
The flask command entry point is simplified to take advantage of Werkzeug 0.15’s better reloader support. This bumps the Werkzeug dependency to >= 0.15.
Support static_url_path that ends with a forward slash.
Support empty static_folder without requiring setting an empty static_url_path as well.
jsonify() supports dataclasses.dataclass objects.
Allow customizing the Flask.url_map_class used for routing.
The development server port can be set to 0, which tells the OS to pick an available port.
The return value from cli.load_dotenv() is more consistent with the documentation. It will return False if python-dotenv is not installed, or if the given path isn’t a file.
Signaling support has a stub for the connect_via method when the Blinker library is not installed.
Add an --extra-files option to the flask run CLI command to specify extra files that will trigger the reloader on change.
Allow returning a dictionary from a view function. Similar to how returning a string will produce a text/html response, returning a dict will call jsonify to produce a application/json response.
Blueprints have a cli Click group like app.cli. CLI commands registered with a blueprint will be available as a group under the flask command..
When using the test client as a context manager (with client:), all preserved request contexts are popped when the block exits, ensuring nested contexts are cleaned up correctly.
Show a better error message when the view return type is not supported.
flask.testing.make_test_environ_builder() has been deprecated in favour of a new class flask.testing.EnvironBuilder.
The flask run command no longer fails if Python is not built with SSL support. Using the --cert option will show an appropriate error message.
URL matching now occurs after the request context is pushed, rather than when it’s created. This allows custom URL converters to access the app and request contexts, such as to query a database for an id.
Changelog:
16.0.3
Changes
Do not fail hard on new user mail error (server#16189)
Fix redirect after rescanFailedIntegrityCheck to "Overview" page (server#16244)
Fix permissions for drag-n-drop uploads (server#16249)
Try to delete the cypress folder of the viewer app (server#16297)
Send browser notifications again (notifications#373)
16.0.2
Changes
Update ca bundle (server#15553)
Update ca bundle checker (server#15554)
User management/subadmin: rephrase ambiguous error message (server#15575)
Update shipped.json to include privacy and recommendations (server#15592)
Show supported apps in app management (server#15593)
Update CRL due to revoked cookbook.crt (server#15628)
Only show sharing section if it has content (server#15649)
Remove quota feedback if no link set (server#15666)
Allow redis cluster to use password (server#15686)
Don't run repair step for every individual user, outsource that to background job (server#15718)
Check the actual status code for 204 and 304 (server#15724)
[Security] Bump tar from 2.2.1 to 2.2.2 (server#15728)
Don't notify admins if no potentially over exposing links found (server#15745)
Also allow dragging below the file list (server#15754)
Change text color in search box in darktheme, ref #15598 (server#15768)
Check for free space on touch (server#15772)
Search files by id in shared storages last (server#15799)
Hide newFile menu if quota is set to 0B (server#15856)
Add core/js/dist/ to l10nignore (server#15948)
Add LDAP integr. test for receiving share candidates with group limitation (server#15984)
Remove auto focus of share input field on dialog open, fix#15261 (server#16010)
LDAP) API: return one base properly when multiple are configured (server#16015)
Handle storage exceptions when trying to set mtime (server#16038)
Fix LDAP Wizard forgetting groups on select with search (server#16051)
Revert "Fix userid casting in notifications" (server#16068)
Fix appid argument for integrity:check-app (server#16080)
Fix full text search for groupfolders (server#16082)
Fall back to black for non-color values (server#16089)
Check if uploading to lookup server is enabled before verifying (server#16091)
Allow apps to store longer messages in the comments API (server#16105)
Invalidates user when plugin reported deletion success (server#16112)
Fix download link included in public share page with hidden download (server#16125)
Better check reshare permissions (server#16127)
Verify that paths are valid for recursive local move (server#16128)
Don't allow to disable encryption via the API (server#16133)
Do not show a internet connectivity warning if internet access is dis… (server#16146)
Update Nextcloud version in docs link (server#16157)
Allow apps to overwrite the maximum length when reading from database (server#16177)
RefreshWebcalJob: replace ugly Regex with standard php utils (server#16201)
Better check reshare permissions part2 (server#16211)
Fix "unshare group share from self" activity (activity#380)
Fix load of character maps (files_pdfviewer#141)
[Security] Bump axios from 0.18.0 to 0.18.1 (firstrunwizard#192)
Correctly show errors when setting the password (gallery#529)
Blacklist using .noimage (gallery#533)
Update dependabot deps in stable16 (notifications#359)
Increase size of icon bubble for more visibility (notifications#368)
Add app description to readme and appinfo (privacy#133)
Catch and filter share that can't be found (recommendations#79)
[Security] Bump axios from 0.18.0 to 0.18.1 (recommendations#92)
[Security] Bump tar from 2.2.1 to 2.2.2 (viewer#113)
[Security] Bump axios from 0.18.0 to 0.19.0 (viewer#117)
