3.1.6 2010-11-30
- make slam_defense a little more optimistic, allow a thread/process to write
to cache in a loop
- ensure realpaths hit the realpath_cache, in no-stat mode
- prevent memory starvation, nuke all caches when expunging just one doesn't
work
- fix uploadprogress keylength issues (NUL is part of keylen, pecl bug #20016)
3.1.5 2010-11-02
- Reduce usage of CG(open_files) (mkoppanen at php dot net)
- Add support for php-trunk, new op code, new internals string format,
etc. (Dmitry)
- apc_debug are not compiler-valid NOPs for non-debug builds
- Fixed relative paths resolution when ./foo/a.php or ../foo/a.php (or similar
path) are used. 'foo/a.php' path behaviors remain unchanged
- Fixed a possible memory corruption, when partial path cannot be resolved by
expand_filepath()
- Fixed notices in apc.php (Tomasz Krawczyk)
- Fixed Bug #17978: standardize user keys to include NULs in
identifier_len. Z_STRLEN_P() doesn't, so add to it.
- Fixed bug #16966, apc produces tons of warnings "Unable to allocate memory
for pool".
- Added --enable-apc-debug configuration argument to enable debugging (Kalle)
- Added support for internal debugging on Windows (Kalle)
- ZTS optimizations (Kalle)
3.1.4 2010-08-05
- Windows builds may now have filehits and memory protection if enabled
(Kalle)
- Renamed the memory protection configure option to --enable-apc-memprotect
(Kalle, Shire)
- ZTS fixes and optimizations (Kalle, Felipe)
- Win32 stat support (Pierre, Kalle)
- Added support for interned strings, run-time caches and Zend Engine 2.4
(Dmitry)
- Added apc_exists() (Rasmus)
- Fixed potential XSS in apc.php (Pierre, Matt Chapman)
- Fixed pecl bug #17597 (keys with embedded NUL) (Gopal)
- Fixed pecl bug #17650 (Fix goto jump offsets) (Gopal)
- Fixed pecl bug #17527 (Standardized error reporting) (Gopal, Paul Dragoonis)
- Fixed pecl bug #17089 (Scrub the constant table of all inherited members
before caching) (Gopal)
- Fixed pecl bug #16860 (files can be included more than once even when
include/require_once are used) (Pierre)
- Fixed pecl bug #16717 (apc_fetch dies after 1 hour, regardless of ttl
settings) (Kalle)
- Fixed pecl bug #17597 (apc user cache keys with embedded NULs) (Gopal)
- Fixed pecl bug #13583 (apc upload progress fixes) (Gopal)
commit 3017ed62f47ce14a959e2d315c434d4980cf4243
Author: Jakub Narebski <jnareb@gmail.com>
Date: Wed Dec 15 00:34:01 2010 +0100
gitweb: Introduce esc_attr to escape attributes of HTML elements
It is needed only to escape attributes of handcrafted HTML elements,
and not those generated using CGI.pm subroutines / methods for HTML
generation.
While at it, add esc_url and esc_html where needed, and prefer to use
CGI.pm HTML generating methods than handcrafted HTML code. Most of
those are probably unnecessary (could be exploited only by person with
write access to gitweb config, or at least access to the repository).
This fixes CVE-2010-3906
Reported-by: Emanuele Gentili <e.gentili@tigersecurity.it>
Helped-by: John 'Warthog9' Hawley <warthog9@kernel.org>
Helped-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
and lesser changes:
3017ed6 gitweb: Introduce esc_attr to escape attributes of HTML elements
d48b284 perl: bump the required Perl version to 5.8 from 5.6.[21]
d8a9480 gitweb: Don't die_error in git_tag after already printing headers
22e5e58 Typos in code comments, an error message, documentation
497d9c3 gitweb: clarify search results page when no matching commit found
0b45010 gitweb: Fix typo in run() subroutine
7f425db gitweb: allow configurations that change with each request
61bf126 gitweb: move highlight config out of guess_file_syntax()
109988f gitweb: fix esc_url
869d588 gitweb: Move evaluate_gitweb_config out of run_request
7064994 gitweb/Makefile: fix typo in gitweb.min.css rule
5ed2ec1 gitweb: Return or exit after done serving request
ad709ea gitweb: Fix typo in hash key name in %opts in git_header_html
45aa989 gitweb: Run in FastCGI mode if gitweb script has .fcgi extension
18d0532 gitweb: Move static files into seperate subdirectory
04794fd gitweb: Use @diff_opts while using format-patch
a0446e7 gitweb: Add support for FastCGI, using CGI::Fast
c2394fe gitweb: Put all per-connection code in run() subroutine
592ea41 gitweb: Refactor syntax highlighting support
b331fe5 gitweb: Syntax highlighting support
152d943 gitweb: Create install target for gitweb in Makefile
8515392 gitweb: Improve installation instructions in gitweb/INSTALL
ee1d8ee gitweb: Silence 'Variable VAR may be unavailable' warnings
efb2d0c gitweb: Move generating page title to separate subroutine
7a59745 gitweb: Add custom error handler using die_error
c42b00c gitweb: Use nonlocal jump instead of 'exit' in die_error
377bee3 gitweb: href(..., -path_info => 0|1)
8de096b gitweb: simplify gitweb.min.* generation and clean-up rules
e391859 gitweb: update INSTALL to use shorter make target
a8ab675 gitweb: add documentation to INSTALL regarding gitweb.js
bb4bbf7 Gitweb: add autoconfigure support for minifiers
0e6ce21 Gitweb: add support for minifying gitweb.css
890a13a Sync with 1.7.0.4
7a49c25 gitweb: git_get_project_config requires only $git_dir, not also $projec
9be3614 gitweb: Fix project-specific feature override behavior
964ad92 gitweb multiple project roots documentation
1df4876 gitweb: Protect escaping functions against calling on undef
453541f gitweb: esc_html (short) error message in die_error
e6e592d gitweb: Die if there are parsing errors in config file
57017b3 gitweb: Simplify (and fix) chop_str
aa14013 gitweb: Add optional extra parameter to die_error, for extended explanaion
1ee4b4e gitweb: add a "string" variant of print_sort_th
0cf207f gitweb: add a "string" variant of print_local_time
24d4afc gitweb: Check that $site_header etc. are defined before using them
62331ef gitweb: Makefile improvements
b62a1a9 gitweb: Load checking
b2c2e4c gitweb.js: Workaround for IE8 bug
- update patch provided by V.Seifert
ChangeLog:
- #494462 by z.stolar: modify robots.txt to give search engine crawlers
permission to index content in /sites/*, such as images uploaded to the
site #481142 by JohnAlbin, sociotech: theme settings forms were not
inherited by sub-themes
- #764548 by Dave Reid, sun: backport hiding of hidden modules on the
modules page, so if projects include hidden modules for testing, those
will not confuse users #687674 by jefnguo, rdrh555: fix minor code
documentation typo in menu.inc
- #881540 by bjaspan: make syslog identity configurable on the user
interface (instead of hardwired to 'drupal') #280930 by pillarsdotnet,
oadaeh, David_Rothstein: fall back on an empty array if hook_schema is
not defined for a module
- #956320: clean up documentation for menu_set_active_trail #903016 by
daniels220: path argument was not documented on the arg() function
- #618280 by daniels220: minor fix to drupal_add_css() documentation to
have correct path example #926440 by daniels220: document search_form()
return value properly
- #716348 by grendzy, hefox: document that drupal_get_path(),
drupal_load() and drupal_get_filename() can be used with 'profile' as
well #767408 by hunmonk: copy semaphore site creation to
update_fix_d6_requirements() to solve issues upgrading from any version
of Drupal 5
- #948520 by jhodgdon, mvc: fix formatting in Schema API documentation
lists #931304 by subnet_rx, webkenny: backport support for newly popular
tel: protocol in filter_xss_bad_protocols()
- #937508 by amateescu: document the return value of arg() better #505730
by alexanderpas, jhodgdon: document return value of
valid_email_address() better
- #930784 by Jay Matwichuk, daniels220: fix argument name in code
documentation for db_add_field() #225950 by mgriego, daniels220,
jhodgdon: improve documentation on theme_image()
- #698248 by andypost: fix notice in cache.inc when $user->cache is not
defined #872374 by sender: user_load() can take a uid not just an array;
document that properly
- #942718 by joachim: document where drupal_get_form() arguments end up in
form arrays #895858 by dstol: fix documentation of possible $item values
in menu_link_save()
- #379348 by dstol: refine documentation on node_submit() #403034 by
Andreas Wolf, roderik: node_assign_owner_action() should use
node_get_types('name', ...) to get the name of the node type
- #829968 by AlexisWilke, andypost: fix drupal_lookup_path() to always
return FALSE if the source was not found, not just for the 2nd call
onwards #245990 by David_Rothstein, Pedro Lozano, andypost: do not
follow any redirections in system_check_http_request() since we only
need data on whether HTTP requests worked at all
- #366768 by druppi, hass, plach, GiorgosK: do not link to unpublished
translation nodes, even if user would have access to them (once
published) #764234 by yan_nick, Zoltan Balogh and myself: backport width
of user filter labels in admin forms; better fit for some translations
- #971400 by myself, pp: backport change of language source URLs from
Drupal 7 #809616 by catch, hswong3i: fix notice in menu rebuild
- #973242 by pp: log type name not properly translated in dblog.module
- #147000 by pwolanin, mikeytown2, et. al.: avoid multiple, parallel
rebuildings of module and theme data
- #969252 by Dave Reid: save hook_help implementation in upload.module for
admin/settings/uploads #993834 by adamgerbert, nenne: fix documentation
of return value in do_search
- #991944 by Jacine: theme_locale_admin_manage_screen() doesn't exist
- #841134 by daniels220, jhodgdon: file_save_upload() documentation
corrections
- #287647 by bjaspan, lilou, mikejoconnor, cafuego, Déja: cast invalid
hook_schema() results into arrays at all times #917670 by mr.baileys,
rdrh555: fix documentation for drupal_alter()
- #357785 by arnoldc, gravalsyr, miro_dietiker, plach: retain the tnid
value for new nodes saved, so the node object reflects the database
- #422218 by salvis, jeremiah.snapp: fix a case in forum module where non
forum tids might get picked as the forum topic tid
- #488166 by EmanueleQuinto, Damien Tournoud, jhodgdon: search relevance
calculation fails if last_comment_timestamp is NULL #881132 by HLopes,
Garrett Albright: CSS files with non-UTF-8 characters broke CSS
optimization
- #772678 by sun, jpmckinney, Berdir, markus_petrux: no way to specify
default collation, entirely depended on database configuration (which
might be inappropriate) #212130 by salvis, boydjd, Steven, grendzy,
Damien Tournoud: more complete support for unicode entities, to account
for previously missing entities in decode_entities()
- #307636 by zbricoleur, sreynen, quicksketch: fix file identification bug
with image file processing on Microsoft IIS Roll back #147000, prevented
Drupal from being installed.
- #986682 by pkiraly: improve code documentation for db_table_exists() and
db_column_exists()
Fixing http://secunia.com/advisories/42355/.
-------
v3.3.11
-------
[mms] SECURITY: Fix XSS when viewing details of a vCard (Bug #9357).
[jan] Fix exporting recurrence exceptions to vCalendar 1.0.
[jan] Skip event status synchronization with Outlook, which is broken.
[jan] Don't send SIF data to recent Funambol clients, unless requested.
[jan] Log all queries and errors by the history library.
MFSA 2010-84 XSS hazard in multiple character encodings
MFSA 2010-83 Location bar SSL spoofing using network error page
MFSA 2010-82 Incomplete fix for CVE-2010-0179
MFSA 2010-81 Integer overflow vulnerability in NewIdArray
MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta
refresh
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element
MFSA 2010-75 Buffer overflow while line breaking after document.write with
long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
Also:
Fixes for a number of non-security-relevant crashes, increasing the
stability of the whole platform and the Mail & Newsgroups part of SeaMonkey
MFSA 2010-84 XSS hazard in multiple character encodings
MFSA 2010-83 Location bar SSL spoofing using network error page
MFSA 2010-82 Incomplete fix for CVE-2010-0179
MFSA 2010-81 Integer overflow vulnerability in NewIdArray
MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta
refresh
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76 Chrome privilege escalation with window.open and <isindex> element
MFSA 2010-75 Buffer overflow while line breaking after document.write with
long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)
Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts.
Update Czech, Danish, French, Croatian, Italian, Japanese, Kurdish,
Dutch, Russian, Swedish and Turkish language files.
Also re-enable Lithuanian now.
Catch up to Contao 2.9.2.
Includes new startup scripts.
Summary of changes from 2.1.3 to 2.1.4
* A bug in the binary heap layout caused inflated object counts, this has been fixed.
* Much more comprehensive documentation.
* A DNS director that uses DNS lookups for choosing which backend to route requests to has been added.
* The client director now uses the variable client.identity for choosing which backend to send a given request to.
* String representation of now, making it easier to add Expires headers
* Portability fixes for Solaris.
* Various bug fixes.
Summary of changes from 2.1.2 to 2.1.3
* The scalability of critbit, the default hashing method, has been improved.
* A bug in varnishd would in some cases confuse varnishncsa leading to lost or wrong log lines.
* Some bugs in the handling of Range requests has been fixed. This only matters if you enable Range support.
* Add «log» command to VCL which will log to the Varnish log.
Summary of changes from 2.1.1 to 2.1.2
* When adding Range support in 2.1.1 an error was introduced. Garbage was appended to some objects. This affected some load balancers - but clients seemed not to be affected.
Summary of changes from 2.1.0 to 2.1.1
* Experimental support for the Range header, must be enabled with the http_range_support parameter.
* A bug in workspace rollback prevented ESI from working correctly in all situations. This is now fixed.
* A race condition and a deadlock in the critbit hasher have been fixed.
* HEAD requests are no longer converted to GET requests for pass and pipe.
* Support for completely obliterating objects including all variants («nuke»). See http://varnish-cache.org/changeset/4668 for details
Summary of changes from 2.0.6 to 2.1.0
Varnish 2.1.0 has just been released. It contains lots of changes relative to 2.0.6, the most important ones being:
* Experimental support for persistent cache
* The regular expression engine is now PCRE
* Saint mode, where we can serve a cached object if the backend is down or otherwise faulty.
* A more scalable hashing method called critbit
* Increased scalability, removing a limitation of maximum 64k connections
* obj_workspace is removed, this is now scaled automatically
* Hashing and client IP based directors
Note: The release has some syntaxchanges in VCL, please read the full changelog
* Fix moderate security issue where a malicious Author-level user could gain further access to the site.
* Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
* Fix canonical redirection for permalinks containing %category% with nested categories and paging.
* Fix occasional irrelevant error messages on plugin activation.
* Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
* Clarify the license in the readme
* Multisite: Fix the delete_user meta capability
* Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
* Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
* Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs
While here, set license.
* meta: Fix calling of htmlscrubber to pass the page parameter. The
change of the htmlscrubber to look at page rather than destpage
caused htmlscrubber_skip to not work for meta directives.
=== RELEASE 2.3pre1 ===
Sun Aug 16 06:17:03 MET 2009 mikulas:
Accept cookies for domains with two parts, such as xxxx.yy, where
"xxxx" has at least 4 chars. This likely won't be generic domain such
as "co.tw", so accepting the cookie is safe.
Sun May 17 22:29:43 MET DST 2009 mikulas:
Support encryption with NSS (GPL fanatics don't like OpenSSL, grrr)
Sun May 17 18:51:07 cet 2009 mikulas:
Ignore textarea that is not inside form (for Google)
Sun Jan 18 19:27:56 CET 2009 mikulas:
Avoid quadratic complexity when parsing long forms
Thu Jan 1 14:04:38 CET 2009 mikulas:
UTF-8 text mode terminal support
Sun Sep 14 01:02:06 MET 2008 mikulas:
Decode '%' in downloaded file names
Tue Sep 9 23:13:20 MET 2008 mikulas:
Do not add another '?' or '&' if already present at the end of form
submit URL
Sun Aug 24 17:19:32 MET 2008 Christian Biere <christianbiere@gmx.de>:
magnet: URL support
Wed Aug 20 23:03:10 cet 2008 mikulas:
More strict check for invalid GIF header
(catches some misgenerated images that reported too big size and
overflowed the memory allocator)
Sun Aug 17 23:30:34 MET 2008 mikulas:
Check for too big images
Wed Aug 13 00:24:41 CEST 2008 mikulas:
Fixed occasional drawing after VT switch on framebuffer
Mon Aug 4 18:53:52 cet 2008 mikulas:
Don't submit disabled form entries (this is compatible with
Mozilla/MSIE; Netscape and Lynx do submit them)
Sun Aug 3 02:40:58 MET 2008 mikulas:
Handle restart with servers that send 206 but don't send Content-Range
Changelog
=========
Since 1.7.3
------------
bugfix: Email address autocomplete click fix.
bugfix: Fixed calendar when rendering some evnets (week & day views).
bugfix: Error when sending notifications through cron.
bugfix: Improved email parsing for some email encodings.
bugfix: Improved email list refresh after taking some actions.
bugfix: Overview - view as list does not order emails properly.
bugfix: Emails are not ordered properly by 'to' field.
bugfix: Email permissions when sending.
bugfix: Email background sending process improved.
Version 2.9.2 (2010-12-02)
--------------------------
- Updated TCPDF to version 5.9.023 (#2686)
- Updated MooTools Core to version 1.2.5 (#2545)
- Updated TinyMCE to version 3.3.9.2 (#2702)
- Updated mediaboxAdvanced to version 1.2.5 (#2701)
- Added: allow external images in HTML newsletters (#2396)
- Added: added insert tags for acronyms and abbreviations (#2478)
- Added: add class "sibling" to pages on the same level in the navigation menu (#2419)
- Fixed: do not allow insert tags in comments (#2499)
- Fixed: check for custom layout sections during the theme import
- Fixed: only send the comments notification once (#2407)
- Fixed: skipping the first item of a news list did not work correctly (#2488)
- Fixed: allow column width 0 in page layouts (#2554)
- Fixed: consider the protocol when loading scripts from the Google CDN (#2450)
- Fixed: textareas in the back end were cut off in Opera (#2404)
- Fixed: the task history could not be collapsed (#2424)
- Fixed: the link insert tags showed the page title instead of the page name (#2371)
- Fixed: do not show empty fieldset legends in the form generator (#2625)
- Fixed: preserve curly brackets when replacing simple tokens (#2597)
- Fixed: the style sheet importer did not support some CSS3 selectors (#2566)
- Fixed: textual date insert tags were not replaced when loaded from cache (#2644)
- Fixed: the image insert tag did not output the image dimensions (#2529)
- Fixed: clear the $_GET array after rendering the event list module (#2445)
- Fixed: do not aggregate style sheets with a @font-face selector (#2443)
- Fixed: news insert tags did not handle entities correctly (#2604)
- Fixed: do not show the FTP and database passwords in the install tool (#2417)
- Fixed: minor fixes for the TimePeriod widget (#2477)
- Fixed: update the CSS files after an old version of a record has been restored (#2524)
- Fixed: custom page templates were not shown in "override all" mode (#2494)
- Fixed: incorrect event sorting (#2675)
- Fixed: do not execute hooks in the extension manager (#2448)
- Fixed: check for existing files when renaming files in the file manager (#2610)
- Fixed: check redirect pages for circular references (#2704)
- Fixed: fixed a few minor spelling issues (#2403)
- Fixed some minor issues
4.15 Sun Nov 28 2010: - Balint Szilakszi <szbalint at cpan.org>
- Refactored constant handling and added thorough testing for it.
- Fixed CURLOPT_PRIVATE, it is now a string and can be set/get accordingly.
4.14 Sun Oct 24 2010: - Balint Szilakszi <szbalint at cpan.org>
- Scalar references can now be used to receive body/header data [gfx].
- Speed optimizations for threaded perl. [gfx, szbalint].
- Added a more generic libcurl constant detection.
- Added the pushopt method for appending strings to array options.
- Documentation improvements.
4.1 Mon Oct 25 2010
[FIXES]
* '/' is a valid attribute (pull from tokuhirom) (RT #61809)
* Change check fo subclasses in as_HTML. (RT #61673)
* Fix ProhibitThreeArgumentOpen being triggered. (RT #61857)
* websetup: Fix encoding problem when restoring old setup file.
* more: Add pages parameter to limit where the more is displayed.
(thanks, dark)
* Fix escaping of filenames in historyurl. (Thanks, aj)
* inline: Improve RSS url munging to use a proper html parser,
and support all elements that HTML::Tagset knows about.
(Which doesn't include html5 just yet, but then the old version
didn't either.) Bonus: 4 times faster than old regexp method.
* Optimise glob() pagespec. (Thanks, Kathryn and smcv)
* highlight: Support new format of filetypes.conf used by version 3.2
of the highlight package.
* edittemplate: Fix crash if using a .tmpl file or other non-page file
as a template for a new page.
* git: Fix temp file location.
* rename: Fix to pass named parameters to rcs_commit.
* git: Avoid adding files when committing, so as not to implicitly add
files like recentchanges files that are not normally checked in,
when fixing links after rename.
Changes with mod_fcgid 2.3.6
*) SECURITY: CVE-2010-3872 (cve.mitre.org)
Fix possible stack buffer overwrite. Diagnosed by the reporter.
P R 49406. [Edgar Frank <ef-lists email.de>]
*) Change the default for FcgidMaxRequestLen from 1GB to 128K.
Administrators should change this to an appropriate value based on
site requirements. [Jeff Trawick]
*) Allow FastCGI apps more time to exit at shutdown before being
forcefully killed. [Jeff Trawick]
*) Correct a problem that resulted in FcgidMaxProcesses being ignored
in some situations. P R 48981. [<rkosolapov gmail.com>]
*) Fix the search for processes with the proper vhost config when
ServerName isn't set in every vhost or a module updates
r->server->server_hostname dynamically (e.g., mod_vhost_cdb)
or a module updates r->server dynamically (e.g., mod_vhost_ldap).
[Jeff Trawick]
*) FcgidPassHeader now maps header names to environment variable names
in the usual manner: The header name is converted to upper case and
is prefixed with HTTP_. An additional environment variable is
created with the legacy name. P R 48964. [Jeff Trawick]
*) Allow processes to be reused within multiple phases of a request
by releasing them into the free list as soon as possible.
[Chris Darroch]
*) Fix lookup of process command lines when using FcgidWrapper or
access control directives, including within .htaccess files.
[Chris Darroch]
*) Resolve a regression in 2.3.5 with httpd 2.0.x on some Unix platforms;
ownership of mutex files was incorrect, resulting in a startup failure.
P R 48651. [Jeff Trawick, <pservit gmail.com>]
*) Return 500 instead of segfaulting when the application returns no output.
[Tatsuki Sugiura <sugi nemui.org>, Jeff Trawick]
*) In FCGI_AUTHORIZER role, avoid spawning a new process for every
different HTTP request. [Chris Darroch]
- Allow the "error_page" directive to change the status code in a
redirect
- Support special "degration" mask in "gzip_disable" directive
- Fix a socket leak with file AIO
- Fix bug that made a server the default if none was explicitly set and
the first server has no "listen" directive
Update to 0.9.9.3. Nothing much changed between .2 and .3, update is
straightforward.
While here, make MESSAGE more helpful in case of package upgrade.
Changelog:
0.9.9.2 => 0.9.9.3
Functionality Enhancements
* Bindings available to a principal are now listed in the Admin UI.
* Attempt to login using supplied basic authentication credentials, if all else fails.
Bug Fixes
* WebDAV Sync is now supported for Addressbook collections.
* VCARD resources will no longer report a blank ETag in an XML responses.
* The ETag property will be properly quoted when appearing an XML response.
Other Changes
* 412 error responses to PUT for addressbook resources now include useful information.
* A new temporary configuration option is added to allow use of the old sync-response tag in WebDAV sync for compatibility with the Inverse CardDAV plugin for Lightning.
* Basic recognition of VLIST resources.
Changelog:
0.9.9.1 => 0.9.9.2
Functionality Enhancements
* Tickets and Bindings related to a collection or principal are now listed in the Admin UI.
Bug Fixes
* The CardDAV 'addressbook-query' report is enabled.
* A bug is fixed in the database libraries which caused some valid hexadecimal strings to be treated as numbers.
* The PAM auth method now parses the username field better (Jim Hague).
* An ETag will now be sent in response to a PUT for non-Calendar resources as well as for calendaring ones.
* Collection / Principal maintenance screens will no longer cause query errors during the create action.
0.9.9 => 0.9.9.1
Functionality Enhancements
* Initial support for vCard Extensions to WebDAV (CardDAV) - Draft
* WebDAV Sync RFC (draft) support is updated to draft version -03
* Support for /.well-known/caldav and /.well-known/carddav URLs (per RFC5785: Defining Well-Known URIs)
Bug Fixes
* Free/busy handling has been completely rewritten.
* LDAP group handling should be better
* UTF8 calendars should now be more reliably imported.
* There should be no need to override the DAV header.
* Many others.
Other Changes
* Some updated translations
* Clients which set the Content-Type incorrectly on PUT should be accommodated with a warning logged.
* Errors in the DAViCal configuration file should not generate output to the screen. This has been a common problem causing breakage in the DAV functionality. Errors will still be logged to the PHP error log (usually the Apache error log).
* txt: Fix display when used inside a format directive.
* highlight: Ensure that other, more-specific format plugins,
like txt are used in preference to this one in case of ties.
* htmltidy, sortnaturally: Add missing checkconfig hook
registration. Closes: #601912
(Thanks, Craig Lennox and Tuomas Jormola)
* git: Use author date, not committer date. Closes: #602012
(Thanks, Tuomas Jormola)
* Fix htmlscrubber_skip to be matched on the source page, not the page it is
inlined into. Should allow setting to "* and !comment(*)" to scrub
comments, but leave your blog posts unscrubbed, etc. CVE-2010-1673
* comments: Make postcomment() pagespec work when previewing a comment,
including during moderation. CVE-2010-1673
* comments: Make comment() pagespec also match comments that are being
posted. CVE-2010-1673
* Fix searching DataTree elements (groups) if backend charset is different
from interface charset
* Fix accessing IMAP ACLs that contain non-alphanumeric characters
* Avoid fatal errors when using DateTime with not properly configured PHP 5.3+
* Fix importing recurrence exceptions from vCalendar 1.0.
* Fix preferences management regression
* Fix conversion of all-day events and certain yearly recurring events for
Funambol clients.
* Fix memcache cache regression.
* Fix SyncML page sometimes deleting more anchors than selected.
New features/improvements:
- Detect Windows 7.
- Can format numbers according to language.
- More mime types.
- Added geoip_asn_maxmind plugin.
- Geoip Maxmind city plugin have now override file capabilities to complete
missing entries in geoip maxmind database.
- Added graphgooglechartapi to use online Google chart api to build graph.
- Can show map of country to report countries when using graphgooglechartapi.
- Part of codes was change to use more functions and have a cleaner code.
- Added parameter to ignore missing log files when merging for a site on
multiple servers where a single server may not have created a log for a given day.
- Update robots database.
- Added Download tracking where certain mime types are defined as downloads
and HTTP status 206 is tracked as download continuation
- Can use wrapper with parameters in WrapperScript parameter.
- Change to allow usage of AWStats inside a plugin
for Opensource Dolibarr ERP & CRM software (http://www.dolibarr.org).
Fixes:
- Webmin module works with new version of webmin.
- Security fix (Traverse directory of LoadPlugin)
- Security fix (Limit config to defined directory to avoid access to external
config file via a nfs or webdav link).
Geeklog History/Changes:
Oct 31, 2010 (1.7.1)
------------
- Fixed description of $index parameter for STORY_renderArticle (bug #0001203)
[Dirk]
- The number of successfully imported users was always reported as 0 for the
"Batch Add" option in the User Manager (bug #0001211) [Ivy, Dirk]
- Fixed a bug in the MS SQL changeDESCRIBE method to properly prefix the proper
sql query string [Randy]
- Updated Hebrew language files, provided by LWC
- New Italian language files for the Links plugin, provided by Rouslan Placella
- Updated Italian language files for the Static Pages plugin, provided by
Rouslan Placella
Calendar Plugin
---------------
- Fixed an SQL error when returning search results for the Personal Calendar
(bug #0001195) [Dirk]
Oct 10, 2010 (1.7.1rc1)
------------
- If content from an Autotag produces another Autotag it will be executed (to a
maximum of 5 times) [Tom]
- Themes can now have their own display functions for the start and end of
Blocks. (Feature #0001188) [Tom]
- Reverted a change in 1.7.0 that would send a Content-Type header when calling
COM_refresh since this conflicts with some plugins (e.g. the Forum) [Dirk]
- Fixed wrong view after posting a comment on a poll (bug #0001080, patch
provided by Wojtek Szkutnik)
- Fixed language in the dropdown for the permanent cookie in the Configuration
(bug #0001117, patch provided by Eric Brisco)
- Added cancel and delete buttons to comment edit and submission forms when
needed. (Feature #0000981) [Tom]
- Reverted parts of the changes for bug #0001057: Do _not_ escape curly braces
when displaying a block's content (bug #0001156). If you run into the problem
that words in curly braces inside blocks are interpreted as template
variables, simply add a space after the opening and/or the closing brace
[Dirk]
- Autotags can now be inserted directly into template files.
(Feature #0001181) [Tom]
- Plugins are able to control moderation and return a string to be displayed.
(Feature #0000619 patch provided by jmucchiello)
- Admin lists can now display a 0 in a column instead of being blank
(bug #0001060 patch provided by jmucchiello)
- Fixed "Show & Hide Boxes" option in My Account (reported by Pushkar) [Dirk]
- Display the topic name (instead of the topic id) in the list of draft stories
(bug #0001171) [Dirk]
- Fixed COM_formatTimeString to correctly handle intervals bigger than 4 weeks
(bug #0001158) [Dirk]
- Call PLG_templateSetVars for the Advanced Search form [Dirk]
- Make sure we keep the current status of the user's Advanced Editor option
even when Advanced Editor is disabled for the site (Thanks, Markus) [Dirk]
- Comment submissions for plugins were missing the type [Dirk]
- In the Group Editor, hide the 'Apply "Default Group" change' option until the
state of the "Default Group" checkbox changes (feature request #0001116,
patch provided by Dushyant Tiwari)
- Fixed handling of $LANG_DIRECTION in the install script (cf. bug #0000871)
- Fixed query highlighting in articles - didn't work for queries that contained
characters filtered by COM_applyFilter [Dirk]
- Updated Japanese language file, provided by the Geeklog.jp group
- New and updated French (France) language files, provided by Ben
- Updated Hebrew language file for the Links plugin, provided by LWC
Static Pages Plugin
-------------------
- Call up the Advanced Editor when enabled (bug #0001147, patch provided by
Samuel Leathers)
- A Static Page can now be marked as a template and used by other Static Pages.
(Feature #0001085) [Tom]
