Changelog:
Fixed in Firefox ESR 31.8
2015-71 NSS incorrectly permits skipping of ServerKeyExchange
2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
2015-69 Privilege escalation through internal workers
2015-66 Vulnerabilities found through code inspection
2015-65 Use-after-free in workers while using XMLHttpRequest
2015-64 ECDSA signature validation fails to handle some signatures correctly
2015-61 Type confusion in Indexed Database Manager
2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
PasteScript is a pluggable command-line tool.
It includes some built-in features;
* Create file layouts for packages. For instance, paster create
--template=basic_package MyPackage will create a setuptools-ready
file layout.
* Serving up web applications, with configuration based on
paste.deploy.
1.5.2
-----
* Fixed Python 3 issue in paste.deploy.util.fix_type_error()
1.5.1
-----
* Fixed use of the wrong variable when determining the context protocol
* Fixed invalid import of paste.deploy.Config to paste.deploy.config.Config
* Fixed multi proxy IPs bug in X-Forwarded-For header in PrefixMiddleware
* Fixed TypeError when trying to raise LookupError on Python 3
* Fixed exception reraise on Python 3
Thanks to Alexandre Conrad, Atsushi Odagiri, Pior Bastida and Tres Seaver for their contributions.
1.5.0
-----
* Project is now maintained by Alex Grönholm <alex.gronholm@nextday.fi>
* Was printing extraneous data when calling setup.py
* Fixed missing paster template files (fixes "paster create -t paste.deploy")
* Excluded tests from release distributions
* Added support for the "call:" protocol for loading apps directly as
functions (contributed by Jason Stitt)
* Added Python 3.x support
* Dropped Python 2.4 support
* Removed the ``paste.deploy.epdesc`` and ``paste.deploy.interfaces`` modules
-- contact the maintainer if you actually needed them
1.3.4
-----
* Fix loadconfig path handling on Jython on Windows.
Routes is a Python re-implementation of the Rails routes system for
mapping URLs to Controllers/Actions and generating URLs. Routes makes
it easy to create pretty and concise URLs that are RESTful with little
effort.
Speedy and dynamic URL generation means you get a URL with minimal
cruft (no big dangling query args). Shortcut features like Named
Routes cut down on repetitive typing.
URLObject is a utility class for manipulating URLs. The latest
incarnation of this library builds upon the ideas of its predecessor,
but aims for a clearer API, focusing on proper method names over
operator overrides. It's also being developed from the ground up
in a test-driven manner, and has full Sphinx documentation.
FormEncode is a validation and form generation package. The
validation can be used separately from the form generation. The
validation works on compound data structures, with all parts being
nestable. It is separate from HTTP or any other input mechanism.
Waitress is meant to be a production-quality pure-Python WSGI server
with very acceptable performance. It has no dependencies except
ones which live in the Python standard library. It supports HTTP/1.0
and HTTP/1.1.
at least it supports 5.20.0.
2.0.9 June 18, 2015
Add note to README about MP_INLINE problem when building with GCC 5.
[Niko Tyni <ntyni@debian.org>]
Fix t/api/aplog.t for apr-1.5.2. [Steve Hay]
Note that Perl 5.22.x is currently not supported. This is logged as
CPAN RT#101962 and will hopefully be addressed in 2.0.10. [Steve Hay]
Fix unthreaded build, which was broken in 2.0.9-rc2. [Steve Hay]
Remove PerlInterpScope. This has not been working properly with threaded
MPMs with httpd-2.4.x and the use-case of this directive was questionable.
[Jan Kaluza]
Allow running the test suite with httpd-2.4.x when mod_access_compat is not
loaded. [Steve Hay]
Add support for Apache httpd-2.4.x. [Torsten Foertsch, Jan Kaluza,
Steve Hay, Gozer]
Don't call modperl_threaded_mpm() et al. from XS code. Fixes Debian Bug
#765174. [Niko Tyni <ntyni@debian.org>]
Make sure modperl_interp_select uses r->server rather than the passed s
parameter to find the interpreter pool to pull an interpreter from. This
fixes an issue with vhosts with a separate interpreter pool and runtime
dir-config merges that used to pull the interpreter from the wrong pool.
[Torsten Foertsch]
PerlInterpScope is now more advisory. Using $(c|r)->pnotes will bind
the current interpreter to that object for it's lifetime.
$(c|r)->pnotes_kill() can be used to prematurely drop pnotes and
remove this binding. [Torsten Foertsch]
Now correctly invokes PerlCleanupHandlers, even if they are the only
handler type configured for that request [Torsten Foertsch]
For threaded MPMs, change interpreter managment to a new, reference-counted
allocation model. [Torsten Foertsch]
Expose modperl_interp_pool_t via ModPerl::InterpPool, modperl_tipool_t
via ModPerl::TiPool and modperl_tipool_config_t via ModPerl::TiPoolConfig
[Torsten Foertsch]
Expose modperl_interp_t via ModPerl::Interpreter [Torsten Foertsch]
Fix t/compat/apache_file.t on Windows. Apache::File->tmpfile() wants TMPDIR
or TEMP from the environment, or else defaults to /tmp. The latter is no
good on Windows, so make sure the environment variables are passed through.
(TEMP should be set to something suitable on Windows.) [Steve Hay]
Fix t/api/err_headers_out.t with HTTP::Headers > 6.00. [Rolando
<rolosworld@gmail.com>]
Fix the build with VC++ and dmake (rather than nmake) on Windows. The
Makefile generated by Apache2::Build uses shell commands for the manifest
file, but neglected to tell dmake to use the shell. [Steve Hay]
Don't write an 'rpm' target into the Makefile on Windows. It isn't relevant
on Windows, and the (hard-coded, not MakeMaker-generated) recipe group has
syntax which dmake doesn't understand. [Steve Hay]
strnstr(3) was added to NetBSD -current but is not in netbsd-7 (or
earlier releases). This patch was confirmed to still work on -current by
wiz@ (7.99.19 amd64), and on netbsd-7 by myself (7.0_RC1, amd64).
pkgsrc changes:
o Convert the osabi dependency to NOT_FOR_PLATFORM.
o Add LICENSE information (like www/webkit24-gtk)
Changes:
WebKitGTK+ 2.8.4
=================
- Make WebSQL work by using a default quota instead of always failing in openDatabase with
DOM Exception 18.
- Improve detection and usage of GL/GLES/EGL libraries.
- Fix a crash on memory allocation using bmalloc on 32bit systems.
- Fix DOCUMENT_VIEWER cache model to actually disable the memory cache.
- Fix a WebProcess crash after too many redirect error when there's an active NPAPI plugin.
- Fix a WebProcess crash when gtk-font-name setting is empty.
- Ensure Math.abs() doesn't return negative.
- Correctly restore accelerated compositing after a WebProcess crash.
- Respect X-Frame-Options headers when loading from application cache.
- Several crashes and rendering issues fixed.
- Fix the MIPS N64 detection.
- Fix several memory leaks.
- Translation updates: Catalan.
WebKitGTK+ 2.8.3
=================
- Fixed a regression introduced in 2.8.2 that broke downloads when using the network
process.
- Fix the build with Netscape plugins disabled.
- Fix XPixamps leaked by GLContext when using EGL on X11.
WebKitGTK+ 2.8.2
=================
- Fix network redirection to a non HTTP destination.
- Use a webkit subdirectory for the disk cache to avoid conflicts with other
files in the cache directory when the disk cache is cleaned up.
- Do not preserve the Origin header on on cross-origin redirects.
- Prevent WorkQueue objects from being leaked and ensure its worker thread
always exits.
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.
No effective change for the above reason.
Ok joerg
6.08 2015-07-10
- Resolve new uninitialized warning from
HTTP::Request::Common::request_type_with_data (RT#105787)
6.07 2015-07-09
- Allow subclasses to override the class of parts - it used to be
hardcoded to HTTP::Message. (Gisle Aas, RT#79239)
- Added support for is_client_error, is_server_error to HTTP::Response
(Karen Etheridge)
- Added flatten interface to HTTP::Headers (Tokuhiro Matsuno, GH#5)
- Allow PUT to pass content data via hashrefs just like with POST (Michael
Schilli, GH#9)
- Fix for "Content-Encoding: none" header (Gisle Aas, RT#94882)
- Add support for HTTP status 308, defined in RFC 7238 (Olivier Mengué,
RT#104102)
- drop the use of "use vars" (Karen Etheridge)
2.8.1
What’s new in the WebKitGTK+ 2.8.1 release?
Handle keep-alive connections in GStreamer HTTP source element.
Fix a crash in DOMObjectCache when a wrapped object owned by the cache is unreffed by the user.
Fix rendering of drag and drop icon.
Fix the build with REDIRECTED_XCOMPOSITE_WINDOW disabled in X11 platform.
Fix the build with Wayland target enabled.
Fix the build for HPPA.
2.8
Highlights of the WebKitGTK+ 2.8.0 release
Initial gestures support.
HTML5 notifications.
User script messages.
HTML5 color input.
APNG support.
Performance improvements.
Playing audio notification signal.
Web view background colors.
and lots of changes in the 2.6 series; major changes in 2.6 were:
Highlights of the WebKitGTK+ 2.6.0 release
WebKit1 API has been removed.
Switch to CMake build system.
Binary version bump to make WebKit1 and WebKit2 parallel installable.
Several API changes.
The DOM bindings API has been split into stable and unstable parts.
Support for browser plugins using GTK+3, leaving the GTK+2
dependency optional for building a plugin process with support
for GTK+2 plugins.
HighDPI support for non-accelerated compositing contents.
Dynamic user agent string depending on the site.
User scripts API.
space for the next major version.
WebKit is an open source web browser engine. WebKit is also the name of
the Mac OS X system framework version of the engine that's used by
Safari, Dashboard, Mail, and many other OS X applications. WebKit's HTML
and JavaScript code began as a branch of the KHTML and KJS libraries
from KDE.
This is the GTK2+ port of the engine of the 2.4 series.
uhttpmock is a project for mocking web service APIs which use HTTP
or HTTPS. It provides a library, libuhttpmock, which implements
recording and playback of HTTP request-response traces.
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
This package tracks 38 ESR.
Upstream changes:
Moodle-2.9.1
Highlights
A lot of work has been done in dealing with unexpected grade changes in the gradebook which some users have experienced when upgrading from Moodle 2.7 to 2.8 or 2.9. See the user documentation Grades min max and Gradebook calculation changes for details.
MDL-48618 - Dealing with unexpected changes to grades after upgrading to Moodle 2.8
MDL-49257 - Adjusting weights when extra credit item is present causes unexpected behaviour
MDL-48239 - Changing the maximum grade of items with calculation to the value different from 100
Another release highlight is the introduction of the authorised access to the YouTube repository. After upgrading you will need to enter an API key from YouTube into your site's YouTube repository settings.
MDL-50176 - Authenticated access to the YouTube repository
Functional changes
MDL-50089 - Gradebook export now respects aggregate only non-empty grades for percentage and letter
MDL-48467 - Atto: Clean the html even if submitting the form when Atto is in html view mode
API changes
MDL-49022 - sync_users must trigger event core\event\user_updated
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Fixes and improvements
MDL-50177 - Upgrading assignments in 2.7/2.8 works even when conditional access is used
MDL-39353 - Connection to a hub from behind a proxy server
MDL-49742 - Enrolled users page no longer displays sorting by fields that are not used in user identity
MDL-47787 - After deleting a quiz, its question categories and questions remain in the database
MDL-49764 - Fixed gradebook UI inconsistencies in Internet Explorer
MDL-49885 - The course overview block can now be added to Dashboard
MDL-50675 - Display Wikimedia repository thumbnails (caused by the change in Wikimedia API)
MDL-50091 - Fixed fatal error in gradebook singleview after a module has been uninstalled
MDL-48664 - Messaging contacts paging bar no longer expands and overlaps other text
MDL-50092 - User unenrollment is now working with IMS Enterprise
MDL-49560 - SOAP web service now works with token
MDL-50004 - Fix coursename and enrolment icons in category combo on Frontpage
MDL-50646 - Site default language should be set as the language for new users
MDL-50394 - Grade to pass no longer throws an error when a decimal point separator is used
MDL-50276 - Added missing new line separator in plain text e-mails from the forum
MDL-49061 - The activity completion report in a course correctly shortens headers when multi language filter is used
MDL-50275 - Added missing version bump after risk bitmap change in MDL-49941
MDL-50380 - Fixed missing parameter error when editing files in wiki
* ext_edirectory_userip_acl: fix uninitialized variable
* Do not blindly forward cache peer CONNECT responses.
* Bug 3483: assertion failed store.cc:1866: 'isEmpty()'
* Use relative-URL in errorpage.css for SN.png
* Bug 4193: Memory leak on FTP listings
* Bug 4274: ssl_crtd.8 not being installed
* Fix CONNECT failover to IPv4 after trying broken IPv6 servers
* Bug 4183: segfault when freeing https_port clientca on reconfigure or exit.
* TLS: Disable client-initiated renegotiation
* Translations: add Spanish US dialect alias
* Cleanup: replace __DATE__ and __TIME__ macros
* Fix assertion String.cc:221: "str"
* Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone
* Bug 3875: bad mimeLoadIconFile error handling
* Support custom OIDs in *_cert ACLs
* Bug 3329: The server side pinned connection is not closed properly
Changelog:
Git v2.4.5 Release Notes
========================
Fixes since v2.4.4
------------------
* The setup code used to die when core.bare and core.worktree are set
inconsistently, even for commands that do not need working tree.
* There was a dead code that used to handle "git pull --tags" and
show special-cased error message, which was made irrelevant when
the semantics of the option changed back in Git 1.9 days.
* "color.diff.plain" was a misnomer; give it 'color.diff.context' as
a more logical synonym.
* The configuration reader/writer uses mmap(2) interface to access
the files; when we find a directory, it barfed with "Out of memory?".
* Recent "git prune" traverses young unreachable objects to safekeep
old objects in the reachability chain from them, which sometimes
showed unnecessary error messages that are alarming.
* "git rebase -i" fired post-rewrite hook when it shouldn't (namely,
when it was told to stop sequencing with 'exec' insn).
Also contains typofixes, documentation updates and trivial code
clean-ups.
Git v2.4.4 Release Notes
========================
Fixes since v2.4.3
------------------
* l10n updates for German.
* An earlier leakfix to bitmap testing code was incomplete.
* "git clean pathspec..." tried to lstat(2) and complain even for
paths outside the given pathspec.
* Communication between the HTTP server and http_backend process can
lead to a dead-lock when relaying a large ref negotiation request.
Diagnose the situation better, and mitigate it by reading such a
request first into core (to a reasonable limit).
* The clean/smudge interface did not work well when filtering an
empty contents (failed and then passed the empty input through).
It can be argued that a filter that produces anything but empty for
an empty input is nonsense, but if the user wants to do strange
things, then why not?
* Make "git stash something --help" error out, so that users can
safely say "git stash drop --help".
* Clarify that "log --raw" and "log --format=raw" are unrelated
concepts.
* Catch a programmer mistake to feed a pointer not an array to
ARRAY_SIZE() macro, by using a couple of GCC extensions.
Also contains typofixes, documentation updates and trivial code
clean-ups.
Changelog:
New Share Hello URLs with social networks
New Project Silk: Smoother animation and scrolling (Mac OS X)
New Support for 'switch' role in ARIA 1.1 (web accessibility)
New SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux)
New Support for new Unicode 8.0 skin tone emoji
Changed Removed support for insecure SSLv3 for network communications
Changed Disable use of RC4 except for temporarily whitelisted hosts
Changed The malware detection service for downloads now covers common Mac file types (Bug 1138721)
Changed of displaying dashed lines is improved (Mac OS X) (Bug 1123019)
HTML5 List-style-type now accepts a string value
HTML5 Enable the Fetch API for network requests from dedicated, shared and service workers
HTML5 Cascading of CSS transitions and animations now matches the current spec
HTML5 Implement <link rel="preconnect">allowing anticipation of a future connection without revealing any information
HTML5 Added support for CSS Scroll Snap Points
Developer Drag and drop enabled for nodes in Inspector markup view
Developer Webconsole input history persists even after closing the toolbox
Developer Cubic bezier tooltip now shows a gallery of timing-function presets for use with CSS animations
Developer localhost is now available offline for WebSocket connections
Fixed Improve performance for IPv6 fallback to IPv4
Fixed Fix incomplete downloads being marked as complete by detecting broken HTTP1.1 transfers
Fixed The Security state indicator on a page now correctly ignores loads caused by previous pages
Fixed Fixed an issue where a Hello conversation window would sometimes fail to open
Fixed A regression that could lead to Flash not displaying has been fixed
Fixed Update to NSS 3.19.2
Fixed Various security fixes
Fixed in Firefox 39
2015-71 NSS incorrectly permits skipping of ServerKeyExchange
2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
2015-69 Privilege escalation in PDF.js
2015-68 OS X crash reports may contain entered key press information
2015-67 Key pinning is ignored when overridable errors are encountered
2015-66 Vulnerabilities found through code inspection
2015-65 Use-after-free in workers while using XMLHttpRequest
2015-64 ECDSA signature validation fails to handle some signatures correctly
2015-63 Use-after-free in Content Policy due to microtask execution error
2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
2015-61 Type confusion in Indexed Database Manager
2015-60 Local files or privileged URLs in pages can be opened into new tabs
2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
Curl and libcurl 7.43.0
Public curl releases: 147
Command line options: 176
curl_easy_setopt() options: 219
Public functions in libcurl: 58
Contributors: 1291
This release includes the following changes:
o Added CURLOPT_PROXY_SERVICE_NAME[11]
o Added CURLOPT_SERVICE_NAME[12]
o New curl option: --proxy-service-name[13]
o Mew curl option: --service-name [14]
o New curl option: --data-raw [5]
o Added CURLOPT_PIPEWAIT [15]
o Added support for multiplexing transfers using HTTP/2, enable this
with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING [16]
o HTTP/2: requires nghttp2 1.0.0 or later
o scripts: add zsh.pl for generating zsh completion
o curl.h: add CURL_HTTP_VERSION_2
This release includes the following bugfixes:
o CVE-2015-3236: lingering HTTP credentials in connection re-use [30]
o CVE-2015-3237: SMB send off unrelated memory contents [31]
o nss: fix compilation failure with old versions of NSS [1]
o curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
o schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
o Curl_ossl_init: load builtin modules [2]
o configure: follow-up fix for krb5-config [3]
o sasl_sspi: Populate domain from the realm in the challenge [4]
o netrc: support 'default' token
o README: convert to UTF-8
o cyassl: Implement public key pinning
o nss: implement public key pinning for NSS backend
o mingw build: add arch -m32/-m64 to LDFLAGS
o schannel: Fix out of bounds array [6]
o configure: remove autogenerated files by autoconf
o configure: remove --automake from libtoolize call
o acinclude.m4: fix shell test for default CA cert bundle/path
o schannel: fix regression in schannel_recv [7]
o openssl: skip trace outputs for ssl_ver == 0 [8]
o gnutls: properly retrieve certificate status
o netrc: Read in text mode when cygwin [9]
o winbuild: Document the option used to statically link the CRT [10]
o FTP: Make EPSV use the control IP address rather than the original host
o FTP: fix dangling conn->ip_addr dereference on verbose EPSV
o conncache: keep bundles on host+port bases, not only host names
o runtests.pl: use 'h2c' now, no -14 anymore
o curlver: introducing new version number (checking) macros
o openssl: boringssl build brekage, use SSL_CTX_set_msg_callback [17]
o CURLOPT_POSTFIELDS.3: correct variable names [18]
o curl_easy_unescape.3: update RFC reference [19]
o gnutls: don't fail on non-fatal alerts during handshake
o testcurl.pl: allow source to be in an arbitrary directory
o CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy
o SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description [20]
o parse_proxy: switch off tunneling if non-HTTP proxy [21]
o share_init: fix OOM crash
o perl: remove subdir, not touched in 9 years
o CURLOPT_COOKIELIST.3: Add example
o CURLOPT_COOKIE.3: Explain that the cookies won't be modified [22]
o CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain [23]
o FAQ: How do I port libcurl to my OS?
o openssl: Use TLS_client_method for OpenSSL 1.1.0+
o HTTP-NTLM: fail auth on connection close instead of looping [24]
o curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT [25]
o curl_getdate.3: update RFC reference
o curl_multi_info_read.3: added example
o curl_multi_perform.3: added example
o curl_multi_timeout.3: added example
o cookie: Stop exporting any-domain cookies [26]
o openssl: remove dummy callback use from SSL_CTX_set_verify()
o openssl: remove SSL_get_session()-using code
o openssl: removed USERDATA_IN_PWD_CALLBACK kludge
o openssl: removed error string #ifdef
o openssl: Fix verification of server-sent legacy intermediates [27]
o docs: man page indentation and syntax fixes
o docs: Spelling fixes
o fopen.c: fix a few compiler warnings
o CURLOPT_OPENSOCKETFUNCTION: return error at once [28]
o schannel: Add support for optional client certificates
o build: Properly detect OpenSSL 1.0.2 when using configure
o urldata: store POST size in state.infilesize too [29]
o security:choose_mech remove dead code
o rtsp_do: remove dead code
o docs: many HTTP URIs changed to HTTPS
o schannel: schannel_recv overhaul [32]
This release includes the following known bugs:
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Alexander Dyagilev, Anders Bakken, Anthony Avina,
Ashish Shukla, Bert Huijben, Brian Chrisman, Brian Prodoehl, Chris Araman,
Dagobert Michelsen, Dan Fandrich, Daniel Melani, Daniel Stenberg,
Dmitry Eremin-Solenikov, Drake Arconis, Egon Eckert, Frank Meier, Fred Stluka,
Gisle Vanem, Grant Pannell, Isaac Boukris, Jens Rantil, Joel Depooter,
Kamil Dudka, Linus Nielsen Feltzing, Linus Nielsen Feltzing Feltzing,
Liviu Chircu, Marc Hoersken, Michael Osipov, Oren Souroujon, Orgad Shaneh,
Patrick Monnerat, Patrick Rapin, Paul Howarth, Paul Oliver, Rafayel Mkrtchyan,
Ray Satiro, Sean Boudreau, Tatsuhiro Tsujikawa, Tomas Tomecek, Viktor Szakáts,
Ville Skyttä, Yehezkel Horowitz,
(43 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = http://curl.haxx.se/mail/lib-2015-04/0095.html
[2] = https://github.com/bagder/curl/pull/206
[3] = 5b66860652 (commitcomment-10473445)
[4] = https://github.com/bagder/curl/pull/141
[5] = https://github.com/bagder/curl/issues/198
[6] = http://curl.haxx.se/mail/lib-2015-04/0199.html
[7] = https://github.com/bagder/curl/issues/244
[8] = https://github.com/bagder/curl/issues/219
[9] = https://github.com/bagder/curl/pull/258
[10] = https://github.com/bagder/curl/issues/254
[11] = http://curl.haxx.se/libcurl/c/CURLOPT_PROXY_SERVICE_NAME.html
[12] = http://curl.haxx.se/libcurl/c/CURLOPT_SERVICE_NAME.html
[13] = http://curl.haxx.se/docs/manpage.html#--proxy-service-name
[14] = http://curl.haxx.se/docs/manpage.html#--service-name
[15] = http://curl.haxx.se/libcurl/c/CURLOPT_PIPEWAIT.html
[16] = http://curl.haxx.se/libcurl/c/CURLMOPT_PIPELINING.html
[17] = https://github.com/bagder/curl/issues/275
[18] = https://github.com/bagder/curl/issues/281
[19] = https://github.com/bagder/curl/issues/282
[20] = https://github.com/bagder/curl/issues/267
[21] = http://curl.haxx.se/mail/lib-2015-05/0056.html
[22] = http://curl.haxx.se/mail/lib-2015-05/0115.html
[23] = http://curl.haxx.se/mail/lib-2015-05/0137.html
[24] = https://github.com/bagder/curl/issues/256
[25] = https://github.com/bagder/curl/pull/258#issuecomment-107093055
[26] = https://github.com/bagder/curl/issues/292
[27] = https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
[28] = http://curl.haxx.se/mail/lib-2015-06/0047.html
[29] = http://curl.haxx.se/mail/lib-2015-06/0019.html
[30] = http://curl.haxx.se/docs/adv_20150617A.html
[31] = http://curl.haxx.se/docs/adv_20150617B.html
[32] = https://github.com/bagder/curl/issues/244
Upstream changes:
6.12 2015-06-18
- Welcome to the Mojolicious core team Dan Book.
- Added TO_JSON method to Mojo::Collection. (wttw)
- Added find_packages function to Mojo::Loader.
- Fixed bug in Mojo::Message where multipart content would get downgraded
unnecessarily.
Changes with nginx 1.8.0 21 Apr 2015
*) 1.8.x stable branch.
Changes with nginx 1.7.12 07 Apr 2015
*) Feature: now the "tcp_nodelay" directive works with backend SSL
connections.
*) Feature: now thread pools can be used to read cache file headers.
*) Bugfix: in the "proxy_request_buffering" directive.
*) Bugfix: a segmentation fault might occur in a worker process when
using thread pools on Linux.
*) Bugfix: in error handling when using the "ssl_stapling" directive.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.7.11 24 Mar 2015
*) Change: the "sendfile" parameter of the "aio" directive is
deprecated; now nginx automatically uses AIO to pre-load data for
sendfile if both "aio" and "sendfile" directives are used.
*) Feature: experimental thread pools support.
*) Feature: the "proxy_request_buffering", "fastcgi_request_buffering",
"scgi_request_buffering", and "uwsgi_request_buffering" directives.
*) Feature: request body filters experimental API.
*) Feature: client SSL certificates support in mail proxy.
*) Feature: startup speedup when using the "hash ... consistent"
directive in the upstream block.
*) Feature: debug logging into a cyclic memory buffer.
*) Bugfix: in hash table handling.
*) Bugfix: in the "proxy_cache_revalidate" directive.
*) Bugfix: SSL connections might hang if deferred accept or the
"proxy_protocol" parameter of the "listen" directive were used.
*) Bugfix: the $upstream_response_time variable might contain a wrong
value if the "image_filter" directive was used.
*) Bugfix: in integer overflow handling.
*) Bugfix: it was not possible to enable SSLv3 with LibreSSL.
*) Bugfix: the "ignoring stale global SSL error ... called a function
you should not call" alerts appeared in logs when using LibreSSL.
*) Bugfix: certificates specified by the "ssl_client_certificate" and
"ssl_trusted_certificate" directives were inadvertently used to
automatically construct certificate chains.
Changes with nginx 1.7.10 10 Feb 2015
*) Feature: the "use_temp_path" parameter of the "proxy_cache_path",
"fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path"
directives.
*) Feature: the $upstream_header_time variable.
*) Workaround: now on disk overflow nginx tries to write error logs once
a second only.
*) Bugfix: the "try_files" directive did not ignore normal files while
testing directories.
*) Bugfix: alerts "sendfile() failed" if the "sendfile" directive was
used on OS X; the bug had appeared in 1.7.8.
*) Bugfix: alerts "sem_post() failed" might appear in logs.
*) Bugfix: nginx could not be built with musl libc.
*) Bugfix: nginx could not be built on Tru64 UNIX.
Changes with nginx 1.7.9 23 Dec 2014
*) Feature: variables support in the "proxy_cache", "fastcgi_cache",
"scgi_cache", and "uwsgi_cache" directives.
*) Feature: variables support in the "expires" directive.
*) Feature: loading of secret keys from hardware tokens with OpenSSL
engines.
*) Feature: the "autoindex_format" directive.
*) Bugfix: cache revalidation is now only used for responses with 200
and 206 status codes.
*) Bugfix: the "TE" client request header line was passed to backends
while proxying.
*) Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and
"uwsgi_pass" directives might not work correctly inside the "if" and
"limit_except" blocks.
*) Bugfix: the "proxy_store" directive with the "on" parameter was
ignored if the "proxy_store" directive with an explicitly specified
file path was used on a previous level.
*) Bugfix: nginx could not be built with BoringSSL.
Changes with nginx 1.7.8 02 Dec 2014
*) Change: now the "If-Modified-Since", "If-Range", etc. client request
header lines are passed to a backend while caching if nginx knows in
advance that the response will not be cached (e.g., when using
proxy_cache_min_uses).
*) Change: now after proxy_cache_lock_timeout nginx sends a request to a
backend with caching disabled; the new directives
"proxy_cache_lock_age", "fastcgi_cache_lock_age",
"scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time
after which the lock will be released and another attempt to cache a
response will be made.
*) Change: the "log_format" directive can now be used only at http
level.
*) Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key",
"proxy_ssl_password_file", "uwsgi_ssl_certificate",
"uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file"
directives.
*) Feature: it is now possible to switch to a named location using
"X-Accel-Redirect".
*) Feature: now the "tcp_nodelay" directive works with SPDY connections.
*) Feature: new directives in vim syntax highliting scripts.
*) Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control"
backend response header line.
*) Bugfix: in the ngx_http_spdy_module.
*) Bugfix: in the "ssl_password_file" directive when using OpenSSL
0.9.8zc, 1.0.0o, 1.0.1j.
*) Bugfix: alerts "header already sent" appeared in logs if the
"post_action" directive was used; the bug had appeared in 1.5.4.
*) Bugfix: alerts "the http output chain is empty" might appear in logs
if the "postpone_output 0" directive was used with SSI includes.
*) Bugfix: in the "proxy_cache_lock" directive with SSI subrequests.
Changes with nginx 1.7.7 28 Oct 2014
*) Change: now nginx takes into account the "Vary" header line in a
backend response while caching.
*) Feature: the "proxy_force_ranges", "fastcgi_force_ranges",
"scgi_force_ranges", and "uwsgi_force_ranges" directives.
*) Feature: the "proxy_limit_rate", "fastcgi_limit_rate",
"scgi_limit_rate", and "uwsgi_limit_rate" directives.
*) Feature: the "Vary" parameter of the "proxy_ignore_headers",
"fastcgi_ignore_headers", "scgi_ignore_headers", and
"uwsgi_ignore_headers" directives.
*) Bugfix: the last part of a response received from a backend with
unbufferred proxy might not be sent to a client if "gzip" or "gunzip"
directives were used.
*) Bugfix: in the "proxy_cache_revalidate" directive.
*) Bugfix: in error handling.
*) Bugfix: in the "proxy_next_upstream_tries" and
"proxy_next_upstream_timeout" directives.
*) Bugfix: nginx/Windows could not be built with MinGW-w64 gcc.
Changes with nginx 1.7.6 30 Sep 2014
*) Change: the deprecated "limit_zone" directive is not supported
anymore.
*) Feature: the "limit_conn_zone" and "limit_req_zone" directives now
can be used with combinations of multiple variables.
*) Bugfix: request body might be transmitted incorrectly when retrying a
FastCGI request to the next upstream server.
*) Bugfix: in logging to syslog.
Changes with nginx 1.7.5 16 Sep 2014
*) Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple "server" blocks (CVE-2014-3616).
*) Change: now the "stub_status" directive does not require a parameter.
*) Feature: the "always" parameter of the "add_header" directive.
*) Feature: the "proxy_next_upstream_tries",
"proxy_next_upstream_timeout", "fastcgi_next_upstream_tries",
"fastcgi_next_upstream_timeout", "memcached_next_upstream_tries",
"memcached_next_upstream_timeout", "scgi_next_upstream_tries",
"scgi_next_upstream_timeout", "uwsgi_next_upstream_tries", and
"uwsgi_next_upstream_timeout" directives.
*) Bugfix: in the "if" parameter of the "access_log" directive.
*) Bugfix: in the ngx_http_perl_module.
*) Bugfix: the "listen" directive of the mail proxy module did not allow
to specify more than two parameters.
*) Bugfix: the "sub_filter" directive did not work with a string to
replace consisting of a single character.
*) Bugfix: requests might hang if resolver was used and a timeout
occurred during a DNS request.
*) Bugfix: in the ngx_http_spdy_module when using with AIO.
*) Bugfix: a segmentation fault might occur in a worker process if the
"set" directive was used to change the "$http_...", "$sent_http_...",
or "$upstream_http_..." variables.
*) Bugfix: in memory allocation error handling.
Changes with nginx 1.7.4 05 Aug 2014
*) Security: pipelined commands were not discarded after STARTTLS
command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
*) Change: URI escaping now uses uppercase hexadecimal digits.
*) Feature: now nginx can be build with BoringSSL and LibreSSL.
*) Bugfix: requests might hang if resolver was used and a DNS server
returned a malformed response; the bug had appeared in 1.5.8.
*) Bugfix: in the ngx_http_spdy_module.
*) Bugfix: the $uri variable might contain garbage when returning errors
with code 400.
*) Bugfix: in error handling in the "proxy_store" directive and the
ngx_http_dav_module.
*) Bugfix: a segmentation fault might occur if logging of errors to
syslog was used; the bug had appeared in 1.7.1.
*) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and
$geoip_area_code variables might not work.
*) Bugfix: in memory allocation error handling.
Changes with nginx 1.7.3 08 Jul 2014
*) Feature: weak entity tags are now preserved on response
modifications, and strong ones are changed to weak.
*) Feature: cache revalidation now uses If-None-Match header if
possible.
*) Feature: the "ssl_password_file" directive.
*) Bugfix: the If-None-Match request header line was ignored if there
was no Last-Modified header in a response returned from cache.
*) Bugfix: "peer closed connection in SSL handshake" messages were
logged at "info" level instead of "error" while connecting to
backends.
*) Bugfix: in the ngx_http_dav_module module in nginx/Windows.
*) Bugfix: SPDY connections might be closed prematurely if caching was
used.
Changes with nginx 1.7.2 17 Jun 2014
*) Feature: the "hash" directive inside the "upstream" block.
*) Feature: defragmentation of free shared memory blocks.
*) Bugfix: a segmentation fault might occur in a worker process if the
default value of the "access_log" directive was used; the bug had
appeared in 1.7.0.
*) Bugfix: trailing slash was mistakenly removed from the last parameter
of the "try_files" directive.
*) Bugfix: nginx could not be built on OS X in some cases.
*) Bugfix: in the ngx_http_spdy_module.
Changes with nginx 1.7.1 27 May 2014
*) Feature: the "$upstream_cookie_..." variables.
*) Feature: the $ssl_client_fingerprint variable.
*) Feature: the "error_log" and "access_log" directives now support
logging to syslog.
*) Feature: the mail proxy now logs client port on connect.
*) Bugfix: memory leak if the "ssl_stapling" directive was used.
*) Bugfix: the "alias" directive used inside a location given by a
regular expression worked incorrectly if the "if" or "limit_except"
directives were used.
*) Bugfix: the "charset" directive did not set a charset to encoded
backend responses.
*) Bugfix: a "proxy_pass" directive without URI part might use original
request after the $args variable was set.
*) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug
had appeared in 1.5.6.
*) Bugfix: if sub_filter and SSI were used together, then responses
might be transferred incorrectly.
*) Bugfix: nginx could not be built with the --with-file-aio option on
Linux/aarch64.
Changes with nginx 1.7.0 24 Apr 2014
*) Feature: backend SSL certificate verification.
*) Feature: support for SNI while working with SSL backends.
*) Feature: the $ssl_server_name variable.
*) Feature: the "if" parameter of the "access_log" directive.
Changelog:
Version 8.0.4 June 9th 2015
occ can now optionally run the update routines without disabling all third party apps
Database handling changes which should improve performance on big systems
better support for very old cURL versions (for QNAP users)
Extended X-Accel-Redirect functionality in nginx
Added work-around for file transfers on 32bit systems
Improved quota calculation
Many fixes and improvements to sharing
Several fixes to upgrade process
Fix deleted folders on client not showing up in trash
fix inability to delete files when quota is 0
Change WebDAV error to 500 instead of 403 on denying overwrite of read-only file
Fixed enforcing expiration date
Fix to Provisioning API
Fixing shared document editing by shared LDAP users
IE 8/9 fixes
Several smaller fixes
* Fix CVE-2015-3225.
* Only count files (not all form elements) against the Multipart File Limit.
* Work around a Rails incompatibility in our private API
Drupal 7.38, 2015-06-17
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-002.
Drupal 7.37, 2015-05-07
-----------------------
- Fixed a regression in Drupal 7.36 which caused certain kinds of content types
to become disabled if they were defined by a no-longer-enabled module.
- Removed a confusing description regarding automatic time zone detection from
the user account form (minor UI and data structure change).
- Allowed custom HTML tags with a dash in the name to pass through filter_xss()
when specified in the list of allowed tags.
- Allowed hook_field_schema() implementations to specify indexes for fields
based on a fixed-length column prefix (rather than the entire column), as was
already allowed in hook_schema() implementations.
- Fixed PDO exceptions on PostgreSQL when accessing invalid entity URLs.
- Added a sites/all/libraries folder to the codebase, with instructions for
using it.
- Added a description to the "Administer text formats and filters" permission
on the Permissions page (string change).
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
Drupal 7.36, 2015-04-01
-----------------------
- Added a 'file_public_schema' variable which allows modules that define
publicly-accessible streams in hook_stream_wrappers() to bypass file download
access checks when processing managed file upload fields.
- Fixed a bug that caused database query tags not to be added to search-related
database queries under many circumstances, and which prevented the
corresponding hook_query_TAG_alter() implementations from being called.
- Fixed the "for" attribute on managed file upload field labels to improve
accessibility (minor markup change).
- Added a 'javascript_always_use_jquery' variable which can be set to FALSE by
sites that may not need jQuery loaded on all pages, and a 'requires_jquery'
option to drupal_add_js() which modules can set to FALSE when adding
JavaScript files that have no dependency on jQuery (API addition:
https://www.drupal.org/node/2462717).
- Fixed incorrect foreign keys in the User module's role_permission and
users_roles database tables.
- Changed permission descriptions throughout Drupal core to consistently link
to relevant administrative pages, regardless of whether the user viewing the
Permissions page can view the page being linked to (minor UI change).
- Fixed the drupal_add_region_content() function so that it actually adds
content to the page.
- Added an 'image_suppress_itok_output' variable to allow sites already using
the existing 'image_allow_insecure_derivatives' variable to also prevent
security tokens from appearing in image derivative URLs.
- Fixed double-escaping of theme names in the Block module administrative
interface (minor string change).
- Added basic support for Xdebug when running automated tests.
- Fixed a bug which caused previewing a node to remove elements from the node
being edited. With this fix, calling node_preview() will no longer modify the
passed-in node object (minor API change).
- Added a user_has_role() function to check whether a user has a particular
role (API addition: https://www.drupal.org/node/2462411).
- Fixed installation failures when an opcode cache is enabled.
- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused private
files to be inaccessible.
- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused user
pictures to be lost.
- Fixed missing language code in hook_field_attach_view_alter() when it is
invoked from field_view_field().
- Stopped sending ETag and Last-Modified headers for uncached page requests,
since they break caching for certain Varnish and Nginx configurations.
- Changed the Simpletest module to allow PSR-4 test classes to be used in
Drupal 7.
- Fixed a fatal error that occurred when using the Comment module's "Unpublish
comment containing keyword(s)" action.
- Changed the "lang" attribute on language links to "xml:lang" so it validates
as XHTML (minor markup change).
- Prevented the form API from allowing arrays to be submitted for various form
elements, such as textfields, textareas, and password fields (API change:
https://www.drupal.org/node/2462723).
- Fixed a bug in the Contact module which caused the global user object to have
the incorrect name and e-mail address during the remainder of the page
request after the contact form is submitted.
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
after building libANGLE.la.
This package is a fairly enormous build, and the build sequence changes after
resuming a partial build, so it'd be a big and unrewarding project to peg down
exactly what the failure is.
Nonetheless, bumping gmake to 4.1 seems to be a complete and well-indicated
workaround, with 100% successful builds (of several) under gmake-4.1 -j3 and
0% successful builds (of several) under gmake-3.81 -j3.
available under the native compiler, so possibly upgrade the compiler
used by dependent packages too.
Fixes, for example, building epiphany on a Linux box with native GCC 4.6.1.
* inline: change default sort order from age to "age title" for
determinism, partially fixing deterministic build for git-annex,
ikiwiki-hosting etc. (Closes: #785757)
* img: avoid ImageMagick misinterpreting filenames containing a colon
* img test: set old timestamp on source file that will change, so that
the test will pass even if it takes less than 1 second
0.3.2
Changes
* Bug fix: "clamd_get_versions: parse error ..."
* Bug fix: Bug 66: decoding deflate encoded files produces huge files
0.3.1
New features
* The virus engines now loaded as external modules to c-icap. Currently the
"clamd" which uses clamd daemon and "clamav" which uses the libclamav,
engines are provided
0.2.5
* virus_scan viralator mode fixes
0.3.5
Changes
* Bug fix: Wrong status code for REQMOD requests without preview
* Bug fix: Spaces on header may result to bad request error
* Bug fix: cache drops non expired items
* Add the "DefaultService" configuration parameter. For use with buggy clients
which are not include icap service name in urls.
* Add support for ICAP requests pipelining
* Add the "SupportBuggyClients" configuration parameter. If enabled c-icap
tries to handle buggy ICAP clients which are not include correct delimiters
between HTTP and ICAP headers.
Other minor fixes
0.3.4
Changes
* Berkeley databases may have problems when newer Berkeley DB library used
hash_table, always uses a very small hash table resulting to slow search
operations
* c-icap crashes when trying to parse lookup table parameters
* local cache items are never expired. Affects dnsbl and ldap lookup tables
* posix interprocess locking does not work
Other minor fixes
0.3.3
Changes
* bug 67: "Bug in the service. Please report to the service author..."
* Bug fix: ci_format_text function may exceeds the buffer
Other minor fixes
0.3.2
Changes
* Bug fix: Restrict permissions on c-icap.ctl
* Author: Mathieu Parent sathieu@debian.org
* Bug-Debian: http://bugs.debian.org/645122
* Bug fix: Correctly daemonize
* Author: Mathieu Parent sathieu@debian.org
* Bug-Debian: http://bugs.debian.org/645310
0.3.1
For installation instructions:
* https://sourceforge.net/apps/trac/c-icap/wiki/configcicap
* https://sourceforge.net/apps/trac/c-icap/wiki
Changes
* New interfaces added to help service developers.
0.2.6
Bugs fixes
* The c-icap does not build correctly in some platforms
* The c-icap-client does not display ICAP headers on 204 preview response
* The xheaders are not displayed when %<ih fmt code used
* Fix deadlocks in access log subsystem
- Avoid a corner case segfault when no search URL is found in dillorc.
- Fix linking problem with fltk-1.3.3 and fl_oldfocus.
- Don't follow redirections or meta refresh in --local mode.
- Don't load background images in --local mode.
- Make sure window is resizable with fltk-1.3.3.
- Remove Fl_Printer stub that always gave problems compiling under OSX.
Upstream changes:
1.3136 2015-05-24
[DOCUMENTATION]
- Remove mention of format 'with_id' from Dancer::Logger::Abstract.
(GH#112, Fabrice Gabolde)
[ENHANCEMENTS]
- Cache sessions such that they are only retrieved once per request.
(GH#1105, GH#992, Yanick Champoux)
pkgsrc change: remove RUBY_VERSION_SUPPORTED since it has default value.
## 1.2.2
- fix handshake for draft 11+ sending Sec-WebSocket-Origin instead of Origin
pkgsrc change: add support for pkg_alternatives.
unicorn 4.9.0 - TempfileReaper support in Rack 1.6
This release supports the Rack::TempfileReaper middleware found
in rack 1.6 for cleaning up disk space used by temporary files.
We also use Rack::TempfileReaper for cleaning up large temporary
files buffered with TeeInput. Users on rack 1.5 and earlier
will see no changes.
There's also a bunch of documentation/build system improvements.
This is likely to be the last Ruby 1.8-compatible release,
unicorn 5.x will require 1.9.3 or later as well as dropping lots
of cruft (the stupid "Status:" header in responses being the
most notable).
21 changes backported from master:
ISSUES: update with mailing list subscription
FAQ: add entry for Rails autoflush_log
dev: remove isolate dependency
unicorn.gemspec: depend on test-unit 3.0
remove RubyForge and Freecode references
remove mongrel.rubyforge.org references
examples: add run_once to before_fork hook example
t/t0002-parser-error.sh: relax test for rack 1.6.0
switch docs + website to olddoc
README: clarify/reduce references to unicorn_rails
gemspec: fixup olddoc migration
GNUmakefile: fix clean gem build + reduce build cruft
doc: update support status for Ruby versions
fix uninstalled testing and reduce require paths
test_socket_helper: do not depend on SO_REUSEPORT
ISSUES: add section for bugs in other projects
explain 11 byte magic number for self-pipe
Links: mark Rainbows! as historical, reference yahns
doc: document UNICORN_FD in manpage
tee_input: support for Rack::TempfileReaper middleware
support TempfileReaper in deployment and development envs
= 1.4.6 / 2015-03-2x
* Improve tests and documentation. (Dar«¿o Here«Ð«â, Seiichi Yonezawa, kyoendo,
John Voloski, Ferenc-, Renaud Martinet, Christian Haase, marocchino,
huoxito, Damir Svrtan, Amaury Medeiros, Jeremy Evans, Kashyap, shenqihui,
Ausmarton Fernandes, kami, Vipul A M, Lei Wu, 7stud, Taylor Shuler,
namusyaka, burningTyger, Cornelius Bock, detomastah, hakeda, John Hope,
Ruben Gonzalez, Andrey Deryabin, attilaolah, Anton Davydov, Nikita Penzin,
Dyego Costa)
* Remove duplicate require of sinatra/base. (Alexey Muranov)
* Escape HTML in 404 error page. (Andy Brody)
* Refactor to method call in `Stream#close` and `#callback`. (Damir Svrtan)
* Depend on latest version of Slim. (Damir Svrtan)
* Fix compatibility with Tilt version 2. (Yegor Timoschenko)
* Fix compatibility issue with Rack `pretty` method from ShowExceptions.
(Kashyap)
* Show date in local time in exception messages. (tayler1)
* Fix logo on error pages when using Ruby 1.8. (Jeremy Evans)
* Upgrade test suite to Minitest version 5 and fix Ruby 2.2 compatibility.
(Vipul A M)
3.4.14 (22 May 2015)
* Further avoid race conditions when caching.
* Only emit one warning for each line that uses the deprecated form of
unquote().
* Stop parsing and emitting invalid @supports directives.
* Add a deprecation warning for using != to compare a number with units to a
number without. Such a warning already existed for ==.
* Improve rounding of the results of color operations.
=== 2.11.3 / 2015-05-18
* 5 bug fixes:
* Be sure to unlink tempfiles after a request. Fixes#690
* Coerce the key to a string before checking. (thar be symbols). Fixes#684
* Fix hang on bad SSL handshake
* Remove `enable_SSLv3` support from JRuby
* 1 PR merged:
* Merge pull request #698 from looker/hang-handshake
=== 2.11.2 / 2015-04-11
* 2 minor features:
* Add `on_worker_fork` hook, which allows to mimic Unicorn's behavior
* Add shutdown_debug config option
* 4 bug fixes:
* Fix the Config constants not being available in the DSL. Fixes#683
* Ignore multiple port declarations
* Proper 'Connection' header handling compatible with HTTP 1.[01] protocols
* Use "Puma" instead of "puma" to reporting to New Relic
* 1 doc fixes:
* Add Gitter badge.
* 6 PRs merged:
* Merge pull request #657 from schneems/schneems/puma-once-port
* Merge pull request #658 from Tomohiro/newrelic-dispatcher-default-update
* Merge pull request #662 from basecrm/connection-compatibility
* Merge pull request #664 from fxposter/on-worker-fork
* Merge pull request #667 from JuanitoFatas/doc/gemspec
* Merge pull request #672 from chulkilee/refactor
[ Joey Hess ]
* New emailauth plugin lets users log in, without any registration,
by simply clicking on a link in an email.
* Re-remove google from openid selector; their openid provider is
gone for good.
* Make the openid selector display "Password" instead of "Other"
when appropriate, so users are more likely to click on it when
they don't have an openid.
* Converted openid-selector into a more generic loginselector helper
plugin.
* passwordauth: Don't allow registering accounts that look like openids.
* Make cgiurl output deterministic, not hash order. Closes: #785738
Thanks, Daniel Kahn Gillmor
[ Simon McVittie ]
* Do not enable emailauth by default, to avoid surprises on httpauth-only
sites. Enable it by default in openid instead, since it is essentially
a replacement for OpenIDs.
* Make the attachment plugin work with CGI.pm 4.x (Closes: #786586;
workaround for #786587 in libcgi-pm-perl)
* Add a public-domain email icon from tango-icon-theme
* Populate pagectime from either mtime or inode change time,
whichever is older, again for more reproducible builds
* debian: build the docwiki with LC_ALL=C.UTF-8 and TZ=UTC
* debian/copyright: consolidate permissive licenses
* debian/copyright: turn comments on provenance into Comment
* brokenlinks: sort the pages that link to the missing page, for
better reproducibility
* Add [[!meta date]] to news items and tips, since the git checkout
and build process can leave the checkout date in the tarball
release, leading to unstable sorting
* Sort backlinks deterministically, by falling back to sorting by href
if the link text is identical
* Add a $config{deterministic} option and use it for the docwiki
* haiku: if deterministic build is requested, return a hard-coded haiku
* polygen: if deterministic build is requested, use a well-known random seed
The TYPO3 community announces the release of TYPO3 CMS version 6.2.13
LTS, which is now ready for you to download.
This version is a maintenance release and contains bug fixes as well as
various improvements for the day-to-day administration of a TYPO3
website (Extension Manager and management of reference index).
PHP 5.6 support
- ---------------
Although the TYPO3 CMS Team aims at eventually supporting PHP 5.6 with
TYPO3 6.2 LTS, we are aware of some in-depth issues. As such, we
highly recommend to keep PHP 5.3 - 5.5 when running TYPO3 6.2 LTS for
the time being. Hopefully this should be fixed with the next release.
Image handling
- --------------
The base data used for the checksum calculation of processed files
have been changed. This should be transparent for you unless you are
having a large installation. In such case, we enjoin you to read the
details about this release (link below) and to make use of the
dedicated upgrade wizard.
Bugs Fixed
1. If the WSGI application when run under daemon mode returned response content as many small blocks, this could result in excessive memory usage in the Apache child worker process proxying the request due to many buckets being buffered until the buffer size threshold was reached. If the number of buckets reaches a builtin threshold the buffered data will now be forcibly flushed even if the size threshold hadn’t been reached.
${PYPKGPREFIX} to avoid such an instance. Some people will run apps with
different versions of python, so we can handle that accordingly with
ALTERNATIVES. Bump PKGREVISION.
(March 24, 2015)
Trac 1.0.5 provides several fixes. The following are some highlights:
Images are not rendered in the timeline (#10751).
Git tags are shown in the browser view (#11964).
Added support for journal_mode and synchronous pragmas in sqlite: database connection string (#11967).
Contao is an Open Source PHP Content Management System for people who want a
professional website that is easy to maintain. Visit the https://contao.org
for more information.
This is new Long Term Support release which replase existing Contao 3.2
and the last stable release from Contao 3.x series.
Please refer system/docs/CHANGELOG.md in detail.
Add missing DEPENDS
Upstream changes:
1.0036 2015-06-03 12:01:53 PDT
[BUG FIXES]
- Fix CGIBin test to not use CGI.pm #509
1.0035 2015-04-16 10:08:21 CEST
[BUG FIXES]
- Fixed parsing of empty query string pairs (aristotle) #500
[IMPROVEMENTS]
- Documentation updates for FCGI (otrosien) #494
- Use HTTP::Headers::Fast in Plack::Request
- Big performance optimizations on Plack::Util::header_* (aristotle) #498
- Added .webm to Plack::MIME (marlencrabapple) #503
- Use Cookie::Baker to bake cookies in Plack::Response (oalders)
- reduced the size of distribution by making binary files smaller
Changes to GoAccess 0.9.1 - Tuesday, May 26, 2015
* Added additional Nginx-specific status codes.
* Added Applebot to the list of web crawlers.
* Added Microsoft Edge to the list of browsers.
* Added the ability to highlight active panel through --hl-header.
* Ensure dump_struct is used only if using __GLIBC__.
* Ensure goaccess image has an alt attribute on the HTML output for valid HTML5.
* Ensure the config file path is displayed when something goes wrong (FATAL).
* Ensure there is a character indicator to see which panel is active.
* Fixed Cygwin compile issue attempting to use -rdynamic.
* Fixed issue where a single IP did not get excluded after an IP range.
* Fixed issue where requests show up in the wrong view even when --no-query-string is used.
* Fixed issue where some browsers were not recognized or marked as 'unknown'.
* Fixed memory leak when excluding an IP range.
* Fixed overflows on sort comparison functions.
* Fixed segfault when using on-disk storage and loading persisted data with -a.
* Removed keyphrases menu item from HTML output.
* Split iOS devices from Mac OS X.
Changes to GoAccess 0.9 - Thursday, March 19, 2015
* Added ability to double decode an HTTP referer and agent.
* Added ability to sort views through the command line on initial load.
* Added additional data values to the backtrace report.
* Added additional graph to represent the visitors metric on the HTML output.
* Added AM_PROG_CC_C_O to configure.ac
* Added 'Android Lollipop' to the list of operating systems.
* Added 'average time served' metric to all panels.
* Added 'bandwidth' metric to all panels.
* Added command line option to disable summary metrics on the CSV output.
* Added numeric formatting to the HTML output to improve readability.
* Added request method specifier to the default W3C log format.
* Added support for GeoIP Country IPv6 and GeoIP City IPv6 through --geoip-database.
* Added the ability to ignore parsing and displaying given panel(s).
* Added the ability to ignore referer sites from being counted.
A good case scenario is to ignore own domains. i.e., owndomain.tld
This also allows ignoring hosts using wildcards.
For instance, *.mydomain.tld or www.mydomain.* or www?.mydomain.tld
* Added time/hour distribution module. e.g., 00-23.
* Added 'visitors' metrics to all panels.
* Added Windows 10 (v6.4) to the real windows user agents.
* Changed AC_PREREQ macro version so it builds on old versions of autoconf.
* Changed GEOIP database load to GEOIP_MEMORY_CACHE for faster lookups.
* Changed maximum number of choices to display per panel to 366 fron 300.
* Ensure config file is read from home dir if unable to open it from %sysconfdir% path.
* Fixed array overflows when exceeding MAX_* limits on command line options.
* Fixed a SEGFAULT where sscanf could not handle special chars within the referer.
* Fixed character encoding on geolocation output (ISO-8859 to UTF8).
* Fixed issue on wild cards containing '?' at the end of the string.
* Fixed issue where a 'Nothing valid to process' error was triggered when the
number of invalid hits was equal to the number of valid hits.
* Fixed issue where outputting to a file left a zero-byte file in pwd.
* Improved parsing of operating systems.
* Refactored log parser so it allows with ease the addition of new modules. This
also attempts to decouple the core functionality from the rendering functions.
It also gives the flexibility to add children metrics to root metrics for any
module. e.g., Request A was visited by IP1, IP2, IP3, etc.
* Restyled HTML output.
Changelog:
New: Keep track of articles and videos with Pocket
New: Clean formatting for articles and blog posts with Reader View
New: Share the active tab or window in a Hello conversation
Fixed: A race condition that would cause Firefox to stop painting when switching tabs (bug 1067470)
Fixed: Fixed graphics performance when using the built-in VGA driver on Windows 7 (Bug 1165732)
Changelog:
WordPress 4.2.2 Security and Maintenance Release
Posted May 7, 2015 by Samuel Sidler. Filed under Releases, Security.
WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Version 4.2.2 addresses two security issues:
The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker.
WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi.
The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. This issue was reported by Mahadev Subedi.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.2 also contains fixes for 13 bugs from 4.2. For more information, see the release notes or consult the list of changes.
Download WordPress 4.2.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.
Thanks to everyone who contributed to 4.2.2:
Aaron Jorbin, Andrew Ozz, Andrew Nacin, Boone Gorges, Dion Hulse, Ella Iseulde Van Dorpe, Gary Pendergast, Hinaloe, Jeremy Felt, John James Jacoby, Konstantin Kovshenin, Mike Adams, Nikolay Bachiyski, taka2, and willstedt.
rdPress.org
Showcase
Themes
Plugins
Mobile
Support
Get Involved
About
Blog
Hosting
Download WordPress
WordPress 4.2.2 Security and Maintenance Release
Posted May 7, 2015 by Samuel Sidler. Filed under Releases, Security.
WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Version 4.2.2 addresses two security issues:
The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker.
WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi.
The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. This issue was reported by Mahadev Subedi.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.2 also contains fixes for 13 bugs from 4.2. For more information, see the release notes or consult the list of changes.
Download WordPress 4.2.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.2.
Thanks to everyone who contributed to 4.2.2:
Aaron Jorbin, Andrew Ozz, Andrew Nacin, Boone Gorges, Dion Hulse, Ella Iseulde Van Dorpe, Gary Pendergast, Hinaloe, Jeremy Felt, John James Jacoby, Konstantin Kovshenin, Mike Adams, Nikolay Bachiyski, taka2, and willstedt.
Share this:
WordPress 4.2.1 Security Release
Posted April 27, 2015 by Gary Pendergast. Filed under Releases, Security.
WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.
WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.
For more information, see the release notes or consult the list of changes.
Download WordPress 4.2.1 or venture over to Dashboard → Updates and simply click “Update Now”.
WordPress 4.2
An easier way to share content
Extended character support
Switch themes in the Customizer
Even more embeds
Streamlined plugin updates
Under the Hood
utf8mb4 support
Database character encoding has changed from utf8 to utf8mb4, which adds support for a whole range of new 4-byte characters.
JavaScript accessibility
You can now send audible notifications to screen readers in JavaScript with wp.a11y.speak(). Pass it a string, and an update will be sent to a dedicated ARIA live notifications area.
Shared term splitting
Terms shared across multiple taxonomies will be split when one of them is updated. Find out more in the Plugin Developer Handbook.
Complex query ordering
WP_Query, WP_Comment_Query, and WP_User_Query now support complex ordering with named meta query clauses.
What's new in Tornado 4.2
=========================
May 26, 2015
------------
Backwards-compatibility notes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``SSLIOStream.connect`` and `.IOStream.start_tls` now validate certificates
by default.
* Certificate validation will now use the system CA root certificates instead
of ``certifi`` when possible (i.e. Python 2.7.9+ or 3.4+). This includes
`.IOStream` and ``simple_httpclient``, but not ``curl_httpclient``.
* The default SSL configuration has become stricter, using
`ssl.create_default_context` where available on the client side.
(On the server side, applications are encouraged to migrate from the
``ssl_options`` dict-based API to pass an `ssl.SSLContext` instead).
* The deprecated classes in the `tornado.auth` module, ``GoogleMixin``,
``FacebookMixin``, and ``FriendFeedMixin`` have been removed.
New modules: `tornado.locks` and `tornado.queues`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
These modules provide classes for coordinating coroutines, merged from
`Toro <http://toro.readthedocs.org>`_.
To port your code from Toro's queues to Tornado 4.2, import `.Queue`,
`.PriorityQueue`, or `.LifoQueue` from `tornado.queues` instead of from
``toro``.
Use `.Queue` instead of Toro's ``JoinableQueue``. In Tornado the methods
`~.Queue.join` and `~.Queue.task_done` are available on all queues, not on a
special ``JoinableQueue``.
Tornado queues raise exceptions specific to Tornado instead of reusing
exceptions from the Python standard library.
Therefore instead of catching the standard `queue.Empty` exception from
`.Queue.get_nowait`, catch the special `tornado.queues.QueueEmpty` exception,
and instead of catching the standard `queue.Full` from `.Queue.get_nowait`,
catch `tornado.queues.QueueFull`.
To port from Toro's locks to Tornado 4.2, import `.Condition`, `.Event`,
`.Semaphore`, `.BoundedSemaphore`, or `.Lock` from `tornado.locks`
instead of from ``toro``.
Toro's ``Semaphore.wait`` allowed a coroutine to wait for the semaphore to
be unlocked *without* acquiring it. This encouraged unorthodox patterns; in
Tornado, just use `~.Semaphore.acquire`.
Toro's ``Event.wait`` raised a ``Timeout`` exception after a timeout. In
Tornado, `.Event.wait` raises `tornado.gen.TimeoutError`.
Toro's ``Condition.wait`` also raised ``Timeout``, but in Tornado, the `.Future`
returned by `.Condition.wait` resolves to False after a timeout::
@gen.coroutine
def await_notification():
if not (yield condition.wait(timeout=timedelta(seconds=1))):
print('timed out')
else:
print('condition is true')
In lock and queue methods, wherever Toro accepted ``deadline`` as a keyword
argument, Tornado names the argument ``timeout`` instead.
Toro's ``AsyncResult`` is not merged into Tornado, nor its exceptions
``NotReady`` and ``AlreadySet``. Use a `.Future` instead. If you wrote code like
this::
from tornado import gen
import toro
result = toro.AsyncResult()
@gen.coroutine
def setter():
result.set(1)
@gen.coroutine
def getter():
value = yield result.get()
print(value) # Prints "1".
Then the Tornado equivalent is::
from tornado import gen
from tornado.concurrent import Future
result = Future()
@gen.coroutine
def setter():
result.set_result(1)
@gen.coroutine
def getter():
value = yield result
print(value) # Prints "1".
`tornado.autoreload`
~~~~~~~~~~~~~~~~~~~~
* Improved compatibility with Windows.
* Fixed a bug in Python 3 if a module was imported during a reload check.
`tornado.concurrent`
~~~~~~~~~~~~~~~~~~~~
* `.run_on_executor` now accepts arguments to control which attributes
it uses to find the `.IOLoop` and executor.
`tornado.curl_httpclient`
~~~~~~~~~~~~~~~~~~~~~~~~~
* Fixed a bug that would cause the client to stop processing requests
if an exception occurred in certain places while there is a queue.
`tornado.escape`
~~~~~~~~~~~~~~~~
* `.xhtml_escape` now supports numeric character references in hex
format (`` ``)
`tornado.gen`
~~~~~~~~~~~~~
* `.WaitIterator` no longer uses weak references, which fixes several
garbage-collection-related bugs.
* `tornado.gen.Multi` and `tornado.gen.multi_future` (which are used when
yielding a list or dict in a coroutine) now log any exceptions after the
first if more than one `.Future` fails (previously they would be logged
when the `.Future` was garbage-collected, but this is more reliable).
Both have a new keyword argument ``quiet_exceptions`` to suppress
logging of certain exception types; to use this argument you must
call ``Multi`` or ``multi_future`` directly instead of simply yielding
a list.
* `.multi_future` now works when given multiple copies of the same `.Future`.
* On Python 3, catching an exception in a coroutine no longer leads to
leaks via ``Exception.__context__``.
`tornado.httpclient`
~~~~~~~~~~~~~~~~~~~~
* The ``raise_error`` argument now works correctly with the synchronous
`.HTTPClient`.
* The synchronous `.HTTPClient` no longer interferes with `.IOLoop.current()`.
`tornado.httpserver`
~~~~~~~~~~~~~~~~~~~~
* `.HTTPServer` is now a subclass of `tornado.util.Configurable`.
`tornado.httputil`
~~~~~~~~~~~~~~~~~~
* `.HTTPHeaders` can now be copied with `copy.copy` and `copy.deepcopy`.
`tornado.ioloop`
~~~~~~~~~~~~~~~~
* The `.IOLoop` constructor now has a ``make_current`` keyword argument
to control whether the new `.IOLoop` becomes `.IOLoop.current()`.
* Third-party implementations of `.IOLoop` should accept ``**kwargs``
in their `~.IOLoop.initialize` methods and pass them to the superclass
implementation.
* `.PeriodicCallback` is now more efficient when the clock jumps forward
by a large amount.
`tornado.iostream`
~~~~~~~~~~~~~~~~~~
* ``SSLIOStream.connect`` and `.IOStream.start_tls` now validate certificates
by default.
* New method `.SSLIOStream.wait_for_handshake` allows server-side applications
to wait for the handshake to complete in order to verify client certificates
or use NPN/ALPN.
* The `.Future` returned by ``SSLIOStream.connect`` now resolves after the
handshake is complete instead of as soon as the TCP connection is
established.
* Reduced logging of SSL errors.
* `.BaseIOStream.read_until_close` now works correctly when a
``streaming_callback`` is given but ``callback`` is None (i.e. when
it returns a `.Future`)
`tornado.locale`
~~~~~~~~~~~~~~~~
* New method `.GettextLocale.pgettext` allows additional context to be
supplied for gettext translations.
`tornado.log`
~~~~~~~~~~~~~
* `.define_logging_options` now works correctly when given a non-default
``options`` object.
`tornado.process`
~~~~~~~~~~~~~~~~~
* New method `.Subprocess.wait_for_exit` is a coroutine-friendly
version of `.Subprocess.set_exit_callback`.
`tornado.simple_httpclient`
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Improved performance on Python 3 by reusing a single `ssl.SSLContext`.
* New constructor argument ``max_body_size`` controls the maximum response
size the client is willing to accept. It may be bigger than
``max_buffer_size`` if ``streaming_callback`` is used.
`tornado.tcpserver`
~~~~~~~~~~~~~~~~~~~
* `.TCPServer.handle_stream` may be a coroutine (so that any exceptions
it raises will be logged).
`tornado.util`
~~~~~~~~~~~~~~
* `.import_object` now supports unicode strings on Python 2.
* `.Configurable.initialize` now supports positional arguments.
`tornado.web`
~~~~~~~~~~~~~
* Key versioning support for cookie signing. ``cookie_secret`` application
setting can now contain a dict of valid keys with version as key. The
current signing key then must be specified via ``key_version`` setting.
* Parsing of the ``If-None-Match`` header now follows the RFC and supports
weak validators.
* Passing ``secure=False`` or ``httponly=False`` to
`.RequestHandler.set_cookie` now works as expected (previously only the
presence of the argument was considered and its value was ignored).
* `.RequestHandler.get_arguments` now requires that its ``strip`` argument
be of type bool. This helps prevent errors caused by the slightly dissimilar
interfaces between the singular and plural methods.
* Errors raised in ``_handle_request_exception`` are now logged more reliably.
* `.RequestHandler.redirect` now works correctly when called from a handler
whose path begins with two slashes.
* Passing messages containing ``%`` characters to `tornado.web.HTTPError`
no longer causes broken error messages.
`tornado.websocket`
~~~~~~~~~~~~~~~~~~~
* The ``on_close`` method will no longer be called more than once.
* When the other side closes a connection, we now echo the received close
code back instead of sending an empty close frame.
4.20 2015-05-29
[ RELEASE NOTES ]
- CGI.pm is now considered "done". See also "mature" and "legacy"
Features requests and none critical issues will be outright rejected.
The module is now in maintenance mode for critical issues only.
- This release removes the AUTOLOAD and compile optimisations from CGI.pm
that were introduced into CGI.pm twenty (20) years ago as a response to
its large size, which meant there was a significant compile time penalty.
- This optimisation is no longer relevant and makes the code difficult to
deal with as well as making test coverage metrics incorrect. Benchmarks
show that advantages of AUTOLOAD / lazy loading / deferred compile are
less than 0.05s, which will be dwarfed by just about any meaningful code
in a cgi script. If this is an issue for you then you should look at
running CGI.pm in a persistent environment (FCGI, etc)
- To offset some of the time added by removing the AUTOLOAD functionality
the dependencies have been made runtime rather than compile time. The
POD has also been split into its own file. CGI.pm now contains around
4000 lines of code, which compared to some modules on CPAN isn't really
that much
- This essentially deprecates the -compile pragma and ->compile method. The
-compile pragma will no longer do anything, whereas the ->compile method
will raise a deprecation warning. More importantly this also REMOVES the
-any pragma because as per the documentation this pragma needed to be
"used with care or not at all" and allowing arbitrary HTML tags is almost
certainly a bad idea. If you are using the -any pragma and using arbitrary
tags (or have typo's in your code) your code will *BREAK*
- Although this release should be back compatible (with the exception of any
code using the -any pragma) you are encouraged to test it throughly as if
you are doing anything out of the ordinary with CGI.pm (i.e. have bugs
that may have been masked by the AUTOLOAD feature) you may see some issues.
- References: GH #162, GH #137, GH #164
[ SPEC / BUG FIXES ]
- make the list context warning in param show the filename rather than
the package so we have more information on exactly where the warning
has been raised from (GH #171)
- correct self_url when PATH_INFO and SCRIPT_NAME are the same but we
are not running under IIS (GH #176)
- Add the multi_param method to :cgi export (thanks to xblitz for the patch
and tests. GH #167)
- Fix warning for lack of HTTP_USER_AGENT in CGI::Carp (GH #168)
- Fix imports when called from CGI::Fast, restores the import of CGI functions
into the callers namespace for users of CGI::Fast (GH leejo/cgi-fast#11 and
GH leejo/cgi-fast#12)
[ FEATURES ]
- CGI::Carp now has $CGI::Carp::FULL_PATH for displaying the full path to the
offending script in error messages
- CGI now has env_query_string() for getting the value of QUERY_STRING from
the environment and not that fiddled with by CGI.pm (which is what
query_string() does) (GH #161)
- CGI::ENCODE_ENTITIES var added to control which chracters are encoded by
the call to the HTML::Entities module - defaults to &<>"' (GH #157 - the
\x8b and \x9b chars have been removed from this list as we are concerned
more about unicode compat these days than old browser support.)
[ DOCUMENTATION ]
- Fix some typos (GH #173, GH #174)
- All *documentation* for HTML functionality in CGI has been moved into
its own namespace: CGI::HTML::Functions - although the functionality
continues to exist within CGI.pm so there are no code changes required
(GH #142)
- Add missing documentation for env variable fetching routines (GH #163)
[ TESTING ]
- Increase test coverage (GH #3)
[ INTERNALS ]
- Cwd made a TEST_REQUIRES rather than a BUILD_REQUIRES in Makefile.PL
(GH #170)
- AutoloadClass variables have been removed as AUTOLOAD was removed in
v4.14 so these are no longer necessary (GH #172 thanks to alexmv)
- Remove dependency on constant - internal DEBUG, XHTML_DTD and EBCDIC
constants changes to $_DEBUG, $_XHTML_DTD, and $_EBCDIC
* Update MESSAGES.
Changelog:
5.7.4.2
Behavioral Improvements
Saving only a custom template on a block will no longer wrap that block in a custom design DIV. Better saving and resetting of custom designs on blocks and areas.
Topics improvements: topics can now be created below other topics; the only different between topic categories and topics is that categories cannot be assigned to objects, only topics can.
We now include the page ID in the attributes dialog and panel.
Feature block now contains an instance of the rich text editor (thanks MrKarlDilkington)
Improvements to new update functionality when site can't connect to concrete5.org
Improvements to new update functionality to make it more resilient with failures, but error messaging.
Adding attributes to a page will ask for it be checked back/approved when clicking the green icon.
Theme name and description can now be translated (thanks mlocati)
Added an error notice when deleting a page type that’s in use in your site.
Bug Fixes
Some servers would redirect infinitely when activating a theme or attempting to logout. This has been fixed.
Fix bug with multiple redactor instances on the same page and in the same composer window causing problems.
Better rendering of empty areas in Firefox (thanks JeramyNS)
Fixed problems with “concrete.seo.trailing_slash” set to true leading to an inability to login, other problems.
Attributes that had already been filled out were being shown as still required in page check-in panel.
Fixed bug where full URLs were incorrectly parsed if asset caching was enabled (thanks mlocati)
Fix download file script leading to 404 errors after you go to the dashboard and hit the back button
Fixed https://www.concrete5.org/developers/bugs/5-7-4-1/dont-allow-to-create-file-sets-with-names-containing-forbidden-c/
Fix https://www.concrete5.org/developers/bugs/5-7-4-1/cant-replace-a-file-with-one-in-the-incoming-directory/
Fix XSS in conversation author object; fix author name not showing if a user didn't put in a website (thanks jaromirdalecky)
Searching files, pages and users by topics now works in the dashboard
Picture tag now properly inserted by Redactor when working with themes that use responsive images.
Fixed z-index of message author and status in conversations dashboard page.
Developer Updates
API improvements to the RedactorEditor class.
And many improvements and bugfixes including security bugfixes.
Version 8.0.3 May 1st 2015
Fix several Constrain Violation Exceptions
Fix misleading Maintenance mode message
Timezone fixes for countries with 0.5 and 0.75 offsets
Fix usage of default share folder location
Reenable trashbin after failed rename
Fix disabling of APCu
Do not show update notification on mobile
Fix "Only variables should be passed by reference" error log spam
Add timeout to curl
Makes repair errors and warnings visible for the user when upgrading on the command line or in the web UI
Cron shall not operate in case we are in maintenance mode
Disable the cache updater when doing the encryption migration
Fix "Error while updating app" error
Internal Server Error after attempting to do "occ files:scan"
Several smaller fixes
WebKitGTK+ 2.4.9 released!
This is a bug fix release in the stable 2.4 series.
What’s new in the WebKitGTK+ 2.4.9 release?
o Check TLS errors as soon as they are set in the SoupMessage to prevent any
data from being sent to the server in case of invalid certificate.
o Clear the GObject DOM bindings internal cache when frames are destroyed or web
view contents are updated.
o Add HighDPI support for non-accelerated compositing contents.
o Fix some transfer annotations used in GObject DOM bindings.
o Use latin1 instead of UTF-8 for HTTP header values.
o Fix synchronous loads when maximum connection limits are reached.
o Fix a crash ScrollView::contentsToWindow() when GtkPluginWidget doesn’t have a
parent.
o Fix a memory leak in webkit_web_policy_decision_new.
o Fix g_closure_unref runtime warning.
o Fix a crash due to empty drag image during drag and drop.
o Fix rendering of scrollbars with GTK+ >= 3.16.
o Fix the build on mingw32/msys.
o Fix the build with WebKit2 disabled.
o Fix the build with accelerated compositing disabled.
o Fix clang version check in configure.
o Fix the build with recent versions of GLib that have GMutexLocker.
o Fix the build for Linux/MIPS64EL.
Upstream changes:
== MediaWiki 1.25.1 ==
This is a bug fix release of the MediaWiki 1.25 branch.
== Changes since 1.25.1 ==
* (T100351) Fix syntax errors in extension.json of ConfirmEdit extension
== MediaWiki 1.25 ==
=== Configuration changes in 1.25 ===
* $wgPageShowWatchingUsers was removed.
* $wgLocalVirtualHosts has been added to replace $wgConf->localVHosts.
* $wgAntiLockFlags was removed.
* $wgJavaScriptTestConfig was removed.
* Edit tokens returned from User::getEditToken may change on every call. Token
validity must be checked by passing the user-supplied token to
User::matchEditToken rather than by testing for equality with a
newly-generated token.
* (T74951) The UserGetLanguageObject hook may be passed any IContextSource
for its $context parameter. Formerly it was documented as receiving a
RequestContext specifically.
* Profiling was restructured and $wgProfiler now requires an 'output' parameter.
See StartProfiler.sample for details.
* $wgMangleFlashPolicy was added to make MediaWiki's mangling of anything that
might be a flash policy directive configurable.
* ApiOpenSearch now supports XML output. The OpenSearchXml extension should no
longer be used. If extracts and page images are desired, the TextExtracts and
PageImages extensions are required.
* $wgOpenSearchTemplate is deprecated in favor of $wgOpenSearchTemplates.
* Edits are now prepared via AJAX as users type edit summaries. This behavior
can be disabled via $wgAjaxEditStash.
* (T46740) The temporary option $wgIncludejQueryMigrate was removed, along
with the jQuery Migrate library, as indicated when this option was provided in
MediaWiki 1.24.
* ProfilerStandard and ProfilerSimpleTrace were removed. Make sure that any
StartProfiler.php config is updated to reflect this. Xhprof is available
for zend/hhvm. Also, for hhvm, one can consider using its xenon profiler.
* Default value of $wgSVGConverters['rsvg'] now uses the 'rsvg-convert' binary
rather than 'rsvg'.
* Default value of $wgSVGConverters['ImageMagick'] now uses transparent
background with white fallback color, rather than just white background.
* MediaWikiBagOStuff class removed, make sure any object cache config
uses SqlBagOStuff instead.
* The 'daemonized' flag must be set to true in $wgJobTypeConf for any redis
job queues. This means that mediawiki/services/jobrunner service has to
be installed and running for any such queues to work.
* $wgAutopromoteOnce no longer supports the 'view' event. For keeping some
compatibility, any 'view' event triggers will still trigger on 'edit'.
* $wgExtensionDirectory was added for when your extensions directory is somewhere
other than $IP/extensions (as $wgStyleDirectory does with the skins directory).
=== New features in 1.25 ===
* (T64861) Updated plural rules to CLDR 26. Includes incompatible changes
for plural forms in Russian, Prussian, Tagalog, Manx and several languages
that fall back to Russian.
* (T60139) ResourceLoaderFileModule now supports language fallback
for 'languageScripts'.
* Added a new hook, "ContentAlterParserOutput", to allow extensions to modify the
parser output for a content object before links update.
* (T37785) Enhanced recent changes and extended watchlist are now default.
Documentation: https://meta.wikimedia.org/wiki/Help:Enhanced_recent_changes
and https://www.mediawiki.org/wiki/Manual:$wgDefaultUserOptions.
* (T69341) SVG images will no longer be base64-encoded when being embedded
in CSS. This results in slight size increase before gzip compression (due to
percent-encoding), but up to 20% decrease after it.
* Update jStorage to v0.4.12.
* MediaWiki now natively supports page status indicators: icons (or short text
snippets) usually displayed in the top-right corner of the page. They have
been in use on Wikipedia for a long time, implemented using templates and CSS
absolute positioning.
- Basic wikitext syntax: <indicator name="foo">[[File:Foo.svg|20px]]</indicator>
- Usage instructions: https://www.mediawiki.org/wiki/Help:Page_status_indicators
- Adjusting custom skins to support indicators:
https://www.mediawiki.org/wiki/Manual:Skinning#Page_status_indicators
* Edit tokens may now be time-limited: passing a maximum age to
User::matchEditToken will reject any older tokens.
* The debug logging internals have been overhauled, and are now using the
PSR-3 interfaces.
* Update CSSJanus to v1.1.1.
* Update lessphp to v0.5.0.
* Added a hook, "ApiOpenSearchSuggest", to allow extensions to provide extracts
and images for ApiOpenSearch output. The semantics are identical to the
"OpenSearchXml" hook provided by the OpenSearchXml extension.
* PrefixSearchBackend hook now has an $offset parameter. Combined with $limit,
this allows for pagination of prefix results. Extensions using this hook
should implement supporting behavior. Not doing so can result in undefined
behavior from API clients trying to continue through prefix results.
* Update jQuery from v1.11.1 to v1.11.3.
* External libraries installed via composer will now be displayed
on Special:Version in their own section. Extensions or skins that are
installed via composer will not be shown in this section as it is assumed
they will add the proper credits to the skins or extensions section. They
can also be accessed through the API via the new siprop=libraries to
ApiQuerySiteInfo.
* Update QUnit from v1.14.0 to v1.16.0.
* Update Moment.js from v2.8.3 to v2.8.4.
* Special:Tags now allows for manipulating the list of user-modifiable change
tags.
* Added 'managetags' user right and 'ChangeTagCanCreate', 'ChangeTagCanDelete',
and 'ChangeTagCanCreate' hooks to allow for managing user-modifiable change
tags.
* Added 'ChangeTagsListActive' hook, to separate the concepts of "defined" and
"active" formerly conflated by the 'ListDefinedTags' hook.
* Added TemplateParser class that provides a server-side interface to cachable
dynamically-compiled Mustache templates (currently uses lightncandy library).
* Clickable anchors for each section heading in the content are now generated
and appear in the gutter on hovering over the heading.
* Added 'CategoryViewer::doCategoryQuery' and 'CategoryViewer::generateLink' hooks
to allow extensions to override how links to pages are rendered within NS_CATEGORY
* (T19665) Special:WantedPages only lists page which having at least one red link
pointing to it.
* New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
used for conditional registration of API modules.
* New hook 'EnhancedChangesList::getLogText' to alter, remove or add to the
links of a group of changes in EnhancedChangesList.
* A full interface for StatsD metric reporting has been added to the context
interface, reachable via IContextSource::getStats().
* Move the jQuery Client library from being mastered in MediaWiki as v0.1.0 to a
proper, published library, which is now tagged as v1.0.0.
* A new message (defaulting to blank), 'editnotice-notext', can be shown to users
when they are editing if no edit notices apply to the page being edited.
* (T94536) You can now make the sitenotice appear to logged-in users only by
editing MediaWiki:Anonnotice and replacing its content with "". Setting it to
"-" (default) will continue disable it and fallback to MediaWiki:Sitenotice.
* Modifying the tagging of a revision or log entry is now available via
Special:EditTags, generally accessed via the revision-deletion-like interface
on history pages and Special:Log is likely to be more useful.
* Added 'applychangetags' and 'changetags' user rights.
* (T35235) LogFormatter subclasses are now responsible for formatting the
parameters for API log event output. Extensions should implement the new
getParametersForApi() method in their log formatters.
==== External libraries ====
* MediaWiki now requires certain external libraries to be installed. In the past
these were bundled inside the Git repository of MediaWiki core, but now they
need to be installed separately. For users using the tarball, this will be taken
care of and no action will be required. Users using Git will either need to use
composer to fetch dependencies or use the mediawiki/vendor repository which includes
all dependencies for MediaWiki core and ones used in Wikimedia deployment. Detailed
instructions can be found at:
https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
* The following libraries are now required:
** psr/log
This library provides the interfaces set by the PSR-3 standard (http://www.php-fig.org/psr/psr-3/)
which are used by MediaWiki internally via the
MediaWiki\Logger\LoggerFactory class.
See the structured logging RfC (https://www.mediawiki.org/wiki/Requests_for_comment/Structured_logging)
for more background information.
** cssjanus/cssjanus
This library was formerly bundled with MediaWiki core and has been removed.
It automatically flips CSS for RTL support.
** leafo/lessphp
This library was formerly bundled with MediaWiki core and has been removed.
It compiles LESS files into CSS.
** wikimedia/cdb
This library was formerly a part of MediaWiki core, and has been moved into a separate library.
It provides CDB functions which are used in the Interwiki and Localization caches.
More information about the library can be found at https://www.mediawiki.org/wiki/CDB.
** liuggio/statsd-php-client
This library provides a StatsD client API for logging application metrics to a remote server.
=== Bug fixes in 1.25 ===
* (T73003) No additional code will be generated to try to load CSS-embedded
SVG images in Internet Explorer 6 and 7, as they don't support them anyway.
* (T69021) On Special:BookSources, corrected validation of ISBNs (both
10- and 13-digit forms) containing "X".
* Page moving was refactored into a MovePage class. As part of that:
** The AbortMove hook was removed.
** MovePageIsValidMove is for extensions to specify whether a page
cannot be moved for technical reasons, and should not be overridden.
** MovePageCheckPermissions is for checking whether the given user is
allowed to make the move.
** Title::moveNoAuth() was deprecated. Use the MovePage class instead.
** Title::moveTo() was deprecated. Use the MovePage class instead.
** Title::isValidMoveOperation() broken down into MovePage::isValidMove()
and MovePage::checkPermissions().
* (T18530) Multiple autocomments are now formatted in an edit summary.
* (T70361) Autocomments containing "/*" are parsed correctly.
* The Special:WhatLinksHere page linked from 'Number of redirects to this page'
on action=info about a file page does not list file links anymore.
* (T78637) Search bar is not autofocused unless it is empty so that proper scrolling using arrow keys is possible.
* (T50853) Database::makeList() modified to handle 'NULL' separately when building IN clause
* (T85192) Captcha position modified in Usercreate template. As a result:
** extrafields parameter added to Usercreate.php to insert additional data
** 'extend' method added to QuickTemplate to append additional values to any field of data array
* (T86974) Several Title methods now load from the database when necessary
(instead of returning incorrect results) even when the page ID is known.
* (T74070) Duplicate search for archived files on file upload now omits the extension.
This requires the fa_sha1 field being populated.
* Removed rel="archives" from the "View history" link, as it did not pass
HTML validation.
* $wgUseTidy is now set when parserTests are run with the tidy option to match
output on wiki.
* (T37472) update.php will purge ResourceLoader cache unless --nopurge is passed to it.
* (T72109) mediawiki.language should respect $wgTranslateNumerals in convertNumber().
=== Action API changes in 1.25 ===
* (T67403) XML tag highlighting is now only performed for formats
"xmlfm" and "wddxfm".
* action=paraminfo supports generalized submodules (modules=query+value),
querymodules and formatmodules are deprecated
* action=paraminfo no longer outputs descriptions and other help text by
default. If needed, it may be requested using the new 'helpformat' parameter.
* action=help has been completely rewritten, and outputs help in HTML
rather than plain text.
* Hitting api.php without specifying an action now displays only the help for
the main module, with links to submodule help.
* API help is no longer displayed on errors.
* 'uselang' is now a recognized API parameter; "uselang=user" may be used to
explicitly select the language from the current user's preferences, and
"uselang=content" may be used to select the wiki's content language.
* Default output format for the API is now jsonfm.
* Simplified continuation will return a "batchcomplete" property in the result
when a batch of pages is complete.
* Pretty-printed HTML output now has nicer formatting and (if available)
better syntax highlighting.
* Deprecated list=deletedrevs in favor of newly-added prop=deletedrevisions and
list=alldeletedrevisions.
* prop=revisions will gracefully continue when given too many revids or titles,
rather than just ignoring the extras.
* prop=revisions will no longer die if rvcontentformat doesn't match a
revision's content model; it will instead warn and omit the content.
* If the user has the 'deletedhistory' right, action=query's revids parameter
will now recognize deleted revids.
* prop=revisions may be used as a generator, generating revids.
* (T68776) format=json results will no longer be corrupted when
$wgMangleFlashPolicy is in effect. format=php results will cleanly return an
error instead of returning invalid serialized data.
* Generators may now return data for the generated pages when used with
action=query.
* Query page data for generator=search and generator=prefixsearch will now
include an "index" field, which may be used by the client for sorting the
search results.
* ApiOpenSearch now supports XML output.
* ApiOpenSearch will now output descriptions and URLs as array indexes 2 and 3
in JSON format.
* (T76051) list=tags will now continue correctly.
* (T76052) list=tags can now indicate whether a tag is defined.
* (T75522) list=prefixsearch now supports continuation
* (T78737) action=expandtemplates can now return page properties.
* (T78690) list=allimages now accepts multiple pipe-separated values
for the 'aimime' parameter.
* prop=info with inprop=protections will now return applicable protection types
with the 'restrictiontypes' key.
* (T85417) When resolving redirects, ApiPageSet will now add the targets of
interwiki redirects to the list of interwiki titles.
* (T85417) When outputting the list of redirect titles, a 'tointerwiki'
property (like the existing 'tofragment' property) will be set.
* Added action=managetags to allow for managing the list of
user-modifiable change tags. Actually modifying the tagging of a revision or
log entry is not implemented yet.
* list=tags has additional properties to indicate 'active' status and tag
sources.
* siprop=libraries was added to ApiQuerySiteInfo to list installed external libraries.
* (T88010) Added action=checktoken, to test a CSRF token's validity.
* (T88010) Added intestactions to prop=info, to allow querying of
Title::userCan() via the API.
* Default type param for query list=watchlist and list=recentchanges has
been changed from all types (e.g. including 'external') to 'edit|new|log'.
* Added formatversion to format=json. Still "experimental" as further changes
to the output formatting might still be made.
* (T73020) Log event details are now always under a 'params' subkey for
list=logevents, and a 'logparams' subkey for list=watchlist and
list=recentchanges.
* Log event details are changing formatting:
* block events now report flags as an array rather than as a comma-separated
list.
* patrol events now report the 'auto' flag as a boolean (absent/empty string
for BC formats) rather than as an integer.
* rights events now report the old and new group lists as arrays rather than
as comma-separated lists.
* merge events use new-style formatting.
* delete/event and delete/revision events use new-style formatting.
* The root node and various other nodes will now always be an object in formats
such as json that distinguish between arrays and objects.
* Except for action=opensearch where the spec requires an array.
=== Action API internal changes in 1.25 ===
* ApiHelp has been rewritten to support i18n and paginated HTML output.
Most existing modules should continue working without changes, but should do
the following:
* Add an i18n message "apihelp-{$moduleName}-description" to replace getDescription().
* Add i18n messages "apihelp-{$moduleName}-param-{$param}" for each parameter
to replace getParamDescription(). If necessary, the settings array returned
by getParams() can use the new ApiBase::PARAM_HELP_MSG key to override the
message.
* Implement getExamplesMessages() to replace getExamples().
* Modules with submodules (like action=query) must have their submodules
override ApiBase::getParent() to return the correct parent object.
* The 'APIGetDescription' and 'APIGetParamDescription' hooks are deprecated,
and will have no effect for modules using i18n messages. Use
'APIGetDescriptionMessages' and 'APIGetParamDescriptionMessages' instead.
* Api formatters will no longer be asked to display the help screen on errors.
* ApiMain::getCredits() was removed. The credits are available in the
'api-credits' i18n message.
* ApiFormatBase has been changed to support i18n and syntax highlighting via
extensions with the new 'ApiFormatHighlight' hook. Core syntax highlighting
has been removed.
* ApiFormatBase now always buffers. Output is done when
ApiFormatBase::closePrinter is called.
* Much of the logic in ApiQueryRevisions has been split into ApiQueryRevisionsBase.
* The 'revids' parameter supplied by ApiPageSet will now count deleted
revisions as "good" if the user has the 'deletedhistory' right. New methods
ApiPageSet::getLiveRevisionIDs() and ApiPageSet::getDeletedRevisionIDs() are
provided to access just the live or just the deleted revids.
* Added ApiPageSet::setGeneratorData() and ApiPageSet::populateGeneratorData()
to allow generators to include data in the action=query result.
* New hooks 'ApiMain::moduleManager' and 'ApiQuery::moduleManager', can be
used for conditional registration of API modules.
* Added ApiBase::lacksSameOriginSecurity() to allow modules to easily check if
the current request was sent with the 'callback' parameter (or any future
method that breaks the same-origin policy).
* Profiling methods in ApiBase are deprecated and no longer need to be called.
* ApiResult was greatly overhauled. See inline documentation for details.
* ApiResult will automatically convert objects to strings or arrays (depending
on whether a __toString() method exists on the object), and will refuse to
add unsupported value types.
* An informal interface, ApiSerializable, exists to override the default
object conversion.
* ApiResult/ApiFormatBase "raw mode" is deprecated.
* ApiFormatXml now assumes defaults and so on instead of throwing errors when
metadata isn't set.
* (T35235) LogFormatter subclasses are now responsible for formatting log event
parameters for the API.
* Many modules have changed result data formats. While this shouldn't affect
clients not using the experimental formatversion=2, code using
ApiResult::getResultData() without the transformations for backwards
compatibility may need updating, as will code that wasn't following the old
conventions for API boolean output.
* The following methods have been deprecated and may be removed in a future
release:
* ApiBase::getDescription
* ApiBase::getParamDescription
* ApiBase::getExamples
* ApiBase::makeHelpMsg
* ApiBase::makeHelpArrayToString
* ApiBase::makeHelpMsgParameters
* ApiBase::getModuleProfileName
* ApiBase::profileIn
* ApiBase::profileOut
* ApiBase::safeProfileOut
* ApiBase::getProfileTime
* ApiBase::profileDBIn
* ApiBase::profileDBOut
* ApiBase::getProfileDBTime
* ApiBase::getResultData
* ApiFormatBase::setUnescapeAmps
* ApiFormatBase::getWantsHelp
* ApiFormatBase::setHelp
* ApiFormatBase::formatHTML
* ApiFormatBase::setBufferResult
* ApiFormatBase::getDescription
* ApiFormatBase::getNeedsRawData
* ApiMain::setHelp
* ApiMain::reallyMakeHelpMsg
* ApiMain::makeHelpMsgHeader
* ApiResult::setRawMode
* ApiResult::getIsRawMode
* ApiResult::getData
* ApiResult::setElement
* ApiResult::setContent
* ApiResult::setIndexedTagName_recursive
* ApiResult::setIndexedTagName_internal
* ApiResult::setParsedLimit
* ApiResult::beginContinuation
* ApiResult::setContinueParam
* ApiResult::setGeneratorContinueParam
* ApiResult::endContinuation
* ApiResult::size
* ApiResult::convertStatusToArray
* ApiQueryImageInfo::getPropertyDescriptions
* ApiQueryLogEvents::addLogParams
* The following classes have been deprecated and may be removed in a future
release:
* ApiQueryDeletedrevs
=== Languages updated in 1.25 ===
MediaWiki supports over 350 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Bugzilla reports.
* Languages added:
** awa (अवधी / Awadhi), thanks to translator 1AnuraagPandey;
** bgn (بلوچی رخشانی / Western Balochi), thanks to translators
Baloch Afghanistan, Ibrahim khashrowdi and Rachitrali;
** ses (Koyraboro Senni), thanks to translator Songhay.
* (T66440) Kazakh (kk) wikis should no longer forcefully reset the user's
interface language to kk where unexpected.
* The Chinese conversion table was substantially updated to fix a lot of
bugs and ensure better reading experience for different variants.
=== Other changes in 1.25 ===
* (T45591) Links to MediaWiki.org translatable help were added to indicators,
mostly in special pages. Local custom target titles can be placed in the
relevant '(namespace-X|action name|special page name)-helppage' system
message. Extensions can use the addHelpLink() function to do the same.
* The skin autodiscovery mechanism, deprecated in MediaWiki 1.23, has been
removed. See https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery for
migration guide for creators and users of custom skins that relied on it.
* Javascript variables 'wgFileCanRotate' and 'wgFileExtensions' now only
available on Special:Upload.
* (T58257) Set site logo from mediawiki.skinning.interface module instead of
inline styles in the HTML.
* Removed ApiQueryUsers::getAutoGroups(). (deprecated since 1.20)
* Removed XmlDumpWriter::schemaVersion(). (deprecated since 1.20)
* Removed LogEventsList::getDisplayTitle(). (deprecated since 1.20)
* Removed Preferences::trySetUserEmail(). (deprecated since 1.20)
* Removed mw.user.name() and mw.user.anonymous() methods. (deprecated since 1.20)
* Removed 'ok' and 'err' parameters in the mediawiki.api modules. (deprecated
since 1.20)
* Removed 'async' parameter from the mw.Api#getCategories() method. (deprecated
since 1.20)
* Removed 'jquery.json' module. (deprecated since 1.24)
Use the 'json' module and global JSON object instead.
* Deprecated OutputPage::readOnlyPage() and OutputPage::rateLimited().
Also, the former will now throw an MWException if called with one or more
arguments.
* Removed hitcounters and associated code.
* The "temp" zone of the upload respository is now considered private. If it
already exists (such as under the images/ directory), please make sure that
the directory is not web readable (e.g. via a .htaccess file).
* BREAKING CHANGE: In the XML dump format used by Special:Export and
dumpBackup.php, the <model> and <format> tags now apprear before the <text>
tag, instead of after the <text> and <sha1> tags.
The new schema version is 0.10, the new schema URI is:
https://www.mediawiki.org/xml/export-0.10.xsd
* MWFunction::call() and MWFunction::callArray() were removed, having being
deprecated in 1.22.
* Deprecated the getInternalLinkAttributes, getInternalLinkAttributesObj,
and getInternalLinkAttributes methods in Linker, and removed
getExternalLinkAttributes method, which was deprecated in MediaWiki 1.18.
* Removed Sites class, which was deprecated in 1.21 and replaced by SiteSQLStore.
* Added wgRelevantArticleId to the client-side config, for use on special pages.
* Deprecated the TitleIsCssOrJsPage hook. Superseded by the
ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
* Deprecated the TitleIsWikitextPage hook. Superseded by the
ContentHandlerDefaultModelFor hook since MediaWiki 1.21.
* Changed parsing of variables in schema (.sql) files:
** The substituted values are no longer parsed. (Formerly, several passes
were made for each variable, so depending on the order in which variables
were defined, variables might have been found inside encoded values. This
is no longer the case.)
** Variables are no longer string encoded when the /*$var*/ syntax is used.
If string encoding is necessary, use the '{$var}' syntax instead.
** Variable names must only consist of one or more of the characters
"A-Za-z0-9_".
** In source text of the form '{$A}'{$B}' or `{$A}`{$B}`, where variable A
does not exist yet variable B does, the latter may not be replaced.
However, this difference is unlikely to arise in practice.
* (T67278) RFC, PMID, and ISBN "magic links" must be surrounded by non-word
characters on both sides.
* The FormatAutocomments hook will now receive $pre and $post as booleans,
rather than as strings that must be prepended or appended to $comment.
* (T30950, T31025) RFC, PMID, and ISBN "magic links" can no longer contain
newlines; but they can contain and other non-newline whitespace.
* The 'mediawiki.action.edit' ResourceLoader module no longer generates the edit
toolbar, which has been moved to a separate 'mediawiki.toolbar' module. If you
relied on this behavior, update your scripts' dependencies.
* HTMLForm's 'vform' display style has been separated to a subclass. Therefore:
* HTMLForm::isVForm() is now deprecated.
* You can no longer do this:
$form = new HTMLForm( … );
$form->setDisplayFormat( 'vform' ); // throws exception
Instead, do this:
$form = HTMLForm::factory( 'vform', … );
* Deprecated Revision methods getRawUser(), getRawUserText() and getRawComment().
* BREAKING CHANGE: mediawiki.user.generateRandomSessionId:
The alphabet of the prior string returned was A-Za-z0-9 and now it is 0-9A-F
* (T87504) Avoid serving SVG background-images in CSS for Opera 12, which
renders them incorrectly when combined with border-radius or background-size.
* Removed maintenance script dumpSisterSites.php.
* DatabaseBase class constructors must be called using the array argument style.
Ideally, DatabaseBase:factory() should be used instead in most cases.
* Deprecated ParserOutput::addSecondaryDataUpdate and ParserOutput::getSecondaryDataUpdates.
This is a hard deprecation, with getSecondaryDataUpdates returning an empty array and
addSecondaryDataUpdate throwing an exception. These functions will be removed in 1.26,
since they interfere with caching of ParserOutput objects.
* Introduced new hook 'SecondaryDataUpdates' that allows extensions to inject custom updates.
* Introduced new hook 'OpportunisticLinksUpdate' that allows extensions to perform
updates when a page is re-rendered.
* EditPage::attemptSave has been modified not to call handleStatus itself and
instead just returns the Status object. Extension calling it should be aware of
this.
* Removed class DBObject. (unused since 1.10)
* wfDiff() is deprecated.
* The -m (maximum replication lag) option of refreshLinks.php was removed.
It had no effect since MediaWiki 1.18 and should be removed from any cron
jobs or similar scripts you may have set up.
* (T85864) The following messages no longer support raw html: redirectto,
thisisdeleted, viewdeleted, editlink, retrievedfrom, version-poweredby-others,
retrievedfrom, thisisdeleted, viewsourcelink, lastmodifiedat, laggedslavemode,
protect-summary-cascade
* All BloomCache related code has been removed. This was largely experimental.
* $wgResourceModuleSkinStyles no longer supports per-module local or remote paths. They
can only be set for the entire skin.
* Removed global function swap(). (deprecated since 1.24)
* Deprecated the ".php5" file extension entry points and the $wgScriptExtension
configuration variable. Refer to the ".php" files instead. If you want
".php5" URLs to continue to work, set up redirects. In Apache, this can be
done by enabling mod_rewrite and adding the following rules to your
configuration:
RewriteEngine On
RewriteBase /
RewriteRule ^(.*)\.php5 $1.php [R=301,L]
* The global importScriptURI and importStylesheetURI functions, as well as the
loadedScripts object, from wikibits.js (deprecated since 1.17) now emit
warnings through mw.log.warn when accessed.
== Compatibility ==
MediaWiki 1.25 requires PHP 5.3.3 or later. There is experimental support for
HHVM 3.3.0.
MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
support for them is somewhat less mature. There is experimental support for
Oracle and Microsoft SQL Server.
The supported versions are:
* MySQL 5.0.3 or later
* PostgreSQL 8.3 or later
* SQLite 3.3.7 or later
* Oracle 9.0.1 or later
* Microsoft SQL Server 2005 (9.00.1399)
== Upgrading ==
1.25 has several database changes since 1.24, and will not work without schema
updates. Note that due to changes to some very large tables like the revision
table, the schema update may take quite long (minutes on a medium sized site,
many hours on a large site).
If upgrading from before 1.11, and you are using a wiki as a commons
repository, make sure that it is updated as well. Otherwise, errors may arise
due to database schema changes.
If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
new database fields are filled with data.
If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
with MediaWiki 1.21.
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed upgrade instructions.
For notes on 1.24.x and older releases, see HISTORY.
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.freenode.net.
2015-05-20 Net-HTTP 6.09
Karen Etheridge (1):
No changes since 6.08_002
2015-05-02 Net-HTTP 6.08_002
Karen Etheridge (1):
fix foolish $VERSION error in 6.08_001
2015-05-01 Net-HTTP 6.08_001
Mark Overmeer (1):
resolve issues with SSL by reading bytes still waiting to be read after
the initial 1024 bytes [RT#104122]
Changelog:
The Apache Tomcat Project is proud to announce the release of version
8.0.23 of Apache Tomcat. Apache Tomcat 8.0.23 includes a numerous fixes
for issues identified in 8.0.22 as well as a number of other enhancements
and changes. The notable changes since 8.0.22 include:
Fixed corruption issues with NIO2 and TLS
Added a workaround for SPNEGO authentication and a JRE regression in Java 8 update 40 onwards
Added the new HttpHeaderSecurityFilter
Changelog:
Tomcat 7.0.62 (violetagg)
Catalina
add Allow logging of the remote port in the access log using the format pattern %{remote}p. (rjung)
fix 57765: When checking last modified times as part of the automatic deployment process, account for the fact that File.lastModified() has a resolution of one second to ensure that if a file has been modified within the last second, the latest version of the file is always used. Note that a side-effect of this change is that files with modification times in the future are treated as if they are unmodified. (markt)
fix Align redeploy resource modification checking with reload modification checking so that now, in both cases, a change in modification time rather than an increase in modification time is used to determine if the resource has changed. (markt)
fix Cleanup o.a.tomcat.util.digester.Digester from debug messages that do not give any valuable information. Patch provided by Polina Genova. (violetagg)
fix 57772: When reloading a web application and a directory representing an expanded WAR needs to be deleted, delete the directory after the web application has been stopped rather than before to avoid potential ClassNotFoundExceptions. (markt)
fix 57801: Improve the error message in the start script in case the PID read from the PID file is already owned by a process. (rjung)
fix 57824: Correct a regression in the fix for 57252 that broke request listeners for non-async requests that triggered an error that was handled by the ErrorReportingValve. (markt/violetagg)
fix 57841: Improve error logging during web application start. (markt)
fix 57856: Ensure that any scheme/port changes implemented by the RemoteIpFilter also affect HttpServletResponse.sendRedirect(). (markt)
fix 57896: Support defensive copying of "cookie" header so that unescaping double quotes in a cookie value does not corrupt original value of "cookie" header. This is an opt-in feature, enabled by org.apache.tomcat.util.http.ServerCookie.PRESERVE_COOKIE_HEADER system property. (kkolinko)
Coyote
fix 57779: When an I/O error occurs on a non-container thread only dispatch to a container thread to handle the error if using Servlet 3+ asynchronous processing. This avoids potential deadlocks if an application is performing I/O on a non-container thread without using the Servlet 3+ asynchronous API. (markt)
fix 57833: When using JKS based keystores for NIO, ensure that the key alias is always converted to lower caes since that is what JKS key stores expect. Based on a patch by Santosh Giri Govind M. (markt)
fix 57837: Add text/css to the default list of compressable MIME types. (markt)
Jasper
fix 57845: Ensure that, if the same JSP is accessed directly and via a <jsp-file> declaration in web.xml, updates to the JSP are visible (subject to the normal rules on re-compilation) regardless of how the JSP is accessed. (markt)
fix 57855: Explicitly handle the case where a MethodExpression is invoked with null or the wrong number of parameters. Rather than failing with an ArrayIndexOutOfBoundsException or a NullPointerException throw an IllegalArgumentException with a useful error message. (markt)
Cluster
add Add new attribute that send all actions for session across Tomcat cluster nodes. (kfujino)
fix Remove unused pathname attribute in mbean definition of BackupManager. (kfujino)
fix 57338: Improve the ability of the ClusterSingleSignOn valve to handle nodes being added and removed from the Cluster at run time. (markt)
fix Avoid unnecessary call of DeltaRequest.addSessionListener() in non-primary nodes. (kfujino)
WebSocket
fix 57762: Ensure that the WebSocket client correctly detects when the connection to the server is dropped. (markt)
fix 57776: Revert the 8.0.21 fix for the permessage-deflate implementation and incorrect op-codes since the fix was unnecessary (the bug only affected trunk) and the fix broke rather than fixed permessage-deflate if an uncompressed message was converted into more than one compressed message. (markt)
fix Fix log name typo in WsRemoteEndpointImplServer class, caused by a copy-paste. (markt/kkolinko)
fix 57788: Avoid NPE when looking up a class hierarchy without finding anything. (remm)
Web applications
add 57759: Add information to the keyAlias documentation to make it clear that the order keys are read from the keystore is implementation dependent. (markt)
fix 57864: Update the documentation web application to make it clearer that hex values are not valid for cluster send options. Based on a patch by Kyohei Nakamura. (markt)
Tribes
fix Fix a concurrency issue when a backup message that has all session data and a backup message that has diff data are processing at the same time. This fix ensures that MapOwner is set to ReplicatedMapEntry. (kfujino)
fix Clarify the handling of Copy message and Copy nodes. (kfujino)
fix Copy node does not need to send the entry data. It is enough to send only the node information of the entry. (kfujino)
fix ReplicatedMap should send the Copy message when replicating. (kfujino)
fix Fix behavior of ReplicatedMap when member has disappeared. If map entrprimary, rebuild the backup members. If primary node of map entry has disappeared, backup node is promoted to primary. (kfujino)
fix When a map member has been added to ReplicatedMap, make sure to add it to backup nodes list of all other members.
Changelog:
Fixed in Firefox ESR 31.7
2015-57 Privilege escalation through IPC channel messages
2015-54 Buffer overflow when parsing compressed XML
2015-51 Use-after-free during text processing with vertical text enabled
2015-48 Buffer overflow with SVG content and CSS
2015-47 Buffer overflow parsing H.264 video with Linux Gstreamer
2015-46 Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
- Add BUILD_DEPENDS to p5-Catalyst-Plugin-Authorization-Roles for make test
(upstream)
- Update to 0.1506
----------------
0.1506 2014-04-02
* Fix doc bugs. RT#87372
* Fix calling User->can() as a class method. RT#90715
* Fix Catalyst tutorial link. RT#47043
--------------
2.22 Thu May 14 04:04:03 CEST 2015
- ipv6 literals were not correctly parsed (analyzed by Raphael Geissert).
- delete the body when mutating request to GET request when
redirecting (reported by joe trader).
- send proxy-authorization header to proxy when using CONNECT
(reported by dzagashev@gmail.com).
- do not send Proxy-Authroization header when not using a proxy.
- when retrying a persistent request, switch persistency off.
- added t/02_ip_literals.t.
Upstream changes:
1.2.0 2015-04-14 07:13:00+0000
- [core] bundle libyaml #248 (Kazuho Oku)
- [core] implement master-worker process mode and daemon mode (bundles Server::Starter) #258#270 (Kazuho Oku)
- [file] more mime-types by default #250#254#280 (Tatsuhiko Kubo, George Liu, Kazuho Oku)
- [file][http1] fix connection being closed if the length of content is zero #276 (Kazuho Oku)
- [headers] fix heap overrun during configuration #251 (Kazuho Oku)
- [http2] do not delay sending PUSH_PROMISE #221 (Kazuho Oku)
- [http2] reduce memory footprint under high load #271 (Kazuho Oku)
- [http2] fix incorrect error sent when number of streams exceed the limit #268 (Kazuho Oku)
- [proxy] fix heap overrun when building request sent to upstream #266#269 (Moto Ishizawa, Kazuho Oku)
- [proxy] fix laggy response in case the length of content is zero #274#276 (Kazuho Oku)
- [SSL] fix potential stall while reading data from client #268 (Kazuho Oku)
- [SSL] bundle LibreSSL #236#272 (Kazuho Oku)
- [SSL] obtain source-level compatibility with BoringSSL #228 (Kazuho Oku)
- [SSL] add directive `listen.ssl.cipher-preference` for controlling the selection logic of cipher-suites #233 (Kazuho Oku)
- [SSL] disable TLS compression #252 (bisho)
- [libh2o] fix C++ compatibility (do not use empty struct) #225 (Kazuho Oku)
- [libh2o] search external dependencies using pkg-config #227 (Kazuho Oku)
- [misc] fix GCC version detection bug used for controlling compiler warnings #224 (Kazuho Oku)
- [misc] check merory allocation failures in socket pool #265 (Tatsuhiko Kubo)
1.1.1 2015-03-09 06:12:00+0000
- [proxy] fix crash on NetBSD when upstream connection is persistent #217 (Kazuho Oku)
- [misc] fix compile error on FreeBSD #211#212 (Syohei Yoshida)
1.1.0 2015-03-06 06:41:00+0000
- [core][file] send redirects appending '/' as abs-path redirects #209 (Kazuho Oku)
- [headers] add directives for manipulating response headers #204 (Kazuho Oku)
- [http2] do not send a corrupt response if header value is longer than 126 bytes #193 (Kazuho Oku)
- [http2] fix interoperability issue with nghttp2 0.7.5 and above 5c42eb1 (Kazuho Oku)
- [proxy] send `via` header to upstream #191 (Kazuho Oku)
- [proxy] resolve hostname asynchronously #207 (Kazuho Oku)
- [proxy] distribute load between upstream servers (using `rand()`) #208 (Kazuho Oku)
- [proxy] fix a bug that may cause a corrupt `location` header being forwarded #190 (Kazuho Oku)
- [reproxy] add support for `x-reproxy-url` header #187#197 (Daisuke Maki, Kazuho Oku)
1.0.1 2015-02-23 05:50:00+0000
- [core] change backlog size from 65,536 to 65,535 #183 (Tatsuhiko Kubo)
- [http2] fix assertion failure in HPACK encoder #186 (Kazuho Oku)
- [http2] add `extern` to some global variables that were not marked as such #178 (Kazuho Oku)
- [proxy] close persistent upstream connection if client abruptly closes the stream #188 (Kazuho Oku)
- [proxy] fix internal state corruption in case upstream sends response headers divided into multpile packets #189 (Kazuho Oku)
- [SSL] add host header to OCSP request #176 (Masaaki Hirose)
- [libh2o] do not require header files under `deps/` when using libh2o #173 (Kazuho Oku)
- [libh2o] fix compile error in examples when compiled with `H2O_USE_LIBUV=0` #177 (Kazuho Oku)
- [libh2o] in example, add missing / after the reference path #180 (Matthieu Garrigues)
- [misc] fix invalid HTML in sample page #175 (Deepak Prakash)
1.0.0 2015-02-18 20:01:00+0000
- [core] add redirect handler #150 (Kazuho Oku)
- [core] add `pid-file` directive for specifying the pid file #164 (Kazuho Oku)
- [core] connections accepted by host-specific listeners should not be handled by handlers of other hosts #163 (Kazuho Oku)
- [core] (FreeBSD) fix a bug that prevented the standalone server from booting when run as root #160 (Kazuho Oku)
- [core] switch to pipe-based interthread messaging #154 (Kazuho Oku)
- [core] use kqueue on all BSDs #156 (Kazuho Oku)
- [access-log] more logging directives: %H, %m, %q, %U, %V, %v #158 (Kazuho Oku)
- [access-log] bugfix: header values were not logged when specified using uppercase letters #157 (Kazuho Oku)
- [file] add application/json to defalt MIME-types #159 (Tatsuhiko Kubo)
- [http2] add support for the finalized version of HTTP/2 #166 (Kazuho Oku)
- [http2] fix issues reported by h2spec v0.0.6 #165 (Kazuho Oku)
- [proxy] merge the cookie headers before sending to upstream #161 (Kazuho Oku)
- [proxy] simplify the configuration directives (and make persistent upstream connections as default) #162 (Kazuho Oku)
- [SSL] add configuration directive to preload DH params #148 (Jeff Marrison)
- [libh2o] separate versioning scheme using H2O_LIBRARY_VERSION_* #167 (Kazuho Oku)
0.9.2 2015-02-10 04:17:00+0000
- [core] graceful shutdown on SIGTERM #119 (Kazuho Oku)
- [core] less TCP errors under high load #81 (Kazuho Oku)
- [file] add support for HEAD requests #110 (Mark Hoersken)
- [http1] MSIE workaround (send `Cache-Control: private` in place of Vary) #114 (Kazuho Oku)
- [http2] support server-push #133 (Kazuho Oku)
- [http2] fix spurious RST_STREAMS being sent #132 (Kazuho Oku)
- [http2] weight-based distribution of bandwidth #135 (Kazuho Oku)
- [proxy] added configuration directive `proxy.preserve-host` #112 (Masahiro Nagano)
- [proxy] sends X-Forwarded-For and X-Forwarded-Proto headers #112 (Masahiro Nagano)
- [proxy] stability improvements #61 (Kazuho Oku)
- [misc] adjustments to make the source code more analyzer-friendly #113,#117 (Nick Desaulniers, Maks Naumov)
0.9.1 2015-01-19 21:13:00+0000
- added configuration directives: ssl/cipher-suite, ssl/ocsp-update-interval, ssl/ocsp-max-failures, expires, file.send-gzip
- [http2] added support for draft-16 (draft-14 is also supported)
- [http2] dependency-based prioritization
- [http2] improved conformance to the specification
- [SSL] OCSP stapling (automatically enabled by default)
- [SSL] fix compile error with OpenSSL below version 1.0.1
- [file] content negotiation (serving .gz files)
- [expires] added support for Cache-Control: max-age
- [libh2o] libh2o and the header files installed by `make install`
- [libh2o] fix compile error when used from C++
- automatically setuids to nobody when run as root and if `user` directive is not set
- automatically raises RLIMIT_NOFILE
- uses all CPU cores by default
- now compiles on NetBSD and other BSD-based systems
An approximate changelog 5.0.3 to 5.1.2 (resolved issues from Jira):
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Bug ROL-2057
Missing NPE check in Roller PageServlet class
Unassigned Kohei Nozaki Major 30/Mar/15
Bug ROL-2058
No salt renewal on POST request
David Johnson Kohei Nozaki Major 30/Mar/15
Bug ROL-2059
Comment preview is invisible in Gaurav theme
David Johnson Kohei Nozaki Major 30/Mar/15
Bug ROL-2061
Wrong next month link of Calendar
David Johnson Kohei Nozaki Major 30/Mar/15
Bug ROL-2062
Missing NPE check in IndexOperation#getDocument()
David Johnson Kohei Nozaki Major 30/Mar/15
Improvement ROL-2064
Add viewport meta tag to Gaurav theme
David Johnson Kohei Nozaki Trivial 30/Mar/15
Bug ROL-2065
Gaurav sometimes displaying empty summary as unresolved "$entry.summary"
David Johnson Kohei Nozaki Minor 30/Mar/15
Bug ROL-2066
Comment URLs using https:// not saving properly in Gaurav theme
David Johnson Kohei Nozaki Trivial 30/Mar/15
Bug ROL-2067
Velocity configuration improvement
David Johnson David Johnson Major 30/Mar/15
Documentation ROL-2056
Wrong pointer (section number) in Install Guide at section 11.2
Unassigned Kohei Nozaki Minor 05/Jan/15
Bug ROL-2052
Custom stylesheets not being updated correctly when user switches between shared and custom themes.
Unassigned Glen Mazza Major 06/Oct/14
Bug ROL-2051
Roller not falling back to standard theme renditions when mobile one unavailable.
Unassigned Glen Mazza Critical 02/Oct/14
Bug ROL-1387
In creating tag aggregate counts, count tags only from published blog entries
Glen Mazza linda skrocki Major 02/Oct/14
Bug ROL-1620
Plus signs in categories lead to a 404 category RSS/Atom feeds
Glen Mazza linda skrocki Major 02/Oct/14
Bug ROL-2055
Comment search should be case insensitive
Glen Mazza Glen Mazza Minor 02/Oct/14
Bug ROL-2054
Newly saved categories not appearing on blog
Glen Mazza Glen Mazza Major 02/Oct/14
Bug ROL-1974
Roller's ROME Propono dependency needs updating to use newer JARs
David Johnson Glen Mazza Minor 25/Aug/14
Bug ROL-1973
ROME dependency used by Roller needs updating
David Johnson Glen Mazza Minor 25/Aug/14
Bug ROL-1942
Uploaded media file not selectable in media file view
Greg Huber Budi Ariyanto Major 25/Aug/14
Bug ROL-1948
getRealPath() null not handled
Unassigned Jürgen Weber Major 25/Aug/14
Task ROL-2039
Rename webpage and roller_templatecode tables
Glen Mazza Glen Mazza Major 25/Aug/14
Improvement ROL-2041
gaurav theme -- render full blog entries on main blog page if no summary given
Gaurav Saini Glen Mazza Major 25/Aug/14
Improvement ROL-1999
Switch from Referrers to storing tracking codes (e.g., Google Analytics)
Unassigned Glen Mazza Major 25/Aug/14
Bug ROL-1980
When deleting categories, Roller allows you to move its entries to invisible "root" category.
Glen Mazza Glen Mazza Major 25/Aug/14
Bug ROL-1981
Allow user to specify order of blog categories
Glen Mazza Glen Mazza Major 25/Aug/14
Task ROL-1979
Remove subcategory functionality from Roller 5.1
Glen Mazza Glen Mazza Major 25/Aug/14
Bug ROL-1554
Listing Box "Invite a new user to join..." does not have a horizontal scrolling bar
Glen Mazza Davis Nguyen Major 25/Aug/14
Improvement ROL-2038
Add dualTheme element to themes.xml descriptor
Glen Mazza Glen Mazza Blocker 25/Aug/14
Improvement ROL-1938
Switch to mobile template only in standard template's index page
Unassigned Tiger Gui Major 25/Aug/14
Improvement ROL-1937
Standard and Mobile template switch improvement patch
Unassigned Tiger Gui Major 25/Aug/14
New Feature ROL-1934
LDAP Comment Authenticator
Dave Johnson (Inactive) Nick Padilla Major 25/Jan/12 25/Aug/14
Task ROL-1977
Remove unused properties from ApplicationResources.properties
Glen Mazza Anil Gangolli Minor 25/Aug/14
Improvement ROL-1881
Add delete blog entry option to entries page
Unassigned Nicolas Muller Major 25/Aug/14
Bug ROL-1571
missing graphic alt text
Unassigned mike duigou Major 25/Aug/14
Bug ROL-1928
Missing 500-to-510-migration.vm file in Roller Mobile branch
David Johnson David Johnson Major 25/Aug/14
Task ROL-2043
Switch from YUI3 to JQuery UI for autocomplete, tabs, dialogs
Glen Mazza Glen Mazza Major 25/Aug/14
Task ROL-2022
Add Categories, demote tags from gaurav theme
Gaurav Saini Glen Mazza Major 25/Aug/14
Task ROL-2008
In "switch to (media) folder" drop-down, don't list the current folder the user is in.
Greg Huber Glen Mazza Major 25/Aug/14
Bug ROL-1273
resource item error
Glen Mazza Jian Liu Major 25/Aug/14
Task ROL-1434
lots of UI messaging needs to be converted to i18n keys in resource bundles
Glen Mazza Allen Gilliland Major 25/Aug/14
Bug ROL-2044
Member management page allows user to remove himself from blog.
Glen Mazza Glen Mazza Major 25/Aug/14
Bug ROL-1966
Search highlight problem
Glen Mazza Maciej Rumianowski Major 25/Aug/14
Bug ROL-1957
Unable to find RSD template
Unassigned Harsh Gupta Major 25/Aug/14
Bug ROL-1792
Hit count increments with <link rel="stylesheet" type="text/css" media="all" href="$model.weblog.stylesheet">
Greg Huber Greg Huber Trivial 25/Aug/14
Bug ROL-1716
a bug found when call getPopularTags with the limit=-1 (v4 m1)
Unassigned guoweizhan Major 25/Aug/14
Bug ROL-1414
Email scrambler not detecting hyphens in email addresses
Allen Gilliland linda skrocki Major 25/Aug/14
Improvement ROL-1649
Korean translation resource file
Unassigned Woonsan Ko Minor 25/Aug/14
Bug ROL-1930
Saving Template causes Null Pointer Exception
David Johnson David Johnson Blocker 25/Aug/14
Task ROL-1983
Only expose AJAX User List Servlet to admin users
Glen Mazza Glen Mazza Major 25/Aug/14
Task ROL-1986
Stop sending re-confirmation email after blogger approves comment.
Greg Huber Glen Mazza Minor 25/Aug/14
Improvement ROL-1978
Switch to more SEO-friendly hyphens instead of underscores to separate blog titles
Glen Mazza Glen Mazza Minor 25/Aug/14
Bug ROL-1616
Input fields not emptied after creating a new user
Unassigned Ronald Iwema Minor 25/Aug/14
Bug ROL-1638
Problem with themes on case sensitive file systems
Unassigned German Eichberger Major 25/Aug/14
New Feature ROL-1021
Referrer queue warning / filling up in logs. unclosed sessions.
Unassigned Rob Wilson Major 25/Aug/14
Bug ROL-1927
Roller 5 MSSQL Issues/Fixes
David Johnson Nick Padilla Major 25/Aug/14
Improvement ROL-2034
Hide Profile Password fields with SSO
Glen Mazza Jürgen Weber Major 25/Aug/14
Bug ROL-1794
file uploads with spaces in their names are 404ing (incorrect URL escaping?)
Greg Huber Dick Davies Major 25/Aug/14
Improvement ROL-1370
Support of email notifications preference for blog commentors
Unassigned linda skrocki Major 25/Aug/14
Bug ROL-1346
Weblog Calendar incorrectly assuming Sunday is first day of week for every locale.
Unassigned Vahid Zaboli Major 25/Aug/14
Test ROL-2033
Test Roller 5.1 with a weblog client
David Johnson David Johnson Major 25/Aug/14
Task ROL-2010
Update User's Guide with new app screen shots
Glen Mazza Glen Mazza Major 25/Aug/14
Bug ROL-2002
https:// URLs not being processed correctly in the comment URL field
Greg Huber Glen Mazza Major 25/Aug/14
Task ROL-1994
Switch to Apache Commons Collections 4.0
Unassigned Glen Mazza Minor 25/Aug/14
Bug ROL-1870
Duplicate bookmarks not showing
Unassigned Greg Huber Major 25/Aug/14
Bug ROL-1925
Patch for the bug of OpenID only authentication
Glen Mazza Shutra Major 25/Aug/14
Improvement ROL-929
Resign | "Are you sure?" Confirmation
Glen Mazza Greg Hamer Minor 25/Aug/14
Improvement ROL-2015
Add a description element to theme descriptor file (theme.xml)
Greg Huber Glen Mazza Major 25/Aug/14
Task ROL-1997
Switch WeblogEntry's pub status fields (DRAFT, PUBLISHED, PENDING, SCHEDULED) to an enum type
Unassigned Glen Mazza Minor 25/Aug/14
Task ROL-1995
Switch to JPA Typed Queries
Glen Mazza Glen Mazza Major 25/Aug/14
Task ROL-1984
./app/src/test/resources/WEB-INF/security.xml needs updating to Spring & Spring Security 3.x namespaces
Unassigned Glen Mazza Major 25/Aug/14
Bug ROL-1738
Charset of E-Mail Subject Needs to be configurable
Unassigned SATO Naoki Major 25/Aug/14
Bug ROL-1715
SiteModel's getWeblogsByLetterPager not documented correctly
Glen Mazza David Johnson Minor 25/Aug/14
Task ROL-2028
Separate the Basic Theme into Basic and Basic Mobile Themes
David Johnson Glen Mazza Major 25/Aug/14
Bug ROL-2018
"Notify me of new comments" not working on trunk.
Glen Mazza Glen Mazza Major 25/Aug/14
Task ROL-2000
Change current rol_ prefix for two newest tables
Unassigned Glen Mazza Minor 25/Aug/14
Bug ROL-1992
Blogroll OPML import page raising 500 Security Error
Unassigned Glen Mazza Major 25/Aug/14
Task ROL-1991
Switch publish date pop-up calendar to one with year entry option
Unassigned Glen Mazza Minor 25/Aug/14
Improvement ROL-1907
Inefficient use of key set iterator.
Unassigned Shelan Perera Minor 25/Aug/14
Bug ROL-2032
Test Roller 5.1 with blogs.apache.org database & themes
David Johnson David Johnson Major 25/Aug/14
Bug ROL-2007
Changing values in Media File Editor frequently results in permissions error.
Greg Huber Glen Mazza Major 25/Aug/14
Bug ROL-1988
Category search not working if space exists in category
Glen Mazza Glen Mazza Major 25/Aug/14
Bug ROL-1952
Roller 5.0.1 does not work with PostgreSQL 9.1
Unassigned Matthias Wimmer Major 25/Aug/14
Bug ROL-1746
Uploaded file names are lower-cased with AtomPub.
Greg Huber Tatsuya Noyori Major 25/Aug/14
Bug ROL-1596
Frontpage theme lose record!
Glen Mazza xiaojf Major 25/Aug/14
Improvement ROL-1430
French Translation (based on version 4.0 files)
Unassigned Denis Balazuc Minor 25/Aug/14
Improvement ROL-1965
Searching with locale on Multi Language blog
Glen Mazza Maciej Rumianowski Major 25/Aug/14
Bug ROL-2016
roller-startup.log not created on startup
Greg Huber Greg Huber Minor 25/Aug/14
Bug ROL-2009
Custom template theme folder creation isn't working
Unassigned Glen Mazza Major 25/Aug/14
Improvement ROL-1947
Provide a blog entry-level description field that can go into HTML header field
Dave Johnson (Inactive) Glen Mazza Major 25/Aug/14
Bug ROL-1956
ValidateSaltFilter not working on file upload
Greg Huber Matthias Wimmer Major 25/Aug/14
Bug ROL-1954
user weblogs cannot be managed when admin logs in and select any user via Server Aministration and clicks on eit
Unassigned Harsh Gupta Major 25/Aug/14
Bug ROL-1795
Posting comments with SchemeEnforcementFilter in operation.
Greg Huber Greg Huber Minor 25/Aug/14
Task ROL-2030
Replace Xinha editor with something more recent
Unassigned Glen Mazza Minor 25/Aug/14
Task ROL-1968
Upgrade Spring Security from 2.0.7 to 3.1.4
Unassigned Glen Mazza Major 25/Aug/14
Improvement ROL-1964
SearchServlet does not preserve locale
Unassigned Maciej Rumianowski Minor 25/Aug/14
Task ROL-2005
Switch to top-level folders only for Media Files
Unassigned Glen Mazza Major 25/Aug/14
Bug ROL-1739
Missing constraint on weblogentrytagagg table
Glen Mazza David Johnson Major 25/Aug/14
Bug ROL-1778
Blog entry preview before first publish not working with Derby database
Glen Mazza José Arthur Benetasso Villanova Major 25/Aug/14
Upstream changelog:
Catalina
++++++++
fix Correct typo in the message shown by HttpServlet for unexpected
HTTP method. (kkolinko)
add Allow to configure RemoteAddrValve and RemoteHostValve to adopt
behavior depending on the connector port. Implemented by
optionally adding the connector port to the string compared with
the patterns allow and deny. Configured using addConnectorPort
attribute on valve. (rjung)
fix 56608: Fix IllegalStateException for JavaScript files when
switching from Writer to OutputStream. The special handling of
this case in the DefaultServlet was broken due to a MIME type
change for JavaScript. (markt)
fix 57675: Correctly quote strings when using the extended access
log. (markt)
Coyote
++++++
fix 57234: Make SSL protocol filtering to remove insecure protocols
case insensitive. Correct spelling of filterInsecureProtocols
method. (kkolinko/schultz)
fix When applying the maxSwallowSize limit to a connection read
that many bytes first before closing the connection to give
the client a chance to read the response. (markt)
fix 57544: Fix a potential infinite loop when preparing a kept
alive HTTP connection for the next request. (markt)
add 57570: Make the processing of chunked encoding trailing headers
optional and disabled by default. (markt)
fix 57581: Change statistics byte counter in coyote Request object
to be long to allow values above 2Gb. (kkolinko)
update Update the minimum recommended version of the Tomcat Native
library (if used) to 1.1.33. (markt)
Jasper
++++++
fix Fix potential issue with BeanELResolver when running under a
security manager. Some classes may not be accessible but may
have accessible interfaces. (markt)
fix Simplify code in ProtectedFunctionMapper class of Jasper
runtime. (kkolinko)
fix 57801: Improve the error message in the start script in case
the PID read from the PID file is already owned by a process.
(rjung)
Web applications
++++++++++++++++
fix Update documentation for CGI servlet. Recommend to copy the
servlet declaration into web application instead of enabling
it globally. Correct documentation for cgiPathPrefix. (kkolinko)
update Improve Tomcat Manager documentation. Rearrange, add section
on HTML GUI, document /expire command and Server Status page.
(kkolinko)
add 54143: Add display of the memory pools usage (including PermGen)
to the Status page of the Manager web application. (kkolinko)
fix Fix several issues with status.xsd schema in Manager web
application, testing it against actual output of
StatusTransformer class. (kkolinko)
update Align algorithm that generates anchor names in Tomcat
documentation with Tomcat 7/8/9. No visible changes, but may
help with future updates to the documentation. (kkolinko)
fix 56058: Add links to the AccessLogValve documentation for
configuring reverse proxies and/or Tomcat to ensure that the
desired information is used entered in the access log when
Tomcat is running behind a reverse proxy. (markt)
fix 57503: Make clear that the JULI integration for log4j only
works with log4j 1.2.x. (markt)
update 57644: Update examples to use Apache Standard Taglib 1.2.5.
(jboynes/kkolinko)
fix 57706: Clarify the documentation for the AJP connector to make
clearer that when using tomcatAuthentication="false" the user
provided by the reverse proxy will not be associated with any
roles. (markt)
fix Correct the documentation for deployOnStartup to make clear
that if a WAR file is updated while Tomcat is stopped and
unpackWARs is true, Tomcat will not detect the changed WAR
file when it starts and will not replace the unpacked WAR file
with the contents of the updated WAR. (markt)
add 57759: Add information to the keyAlias documentation to make
it clear that the order keys are read from the keystore is
implementation dependent. (markt)
fix 57864: Update the documentation web application to make it
clearer that hex values are not valid for cluster send options.
Based on a patch by Kyohei Nakamura. (markt)
Other
+++++
add 57344: Provide sha1 checksum files for Tomcat downloads.
(kkolinko)
fix 57558: Change catalina-tasks.xml to use all jars in
${catalina.home}/lib to define Tomcat Ant tasks. This fixes
a NoClassDefFoundError with validate task. (kkolinko)
update Update to Tomcat Native Library version 1.1.33 to pick up the
Windows binaries that are based on OpenSSL 1.0.1m and APR 1.5.1.
(markt)
-------------------
6.11 2015-05-16
- Deprecated build_body and build_headers methods in Mojo::Content.
- Added headers_contain method to Mojo::Content.
- Updated jQuery to version 2.1.4.
- Fixed indentation of ASCII art in documentation browser. (jberger)
- Fixed bug where inline was not considered a reserved stash value.
6.10 2015-04-26
- Removed support for user/group switching, because it never worked
correctly, which means that this security feature has become an attack
vector itself. If you depend on this functionality, you can now use the
CPAN module Mojolicious::Plugin::SetUserGroup instead.
- Removed group and user attributes from Mojo::Server.
- Removed setuidgid method from Mojo::Server.
- Removed group and user settings from Hypnotoad.
- Removed -g/--group and -u/--user options from daemon and prefork commands.
- Added next_tick method to Mojo::Reactor::Poll.
- Improved next_tick callbacks to run in the same order in which they were
registered.
6.09 2015-04-25
- Improved HTML Living Standard compliance of Mojo::Parameters. (riche, sri)
- Fixed bug in Mojolicious::Types where the json MIME type did not specify a
charset. (kaktus)
Changelog:
Fixed Systems with first generation NVidia Optimus graphics cards may crash on start-up
Fixed Users who import cookies from Google Chrome can end up with broken websites
Fixed WebRTC H264 video streams from CiscoSpark native clients are not decoded correctly. (Fixed in Firefox ESR 38.0.1; was already fixed in Firefox 38.0)
Fixed Large animated images may fail to play and may stop other images from loading
