Beginning in v21.3, Sanic makes use of this new AST-style router in two use
cases: routing paths and routing signals. Therefore, this package comes with a
BaseRouter that needs to be subclassed in order to be used for its specific
needs.
Changelog
2.15.0 (2021-07-27)
Features
alertcenter: update the api 70810a52c8 (a36e3b1)
chat: update the api a577cd0b71 (a36e3b1)
cloudbuild: update the api 9066056a8b (a36e3b1)
content: update the api b123349da3 (a36e3b1)
displayvideo: update the api c525d726ee (a36e3b1)
dns: update the api 13436ccd2b (a36e3b1)
eventarc: update the api 6be3394a64 (a36e3b1)
file: update the api 817a0e6367 (a36e3b1)
monitoring: update the api bd32149f30 (a36e3b1)
people: update the api aa6b47df40 (a36e3b1)
retail: update the api d39f06e2d7 (a36e3b1)
securitycenter: update the api 999fab5178 (a36e3b1)
speech: update the api 3b2c0fa62b (a36e3b1)
sqladmin: update the api cef24d829a (a36e3b1)
Documentation
update license to be Apache-2.0 compliant
Version 3.3.1 (July 14th, 2021)
-------------------------------
**Features**
* add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq
* bump python version to 3.8 for tox doc, vendorverify, and lint targets
* update bug report template tag
* update vendorverify script to detect and fail when extra files are vendored
* update release process docs to check vendorverify passes locally
**Bug fixes**
* remove extra vendored django present in the v3.3.0 whl
* duplicate h1 header doc fix
Changelog:
The biggest improvements Nextcloud Hub 22 introduces are:
User-defined groups with Circles that makes it easier to manage teams where you can share files or assign tasks to circles, or create chat rooms for a circle
Integrated chat and task management where you can simply share a deck card into a chat room or turn a chat message into a task
Easy approval workflow, where an administrator can define a new approval flow in the settings and users can, on a document, request approval
Getting your document signatures easy with integrated PDF signing with DocuSign, EIDEasy, and LibreSign
Integrated knowledge management Nextcloud puts knowledge available to everyone at a moments' notice, providing easy search, sharing, and portable access
Groupware improvements bringing a trash bin feature in Calendar, resource booking to facilitate the handling of resources in organizations. Nextcloud Mail features improved threading, email tagging, and support for Sieve filtering
Highlights of this release:
- manage widgets with blocks
- display posts with new blocks and patterns
- overview of the page structure
- suggested patterns for blocks
- style and colorize images
- theme.json
- dropping support for IE11
- adding support for WebP
- adding additional block supports
More details here: https://wordpress.org/support/wordpress-version/version-5-8/
Changes:
2.32.3
------
- Properly set the cookies settings after a network process crash.
- Fix accessibility tree after a cross site navigation with PSON enabled.
- Ensure WebKitScriptWorld::window-object-cleared signal is always emitted.
- Fix several crashes and rendering issues.
4.2.1 (2021-07-07)
Reinstate TimeZoneField.default_choices
4.2 (2021-07-07)
Officially support for django 3.2, python 3.9
Fix bug with field deconstruction
Housekeeping: use poetry, github actions, pytest
Changelog:
90.0.2:
Fixed
* Fixed truncated output when printing (bug 1720621)
* Fixed menu styling on some Gtk themes (bug 1720441, bug 1720874)
#
Changed
* Updates to support DoH Canada rollout
90.0.1:
Fixed
* Fixed a crash when using some accessibility clients on Windows (bug 1720696
)
* Fixed busy looping processing some HTTP3 responses (bug 1720079)
* Fixed transient errors authenticating with some smart cards (bug 1715325)
* Fixed a rare crash on shutdown (bug 1707057)
* Fixed a race on startup that caused about:support to end up empty after
upgrade (bug 1717894)
* Reference link to 90.0 release notes
unresolved
* Printing a page with scaling may result in truncated output (bug 1720621)
Based on pull request joyent/pkgsrc#309 from Jeff Goeke-Smith.
mod_auth_openidc is an authentication/authorization module for the
Apache 2.x HTTP server that functions as an OpenID Connect Relying
Party, authenticating users against an OpenID Connect Provider.
2.2.1
- Enable Django 3.2 CI and add default_auto_field
- Fix locale in dir tree
- Do not blindly delete duplicate schedules
- used python:3.8-slim for lighter builds
- Do not blindly delete duplicate schedules
Changes:
7.78.0
------
This release includes the following changes:
o curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
o CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
o hostip: make 'localhost' return fixed values
o mbedtls: add support for cert and key blob options
o metalink: remove all support for it
o mqtt: add support for username and password
This release includes the following bugfixes:
o --socks4[a]: clarify where the host name is resolved
o ares: always store IPv6 addresses first
o asyn-ares: remove check for 'data' in Curl_resolver_cancel
o bearssl: explicitly initialize all fields of Curl_ssl
o bearssl: remove incorrect const on variable that is modified
o build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
o c-hyper: abort CONNECT response reading early on non 2xx responses
o c-hyper: add support for transfer-encoding in the request
o c-hyper: bail on too long response headers
o c-hyper: clear NTLM auth buffer when request is issued
o c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
o c-hyper: fix NTLM on closed connection tested with test159
o c-hyper: fix the uploaded field in progress callbacks
o c-hyper: handle NULL from hyper_buf_copy()
o c-hyper: support CURLINFO_STARTTRANSFER_TIME
o c-hyper: support CURLOPT_HEADER
o ccsidcurl: fix the compile errors
o CI/cirrus: install impacket from PyPI instead of FreeBSD packages
o CI: add bearssl build
o CI: add Circle CI
o CI: add jobs using Zuul
o CI: delete --enable-hsts option (it is the default now)
o CI: remove travis details
o cleanup: spell DoH with a lowercase o
o cmake: add CURL_DISABLE_NTLM option
o cmake: avoid leaking absolute paths into exported config
o cmake: fix IoctlSocket FIONBIO check
o cmake: fix support for UnixSockets feature on Win32
o cmake: remove libssh2 feature checks
o cmake: try well-known send/recv signature for Apple
o configure.ac: make non-executable
o configure/cmake: remove checks for many unused functions
o configure: add --disable-ntlm option
o configure: disable RTSP when hyper is selected
o configure: do not strip out debug flags
o configure: fix nghttp2 library name for static builds
o configure: inhibit the implicit-fallthrough warning on gcc-12
o configure: rename get-easy-option configure option to get-easy-options
o conn_shutdown: if closed during CONNECT cleanup properly
o conncache: lowercase the hash key for better match
o cookies: track expiration in jar to optimize removals
o copyright: add boiler-plate headers to CI config files
o crustls: bump crustls version and use new URL
o curl.h: <sys/select.h> is supported by VxWorks7
o curl.h: include sys/select.h for NuttX RTOS
o curl: ignore blank --output-dir
o curl_endian: remove the unused Curl_write64_le function
o curl_multibyte: Remove local encoding fallbacks
o Curl_ntlm_core_mk_nt_hash: fix OOM in error path
o Curl_ssl_getsessionid: fail if no session cache exists
o CURLOPT_WRITEFUNCTION.3: minor update of the example
o docs/BINDINGS: fix outdated links
o docs/examples: use curl_multi_poll() in multi examples
o docs/INSTALL: remove mentions of configure --with-darwin-ssl
o docs: document missing arguments to commands
o docs: fix inconsistencies in EGDSOCKET documentation
o docs: fix incorrect argument name reference
o docs: Fix typos
o docs: make docs for --etag-save match the program behaviour
o docs: use --max-redirs instead of --max-redir
o doh: (void)-prefix call to curl_easy_setopt
o doh: fix wrong DEBUGASSERT for doh private_data
o easy: during upkeep, attach Curl_easy to connections in the cache
o examples/multi-single: fix scan-build warning
o examples: length-limit two sscanf() uses of %s
o examples: safer and more proper read callback logic
o filecheck: quietly remove test-place/*~
o formdata: avoid "Argument cannot be negative" warning
o formdata: correct typecast in curl_mime_data call
o GHA: add a linux-hyper job
o GHA: add several libcurl tests to the hyper job
o GHA: run the newly fixed tests with hyper
o github: timeout jobs on macOS after 90 minutes
o glob: pass an 'int' as len when using printf's %*s
o gnutls: set the preferred TLS versions in correct order
o GOVERNANCE: add 'user', 'committer' and 'contributor'
o hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
o hostip: bad CURLOPT_RESOLVE syntax now returns error
o hsts: ignore numberical IP address hosts
o HSTS: not experimental anymore
o http2: clarify 'Using HTTP2' verbose message
o http2: init recvbuf struct for pushed streams
o http2_connisdead: handle trailing GOAWAY better
o http: fix crash in rate-limited upload
o http: make the haproxy support work with unix domain sockets
o http_proxy: deal with non-200 CONNECT response with Hyper
o hyper: propagate errors back up from read callbacks
o HYPER: remove mentions of deprecated development branch
o idn: fix libidn2 with windows unicode builds
o infof: remove newline from format strings, always append it
o lib: don't compare fd to FD_SETSIZE when using poll
o lib: fix compiler warnings with CURL_DISABLE_NETRC
o lib: fix type of len passed to *printf's %*s
o lib: more %u for port and int for %*s fixes
o lib: use %u instead of %ld for port number printf
o libcurl-security.3: mention file descriptors and forks
o libssh2: limit time a disconnect can take to 1 second
o mbedtls: make mbedtls_strerror always work
o mbedtls: Remove unnecessary include
o mqtt: detect illegal and too large file size
o mqtt: extend the error message for no topic
o msnprintf: return number of printed characters excluding null byte
o multi: add scan-build-6 work-around in curl_multi_fdset
o multi: alter transfer timeout ordering
o multi: do not switch off connect_only flag when closing
o multi: fix crash in curl_multi_wait / curl_multi_poll
o netrc: skip 'macdef' definitions
o ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
o openssl: avoid static variable for seed flag
o openssl: don't remove session id entry in disassociate
o pinnedpubkey.d: fix formatting for version support lists
o proto.d: fix formatting for paragraphs after margin changes
o quiche: use send() instead of sendto() to avoid macOS issue
o Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
o Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"
o runtests: also find the last test in Makefile.inc
o runtests: enable 'hyper mode' only for HTTP tests
o runtests: init $VERSION to avoid warnings when using -l
o runtests: parse data/Makefile.inc instead of using make
o runtests: skip disabled tests unless -f is used
o rustls: remove native_roots fallback
o schannel: set ALPN length correctly for HTTP/2
o SChannel: Use '_tcsncmp()' instead
o sectransp: check for client certs by name first, then file
o setopt: fix incorrect comments
o socketpair: fix potential hangs
o socks4: scan for the IPv4 address in resolve results
o ssl: read pending close notify alert before closing the connection
o sws: malloc request struct instead of using stack
o telnet: fix option parser to not send uninitialized contents
o test1116: hyper doesn't pass through "surprise-trailers"
o test1147: hyper doesn't allow "crazy" request headers like built-in
o test1151: added missing CRLF to work with hyper
o test1216: adjusted for hyper mode
o test1218: adjusted for hyper mode
o test1230: adjust to work in hyper mode
o test1340/1341: adjusted for hyper mode
o test1438/1457: add HTTP keyword to make hyper mode work
o test1514: add a CRLF to the response to make it correct
o test1518: adjusted to work with hyper
o test1519: adjusted to work with hyper
o test1594/1595/1596: fix to work in hyper mode
o test269: disable for hyper
o test3010: work with hyper mode
o test328: avoid a header-looking body to make hyper mode work
o test339: CRLFify better to work in hyper mode
o test347: CRLFify to work in hyper mode
o test393: make Content-Length fit within 64 bit for hyper
o test394: hyper returns a different error
o test395: hyper cannot work around > 64 bit content-lengths like built-in
o test433: adjust for hyper mode
o test434: add HTTP keyword
o test500: adjust to work with hyper mode
o test566: adjust to work with hyper mode
o test599: adjusted to work in hyper mode
o test644: remove as duplicate of test 587
o tests: fix Accept-Encoding strips to work with Hyper builds
o TLS: prevent shutdown loops to get stuck
o tool: make _lseeki64() macro work with the PellesC compiler
o tool_help: document that --tlspassword takes a password
o tool_help: remove unused define
o url.c: remove two variable assigns that are never read
o url: (void)-prefix a curl_url_get() call
o url: bad CURLOPT_CONNECT_TO syntax now returns error
o version: turn version number functions into returning void
o vtls: exit addsessionid if no cache is inited
o vtls: fix connection reuse checks for issuer cert and case sensitivity
o vtls: only store TIMER_APPCONNECT for non-proxy connect
o vtls: use free() not curl_free()
o warnless: simplify type size handling
o Win32: fix build with Watt-32
o winbuild/README: VC should be set to 6 'or larger'
o winbuild: support alternate nghttp2 static lib name
o wolfssl: failing to set a session id is not reason to error out
o write-out.d: clarify urlnum is not unique for de-globbed URLs
o zuul: use the new rustls directory name
CVE-2021-36740: request smuggling attack can be performed on Varnish Cache
and Varnish Cache Plus servers that have the HTTP/2 protocol enabled. The
smuggled requests do not go through normal VCL processing, and any
authorization steps implemented in VCL would be bypassed.
1.44.0:
nghttpx
The bug which prevents a backend which is excluded from a load balancing group temporarily from being restored.
The word master is replaced main. The nghttpx master process is now called main process.
--no-http2-cipher-black-list and --client-no-http2-cipher-black-list are deprecated and replaced with --no-http2-cipher-block-list and --client-no-http2-cipher-block-list respectively.
Remove trailing white space after $method log variable.
h2load
--rps option has been added.
The time unit (e.g., ms) is now allowed in -D option.
surf is a simple web browser based on WebKit2/GTK+. It is able to
display websites and follow links. It supports the XEmbed protocol
which makes it possible to embed it in another application.
Furthermore, one can point surf to another URI by setting its
XProperties.
Security Vulnerabilities fixed in Firefox ESR 78.12
#CVE-2021-29970: Use-after-free in accessibility features of a document
#CVE-2021-30547: Out of bounds write in ANGLE
#CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR
78.12
Changelog:
New
* On Windows, updates can now be applied in the background while Firefox is
not running.
* Firefox for Windows now offers a new page about:third-party to help
identify compatibility issues caused by third-party applications
* Exceptions to HTTPS-Only mode can be managed in about:preferences#privacy
* Print to PDF now produces working hyperlinks
* Version 2 of Firefox??s SmartBlock feature further improves private
browsing. Third-party Facebook scripts are blocked to prevent you from
being tracked, but are now automatically loaded ??just in time?? if you
decide to ??Log in with Facebook?? on any website.
Fixed
* Various security fixes
Changed
* The "Open Image in New Tab" context menu item now opens images and media in
a background tab by default. Learn more
* Most users without hardware accelerated WebRender will now be using
software WebRender.
* Improved software WebRender performance
* FTP support has been removed
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. See more details in the Firefox for Enterprise 90
Release Notes.
Developer
* Developer Information
* Support for Private Fields (TC39 proposal, stage 3) is available in
DevTools. The support includes: object inspection, autocompletion,
expression evaluation, variable tooltips, and pretty printing (bug)
* The Network panel shows a preview of HTTP requests for fonts in the
Response tab (bug)
Network panel font preview screenshot
Web Platform
* Support for Fetch Metadata Request Headers, which allows web applications
to better protect themselves and their users against various cross-origin
threats.
* Added the ability to use client authentication certificates stored in
hardware tokens or in Operating System storage.
Security fixes:
#CVE-2021-29970: Use-after-free in accessibility features of a document
#CVE-2021-29971: Granted permissions only compared host; omitting scheme and
port on Android
#CVE-2021-30547: Out of bounds write in ANGLE
#CVE-2021-29972: Use of out-of-date library included use-after-free
vulnerability
#CVE-2021-29973: Password autofill on HTTP websites was enabled without user
interaction on Android
#CVE-2021-29974: HSTS errors could be overridden when network partitioning was
enabled
#CVE-2021-29975: Text message could be overlaid on top of another website
#CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12
#CVE-2021-29977: Memory safety bugs fixed in Firefox 90
Version 1.9.11 (2020-11-08)
SECURITY HINT: make sure you have allow_xslt = False (or just do not use
allow_xslt at all in your wiki configs, False is the internal default).
Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.
Fixes:
* security fix for CVE-2020-25074:
fix remote code execution via cache action
changeset with fix: d1e5fc7d
* security fix for CVE-2020-15275:
fix malicious SVG attachment causing stored XSS vulnerability
changeset with fix: 64e16037
* make setup.py and .cfg ascii-only, #40
* fix SubProcess' os.setsid usage, #44
* fix interwiki test fails that crept into 1.9.10 release
* highlight parser: use language as code_type rather than "highlight"
* catch indexer error for too long names, #57
* improved indexer logging so logging never crashes due to
encoding issues for non-ascii page or attachment names.
* fix mailheader parsing, add tests for mailimport, #53
* workaround werkzeug errors='fallback:...' regression, #37
* mailimport: fix AttributeError, #55
* surge protection / hosts_deny: fix broken html, #60
Other changes:
* upgrade werkzeug 0.14.1 -> 1.0.1, adapt imports
HINT: if you use the ProxyFix code, the required import has changed to:
from werkzeug.middleware.proxy_fix import ProxyFix
* add secure-cookie 0.1.0 (code was formerly part of werkzeug.contrib), adapt imports
* update pygments 2.1.3 -> 2.5.2
* update passlib 1.7.1 -> 1.7.2
* update parsedatetime 2.4 -> 2.6
Changes:
-added cursor navigation in SearchView's text box (#42)
-fixed minor bugs
-added performance optimizations in Cargo.toml's release profile
-added Github CI actions
-added docker image of the latest main branch build
Changes:
2.32.2
======
- Improve calculation of initial WebKitWebView size.
- Fix kinetic scrolling on touchpad with async scrolling off.
- Fix a crash on empty drag operation in X11.
- Fix rendering on HiDPI /4k screen and scaling.
- Handle null native surface for for surfaceless rendering.
- Fix JavaScriptCore crash on 32-bit big endian systems.
- Fix several crashes and rendering issues.
0.17.1
Added
- Implement support for async side effects in router.
- Support mocking responses using asgi/wsgi apps.
- Added pytest fixture and configuration marker.
Fixed
- Typo in import from examples.md.
- Fix pass-through test case.
0.18.2
Added
* Support for Python 3.10.
* Expose `httpx.USE_CLIENT_DEFAULT`, used as the default to `auth` and `timeout` parameters in request methods.
* Support [HTTP/2 "prior knowledge"](https://python-hyper.org/projects/hyper-h2/en/v2.3.1/negotiating-http2.html#prior-knowledge), using `httpx.Client(http1=False, http2=True)`.
Fixed
* Clean up some cases where warnings were being issued.
* Prefer Content-Length over Transfer-Encoding: chunked for content=<file-like> cases.
0.13.6
Fixed
- Close sockets when read or write timeouts occur.
0.13.5
Fixed
- Resolved niggles with AnyIO EOF behaviours.
0.13.4
Added
- Improved error messaging when URL scheme is missing, or a non HTTP(S) scheme is used.
Fixed
- Switched to `anyio` as the default backend implementation when running with `asyncio`. Resolves some awkward [TLS timeout issues](https://github.com/encode/httpx/discussions/1511).
Changes with nginx 1.21.1
*) Change: now nginx always returns an error for the CONNECT method.
*) Change: now nginx always returns an error if both "Content-Length"
and "Transfer-Encoding" header lines are present in the request.
*) Change: now nginx always returns an error if spaces or control
characters are used in the request line.
*) Change: now nginx always returns an error if spaces or control
characters are used in a header name.
*) Change: now nginx always returns an error if spaces or control
characters are used in the "Host" request header line.
*) Change: optimization of configuration testing when using many
listening sockets.
*) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
and "}" characters when proxying with changed URI.
*) Bugfix: SSL variables might be empty when used in logs; the bug had
appeared in 1.19.5.
*) Bugfix: keepalive connections with gRPC backends might not be closed
after receiving a GOAWAY frame.
*) Bugfix: reduced memory consumption for long-lived requests when
proxying with more than 64 buffers.
v0.85.0
-------
Hugo 0.85.0 is on the smaller side of releases, but the main new thing it
brings should be important to those who need it: Poll based watching for file
system changes.
Hugo uses Fsnotify to provide native file system notifications. This is still
the default, but there may situations where this isn't working. The file may
not support it (e.g. NFS), or you get the "too many open files" error and
cannot or do not want to increase the ulimit. Enable polling by passing the
--poll flag with an interval:
hugo server --poll 700ms
You van even do "long polling" by passing a long interval:
hugo server --poll 24h
v0.84.0
-------
This release brings several configuration fixes and improvements that will be
especially useful for themes.
Deep merge of theme Params
One of the most common complaint from Hugo theme owners/users has been about
the configuration handling. Hugo has up until now only performed a shallow
merge of theme params into the configuration.
With that, given this example from a theme configuration:
[params]
[params.colours]
blue="#337DFF"
green="#68FF33"
red="#FF3358"
If you would like to use the above theme, but want a different shade of red,
you earlier had to copy the entire block, even the colours you're totally happy
with. This was painful even the simplest setup.
Now you can just override the params keys you want to change, e.g.:
[params]
[params.colours]
red="#fc0f03"
For more information, and especially about the way you can opt out of the above
behaviour, see Merge Configuration from Themes.
Themes now support the config directory
Now both the project and themes/modules can store its configuration in both the
top level config file (e.g. config.toml) or in the config directory. See
Configuration Directory.
HTTP headers in getJSON/getCSV
getJSON now supports custom HTTP headers. This has been a big limitation in
Hugo, especially considering the Authorization header.
New erroridf template func
Sometime, especially when creating themes, it is useful to be able to let the
user decide if an error situation is critical enough to fail the build. The new
erroridf produces ERROR log statements that can be toggled off:
{{ erroridf "some-custom-id" "Some error message." }}
Will log:
ERROR: Some error message.
If you feel that this should not be logged as an ERROR, you can ignore it by adding this to your site config:
ignoreErrors = ["some-custom-id"]
Django 3.2.5 fixes a security issue with severity “high” and several bugs in 3.2.4. Also, the latest string translations from Transifex are incorporated.
CVE-2021-35042: Potential SQL injection via unsanitized QuerySet.order_by() input
Unsanitized user input passed to QuerySet.order_by() could bypass intended column reference validation in path marked for deprecation resulting in a potential SQL injection even if a deprecation warning is emitted.
As a mitigation the strict column reference validation was restored for the duration of the deprecation period. This regression appeared in 3.1.
The issue is not present in the main branch as the deprecated path has been removed.
Bugfixes
Fixed a regression in Django 3.2 that caused a crash of QuerySet.values_list(…, named=True) after prefetch_related().
Fixed a bug in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when altering BinaryField, JSONField, or TextField to non-nullable.
Fixed a regression in Django 3.2 that caused a migration crash on MySQL 8.0.13+ when adding nullable BinaryField, JSONField, or TextField with a default value.
Fixed a bug in Django 3.2 where a system check would crash on a model with an invalid app_label
