3.1.3
Changes:
Fix: Django 3.2, Run tests against Django 3.2
Fix: Django 3.2, Handle warnings for default_app_config
Fix: sqldiff, Fix for missing field/index in model case
Django 3.2.3 fixes several bugs in 3.2.2.
Bugfixes
Prepared for mysqlclient > 2.0.3 support.
Fixed a regression in Django 3.2 that caused the incorrect filtering of querysets combined with the | operator.
Fixed a regression in Django 3.2.1 where saving FileField would raise a SuspiciousFileOperation even when a custom upload_to returns a valid file path.
Django 3.2.2 fixes a security issue and a bug in 3.2.1.
CVE-2021-32052: Header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+
On Python 3.9.5+, URLValidator didn’t prohibit newlines and tabs. If you used values with newlines in HTTP response, you could suffer from header injection attacks. Django itself wasn’t vulnerable because HttpResponse prohibits newlines in HTTP headers.
Moreover, the URLField form field which uses URLValidator silently removes newlines and tabs on Python 3.9.5+, so the possibility of newlines entering your data only existed if you are using this validator outside of the form fields.
This issue was introduced by the bpo-43882 fix.
Django 2.2.23 fixes a regression in 2.2.21.
Bugfixes
Fixed a regression in Django 2.2.21 where saving FileField would raise a SuspiciousFileOperation even when a custom upload_to returns a valid file path
Django 2.2.22 fixes a security issue in 2.2.21.
CVE-2021-32052: Header injection possibility since URLValidator accepted newlines in input on Python 3.9.5+
On Python 3.9.5+, URLValidator didn’t prohibit newlines and tabs. If you used values with newlines in HTTP response, you could suffer from header injection attacks. Django itself wasn’t vulnerable because HttpResponse prohibits newlines in HTTP headers.
Moreover, the URLField form field which uses URLValidator silently removes newlines and tabs on Python 3.9.5+, so the possibility of newlines entering your data only existed if you are using this validator outside of the form fields.
This issue was introduced by the bpo-43882 fix.
as well as adding options for other SSL libraries, disabling options
explicitly should cause less problems when the OS contains libraries used
by the options.
pkgsrc changes:
- Remove patches applied upstream
Changes:
2.32.1
------
- Support building against the Musl C library.
- Support building against ICU version 69 or newer.
- Improve handling of Media Capture devices.
- Improve WebAudio playback.
- Improve video orientation handling.
- Improve seeking support for MSE playback.
- Improve flush support in EME decryptors.
- Fix HTTP status codes for requests done through a custom URI handler.
- Fix the Bubblewrap sandbox in certain 32-bit systems.
- Fix inconsistencies between the WebKitWebView.is-muted property state
and values returned by webkit_web_view_is_playing_audio().
- Fix the build with ENABLE_VIDEO=OFF.
- Fix wrong timestamps for long-lived cookies.
- Fix UI process crash when failing to load favicons.
- Fix several crashes and rendering issues.
- Translation updates: Swedish.
2.4.0 (2021-05-11)
Features
alertcenter: update the api (cbf5364)
analyticsadmin: update the api (bfa2f1c)
androidenterprise: update the api (44a6719)
androidpublisher: update the api (44a6719)
artifactregistry: update the api (44a6719)
bigquery: update the api (bfa2f1c)
chromepolicy: update the api (44a6719)
content: update the api (c0b883a)
datacatalog: update the api (e58efe8)
dataproc: update the api (cbf5364)
dialogflow: update the api (44a6719)
dns: update the api (c0b883a)
documentai: update the api (bfa2f1c)
file: update the api (cbf5364)
file: update the api (44a6719)
firebasestorage: update the api (27f691d)
gameservices: update the api (bfa2f1c)
gkehub: update the api (44a6719)
lifesciences: update the api (44a6719)
monitoring: update the api (bfa2f1c)
mybusinessaccountmanagement: update the api (bfa2f1c)
networkmanagement: update the api (bfa2f1c)
oslogin: update the api (bfa2f1c)
pubsublite: update the api (bfa2f1c)
recommender: update the api (bfa2f1c)
retail: update the api (cbf5364)
servicedirectory: update the api (44a6719)
servicemanagement: update the api (c0b883a)
servicenetworking: update the api (bfa2f1c)
translate: update the api (c0b883a)
Bug Fixes
preventing accessing predefined discovery URLs when override is provided
Changelog:
Version 21.0.1 April 9 2021
Changes
* Always renew apppasswords on login (server#25571)
* Improve mention matches (server#25573)
* Disable trasbin during the moveFromStorage fallback (server#25877)
* Clear multiselect after selection in share panel (server#25918)
* Activity: show if files are hidden or not (server#25935)
* Sharebymail: set expiration on creation (server#25937)
* Catch notfound and forbidden exception in smb::getmetadata (server#25943)
* Skip empty obsolete owner when adding to own NC (server#25955)
* Fix admin password strengthify tooltip (server#25962)
* Add missing waits and asserts in acceptance tests (server#25993)
* Hide expiration date field for remote shares (server#26026)
* Remove trash items from other trash backends when deleting all (server#
26039)
* Fix SCSS compiler deprecated function usages (server#26042)
* Provisioning API to IBootstrap (server#26044)
* Cache baseurl in url generator (server#26051)
* Allow autocomplete based on phone sync (server#26056)
* Only clear share password model when actually saved (server#26058)
* Add appconfig to always show the unique label of a sharee (server#26062)
* Only clear known users when we had at least one phonebook entry (server#
26081)
* Chunk the array of phone numbers (server#26084)
* Limit constructing of result objects in file search (server#26087)
* Apply object store copy optimization when 'cross storage' copy is wit...
(server#26090)
* Add getID function to the simplefile implementation (server#26119)
* Allow overwriting isAuthenticated (server#26122)
* Send share notification instead of erroring on duplicate share (server#
26124)
* Log exceptions when creating share (server#26128)
* Do cachejail search filtering in sql (server#26133)
* Return the fileid from `copyFromCache` and use it instead of doing an extra
query (server#26146)
* Dont allow creating users with __groupfolders as uid (server#26151)
* Use correct exception type hint in catch statement (server#26162)
* Fix default missing initial state for templates (server#26166)
* Remove explicit fclose from S3->writeStream (server#26167)
* Adds ldap user:reset command (server#26175)
* Improve search results when only phonebook-matches can we autocompleted
(server#26177)
* Fix valid storages removed when cleaning remote storages (server#26192)
* Update user share must use correct expiration validation (server#26204)
* Expand 'path is already shared' error message (server#26211)
* Add (hidden) option to always show smb root as writable (server#26215)
* Removed unnecessary padding (server#26227)
* L10n: Add words user and because in ShareByMailProvider.php (server#26238)
* Fix non LGC glyphs in avatars and txt file previews (server#26249)
* Handle limit offset and sorting in files search (server#26257)
* Update icewind/smb to 3.4.0 (server#26263)
* Catch invalid cache source storage path (server#26271)
* Fix casing of core test folder, bring back missing tests (server#26276)
* L10n: Separate ellipsis (server#26279)
* Show better error messages when a file with a forbidden path is encountered
(server#26291)
* Fix l10n (server#26298)
* Log when a storage is marked as unavailable (server#26301)
* Delete old birthday calendar object when moving contact to another ad...
(server#26307)
* Add a prefix index to filecache.path (server#26326)
* Avatar privacy and new scope (server#26352)
* Fix broken Calendar Event Invite email icons in Gmail by using PNGs instead
of SVGs (server#26357)
* Update cipher defaults (server#26363)
* Fix wording for phone number integration (server#26366)
* Remove notifications when retesting profile field input (server#26371)
* Do not attempt to read 0 bytes when manually iterating over a non-seekable
file (server#26376)
* Fix(translation): replace static error message (server#26377)
* Only mark migrations as installed after execution (server#26379)
* Gracefully handle deleteFromSelf when share is already gone (server#26382)
* Also check the default phone region when the number has no country code
(server#26391)
* Allow apps to write/update account data (server#26398)
* Log and continue when failing to update encryption keys during for
individual files (server#26400)
* Make ILDAPProviderFactory usable when there is no ldap setup (server#26402)
* Remove leftover debug @NoCSRFRequired introduced with #26198 (server#26404)
* Get the parent directory before creating a file from a template (server#
26406)
* Bump y18n from 4.0.0 to 4.0.1 (server#26413)
* [3rdparty]phpseclib-2.0.31 (server#26447)
* Revert "add a prefix index to filecache.path" (server#26451)
* 21.0.1 final (server#26453)
* Show icon-phone when setting is set to private instead of local (server#
26459)
* Bump phpseclib/phpseclib from 2.0.30 to 2.0.31 (3rdparty#643)
* Fix 'Daily activity summary' email subject translation (activity#562)
* Fix notifying own activities (activity#566)
* Send the footer with the defined language (activity#570)
* Make sure we only load the public script on public pages (files_pdfviewer#
340)
* Extend reasons for email address (firstrunwizard#503)
* Only send desktop notifications in one tab (notifications#911)
* Fix Photos not shown in large browser windows #630 (photos#689)
* Add vue-virtual-grid to babel (photos#710)
* Match any non-whitespace character in filesystem type pattern (serverinfo#
280)
* Fix Internal Server Error @ /settings/admin/serverinfo in 21.0.0
(serverinfo#287)
* Disable cypress recording for now (text#1504)
* Use write permission when possible (text#1512)
* Fix clicking links with color annotations (text#1516)
* Update CLI tests to PHP 7.4 to 8.0 (updater#346)
* Disable UI when web updater is disabled in config.php (updater#351)
* Remove obsolete pipeline php72-master (updater#355)
* Update used version of box (updater#359)
* Do not allow to keep maintenance mode active in web updater (updater#363)
* Fix fullscreen (viewer#842)
v0.83.1
This is a bug-fix release with one important fix.
langs/i18n: Fix warning regression in i18n ececd1b1 @bep #8492
v0.83.0
Templates
Remove the FuzzMarkdownify func for now 5656a908 @bep
Output
Make the shortcode template lookup for output formats stable 0d86a32d @bep #7774
Only output mediaType once in docshelper JSON 7b4ade56 @bep #8379
Other
Regenerate docs helper a9b52b41 @bep
Regenerate CLI docs b073a1c9 @bep
Remove all dates from gendoc 4227cc1b @bep
Update getkin/kin-openapi v0.60.0 => v0.61. 3cc4fdd6 @bep
Update github.com/evanw/esbuild v0.11.14 => v0.11.16 78c1a6a7 @bep
Remove .Site.Authors from embedded templates f6745ad3 @jmooring #4458
Don't treat a NotFound response for Delete as a fatal error. f523e9f0 @vangent
Switch to deb packages of nodejs and python3-pygments 63cd05ce @anthonyfok
Install bin/node from node/14/stable 902535ef @anthonyfok
bump github.com/getkin/kin-openapi from 0.55.0 to 0.60.0 70aebba0 @dependabot[bot]
bump github.com/evanw/esbuild from 0.11.13 to 0.11.14 3e3b7d44 @dependabot[bot]
Update to Chroma v0.9.1 048418ba @caarlos0
Improve plural handling of floats eebde0c2 @bep #8464
bump github.com/evanw/esbuild from 0.11.12 to 0.11.13 65c502cc @dependabot[bot]
Revise the plural implementation 537c905e @bep #8454#7822
Update to "base: core20" 243951eb @anthonyfok
bump github.com/frankban/quicktest from 1.11.3 to 1.12.0 fe2ee028 @dependabot[bot]
bump google.golang.org/api from 0.44.0 to 0.45.0 316d65cd @dependabot[bot]
bump github.com/aws/aws-sdk-go from 1.37.11 to 1.38.23 b95229ab @dependabot[bot]
Correct function name in comment 0551df09 @xhit
Upgraded github.com/evanw/esbuild v0.11.0 => v0.11.12 057e5a22 @bep
Regen docs helper fd96f65a @bep
bump github.com/tdewolff/minify/v2 from 2.9.15 to 2.9.16 d3a64708 @dependabot[bot]
bump golang.org/x/text from 0.3.5 to 0.3.6 3b56244f @dependabot[bot]
Remove some unreachable code f5d3d635 @bep
bump github.com/getkin/kin-openapi from 0.39.0 to 0.55.0 0d3c42da @dependabot[bot]
Some performance tweaks for the HTML elements collector ef34dd8f @bep
Exclude comment and doctype elements from writeStats bc80022e @dirkolbrich #8396#8417
Merge branch 'release-0.82.1' 2bb9496c @bep
bump github.com/yuin/goldmark from 1.3.2 to 1.3.5 3ddffd06 @jmooring #8377
Remove duplicate references from release notes 6fc52d18 @jmooring #8360
bump github.com/spf13/afero from 1.5.1 to 1.6.0 73c3ae81 @dependabot[bot]
bump github.com/pelletier/go-toml from 1.8.1 to 1.9.0 7ca118fd @dependabot[bot]
Add webp image encoding support 33d5f805 @bep #5924
bump google.golang.org/api from 0.40.0 to 0.44.0 509d39fa @dependabot[bot]
bump github.com/nicksnyder/go-i18n/v2 from 2.1.1 to 2.1.2 7725c41d @dependabot[bot]
bump github.com/rogpeppe/go-internal from 1.6.2 to 1.8.0 5d36d801 @dependabot[bot]
Remove extraneous space from figure shortcode 9b34d42b @jmooring #8401
bump github.com/magefile/mage from 1.10.0 to 1.11.0 c2d8f87c @dependabot[bot]
bump github.com/google/go-cmp from 0.5.4 to 0.5.5 cbc24661 @dependabot[bot]
Disable broken pretty relative links feature fa432b17 @niklasfasching
Update go-org to v1.5.0 0cd55c66 @niklasfasching
bump github.com/jdkato/prose from 1.2.0 to 1.2.1 0d5cf256 @dependabot[bot]
bump github.com/spf13/cobra from 1.1.1 to 1.1.3 36527576 @dependabot[bot]
Add complete dependency list in "hugo env -v" 9b83f45b @bep #8400
Add hugo.IsExtended 7fdd2b95 @bep #8399
Also test minified HTML in the element collector 3d5dbdcb @bep #7567
Skip script, pre and textarea content when looking for HTML elements 8a308944 @bep #7567
Add slice syntax to sections permalinks config 2dc222ce @bep #8363
Upgrade github.com/evanw/esbuild v0.9.6 => v0.11.0 4d22ad58 @bep
Fixes
Templates
Fix where on type mismatches e4dc9a82 @bep #8353
Output
Regression in media type suffix lookup 6e9d2bf0 @bep #8406
Regression in media type suffix lookup e73f7a77 @bep #8406
Other
Fix multiple unknown language codes 7eb80a9e @bep #7838
Fix permalinks pattern detection for some of the sections variants c13d3687 @bep #8363
Fix Params case handling in where with slices of structs (e.g. Pages) bca40cf0 @bep #7009
Fix typo in docshelper.go 7c7974b7 @jmooring #8380
Try to fix the fuzz build 5e2f1289 @bep
v0.82.1
This is a bug-fix release with one important fix.
Regression in media type suffix lookup 6e9d2bf0 @bep #8406
v0.82.0
Enhancements
Templates
Add method mappings for strings.Contains, strings.ContainsAny 7f853003 @bep
Output
Make Type comparable ba1d0051 @bep #8317#8324
Add a basic benchmark 4d24e2a3 @bep
Other
Regenerate docs helper 86b4fd35 @bep
Regen CLI docs 195d108d @bep
Simplify some config loading code df8bb881 @bep
Update github.com/evanw/esbuild v0.9.0 => v0.9.6 57d8d208 @bep
Apply OS env overrides twice fc06e850 @bep
Attributes for code fences should be placed after the lang indicator only b725253f @bep #8313
Bump github.com/tdewolff/minify/v2 v2.9.15 35dedf15 @bep #8332
More explicit support link to discourse 137d2dab @davidsneighbour
Update to esbuild v0.9.0 1b1dcf58 @bep
Allow more spacing characters in strings 0a2ab3f8 @moorereason #8079#8079
Rename a test 35bfb662 @bep
Add a debug helper 6d21559f @bep
Add support for Google Analytics v4 ba16a14c @djatwood
Bump go.mod to Go 1.16 782c79ae @bep #8294#8210 Upgrade golang version for Dockerfile 5afcae7e @systemkern
Update CONTRIBUTING.md 60469f42 @bep
Handle attribute lists in code fences aed7df62 @bep #8278
Allow markdown attribute lists to be used in title render hooks cd0c5d7e @bep #8270
bump github.com/kyokomi/emoji/v2 from 2.2.7 to 2.2.8 88a85dce @dependabot[bot]
Fixes
Output
Fix output format handling for render hooks 18074d0c @bep #8176
Other
Fix OS env override for nested config param only available in theme 7ed56c69 @bep #8346
Fix new theme command description 24c716ca @rootkea
Fix handling of utf8 runes in nullString() f6612d8b @moorereason
Fixes#7698. 01dd7c16 @gzagatti
Fix autocomplete docs c8f45d1d @bep
v0.81.0
Make the build green again fe77f743 @bep
Regenerate internal templates c6080655 @bep
Update date logic of opengraph and schema internal templates ffd9dac4 @djatwood
Synch Go templates fork with Go 1.16dev cf3e077d @bep
Exclude pages without Permalink from sitemap 4867cd1d @Jaza
Add default user-agent header for getJSON requests 35def0ae @peacecwz
remove 1mb limit for readFile. ee9c1367 @avdva
Do not return errors in substr for out-of-bounds cases 8a26ab0b @moorereason #8113
Add missing test scenario for strings.Substr 788e50ad @moorereason
Regen CLI docs 9e99950c @bep
Regen docs helper 1b364b00 @bep
Run go mod tidy 88b93a09 @bep
Add arm64 to Darwinextended build and add vendorInfo 29fb456c @bep #8003
Update Travis, GitHub, CircleCI and Snap to Go 1.16 (only) 718fba7d @bep
Pull in latest Go 1.16 template source e77b2e3a @bep
Add breaking tests for "map read and map write in templates" b5485aea @bep #7293
Pull in latest Go template source ccb822eb @bep
Expand template newline testcase to commands 21e9eb18 @bep
Add a test case for Go 1.16 template action newlines ae57ba6a @bep
Update github.com/tdewolff/minify/v2 v2.6.2 => v2.9.13 66beac99 @bep #8258
bump github.com/frankban/quicktest from 1.11.2 to 1.11.3 968dd7a7 @dependabot[bot]
bump github.com/getkin/kin-openapi from 0.32.0 to 0.39.0 38f29e81 @dependabot[bot]
bump github.com/aws/aws-sdk-go from 1.36.33 to 1.37.11 cd87813a @dependabot[bot]
bump github.com/sanity-io/litter from 1.3.0 to 1.5.0 4e815b06 @dependabot[bot]
bump github.com/olekukonko/tablewriter from 0.0.4 to 0.0.5 652a59d3 @dependabot[bot]
Update to esbuild v0.8.46 84f0ec7f @bep
Add config option modules.vendorClosest bdfbcf6f @bep #8235#8242
bump google.golang.org/api from 0.26.0 to 0.40.0 a9b0fea6 @dependabot[bot]
Change version string format and add VendorInfo to help with issue triaging e8df0977 @anthonyfok
Allow absolute paths for any modules resolved via project replacement 3a5ee0d2 @bep #8240
Throw an error running hugo mod vendor on mountless module 4ffaeaf1 @bep
Add PowerShell completion support 5f621df2 @anthonyfok #8122
Refer to mage instead of make in comment regarding commitHash 7118f89c @anthonyfok
Add attributes support for blocks (tables etc.) 2681633d @bep #7548
Update to Goldmark v1.3.2 1b247282 @bep #8143
Update to Dart Sass Protocol beta6 441b11be @bep
Write to stdout by default d36fd5b3 @benmezger
Remove powershell support a7c515e1 @benmezger
Add zsh, fish and powershell completion support 216b00f3 @benmezger #4296
Enable NPM tests on Windows 14494379 @bep #8196
Update to esbuild v0.8.39 440fdb0e @bep #8189
Trim whitespace in elements written to hugo_stats.json b2a48dce @pmatiash #7958
bump github.com/aws/aws-sdk-go from 1.35.0 to 1.36.33 2f9dadae @dependabot[bot]
Remove mention of a file size limit for readFile ed3071b7 @avdva
Add Inject config option 32b86076 @bep #8164
Add Shims option e19a046c @bep #8165
bump github.com/spf13/afero from 1.4.1 to 1.5.1 07ad283f @eclipseo
Add external source map support to js.Build and Babel 2c8b5d91 @richtera #8132
Run go mod tidy 4d2b6fc4 @bep
Update go-org to v1.4.0 212e5e55 @niklasfasching
Adjust log level 4fdec67b @bep
Add temporary patch to fix template data race 9650e568 @bep #7293
Fix race condition in text template baseof 241b7483 @moorereason
Fix metrics hint tracking 0004a733 @moorereason #8125
Fix potential path issue on Windows b60e9279 @bep
Fix some humanize issues bf55afd7 @susiwen8 #7912
Fix handling of legacy attribute config e6dd3128 @bep #7548
Support translation files with suffix *.yml 92c6c404 @bep #8212
Fix nilpointer in js.Build error handling a1fe552f @bep #8162
Priority is a pure-Python implementation of the priority logic for HTTP/2, set
out in RFC 7540 Section 5.3 (Stream Priority). This logic allows for clients
to express a preference for how the server allocates its (limited) resources to
the many outstanding HTTP requests that may be running over a single HTTP/2
connection.
This release fixes these security issues from prior release.
* SQUID-2020:11 HTTP Request Smuggling
(CVE-2020-25097)
* SQUID-2021:1 Denial of Service in URN processing
(CVE-2021-28651)
* SQUID-2021:2 Denial of Service in HTTP Response Processing
(CVE-2021-28662)
* SQUID-2021:3 Denial of Service issue in Cache Manager
(CVE-2021-28652)
* SQUID-2021:4 Multiple issues in HTTP Range header
(CVE-2021-31806, CVE-2021-31807, CVE-2021-31808)
* SQUID-2021:5 Denial of Service in HTTP Response Processing
(CVE pending allocation)
Changes in squid-4.15 (10 May 2021):
- Bug 5112: Excessively loud chunked reply parsing error reporting
- Bug 5106: Broken cache manager URL parsing
- Bug 5104: Memory leak in RFC 2169 response parsing
- Bug 3556: "FD ... is not an open socket" for accept() problems
- Profiling: CPU timing implemented for MAC non-x86
- Fix HttpHeaderStats definition to include hoErrorDetail
- Fix Squid-to-client write_timeout triggers client_lifetime timeout
- Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs
- Handle more Range requests
- Handle more partial responses
- Stop processing a response if the Store entry is gone
- ... and some portability fixes
- ... and some documentation updates
9.0.1
Fixed issues with the packaging of the 9.0 release.
9.0
Note
Version 9.0 moves or deprecates several APIs.
Aliases provide backwards compatibility for all previously public APIs.
:class:`~datastructures.Headers` and :exc:`~datastructures.MultipleValuesError` were moved from websockets.http to :mod:`websockets.datastructures`. If you're using them, you should adjust the import path.
The client, server, protocol, and auth modules were moved from the websockets package to websockets.legacy sub-package, as part of an upcoming refactoring. Despite the name, they're still fully supported. The refactoring should be a transparent upgrade for most uses when it's available. The legacy implementation will be preserved according to the backwards-compatibility policy.
The framing, handshake, headers, http, and uri modules in the websockets package are deprecated. These modules provided low-level APIs for reuse by other WebSocket implementations, but that never happened. Keeping these APIs public makes it more difficult to improve websockets for no actual benefit.
Added compatibility with Python 3.9.
Added support for IRIs in addition to URIs.
Added close codes 1012, 1013, and 1014.
Raised an error when passing a :class:`dict` to :meth:`~legacy.protocol.WebSocketCommonProtocol.send`.
Fixed sending fragmented, compressed messages.
Fixed Host header sent when connecting to an IPv6 address.
Fixed creating a client or a server with an existing Unix socket.
Aligned maximum cookie size with popular web browsers.
Ensured cancellation always propagates, even on Python versions where :exc:`~asyncio.CancelledError` inherits :exc:`Exception`.
Improved error reporting.
7.2 (10 May 2021)
Allow the character field to work with custom country codes that are not 2 characters (such as "GB-WLS").
Fix compatibility with django-migrations-ignore-attrs library.
7.1 (17 March 2021)
Allow customising the str_attr of Country objects returned from a CountryField via a new countries_str_attr keyword argument (thanks C. Quentin).
Add pyuca as an extra dependency, so that it can be installed like pip install django-countries[pyuca].
Add Django 3.2 support.
7.0 (5 December 2020)
Add name_only as an option to the Django Rest Framework serializer field (thanks Miguel Marques).
Add in Python typing.
Add Python 3.9, Django 3.1, and Django Rest Framework 3.12 support.
Drop Python 3.5 support.
Improve IOC code functionality, allowing them to be overridden in COUNTRIES_OVERRIDE using the complex dictionary format.
6.1.3 (18 August 2020)
Update flag of Mauritania.
Add flag for Kosovo (under its temporary code of XK).
6.1.2 (26 March 2020)
Fix Python 3.5 syntax error (no f-strings just yet...).
6.1.1 (26 March 2020)
Change ISO country import so that "Falkland Islands [Malvinas]" => "Falkland Islands (Malvinas)".
6.1 (20 March 2020)
Add a GraphQL object type for a django Country object.
6.0 (28 February 2020)
Make DRF CountryField respect blank=False. This is a backwards incompatible change since blank input will now return a validation error (unless blank is explicitly set to True).
Fix COUNTRIES_OVERRIDE when using the complex dictionary format and a single name.
Add bandit to the test suite for basic security analysis.
Drop Python 2.7 and Python 3.4 support.
Add Rest Framework 3.10 and 3.11 to the test matrix, remove 3.8.
Fix a memory leak when using PyUCA. Thanks Meiyer (aka interDist)!
5.5 (11 September 2019)
Django 3.0 compatibility.
Plugin system for extending the Country object.
5.4 (11 August 2019)
Renamed Macedonia -> North Macedonia.
Fix an outlying makemigrations error.
Pulled in new translations which were provided but missing from previous version.
Fixed Simplified Chinese translation (needed to be locale/zh_Hans).
Introduce an optional complex format for COUNTRIES_ONLY and COUNTRIES_OVERRIDE to allow for multiple names for a country, a custom three character code, and a custom numeric country code.
5.3.3 (16 February 2019)
Add test coverage for Django Rest Framework 3.9.
5.3.2 (27 August 2018)
Tests for Django 2.1 and Django Rest Framework 3.8.
5.3.1 (12 June 2018)
Fix dumpdata and loaddata for CountryField(multiple=True).
5.3 (20 April 2018)
Iterating a Countries object now returns named tuples. This makes things nicer when using {% get_countries %} or using the country list elsewhere in your code.
While there, add the option to generate and include the documentation in the
package (disabled by default).
No PKGREVISION bump as the build simply broke with doxygen available, and the
new option is disabled by default.
Real changes are in www/ruby-actionpack61 only.
## Rails 6.1.3.2 (May 05, 2021) ##
* Prevent open redirects by correctly escaping the host allow list
CVE-2021-22903
* Prevent catastrophic backtracking during mime parsing
CVE-2021-22902
* Prevent regex DoS in HTTP token authentication
CVE-2021-22904
* Prevent string polymorphic route arguments.
`url_for` supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.
CVE-2021-22885
*Gannon McGibbon*
Real changes are in www/ruby-actionpack60 only.
## Rails 6.0.3.7 (May 05, 2021) ##
* Prevent catastrophic backtracking during mime parsing
CVE-2021-22902
* Prevent regex DoS in HTTP token authentication
CVE-2021-22904
* Prevent string polymorphic route arguments.
`url_for` supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.
CVE-2021-22885
*Gannon McGibbon*
0.17.0
Changed
- Require `HTTPX` 0.18.0 and implement the new transport API.
- Removed ASGI and WSGI transports from httpcore patch list.
- Don't pre-read mocked async resposne streams.
Fixed
- Fixed syntax highlighting in docs, thanks @florimondmanca.
- Type check `route.return_value`, thanks @tzing.
- Fixed a typo in the docs, thanks @lewoudar.
Added
- Added support for adding/removing patch targets.
- Added test session for python 3.10.
- Added RESPX Mock Swallowtail to README.
0.18.1 (29th April, 2021)
Changed
* Update brotli support to use the `brotlicffi` package
* Ensure that `Request(..., stream=...)` does not auto-generate any headers on the request instance.
Fixed
* Pass through `timeout=...` in top-level httpx.stream() function.
* Map httpcore transport close exceptions to httpx exceptions.
0.18.0 (27th April, 2021)
The 0.18.x release series formalises our low-level Transport API, introducing the base classes `httpx.BaseTransport` and `httpx.AsyncBaseTransport`.
See the "[Writing custom transports](https://www.python-httpx.org/advanced/#writing-custom-transports)" documentation and the [`httpx.BaseTransport.handle_request()`](397aad98fd/httpx/_transports/base.py (L77-L147)) docstring for more complete details on implementing custom transports.
Pull request 1522 includes a checklist of differences from the previous `httpcore` transport API, for developers implementing custom transports.
The following API changes have been issuing deprecation warnings since 0.17.0 onwards, and are now fully deprecated...
* You should now use httpx.codes consistently instead of httpx.StatusCodes.
* Use limits=... instead of pool_limits=....
* Use proxies={"http://": ...} instead of proxies={"http": ...} for scheme-specific mounting.
Changed
* Transport instances now inherit from `httpx.BaseTransport` or `httpx.AsyncBaseTransport`,
and should implement either the `handle_request` method or `handle_async_request` method.
* The `response.ext` property and `Response(ext=...)` argument are now named `extensions`.
* The recommendation to not use `data=<bytes|str|bytes (a)iterator>` in favour of `content=<bytes|str|bytes (a)iterator>` has now been escalated to a deprecation warning.
* Drop `Response(on_close=...)` from API, since it was a bit of leaking implementation detail.
* When using a client instance, cookies should always be set on the client, rather than on a per-request basis. We prefer enforcing a stricter API here because it provides clearer expectations around cookie persistence, particularly when redirects occur.
* The runtime exception `httpx.ResponseClosed` is now named `httpx.StreamClosed`.
* The `httpx.QueryParams` model now presents an immutable interface. There is a discussion on [the design and motivation here](https://github.com/encode/httpx/discussions/1599). Use `client.params = client.params.merge(...)` instead of `client.params.update(...)`. The basic query manipulation methods are `query.set(...)`, `query.add(...)`, and `query.remove()`.
Added
* The `Request` and `Response` classes can now be serialized using pickle.
* Handle `data={"key": [None|int|float|bool]}` cases.
* Support `httpx.URL(**kwargs)`, for example `httpx.URL(scheme="https", host="www.example.com", path="/')`, or `httpx.URL("https://www.example.com/", username="tom@gmail.com", password="123 456")`.
* Support `url.copy_with(params=...)`.
* Add `url.params` parameter, returning an immutable `QueryParams` instance.
* Support query manipulation methods on the URL class. These are `url.copy_set_param()`, `url.copy_add_param()`, `url.copy_remove_param()`, `url.copy_merge_params()`.
* The `httpx.URL` class now performs port normalization, so `:80` ports are stripped from `http` URLs and `:443` ports are stripped from `https` URLs.
* The `URL.host` property returns unicode strings for internationalized domain names. The `URL.raw_host` property returns byte strings with IDNA escaping applied.
Fixed
* Fix Content-Length for cases of `files=...` where unicode string is used as the file content.
* Fix some cases of merging relative URLs against `Client(base_url=...)`.
* The `request.content` attribute is now always available except for streaming content, which requires an explicit `.read()`.
0.13.3 (May 6th, 2021)
Added
- Support HTTP/2 prior knowledge, using `httpcore.SyncConnectionPool(http1=False)`.
Fixed
- Handle cases where environment does not provide `select.poll` support.
0.13.2 (April 29th, 2021)
Added
- Improve error message for specific case of `RemoteProtocolError` where server disconnects without sending a response.
0.13.1 (April 28th, 2021)
Fixed
- More resiliant testing for closed connections.
- Don't raise exceptions on ungraceful connection closes.
0.13.0 (April 21st, 2021)
The 0.13 release updates the core API in order to match the HTTPX Transport API,
introduced in HTTPX 0.18 onwards.
An example of making requests with the new interface is:
```python
with httpcore.SyncConnectionPool() as http:
status_code, headers, stream, extensions = http.handle_request(
method=b'GET',
url=(b'https', b'example.org', 443, b'/'),
headers=[(b'host', b'example.org'), (b'user-agent', b'httpcore')]
stream=httpcore.ByteStream(b''),
extensions={}
)
body = stream.read()
print(status_code, body)
```
Changed
- The `.request()` method is now `handle_request()`.
- The `.arequest()` method is now `.handle_async_request()`.
- The `headers` argument is no longer optional.
- The `stream` argument is no longer optional.
- The `ext` argument is now named `extensions`, and is no longer optional.
- The `"reason"` extension keyword is now named `"reason_phrase"`.
- The `"reason_phrase"` and `"http_version"` extensions now use byte strings for their values.
- The `httpcore.PlainByteStream()` class becomes `httpcore.ByteStream()`.
Added
- Streams now support a `.read()` interface.
Fixed
- Task cancelation no longer leaks connections from the connection pool.
1.5.0 - 2021-05-07
------------------
- Fix bug where a valid IRI is mishandled by ``urlparse`` and
``ParseResultBytes``.
- Add :meth:`~rfc3986.builder.URIBuilder.extend_path`,
:meth:`~rfc3986.builder.URIBuilder.extend_query_with`,
:meth:`~rfc3986.builder.URIBuilder.geturl` to
:class:`~rfc3986.builder.URIBuilder`.
2.2.0
=====
- Fixed compatibility with django-timezone-field>=4.1.0
- Fixed deprecation warnings: 'assertEquals' in tests.
- Fixed SolarSchedule event choices i18n support.
- Updated 'es' .po file metadata
- Update 'fr' .po file metadata
- New schema migrations for SolarSchedule events choices changes in models.
2.1.0
=====
- Fix string representation of CrontabSchedule, so it matches UNIX CRON expression format
- If no schedule is selected in PeriodicTask form, raise a non-field error instead of an error bounded to the `interval` field
- Fix some Spanish translations
- Log "Writing entries..." message as DEBUG instead of INFO
- Use CELERY_TIMEZONE setting as `CrontabSchedule.timezone` default instead of UTC
- Fix bug in ClockedSchedule that made the schedule stuck after a clocked task was executed. The `enabled` field of ClockedSchedule has been dropped
- Drop support for Python < 3.6
- Add support for Celery 5 and Django 3.1
2.0.0
=====
- Added support for Django 3.0
- Dropped support for Django < 2.2 and Python < 3.5
1.6.0
=====
- Fixed invalid long_description
- Exposed read-only field PeriodicTask.last_run_at in Django admin
- Added docker config to ease development
- Added validation schedule validation on save
- Added French translation
- Fixed case where last_run_at = None and CELERY_TIMEZONE != TIME_ZONE
1.5.0
=====
- Fixed delay returned when a task has a start_time in the future.
- PeriodicTaskAdmin: Declare some filtering, for usability
- fix _default_now is_aware bug
- Adds support for message headers for periodic tasks
- make last_run_at tz aware before passing to celery
4.1.2 (2021-03-17)
Avoid NonExistentTimeError during DST transition
4.1.1 (2020-11-28)
Don't import rest_framework from package root
4.1 (2020-11-28)
Add Django REST Framework serializer field
Add new choices_display kwarg with supported values WITH_GMT_OFFSET and STANDARD
Deprecate display_GMT_offset kwarg
4.0 (2019-12-03)
Add support for django 3.0, python 3.8
Drop support for django 1.11, 2.0, 2.1, python 2.7, 3.4
3.1 (2019-10-02)
Officially support django 2.2 (already worked)
Add option to display TZ offsets in form field
Changelog:
Version 78.10.1, first offered to ESR channel users on May 4, 2021
Fixed
* Resolved an issue caused by a recent Widevine plugin update which prevented
some purchased video content from playing correctly (bug 1705138)
* Security fix
Security fixes:
#CVE-2021-29951: Mozilla Maintenance Service could have been started or stopped
by domain users
Flask-Static-Digest is a Flask extension that will help make your
static files production ready with very minimal effort on your part.
It does this by md5 tagging and gzipping your static files after
running a `flask digest compile` command that this extension adds
to your Flask app.
Changelog:
Version 88.0.1, first offered to Release channel users on May 5, 2021
-------------------------------------------------------------------------------
Fixed
* Resolved an issue caused by a recent Widevine plugin update which prevented
some purchased video content from playing correctly (bug 1705138)
* Fixed corruption of videos playing on Twitter or WebRTC calls on some Gen6
Intel graphics chipsets (bug 1708937)
* Fixed menulists in Preferences being unreadable for users with High
Contrast Mode enabled (bug 1706496)
* Various stability and security fixes.
Security fixes:
#CVE-2021-29953: Universal Cross-Site Scripting
#CVE-2021-29952: Race condition in Web Render Components
warp-tls: HTTP over TLS support for Warp via the TLS package
SSLv1 and SSLv2 are obsoleted by IETF. We should use TLS 1.2 (or TLS
1.1 or TLS 1.0 if necessary). HTTP/2 can be negotiated by ALPN.
warp: A fast, light-weight web server for WAI applications.
HTTP/1.0, HTTP/1.1 and HTTP/2 are supported. For HTTP/2, Warp supports
direct and ALPN (in TLS) but not upgrade.
This library contains functions for encoding bytestring builders for
chunked HTTP/1.1 transfer.
This functionality was extracted from the blaze-builder package.
This package bundles the minified jQuery code into a Haskell package,
so it can be depended upon by Cabal packages. The first three
components of the version number match the upstream jQuery
version. The package is designed to meet the redistribution
requirements of downstream users (e.g. Debian).
This package bundles the minified Flot code (a jQuery plotting
library) into a Haskell package, so it can be depended upon by Cabal
packages. The first three components of the version number match the
upstream flot version. The package is designed to meet the
redistribution requirements of downstream users (e.g. Debian).
Django 3.2.1
CVE-2021-31542: Potential directory-traversal via uploaded files
MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names.
In order to mitigate this risk, stricter basename and path sanitation is now applied. Specifically, empty file names and paths with dot segments will be rejected.
Bugfixes
Corrected detection of GDAL 3.2 on Windows.
Fixed a bug in Django 3.2 where subclasses of BigAutoField and SmallAutoField were not allowed for the DEFAULT_AUTO_FIELD setting.
Fixed a regression in Django 3.2 that caused a crash of QuerySet.values()/values_list() after QuerySet.union(), intersection(), and difference() when it was ordered by an unannotated field.
Restored, following a regression in Django 3.2, displaying an exception message on the technical 404 debug page.
Fixed a bug in Django 3.2 where a system check would crash on a reverse one-to-one relationships in CheckConstraint.check or UniqueConstraint.condition.
Fixed a regression in Django 3.2 that caused a crash of ModelAdmin.search_fields when searching against phrases with unbalanced quotes.
Fixed a bug in Django 3.2 where variable lookup errors were logged rendering the sitemap template if alternates were not defined.
Fixed a regression in Django 3.2 that caused a crash when combining Q() objects which contains boolean expressions.
Fixed a regression in Django 3.2 that caused a crash of QuerySet.update() on a queryset ordered by inherited or joined fields on MySQL and MariaDB.
Fixed a regression in Django 3.2 that caused a crash when decoding a cookie value, used by django.contrib.messages.storage.cookie.CookieStorage, in the pre-Django 3.2 format.
Fixed a regression in Django 3.2 that stopped the shift-key modifier selecting multiple rows in the admin changelist.
Fixed a bug in Django 3.2 where a system check would crash on the STATICFILES_DIRS setting with a list of 2-tuples of (prefix, path).
Fixed a long standing bug involving queryset bitwise combination when used with subqueries that began manifesting in Django 3.2, due to a separate fix using Exists to exclude() multi-valued relationships.
Fixed a bug in Django 3.2 where variable lookup errors were logged when rendering some admin templates.
Fixed a bug in Django 3.2 where an admin changelist would crash when deleting objects filtered against multi-valued relationships. The admin changelist now uses Exists() instead QuerySet.distinct() because calling delete() after distinct() is not allowed in Django 3.2 to address a data loss possibility.
Fixed a regression in Django 3.2 where the calling process environment would not be passed to the dbshell command on PostgreSQL.
Fixed a performance regression in Django 3.2 when building complex filters with subqueries. As a side-effect the private API to check django.db.sql.query.Query equality is removed.
Django 3.2.0:
Automatic AppConfig discovery simplifies configuration of pluggable applications.
Customizing the type of auto-created primary keys begins a process of migrating to BigAutoField primary key fields by default.
Functional indexes can now be created on expressions and database functions.
Django 2.2.21 fixes a security issue in 2.2.20.
CVE-2021-31542: Potential directory-traversal via uploaded files
MultiPartParser, UploadedFile, and FieldFile allowed directory-traversal via uploaded files with suitably crafted file names.
In order to mitigate this risk, stricter basename and path sanitation is now applied. Specifically, empty file names and paths with dot segments will be rejected.
Django 2.2.20
CVE-2021-28658: Potential directory-traversal via uploaded files
MultiPartParser allowed directory-traversal via uploaded files with suitably crafted file names.
Built-in upload handlers were not affected by this vulnerability.
0.59.0
- Last main release to support Python 2
- Fix Python 2 urlparse scheme
- Add support for headers with multiple values
- Add debug support for reserved custom status codes
- Allow multiple Set-Cookie: headers
- Simplified cookie sorting
- Add no_proxy support
- Add Host header to HTTP proxy request
- Improve PEP8 style compliance
TUI for quickly searching crates.io
The searches return the same results as if you entered the search term
into the search bar on crates.io.
The results are returned in pages of 5 results each.
Sun 25 Apr 2021 14:00:00 MSK
Released GNU libmicrohttpd 0.9.73
This release brings new features, improvements, and a few fixes.
The most important addition is the new function for vector-backed
responses, based on the patch contributed by NASA engineers.
Other changes include compatibility with autoconf 2.70+, improved
testsuite compatibility with CI systems, fixed and improved MSVC
builds, and implemention of ALPN support.
More detailed list of notable changes:
API changes:
+ Added new function MHD_create_response_from_iovec(), based on the
patch provided by Lawrence Sebald and Damon N. Earp from NASA.
+ Added MHD_OPTION_SIGPIPE_HANDLED_BY_APP daemon option.
+ Added new function MHD_run_wait().
+ Added MHD_OPTION_TLS_NO_ALPN to disable usage of ALPN even if
it is supported by TLS library.
New features:
+ Added '--enable-heavy-tests' configure parameter (disabled by
default).
+ Implemented support for ALPN.
Improvements and enhancements:
* Return timeout of zero also for connections awaiting cleanup.
* Compatibility with autoconf >=2.70, used new autoconf features.
* Warn user when custom logger option is not the first option.
* Added information to the header about minimal MHD version when
particular symbols were introduced.
* Updated test certificates to be compatible with modern browsers.
* Added on-fly detection of UNIX domain sockets and pipes, MHD does
not try to use TCP/IP-specific socket options on them.
* Report more detailed error description in the MHD log for send
and receive errors.
* Enabled bind port autodetection for MSVC builds.
Fixes:
# Fix PostProcessor to always properly stop iteration when
application callback tells it to do so.
# Fixed MD5 digest authorization broken when compiled without
variable length arrays support (notably with MSVC).
# Fixed detection of type of send errors on W32.
-- Evgeny Grin (Karlson2k)
0.7.3
-----
prelude: >
Small release to remove support for older Python versions, and to do some
housekeeping on the project repository and contributor experience.
Changes include:
+ Moving CI from Travis to Github Actions
This decision was made following Travis CIs recent change in policies
around open source projects.
+ Moving to Github Actions gave us the ability to define slightly more
granular workflows, which give more insight into why tests failed and put
CI results directly in Github.
+ ``Tox`` as a single entrypoint for all main developer tasks, specifically
linting, testing and building docs.
+ Updated contribution guidelines
deprecations:
- |
This release drops support for Python versions 3.4 and 3.5. Support for
python 3.4 was dropped from Pip in July 2019, and support for 3.5 in
January of this year. According to `PyPI Stats
<https://pypistats.org/packages/flask-flatpages>`_. these versions
account for a handful of downloads a month. Version 0.7.2 has
identical funcitonality to this release and will still work for these
versons.
fixes:
- |
This release resolves issue `# 79
<https://github.com/Flask-Flatpages/Flask-Flatpages/issues/79>`_.
by correcting an inconsistent parameter name in the documentation.
- |
Building on the fix to Issue `# 77
<https://github.com/Flask-FlatPages/Flask-FlatPages/issues/77>`_, we
replace the custom compact module with ``six``.
Now it should be more obvious when a package needs it as a dependency,
as it will fail loudly if it isn't declared as a tool.
While here, some duplicate dependencies on itstool were removed from the
MATE packages
v0.6.0
======
Another major release version after v0.5.0 with a lot of breaking changes.
Application changes:
- Introducing Article View used to read a web page in reader mode directly in
the application:
- mercury-parser is required for the view to function
- a brief demo video about Article View:
https://www.youtube.com/watch?v=jIsKZwPi2T8
- Supporting fully customizable key bindings:
- users can now freely customize shortcuts by modifying the default config
file
- Change default key bindings:
- With fully customizable shortcuts, the default key mapping received major
changes to simplify its interfaces.
- For more details on the new shortcuts, press ? in each View to see the
new key mapping or read the default config file.
- Remove webbroswer package (originally used to open a link in browser with
cross-platform support)
- Now, to open an external link in the browser, users need to define
the url_open_command config option in the default config file.
Default to be xdg-open.
Codebase changes:
- implement new features (fully customizable key mapping, Article View)
- fix bugs, improve documentation and error handlers
v2.1.2
Fixed: Support Python 3.9's changed urllib.parse.urljoin() behavior.
< py3.9: furl('wss://slrp.com/').join('foo:1') -> 'wss://slrp.com/foo:1'
>= py3.9: furl('wss://slrp.com/').join('foo:1') -> 'foo:1'
Changed: Drop semicolon query delimiters. See
https://bugs.python.org/issue42967.
Changed: Drop support for EOL Python 3.4 and Python 3.5.
v2.1.1
Fixed: Export metadata variables (furl.__title__, furl.__version__, etc).
Added: scheme, host, netloc, and origin as parameters to furl.remove().
Changed: Homogenize parameter order across furl.add(), furl.set(), and
furl.remove().
Changed: furl.origin can be assigned None. This has the same behavior as
furl.remove(origin=True).
8.9.14 (2021-04-21)
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement:
* Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002
9.17 2021-04-12
- Deprecated ?format=* parameter in favor of ?_format=* for content negotiation in Mojolicious::Renderer.
9.16 2021-04-08
- Added support for format inheritance.
- Improved Mojo::Server::CGI with support for before_server_start hook.
9.15 2021-03-30
- Improved form generator in Mojo::UserAgent::Transactor to allow custom Content-Disposition headers.
9.14 2021-03-23
- Added EXPERIMENTAL support for :text pseudo-class to Mojo::DOM::CSS.
9.13 2021-03-22
- Improved request_id attribute in Mojo::Message::Request to be a little more unique.
- Fixed Mojolicious::Plugin::Mount to share the logger of the host application.
9.12 2021-03-21
- Improved mojo script startup time slightly with a Mojo::HelloWorld optimization.
- Improved design of built-in templates.
9.11 2021-03-20
- This release contains fixes for security issues, everybody should upgrade!
- Disabled format detection by default to fix vulnerabilities in many Mojolicious applications. That means some of
your routes that previously matched "/foo" and "/foo.json", will only match "/foo" after upgrading. From now on you
will have to explicitly declare the formats your routes are allowed to handle.
# /foo
# /foo.html
# /foo.json
$r->get('/foo')->to('bar#yada');
becomes
$r->get('/foo' => [format => ['html', 'json']])->to('bar#yada', format => undef);
And if you are certain that your application is not vulnerable, you also have the option to re-enable format
detection for a route and all its nested routes. Due to the high risk of vulnerabilities, this feature is going to
be removed again in a future release however.
my $active = $r->any([format => 1]);
$active->get('/foo')->to('Test#first');
$active->put('/bar')->to('Test#second');
- Improved built-in templates not to show embedded apps in the stash snapshot.
- Improved built-in development not found page to include tooltips with the compiled regular expressions for each
route.
- Improved Mojo::UserAgent to include "Content-Length: 0" with non-GET requests for better compatibility with broken
web servers.
9.10 2021-03-14
- Fixed top-level --help and -h options in Mojolicious::Commands.
9.09 2021-03-13
- Added comma_separated filter to Mojolicious::Validator.
- Fixed built-in templates to be a bit more responsive.
- Fixed filter list handling in Mojolicious::Validator::Validation.
9.08 2021-03-12
- Fixed a bug in Test::Mojo where Test::Mojo->new($app) would not work correctly.
9.07 2021-03-11
- Improved config override feature to work for Mojolicious::Lite applications.
- Improved Mojo::UserAgent performance slightly by not including unnecessary "Content-Length: 0" request headers.
9.03 2021-03-05
- Fixed a bug in Mojo::Transaction::WebSocket where finish event handlers would not always get the same number of
arguments passed.
9.02 2021-02-17
- Fixed finally method in Mojo::Promise to deal correctly with promises returned by the handler.
- Improved Mojo::Server::Daemon to include random ports in the "Web application available at ..." message.
9.01 2021-02-16
- Added EXPERIMENTAL color attribute to Mojo::Log.
- Added EXPERIMENTAL MOJO_LOG_COLOR environment variable to Mojo::Log.
- Fixed Windows support of network_contains function in Mojo::Util. (jberger)
9.0 2021-02-14
- Code name "Waffle", this is a major release.
- Added support for deployment specific plugins.
- Removed Mojo::IOLoop::Delay.
- Removed hidden attribute from Mojolicious::Routes.
- Removed hide and is_hidden methods from Mojolicious::Routes.
- Removed deprecated success method from Mojo::Transaction.
- Removed deprecated detour, over, route and via methods from Mojolicious::Routes::Route.
- Removed deprecated local_address method from Mojo::UserAgent.
- Removed deprecated tls_ciphers, tls_protocols, tls_verify and tls_version options from Mojo::IOLoop::TLS.
- Removed deprecated local_address option from Mojo::IOLoop::Client.
- Removed deprecated config stash value.
- Changed Mojo::Log to join mutiple log messages with a whitespace instead of a newline.
- Added is_reserved method to Mojolicious::Routes::Route.
- Improved Mojolicious::Routes to disallow the use of reserved stash values, such as "/:action", in route patterns.
- Improved Mojolicious::Routes to throw exceptions for missing controllers.
- Improved Mojolicious::Routes to throw exceptions for routes with controllers but without action.
- Improved Mojolicious::Routes to disallow namespace without controller for routing.
- Improved Mojolicious::Routes to die if auto rendering failed.
- Improved render method in Mojolicious::Controller to die if no response could be rendered.
- Improved reply->static helper to die if the requested file does not exist.
- Improved contextual logging feature in Mojo::Log not to concatenate log messages and context.
- Improved all_text method in Mojo::DOM to exclude "<script>" and "<style>" from text extraction in HTML documents.
- Improved error messages in config plugins to be more consistent.
8.73 2021-02-05
- Removed finally keyword from check function in Mojo::Exception.
- Changed arguments of check function in Mojo::Exception to be easier to use with Perl 5.34 try/catch.
- Removed experimental status from preload_namespaces attribute in Mojolicious.
- Removed experimental status from any, map, timer and timeout methods in Mojo::Promise.
- Removed experimental status from extname method in Mojo::File.
- Removed experimental status from warmup method in Mojolicious.
- Removed experimental status from load_classes function in Mojo::Loader.
- Removed experimental status from Mojo::DynamicMethods. Still summons old gods, use at your own risk!
- Removed experimental status from before_command hook in Mojolicious.
- Added silent attribute to Mojo::Server::Morbo.
8.72 2021-01-26
- Deprecated Mojo::UserAgent::local_address in favor of Mojo::UserAgent::socket_options.
- Deprecated local_address option of connect method in Mojo::IOLoop::Client in favor of socket_options.
- Deprecated tls_protocols option of connect method in Mojo::IOLoop::Client in favor of tls_options.
- Deprecated tls_verify option of connect method in Mojo::IOLoop::Client in favor of tls_options.
- Deprecated tls_protocols option of negotiate method in Mojo::IOLoop::TLS in favor of tls_options.
- Deprecated tls_ciphers option of negotiate method in Mojo::IOLoop::TLS in favor of tls_options.
- Deprecated tls_verify option of negotiate method in Mojo::IOLoop::TLS in favor of tls_options.
- Deprecated tls_version option of negotiate method in Mojo::IOLoop::TLS in favor of tls_options.
- Deprecated tls_ciphers option of listen method in Mojo::IOLoop::Server in favor of tls_options.
- Deprecated tls_verify option of listen method in Mojo::IOLoop::Server in favor of tls_options.
- Deprecated tls_version option of listen method in Mojo::IOLoop::Server in favor of tls_options.
- Added support for trusted reverse proxies. (jberger)
- Added network_contains function to Mojo::Util. (jberger)
- Added trusted_proxies attribute to Mojo::Server and Mojo::Message::Request. (jberger)
- Added socket_options method to Mojo::UserAgent.
- Added build_server method to Mojolicious::Command::daemon and Mojolicious::Command::prefork. (jberger)
- Added trusted_proxies option to Hynotoad. (jberger)
- Added socket_options and tls_options options to connect method in Mojo::IOLoop::Client.
- Added tls_options option to negotiate method in Mojo::IOLoop::TLS.
8.71 2021-01-17
- Added EXPERIMENTAL freeze option to reset method in Mojo::IOLoop.
- Improved Mojo::IOLoop::Subprocess not to close connections after fork.
8.70 2020-12-29
- Fixed top-level help command in Mojolicious::Commands. (schelcj)
8.69 2020-12-28
- Improved design of built-in templates.
8.68 2020-12-27
- Updated built-in templates with new responsive design from mojolicious.org.
- Fixed a bug in Mojo::Message::Request that resulted in duplicate request ids for Mojo::Server::Prefork workers.
8.67 2020-12-04
- Deprecated Mojolicious::Routes::Route::route in favor of Mojolicious::Routes::Route::any.
- Deprecated Mojolicious::Routes::Route::over in favor of Mojolicious::Routes::Route::requires.
- Deprecated Mojolicious::Routes::Route::via in favor of Mojolicious::Routes::Route::methods.
- Deprecated Mojolicious::Routes::Route::detour.
- Added methods and requires methods to Mojolicious::Routes::Route.
- Improved Mojolicious::Commands to throw an exception for invalid commands.
8.66 2020-11-28
- Deprecated logging to "log/$mode.log" (if a log directory exists) in Mojolicious. The default will simply be STDERR
in the future.
- Added support for preloading controllers and other classes during startup of Mojolicious applications.
- Added EXPERIMENTAL preload_namespaces attribute to Mojolicious.
- Added EXPERIMENTAL warmup method to Mojolicious.
- Added EXPERIMENTAL load_classes function to Mojo::Loader.
- Removed experimental status from humanize_bytes method in Mojo::ByteStream.
- Removed experimental status from humanize_bytes function in Mojo::Util.
- Improved find_modules function in Mojo::Loader with recursive option.
- Improved Mojo::DOM::CSS to throw exceptions for unknown CSS selectors.
- Fixed a bug in Mojolicious::Commands where help messages would not be displayed correctly for some commands.
(kiwiroy)
- Fixed a bug in Mojolicious::Routes::Pattern where type_start was treated as a regex. (Grinnz)
8.65 2020-11-10
- Added generate dockerfile command. (tianon)
- Improved cookbook with container deployment recipe.
- Improved security of secure_compare function in Mojo::Util. (robrwo)
- Fixed all generated code to consistently use a *::Sandbox class, instead of *::SandBox.
8.64 2020-11-01
- Replaced prettify.js with highlight.js. (zakame)
- Fixed a bug in Mojo::DOM where the tree root would be checked for all pseudo-classes.
- Fixed a redefined subroutine warning in eval command. (elmar)
8.63 2020-10-11
- Improved Mojo::IOLoop::Subprocess to ensure a clean exit even if something unexpected happens in the forked
process.
8.62 2020-10-10
- Improved commands to exit with a usage message on unknown options.
8.61 2020-10-01
- Fixed fork-safety feature in Mojo::UserAgent to work with more than one fork.
- Fixed reset method in Mojo::IOLoop to not interfere with close events anymore, since that resulted in leaks.
8.60 2020-09-27
- Improved reset method in Mojo::IOLoop to prevent close event to be emitted in affected streams. (kiwiroy)
- Improved cookbook with Envoy deployment recipe. (zakame)
6.53 2021-03-07 16:54:48Z
- Require HTTP::Daemon 6.12 for test (GH#374, GH#375) (fitzmorrispr, skaji)
6.52 2021-01-07 21:20:51Z
- Remove block of code which creates message-digest auth request field
(GH#369) (Olaf Alders)
6.51 2020-12-29 22:09:04Z
- Fix proxy test on Windows (GH#358) (Olaf Alders)
- Sort keys in Pod example of constructor defaults (GH#356) (Olaf Alders)
6.50 2020-12-16 18:35:08Z
- Fix RT #81381 - Make LWP::UserAgent robust to 5.17.6/5.18 hash
randomization (GH#355) (Yves Orton and Olaf Alders)
5.09 2021-03-03 15:16:47Z
- Update Business::ISBN version requirements (GH#85) (brian d foy and Olaf
Alders)
5.08 2021-02-28 18:08:32Z
- added URI::nntps (GH#82)
5.07 2021-01-29 22:52:20Z
- s/perl.com/example.com/ in examples and tests (GH#81) (Olaf Alders)
5.06 2021-01-14 16:01:13Z
- Tidy import statements (GH#80) (Olaf Alders)
5.05 2020-10-21 13:00:44Z
- Bump all versions to 5.05 in order to remove various version mismatches.
(GH #77) (Olaf Alders)
- Add a simple test case for an ipv6 host (GH#66) (Olaf Alders)
6.21 2021-03-18 21:56:42Z
- Accept PeerAddr of 0. (GH#72) (trwyant)
6.20 2021-01-08 16:22:23Z
- Replace last use of "vars" with "our" (GH#67) (James Raspass)
6.10 2020-12-17 15:42:06Z
- Fix#39 - prevent user env from breaking the test (GH#63) (Gianni
Ceccarelli)
- Include Net::SSLeay in reported prereqs (GH#60) (Olaf Alders)
- Use GitHub as a bug tracker (GH#59) (Olaf Alders)
Changes to GoAccess 1.4.6 - Sunday, February 28, 2021
- Added additional feed reader clients.
- Added additional browsers and bots to the main list.
- Added command line option '--unknowns-log' to log unknown browsers and
OSs.
- Added 'Referer' to the pre-defined 'Caddy JSON' log format.
- Added support for real-time piping as non-root user.
- Added the ability to Handle case when IPv4 is encoded as IPv6 in
GeoIP1/legacy.
- Ensure we capture linux (lowercase) when extracting an OS.
- Fixed a regression in parsing Google Cloud Storage or possibly other
non-JSON formats.
- Fixed inability to parse escaped formats.
- Fixed issue when using '%s' with 'strptime(3)' under musl libc. This
addresses mostly the Docker image.
- Fixed possible buffer over-read for certain log-format patterns.
- Fixed segfault when attempting to process a malformed JSON string.
- Fixed segfault when setting an empty log-format from the TUI dialog.
- Fixed sorting on hits and visitors when larger than INT_MAX.
- Updated CloudFront pre-defined log-format to reflect the latest fields.
- Updated 'Dockerfile' image to use 'alpine:3.13' instead of edge due to
compatibility issue with the GNU coreutils.
This release has a lot of changes compared to v0.4.0
Application changes
Major:
-add more StoryView support: All Stories, Show HN, Ask HN, Jobs
-add paging, filtering, sorting options for StoryView and SearchView
-allow multiple View to be stacked (can use <ctrl-p>/<alt-p> to go to the previous View)
Minor:
-add n, p shortcuts for CommentView
-modify footer button to include only [help] and [quit] option.
-add --example-config command line option to print an example configuration
-add config options for story_pooling
Codebase changes
-implementation for new application changes
-add cursive-aligned-view package to improve loading screen
Version 4000.3.16: release 2021-03-20
* Support GHC-9.0 (Oleg Genrus)
* Various dependency bumps (multiple people)
* Try all addresses returned by getAddrInfo (Fraser Tweedale)
0.7.8
* Include the original Request in the Response. Expose it via
getOriginalRequest.
0.7.7
* Allow secure cookies for localhost without HTTPS #460
0.7.6
* Add applyBearerAuth function #457
0.7.5
* Force closing connections in case of exceptions throwing #454.
0.7.4
* Depend on base64-bytestring instead of memory #453
0.7.3
* Added withSocket to Network.HTTP.Client.Connection.
0.7.2.1
* Fix bug in useProxySecureWithoutConnect.
0.7.2
* Add a new proxy mode, proxySecureWithoutConnect, for sending HTTPS
requests in plain text to a proxy without using the CONNECT method.
0.7.1
* Remove AI_ADDRCONFIG #400
0.7.0
* Remove Eq instances for Cookie, CookieJar, Response, Ord instance
for Cookie #435
0.6.4.1
* Win32 2.8 support #430
Two security issues affect WordPress versions between 4.7 and 5.7.
- thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8
- thanks Mikael Korpela for reporting a data exposure vulnerability within the latest posts block and REST API
3.0.2 (2021-04-07)
------------------
* Fixed a bug where ``send`` passed to applications wasn't a true async
function but a lambda wrapper, preventing it from being used with
``asgiref.sync.async_to_sync()``.
It's not safe to assume a dependency's BUILDLINK_ABI_DEPENDS value can
double for the API minimum, as the former can be disabled by users.
Noted by wiz@, thanks!
changes:
Resuming active maintenance.
Use curl to load feeds.
Store feed list as OPML.
Move configuration and cache to XDG dirs.
Support Atom feeds.
Support content:encoded tag in RSS feeds.
Display UTF8 text.
Redirect stderr to logfile.
Fix newsitem text scrolling.
Fix various build failures.
Add DESTDIR support.
Remove obsolete scripts.
2.2.0
Features
Adds support for errors.py to also use 'errors' for error_details (#1281) (a5d2081)
2.1.0
Features
add status_code property on http error handling (#1185) (db2a766)
Bug Fixes
Change default of static_discovery when discoveryServiceUrl set (#1261) (3b4f2e2)
correct api version in oauth-installed.md (#1258) (d1a255f)
fix .close() (#1231) (a9583f7)
Resolve issue where num_retries would have no effect (#1244) (c518472)
Documentation
Distinguish between public/private docs in 2.0 guide (#1226) (a6f1706)
Update README to promote cloud client libraries (#1252) (22807c9)
2.0.2
Bug Fixes
Include discovery artifacts in published package (#1221) (ad618d0)
2.0.1
Bug Fixes
add static discovery docs (#1216) (b5d33d6)
Documentation
add a link to the migration guide in the changelog (#1213) (b85da5b)
2.0.0
⚠ BREAKING CHANGES
deps: require 3.6+ (#961)
Features
Add support for using static discovery documents (#1109) (32d1c59)
Update synth.py to copy discovery files from discovery-artifact-manager (#1104) (af918e8)
Bug Fixes
Catch ECONNRESET and other errors more reliably (#1147) (ae9cd99)
deps: add upper-bound google-auth dependency (#1180) (c687f42)
handle error on service not enabled (#1117) (c691283)
Improve support for error_details (#1126) (e6a1da3)
MediaFileUpload error if file does not exist (#1127) (2c6d029)
replace deprecated socket.error with OSError (#1161) (b7b9986)
Use logging level info when file_cache is not available (#1125) (0b32e69)
Miscellaneous Chores
deps: require 3.6+ (#961) (8325d24)
Documentation
add networkconnectivity v1alpha1 (#1176) (91b61d3)
Delete redundant oauth-web.md (#1142) (70bc6c9)
fix MediaIoBaseUpload broken link (#1112) (334b6e6)
fix regression with incorrect args order in docs (#1141) (4249a7b)
fix typo in thread safety example code (#1100) (5ae088d)
Reduce noisy changes in docs regen (#1135) (b1b0c83)
update docs/dyn (#1096) (c2228be)
update guidance on service accounts (#1120) (b2ea122)
* Fix: CVE-2021-29434 - fix improper validation of URLs ('Cross-site Scripting') in rich text fields (Kevin Breen, Matt Westcott)
* Fix: Reverse migration errors in images and documents (Mike Brown)
* Fix: Avoid wagtailembeds migration failure on MySQL 8.0.13+ (Matt Westcott)
* Fix: Un-pin django-treebeard following upstream fix for migration issue (Matt Westcott)
* Fix: Prevent crash when copying an alias page (Karl Hobley)
* Fix: Prevent errors on page editing after changing LANGUAGE_CODE (Matt Westcott)
* Fix: Correctly handle model inheritance and `ClusterableModel` on `copy_for_translation` (Karl Hobley)
Badwolf 1.1.0 release!
======================
This release and it's timing means that the 1.0-branch is now only maintained
for security bugs.
Thanks to the translators for sending updates before the release.
It's also time for a status update blog post:
https://hacktivis.me/articles/BadWolf%2C%20two%20year%20later
Some stats:
$ cat *.c *.h *.sh | wc -l -m
lines characters
2011 70078
Additions
---------
- Bookmarks, they are at their early stage, for now it's only completion,
edition can be done with third-party programs (elinks, keditbookmarks, …).
Wayland users should also note the following issue:
https://gitlab.gnome.org/GNOME/gtk/-/issues/699
- Content-Filters are finally integrated which means that adblock extensions
aren't needed anymore, you only need to give a policy file
- New translation: de
- A context_id is now shown before the tab label
Changes
-------
- WebKit's Intelligent Tracking Protection is now enabled
- Default CFLAGS: Hardening flags have been added, this should improve security
on some distros
Fixes
-----
- There should be no more memory/object/processes leaks
- Crashes happening on the file save dialog should have been fixed
- Printing dialog now correctly is bound to the main window
Changelog:
New
* PDF forms now support JavaScript embedded in PDF files. Some PDF forms use
JavaScript for validation and other interactive features.
* Print updates: Margin units are now localized.
* Smooth pinch-zooming using a touchpad is now supported on Linux
* To protect against cross-site privacy leaks, Firefox now isolates
window.name data to the website that created it. Learn more
Fixed
* Screen readers no longer incorrectly read content that websites have
visually hidden, as in the case of articles in the Google Help panel.
* Various security fixes.
Changed
* Firefox will not prompt for access to your microphone or camera if you've
already granted access to the same device on the same site in the same tab
within the past 50 seconds. This new grace period reduces the number of
times you're prompted to grant device access.
* The "Take a Screenshot" feature was removed from the Page Actions menu in
the url bar. To take a screenshot, right-click to open the context menu.
You can also add a screenshots shortcut directly to your toolbar via the
Customize menu. Open the Firefox menu and select Customize...
* FTP support has been disabled, and its full removal is planned for an
upcoming release. Addressing this security risk reduces the likelihood of
an attack while also removing support for a non-encrypted protocol.
Security fixes:
#CVE-2021-23994: Out of bound write due to lazy initialization
#CVE-2021-23995: Use-after-free in Responsive Design Mode
#CVE-2021-23996: Content rendered outside of webpage viewport
#CVE-2021-23997: Use-after-free when freeing fonts from cache
#CVE-2021-23998: Secure Lock icon could have been spoofed
#CVE-2021-23999: Blob URLs may have been granted additional privileges
#CVE-2021-24000: requestPointerLock() could be applied to a tab different from
the visible tab
#CVE-2021-24001: Testing code could have enabled session history manipulations
by a compromised content process
#CVE-2021-24002: Arbitrary FTP command execution on FTP servers using an
encoded URL
#CVE-2021-29945: Incorrect size computation in WebAssembly JIT could lead to
null-reads
#CVE-2021-29944: HTML injection vulnerability in Firefox for Android's Reader
View
#CVE-2021-29946: Port blocking could be bypassed
#CVE-2021-29947: Memory safety bugs fixed in Firefox 88
=== RELEASE 2.22 ===
Sat Jan 23 18:11:41 CET 2021 mikulas:
Save and restore the terminal using xterm escape codes
Sat Nov 28 19:27:47 CET 2020 mikulas:
Save and restore the console using "cons.saver" from
Midnight Commander
Sat Nov 28 11:05:42 CET 2020 mikulas:
Support UTF-8 frames
Sun Nov 22 17:20:29 CET 2020 Emir Yasin SARI <bitigchi@me.com>:
Updated the Turkish translation
Sat Aug 22 10:05:27 CEST 2020 Ing. Daniel G. Gionco <dggionco@hotmail.com>:
Updated the Spanish translation
Wed Aug 12 20:04:38 CEST 2020 mikulas:
Fixed a bug in displaying non-printable characters
(reported by Jean-Philippe MENGUAL <jpmengual@debian.org>)
2019-12-22 1.8.5
-----------------
- Improve/tests for development
- Changed. Be more strict on Accept Turtle header
- Migrated documentation from epydoc to sphinx and readthedocs
2019-04-18 1.8.4
-----------------
- Added example
- hotfix: Added custom_fixers folder in MANIFEST, in order to be used in python3
2019-04-17 1.8.3
-----------------
- Include ChangeLog.txt in the distribution
- Removed import of SPARQLWrapper in setup.py
- Added support for querying RDF/XML in a CONSTRUCT query type
- Updated the procedure for determining the query type
- Do not send format parameter for the results ([format, output, results]) when the query is a SPARQL Update query
- Added test for new agrovoc SPARQL endpoint (using Fuseki2)
- Added test for 4store SPARQL endpoint (used by agroportal)
- Added/Updated tests
- Added examples
- Updated doc
- Fixed code generated for python3 using 2to3, adding a custom fixer
2018-05-26 1.8.2
-----------------
- Fixed bug
- Updated doc
- Added Unauthorized exception in SPARQLWrapperExceptions
- Added support for custom HTTP headers
- Changed timeout setting
2018-02-25 1.8.1
-----------------
- Update classifiers (Python 3.6)
- Added some documentation about the parameter to indicate the output format
- Fixed typo in width calculation
- Added support for CSV, TSV
- Added support for Only HTTP Content Negotiation
Changes with nginx 1.19.10
*) Change: the default value of the "keepalive_requests" directive was
changed to 1000.
*) Feature: the "keepalive_time" directive.
*) Feature: the $connection_time variable.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
1.2.8 (Apr. 12 2021)
feature: nchan_subscriber_info locations for receiving customizable info from
subscribers of a given channel.
fix: incorrect lgging of disconnected subscribers with 400 error instead of 499
(bug introduced in v1.2.7)
feature: add $nchan_channel_subscriber_last_seen, $nchan_channel_subscriber_count
and $nchan_channel_message_count variables
fix: GCC 10 compatibility
7.76.1
Bugfixes:
configure: disable min version set for Darwin
configure: include <time.h> unconditionally
configure: remove use of RETSIGTYPE
docs/HTTP3.md: update the build instruction using gnutls
examples/hiperfifo.c: check event_initialized before delete
file: support GETing directories again
github/workflow: add "security-extended" to codeql-analysis.yml
h2: allow 100 streams by default
hostip: fix builds that disable all asynchronous DNS
http_proxy: only loop on 407 + close if we have credentials
install: add instructions for Apple Darwin platforms
lib: remove unused HAVE_INET_NTOA_R* defines
libssh: get rid of PATH_MAX
ngtcp2+gnutls: clear credentials when freed
ngtcp2: Use ALPN h3-29 for now
ntlm: fix negotiated flags usage
ntlm: support version 2 on 32-bit platforms
openssl: fix CURLOPT_SSLCERT_BLOB without CURLOPT_SSLCERT_KEY
TLS: fix HTTP/2 selection
tool_progress: fix progress meter final update in parallel mode
typecheck-gcc: make the ssl-ctx-cb check use SSL_CTX pointers
Application changes:
-add story_pooling feature
-add page_scrolling feature
-add support for user's config
-fix the flickering issue with crossterm-backend using cursive_buffered_backend.
Codebase changes:
-implement new features listed above.
-add application command line arguments.
-add config.rs to handle application's configurations.
-clean up imports in prelude.rs
Version 2.4.3 (09 Apr 2021)
---------------------------
- Start testing with Django 3.2 on Python 3.9 (Michael K.)
- Teach pylint-django about all HTTP methods from the View class, not only
``get`` and ``post`` (Nicolás Quiroz)
- Typo fixes for
`<https://github.com/PyCQA/pylint-django/issues/314>`_ (John Sandall)
- Ignore ``unused-argument`` for ``*args``, ``**kwards`` in view method signatures
upstream changes:
----------------
7.5.3 (2021-04-07)
Features and enhancements
o Dashboard: Do not include default datasource when externally exporting dashboard with row. #32494, @kaydelaney
o Loki: Remove empty annotations tags. #32359, @conorevans
Bug fixes
o AdHocVariable: Add default data source to picker. #32470, @hugohaggmark
o Configuration: Prevent browser hanging / crashing with large number of org users. #32546, @jackw
o Elasticsearch: Fix bucket script variable duplication in UI. #32705, @Elfo404
o Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown. #32558, @aocenas
o FolderPicker: Prevent dropdown menu from disappearing off screen. #32603, @jackw
o SingleStat: Fix issue with panel links. #32721, @gjulianm
o Variables: Confirm selection before opening new picker. #32586, @hugohaggmark
o Variables: Confirm selection before opening new picker. #32503, @hugohaggmark
o Variables: Fix unsupported data format error for null values. #32480, @hugohaggmark
Real changes are in devel/devel/ruby-activestorage61 only.
## Rails 6.1.3.1 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
Real changes are in devel/ruby-activestorage60 only.
## Rails 6.0.3.6 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
Real changes are in devel/ruby-activestorage52 only.
## Rails 5.2.5 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
* The Poppler PDF previewer renders a preview image using the original
document's crop box rather than its media box, hiding print margins. This
matches the behavior of the MuPDF previewer.
*Vincent Robert*
Drupal 7.79, 2021-04-07
-----------------------
- Initial support for PHP 8
- Support for SameSite cookie attribute
- Avoid write for unchanged fields (opt-in)
0.4 - 2021-02-06
- Support multiple elliptic curves under OpenSSL 1.1.1+ (#150)
- Improve support for Lua 5.4 (not longer require bit library to be installed) (#180)
- Ignore delayed RST_STREAM frames in HTTP 2 (#145)
Version 2.5.1
-------------
Released 2021-03-18
- Fix compatibility with Python 2.7.
Version 2.5.0
-------------
Released 2021-03-18
- Update to support SQLAlchemy 1.4.
- SQLAlchemy ``URL`` objects are immutable. Some internal methods have
changed to return a new URL instead of ``None``. :issue:`885`
Version 3.3.0 (February 1st, 2021)
----------------------------------
**Backwards incompatible changes**
* clean escapes HTML comments even when strip_comments=False
**Security fixes**
* Fix bug 1621692 / GHSA-m6xf-fq7q-8743. See the advisory for details.
3.3.4 (2021-04-06)
------------------
* The async_to_sync type error is now a warning due the high false negative
rate when trying to detect coroutine-returning callables in Python.
3.3.3 (2021-04-06)
------------------
* The sync conversion functions now correctly detect functools.partial and other
wrappers around async functions on earlier Python releases.
2.12.2 (18.02.2021)
~~~~~~~~~~~~~~~~~~~
* Fix: Pin django-treebeard to <4.5 to prevent migration conflicts (Matt Westcott)
2.12.1 (16.02.2021)
~~~~~~~~~~~~~~~~~~~
* Fix: Ensure aliases are published when the source page is published (Karl Hobley)
* Fix: Make page privacy rules apply to aliases (Karl Hobley)
* Fix: Prevent error when saving embeds that do not include a thumbnail URL (Cynthia Kiser)
* Fix: Ensure that duplicate embed records are deleted when upgrading (Matt Westcott)
* Fix: Prevent failure when running `manage.py dumpdata` with no arguments (Matt Westcott)
2.12 (02.02.2021)
~~~~~~~~~~~~~~~~~
* Added a distinct 'choose' permission for images and documents (Robert Rollins)
* StreamField values can now be modified in-place (Matt Westcott)
* Added support for custom admin color themes (Joshua Marantz)
* Added support for Python 3.9
* Added `WAGTAILIMAGES_IMAGE_FORM_BASE` and `WAGTAILDOCS_DOCUMENT_FORM_BASE` settings to customise the forms for images and documents (Dan Braghis)
* Switch pagination icons to use SVG instead of icon fonts (Scott Cranfill)
* Added string representation to image Format class (Andreas Nüßlein)
* Support returning None from `register_page_action_menu_item` and `register_snippet_action_menu_item` to skip registering an item (Vadim Karpenko)
* Fields on a custom image model can now be defined as required / `blank=False` (Matt Westcott)
* Add combined index for Postgres search backend (Will Giddens)
* Add `Page.specific_deferred` property for accessing specific page instance without up-front database queries (Andy Babic)
* Add hash lookup to embeds to support URLs longer than 255 characters (Coen van der Kamp)
* Fix: Stop menu icon overlapping the breadcrumb on small viewport widths in page editor (Karran Besen)
* Fix: Make sure document chooser pagination preserves the selected collection when moving between pages (Alex Sa)
* Fix: Gracefully handle oEmbed endpoints returning non-JSON responses (Matt Westcott)
* Fix: Fix unique constraint on WorkflowState for SQL Server compatibility (David Beitey)
* Fix: Reinstate chevron on collection dropdown (Mike Brown)
* Fix: Prevent delete button showing on collection / workflow edit views when delete permission is absent (Helder Correia)
2.11.5 (18.02.2021)
~~~~~~~~~~~~~~~~~~~
* Fix: Pin django-treebeard to <4.5 to prevent migration conflicts (Matt Westcott)
2.11.4 (16.02.2021)
~~~~~~~~~~~~~~~~~~~
* Fix: Prevent delete button showing on collection / workflow edit views when delete permission is absent (Helder Correia)
* Fix: Ensure aliases are published when the source page is published (Karl Hobley)
* Fix: Make page privacy rules apply to aliases (Karl Hobley)
2.11.3 (10.12.2020)
~~~~~~~~~~~~~~~~~~~
* Fix: Updated project template migrations to ensure that initial homepage creation runs before addition of locale field (Dan Braghis)
* Fix: Restore ability to use translatable strings in `LANGUAGES` / `WAGTAIL_CONTENT_LANGUAGES` settings (Andreas Morgenstern)
* Fix: Allow `locale` / `translation_of` API filters to be used in combination with search (Matt Westcott)
* Fix: Prevent error on `create_log_entries_from_revisions` when checking publish state on a revision that cannot be restored (Kristin Riebe)
2.11.2 (17.11.2020)
~~~~~~~~~~~~~~~~~~~
* Add custom finder to support Instagram oEmbed API (Luis Nell)
* Add custom finder to support Facebook oEmbed API (Cynthia Kiser)
* Fix: Improve performance of permission check on translations for edit page (Karl Hobley)
* Fix: Gracefully handle missing Locale records on `Locale.get_active` and `.localized` (Matt Westcott)
* Fix: Handle `get_supported_language_variant` returning a language variant not in `LANGUAGES` (Matt Westcott)
* Fix: Reinstate missing icon on settings edit view (Jérôme Lebleu)
* Fix: Avoid performance and pagination logic issues with a large number of languages (Karl Hobley)
* Fix: Allow deleting the default locale (Matt Westcott)
2.11.1 (06.11.2020)
~~~~~~~~~~~~~~~~~~~
* Fix: Ensure that cached `wagtail_site_root_paths` structures from older Wagtail versions are invalidated (Sævar Öfjörð Magnússon)
* Fix: Avoid circular import between wagtail.admin.auth and custom user models (Matt Westcott)
* Fix: Prevent error on resolving page URLs when a locale outside of `WAGTAIL_CONTENT_LANGUAGES` is active (Matt Westcott)
2.11 LTS (02.11.2020)
~~~~~~~~~~~~~~~~~~~~~
* Add support for multi-lingual content (Karl Hobley)
* Add support for aliased pages (Karl Hobley)
* Add support for hierarchical/nested Collections (Robert Rollins)
* Extend treebeard's `fix_tree` method with the ability to non-destructively fix path issues and add a --full option to apply path fixes (Matt Westcott)
* Add `before_edit_snippet`, `before_create_snippet` and `before_delete_snippet` hooks and documentation (Karl Hobley. Sponsored by the Mozilla Foundation)
* Add `register_snippet_listing_buttons` and `construct_snippet_listing_buttons` hooks and documentation (Karl Hobley. Sponsored by the Mozilla Foundation)
* Add `wagtail --version` to available Wagtail CLI commands (Kalob Taulien)
* Add `hooks.register_temporarily` utility function for testing hooks (Karl Hobley. Sponsored by the Mozilla Foundation)
* Remove `unidecode` and use `anyascii` in for Unicode to ASCII conversion (Robbie Mackay)
* Add `render` helper to `RoutablePageMixin` to support serving template responses according to Wagtail conventions (Andy Babic)
* Specify minimum Python version in setup.py (Vince Salvino)
* Show user's full name in report views (Matt Westcott)
* Improve Wagtail admin page load performance by caching SVG icons sprite in localStorage (Coen van der Kamp)
* Support SVG icons in ModelAdmin menu items (Scott Cranfill)
* Support SVG icons in admin breadcrumbs (Coen van der Kamp)
* Serve PDFs inline in the browser (Matt Westcott)
* Make document `content-type` and `content-disposition` configurable via `WAGTAILDOCS_CONTENT_TYPES` and `WAGTAILDOCS_INLINE_CONTENT_TYPES` (Matt Westcott)
* Slug generation no longer removes stopwords (Andy Chosak, Scott Cranfill)
* Add check to disallow StreamField block names that do not match Python variable syntax (François Poulain)
* The `BASE_URL` setting is now converted to a string, if it isn't already, when constructing API URLs (thenewguy)
* Preview from 'pages awaiting moderation' now opens in a new window (Cynthia Kiser)
* Add document extension validation if `WAGTAIL_DOCS_EXTENSIONS` is set (Meghana Bhange)
* Use `django-admin` command in place of `django-admin.py` (minusf)
* Add `register_snippet_action_menu_item` and `construct_snippet_action_menu` hooks to modify the actions available when creating / editing a snippet (Karl Hobley)
* Moved `generate_signature` and `verify_signature` functions into `wagtail.images.utils` (Noah H)
* Implement `bulk_to_python` on all structural StreamField block types (Matt Westcott)
* Add natural key support to `GroupCollectionPermission` (Jim Jazwiecki)
* Implement `prepopulated_fields` for `wagtail.contrib.modeladmin` (David Bramwell)
* Change `classname` keyword argument on basic StreamField blocks to `form_classname` (Meghana Bhange)
* Replace page explorer pushPage/popPage with gotoPage for more flexible explorer navigation (Karl Hobley)
* Fix: Make page-level actions accessible to keyboard users in page listing tables (Jesse Menn)
* Fix: `WAGTAILFRONTENDCACHE_LANGUAGES` was being interpreted incorrectly. It now accepts a list of strings, as documented (Karl Hobley)
* Fix: Update oEmbed endpoints to use https where available (Matt Westcott)
* Fix: Revise `edit_handler` bind order in ModelAdmin views and fix duplicate form instance creation (Jérôme Lebleu)
* Fix: Properly distinguish child blocks when comparing revisions with nested StreamBlocks (Martin Mena)
* Fix: Correctly handle Turkish 'İ' characters in client-side slug generation (Matt Westcott)
* Fix: Page chooser widgets now reflect custom ``get_admin_display_title`` methods (Saptak Sengupta)
* Fix: `Page.copy()` now raises an error if the page being copied is unsaved (Anton Zhyltsou)
* Fix: `Page.copy()` now triggers a `page_published` if the copied page is live (Anton Zhyltsou)
* Fix: The Elasticsearch `URLS` setting can now take a string on its own instead of a list (Sævar Öfjörð Magnússon)
* Fix: Avoid retranslating month / weekday names that Django already provides (Matt Westcott)
* Fix: Fixed padding around checkbox and radio inputs (Cole Maclean)
* Fix: Fix spacing around the privacy indicator panel (Sævar Öfjörð Magnússon, Dan Braghis)
* Fix: Consistently redirect to admin home on permission denied (Matt Westcott, Anton Zhyltsou)
* Allow child form class to be overridden in the `formsets` Meta property of ClusterForm (Helder Correia)
* Add prefetch_related support to ParentalManyToManyField (Andy Chosak)
* Implement `copy_child_relation` and `copy_all_child_relations` methods on ClusterableModel (Karl Hobley)
* Fix: Fix behavior of ParentalKeys and prefetch_related() supplied with a lookup queryset (Juha Yrjölä)
20.1.0 - 2021-02-12
document WEB_CONCURRENCY is set by, at least, Heroku
capture peername from accept: Avoid calls to getpeername by capturing the peer name returned by accept
log a warning when a worker was terminated due to a signal
fix tornado usage with latest versions of Django
add support for python -m gunicorn
fix systemd socket activation example
allows to set wsgi application in configg file using wsgi_app
document --timeout = 0
always close a connection when the number of requests exceeds the max requests
Disable keepalive during graceful shutdown
kill tasks in the gthread workers during upgrade
fix latency in gevent worker when accepting new requests
fix file watcher: handle errors when new worker reboot and ensure the list of files is kept
document the default name and path of the configuration file
document how variable impact configuration
document the $PORT environment variable
added milliseconds option to request_time in access_log
added PIP requirements to be used for example
remove version from the Server header
fix sendfile: use socket.sendfile instead of os.sendfile
reloader: use absolute path to prevent empty to prevent0 InotifyError when a file is added to the working directory
Add –print-config option to print the resolved settings at startup.
remove the --log-dict-config CLI flag because it never had a working format (the logconfig_dict setting in configuration files continues to work)
** Breaking changes **
minimum version is Python 3.5
remove version from the Server header
** Others **
miscellaneous changes in the code base to be a better citizen with Python 3
remove dead code
fix documentation generation
2.4.0 (2021-02-06)
Added support for --session cookie expiration based on Set-Cookie: max-age=<n>.
Show a --check-status warning with --quiet as well, not only when the output is redirected.
Fixed upload with --session
Fixed a missing blank line between request and response
2.3.0 (2020-10-25)
Added support for streamed uploads
Added support for multipart upload streaming
Added support for body-from-file upload streaming (http pie.dev/post @file).
Added --chunked to enable chunked transfer encoding
Added --multipart to allow multipart/form-data encoding for non-file --form requests as well.
Added support for preserving field order in multipart requests
Added --boundary to allow a custom boundary string for multipart/form-data requests.
Added support for combining cookies specified on the CLI and in a session file
Added out of the box SOCKS support with no extra installation
Added --quiet, -q flag to enforce silent behaviour.
Fixed the handling of invalid expires dates in Set-Cookie headers
Removed Tox testing entirely
2.2.0 (2020-06-18)
Added support for custom content types for uploaded files
Added support for $XDG_CONFIG_HOME
Added support for Set-Cookie-triggered cookie expiration
Added --format-options to allow disabling sorting, etc.
Added --sorted and --unsorted shortcuts for (un)setting all sorting-related --format-options.
Added --ciphers to allow configuring OpenSSL ciphers
Added netrc support for auth plugins. Enabled for --auth-type=basic and digest, 3rd parties may opt in
Fixed built-in plugins-related circular imports
2.1.0 (2020-04-18)
Added --path-as-is to bypass dot segment (/../ or /./) URL squashing
Changed the default Accept header value for JSON requests from application/json, */* to application/json, */*;q=0.5 to clearly indicate preference
Fixed --form file upload mixed with redirected stdin error handling
2.0.0 (2020-01-12)
Removed Python 2.7 support (EOL Jan 2020).
Added --offline to allow building an HTTP request and printing it but not actually sending it over the network.
Replaced the old collect-all-then-process handling of HTTP communication with one-by-one processing of each HTTP request or response as they become available. This means that you can see headers immediately, see what is being sent even if the request fails, etc.
Removed automatic config file creation to avoid concurrency issues.
Removed the default 30-second connection --timeout limit.
Removed Python’s default limit of 100 response headers.
Added --max-headers to allow setting the max header limit.
Added --compress to allow request body compression.
Added --ignore-netrc to allow bypassing credentials from .netrc.
Added https alias command with https:// as the default scheme.
Added $ALL_PROXY documentation.
Added type annotations throughout the codebase.
Added tests/ to the PyPi package for the convenience of downstream package maintainers.
Fixed an error when stdin was a closed fd.
Improved --debug output formatting.
3.3.2 (2021-04-05)
------------------
* SyncToAsync now takes an optional "executor" argument if you want to supply
your own executor rather than using the built-in one.
* async_to_sync and sync_to_async now check their arguments are functions of
the correct type.
* Raising CancelledError inside a SyncToAsync function no longer stops a future
call from functioning.
* ThreadSensitive now provides context hooks/override options so it can be
made to be sensitive in a unit smaller than threads (e.g. per request)
What’s new in 7.5
Pie chart panel visualization (beta)
Alerting for Loki
Loki label browser
Changed default HTTP method for new Prometheus data sources
Word highlighting for Elasticsearch
Better format definition for trace data
Paste in SSL certs for Postgres data source
Deprecation notice for some Azure Monitor queries
Cloudwatch data source enhancements
Increased API limit for CloudMonitoring Services
Tempo as a backend data source
3.12.4
Revert use of deque instead of list for tracking throttling .history. (Due to incompatibility with DjangoRedis cache backend.
3.12.3
Properly handle ATOMIC_REQUESTS when multiple database configurations are used.
Bypass COUNT query when LimitOffsetPagination is configured but pagination params are not included on the request.
Respect allow_null=True on DecimalField.
Allow title cased "Yes"/"No" values with BooleanField.
Add PageNumberPagination.get_page_number() method for overriding behavior.
Fixed rendering of timedelta values in OpenAPI schemas, when present as default, min, or max fields.
Render JSONFields with indentation in browsable API forms.
Remove unnecessary database query in admin Token views.
Raise validation errors when bools are passed to PrimaryKeyRelatedField fields, instead of casting to ints.
Don't include model properties as automatically generated ordering fields with OrderingFilter.
Use deque instead of list for tracking throttling .history.
Changes with nginx 1.19.9 30 Mar 2021
*) Bugfix: nginx could not be built with the mail proxy module, but
without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
*) Bugfix: "upstream sent response body larger than indicated content
length" errors might occur when working with gRPC backends; the bug
had appeared in 1.19.1.
*) Bugfix: nginx might not close a connection till keepalive timeout
expiration if the connection was closed by the client while
discarding the request body.
*) Bugfix: nginx might not detect that a connection was already closed
by the client when waiting for auth_delay or limit_req delay, or when
working with backends.
*) Bugfix: in the eventport method.
Changes with nginx 1.19.8 09 Mar 2021
*) Feature: flags in the "proxy_cookie_flags" directive can now contain
variables.
*) Feature: the "proxy_protocol" parameter of the "listen" directive,
the "proxy_protocol" and "set_real_ip_from" directives in mail proxy.
*) Bugfix: HTTP/2 connections were immediately closed when using
"keepalive_timeout 0"; the bug had appeared in 1.19.7.
*) Bugfix: some errors were logged as unknown if nginx was built with
glibc 2.32.
*) Bugfix: in the eventport method.
Changes with nginx 1.19.7 16 Feb 2021
*) Change: connections handling in HTTP/2 has been changed to better
match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and
"http2_max_requests" directives have been removed, the
"keepalive_timeout" and "keepalive_requests" directives should be
used instead.
*) Change: the "http2_max_field_size" and "http2_max_header_size"
directives have been removed, the "large_client_header_buffers"
directive should be used instead.
*) Feature: now, if free worker connections are exhausted, nginx starts
closing not only keepalive connections, but also connections in
lingering close.
*) Bugfix: "zero size buf in output" alerts might appear in logs if an
upstream server returned an incorrect response during unbuffered
proxying; the bug had appeared in 1.19.1.
*) Bugfix: HEAD requests were handled incorrectly if the "return"
directive was used with the "image_filter" or "xslt_stylesheet"
directives.
*) Bugfix: in the "add_trailer" directive.
Changes:
7.76.0
======
This release includes the following changes:
o cookies: Support multiple -b parameters
o curl: add --fail-with-body
o doh: add options to disable ssl verification
o http: add support to read and store the referrer header
o sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
o vtls: initial implementation of rustls backend
This release includes the following bugfixes:
o CVE-2021-22876: strip credentials from the auto-referer header field
o CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid()
o asyn-ares: use consistent resolve error message
o BUG-BOUNTY: removed the cooperation mention
o build: delete unused feature guards
o build: fix --disable-dateparse
o build: fix --disable-http-auth
o build: remove all traces of USE_BLOCKING_SOCKETS
o c-hyper: Remove superfluous pointer check
o c-hyper: support automatic content-encoding
o CI/azure: disable test 433 on azure-ubuntu
o CI/azure: replace python-impacket with python3-impacket
o ci: stop building on freebsd-12-1
o cmake: fix import library name for non-MS compiler on Windows
o cmake: use CMAKE_INSTALL_INCLUDEDIR indirection
o cmake: support WinIDN
o config: fix building SMB with configure using Win32 Crypto
o config: fix detection of restricted Windows App environment
o configure: fail if --with-quiche is used and quiche isn't found
o configure: make AC_TRY_* into AC_*_IFELSE
o configure: make hyper opt-in, and fail if missing
o configure: only add OpenSSL paths if they are defined
o configure: provide Largefile feature for curl-config
o configure: remove use of deprecated macros
o configure: s/AC_HELP_STRING/AS_HELP_STRING
o cookies: Fix potential NULL pointer deref with PSL
o curl: set CURLOPT_NEW_FILE_PERMS if requested
o curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO
o curl_multibyte: always return a heap-allocated copy of string
o curl_multibyte: fall back to local code page stat/access on Windows
o Curl_timeleft: check both timeouts during connect
o curl_url_set.3: mention CURLU_PATH_AS_IS
o CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent
o docs/HTTP2: remove the outdated remark about multiplexing for the tool
o docs/Makefile.inc: format to be update-friendly
o docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions
o docs: add missing Arg tag to --stderr
o docs: Add SSL backend names to CURL_SSL_BACKEND
o docs: clarify timeouts for queued transfers in multi API
o docs: Explain DOH transfers inherit some SSL settings
o docs: fix FILE example url in --metalink documentation
o docs: make gen.pl support *italic* and **bold**
o doh: Fix sharing user's resolve list with DOH handles
o doh: Inherit CURLOPT_STDERR from user's easy handle
o dynbuf: bump the max HTTP request to 1MB
o examples: Remove threaded-shared-conn.c due to bug
o file: Support unicode urls on windows
o ftp: add 'list_only' to the transfer state struct
o ftp: add 'prefer_ascii' to the transfer state struct
o FTP: allow SIZE to fail when doing (resumed) upload
o ftp: avoid SIZE when asking for a TYPE A file
o ftp: fix Codacy/cppcheck warning about null pointer arithmetic
o ftp: fix memory leak in ftp_done
o ftp: never set data->set.ftp_append outside setopt
o gen.pl: quote "bare" minuses in the nroff curl.1
o github: add torture-ftp for FTP-only torture testing
o gnutls: assume nettle crypto support
o gskit: correct the gskit_send() prototype
o hostip: fix build with sync resolver
o hostip: fix crash in sync resolver builds that use DOH
o hsts: remove unused defines
o http2: don't set KEEP_SEND when there's no more data to be sent
o http2: fail if connection terminated without END_STREAM
o http: cap body data amount during send speed limiting
o http: do not add a referrer header with empty value
o http: make 416 not fail with resume + CURLOPT_FAILONERRROR
o http: remove superfluous NULL assign
o http: strip default port from URL sent to proxy
o http: use credentials from transfer, not connection
o ldap: use correct memory free function
o lib1536: check ptr against NULL before dereferencing it
o lib1537: check ptr against NULL before dereferencing it
o lib: remove 'conn->data' completely
o libssh2: kdb_callback: get the right struct pointer
o libssh2:ssh_connect: clear session pointer after free
o memdebug: close debug logfile explicitly on exit
o mingw: enable using strcasecmp()
o multi: close the connection when h2=>h1 downgrading
o multi: do once-per-transfer inits in before_perform in DID state
o multi: rename the multi transfer states
o multi: update pending list when removing handle
o ngtcp2: adapt to the new recv_datagram callback
o ngtcp2: clarify calculation precedence
o ngtcp2: Fix build error due to change in ngtcp2_addr_init
o ngtcp2: sync with recent API updates
o openldap: avoid NULL pointer dereferences
o openssl: adapt to v3's new const for a few API calls
o openssl: ensure to check SSL_CTX_set_alpn_protos return values
o openssl: remove get_ssl_version_txt in favor of SSL_get_version
o openssl: set the transfer pointer for logging early
o OS400: update for CURLOPT_AWS_SIGV4
o parse_proxy: fix a memory leak in the OOM path
o pathhelp.pm: fix use of pwd -L in Msys environment
o projects: Update VS projects for OpenSSL 1.1.x
o quiche: fix build error: use 'int' for port number
o quiche: fix crash when failing to connect
o retry-all-errors.d: Explain curl errors versus HTTP response errors
o retry.d: Clarify transient 5xx HTTP response codes
o runtests.pl: add %TESTNUMBER variable to make copying tests more convenient
o runtests.pl: add a -P option to specify an external proxy
o runtests.pl: kill processes locking test log files
o setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper
o test1188: change error to check for: --fail HTTP status
o test220/314: adjust to run with Hyper
o test304: header CRLF cleanup to work with Hyper
o test306: make it not run with Hyper
o tests: disable .curlrc in more environments
o tests: use %TESTNUMBER instead of fixed number
o tftp: remove the 3600 second default timeout
o time: enable 64-bit time_t in supported mingw environments
o tool_help: add missing argument for --create-file-mode
o tool_help: Increase space between option and description
o tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error
o travis: add a rustls build
o travis: bump wolfssl to 4.7.0
o travis: only build wolfssl when needed
o travis: split "torture" into a separate "events" build
o travis: switch ngtcp2 build over to quictls
o travis: use ubuntu nghttp2 package instead of build our own
o url.c: use consistent error message for failed resolve
o url: fix memory leak if OOM in the HSTS handling
o url: fix possible use-after-free in default protocol
o urldata: don't touch data->set.httpversion at run-time
o urldata: fix build without HTTP and MQTT
o urldata: make 'actions[]' use unsigned char instead of int
o urldata: merge "struct DynamicStatic" into "struct UrlState"
o urldata: remove the 'rtspversion' field
o urldata: remove the _ORIG suffix from string names
o version.d: Add missing features to the features list
o wolfssl: don't store a NULL sessionid
Changelog:
New
* You'll encounter less website breakage in Private Browsing and Strict
Enhanced Tracking Protection with SmartBlock, which provides stand-in
scripts so that websites load properly.
* To further protect your privacy, our new default HTTP Referrer policy will
trim path and query string information from referrer headers to prevent
sites from accidentally leaking sensitive user data.
* The "Highlight All" feature on Find in Page now displays tick marks
alongside your scrollbar that correspond to the location of matches found
on that page.
* We're proud to announce full support for macOS built-in screen reader,
VoiceOver.
* We've added a new locale: Silesian (szl)
Fixed
* We've fixed several significant accessibility issues:
+ Video controls now have visible focus styling and video and audio
controls are now keyboard navigable. (Bug 1681007)
+ HTML <meter> is now spoken by screen readers. (Bug 1460378)
+ Firefox now sets a useful initial focus in Add-ons Manager. (Bug 580537
)
+ Firefox will now fire a name/description change event when
aria-labelledby/describedby content changes. (Bug 493683)
* Various security fixes.
Changed
* To prevent user data loss when filling out forms, we've disabled the
Backspace key as a navigation shortcut for the back navigation button. To
re-enable the Backspace keyboard shortcut, you can change the about:config
preference browser.backspace_action to 0. You can also use the recommended
Alt + Left arrow (Command + Left arrow on Mac) shortcut instead.
Firefox keyboard shortcuts
* We've removed items from the Library menu that weren't used often or have
other access points in the browser: Synced tabs, Recent highlights, and
Pocket list.
* We've simplified the Help menu by reducing redundant items, such as those
that point to Firefox support pages that can also be accessed via the Get
Help item.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
87 Release Notes.
Developer
* Developer Information
* We've greatly simplified the Web Developer menu. Go to Application Menu >
Web Developer > Web Developer Tools to access Inspector, Web Console,
Debugger, Network Style Error, Performance, Storage Inspector,
Accessibility, and Application
* Developers can now use the Page Inspector to simulate prefers-color-scheme
media queries, without having to change the operating system to light or
dark mode.
* Developers can now use the Page Inspector to toggle the :target
pseudo-class for the currently selected element in addition to the
pseudo-classes that were previously supported: :hover, :active and :focus,
:focus-within, :focus-visible, and :visited.
* There is a number of Page Inspector improvements and bug fixes related to
inactive CSS rules:
+ The table-layout property is now marked as inactive for non-table
elements.
+ The scroll-padding properties (shorthand and longhand) are now marked
as inactive for non-scrollable elements.
+ The text-overflow property was previously incorrectly marked as
inactive for some overflow values.
Securiy fixes:
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an
out-of-bound read
#CVE-2021-23982: Internal network hosts could have been probed by a malicious
webpage
#CVE-2021-23983: Transitions for invalid ::marker properties resulted in memory
corruption
#CVE-2021-23984: Malicious extensions could have spoofed popup information
#CVE-2021-23985: Devtools remote debugging feature could have been enabled
without indication to the user
#CVE-2021-23986: A malicious extension could have performed credential-less
same origin policy violations
#CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
#CVE-2021-23988: Memory safety bugs fixed in Firefox 87
pkgsrc changes:
- Remove patch-Source_WTF_wtf_RAMSize.cpp: fallback method using sysconf(3) is
now used also on NetBSD
- patch-CMakeLists.txt migrated to Source/cmake/WebKitCommon.cmake: all
existent logic was migrated there
- Remove patch-Source_ThirdParty_ANGLE_adjust-angle-include-paths.sh: patched
file no longer present
- Add `-DENABLE_GAMEPAD=OFF' to disable gamepad support: needs libmanette not
yet packaged in pkgsrc
Changes:
2.32.0
======
- NPAPI plugins support have been removed.
- System font scaling factor is correctly applied now.
- New permission request API for MediaKeySystem access.
- New API to remove individual scripts/stylesheets using WebKitUserContentManager.
- Web inspector now shows detailed information about main loop frames.
- The minimum required GStreamer version is now 1.14.
- The GStreamer runtime is now initialized only when required.
- Improved platform support for WebAudio (WebAudio->MediaStream, Worklet, Multi-channel).
- Support for hardware-accelerated video rendering on i.MX8 platforms (using the NXP driver).
Updated in pkgsrc-wip by <cirnatdan> and me.
Changelog:
Security fixes:
#CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an
out-of-bound read
#CVE-2021-23982: Internal network hosts could have been probed by a malicious
webpage
#CVE-2021-23984: Malicious extensions could have spoofed popup information
#CVE-2021-23987: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
pkgsrc changes:
---------------
* Add a patch to use the same go binary as the one used to build grafana.
The build.go program initially ran go which could be linked to any
installed go binary managed by pkg_alternatives.
upstream changes:
-----------------
7.4.5 (2021-03-18)
Bug fixes
o Security: Fix API permissions issues related to team-sync CVE-2021-28146,
CVE-2021-28147. (Enterprise)
o Security: Usage insights requires signed in users CVE-2021-28148.
(Enterprise)
o Security: Do not allow editors to incorrectly bypass permissions on the
default data source. CVE-2021-27962. (Enterprise)
6.0.0 (2021-03-17)
No release note nor changelog. Here are quote from commit log.
* tests: force blocking I/O for Ruby 3.x
* http_request: drop unnecessary #clear call
* Allocate a new request for each client
* test/test_helper: only unlink redirected logs from parent
upstream changes:
-----------------
2021-03-01 Florian Schlichting <fsfs@debian.org>
* release davical 1.1.10
* Update carddav/2042-REPORT-addressbook-query together with df6ff3a in AWL
2021-03-01 Andrew Ruthven <puck@catalyst.net.nz>
* Add a regression test for new invalid user result from FreeBusy
* Return a nicer error message if no user is found for Free/Busy via email
2021-02-09 Florian Schlichting <fsfs@debian.org>
* Listing External Calendars is part of the Administration menu and should be restricted to admins
* tighten $c->list_everyone to look for DAV::read privilege and actually block access to principals and collections
2020-05-05 Klaus M Pfeiffer <kmp+gitlab@kmp.or.at>
* add feature list_everyone (fixes#59)
2021-02-08 Florian Schlichting <fsfs@debian.org>
* CI: run interop tests from carddavclient by Michael Stilkerich <ms@mike2k.de>
* Add tests for AWLs "Fix param-filter that checks if a parameter is defined"
* Add test for AWLs "Fix param-filter for multi-value parameters with TYPE=T1,T2 format" and update 2044 accordingly
* Add tests for AWLs "Fix GetProperties: Select properties with group prefix"
* Add tests for AWLs "Fix: GetProperties must treat property names as case-insensitive"
2021-02-07 Andrew Ruthven <puck@catalyst.net.nz>
* Only return the fields that we need for the test
2021-02-06 Andrew Ruthven <puck@catalyst.net.nz>
* CI: Compress the Apache log files
* CI: Ensure DAViCal can write to log files
* CI: Turn on debug logging for all the test runs
* Include the UID of the card which caused us to hit the RRULE limit
* Enable debug logging in CI
* Only return what we're testing, makes it easier to understand regressions
* Add test for anyof
2021-02-05 Florian Schlichting <fsfs@debian.org>
* CI: do not clobber apache logs
* update 2038-REPORT-addressbook-query after AWL's param-filter: fix a typo / explode multivalue commit
2021-02-04 Florian Schlichting <fsfs@debian.org>
* correct test results after AWL merges of mstilkerich/awl-fix_abookquery_paramnotdef and mstilkerich/awl-fix_support_anyof_propfilter
* add two more reports testing an allof prop-filter and an anyof text-match prop-filter
* cardquery: ensure restriction to target collection remains in force even when we find that we need a post_filter step and thus throw away the SQL
* add a REPORT for a property with multiple values, not all of which match the is-not-defined filter (carddavclient's ParamNotDefinedSome test)
* add 4 VCARDs from carddavclient AddressbookQueryTest
2021-02-04 Andrew Ruthven <puck@catalyst.net.nz>
* Correctly exclude cards where TYPE is not set on TEL records.
* Fix the test result and hopefully make the description clearer
* I always get whitespace changes
* Add a bit more info about various suites, and how to time timezone
2021-02-03 Florian Schlichting <fsfs@debian.org>
* fix PHP8 deprecation warnings: "Required parameter X follows optional parameter Y"
2021-01-31 Jan Hicken <jan.hicken@posteo.de>
* Add default value for errcontext variable in error handler function
* Use brackets instead of curly braces for string offset access
2021-02-03 Florian Schlichting <fsfs@debian.org>
* CI: add build_buster_latestphp
2021-02-02 Florian Schlichting <fsfs@debian.org>
* CI: build and test on Debian unstable, then several stable releases relevant to our users
* Normalize "100 Continue" headers
2021-01-24 Andrew Ruthven <andrew@etc.gen.nz>
* Test case for awl-fix_abookquery_negated_propnotdef
2021-02-01 Andrew Ruthven <puck@catalyst.net.nz>
* Test case for negated values in awl-fix_abookquery_paramtextmatch
2020-07-22 Piotr Filip <6465816-piotrfilip@users.noreply.gitlab.com>
* fix: events with recurrence rule are sometimes counted one too many times in freebusy
* test: remove dependency on the current date
2021-01-25 Andrew Ruthven <andrew@etc.gen.nz>
* Update test results with new timezone data
2021-01-24 Andrew Ruthven <andrew@etc.gen.nz>
* Ignore zones.h and zones.tab
* To start with there are no timezones in a fresh database
* Make the runs deterministic
* Fix up update-tzdata.sh so it'll run
* Test case for awl-fix_abookquery_negated_propnotdef
* Test case for awl-fix_abookquery_paramtextmatch
* Test case for awl-fix_abookquery_paramtextmatch
* Add help option for regression tests
* Update some more results based on current regression tests
2021-01-23 Andrew Ruthven <puck@catalyst.net.nz>
* Add test secondary (or more) properties
2020-04-14 Florian Schlichting <fsfs@debian.org>
* gitlab-ci: use latest Debian stable (fixes#221)
Release 4.5.1
Removed unnecessary default in MP's depth field.
Release 4.5
Add support for custom primary key fields with custom names.
Add support for Python 3.9.
Add support for MSSQL 2019.
Add Code of conduct
Removed outdated Sqlite workaround code
Remove last remains of Python 2.7 code
Use Pytest-django and fixtures for testing
hackernews_tui is a Terminal UI to browse Hacker News written in Rust.
The application mainly consists of the following views:
-Story View-Front Page displaying a list of stories in front page of Hacker News
-Comment View` displaying a list of comments in a story
-Story Search View displaying a search bar and a list of stories matching the
search query.
ChangeLog:
- change STAGIT_BASEURL to an -u option and also update the example script
- add $STAGIT_BASEURL environment variable to make Atom links absolute
- README: mention tags.xml feature
- micro-optimization: fputc (function) -> putc (macro/inline function)
- fix warning with libgit2 v0.99+, remain compatible with older versions
- add abbreviated commit hash to submodule file
- add meta viewport for scaling on mobile
- style.css: improve contrast
- use size_t to count lines
- avoid shadowed `name' global variable
- refs_cmp: remove unneeded cast
- use LEN() macros for arrays
1.26.4
* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy
during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``.
## [2.3]
### Added
- Added Gopher protocol support, see comment in rc.lua.
- Added two commands to clear website data (:clear-data, :clear-favicon-db).
- Added dark mode support setting `application.prefer_dark_mode`.
- The tabmenu plugin is now included in luakit (:tabmenu).
### Changed
- Removed debug symbol generation for default make.
- Changed the C standard from gnu99 to c11 because Webkit wants it.
- The proxy module remembers when no proxy or system proxy was used last.
- The proxy widget is hidden when proxy "None" is active.
### Fixed
- Fixed bounding box not spanning over whole element.
- Fixed an issue where styled hint labels caused intransparent bounding boxes.
- Fixed a race condition when a tab is closed on NetBSD.
- Do not execute "git ls-files" when luakit is not a git repository
### Update information
- The gopher module needs `luasocket` installed.
Highlights of this release:
- block editor changes
- WP Admin: a new color palette
- from HTTP to HTTPS in a single click
- new robots API
- ongoing cleanup after update to jQuery 3.5.1
- lazy-load your iframes # Lazy-load your iframes
More details here: https://wordpress.org/support/wordpress-version/version-5.7/
It turns out this new version of Gitea does need newer frontend files after
all. A copy has been uploaded to ftp.netbsd.org as documented.
Bumps PKGREVISION.
Changes in squid-4.14 (02 Feb 2021):
- Regression Fix: support for non-lowercase Transfer-Encoding value
- Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs
- Bug 5076: WCCP Security Info incorrect
- Bug 5073: Compile error: index was not declared in this scope
- Bug 5065: url_rewrite_program documentation update
- Bug 3074 pt2: improved handling of URI paths implicit '/'
- Fix transactions exceeding client_lifetime logged as _ABORTED
Changelog:
86.0.1
Firefox Release
March 11, 2021
Version 86.0.1, first offered to Release channel users on March 11, 2021
-------------------------------------------------------------------------------
#
Fixed
* Fixed an issue on Apple Silicon machines that caused Firefox to be
unresponsive after system sleep (bug 1682713)
* Fixed an issue causing windows to gain or lose focus unexpectedly (bug
1694927)
* Fixed truncation of date and time widgets due to incorrect width
calculation (bug 1695578)
* Fixed an issue causing unexpected behavior with extensions managing tab
groups (bug 1694699)
* Fixed a frequent Linux crash on browser launch (bug 1694670)
This includes the following security fixes; in 1.13.0:
* Add Allow-/Block-List for Migrate & Mirrors
* Prevent git operations for inactive users
* Disallow urlencoded new lines in git protocol paths if there is a port
* Mitigate Security vulnerability in the git hook feature
* Disable DSA ssh keys by default
* Set TLS minimum version to 1.2
* Use argon as default password hash algorithm
In 1.13.1:
* Hide private participation in Orgs
* Fix escaping issue in diff
In 1.13.2:
* Prevent panic on fuzzer provided string
* Add secure/httpOnly attributes to the lang cookie
In 1.13.3:
* Turn default hash password algorithm back to pbkdf2 from argon2 until we find a better one
In 1.13.4:
* Fix issue popups
4.1.0
Allow JWT type to be things besides refresh or access. Any type that is not refresh will be considered an access token. Thanks @sambonner for the PR!
Allow locations kwarg for jwt_required() to be a string
Minor documentation improvements
3.13 (2020-09-03)
-----------------
- Checked compatibility with Django 3.1.
- Apply crop/effect changes to existing images
- Encoding objects before hashing error
3.12 (2020-07-30)
-----------------
- Drop alpha channel only on jpeg save (contributed by drazen)
- Added zh_Hans translation (contributed by Lessica)
- improved Dutch translations (contributed by andreas.milants)
3.11 (2019-12-13)
-----------------
- Added support for Django 3.
- Dropped support for Python 2, python 3.4 and Django 2.1.
3.10 (2019-08-29)
-----------------
- Compatibility with Django 2.2.
3.9 (2019-04-21)
----------------
- Fixes when file doesn't exist in the file system but still is in S3.
- Doc tweaks - and added a page on how to actually use Photologue!
- Make setup compatible with latest version of pip.
- Checked compatibility with Django 2.1 and Python 3.7.
- Updated translations for Catalan and Basque.
- Missed a Django migration
- Test Tox; integrate with Travis and Coveralls.
- Removed old code (old-style demo templates that have been deprecated since 2014).
- Removed old code (old views that have been deprecated since 2014).
- Removed all references to PIL (which hasn't been updated since 2009). I think that by now
there are no servers left anywhere in the world that still use it :-)
3.0.2
-----
* Restored `admin/js/jquery.init.js`
3.0.1
-----
* Added all locales to distributable
* Added missing files to MANIFEST.in, and removed .DS_Store files
* Added German and Spanish translations
* Removed `admin/js/jquery.init.js` from `SortedCheckboxSelectMultiple`
3.0.0
-----
* Dropped support for Django 2.0
* Dropped support for Django 1.10
* Add support for Python 3.8
* Add support for Django 3.0
2.0.0
-----
* Updated README with Jazzband details, and added CONTRIBUTING.md
* Dropped support for Python 2.6 and 3.3, and Django < 1.11
* Added support for Python 3.7 and Django 2.0 to 2.2
* Add support of custom through models (only for Django >= 2.2)
* Added coverage reporting
A data hoarders dream come true: bundle any web page into a single HTML file.
You can finally replace that gazillion of open tabs with a gazillion of .html
files stored somewhere on your precious little drive.
Unlike the conventional Save page as, monolith not only saves the target
document, it embeds CSS, image, and JavaScript assets, producing a single HTML5
document that is a joy to store and share.
If compared to saving websites with wget -mpk, this tool embeds all assets as
data URLs and therefore lets browsers render the saved page exactly the way it
was on the Internet, even when no network connection is available.
Version 0.7.5
* Fix handling of slices containing function call, variable name and attribute
lookup AST nodes in Python 3.9 in template scripts (template expressions
already correctly handled these cases). Thank you to Roger Leigh for
finding this issue and contributing the fix for it.
* C speedup module now available for Python >= 3.3. Support was added for
PEP 393 (flexible string representation). Thank you to Inada Naoki for
contributing this major enhancement.
* Remove the custom 2to3 fixers (no longer used since the removal of 2to3
in 0.7.4).
Version 0.7.4
* Add support for deprecation of ast classes slice, Index and ExtSlice in
Python 3.9. See https://bugs.python.org/issue34822 for details of the
changes.
* Update the project URL in setup.py to point to GitHub.
* Remove use of 2to3 for generating Python 3 compatible code.
Version 2.4.0 (2020-9-27)
--------------------------
* SECURITY: Added a ``MaxValueValidator`` to the form field for
``NumberFilter``. This prevents a potential DoS attack if numbers with very
large exponents were subsequently converted to integers.
The default limit value for the validator is ``1e50``.
The new ``NumberFilter.get_max_validator()`` allows customising the used
validator, and may return ``None`` to disable the validation entirely.
* Added testing against Django 3.1 and Python 3.9.
In addition tests against Django main development branch are now required to
pass.
Version 2.3.0 (2020-6-5)
------------------------
* Fixed import of FieldDoesNotExist.
* Added testing against Django 3.0.
* Declared support for, and added testing against, Python 3.8.
* Fix filterset multiple inheritance bug
* Allowed customising default lookup expression.
* Drop Django 2.1 and below
* Fixed IsoDateTimeRangeFieldTests for Django 3.1
* Require tests to pass against Django `master`.
0.7.0:
Added
- Added possibility to set a title of filter
Fix
- Avoided leading ?& GET parameters
Changed
- Changed title of filter from `By {field_name}` to `{field_name}`
Upstream changes:
Moodle 3.10.2 release notes
Releases > Moodle 3.10.2 release notes
Release date: 8 March 2021
Here is the full list of fixed issues in 3.10.2.
Contents
1 General fixes and improvements
2 Accessibility improvements
3 Security fixes
4 See also
General fixes and improvements
MDL-67959 - The default group icon should not be displayed when there is no group picture
MDL-67515 - Uninstalled plugin breaks the custom lang tool if it had some strings customised
MDL-66979 - Switch all the Behat testing to the new W3C drivers
MDL-70535 - VideoJS language doesn't fallback to en
MDL-68970 - Pages during a quiz attempt should not be cached, so forwards/back do not lead to errors
MDL-57020 - Unable to delete scales which are no longer used
MDL-70268 - Dropbox repository requires log on to work - which fails
MDL-46256 - count_words returns too few words when dealing with html tags
MDL-70048 - Dropbox Search API: /files/search is being retired in favor of /files/search_v2
MDL-69867 - Marking workflow display wrong current grade if using scales
MDL-70736 - Unable to load Marking Guide Templates
MDL-70796 - Moodle word count does not match other software
MDL-69101 - Essay question: "Accepted file types" and other new fields are not supported in Moodle XML file
MDL-70377 - When reviewing an attempt as a teacher $string['saved'] {$a} not replaced
MDL-43697 - Archived badges are restored during course restore
MDL-70676 - Workshop assessment aspect with no grade is unusable
MDL-70631 - Poor performance of zip_packer::extract_to_pathname()
MDL-70648 - Editing a calendar event of type category and removing the category results in an error
MDL-68958 - Undefined variable: href when creating IMSCP
MDL-70339 - Activity chooser does not honour external tool icons
MDL-56772 - File picker:Right align table column headers, in RTL mode (theme:boost)
MDL-70513 - Quiz manual grading page should warn if you try to leave with unsaved data
MDL-70705 - Multilang Filters not applied to Recent blog entries block Blog entry titles
MDL-70552 - Notification of submissions are not sent for anonymous feedback
MDL-70574 - Cloze multianswer question leaks percentage if with decimal
MDL-66932 - Grade percentage display in Gradebook should be LTR, in RTL mode
MDL-70585 - Downloaded course content unbrowseable for some activity names
MDL-70912 - Cannot access H5P content bank popup in Atto editor within mod_data textarea
MDL-70264 - badges/oauth2callback.php should be removed and replaced by admin/oauth2callback.php
MDL-67974 - Badge expiry error and missing expired stamp
MDL-67494 - Course/activity calendar events are deleted when the teacher who created them requests their data to be deleted
MDL-70995 - Group names not formatted in course participants filter
MDL-69883 - Unable to scroll beyond 50 conversations in Messages tool
MDL-69097 - Language filters aren't correctly applied in "Whole forum grading"
Accessibility improvements
MDL-70169 - Login page accessibility issues
MDL-70288 - Checkbox and advanced checkbox elements can have duplicate labels
MDL-70173 - Dashboard accessibility issues
MDL-65390 - Accessibility #11 Content appears above “show more” button
MDL-59782 - Question bank highlight of last added question is wrong in boost
MDL-70172 - Site home page accessibility issues
Security fixes
Details of any security issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version.
Upstream changes:
0.300005 2021-01-26 15:57:41-05:00 America/New_York
[ BUG FIXES ]
* GH #1546: Add MIME type for all files served from public (Russell
@veryrusty Jenkins)
* GH #1555: Remove all leftovers of warnings config setting (Sergiy
Borodych)
* GH #1557: Remove HTTP::XSCookies workaround (Alexander Pankoff)
* GH #1564: Add script_name to redirects beginning with / (Nigel Gregoire)
* GH #1567: Fix CSS so errors do not display ourside of <pre> HTML
element (Elliot Holden)
* GH #1568: Serializer::Mutable doesn't auto-load other serializers
(Russell @veryrusty Jenkins)
* GH #1579: Fix missing push_header method in Response::Delayed
(Paul Clements)
[ ENHANCEMENTS ]
* GH #1552: Update jQuery (Sergiy Borodych)
* GH #1558: Test to make sure uploads aren't discarded after the
forward keyword is used (Alexander Pankoff)
* GH #1571: Add GitHub Actions support (Gabor Szabo)
* GH #1572: Install Dancer2::Session::Cookie in order to run the test
t/issues/gh-811.t (racke)
[ DOCUMENTATION ]
* GH #1490: Document Dancer2::Core::App->template() (Steve Dondley)
* GH #1551: Fix pod for cookie same site attribute (Sergiy Borodych)
* GH #1562: Fix links, missing code in Tutorial (cloveistaken)
Upstream changes:
6.10 2021-01-04 22:03:43Z
- Do not set discard if max-age is set (GH#61) (robnagler, simbabque)
- Add tests for #61 - do not set discard if max-age is set (GH#65) (Julien Fiegehenn)
6.09 2020-11-19 22:20:47Z
- Allow HttpOnly cookies to be loaded by HTTP::Cookies::Netscape (GH#63)
(Charlie Hothersall-Thomas)
Version 1.10.0
--------------
- **Important**: The way caching backends are loaded have been refactored.
Instead of passing the name of the initialization function one can now use
the full path to the caching backend class.
For example:
``CACHE_TYPE="flask_caching.backends.SimpleCache"``.
In the next major release (2.0), this will be the only supported way.
- UWSGICache is not officially supported anymore and moved to the user
contributed backends.
- Switch from Travis-CI to GitHub Actions
- Fix add() in RedisCache without a timeout.
- Fix error in how the FileSystemCache counts the number of files.
- Type Annotations have been added.
- Add some basic logging to SimpleCache and FileSystemCache for better
observability.
- Add option in memoize to ignore args
- Stop marking wheels as Python 2 compatible.
- Fix ``default_timeout`` not being properly passed to its super constructor.
- Fix ``kwargs`` not being passed on in function ``_memoize_make_cache_key``.
- Add a Redis Cluster Mode caching backend.
- Do not let PIP install this package on unsupported Python Versions.
- Fix uWSGI initialization by checking if uWSGI has the 'cache2' option
enabled.
- Documentation updates and fixes.
4.0.2:
Properly include requirements.txt in the manifest.
4.0.1:
No changes from 4.0.0, this release is purely to fix some github actions and documentation builds
4.0.0:
This release contains many months of work and lots of breaking changes. For full details, please see: https://flask-jwt-extended.readthedocs.io/en/stable/v4_upgrade_guide/
3.25.1:
The only change it this release is that we are setting the metadata that marks this as the last release to support python versions earlier then 3.6 (including python 2).
3.25.0:
Add JWT_ENCODE_ISSUER option
Require PyJWT before version 2.0.0a to prevent breaking changes. (we will update to the 2.0.0 pyjwt release once it's out of the alpha/early release).
www/php-apcu: update to 5.1.20
5.1.20 (2021-03-04)
- Fix deadlocks when other apcu_* functions are used inside apcu_entry(). It
should now be safe to use any functions inside the apcu_entry() callback.
- Fix division by zero exception in apc.php.
- Fix handling of references in PHP 8 if "default" serializer is used (which
is not the default).
- Fix string reuse handling if "default" serializer is used (which is not
the default).
- Check for failures when acquiring read locks to report problems earlier
(write locks were already checked previously).
- Adjust tests for current PHP 8.1 development branch.
- Remove *_api.h headers. Use apc_cache.h instead of apc_cache_api.h etc.
