2.5.1 (2023-12-19)
- Version 2.5 was never released on PyPi due to a pyproject.toml
misconfiguration.
2.5 (2023-11-28)
- Confirmed support for Python 3.12 and Django 5.0.
- Replaced deprecated pkg_resources usage by importlib.metadata.
- Applied PEP 621 (replaced setup.py with pyproject.toml).
- Removed Python 3.7 support.
- Updated translations (Galician, Portuguese, Slovenian, Serbian).
2.1.2 (2023-08-03)
------------------
- Fix test failures on Python 3.11.4+
- Fix an incorrect type hint
- Add project URLs to setup.py
2.1.1 (2022-12-09)
------------------
- :func:`~w3lib.url.safe_url_string`, :func:`~w3lib.url.safe_download_url`
and :func:`~w3lib.url.canonicalize_url` now strip whitespace and control
characters urls according to the URL living standard.
2.1.0 (2022-11-28)
------------------
- Dropped Python 3.6 support, and made Python 3.11 support official.
- :func:`~w3lib.url.safe_url_string` now generates safer URLs.
To make URLs safer for the `URL living standard`_:
.. _URL living standard: https://url.spec.whatwg.org/
- ``;=`` are percent-encoded in the URL username.
- ``;:=`` are percent-encoded in the URL password.
- ``'`` is percent-encoded in the URL query if the URL scheme is `special
<https://url.spec.whatwg.org/#special-scheme>`__.
To make URLs safer for `RFC 2396`_ and `RFC 3986`_, ``|[]`` are
percent-encoded in URL paths, queries, and fragments.
.. _RFC 2396: https://www.ietf.org/rfc/rfc2396.txt
.. _RFC 3986: https://www.ietf.org/rfc/rfc3986.txt
- :func:`~w3lib.encoding.html_to_unicode` now checks for the `byte order
mark`_ before inspecting the ``Content-Type`` header when determining the
content encoding, in line with the `URL living standard`_.
.. _byte order mark: https://en.wikipedia.org/wiki/Byte_order_mark
- :func:`~w3lib.url.canonicalize_url` now strips spaces from the input URL,
to be more in line with the `URL living standard`_.
- :func:`~w3lib.html.get_base_url` now ignores HTML comments.
- Fixed :func:`~w3lib.url.safe_url_string` re-encoding percent signs on
the URL username and password even when they were being used as part of an
escape sequence.
- Fixed :func:`~w3lib.http.basic_auth_header` using the wrong flavor of
base64 encoding, which could prevent authentication in rare cases.
- Fixed :func:`~w3lib.html.replace_entities` raising :exc:`OverflowError` in
some cases due to `a bug in CPython
<https://github.com/python/cpython/issues/76763>`__.
- Improved typing and fixed typing issues.
- Made CI and test improvements.
- Adopted a Code of Conduct.
2.0.1 (2022-08-11)
------------------
Minor documentation fix (release date is set in the changelog).
2.0.0 (2022-08-11)
------------------
Backwards incompatible changes:
- Python 2 is no longer supported; Python 3.6+ is required now
- :func:`w3lib.url.safe_url_string` and :func:`w3lib.url.canonicalize_url`
no longer convert "%23" to "#" when it appears in the URL path. This is a bug
fix. It's listed as a backward-incomatible change because in some cases the
output of :func:`w3lib.url.canonicalize_url` is going to change, and so, if
this output is used to generate URL fingerprints, new fingerprints might be
incompatible with those created with the previous w3lib versions
Deprecation removals
- The ``w3lib.form`` module is removed.
- The ``w3lib.html.remove_entities`` function is removed.
- The ``w3lib.url.urljoin_rfc`` function is removed.
The following functions are deprecated, and will be removed in future releases:
- ``w3lib.util.str_to_unicode``
- ``w3lib.util.unicode_to_str``
- ``w3lib.util.to_native_str``
Other improvements and bug fixes:
- Type annotations are added
- Added support for Python 3.9 and 3.10
- Fixed :func:`w3lib.html.get_meta_refresh` for ``<meta>`` tags where
``http-equiv`` is written after ``content``
- Fixed :func:`w3lib.url.safe_url_string` for IDNA domains with ports
- :func:`w3lib.url.url_query_cleaner` no longer adds an unneeded ``#`` when
``keep_fragments=True`` is passed, and the URL doesn't have a fragment
- Removed a workaround for an ancient pathname2url bug
- CI is migrated to GitHub Actions
- The code is formatted using black
1.22.0 (2020-05-13)
-------------------
- Python 3.4 is no longer supported
- :func:`w3lib.url.safe_url_string` now supports an optional ``quote_path``
parameter to disable the percent-encoding of the URL path
- :func:`w3lib.url.add_or_replace_parameter` and
:func:`w3lib.url.add_or_replace_parameters` no longer remove duplicate
parameters from the original query string that are not being added or
replaced
- :func:`w3lib.html.remove_tags` now raises a :exc:`ValueError` exception
instead of :exc:`AssertionError` when using both the ``which_ones`` and the
``keep`` parameters
- Test improvements
- Documentation improvements
- Code cleanup
v1.4.0 / 2023-12-29
Add support for httpx
Enable mocket integration tests for Python >= 3.11
v1.3.0 / 2023-12-25
This release modernizes Pook build and development environments.
Drop support for EOL'd Python versions (in other words, 3.6 and 3.7)
Use pyproject.toml
Use ruff to lint files
Use pre-commit to add pre-commit hooks
Use hatch to manage test, development, and build environments
Fix the test configuration to actually run the example tests
Fix the documentation build
Fix support for asynchronous functions in the activate decorator (this was a direct result of re-enabling the example tests and finding lots of little issues)
Remove all mention of the unsupported pycurl library
Clean up tests that can use pytest parametrize to do so (and get better debugging information during tests runs as a result)
Use pytest-pook to clean up a bunch of unnecessary test fixtures
Fix deprecation warning for invalid string escape sequences caused by untagged regex strings
v1.2.1 / 2023-12-23
Fix usage of regex values in header matchers
Fix urllib SSL handling
v1.2.0 / 2023-12-17
feat(api): add support for binary bodies
fix(urllib3): don't put non-strings into HTTP header dict
refactor: drop Python 3.5 support
v1.1.0 / 2023-01-01
chore(version): bump minor v1.1.0
Switch to Python >= 3.5 and fix latest aiohttp compatability
fix: remove print cal
7.14.1
Bugs fixed
- Fix broken image scaling in case a custom width or height is provided for the image
Maintenance and upkeep improvements
- Allow pre-fetch of css files without attempting download
- Bump the actions group with 1 update
4.0.10
Bugs fixed
- Backport: Improve scrolling to heading
- Workaround focus leaving input box on consecutive submissions
- Fix search coming back in notebook and editor
- Fix `jupyter labextension watch --help`
- Fix `FormComponent` showing error indicators in all fields when using a `customValidate` function
- Fix Shift + L not working in stdin
Maintenance and upkeep improvements
- Backport: Adopt ruff format
- Pin `actions/labeler` to v4 to fix failing CI action
- Fix URLs in debugger-extension
- More robust galata/UI tests
Documentation improvements
- Backport: Adopt ruff format
2.12.3
Bugs fixed
- Import User unconditionally
Maintenance and upkeep improvements
- Simplify the jupytext downstream test
- Fix test param for pytest-xdist
2.12.2
Bugs fixed
- Fix a typo in error message
- Force legacy ws subprotocol when using gateway
Maintenance and upkeep improvements
- Update pre-commit deps
- Use ruff docstring-code-format
Documentation improvements
- Enable htmlzip and epub on readthedocs
Changelog (taken from https://github.com/superseriousbusiness/gotosocial/releases)
v0.13.1 Spiderier Sloth
Release highlights
Fixes a couple small issues with poll vote counts and poll expiry, and an issue where domain blocks were sometimes not being properly enforced when deeper- and higher-level domain blocks were used in combination (eg., when combining blocks for say example.org, bad.example.org, also-bad.example.org).
Migration notes
Upgrading
See the release notes for 0.13.0 but replace 0.13.0 with 0.13.1 throughout. Easy peasy!
config.yaml
No changes since 0.13.0, see 0.13.0 for migration notes from versions < 0.13.0.
Database Migrations
No changes since 0.13.0, see 0.13.0 for migration notes from versions < 0.13.0.
Detailed Changelog
ccecf5a [bugfix] fix higher-level explicit domain rules causing issues with lower-level domain blocking (#2513)
d5c305d [bugfix] misc dereferencer fixes (#2475)
1c56192 [feature] Log pubKeyID for http-signed requests (#2501)
f33d05c [bugfix] fix check for closed poll to account for non-zero closed time but in the future (#2486)
b141500 [bugfix] fix poll total vote double count (#2464)
v0.13.0 Spider Sloth 🕷️
Spider Sloth, Spider Sloth, does whatever a .... sloth does?
Release highlights
Create, view, and vote in polls. It's been a while in the making but GoToSocial now has support for polls, aka Question activity types. You can create, view, and vote in polls using your client of choice.
Show unsupported media placeholders in incoming posts, where media could not be downloaded (temporarily or otherwise). No more dropped media on posts! You'll instead now get a link to the media on the originating instance, that you can click through in your (mobile) browser.
Mute threads that you're being overwhelmed by. Notifications for replies, likes, and boosts in that thread will no longer be generated.
Media cleanup scheduling. Previously media scheduling took place every night at 12am. With the new media scheduling settings in the config, you can customize the schedule to run it at different times and frequencies. https://docs.gotosocial.org/en/latest/admin/media_caching/#cleanup
Support for setting instance language . You can use the new instance-languages setting to indicate one or more primary languages for your instance. https://docs.gotosocial.org/en/latest/configuration/instance/
Support for language tags on posts. Language of posts is now correctly federated in and out of your instance. The language of posts is also shown on the web view of statuses and threads.
Gather and expose prometheus format metrics. You can now expose a /metrics endpoint to allow a Prometheus instance to scrape metrics about Go runtime memory usage, http request and database metrics, and more. https://docs.gotosocial.org/en/latest/advanced/metrics/
Migration notes
Error #01: authentication NOT PASSED for public key
You will see lots of errors in your logs now that look like this. This is normal, and not a new bug! Previously, we were not surfacing these authentication errors, and now we are. They are caused by #894, which we will fix some time in the new year. Again, not a new bug. This will not effect normal running of your instance.
Upgrading
To upgrade to 0.13.0 from a previous release:
Binary/tar
Stop GoToSocial
Untar the new release, including the web assets and html templates.
Edit your config.yaml file as necessary (see below).
Start GoToSocial
Docker
Stop GoToSocial.
Pull the new docker container (superseriousbusiness/gotosocial:0.13.0 or superseriousbusiness/gotosocial:latest)
Start GoToSocial.
config.yaml
The configuration file has changed since the previous release. You can see a diff of the config file here: v0.12.2...v0.13.0#diff-c071e03510b2c57e193a44503fd9528a785f0f411497cc75841a9f8d0b1ac622
Database Migrations
This release contains several database migrations which will run the first time you start up this new version. Be sure not to interrupt this migration process. This will take anywhere between a couple seconds and ten minutes (on slower hardware). Please be patient!
Detailed Changelog
Features + performance
[feature] Status thread mute/unmute functionality by @tsmethurst in #2278
[feature] attach any request errors if found, only set level=ERROR if code >= 500 by @NyaaaWhatsUpDoc in #2300
[feature] Customizable media cleaner schedule by @tsmethurst in #2304
[feature] add per-uri dereferencer locks by @NyaaaWhatsUpDoc in #2291
[feature] support canceling scheduled tasks, some federation API performance improvements by @NyaaaWhatsUpDoc in #2329
[feature] add support for polls + receiving federated status edits by @NyaaaWhatsUpDoc in #2330
[feature] Media attachment placeholders by @tsmethurst in #2331
[feature/performance] Wrap incoming HTTP requests in timeout handler by @tsmethurst in #2353
[feature] Set/show instance language(s); show post language on frontend by @tsmethurst in #2362
[feature] Initial metrics by @Tsuribori in #2334
[feature] Federate status language in and out by @tsmethurst in #2366
[feature] Poll web view by @tsmethurst in #2377
[performance] http response encoding / writing improvements by @NyaaaWhatsUpDoc in #2374
[feature] Add /api/v1/admin/debug/apurl endpoint by @tsmethurst in #2359
[performance/postgres] Rename constraints, remove duplicate indexes by @tsmethurst in #2392
Bugfixes
[bugfix] serialize instance terms via API by @tsmethurst in #2293
[bugfix/frontend] Export/import CSV correctly by @tsmethurst in #2294
[bugfix] allow store smaller PNG image than 261 bytes (#2263) by @KEINOS in #2298
[bugfix/frontend] Add nosubmit option to form fields; use it when instance custom CSS disabled by @tsmethurst in #2290
[bugfix] Extract description as summary first, fall back to name by @tsmethurst in #2303
[bugfix] Allow blocked accounts to show in precise search by @tsmethurst in #2321
[bugfix] Relax Mention parsing, allowing either href or name by @tsmethurst in #2320
Remove account_suspended_at_idx to resolve slow query issues by @Sentynel in #2310
[bugfix] fix poll vote count responses on client and fedi API vote creation by @NyaaaWhatsUpDoc in #2343
[bugfix] actually decrement votes during poll vote delete ... by @NyaaaWhatsUpDoc in #2344
[bugfix/docs] Poll api fixups + swagger docs by @tsmethurst in #2345
[bugfix] Don't try to update suspended accounts by @tsmethurst in #2348
[chore/bugfix/horror] Allow expires_in and poll choices to be parsed from strings by @tsmethurst in #2346
[bugfix] support endless polls, and misskey's' method of inferring expiry in closed polls by @NyaaaWhatsUpDoc in #2349
[bugfix] Update poll delete/update db queries by @tsmethurst in #2361
[bugfix] process account delete side effects in serial, not in parallel by @tsmethurst in #2360
[bugfix] self-referencing collection pages for status replies by @NyaaaWhatsUpDoc in #2364
[bugfix] Add Actor to outgoing poll vote Create; other fixes by @tsmethurst in #2384
[bugfix] Don't copy ptr fields in caches by @tsmethurst in #2386
[bugfix] Correctly handle range > content-length by @Jadeiin in #2395
[bugfix] Update exif-terminator (fix png issue) by @tsmethurst in #2391
[bugfix] always go through status parent dereferencing on isNew, even on data-race by @NyaaaWhatsUpDoc in #2402
[bugfix] return 400 Bad Request on more cases of malformed AS data by @NyaaaWhatsUpDoc in #2399
[bugfix] in fedi API CreateStatus(), handle case of data-race and return early by @NyaaaWhatsUpDoc in #2403
[bugfix/chore] Announce reliability updates by @tsmethurst in #2405
[bug] Fix an import statement in the gen template by @daenney in #2426
[bugfix] Fix wrong notification type sent for poll end by @tsmethurst in #2429
[bugfix] Fix web media not showing as sensitive by @tsmethurst in #2433
[bugfix] Ensure pre renders as expected, fix orderedCollectionPage by @tsmethurst in #2434
[bugfix] Narrow search scope for accounts starting with '@'; don't LOWER SQLite text searches by @tsmethurst in #2435
[bugfix] Make screenreaders read out Language of posts properly by @tsmethurst in #2436
[bugfix] ensure the 'Closing' flag doesn't get cached by @NyaaaWhatsUpDoc in #2443
[bugfix] pol...
v0.13.0-rc2
Hiya! Here's the second release candidate for 0.13.0!
For installation / migration instructions, please see the release notes for the RC1, but replace rc1 with rc2 throughout:
https://github.com/superseriousbusiness/gotosocial/releases/tag/v0.13.0-rc1
Happy bug hunting!
Detailed Changelog
Bugfixes
d0bb8f0 [bugfix] Let templates deref pointers, as a treat (#2448)
ac48192 [bugfix] poll vote count fixes (#2444)
2191c7d [bugfix] ensure the 'Closing' flag doesn't get cached (#2443)
bca9b2c [bugfix] Make screenreaders read out Language of posts properly (#2436)
3f070a4 [bugfix] Narrow search scope for accounts starting with '@'; don't LOWER SQLite text searches (#2435)
d60edf7 [bugfix] Ensure pre renders as expected, fix orderedCollectionPage (#2434)
cc91ea0 [bugfix] Fix web media not showing as sensitive (#2433)
c6d6fec [bugfix] Fix wrong notification type sent for poll end (#2429)
455064f [bug] Fix an import statement in the gen template (#2426)
Chores / version bumps
cd16113 [chore]: Bump github.com/KimMachineGun/automemlimit from 0.3.0 to 0.4.0 (#2440)
9b03840 [chore]: Bump github.com/miekg/dns from 1.1.56 to 1.1.57 (#2439)
cdeba94 [chore]: Bump golang.org/x/oauth2 from 0.13.0 to 0.15.0 (#2438)
a968a03 [chore]: Bump github.com/coreos/go-oidc/v3 from 3.7.0 to 3.9.0 (#2442)
4779aec [chore] Run ANALYZE for SQLite after latest migrations (#2427)
dacfd41 [chore/frontend] Refactor status templates slightly, put polls behind CWs if present (#2419)
18d850e [chore]: Bump go.opentelemetry.io/otel/exporters/prometheus (#2412)
ca1a581 [chore]: Bump github.com/tdewolff/minify/v2 from 2.20.7 to 2.20.9 (#2416)
bdc43a9 [chore]: Bump github.com/minio/minio-go/v7 from 7.0.63 to 7.0.65 (#2415)
b576fbb [chore]: Bump golang.org/x/crypto from 0.15.0 to 0.16.0 (#2413)
bffc67d [chore]: Bump github.com/gorilla/feeds from 1.1.1 to 1.1.2 (#2414)
Docs
5556767 [docs] Change configuration creation instructions (#2408)
v0.13.0-rc1
Well well well, look what the sloth dragged in... the first release candidate for v0.13.0, Spider Sloth.
Release highlights
Create, view, and vote in polls. It's been a while in the making but GoToSocial now has support for polls, aka Question activity types. You can create, view, and vote in polls using your client of choice.
Show unsupported media placeholders in incoming posts, where media could not be downloaded (temporarily or otherwise). No more dropped media on posts! You'll instead now get a link to the media on the originating instance, that you can click through in your (mobile) browser.
Mute threads that you're being overwhelmed by. Notifications for replies, likes, and boosts in that thread will no longer be generated.
Media cleanup scheduling. Previously media scheduling took place every night at 12am. With the new media scheduling settings in the config, you can customize the schedule to run it at different times and frequencies. https://docs.gotosocial.org/en/latest/admin/media_caching/#cleanup
Support for setting instance language . You can use the new instance-languages setting to indicate one or more primary languages for your instance. https://docs.gotosocial.org/en/latest/configuration/instance/
Support for language tags on posts. Language of posts is now correctly federated in and out of your instance. The language of posts is also shown on the web view of statuses and threads.
Gather and expose prometheus format metrics. You can now expose a /metrics endpoint to allow a Prometheus instance to scrape metrics about Go runtime memory usage, http request and database metrics, and more. https://docs.gotosocial.org/en/latest/advanced/metrics/
Migration notes
Upgrading
To upgrade to 0.13.0-rc1 from a previous release:
Binary/tar
Stop GoToSocial
Untar the new release, including the web assets and html templates.
Edit your config.yaml file as necessary (see below).
Start GoToSocial
Docker
Stop GoToSocial.
Pull the new docker container (superseriousbusiness/gotosocial:0.13.0-rc1 or superseriousbusiness/gotosocial:latest)
Start GoToSocial.
config.yaml
The configuration file has changed since the previous release. You can see a diff of the config file here: v0.12.2...v0.13.0-rc1#diff-c071e03510b2c57e193a44503fd9528a785f0f411497cc75841a9f8d0b1ac622
Database Migrations
This release contains several database migrations which will run the first time you start up this new version. Be sure not to interrupt this migration process. This will take anywhere between a couple seconds and ten minutes (on slower hardware). Please be patient!
Detailed Changelog
Feature / performance
[feature] Status thread mute/unmute functionality by @tsmethurst in #2278
[feature] attach any request errors if found, only set level=ERROR if code >= 500 by @NyaaaWhatsUpDoc in #2300
[feature] Customizable media cleaner schedule by @tsmethurst in #2304
[feature] add per-uri dereferencer locks by @NyaaaWhatsUpDoc in #2291
[performance] Remove account_suspended_at_idx to resolve slow query issues by @Sentynel in #2310
[feature] support canceling scheduled tasks, some federation API performance improvements by @NyaaaWhatsUpDoc in #2329
[feature] add support for polls + receiving federated status edits by @NyaaaWhatsUpDoc in #2330
[feature] Media attachment placeholders by @tsmethurst in #2331
[feature/performance] Wrap incoming HTTP requests in timeout handler by @tsmethurst in #2353
[feature] Set/show instance language(s); show post language on frontend by @tsmethurst in #2362
[feature] Initial metrics by @Tsuribori in #2334
[feature] Federate status language in and out by @tsmethurst in #2366
[feature] Poll web view by @tsmethurst in #2377
[performance] http response encoding / writing improvements by @NyaaaWhatsUpDoc in #2374
[feature] Add /api/v1/admin/debug/apurl endpoint by @tsmethurst in #2359
[performance/postgres] Rename constraints, remove duplicate indexes by @tsmethurst in #2392
Bugfixes
[bugfix/frontend] Add nosubmit option to form fields; use it when instance custom CSS disabled by @tsmethurst in #2290
[bugfix] serialize instance terms via API by @tsmethurst in #2293
[bugfix/frontend] Export/import CSV correctly by @tsmethurst in #2294
[bugfix] allow store smaller PNG image than 261 bytes (#2263) by @KEINOS in #2298
[bugfix] Extract description as summary first, fall back to name by @tsmethurst in #2303
[bugfix] Allow blocked accounts to show in precise search by @tsmethurst in #2321
[bugfix] Relax Mention parsing, allowing either href or name by @tsmethurst in #2320
[bugfix] fix poll vote count responses on client and fedi API vote creation by @NyaaaWhatsUpDoc in #2343
[bugfix] actually decrement votes during poll vote delete ... by @NyaaaWhatsUpDoc in #2344
[bugfix/docs] Poll api fixups + swagger docs by @tsmethurst in #2345
[bugfix] Don't try to update suspended accounts by @tsmethurst in #2348
[chore/bugfix/horror] Allow expires_in and poll choices to be parsed from strings by @tsmethurst in #2346
[bugfix] support incoming endless polls, and misskey's' method of inferring expiry in closed polls by @NyaaaWhatsUpDoc in #2349
[bugfix] Update poll delete/update db queries by @tsmethurst in #2361
[bugfix] process account delete side effects in serial, not in parallel by @tsmethurst in #2360
[bugfix] self-referencing collection pages for status replies by @NyaaaWhatsUpDoc in #2364
[bugfix] Add Actor to outgoing poll vote Create; other fixes by @tsmethurst in #2384
[bugfix] Don't copy ptr fields in caches by @tsmethurst in #2386
[bugfix] Correctly handle range > content-length by @Jadeiin in #2395
[bugfix] Update exif-terminator (fix png issue) by @tsmethurst in #2391
[bugfix] always go through status parent dereferencing on isNew, even on data-race by @NyaaaWhatsUpDoc in #2402
[bugfix] return 400 Bad Request on more cases of malformed AS data by @NyaaaWhatsUpDoc in #2399
[bugfix] in fedi API CreateStatus(), handle case of data-race and return early by @NyaaaWhatsUpDoc in #2403
[bugfix/chore] Announce reliability updates by @tsmethurst in #2405
Chores and version bumps
[chore]: Bump github.com/coreos/go-oidc/v3 from 3.6.0 to 3.7.0 by @dependabot in #2284
[chore] de-interface{} the federator and dereferencer structs by @NyaaaWhatsUpDoc in #2285
[chore] bump go version -> 1.21.x by @tsmethurst in #2287
Bump @babel/traverse from 7.23.0 to 7.23.2 in /web/source by @dependabot in #2269
[chore] update minify library by @NyaaaWhatsUpDoc in #2286
[chore] bump go swagger version in Docker build by @tsmethurst in #2292
[chore]: Bump google.golang.org/grpc from 1.58.2 to 1.58.3 by @dependabot in #2301
[chore]: Bump github.com/tdewolff/minify/v2 from 2.19.10 to 2.20.0 by @dependabot in #2316
[chore]: Bump github.com/yuin/goldmark from 1.5.6 to 1.6.0 by @dependabot in #2318
Bump browserify-sign from 4.2.1 to 4.2.2 in /web/source by @dependabot in #2...
This is a very simple HTTP/1.1 client, designed for doing simple
requests without the overhead of a large framework like LWP::UserAgent.
It is more correct and more complete than HTTP::Lite. It supports
proxies and redirection. It also correctly resumes after EINTR.
Changelog:
115.6.0:
* Security fixes.
Mozilla Foundation Security Advisory 2023-54
#CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced
method with Mesa VM driver
#CVE-2023-6865: Potential exposure of uninitialized data in
EncryptingOutputStream
#CVE-2023-6857: Symlinks may resolve to smaller than expected buffers
#CVE-2023-6858: Heap buffer overflow in nsTextFragment
#CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer
#CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture
validation
#CVE-2023-6867: Clickjacking permission prompts using the popup transition
#CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in
headless mode
#CVE-2023-6862: Use-after-free in nsDNSService
#CVE-2023-6863: Undefined behavior in ShutdownObserver()
#CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and
Thunderbird 115.6
Changelog:
121.0.1:
Fixed
* Fixed unexpected line wrapping in some CJK contexts caused by changes in
ideographic space handling. (Bug 1870973)
* Fixed a hang when loading sites containing column-based layouts under some
circumstances. (Bug 1867784)
* Fixed missing rounded corners for videos playing over another video. (Bug
1869994)
* Fixed Firefox not closing properly and other applications being unable to
use a USB security key after being previously used during a Firefox
session. (Bug 1863135)
0.25.0 - 2023-12-17
Added
Support the WebSocket Denial Response ASGI extension
Fixed
Allow explicit hidden file paths on --reload-include
Properly annotate uvicorn.run()
0.24.0.post1 - 2023-11-06
Fixed
Revert mkdocs-material from 9.1.21 to 9.2.6
0.24.0 - 2023-11-04
Added
Support Python 3.12
Allow setting app via environment variable UVICORN_APP
0.23.2 - 2023-07-31
Fixed
Maintain the same behavior of websockets from 10.4 on 11.0
0.23.1 - 2023-07-18
Fixed
Add typing_extensions for Python 3.10 and lower
0.23.0 - 2023-07-10
Added
Add --ws-max-queue parameter WebSockets
Removed
Drop support for Python 3.7
Remove asgiref as typing dependency
Fixed
Set scope["scheme"] to ws or wss instead of http or https on ProxyHeadersMiddleware for WebSockets
Changed
Raise ImportError on circular import
Use logger.getEffectiveLevel() instead of logger.level to check if log level is TRACE
0.22.0 - 2023-04-28
Added
Add --timeout-graceful-shutdown parameter
Handle SIGBREAK on Windows
Fixed
Shutdown event is now being triggered on Windows when using hot reload
--reload-delay is effectively used on the watchfiles reloader
0.21.1 - 2023-03-16
Fixed
Reset lifespan state on each request
0.21.0 - 2023-03-09
Added
Introduce lifespan state
Allow headers to be sent as iterables on H11 implementation
Improve discoverability when --port=0 is used
Changed
Avoid importing h11 and pyyaml when not needed to improve import time
Replace current native WSGIMiddleware implementation by a2wsgi
Change default --app-dir from "." (dot) to "" (empty string)
Fixed
Send code 1012 on shutdown for WebSockets
Use surrogateescape to encode headers on websockets implementation
Fix warning message on reload failure
0.20.0 - 2022-11-20
Added
Check if handshake is completed before sending frame on wsproto shutdown
Add default headers to WebSockets implementations
Warn user when reload and workers flag are used together
Fixed
Use correct WebSocket error codes on close
Send disconnect event on connection lost for wsproto
Add SIGQUIT handler to UvicornWorker
Fix crash on exist with "--uds" if socket doesn't exist
Annotate CONFIG_KWARGS in UvicornWorker class
Removed
Remove conditional on RemoteProtocolError.event_hint on wsproto
Remove unused handle_no_connect on wsproto implementation
7.14.0
Enhancements made
- Convert `coalescese_streams` function to `CoalesceStreamsPreprocessor`
Maintenance and upkeep improvements
- chore: update pre-commit hooks
- Fix webpdf test on Python 3.12
- Clean up import
7.13.1
Bugs fixed
- Restore removed import
7.13.0
Enhancements made
- Add table, td, tr to allowed list of tags
Maintenance and upkeep improvements
- Remove twitter links that cause linkcheck to fail
- Update ruff config
- chore: update pre-commit hooks
Sync replace-moz.build.awk with firefox{102,} so that X11 desktop
capture works.
(Re)Fix PR pkg/56955.
(While here define PKGREVISION only once.)
PKGREVISION++
1.877.0 (2024-01-03)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.876.0 (2023-12-28)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.875.0 (2023-12-27)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.874.0 (2023-12-26)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.873.0 (2023-12-22)
* Feature - Added support for enumerating regions for Aws::NetworkMonitor.
1.872.0 (2023-12-21)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.871.0 (2023-12-20)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.870.0 (2023-12-19)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.869.0 (2023-12-18)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
Upstream changes:
Changes for version 4.60 - 2023-11-01
TESTING
move t/changes.t to xt/ as is now broken by the recent rewrite of Test::CPAN::Changes (GH #260)
aioquic is a library for the QUIC network protocol in Python. It
features a minimal TLS 1.3 implementation, a QUIC stack and an HTTP/3
stack.
QUIC was standardised in RFC 9000 and HTTP/3 in RFC 9114
aioquic is regularly tested for interoperability against other QUIC
implementations.
pylsqpack is a wrapper around the ls-qpack library. It provides Python
Decoder and Encoder objects to read or write HTTP/3 headers compressed
with QPACK.
Version 23.12.0
Features
* Start and restart arbitrary processes
* Cleaner process management in shutdown
* Suppress task cancel traceback on open websocket
* Listener and signal prioritization
* Reduce memory consumption
* Accept bare cookies
* Add websocket.handler.<before/after/exception> signals
* Add changed files to reload trigger listeners
* Allow for simple signals
* Improve functionality and consistency of Sanic.event()
* Allow range requests for a single byte
* Better Request.scheme for websocket requests
* Convert Sanic Request to a Websockets Request for handshake
* Add a REPL to the sanic CLI
* Add Python 3.12 support
* Better exception on multiprocessing context conflicts
Bugfixes
* Fix MOTD display for extra data
4.0.0 (2022-10-15)
------------------
Channels 4 is the next major version of the Channels package. Together with the
matching Daphne v4 and channels-redis v4 releases, it updates dependencies,
fixes issues, and removes outdated code. It so provides the foundation for
Channels development going forward.
In most cases, you can update now by updating ``channels``, ``daphne``, and
``channels-redis`` as appropriate, with ``pip``, and by adding ``daphne`` at
the top of your ``INSTALLED_APPS`` setting.
First ``pip``::
pip install -U 'channels[daphne]' channels-redis
Then in your Django settings file::
INSTALLED_APPS = [
"daphne",
...
]
Again, this is a major version change. Amongst other changes, large amounts of
the Django-wrapping code deprecated in Channels v3 has now been removed, in
favour of Django's own ASGI handling, and the ``runserver`` command has been
moved into the Daphne package.
4.0.0 (2022-10-07)
------------------
Major versioning targeting use with Channels 4.0 and beyond. Except where
noted should remain usable with Channels v3 projects, but updating Channels to the latest version is recommended.
* Added a ``runserver`` command to run an ASGI Django development server.
Added ``"daphne"`` to the ``INSTALLED_APPS`` setting, before
``"django.contrib.staticfiles"`` to enable:
INSTALLED_APPS = [
"daphne",
...
]
This replaces the Channels implementation of ``runserver``, which is removed
in Channels 4.0.
* Made the ``DaphneProcess`` tests helper class compatible with the ``spawn``
process start method, which is used on macOS and Windows.
Note that requires Channels v4 if using with ``ChannelsLiveServerTestCase``.
* Dropped support for Python 3.6.
* Updated dependencies to the latest versions.
Previously a range of Twisted versions have been supported. Recent Twisted
releases (22.2, 22.4) have issued security fixes, so those are now the
minimum supported version. Given the stability of Twisted, supporting a
range of versions does not represent a good use of maintainer time. Going
forward the latest Twisted version will be required.
* Set ``daphne`` as default ``Server`` header.
This can be configured with the ``--server-name`` CLI argument.
Added the new ``--no-server-name`` CLI argument to disable the ``Server``
header, which is equivalent to ``--server-name=` (an empty name).
* Added ``--log-fmt`` CLI argument.
* Added support for ``ASGI_THREADS`` environment variable, setting the maximum
number of workers used by a ``SyncToAsync`` thread-pool executor.
Set e.g. ``ASGI_THREADS=4 daphne ...`` when running to limit the number of
workers.
* Removed deprecated ``--ws_protocols`` CLI option.
Version 1.5.1 - Security Release
This is a minor security release to fix a potential DoS for applications that allow the use of symmetric keys with pbkdf2.
What's Changed
Fix X22519 import/export from PEM
Read the Docs now requires a config file
chore: refactor for removing pdb symbols
Fix potential DoS issue with p2c header
6.72 2023-07-17 22:01:19Z
- Don't mangle protocol scheme and don't require it to be valid if
implementor is already known (GH#436) (mwgamera)
6.71 2023-06-20 19:44:19Z
- Use rather than require Module::Load (GH#435) (Olaf Alders)
