=== 2.16.0 / 2016-01-27
* 7 minor features:
* Add 'set_remote_address' config option
* Allow to run puma in silent mode
* Expose cli options in DSL
* Support passing JRuby keystore info in ssl_bind DSL
* Allow umask for unix:/// style control urls
* Expose `old_worker_count` in stats url
* Support TLS client auth (verify_mode) in jruby
* 7 bug fixes:
* Don't persist before_fork hook in state file
* Reload bundler before pulling in rack. Fixes#859
* Remove NEWRELIC_DISPATCHER env variable
* Cleanup C code
* Use Timeout.timeout instead of Object.timeout
* Make phased restarts faster
* Ignore the case of certain headers, because HTTP
* 1 doc changes:
* Test against the latest Ruby 2.1, 2.2, 2.3, head and JRuby 9.0.4.0 on Travis
* 12 merged PRs
* Merge pull request #822 from kwugirl/remove_NEWRELIC_DISPATCHER
* Merge pull request #833 from joemiller/jruby-client-tls-auth
* Merge pull request #837 from YuriSolovyov/ssl-keystore-jruby
* Merge pull request #839 from mezuka/master
* Merge pull request #845 from deepj/timeout-deprecation
* Merge pull request #846 from sriedel/strip_before_fork
* Merge pull request #850 from deepj/travis
* Merge pull request #853 from Jeffrey6052/patch-1
* Merge pull request #857 from zendesk/faster_phased_restarts
* Merge pull request #858 from mlarraz/fix_some_warnings
* Merge pull request #860 from zendesk/expose_old_worker_count
* Merge pull request #861 from zendesk/allow_control_url_umask
Padrino 0.13.1 - Router and Reloader Updates, Ruby Compatibility, and Bug Fixes
Posted on January 17, 2016 by Nathan Esquenazi
Padrino 0.13.0 was shipped 3 months ago on October 2015 and laid important
groundwork towards our eventual 1.0 release but also introduced some new
issues. After a few months of effort, we are excited to announce the release
of Padrino 0.13.1! This version is filled with routing and reloader
optimizations, compatibility updates, and bug fixes. Full details for this
release are below.
Router and Reloader Updates
The biggest improvement in this release is a significant reduction in the
memory usage of Padrino apps by changing the configuration of the underlying
mustermann router. Full list of improvements to router and reloader include:
* FIX#1975 Improve routing memory usage and performance (@namusyaka)
* FIX#1982 Support nested query for expanding path (@namusyaka)
* FIX#1978 Enable reloading of custom dependencies (@markglenfletcher)
Ruby Compatibility
Padrino 0.13.1 has been fixed to be fully compatible with Ruby 2.3 thanks to
@tyabe:
* FIX#2000 Fix mutex handling for Ruby 2.3 (@tyabe)
Bug Fixes and Miscellaneous
There are also several bug fixes and other updates:
* FIX Remove use of ActiveSupport in tests (@ujifgc)
* FIX#1994 Missing new line in mocha generator (@peter50216)
* FIX#1995 Invalid german dates (@ujifgc)
* FIX#1998 Only output a warning message if the spec task is invoked
(@postmodern)
* FIX#1882 test for selected values for select tag (@ujifgc)
* FIX rendering exception for custom mime types (@nesquena)
* FIX relax mail gem dependency (@ujifgc)
* FIX minor doc typos (@lokyoung, @markglenfletcher)
3.4.21 (11 January 2016)
This is a bug fix release.
* Consistent output formatting for numbers close to an integer.
Issue #1931
* Correctly round negative numbers that were almost but not quite a whole
number (slightly greater than the negative number).
Issue #1938
* Don't strip escaped semicolons from compressed output.
Issue #1932
* Only compress around dashes within nth selectors.
Issue #1933
* Selector compression of whitespace around commas was affecting attribute
values.
Issue #1947
* Make subtraction work when a unit is followed directly by a hyphen and then
a period. For example, 1em-.75em now returns 0.25em rather than
1em-0.75em. This is consistent with the behavior when the subtrahend begins
with a 0.
Issue #1954
## 1.6.1
* Revert 'No longer read responses from cache when we already have them'
## 1.6.0
* Noop backend
* No longer read responses from cache when we already have them
* renamed files from entitystore -> entity_store (metastore/cachecontrol/appengine) and added warns for old ones
pkgsrc change:
Drop dependency to ruby-rb-fsevent on Darwin since ruby-listen depends on
ruby-rb-fsevent now.
Changes are too many to write here, please refer <https://github.com/jekyll/jekyll/releases>.
#Version 2.6.2
Relase date: 2016-01-27
### Fixed
* support for more than just addressable 2.4.0 [Thomas Walpole]
# Version 2.6.1
Release date: 2016-01-27
### Fixed
* Add missing require for addressable [Jorge Bejar]
# Version 2.6.0
Relase date: 2016-01-17
### Fixed
* Fixed path escaping issue with current_path matchers [Tom Walpole, Luke Rollans] (Issue #1611)
* Fixed circular require [David Rodríguez]
* Capybara::RackTest::Form no longer overrides Object#method [David Rodriguez]
* options and with_options filter for :select selector have more intuitive visibility behavior [Nathan]
* Test for nested modal API method support [Tom Walpole]
### Added
* Capybara.modify_selector [Tom Walpole]
* xfeature and ffeature aliases added when using RSpec [Filip Bartuzi]
* Selenium driver supports a :clear option to #set to handle different strategies for clearing a field [Tom Walpole]
* Support the use of rack 2.0 with the rack_test driver [Travis Grathwell, Tom Walpole]
* Disabled option for default selectors now supports true, false, or :all [Jillian Rosile, Tom Walpole]
* Modal API methods now default wait time to Capybara.max_default_wait_time [Tom Walpole]
Fixes CVE-2016-2145 and CVE-2016-2146
Changes since 0.10.0 frome NEWS file and patches/patch-0274
patch-0274
---------------------------------------------------------------------------
* Return 500 Internal Server Error if probe discovery fails.
Version 0.12.0
---------------------------------------------------------------------------
Security fixes:
* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.
* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
resource exhaustion) due to missing size checks when reading
POST data.
In addition this release contains the following new features and fixes:
* Add MellonRedirecDomains option to limit the sites that
mod_auth_mellon can redirect to. This option is enabled by default.
* Add support for ECP service options in PAOS requests.
* Fix AssertionConsumerService lookup for PAOS requests.
Version 0.11.1
---------------------------------------------------------------------------
Security fixes:
* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.
* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
resource exhaustion) due to missing size checks when reading
POST data
Version 0.11.0
---------------------------------------------------------------------------
* Add SAML 2.0 ECP support.
* The MellonDecode option has been disabled. It was used to decode
attributes in a Feide-specific encoding that is no longer used.
* Set max-age=0 in Cache-Control header, to ensure that all browsers
verifies the data on each request.
* MellonMergeEnvVars On now accepts second optional parameter, the
separator to be used instead of the default ';'.
* Add option MellonEnvVarsSetCount to specify if the number of values
for any attribute should also be stored in environment variable
suffixed _N.
* Add option MellonEnvVarsIndexStart to specify if environment variables
for multi-valued attributes should start indexing with 0 (default) or
with 1.
* Bugfixes:
* Fix error about missing authentication with DirectoryIndex in
Apache 2.4.
This HTTP extension aims to provide a convenient and powerful
set of functionality for one of PHPs major applications.
It eases handling of HTTP urls, dates, redirects, headers and
messages, provides means for negotiation of clients preferred
language and charset, as well as a convenient way to send any
arbitrary data with caching and resuming capabilities.
Changelog:
Fixed in Firefox ESR 38.7
2016-37 Font vulnerabilities in the Graphite 2 library
2016-35 Buffer overflow during ASN.1 decoding in NSS
2016-34 Out-of-bounds read in HTML parser following a failed allocation
2016-31 Memory corruption with malicious NPAPI plugin
2016-28 Addressbar spoofing though history navigation and Location protocol property
2016-27 Use-after-free during XML transformations
2016-25 Use-after-free when using multiple WebRTC data channels
2016-24 Use-after-free in SetBody
2016-23 Use-after-free in HTML5 string parser
2016-21 Displayed page address can be overridden
2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
2016-17 Local file overwriting and potential privilege escalation through CSP reports
2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
2015-136 Same-origin policy violation using performance.getEntries and history navigation
2015-81 Use-after-free in MediaStream playback
Upstream changes:
6.55 2016-03-08
- Deprecated Mojo::Server::Morbo::check in favor of
Mojo::Server::Morbo::modified_files. (leejo, nugged)
- Added modified_files method to Mojo::Server::Morbo. (leejo, nugged)
- Improved renderer performance slightly.
- Fixed a bug where Morbo would restart more than once if multiple files
changed at the same time. (leejo, nugged)
6.54 2016-03-06
- Deprecated Mojo::Template::build and Mojo::Template::compile.
- Deprecated Mojo::Template::interpret in favor of Mojo::Template::process.
- Added support for named variables to Mojo::Template.
- Added vars attribute to Mojo::Template.
- Added process method to Mojo::Template.
- Improved Mojo::Template performance slightly.
Changelog:
New
Instant browser tab sharing through Hello
Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching
Synced Tabs button in button bar
Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level
Guarani [gn] locale added
Fixed
URLs containing a Unicode-format Internationalized Domain Name (IDN) are now properly redirected
Various security fixes
Fixed in Firefox 45
2016-37 Font vulnerabilities in the Graphite 2 library
2016-36 Use-after-free during processing of DER encoded keys in NSS
2016-35 Buffer overflow during ASN.1 decoding in NSS
2016-34 Out-of-bounds read in HTML parser following a failed allocation
2016-33 Use-after-free in GetStaticInstance in WebRTC
2016-32 WebRTC and LibVPX vulnerabilities found through code inspection
2016-31 Memory corruption with malicious NPAPI plugin
2016-30 Buffer overflow in Brotli decompression
2016-29 Same-origin policy violation using perfomance.getEntries and history navigation with session restore
2016-28 Addressbar spoofing though history navigation and Location protocol property
2016-27 Use-after-free during XML transformations
2016-26 Memory corruption when modifying a file being read by FileReader
2016-25 Use-after-free when using multiple WebRTC data channels
2016-24 Use-after-free in SetBody
2016-23 Use-after-free in HTML5 string parser
2016-22 Service Worker Manager out-of-bounds read in Service Worker Manager
2016-21 Displayed page address can be overridden
2016-20 Memory leak in libstagefright when deleting an array during MP4 processing
2016-19 Linux video memory DOS with Intel drivers
2016-18 CSP reports fail to strip location information for embedded iframe pages
2016-17 Local file overwriting and potential privilege escalation through CSP reports
2016-16 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
4.27 2016-03-02
[ RELEASE NOTES ]
- please see v4.21 Changes for any potentially impacting changes
[ INTERNALS ]
- fix a couple of warnings in test harness
- add taint flag to example file_upload
- fix a warnings in STORE subroutine
---------------
* 2.2.8 *
Bluefish 2.2.8 is a bugfix release with some small improvements and more
poloshed existing features. It fixes a few serious but rarely occuring
bugs. Options defined in the language definition files are now translated.
Various default settings have been improved, most notably the command to
launch Firefox for preview. The looks on newer gtk versions have been
restored. CSS can now be compressed and decompressed. The installers for
Windows and OSX have improvements, and there have been some OSX and Windows
specific fixes. Character encoding detection has been improved.
Auto-completion for HTML attributes has been improved.
uncomment a maintainer make target to find where REPLACE_PERL might be
needed, and remove one that's no longer needed. (No change to the
installed package, so no PKGREVISION bump.)
Substantial "under-the-hood" improvements to the page tree resulting in significant reduction of page-tree reloads and generally cleaner code
Update jsTree version to 3.2.1 with slight adaptions to the Pagetree
Improve the display and useability of the language menu, especially in cases where there are many languages
Documentation improvements
Add support for django-reversion 1.10+ (required for Django 1.9).
Add placeholder name to the edit tooltip.
Add attr['is_page']=True to CMS Page navigation nodes.
Add Django and Python versions to debug bar info tooltip.
