upstream changes:
-----------------
7.4.0 (2021-02-04)
Features and enhancements
CDN: Adds support for serving assets over a CDN. #30691, @torkelo
DashboardLinks: Support variable expression in to tooltip - Issue #30409. #30569, @huynhsamha
Explore: Set Explore's GraphNG to be connected. #30707, @ivanahuckova
InfluxDB: Add http configuration when selecting InfluxDB v2 flavor. #30827, @aocenas
InfluxDB: Show all datapoints for dynamically windowed flux query. #30688, @davkal
Loki: Improve live tailing errors. #30517, @ivanahuckova
Bug fixes
Admin: Fixes so form values are filled in from backend. #30544, @hugohaggmark
Admin: Fixes so whole org drop down is visible when adding users to org. #30481, @hugohaggmark
Alerting: Hides threshold handle for percentual thresholds. #30431, @hugohaggmark
CloudWatch: Prevent field config from being overwritten. #30437, @sunker
Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1. #30519, @torkelo
Explore: Fix jumpy live tailing. #30650, @ivanahuckova
Explore: Fix loading visualisation on the top of the new time series panel. #30553, @ivanahuckova
Footer: Fixes layout issue in footer. #30443, @torkelo
Graph: Fixes so only users with correct permissions can add annotations. #30419, @hugohaggmark
Mobile: Fixes issue scrolling on mobile in chrome. #30746, @torkelo
PanelEdit: Trigger refresh when changing data source. #30744, @torkelo
Panels: Fixes so panels are refreshed when scrolling past them fast. #30784, @hugohaggmark
Prometheus: Fix show query instead of Value if no name and metric. #30511, @zoltanbedi
TimeSeriesPanel: Fixes default value for Gradient mode. #30484, @torkelo
Variables: Clears drop down state when leaving dashboard. #30810, @hugohaggmark
Variables: Fixes display value when using capture groups in regex. #30636, @hugohaggmark
Variables: Fixes so queries work for numbers values too. #30602, @hugohaggmark
Variables: Fixes so text format will show All instead of custom all value. #30730, @hugohaggmark
Plugin development fixes & changes
Plugins: Fix failing plugin builds because of wrong internal import. #30439, @aocenas
7.4.0-beta1 (2021-01-20)
Features and enhancements
API: Add ID to snapshot API responses. #29600, @AgnesToulet
AlertListPanel: Add options to sort by Time(asc) and Time(desc). #29764, @dboslee
AlertListPanel: Changed alert url to to go the panel view instead of panel edit. #29060, @zakiharis
Alerting: Add support for Sensu Go notification channel. #28012, @nixwiz
Alerting: Add support for alert notification query label interpolation. #29908, @wbrowne
Annotations: Remove annotation_tag entries as part of annotations cleanup. #29534, @dafydd-t
Azure Monitor: Add Microsoft.Network/natGateways. #29479, @JoeyLemur
Backend plugins: Support Forward OAuth Identity for backend data source plugins. #27055, @billoley
Cloud Monitoring: MQL support. #26551, @mtanda
CloudWatch: Add 'EventBusName' dimension to CloudWatch 'AWS/Events' namespace. #28402, @tomdaly
CloudWatch: Add support for AWS DirectConnect ConnectionErrorCount metric. #29583, @haeringer
CloudWatch: Add support for AWS/ClientVPN metrics and dimensions. #29055, @marefr
CloudWatch: Added HTTP API Gateway specific metrics and dimensions. #28780, @karlatkinson
Configuration: Add an option to hide certain users in the UI. #28942, @AgnesToulet
Currency: Adds Indonesian IDR currency. #28363, @hiddenrebel
Dashboards: Delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder. #28826, @AgnesToulet
Dependencies: Update angularjs to 1.8.2. #28736, @torkelo
Docker: Use root group in the custom Dockerfile. #28639, @chugunov
Elasticsearch: Add Moving Function Pipeline Aggregation. #28131, @simianhacker
Elasticsearch: Add Support for Serial Differencing Pipeline Aggregation. #28618, @simianhacker
Elasticsearch: Deprecate browser access mode. #29649, @Elfo404
Elasticsearch: Interpolate variables in Filters Bucket Aggregation. #28969, @Elfo404
Elasticsearch: Support extended stats and percentiles in terms order by. #28910, @simianhacker
Elasticsearch: View in context feature for logs. #28764, @simianhacker
Explore/Logs: Alphabetically sort unique labels, labels and parsed fields. #29030, @ivanahuckova
Explore/Logs: Update Parsed fields to Detected fields. #28881, @ivanahuckova
Field overrides: Added matcher to match all fields returned by a specific query. #28872, @mckn
Graph: Add support for spline interpolation (smoothing) added in new time series panel. #4303
Instrumentation: Add histograms for database queries. #29662, @dafydd-t
Jaeger: Remove browser access mode. #30349, @zoltanbedi
LogsPanel: Don't show scroll bars when not needed. #28972, @aocenas
Loki: Add query type and line limit to query editor in dashboard. #29356, @ivanahuckova
Loki: Add query type selector to query editor in Explore. #28817, @ivanahuckova
Loki: Retry web socket connection when connection is closed abnormally. #29438, @ivanahuckova
MS SQL: Integrated security. #30369, @daniellee
Middleware: Add CSP support. #29740, @aknuds1
OAuth: Configurable user name attribute. #28286, @alexanderzobnin
PanelEditor: Render panel field config categories as separate option group sections. #30301, @dprokop
Postgres: SSL certification. #30352, @ying-jeanne
Prometheus: Add support for Exemplars. #28057, @zoltanbedi
Prometheus: Improve autocomplete performance and remove disabling of dynamic label lookup. #30199, @ivanahuckova
Prometheus: Update default query type option to "Both" in Explore query editor. #28935, @ivanahuckova
Prometheus: Use customQueryParameters for all queries. #28949, @alexbumbacea
Security: Prefer server cipher suites for http2. #29379, @bergquist
Security: Remove insecure cipher suit as default option. #29378, @bergquist
StatPanels: Add new calculation option for percentage difference. #26369, @jedstar
StatPanels: Change default stats option to "Last (not null)". #28617, @ryantxu
Table: migrate old-table config to new table config. #30142, @jackw
Templating: Custom variable edit UI, change options input into textarea. #28322, @darrylsepeda
TimeSeriesPanel: The new graph panel now supports y-axis value mapping. #30272, @torkelo
Tracing: Tag spans with user login and datasource name instead of id. #29183, @bergquist
Transformations: Add "Rename By Regex" transformer. #29281, @simianhacker
Transformations: Added new transform for excluding and including rows based on their values. #26884, @Totalus
Transforms: Add sort by transformer. #30370, @ryantxu
Variables: Add deprecation warning for value group tags. #30160, @torkelo
Variables: Added __user.email to global variable. #28853, @mckn
Variables: Adds description field. #29332, @hugohaggmark
Variables: Adds variables inspection. #25214, @hugohaggmark
Variables: New Variables are stored immediately. #29178, @hugohaggmark
Zipkin: Remove browser access mode. #30360, @zoltanbedi
Bug fixes
API: Query database from /api/health endpoint. #28349, @ceh
Alerting: Return proper status code when trying to create alert notification channel with duplicate name or uid. #28043, @jgulick48
Auth: Fix default maximum lifetime an authenticated user can be logged in. #30030, @papagian
Backend: Fix IPv6 address parsing erroneous. #28585, @taciomcosta
CloudWatch: Make sure stats grow horizontally and not vertically in the Query Editor. #30106, @sunker
Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data. #28761, @torkelo
Dashboards: Hide playlist edit functionality from viewers and snapshots link from unauthenticated users. #28992, @jackw
Data source proxy: Convert 401 HTTP status code from data source to 400. #28962, @aknuds1
Decimals: Improving auto decimals logic for high numbers and scaled units. #30262, @torkelo
Elasticsearch: Fix date histogram auto interval handling for alert queries. #30049, @simianhacker
Elasticsearch: Fix index pattern not working with multiple base sections. #28348, @tomdaly
Explore: Clear errors after running a new query. #30367, @ivanahuckova
Graph: Fixes stacking issues like floating bars when data is not aligned. #29051, @torkelo
Graph: Staircase and null value=null calculates auto Y-Min incorrectly (fixed in new Time series panel). #12995
Graph: Staircase mode, do now draw line segment from zero when drawing null values as null (Fixed in new Time series panel). #17838
Image uploader: Fix uploading of images to GCS. #26493, @gastonqiu
Influx: Fixes issue with many queries being issued as you type in the variable query field. #29968, @dprokop
Logs Panel: Fix inconsistent highlighting. #28971, @ivanahuckova
Logs Panel: Fixes problem dragging scrollbar inside logs panel. #28974, @aocenas
Loki: Fix hiding of series in table if labels have number values. #30185, @ivanahuckova
Loki: Lower min step to 1ms. #30135, @ivanahuckova
Loki: Remove showing of unique labels with the empty string value. #30363, @ivanahuckova
Loki: Timeseries should not produce 0-values for missing data. #30116, @davkal
Plugins: Fix panic when using complex dynamic URLs in app plugin routes. #27977, @cinaglia
Prometheus: Fix link to Prometheus graph in dashboard. #29543, @ivanahuckova
Provisioning: Build paths in an os independent way. #29143, @amattheisen
Provisioning: Fixed problem with getting started panel being added to custom home dashboard. #28750, @torkelo
SAML: Fixes bug in processing SAML response with empty element by updating saml library (Enterprise). #29991, @alexanderzobnin
SQL: Define primary key for tables without it. #22255, @azhiltsov
Tracing: Fix issue showing more than 300 spans. #29377, @zoltanbedi
Units: Changes FLOP/s to FLOPS and some other rates per second units get /s suffix. #28825, @Berbe
Variables: Fixes Constant variable persistence confusion. #29407, @hugohaggmark
Variables: Fixes Textbox current value persistence. #29481, @hugohaggmark
Variables: Fixes loading with a custom all value in url. #28958, @hugohaggmark
Variables: Fixes so clicking on Selected in drop down will exclude All value from selection. #29844, @hugohaggmark
Breaking changes
Constant variables
In order to minimize the confusion with Constant variable usage, we've removed the ability to make Constant variables visible. This change will also migrate all existing visible Constant variables to Textbox variables because which we think this is a more appropriate type of variable for this use case. Issue #29407
Plugin compatibility
We have upgraded AngularJS from version 1.6.6 to 1.8.2. Due to this upgrade some old angular plugins might stop working and will require a small update. This is due to the deprecation and removal of pre-assigned bindings. So if your custom angular controllers expect component bindings in the controller constructor you need to move this code to an $onInit function. For more details on how to migrate AngularJS code open the migration guide and search for pre-assigning bindings.
In order not to break all angular panel plugins and data sources we have some custom angular inject behavior that makes sure that bindings for these controllers are still set before constructor is called so many old angular panels and data source plugins will still work. Issue #28736
Deprecations
Query variable value group tags
This option to group query variable values into groups by tags has been an experimental feature since it was introduced. It was introduced to work around the lack of tags support in time series databases at the time. Now that tags (ie. labels) are the norm there is no longer any great need for this feature. This feature will be removed in Grafana v8 later this year. Issue #30160
Plugin development fixes & changes
AngularPlugins: Angular controller events emitter is now a separate emitter and not the same as PanelModel events emitter. #30379, @torkelo
FieldConfig API: Add ability to hide field option or disable it from the overrides. #29879, @dprokop
Select: Changes default menu placement for Select from auto to bottom. #29837, @hugohaggmark
Collapse: Allow component children to use height: 100% styling. #29776, @aocenas
DataSourceWithBackend: Throw error if health check fails in DataSourceWithBackend. #29743, @aocenas
NodeGraph: Add node graph visualization. #29706, @aocenas
FieldColor: Handling color changes when switching panel types. #28875, @dprokop
CodeEditor: Added support for javascript language. #28818, @ae3e
grafana/toolkit: Allow builds with lint warnings. #28810, @dprokop
grafana/toolkit: Drop console and debugger statements by default when building plugin. #28776, @dprokop
Card: Add new Card component. #28216, @Clarity-89
FieldConfig: Implementation slider editor (#27592). #28007, @isaozlerfm
MutableDataFrame: Remove unique field name constraint and values field index and unused/seldom used stuff. #27573, @torkelo
7.3.7 (2021-01-14)
Bug fixes
Auth: Add missing request headers to SigV4 middleware allowlist. #30115, @wbrowne
Elasticsearch: Sort results by index order as well as @timestamp. #29761, @STEELBADGE
SAML: Fixes bug in processing SAML response with empty element by updating saml library (Enterprise). #30179, @alexanderzobnin
SeriesToRows: Fixes issue in transform so that value field is always named Value. #30054, @torkelo
7.3.6 (2020-12-17)
Security
SAML: Fixes encoding/xml SAML vulnerability in Grafana Enterprise. #29875
7.3.5 (2020-12-10)
Features and enhancements
Alerting: Improve Prometheus Alert Rule error message. #29390, @wbrowne
Bug fixes
Alerting: Fix alarm message formatting in Dingding. #29482, @tomowang
AzureMonitor: Fix unit translation for MilliSeconds. #29399, @secustor
Instrumentation: Fix bug with invalid handler label value for HTTP request metrics. #29529, @bergquist
Prometheus: Fixes problem where changing display name in Field tab had no effect. #29441, @zoltanbedi
Tracing: Fixed issue showing more than 300 spans. #29377, @zoltanbedi
7.3.4 (2020-11-24)
Bug fixes
Dashboard: Fixes kiosk state after being redirected to login page and back. #29273, @torkelo
InfluxDB: Update flux library to fix support for boolean label values. #29310, @ryantxu
Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests. #29330, @wbrowne
Table: Fixes issues with phantom extra 0 for zero values. #29165, @dprokop
7.3.3 (2020-11-17)
Bug fixes
Cloud monitoring: Fix for multi-value template variable for project selector. #29042, @papagian
LogsPanel: Fixes problem dragging scrollbar inside logs panel. #28974, @aocenas
Provisioning: Fixes application not pinned to the sidebar when it's enabled. #29084, @alexanderzobnin
StatPanel: Fixes hanging issue when all values are zero. #29077, @torkelo
Thresholds: Fixes color assigned to null values. #29010, @torkelo
7.3.2 (2020-11-11)
Features / Enhancements
CloudWatch Logs: Change how we measure query progress. #28912, @aocenas
Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder. #28826, @AgnesToulet
Gauge: Improve font size auto sizing. #28797, @torkelo
Short URL: Cleanup unvisited/stale short URLs. #28867, @wbrowne
Templating: Custom variable edit UI, change options input into textarea. #28322, @darrylsepeda
Bug Fixes
Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data. #28761, @torkelo
Dashboard: fix view panel mode for Safari / iOS. #28702, @jackw
Elasticsearch: Exclude pipeline aggregations from order by options. #28620, @simianhacker
Panel inspect: Interpolate variables in panel inspect title. #28779, @dprokop
Prometheus: Fix copy paste behaving as cut and paste. #28622, @aocenas
StatPanels: Fixes auto min max when latest value is zero. #28982, @torkelo
TableFilters: Fixes filtering with field overrides. #28690, @hugohaggmark
Templating: Speeds up certain variable queries for Postgres MySql MSSql. #28686, @hugohaggmark
Units: added support to handle negative fractional numbers. #28849, @mckn
Variables: Fix backward compatibility in custom variable options that contain colon. #28896, @mckn
Changes:
1.0.0
=====
This is the last release that will support Python 2.7. Thanks to the
many contributors that made this release possible!
Main changes
------------
- Added support for Python 3.8 and 3.9.
- StatefulBrowser has new properties page, form, and url, which can be
used in place of the methods get_current_page, get_current_form and
get_url respectively (e.g. the new x.page is equivalent to
x.get_current_page()). These methods may be deprecated in a future
release. [#175]
- StatefulBrowser.form will raise an AttributeError instead of
returning None if no form has been selected yet. Note that
StatefulBrowser.get_current_form() still returns None for backward
compatibility.
Bug fixes
---------
- Decompose <select> elements with the same name when adding a new
input element to a form. [#297]
- The params and data kwargs passed to submit will now properly be
forwarded to the underlying request for GET methods (whereas previously
params was being overwritten by data). [#343]
* Set new HOMEPAGE and MASTER_SITES.
Changelog:
Changes in release neon 0.31.2, 20th June 2020
Fix ne_md5_read_ctx() with OpenSSL on big-endian architectures.
Fix GCC 10 warning in PKCS#11 build.
Fix OpenSSL build w/o deprecated APIs (Rosen Penev).
Fix unnecessary MD5 test for non-Digest auth (Sebastian Reschke).
Fix hang on SSL connection close with IIS (issue #11).
Fix ar, ranlib detection when cross-compiling (Sergei Trofimovich).
Changes in release neon 0.31.1, 17th April 2020
ADMIN: The neon website has moved to https://notroj.github.io/neon/
Restore ne_md5_read_ctx() in OpenSSL build.
Fix gcc warnings on Ubuntu (Jan-Marek Glogowski).
Fix various spelling mistakes in docs and headers (thanks to FOSSIES).
Fix ne_asctime_parse() (Eugenij-W).
Fix build with LibreSSL (Juan RP).
Changes in release neon 0.31.0, 24th March 2020
Interface changes:
none, API and ABI backwards-compatible with 0.27.x and later
New interfaces and features:
add more gcc “nonnull” attributes to ne_request_* functions.
for OpenSSL builds, ne_md5 code uses the OpenSSL implementation
add NE_SESSFLAG_SHAREPOINT session flag which enables workarounds< for RFC non-compliance issues in Sharepoint (thanks to Jan-Marek Glogowski and Giuseppe Castagno)
ne_uri.h: add ne_path_escapef() in support of above
ne_207.h: add ne_207_set_flags() likewise in support of above
API clarification:
ne_version_match() behaviour now matches actual 0.27+ ABI history
Bug fixes:
fixes for OpenSSL 1.1.1 and TLSv1.3 support
fix crash with GnuTLS in client cert support (Henrik Holst)
fix possible crash in ne_set_request_flag()
fix build with libxml2 2.9.10 and later
fix handling lock timeouts >LONG_MAX (Giuseppe Castagno)
Changelog:
Fixed
Security fix
Prevent access to NTFS special paths that could lead to filesystem corruption.
Fixed a crash when authenticating to websites using SPNEGO on macOS devices with Apple Silicon CPUs (bug 1685427).
Avoid printing an extra blank page at the end of some documents (bug 1689789).
Fixed a browser crash in case of unexpected Cache API state (bug 1684838).
Fixed external URL scheme handlers when using the Firefox flatpak (bug 1688966)
Security fix:
#MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures
Changelog:
Fixed
Security fix
Prevent access to NTFS special paths that could lead to filesystem corruption.
Security fix:
#MOZ-2021-0001: Buffer overflow in depth pitch calculations for compressed textures
0.12.3
Fixed
- Abort SSL connections on close rather than waiting for remote EOF when using `asyncio`.
- Fix exception raised in case of connect timeouts when using the `anyio` backend.
- Fix `Host` header precedence for `:authority` in HTTP/2.
- Handle extra edge case when detecting for socket readability when using `asyncio`.
- Fix `asyncio` SSL warning when using proxy tunneling.
Django 3.1.6 fixes a security issue with severity “low” and a bug in 3.1.5.
CVE-2021-3281: Potential directory-traversal via archive.extract()
The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments.
Bugfixes
Fixed an admin layout issue in Django 3.1 where changelist filter controls would become squashed
Django 2.2.18 fixes a security issue with severity “low” in 2.2.17.
CVE-2021-3281: Potential directory-traversal via archive.extract()
The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments.
*** Version 3.0.29 stable ***
- Security/Reliability:
- Fixed memory leaks when a response is buffered and the buffer
limit is reached or Privoxy is running out of memory.
Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no action files are configured. Commit c62254a686.
OVE-20201118-0002.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no filter files are configured. Commit 1b1370f7a8a.
OVE-20201118-0003.
Sponsored by: Robert Klemme
- Fixes a memory leak when client tags are active.
Commit 245e1cf32. OVE-20201118-0004.
Sponsored by: Robert Klemme
- Fixed a memory leak if multiple filters are executed
and the last one is skipped due to a pcre error.
Commit 5cfb7bc8fe. OVE-20201118-0005.
- Prevent an unlikely dereference of a NULL-pointer that
could result in a crash if accept-intercepted-requests
was enabled, Privoxy failed to get the request destination
from the Host header and a memory allocation failed.
Commit 7530132349. CID 267165. OVE-20201118-0006.
- Fixed memory leaks in the client-tags CGI handler when
client tags are configured and memory allocations fail.
Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
- Fixed memory leaks in the show-status CGI handler when memory
allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
CID 305233. OVE-20201118-0008.
- General improvements:
- Added experimental https inspection support which allows to filter
https traffic. To enable it, install MbedTLS and configure with
--with-mbedtls, or install OpenSSL or LibreSSL and configure
with --with-openssl.
Afterwards configure the directives in section 7 of the
config file and enable the +https-inspection action.
Initial MbedTLS-based code contributed by Vaclav Svec,
initial OpenSSL support contributed by Maxim Antonov.
With help from Nedzad Hrnjica and Ho+ Ho+ Ho+.
Integration and improvements sponsored by Robert Klemme.
- pcrs: Request JIT compilation if it's supported and
the filter isn't dynamic. This can speed up filtering.
- Added support for Brotli decompression.
Sponsored by: Robert Klemme
- Added FEATURE_EXTENDED_STATISTICS to gather statistics for
block reasons and filter executions. To enable it, configure
with --enable-extended-statistics and visit
http://config.privoxy.org/show-status.
Sponsored by: Robert Klemme
- Use the IP_FREEBIND socket option, if defined. This allows
Privoxy to bind to not-yet assigned IP addresses which is
useful in failover environments.
Patch by Sam Varshavchik.
- Allow to use extended host patterns and vanilla host patterns
at the same time by prefixing extended host patterns with
"PCRE-HOST-PATTERN:". To enable this, configure with
--enable-pcre-host-patterns.
Sponsored by: Robert Klemme
- Added "Cross-origin resource sharing" (CORS) support.
This allows to access Privoxy's CGI interface via JavaScript from
another domain (white-listed with the new cors-allowed-origin directive).
Based on a patch by Nedzad Hrnjica.
Sponsored by: Robert Klemme.
- Add SOCKS5 username/password support.
Based on a patch by Sam, improved by Ivan Romanov.
Closes Patch#141 and solves TODO#105.
- Bump the maximum number of action and filter files
to 100 each.
Sponsored by: Robert Klemme
- Fixed handling of filters with "split-large-forms 1"
when using the CGI editor.
Reported by withoutname in #921.
- Better detect a mismatch of connection details when
figuring out whether or not a connection can be reused.
- Don't send a "Connection failure" message instead of the
"DNS failure" message.
Sponsored by: Robert Klemme
- Let LOG_LEVEL_REQUEST log all requests. Previously unencrypted
requests were only logged with LOG_LEVEL_REQUEST when they weren't
crunched (in which case they were logged with LOG_LEVEL_CRUNCH).
This was documented behaviour, but logging all requests seems more useful.
- Fixed locking around localtime() and gmtime().
- Removed OS/2 support. We haven't provided OS/2 packages in years,
it complicated the code and it depended on a fallback snprintf()
implementation which is GPLv2 only.
- Remove the fallback snprintf() implementation
Now that OS/2 support is gone we no longer need it.
- Fixed a bunch of format specifiers log messages.
- Added a missing apostrophe in the 'More Privoxy' menu.
- Explicitly prevent use of FEATURE_CONNECTION_SHARING
without FEATURE_CONNECTION_KEEP_ALIVE. It makes no sense
and does not compile anyway.
Sponsored by: Robert Klemme
- Fix build without FEATURE_CONNECTION_KEEP_ALIVE.
Sponsored by: Robert Klemme
- Downgrade the 'Graceful termination requested' message
to LOG_LEVEL_INFO as it isn't an error.
Sponsored by: Robert Klemme
- decompress_iob(): Downgrade the no-content message to LOG_LEVEL_RE_FILTER
While at it, fix a typo in a comment.
Sponsored by: Robert Klemme
- Fixed a couple of cppcheck warnings.
- Rename LOG_LEVEL_GPC to LOG_LEVEL_REQUEST.
Only the shadow knows what "GPC" is supposed to stand for.
- Remove SourceForge references in copyright headers.
- Upgrade a bunch of links to the homepage to https://.
- Add 'no-brotli-accepted' filter which prevents the
use of Brotli compression.
- Changed license for pcrs to GPLv2+ after getting the
permission from Andreas. This allows to redistribute
Privoxy under the GPLv3 which is required when linking
to future mbedTLS versions which are expected to be
licensed under the Apache 2.0 license only.
- Updated a bunch of tests that have to expect status code 403
now after r1.168/070e904afa5.
- Lowercase the host name in the request line.
- Only set SOURCE_DATE_EPOCH if it's not already set so
distributions can overwrite it through the environment.
- Documentation changes:
- Explain that Privoxy has to be distributed under the
GPLv3 (or later) when linked with an MbedTLS version
that is licensed under the Apache 2.0 license.
- Import the GNU GPLv3 and include it the user manual.
- Clarify FEATURE_FORCE_LOAD's description. It allows to bypass
blocking not filtering and only does it if blocks aren't enforced.
Reported by: Robert Klemme
- FAQ: Remove Zwiebelfreunde e.V. from the list of fiduciary sponsors
As of 2021 they no longer handle donations for foreign organisations
due to lack of resources.
- FAQ: Remove an obsolete comment with a link to the long-gone PDF manual.
- FAQ: Add a link to the TODO list.
- FAQ: Change the sponsor amounts to USD slightly rounding the
converted amounts up to get simple numbers.
Receiving USD is apparently easier for SPI and SPI is
preferred by sponsors as they can send invoices.
- Advertise the client-tags CGI page in the user manual.
- Stop advertising the show-version CGI page which no longer exists.
- Add yet another reason why +prevent-compression may cause problems.
- Don't claim that contributors need ssh. It's only needed for committers.
- Replace obsolete CVS instructions with Git instructions.
- Remove an obsolete comment
- Config file changes:
- Change the suggested default-server-timeout to 5 to match the
suggested keep-alive-timeout. Otherwise using the defaults would
result in Privoxy reducing the default-server-timeout and logging
an error message.
Sponsored by: Robert Klemme
- Update the 'debug 1' description.
- Add a missing 'client-specific-tag' directive.
- Comment out trusted-cgi-referer pointing to example.org.
- Action file improvements:
- Block requests to /(.*/)?piwik\.php
- Block requests to .connectaserver.de/
- Block requests to pixel.inforsea.com/
- Block requests to t.vi-serve.com/
- Block requests to .ioam.de/
- Block requests to t.9gag.com/img.gif
- Block requests to .pixel.parsely.com/ as image
- Block requests to pixel.wp.com/
- Disable fast-redirects for .librarything.com/
- Disable fast-redirects for issue.freebsdfoundation.org/
- Disable fast-redirects for .twitter.com/.*origin=http
- Unblock belco24.de/
- Add fast-redirects exception for .wikipedia.org/
- Add fast-redirects exception for oss-fuzz.com/
- Disable fast-redirects for .consensu.org/delivery/pixel\.php
and block the requests as image instead
- Unblock .adbinstaller.com/
Reported by lvm in #942.
- Unblock .adbshell.com
Reported by lvm in #942.
- Unblock .tagesschau.de/
- Disable fast-redirects for collector.githubapp.com/
and block requests to it as image instead
- Unblock 'ada*.'
- Add fast-redirects{} exception for sourcepoint.vice.com/
- Unblock adaway.org/
Reported by DRS David Soft in AF#945.
- Change two block reasons that previously were the same.
Sponsored by: Robert Klemme
- Added a +delay-response{} test.
- Updated the location of the development version
of default.action.master.
- Privoxy-Log-Parser:
- Added a --keep-date option to keep the date in highlighted messages.
- Highlight new log messages.
- Make gather_loglevel_clf_stats() more tolerant. While at it,
count all CLF messages as requests, even if the request is invalid.
- Only show HTTP version distribution if at least one version has been detected.
- Only show crunch statistics if crunches were detected.
- Warn if the request counts differ.
- Generate statistics if the log only contains LOG_LEVEL_CLF messages
so it can be used with vanilla webserver logs.
Previously Privoxy-specific "Request:" messages were required.
- Align the client-HTTP-version distribution like other distributions
- Bump version to 0.9.1
- Include status code distribution in the stats.
- Let the statistics include the size of the content Privoxy
transferred excluding HTTP headers.
- Get with the program and expect all requests to be logged with LOG_LEVEL_REQUEST.
It's no longer necessary to count both LOG_LEVEL_REQUEST and
LOG_LEVEL_CRUNCH messages to get the total number of requests.
- Leverage the LOG_LEVEL_CLF message to gather statistics that where
previously taken from LOG_LEVEL_HEADER lines. This results in less
confusing results if https inspection is enabled in which case there
are two LOG_LEVEL_HEADER lines with request lines.
Sponsored by: Robert Klemme
- Properly highlight the filter results message. Previously a brace got lost.
- Prefer the number of CLF lines to get the total number of requests
as it works with older Privoxy versions as well.
- Privoxy-Regression-Test:
- Turn curl's globbing mode off so we can allow more characters in URLs.
- Allow '[' and ']' in URLs.
- Include the action file when complaining about missing Sticky Actions.
- Fix a sentence in the documentation.
- Bump version to 0.7.1
- url-pattern-translator:
- Detect a couple of pattern prefixes case-insensitively.
Sponsored by: Robert Klemme
- Skip CLIENT-TAG patterns.
Sponsored by: Robert Klemme
- Skip patterns that have already been converted.
It should now be safe to "convert" a file multiple times.
Sponsored by: Robert Klemme
- Add the new 'PCRE-HOST-PATTERN:' prefix.
Sponsored by: Robert Klemme
5.2.0 (2021-01-27)
Features
* 10x latency improvement for MRI on ssl connections by reducing overhead
([#2519])
* Add option to specify the desired IO selector backend for libev
([#2522])
* Add ability to set OpenSSL verification flags (MRI only) ([#2490])
* Uses flush after writing messages to avoid mutating $stdout and $stderr
using sync=true ([#2486])
Bugfixes
* MiniSSL - Update dhparam to 2048 bit for use with SSL_CTX_set_tmp_dh
([#2535])
* Change 'Goodbye!' message to be output after listeners are closed
([#2529])
* Fix ssl bind logging with 0.0.0.0 and localhost ([#2533])
* Fix compiler warnings, but skipped warnings related to ragel state
machine generated code ([#1953])
* Fix phased restart errors related to nio4r gem when using the Puma
control server ([#2516])
* Add #string method to Puma::NullIO ([#2520])
* Fix binding via Rack handler to IPv6 addresses ([#2521])
Refactor
* Refactor MiniSSL::Context on MRI, fix MiniSSL::Socket#write ([#2519])
* Remove Server#read_body ([#2531])
* Fail build if compiling extensions raises warnings on GH Actions,
configurable via MAKE_WARNINGS_INTO_ERRORS ([#1953])
pkgsrc change: add "USE_LANGUAGES= # empty"
2.7.7 / 2021-02-01
* Security fixes for CVE-2021-21289
Mechanize `>= v2.0`, `< v2.7.7` allows for OS commands to be injected
into several classes' methods via implicit use of Ruby's `Kernel.open`
method. Exploitation is possible only if untrusted input is used as a
local filename and passed to any of these calls:
- `Mechanize::CookieJar#load`: since v2.0 (see 208e3ed)
- `Mechanize::CookieJar#save_as`: since v2.0 (see 5b776a4)
- `Mechanize#download`: since v2.2 (see dc91667)
- `Mechanize::Download#save` and `#save!` since v2.1 (see 98b2f51, bd62ff0)
- `Mechanize::File#save` and `#save_as`: since v2.1 (see 2bf7519)
- `Mechanize::FileResponse#read_body`: since v2.0 (see 01039f5)
See
github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g
for more information.
Also see #547, #548. Thank you, @kyoshidajp!
New Features
* Support for Ruby 3.0 by adding `webrick` as a runtime dependency. (#557)
@pvalena
Bug fix
* Ignore input fields with blank names (#542, #536)
pkgsrc changes: stop a few warnings of pkglint.
3.35.3 (2021-01-29)
Fixed
* Just a release to have the correct dates in the History.md in released
gem
3.35.2 (2021-01-29)
Fixed
* Selenium deprecation suppressor with Selenium 3.x
3.35.1 (2021-01-26)
Fixed
* Default chrome driver registrations use chrome - Issue #2442 [Yuriy
Alekseyev]
* 'Capybara.test_id' usage with the :button selector - Issue #2443
Changes:
curl: add --create-file-mode [mode]
curl: add new variables to --write-out
dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries
gopher: implement secure gopher protocol
http: add Hyper as new optional HTTP backend
http: introduce AWS HTTP v4 Signature support
Bugfixes:
badsymbols.pl: add verbose mode -v
badsymbols.pl: ignore stand-alone single hash lines
BUG-BOUNTY: minor language updates
build: fix djgpp builds
cleanup: fix empty expression statement has no effect
cmake: Add an option to disable libidn2
cmake: enable gophers correctly in curl-config
cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
cmdline-opts/gen.pl: return hard on errors
cmdline-opts/retry.d: mention response code 429 as well
configure: set -Wextra-semi-stmt for clang with --enable-debug
connect: defer port selection until connect() time
connect: mark intentional ignores of setsockopt return values
connect: on linux, enable reporting of all ICMP errors on UDP sockets
connect: zero variable on stack to silence valgrind complaint
cookie: avoid the C1001 internal compiler error with MSVC 14
curl.1: fix typo microsft -> microsoft
curl: fix handling of -q option
curl: include the file name in --xattr/--remote-time error msgs
curl: move fprintf outputs to warnf
Curl_chunker: shrink the struct
curl_easy_pause.3: add multiplexed pause effects
CURLINFO_PRETRANSFER_TIME.3: clarify
CURLOPT_URL.3: remove scheme specific details
digest_sspi: Show InitializeSecurityContext errors in verbose mode
docs/examples: adjust prototypes for CURLOPT_READFUNCTION
docs/URL-SYNTAX: the URL syntax curl accepts and works with
docs: enable syntax highlighting in several docs files
docs: fix line length bug in gen.pl
docs: fix typos in NEW-PROTOCOL.md
docs: fix wrong documentation in help.d
docs: remove redundant "better" in --fail help
doh: allocate state struct on demand
examples/libtest: add .checksrc to dist
examples: remove superfluous asterisk uses
failf: remove newline from formatting strings
file: don't provide content-length for directories
getinfo: build with disabled HTTP support
gitattributes: Set batch files to CRLF line endings on checkout
h2: do not wait for RECV on paused transfers
HISTORY: added dates to early history
http: empty reply connection are not left intact
http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy
http: have CURLOPT_FAILONERROR fail after all headers
http: make providing Proxy-Connection header not cause duplicated headers
http: show the request as headers even when split-sending
http_chunks: correct and clarify a comment on hexnumber length
http_proxy: Fix CONNECT chunked encoding race condition
httpauth: make multi-request auth work with custom port
INSTALL: now at 85 operating systems
INSTALL: update the list known OSes and CPU archs curl has run on
lib/unit tests: add missing curl_global_cleanup() calls
lib1564/5: verify that curl_multi_wakeup returns OK
lib: pass in 'struct Curl_easy *' to most functions
lib: remove Curl_ prefix from many static functions
lib: save a bit of space with some structure packing
libssh2: fix "Value stored to 'readdir_len' is never read"
libssh2: move data from connection object to transfer object
libssh: avoid plain free() of libssh-memory
mime: make sure setting MIMEPOST to NULL resets properly
misc: assorted typo fixes
misc: fix "warning: empty expression statement has no effect"
misc: fix typos
mk-ca-bundle.pl: deterministic output when using -t
mqtt: deal with 0 byte reads correctly
mqtt: handle POST/PUBLISH without a set POSTFIELDSIZE
multi: set the PRETRANSFER time-stamp when we switch to PERFORM
multi: skip DONE state if there's no connection left for ftp wildcard
multi: when erroring in TOOFAST state, act as for PERFORM
multi_runsingle: bail out early on data->conn == NULL
ngtcp2: Fix http3 upload stall
ngtcp2: Fix stack buffer overflow
ngtcp2: make it build it current master again
nss: get the run-time version instead of build-time
openssl: lowercase the hostname before using it for SNI
OS400: update ccsidcurl.c
pretransfer: setup the User-Agent header here
quiche: remove fprintf() leftover
Revert "CI/github: work-around for brew breakage on macOS"
runtests: add 'wakeup' as a feature
runtests: add support for %if [feature] conditions
runtests: preprocess DISABLED to allow conditionals
schannel: plug a memory-leak
schannel_verify: fix safefree call typo
select: convert Curl_select() to private static function
socks: use the download buffer instead
speedcheck: exclude paused transfers
strerror: skip errnum >= 0 assertion on windows
test1522: add debug tracing
test1633: set appropriate name
test179: use consistent header line endings
test410: verify HTTPS GET with a 49K request header
tests/mqttd: extract the client id from the correct offset
tests: make --libcurl tests only test FTP options if ftp enabled
tool_doswin: Restore original console settings on CTRL signal
tool_operate: fix the suppression logic of some error messages
tool_operate: spellfix a comment
tooĺ_writeout: fix the -w time output units
transfer: fix GCC 10 warning with flag '-Wint-in-bool-context'
travis: build ngtcp2 --with-gnutls
travis: limit the tests with quiche builds to HTTPS and FTPS only
travis: restrict the openssl3 job to only run https and ftps tests
url: if IDNA conversion fails, fallback to Transitional
urldata: make magic be the first struct field
urldata: remove 'local_ip' from the connectdata struct
urldata: remove duplicate 'upkeep_interval_ms' from connectdata
urldata: remove duplicate port number storage
urldata: remove the duplicate 'ip_addr_str' field
urldata: store ip version in a single byte
vtls: remove md5sum
warnless: remove curlx_ultosi
wolfssl: add SECURE_RENEGOTIATION support
wolfssl: Support wolfSSL builds missing TLS 1.1
v1.43.0:
doc
Documentations are now built with Sphinx 3.3.0 or later.
python
The python binding now requires Python 3.
All python scripts for nghttp2 development are translated to Python 3 compatible.
nghttpx
This release fixes a potential memory issue that a memory pool gets cleared while it is still in use.
ECDSA certificate is now chosen when compatible signature algorithm is available.
This release adds a workaround to include ‘:’ in backend pattern.
Followings are from ChangeLog but some 450 lines are omitted, sorry
2020-01-05 Katsumi Yamaoka <yamaoka@jpl.org>
* w3m.el (w3m-download): Add option to w3m so to work for downloading
any kinds of contents ([emacs-w3m:13731]). Thanks to Kinoshita-san.
2021-01-03 Boruch Baum <boruch_baum@gmx.com>
* w3m.el (w3m-view-previous-page): When currently in an "about://" url,
return to the calling url (PR#89 for upstream).
* w3m-hist.el (w3m-history-push): Don't put "about://" pages in the
history (PR#89 for upstream).
2020-12-28 Boruch Baum <boruch_baum@gmx.com>
* w3m.el (w3m-select-buffer-mode):
* w3m-session.el (w3m-session-select-mode): Set variable
buffer-quit-function (PR#88).
2020-12-22 Boruch Baum <boruch_baum@gmx.com>
(w3m-perldoc-pretty): New function.
(w3m-perldoc): Use them.
.... ( omimt some 450 lines) ...
2019-10-02 Katsumi Yamaoka <yamaoka@jpl.org>
Abolish w3m-max-anchor-sequence (issue #71)
* w3m.el (w3m-max-anchor-sequence): Abolish.
* w3m-form.el (w3m-form-parse-and-fontify):
* w3m.el (w3m-clear-local-variables, w3m-copy-local-variables)
(w3m-fontify-anchors, w3m-next-anchor, w3m-previous-anchor):
Don't handle/use w3m-max-anchor-sequence.
2019-10-01 Katsumi Yamaoka <yamaoka@jpl.org>
w3m-next-anchor and w3m-previous-anchor return t if success (issue #71)
* w3m.el (w3m-next-anchor, w3m-previous-anchor): Return t if success.
ChangeLog:
# Changes in HTMLDOC v1.9.11
- Added high-resolution desktop icons for Linux.
- Updated the internal HTTP library to fix truncation of redirection URLs
(Issue #396)
- Fixed a regression in the handling of character entities for UTF-8 input
(Issue #401)
- The `--numbered` option did not work when the table-of-contents was disabled
(Issue #405)
# Changes in HTMLDOC v1.9.10
- Updated local zlib to v1.2.11.
- Updated local libpng to v1.6.37.
- Fixed packaging issues on macOS and Windows (Issue #377, Issue #386)
- Now ignore sRGB profile errors in PNG files (Issue #390)
- The GUI would crash when saving (Issue #391)
- Page comments are now allowed in `pre` text (Issue #394)
# Changes in HTMLDOC v1.9.9
- Fixed a redirection issue - some sites (incorrectly) provide an incomplete
Location: URL in the HTTP response.
- Fixed https: support on newer versions of Windows (Issue #378)
- Fixed a problem with remote URLs containing spaces (Issue #379)
- Fixed a UTF-8 processing bug for Markdown files (Issue #383)
- Added support for `<FONT FACE="monospace">` (Issue #385)
ChangeLog:
# Changes in HTMLDOC v1.9.11
- Added high-resolution desktop icons for Linux.
- Updated the internal HTTP library to fix truncation of redirection URLs
(Issue #396)
- Fixed a regression in the handling of character entities for UTF-8 input
(Issue #401)
- The `--numbered` option did not work when the table-of-contents was disabled
(Issue #405)
# Changes in HTMLDOC v1.9.10
- Updated local zlib to v1.2.11.
- Updated local libpng to v1.6.37.
- Fixed packaging issues on macOS and Windows (Issue #377, Issue #386)
- Now ignore sRGB profile errors in PNG files (Issue #390)
- The GUI would crash when saving (Issue #391)
- Page comments are now allowed in `pre` text (Issue #394)
# Changes in HTMLDOC v1.9.9
- Fixed a redirection issue - some sites (incorrectly) provide an incomplete
Location: URL in the HTTP response.
- Fixed https: support on newer versions of Windows (Issue #378)
- Fixed a problem with remote URLs containing spaces (Issue #379)
- Fixed a UTF-8 processing bug for Markdown files (Issue #383)
- Added support for `<FONT FACE="monospace">` (Issue #385)
Debian's w3m 0.5.3+git20210102
* new features
- support links containing divs for HTML5
- rudimentary support for HTML5 tags: figure, figcaption, and section
- enhance the behaviour of the q tag when m17n and Unicode are configured
- support for file://hostname/... URLs
- new commands CURSOR_TOP, CURSOR_MIDDLE, and CURSOR_BOTTOM
- new option space_autocomplete, disabled by default
* bug fixes
- fix and improve broken Gopher support, enabled by default
- change the encoding of the Japanese document files to UTF-8
- use the default ciphers without SSL_CTX_set_cipher_list for OpenSSL 1.1
- fix compilation errors due to sys_errlist and longjmp
- define X_DISPLAY_MISSING when configure --without-x for Imlib2
- avoid the -l option of the man command for w3mman
- fix some source formatting in the manual
- show keyboard shortcuts in a consistent order in help
- fix traditional Chinese translation
- drop obsolete w3m-doc
Debian's w3m 0.5.3+git20200502
* bug fixes
- support ' entity
- prevent multiple User-Agent with -header
- fix -Wchar-subscripts
* new features
- support setting user_agent in siteconf
- new command GOTO_HOME
- extend ssl_forbid_method for TLSv1.2 and TLSv1.3
Update DEPENDS
Upstream changes:
1.0048 2020-11-29 16:20:00 PST
[IMPROVEMENTS]
- Updated documentation for cotent_length and content_type #625
- Allow hyphens in file extensions for custom MIME types #614
- Updated some python test script to work with Python 3 #639
[BUG FIXES]
- Fix HTTP::Message::PSGI to work with delayed writer without content #653
- Plackup reloader allows restarting the server when the path contains .git or .svn, just not at the beginning of the path #632
- Added MIME types for .webp, .ttf and .xlsx files (rrwo)
- Fix Plack::Request content to not error when Content-Type is empty #655
Klein is a micro-framework for developing production-ready web
services with Python. It is 'micro' in that it has an incredibly
small API similar to Bottle and Flask. It is not 'micro' in that
it depends on things outside the standard library. This is primarily
because it is built on widely used and well tested components like
Werkzeug and Twisted.
Changelog:
Changes
* Make sure to do priority app upgrades first (server#25077)
* Respect DB restrictions on number of arguments in statements and queries
(server#25120)
* Add a hint about the direction of priority (server#25143)
* Do not redirect to logout after login (server#25146)
* Fix comparison of PHP versions (server#25152)
* Add "composer.lock" for acceptance tests to git (server#25178)
* Update CRL due to revoked gravatar.crl (server#25190)
* Don't log keys on checkSignature (server#25193)
* Update 3rdparty after Archive_Tar (server#25199)
* Bump CA bundle (server#25219)
* Update handling of user credentials (server#25225)
* Fix encoding issue with OC.Notification.show (server#25244)
* Also use storage copy when dav copying directories (server#25261)
* Silence log message (server#25263)
* Extend ILDAPProvider to allow reading arbitrairy ldap attributes for users
(server#25276)
* Do not obtain userFolder of a federated user (server#25278)
* Bump pear/archive_tar from 1.4.11 to 1.4.12 (3rdparty#603)
* Add gitignore entry for .github folder of dependencies (3rdparty#604)
* Clear event array on getting them (activity#551)
Version 3.2.3 (January 26th, 2021)
----------------------------------
**Security fixes**
None
**Features**
None
**Bug fixes**
* fix clean and linkify raising ValueErrors for certain inputs.
Version 3.2.2 (January 20th, 2021)
----------------------------------
**Security fixes**
None
**Features**
* Migrate CI to Github Actions.
**Bug fixes**
* fix linkify raising an IndexError on certain inputs.
1.26.3
* Fixed bytes and string comparison issue with headers
* Changed ``ProxySchemeUnknown`` error message to be
more actionable if the user supplies a proxy URL without
a scheme.
- Added a caching storage mechanism to improve parsing raw data and data
rendering.
- Added a mechanism to avoid counting duplicate data when restoring persisted
data from disk.
- Added additional option to the HTML report to set a maximum number of items
per page to 3.
- Added a list of podcast-related user agents under '%sysconfdir%'.
- Added 'Android 10' to the list of Android codenames.
- Added a 'widescreen' layout to the HTML report (e.g., 4K TV/KPI Dashboard).
- Added 'Beaker', 'Brave', and 'Firefox Focus' to the list of browsers
- Added command line option --user-name=username to avoid running GoAccess as
root when outputting a real-time report.
- Added 'DuckDuckGo' and 'MSNBot' browsers to the browsers.list.
- Added 'facebookexternalhit' to the default crawler list.
- Added German translation (DE).
- Added Kubernetes Nginx Ingress Log Format to the default config file.
- Added 'macOS Catalina' to the list of OSX codenames.
- Added minor CSS updates to HTML report.
- Added missing header '<sys/socket.h>' to fix FreeBSD build
- Added new 'Edg' token to the list of browsers.
- Added '--no-ip-validation' command line to disable client IP validation
- Added '--persist' and '--restore' options to persist to disk and restore a
dump from disk.
- Added Portuguese translation (pt-BR)
- Added Swedish translation (SV)
- Added the ability to parse server cache status and a new panel to display
those metrics.
- Changed accumulated time to work by default on '--persist' and '--restore'.
- Changed back how the hits and visitors percentage is calculated to be more
intuitive.
- Changed Geo Location panel display default to show only if database file is
provided ('LIBMAXMINDDB').
- Changed initial processing time from secs to HH:MM:SS in HTML output.
- Changed '--max-items' for the static HTML report to allow no limit on
output entries.
- Changed required 'gettext' version to 0.19
- Changed to ignore 'SIGPIPE' with 'SIG_IGN'
- Changed version to 10.15 for 'macOS Catalina'.
- Ensure proper escaping on default AWSELB log format.
- Ensure valid requests counter is not affected on duplicate entries when
restoring data.
- Fixed issue preventing Ctrl-C (SIGINT) for the curses interface to stop the
program.
- Fixed issue where HTML report wouldn't update the tables when changing per
page option.
- Fixed issue where it wouldn't find either the user's or global config file.
- Fixed issue where changing the number of items per page in the HTML report
would not automatically refresh the tables.
- Fixed issue where last updated label was not updated in real-time.
- Fixed issue where overall date range wasn't showing the right start/end parse
dates.
- Fixed issue where tailing a file could potentially re-parse part of the log.
- Fixed memory leak when fetching country/continent while using 'LIBMAXMINDDB'.
- Fixed several '-Wcast-qual' warnings.
- Fixed unwanted added characters to the HTML output.
- Fixed websocket issue returning a 400 due to request header size.
- Increased 'MAX_LINE_CONF' so a JSON string can be properly parsed from the
config file.
- Removed deprecated option '--geoip-city-data' from config file.
- Removed unnecessary dependency from snapcraft.yaml.
- Removed some old browsers from the default curated list.
- Replaced TokyoCabinet storage for a non-dependency in-memory persistent
storage.
pkgsrc changes:
- Remove 'tokyocabinet' option, no longer needed
- Switch 'geoip' option to libmaxminddb
Changelog:
New
* Firefox now protects you from supercookies, a type of tracker that can stay
hidden in your browser and track you online, even after you clear cookies.
By isolating supercookies, Firefox prevents them from tracking your web
browsing from one site to the next.
* It??s easier than ever to save and access your bookmarks. Firefox now
remembers your preferred location for saved bookmarks, displays the
bookmarks toolbar by default on new tabs, and gives you easy access to all
of your bookmarks via a toolbar folder.
* The password manager now allows you to remove all of your saved logins with
one click, as opposed to having to delete each login individually.
Fixed
* Various security fixes.
Changed
* Firefox no longer supports Adobe Flash. There is no setting available to
re-enable Flash support.
Enterprise
* Various bug fixes and new policies have been implemented in the latest
version of Firefox. You can see more details in the Firefox for Enterprise
85 Release Notes.
Developer
* Developer Information
* CSS: We have added support for the :focus-visible pseudo class.
* It's possible to prettify JS expressions in Console source code Editor
(available in multiline mode) using a new toolbar button.
Console Editor Pretty Print Expression Screenshot
Security fixes:
#CVE-2021-23953: Cross-origin information leakage via redirected PDF requests
#CVE-2021-23954: Type confusion when using logical assignment operators in
JavaScript switch statements
#CVE-2021-23955: Clickjacking across tabs through misusing requestPointerLock
#CVE-2021-23956: File picker dialog could have been used to disclose a complete
directory
#CVE-2021-23957: Iframe sandbox could have been bypassed on Android via the
intent URL scheme
#CVE-2021-23958: Screen sharing permission leaked across tabs
#CVE-2021-23959: Cross-Site Scripting in error pages on Firefox for Android
#CVE-2021-23960: Use-after-poison for incorrectly redeclared JavaScript
variables during GC
#CVE-2021-23961: More internal network hosts could have been probed by a
malicious webpage
#CVE-2021-23962: Use-after-poison in <code>nsTreeBodyFrame::RowCountChanged</
code>
#CVE-2021-23963: Permission prompt inaccessible after asking for additional
permissions
#CVE-2021-23964: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
#CVE-2021-23965: Memory safety bugs fixed in Firefox 85
Version 3.35.0
Release date: 2020-01-25
Added
* Support Regexp matching for individual class names in :class filter
passed an Array
* Animation disabler now supports JQuery animation disabling when JQuery
loaded from body [Chien-Wei Huang]
Fixed
* :button selector type use with enable_aria_role [Sean Doyle]
* elements don't associate with aria-role buttons
* Ignore Selenium::WebDriver::Error::InvalidSessionIdError when quitting
driver [Robin Daugherty]
* Firefox: Don't click input when sending keys if already focused
* Miscellaneous issues with selenium-webdriver 4.0.0.alphas
* Nil return error in node details optimizations
* Animation disabler now inserts XHTML compliant content [Dale Morgan]
