Upstream changes:
1.90 2018-11-12 18:02:03Z
[DOCUMENTATION]
- Pod fixes (GH#261) (Julien Fiegehenn)
- Fixed pod error as reported by CPANTS. (GH#264) (Mohammad S Anwar)
[ENHANCEMENTS]
- Upgrade to HTML::TreeBuilder version 5 to get support for weak references in
HTML::Element (GH#251) (Julien Fiegehenn)
1.89 2018-10-18 19:13:34Z
[ENHANCEMENTS]
- Add support to find_image() and find_all_images() via 'id'
and 'class' (GH#242) (Julien Fiegehenn)
- Pass strict/verbose constructor args to HTML::Form (GH#256) (Julien Fiegehenn)
- Add ability to clear history and tests for history (GH#259) (mschae94)
Upstream changes:
version 2.28 at 2018-09-17 09:19:09 +0000
-----------------------------------------
Change: cf677362a133592236f3a438ba339ae0fa030c80
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2018-09-17 10:19:09 +0000
Release engineering for 2.28
Change: d712a41b23990ecbee9050b997532b8c6b4c6065
Author: Damyan Ivanov <dmn@debian.org>
Date : 2018-09-16 20:51:07 +0000
add support for IPv6
Upstream changes:
0.25 2018-11-03
* Add support for compiling :disabled, :selected, :checked, :text,
:last-of-type
I'm not sure whether the Perl XPath libaries support this, but at least
we can compile it.
This addresses RT #124406, thanks to Andrew Maguire
0.24 2018-11-02
* Test stability improvement if HTML::TreeBuilder::XPath is not installed
* Re-release with properly fixed META.* information
(RT 127555, reported by Dan Book)
* No code changes, no need to upgrade
o add url remap support via .bzremap file, from martin@netbsd.org
o handle redirections for any protocol, not just http:
o fix a denial of service attack against header contents, which
is now bounded at 16KiB. reported by JP
o reduce default timeouts, and add expand timeouts to handle the
initial line, each header, and the total time spent
o add -T option to expose new timeout settings
o minor RFC fixes related to timeout handling
o fix special file (.htpasswd, .bz*) bypass. reported by JP.
anyone using .htpasswd files should update ASAP.
Nghttp2 v1.35.0
lib
Use __has_declspec_attribute in order to check that dllexport/dllimport can be used.
build
libevent detection with cmake has been improved.
src
C++14 language features are now required.
nghttpx
mruby send_info non-final response is now written early.
Fix assertion failure on mruby send_info with HTTP/1.1 frontend.
h2load
HTTP/1.1 non-final response is now handled correctly.
Clarify that time for connect includes TLS handshake.
Changes 2.1.4:
Fix: shell_plus, fix 1261 check for --notebook-dir=... argument style
Fix: graph_models, Excluded models displayed as an underscore
Fix: set_fake_password, requires_model_validation has been replaced with requires_system_checks since 1.9
Docs: admin_generator, new documentation and examples
Improvement: JSONField, use new from_db_value syntax on Django 2 and up
Improvement: EncryptedTextField, use new from_db_value syntax on Django 2 and up
Improvement: graph_models, add --dot option
Improvement: graph_models, allow to redirect (text) output to file
Improvement: sqldiff, better support for indexes, index_together and unique_together
Changelog:
Version 14.0.3 October 12 2018
Changes
Fixes the apps menu scrollbar (server#11662)
Ignore "session_lifetime" if it can not be converted to a number (server#11761)
Normalize getUnjailedPath (server#11770)
Version 14.0.2 October 11 2018
Changes
Fix contacts menu on mentions (server#11350)
Make the server ready to use global scale with SAML as auth back-end (server#11373)
Fix default flex shrink on list (server#11374)
Fixes the logo height (server#11385)
Do not explode when getting permissions from a FailedStorage (server#11389)
Do not hide the progress bar while the chunked upload is being assembled (server#11399)
Fix "checkWellKnownUrl" not being run (server#11418)
Add back the total used space per user (server#11425)
Fix invalid inline input confirm border (server#11426)
Center back the history icon (server#11430)
AssemblyStream is also eof if we have no more source stream (server#11436)
Re-enable upload button after updating Avatar (server#11451)
Fix typo in config.sample.php (server#11488)
Bugfix 2FA theme: buttons white (server#11489)
Update config and babel for ie11 (server#11490)
Only catch QueryException when trying to build class (server#11492)
Show auth type "None" in email settings (server#11493)
Fix public page footer link wrap (server#11510)
Fix share header text on small widths (server#11511)
Add missing compiled mimetype list (server#11516)
Fixes the move/copy picker buttons (server#11525)
Fix breadcrumbs (server#11530)
Added kinetic scrolling for iOS to apps dropdown menu #10281 (server#11554)
Throw an error if a node is smaller than expected in assemblystream (server#11555)
Reduce the min-width of the files table so it works on sharing pages on mobile (server#11556)
Fix header overflow, fix more apps menu, fix#11552 (server#11558)
Add new group entry on users list + fixes (server#11575)
Redirect guests to login if they follow the link of a comment mention-notifications (server#11577)
Force multiselect max-height to 5.5 items (server#11579)
Just update password hash without validating (server#11580)
Fix sticky header on users list (server#11582)
Fix header border on users list (server#11608)
Fix call to logger (server#11610)
Allow the creationg of previews of files stored in appdata (server#11703)
Update CRL due to changed cert for linkshareex (server#11706)
Fix a misleading setup check for .well-known/caldav & carddav (server#11738)
Remove unneeded CSS rule for IE 11 (files_pdfviewer#101)
Hide footer in public share page (files_pdfviewer#103)
Fix embedded viewer with new server layout on IE 11 (files_pdfviewer#98)
Version 14.0.1 September 25 2018
Changes
Fixes the upload progress bar layout - 14 backport (server#11039)
Fix markup and style of mentions in comments (server#11077)
Do not invalidate main token on OAuth (server#11090)
Expire tokens hardening (server#11103)
fix js files client for user names with spaces (server#11152)
Fix user and group listing with users that have an integer user id (server#11186)
Fix exception class (server#11187)
Remove posix_getpwuid and compare only userid (server#11191)
Fix check for more users in sharing dialogue (server#11201)
Remove filter_var flags due to PHP 7.3 deprecation, fixes#10894 (server#11237)
Fixes empty favorite names for trailing slashes (server#11259)
Fix size of icons in menus inside apps when shown as images (server#11276)
Prevent comment being composed from overlapping the submit button (server#11277)
replace setcookie value with '' instead of null. (server#11280)
Fix the link and anchor for the update notifications (server#11282)
Include empty directories in the default state of acceptance tests (server#11283)
Get permission of storage for shares (server#11287)
Shared by info for room shares without names (server#11288)
Fix icons cacher regex for compressed output (server#11291)
Revert "Use APCu caching of composer" (server#11293)
Use user locale as default in the template (server#11294)
Fix expiration code of tokens (server#11302)
Add unit test for findLanguageFromLocale (server#11340)
14 scroll fix (activity#295)
Update stable14 target versions (files_texteditor#111)
Update stable14 target versions (firstrunwizard#80)
Update stable14 target versions (gallery#467)
Update stable14 target versions (nextcloud_announcements#32)
Update stable14 target versions (notifications#158)
Update config and babel for ie11 (notifications#161)
Version 14.0.0 September 10 2018
Changes
Nextcloud 14 merged nearly 1000 pull requests with improvements and changes, almost 150 more than Nextcloud 13. This only covers the core server, hundreds more changes were made in the apps that make up our release, making this version officially our biggest release ever.
While we can never cover everything that has improved, these are the main feature highlights:
Video Verification - use a video call with Talk to verify the identity of somebody before granting them access to a share
Two-factor authentication now with Signal and Telegram as well as NFC and SMS
Accessibility improvements & dark theme
Add a note to shares, share files in a Talk chat, new Deck Kanban app and much more
Version 13.0.7 October 11 2018
Changes
Prefer using dir instead of allinfo for getting smb file info (server#10804)
[LDAP] The WebUI Wizard also should not assign empty config IDs (server#10824)
Fix mimetype detection for junked uploads (server#10829)
Improve performance when dealing with large numbers of shares (server#10884)
Cast timestamps older than unix epoch to 0 (server#10902)
Use the same ignored properties list for both CustomerPropertiesBackends (server#10911)
Do not hide the progress bar while the chunked upload is being assembled (server#11400)
Fix "checkWellKnownUrl" not being run (server#11419)
AssemblyStream is also eof if we have no more source stream (server#11437)
Show auth type "None" in email settings (server#11494)
Fixes the move/copy picker buttons (server#11524)
Allow the creationg of previews of files stored in appdata (server#11704)
Update CRL due to changed cert for linkshareex (server#11707)
Fix a misleading setup check for .well-known/caldav & carddav (server#11739)
Version 13.0.6 August 30 2018
Changes
Add sabre plugin to allow anonymous options requests to the dav root (server#10285)
Do scan the root storage in background scan (server#10376)
Adding test for table schedulingobjects and fixing postgres LOB (server#10552)
Fix transfering ownership of a share to user with same id as receiver (server#10565)
Make file cache updates more robust (server#10581)
Retry smb stat on timeout (server#10591)
Use insertIfNotExists to store new mimetypes. (server#10620)
Only warn about data lose on password reset if per-user keys are used (server#10646)
Update the scope of the lockdownmanager (server#10682)
Log entries that are hidden during file listing (server#10698)
Forgotten pass fix link (server#10735)
Fix comment style in config sample (server#10759)
Make sure error_log() always receives a string (server#10760)
Fix call to OC.generateUrl for caldav birthday calendar on/off (server#10761)
Use the path_hash instead of the path to query the filecache (server#10762)
Don't blame random people for background email updates (server#10763)
Resolve all group memberships properly (server#10783)
Remove unexecutable code (server#10816)
Improve URL detection (server#10821)
MySQL 8.0+ and MariaDB 10.3+ are large prefix and barracuda by default (server#10823)
Disallow negative mtime in dav search (server#10837)
- Fixed a bug when user clicking confirmation link after confirmation
and expiration causes confirmation email to resend.
- Added support for I18N.
- Added options `SECURITY_EMAIL_PLAINTEXT` and `SECURITY_EMAIL_HTML`
for sending respecively plaintext and HTML version of email.
- Fixed validation when missing login information.
- Fixed condition for token extraction from JSON body.
- Better support for universal bdist wheel.
- Added port of CLI using Click configurable using options
`SECURITY_CLI_USERS_NAME` and `SECURITY_CLI_ROLES_NAME`.
- Added new configuration option `SECURITY_DATETIME_FACTORY` which can
be used to force default timezone for newly created datetimes.
- Better IP tracking if using Flask 0.12.
- Renamed deprecated Flask-WFT base form class.
- Added tests for custom forms configured using app config.
- Added validation and tests for next argument in logout endpoint.
- Bumped minimal required versions of several packages.
- Extended test matric on Travis CI for minimal and released package
versions.
- Added of .editorconfig and forced tests for code style.
- Fixed a security bug when validating a confirmation token, also checks
if the email that the token was created with matches the user's current
email.
- Replaced token loader with request loader.
- Changed trackable behavior of `login_user` when IP can not be detected
from a request from 'untrackable' to `None` value.
- Use ProxyFix instead of inspecting X-Forwarded-For header.
- Fix identical problem with app as with datastore.
- Removed always-failing assertion.
- Fixed failure of init_app to set self.datastore.
- Changed to new style flask imports.
- Added proper error code when returning JSON response.
- Changed obsolete Required validator from WTForms to DataRequired. Bumped
Flask-WTF to 0.13.
- Fixed missing `SECURITY_SUBDOMAIN` in config docs.
- Added cascade delete in PeeweeDatastore.
- Added notes to docs about `SECURITY_USER_IDENTITY_ATTRIBUTES`.
- Inspect value of `SECURITY_UNAUTHORIZED_VIEW`.
- Send password reset instructions if an attempt has expired.
- Added "Forgot password?" link to LoginForm description.
- Upgraded passlib, and removed bcrypt version restriction.
- Removed a duplicate line ('retype_password': 'Retype Password') in
forms.py.
- Various documentation improvement.
Changes:
=================
WebKitGTK+ 2.22.4
=================
What's new in WebKitGTK+ 2.22.4?
- Expose ENABLE_MEDIA_SOURCE as a public build option.
- Fix a crash when using Cairo versions between 1.15 and 1.16.0
- Fix the build with -DLOG_DISABLED=0.
- Fix the build with ENABLE_VIDEO=OFF and ENABLE_WEB_AUDIO=OFF.
- Fix debug builds of JavaScriptCore.
- Fix several crashes and rendering issues.
0.12.0
Drop support for Python 3.3
ca_certs from environment HTTPLIB2_CA_CERTS or certifi
PROXY_TYPE_HTTP with non-empty user/pass raised TypeError: bytes required
Revert http:443->https workaround
eliminate connection pool read race
cache: stronger safename
1.0.0:
* Added --style=auto which follows the terminal ANSI color styles.
* Added support for selecting TLS 1.3 via --ssl=tls1.3
(available once implemented in upstream libraries).
* Added true/false as valid values for --verify
(in addition to yes/no) and the boolean value is case-insensitive.
* Changed the default --style from solarized to auto (on Windows it stays fruity).
* Fixed default headers being incorrectly case-sensitive.
* Removed Python 2.6 support.
2.1.0:
Removed support for Django 1.8, 1.9, 1.10
2.0.5:
Deal with missing context from aldryn-search
Add support for newer Django versions
Add parameters for embed_link
Fix swappable filer image model support
2.0.4:
Added URL parsing for the embed url. It now accepts various versions of YouTube urls and converts them to an embed link.
Added the python3.5 test env
2.0.3:
Prevent changes to DJANGOCMS_VIDEO_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Updated translations
2.0.2:
Fixed an issues with migrations where Null values caused IntegrityError
2.0.1:
Removed base.html for performance reasons
Fixed faulty settings parsing in aldryn_config.py
Fixed an issue where ValidationError wasn't imported
Adapted private get_template method
Updated translations
2.0.0:
Dropped flash support
Dropped django CMS <3.3.1 support
Dropped Django <1.8 support
Renamed Video to VideoPlayer
Added Video Source Plugin
Added Video Track Plugin
Adapted files to resemble best practices
Updated translations
2.1.0:
Fixed a validation issue with attributes
Added support for Django 1.11, 2.0 and 2.1
Removed support for Django 1.8, 1.9, 1.10
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 4.0
2.0.2:
Ensure class ordering is maintained
2.0.1:
Prevent changes to DJANGOCMS_STYLE_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Updated translations
2.1.1:
Added reference variables to migrations
Fixed a text typo in models
2.1.0:
Removed support for Django 1.8, 1.9, 1.10
2.0.8:
Fixed an issue where default DJANGOCMS_PICTURE_RESPONSIVE_IMAGES was not in settings
2.0.7:
Add responsive image support
Add support for Django 2.0 and 2.1
Fix swappable filer image model support
2.0.6:
Fixed a misleading link to MDN inside code documentation
Abstract the link model so it can be extended by other addons
2.0.5:
Fixed an issue in DJANGOCMS_PICTURE_ALIGN where "Align center" pointed to the wrong value
Updated translations
2.0.4:
Prevent changes to DJANGOCMS_PICTURE_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Fixed an issue when no image is set after deletion in django-filer (on_delete=SET_NULL)
Updated translations
2.0.3:
Fixed an issue with picture_link not working as expected in the template
Fixed an issue where the alt text was not displayed appropriately
Fixed an issue where placeholder params can be strings
2.0.2:
Fixed an issues with migrations where Null values caused IntegrityError
2.0.1:
Fixes an issue where images throw an AttributeError
1.2.0:
Fixed an issue with map not always setting correct zoom level
Removed admin url data attribute from the map marker if cms isn't in edit mode
Added support for Django 1.11, 2.0 and 2.1
Removed support for Django 1.8, 1.9, 1.10
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 4.0
1.1.1:
Refactored migration 0005 to avoid using the django CMS api because it can lead to database errors when the models on file don't match the ones in the migration.
Moved Google Apps API Key to an environment variable on Divio Cloud
1.1.0:
Added support for customize marker icon
Updated translations
1.0.2:
Fixed an issue where 0005 migration mismatches lat/lng values when creating the new nested structure from older upgrades
Updated translations
1.0.1:
Prevent changes to DJANGOCMS_GOOGLEMAP_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Fixed zoom level not correctly being applied
Fixed latitude/longitude data attribute values being incorrectly parsed for locales not using a period as decimal separator (e.g. german)
2.1.0:
Removed support for Django 1.8, 1.9, 1.10
2.0.3:
Add support for Django 1.10, 1.11, 2.0 and 2.1
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 4.0
2.0.2:
Prevent changes to DJANGOCMS_FILE_XXX settings from requiring new migrations
Changed naming of Aldryn to Divio Cloud
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.4 and dropped 3.2
Updated translations
2.0.1:
Fixes an issue where images throw an AttributeError
2.0.0:
Added tests
Cleaned up file structure
Removed Django < 1.8 support
Adapted README.txt
Added translations
3.6.1:
Added Django 2.0 & 2.1 support
Updated setup.py to use html5lib>=0.999999999
Fixed ValueError on static file resolution at import time
3.6.0:
Changed the way ckeditor widget is initialized
3.5.3:
Updated CKEditor to 4.7.3
Added context to translation payload when dealing with TextPlugin instances
3.5.1:
Introduced support for django CMS 3.5.0
Fixed a regression which prevented multiple HTMLFields from having different configurations.
Fixed a bug where text coming from HtmlField was escaped when using it with other third party apps like django-parler.
Fixed a bug where dialog backdrop would've been incorrectly removed allowing for disallowed actions.
Fixed a bug when a dialog would open underneath maximized editor.
3.5.0:
Fixed an issue where the rendered HTML of plugins nested in text plugins leaked and became editable in some cases.
Updated CKEditor to 4.6.2
3.4.0:
Introduced support for the djangocms-history app.
Fixed an issue when CKEditor was triggering unnecessary delete-on-cancel requests after editing a plugin.
Fixed a bug which raised an exception when using a lazy object on the plugin configuration.
This project aims to provide a sensible means of storing and managing arbitrary
HTML element attributes for later emitting them into templates.
There are a wide variety of types of attributes and using the "normal" Django
method of adding ModelFields for each on a business model is cumbersome at best
and moreover may require related tables to allow cases where any number of the
same type of attribute should be supported (i.e., data-attributes). This can
contribute to performance problems.
To avoid these pitfalls, this package allows all of these attributes to be
stored together in a single text field in the database as a JSON blob, but
provides a nice widget to provide an intuitive, key/value pair interface and
provide sensible validation of the keys used.
1.4.0:
* Added support for Django 2.0 and 2.1
* Enabled django-mptt 0.9
* Converted QueryDict to dict before manipulating in admin
* Hide 'Save as new' button in file admin
* Fixed history link for folder and image object
* Fixed rendering canonical URL in change form
3.5.3:
* Fixed TreeNode.DoesNotExist exception raised when exporting
and loading database contents via dumpdata and loaddata.
* Fixed a bug where request.current_page would always be the public page,
regardless of the toolbar status (draft / live). This only affected custom
urls from an apphook.
* Removed extra quotation mark from the sideframe button template
* Fixed a bug where structureboard tried to preload markup when using legacy
renderer
* Fixed a bug where updates on other tab are not correctly propagated if the
operation was to move a plugin in the top level of same placeholder
* Fixed a bug where xframe options were processed by clickjacking middleware
when page was served from cache, rather then get this value from cache
* Fixed a bug where cached page permissions overrides global permissions
* Fixed a bug where plugins that are not rendered in content wouldn't be
editable in structure board
* Fixed a bug with expanding static placeholder by clicking on "Expand All" button
* Fixed a bug where descendant pages with a custom url would lose the overwritten
url on save.
* Fixed a bug where setting the on_delete option on PlaceholderField
and PageField fields would be ignored.
* Fixed a bug when deleting a modal from changelist inside a modal
Changes with nginx 1.15.6:
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
*) Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
*) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
"grpc_socket_keepalive", "memcached_socket_keepalive",
"scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
This is currently a, hopefully, simple to use LibSass Go API. It
uses the C bindings in https://github.com/wellington/go-libsass/libs
to do the heavy lifting.
The primary motivation for this project is to add SCSS support to
Hugo. It is has some generic tocss package names hoping that there
will be a solid native Go implementation that can replace LibSass
in the near future.
Spritewell performs image composition on a glob of source images.
This is useful for creating spritesheets of images. This is a thread
safe library and is optimized for multicore systems.
This package contains several lexers and parsers written in Go.
All subpackages are built to be streaming, high performance and to
be in accordance with the official (latest) specifications.
The lexers are implemented using buffer.Lexer in
https://github.com/tdewolff/parse/buffer and the parsers work on
top of the lexers. Some subpackages have hashes defined (using
Hasher) that speed up common byte-slice comparisons.
Minify is a minifier package written in Go. It provides HTML5,
CSS3, JS, JSON, SVG and XML minifiers and an interface to implement
any other minifier. Minification is the process of removing bytes
from a file (such as whitespace) without changing its output and
therefore shrinking its size and speeding up transmission over the
internet and possibly parsing. The implemented minifiers are designed
for high performance.
The core functionality associates mimetypes with minification
functions, allowing embedded resources (like CSS or JS within HTML
files) to be minified as well. Users can add new implementations
that are triggered based on a mimetype (or pattern), or redirect
to an external command (like ClosureCompiler, UglifyCSS, ...).
