Changelog
=========
Since 2.2.4.1
----------------
bugfix: Add/edit member form permissions goes down if screen is not wide enough.
bugfix: Member selector onblur must select one of the list if there is any
match and there is at least one character written.
bugfix: Object picker: do not show object types not allowed for the user in
the left panel
bugfix: D&D classify is allowing to classify in read only members.
bugfix: Do not show parent members in member selector if user has no
permissions over them.
bugfix: Upgrade 1.7 -> 2.X: give permissions over timeslots, reports and
templates in all workspaces where the user can manage tasks.
bugfix: Non admin users cannot delete timeslots.
feature: Can define required dimension without specifying object types.
feature: Option to view members in a separate column.
Since 2.2.4-beta
----------------
bugfix: Cannot delete user with no objects associated.
bugfix: Javascript error when loading and change logo link does not exists.
bugfix: plugin administration fixes.
bugfix: Email content parts that come in attachments are not shown.
bugfix: Tasks edition in gantt chart loses task description.
bugfix: Adding client or project under another member does not remember
selected parent when using quickadd and details button.
feature: More options for tasks edition.
feature: More options for composing emails.
language: Languages updated: German, French, Japanese, Polski.
Drupal 7.22, 2013-04-03
-----------------------
- Allowed the drupal_http_request() function to be overridden so that
additional HTTP request capabilities can be added by contributed modules.
- Changed the Simpletest module to allow PSR-0 test classes to be used in
Drupal 7.
- Removed an unnecessary "Content-Disposition" header from private file
downloads; it prevented many private files from being viewed inline in a web
browser.
- Changed various field API functions to allow them to optionally act on a
single field within an entity (API addition: http://drupal.org/node/1825844).
- Fixed a bug which prevented Drupal's file transfer functionality from working
on some PHP 5.4 systems.
- Fixed incorrect log message when theme() is called for a theme hook that does
not exist (minor string change).
- Fixed Drupal's token-replacement system to allow spaces in the token value.
- Changed the default behavior after a user creates a node they do not have
access to view. The user will now be redirected to the front page rather than
an access denied page.
- Fixed a bug which prevented empty HTTP headers (such as "0") from being set.
(Minor behavior change: Callers of drupal_add_http_header() must now set
FALSE explicitly to prevent a header from being sent at all; this was already
indicated in the function's documentation.)
- Fixed OpenID errors when more than one module implements hook_openid(). The
behavior is now changed so that if more than one module tries to set the same
parameter, the last module's change takes effect.
- Fixed a serious documentation bug: The $name variable in the
taxonomy-term.tpl.php theme template was incorrectly documented as being
sanitized when in fact it is not.
- Fixed a bug which prevented Drupal 6 to Drupal 7 upgrades on sites which had
duplicate permission names in the User module's database tables.
- Added an empty "datatype" attribute to taxonomy term and username links to
make the RDFa markup upward compatible with RDFa 1.1 (minor markup addition).
- Fixed a bug which caused the denial-of-service protection added in Drupal
7.20 to break certain valid image URLs that had an extra slash in them.
- Fixed a bug with update queries in the SQLite database driver that prevented
Drupal from being installed with SQLite on PHP 5.4.
- Fixed enforced dependencies errors updating to recent versions of Drupal 7 on
certain non-MySQL databases.
- Refactored the Field module's caching behavior to obtain large improvements
in memory usage for sites with many fields and instances (API addition:
http://drupal.org/node/1915646).
- Fixed entity argument not being passed to implementations of
hook_file_download_access_alter(). The fix adds an additional context
parameter that can be passed when calling drupal_alter() for any hook (API
change: http://drupal.org/node/1882722).
- Fixed broken support for translatable comment fields (API change:
http://drupal.org/node/1874724).
- Added an assertThemeOutput() method to Simpletest to allow tests to check
that themed output matches an expected HTML string (API addition).
- Added a link to "Install another module" after a module has been successfully
downloaded via the Update Manager (UI change).
- Added an optional "exclusive" flag to installation profile .info files which
allows Drupal distributions to force a profile to be selected during
installation (API addition).
- Fixed a bug which caused the database API to not properly close database
connections.
- Added a link to the URL for running cron from outside the site to the Cron
settings page (UI change).
- Fixed a bug which prevented image styles from being reverted on PHP 5.4.
- Made the default .htaccess rules protocol sensitive to improve security for
sites which use HTTPS and redirect between "www" and non-"www" versions of
the page.
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
Version 2.11.11 (2013-04-03)
----------------------------
### Fixed
Pass the style attribute to empty image gallery table cells (see #5485).
### Fixed
Do not override the website path in the default config file (see #5339).
Release date: 2013-04-04
Opera 12.15 is a recommended upgrade offering security and stability
enhancements.
Fixes and Stability Enhancements since Opera 12.14
General and User Interface
* Fixed an issue where the search bar's default engine could be overridden by
third-party apps.
Security
* Fixed a moderately severe issue, as reported by Attila Suszter; details will
be disclosed at a later date.
* Added safeguards against attacks on the RC4 encryption protocol; see our
advisory: http://www.opera.com/security/advisory/1046
* Fixed an issue where cookies could be set for a top-level domain; see our
advisory: http://www.opera.com/security/advisory/1047
COMMENT should not be longer than 70 characters.
COMMENT should not begin with 'A'.
COMMENT should not begin with 'An'.
COMMENT should not begin with 'a'.
COMMENT should not end with a period.
COMMENT should start with a capital letter.
pkglint warnings. Some files also got minor formatting, spelling, and style
corrections.
Changelog:
NEW
Per-window Private Browsing. Learn more.
NEW
New download experience. Learn more.
NEW
Ability to close hanging plugins, without the browser hanging
CHANGED
Continued performance improvements around common browser tasks (page loads, downloads, shutdown, etc.)
DEVELOPER
Continued implementation of draft ECMAScript 6 - clear() and Math.imul
DEVELOPER
New JavaScript Profiler tool
HTML5
getUserMedia implemented for web access to the user's camera and microphone (with user permission)
HTML5
<canvas> now supports blend modes
HTML5
Various <audio> and <video> improvements
FIXED
Details button on Crash Reporter (793972)
FIXED
Unity plugin doesn't display in HiDPI mode (829284)
FIXED
20.0: Security fixes can be found here
Fixed in Firefox 20
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-33 World read and write access to app_tmp directory on Android
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
Version 0.5
~~~~~~~~~~
Released on 2013-04-01
* Change behavior of passing ``FLATPAGES_MARKDOWN_EXTENSIONS`` to
renderer function, now whole :class:`FlatPages` instance passed as
second argument, this helps user provide more robust renderer
functions.
Upstream changes:
1.0022 2013-04-02 12:37:42 PDT
[BUG FIXES]
- Fixed a major bug in 1.0020-1.0021 where posix_default prevents arbitrary arguments
for plackup-compat (e.g. starman) to handle them (Thanks to justnoxx) Starman#66
[IMPROVEMENTS]
- Fixed test warnings (Keedi Kim)
1.0021 2013-04-02 11:20:00 PDT
- Repackage with Milla v0.9.6 #392
1.0020 2013-04-01 19:34:54 PDT
[INCOMPATIBLE CHANGES]
- Enable posix_default and gnu_compat in plackup Getopt, so that ambiguous
option names do not match with long options accidentally
[IMPROVEMENTS]
- Document fix for the AccessLog (ether)
- Special-case Content-Length and Content-Type for %{}i in AccessLog format #387
1.0019 2013-04-01 17:58:25 PDT
- Trial release with Milla
1.0018 Fri Mar 8 10:43:45 PST 2013
[IMPROVEMENTS]
- Performance boost in Plack::Request#query_parameters (lestrrat)
- Added custom log formats for %m, %U, %q and %H (Hiroshi Sakai)
- Fixed warnings in SimpleContentFilter (earino)
[DOCUMENTATION]
- Added docs about plackup --path
- Added docs about using manager object in Plack::Handler::FCGI
1.0017-TRIAL Thu Feb 7 19:21:24 PST 2013
[INCOMPATIBLE CHANGES]
- Gives you warnings when you use one of Plack::App objects in `plackup -e` or
in .psgi files but forgot to call ->to_app to make it a PSGI application (#369)
Still automatically converts them for backward compatibility, but in the
loading time inside Plack::Builder.
[BUG FIXES]
- chdir to the CGI path when executing CGIBin (#338, #368)
Here is summary from release announce. Full changes are available in
docs/history file. (XSS problem was already fixed by geeklog-1.8.2sr1.)
* Improved strength of password hashing
* Allow Topics to have child Topics
* Allow Articles, Blocks and other Plugin objects to be associated with more
than one Topic
* Topic Breadcrumb support
* Emergency Rescue Tool is included with the Geeklog Install
* Added support for MySQLi
* Add Stop Forum Spam and Spam Number of Links Modules to Spam-X
* A new theme called Denim which is based on Responsive Web Design
* A new theme called Modern Curve
* Comments Form on same page as Articles and plugin other Plugin objects
* Comments RSS Feed Plugin now integrated into Geeklog
* Includes updated versions of jQuery to 1.9.1 and jQuery UI to 1.10.1
* Updated FCKeditor version to 2.6.9
* XSS fixes for the Install, Configuration, Topic Editor, Polls Plugin and
Calendar Plugin
* Twitter OAuth API updated
* HTML 5 DOCTYPE
pkgsrc change: stop using DIST_SUBDIR.
Version 3.0.6 (2013-03-21)
--------------------------
### Fixed
Do not add links to news, events, FAQs or newsletters to the sitemap if the
target page has not been published (see #5520).
### Fixed
Include the local configuration file twice, once before and once after the
module configuration files are parsed (see #5490). This will make settings like
the debug or safe mode work properly.
### Fixed
Correctly set the RSS feed self-reference (see #5478).
### Fixed
Remove `­` and ` ` from RSS and Atom feeds (see #5473).
### Fixed
Do not remove the grid column margin on mobile devices (see #5475).
### Fixed
Store the relative path to the installation in the `pathconfig.php` (see #5339).
### Fixed
Correctly send the comment moderation mails (see #5443).
### Fixed
Correctly create the user home directory upon registration (see #5437).
### Improved
Made the `.htaccess` files Apache 2.4 ready (see #5032).
### Fixed
Also truncate opened files in `File::truncate()` (see #5459).
### Fixed
Added the "allowTransparency" attribute to the mediabox script (see #5077).
### Fixed
The submit button label was not shown in the `FormSubmit` widget (see #5434).
### Fixed
Show invisible elements in the back end preview (see #5449).
### Fixed
Allow to create forward pages without a specific target (see #5453).
### Fixed
Updated the TinyMCE typolinks plugin (see #5329).
### Fixed
Correctly initialize the user's pagemounts (see #5454).
### Fixed
Support loading static JavaScripts in the `config.php` files (see #4890).
### Fixed
Show all articles if the article list module is in the same column (see #5373).
### Fixed
Do not show `mail_` templates from theme folders (see #5379).
### Fixed
Consider only published events when finding the calendar boundaries and only
render the previous and next links if there are events (see #5426).
### Fixed
Do not override the header and footer height in the layout builder (see #5368).
### Fixed
Correctly reset fallback, default and "do not copy" fields (see #5252).
Version 2.11.10 (2013-03-21)
----------------------------
### Fixed
Cast varchar date fields to int when selecting from the database (see #5503).
### Fixed
Only unset POST variables if `Widget::submitInput()` returns `true` (see #5474).
### Fixed
Strictly compare values when determining whether to save or not (see #5471).
### Updated
Updated TinyMCE to version 3.5.8 (see #5329).
### Fixed
Correctly show the "invalid date and time" error message (see #5480).
### Fixed
Correctly split the words when adding to the search index (see #5363).
### Fixed
Correctly load TinyMCE in IE7 and IE8 (see #5346).
### Fixed
Send the correct cache headers in "client cache only" mode (see #5358).
### Fixed
Remove the session of deleted or disabled users (see #5353).
### Fixed
Correctly set the cookie paths (see #5339).
The biggest fix is for a memory leak introduced in Django 1.5. Under certain circumstances, repeated iteration over querysets could leak memory - sometimes quite a bit of it. If you'd like more information, the details are in our ticket tracker (and in a related issue in Python itself).
If you've noticed memory problems under Django 1.5, upgrading to 1.5.1 should fix those issues.
Django 1.5.1 also includes a couple smaller fixes:
* Module-level warnings emitted during tests are no longer silently hidden.
* Prevented filtering on password hashes in the user admin.
Flask-BabelEx adds i18n/l10n support to Flask applications with
the help of the Babel library.
This is fork of official Flask-Babel extension with following
features:
* It is possible to use multiple language catalogs in one Flask
application;
* Localization domains: your extension can package localization
file(s) and use them if necessary;
* Does not reload localizations for each request.
Version 0.4
~~~~~~~~~~~
Released on 2013-04-01
* Add ``FLATPAGES_MARKDOWN_EXTENSIONS`` config to setup list of Markdown
extensions to use with default HTML renderer.
* Fix a bug with non-ASCII filenames.
Upstream changes(since 2.4.0):
2.4.3
Regression fix
MDL-38474 - Teachers unable to access server files
Note: Moodle 2.4.3 is being released just one week after 2.4.2 in response to a serious regression being discovered in 2.4.2.
Other fixes
MDL-38303 - MUC: Session cache is adjusted accordingly when user logs in or out
MDL-38386 - Upgrade step for 24 and master adjusted
MDL-38332 - Browsing users paginates properly for multiples of 30 users
MDL-33424 - Images correctly restored from a 1.9 course quiz
MDL-34011 - Display of student attempts for Short Answer questions in Lessons is now correct
2.4.2
Highlights
MDL-32975 - There is an option to sort My Courses list alphabetically
MDL-36297 - HTML purifier strings are now cached
MDL-35074 - More students can now appear per page in the Grader Report
MDL-34435 - Actions in categories are now logged
Functional changes
MDL-30669 - Admins are warned before deleting 'Sticky' site-wide blocks in 2.2 accidentally through a course page
MDL-37894 - Not yet opened quizzes show close date as well as open date
MDL-35336 - Process for enabling statistics is now clearer
API changes
MDL-36363 - Removing a file store cache instance removes its folder too
MDL-31636 - Comments API allows plugins to set the date format
Security issues
MSA-13-0011 Calendar subscription capability issue
MSA-13-0012 Information leak in course profiles
MSA-13-0013 Server information revealed through exception messages
MSA-13-0014 Password revealed in WebDav repository
MSA-13-0015 Cross-site scripting issue in Filepicker
MSA-13-0016 External Entity Injection through Zend library
MSA-13-0017 Form manipulation issue in notes
MSA-13-0018 Personal information leak through repositories
MSA-13-0019 Unauthorised settings editing through WebDav repository
Fixes and improvements
Fixes for MUC - MDL-37683 MDL-37545 MDL-38110 MDL-38165
MDL-37792 - Conditional Resource based on a profile interest field now works when fields are empty
MDL-38173 - Adding modules to courses where completion is enabled no longer causes corruption
MDL-37847 - Plain text essays now show HTML special characters appropriately
MDL-37774 - Moodle 1.9 to 2.x course restore now works with directory resources
MDL-37563 - Assignment upgrade now includes conditional access settings
MDL-36757 - Editing an activity no longer reveals hidden grades
MDL-35780 - Participants page disclosure of email addresses is now consistent
MDL-35175 - Lesson now shows attempts if associated with a grouping
MDL-37710 - Students can access their own submitted files in a team submission assignment
MDL-38352 - Improved language strings added to the English language pack, the most noticeable being 'My Moodle' in the site admin settings renamed as My home
2.4.1
Highlights
MDL-32880 - Make 1.9 blocks restorable in 2.3 onwards
MDL-34791 - Activity quick title edit updates name in gradebook
MDL-35653 - Wiki module works if you activate the force format option
API changes
MDL-30700 - There is a new function "text_sorting($columnname)" for the class flexible_table which allows you to specify which columns are of type "text" so they can be sorted correctly in all databases.
MDL-35593 - core_webservice_get_site_info returns version number as PARAM_TEXT
MDL-30961 - get_course_contents web service's name value is now PARAM_RAW
Security issues
MSA-13-0001 - Security issue in Google Spellchecker in TinyMCE
MSA-13-0002 - Capability issue with Outcome editing
MSA-13-0003 - Potential server file access through backup restoration
MSA-13-0004 - Information leak through activity report
MSA-13-0005 - Potential phishing attack through URL redirects
MSA-13-0006 - Potential information leak in Assignment module
MSA-13-0007 - Potential exploit in messaging
MSA-13-0008 - Information leak through Blog RSS
MSA-13-0009 - Information leak through Blog RSS
MSA-13-0010 - Failure to check capabilities in calendar
Fixes and improvements
MDL-36680 - Overview report now gives correct course total by not including hidden item grades
MDL-37165 - Assignment summary displays on Oracle
MDL-36963 - Automatic updates deployer needs checks directory permissions
1.0.5
* SQLAlchemy 0.8 support
* Choices and PostgreSQL Enum field type support
* Flask-BabelEx will be used to localize administrative interface
* Simple text file editor
* File admin has additional hooks: rename, edit, upload, etc
* Simple text file editor
* External links in menu
* Column descriptions
* Possibility to override master template
* Reworked templates. New âlayoutâ sample with completely different
administrative UI
* Ability to customize wtforms widget rendering through form_widget_args
property
* German translation (WIP)
* Updated documentation
* Lots of bug fixes
