Upstream changes:
5.26 2014-08-09
- Improved WebSocket performance.
- Fixed proxy exception handling bug in Mojo::UserAgent.
- Fixed bug where Mojo::Transaction::WebSocket would build incorrect frames
if the FIN bit was not set.
5.25 2014-08-07
- Added reduce method to Mojo::Collection. (sri, batman)
- Added if_none_match method to Mojo::Headers.
- Added is_fresh method to Mojolicious::Static.
- Added is_fresh helper to Mojolicious::Plugin::DefaultHelpers.
- Improved Mojolicious to use MyApp::Controller namespace by default and
encourage its use in the documentation.
- Improved sort method in Mojo::Collection to use $a and $b. (batman)
- Improved Mojolicious::Static to support ETag and If-None-Match headers.
- Improved documentation browser CSS.
- Fixed escaping bugs in Mojo::DOM::CSS.
Drupal 7.31, 2014-08-06
----------------------
- Fixed security issues (denial of service). See SA-CORE-2014-004.
Drupal 7.30, 2014-07-24
-----------------------
- Fixed a regression introduced in Drupal 7.29 that caused files or images
attached to taxonomy terms to be deleted when the taxonomy term was edited
and resaved (and other related bugs with contributed and custom modules).
- Added a warning on the permissions page to recommend restricting access to
the "View site reports" permission to trusted administrators. See
DRUPAL-PSA-2014-002.
- Numerous API documentation improvements.
- Additional automated test coverage.
Changelog [20140701]
Bugfixes
fixed a memory leak with subscription system
fixed shortcut for ssl-socket
fixed apache2 mod_proxy_uwsgi (it is now considered stable with all mpm engines)
fixed SCRIPT_NAME and PATH_TRANSLATED generation in php plugin
remove the old FIFO socket from the event queue when recreating it
New features
The new Rados plugins
The rados plugin has been improved and stabilized, and now it is considered usable in production.
Async modes and multithreading correctly works, and support for uploading objects (via PUT) and creating new pools (MKCOL) has been added.
Expect webdav support in uWSGI 2.1
Docs have been updated: http://uwsgi-docs.readthedocs.org/en/latest/Rados.html
-if-hostname
This is a configuration logic for including options only when the specified hostname matches:
[uwsgi]
if-hostname = node1.local
socket = /tmp/socket1.socket
endif =
if-hostname = node2.local
socket = /var/run/foo.socket
endif =
Apache2 mod_proxy_uwsgi stabilization
After literally years of bug reports, and corrupted data, the mod_proxy_uwsgi is now stable, and on modern apache2 releases it supports unix sockets too.
Updated docs: http://uwsgi-docs.readthedocs.org/en/latest/Apache.html#mod-proxy-uwsgi
uwsgi[rsize] routing var
this routing var (meaningful only in the 'final' chain) exposes the response size of the request
the callint scheme
This scheme allows you to generate blob from functions exposed by your uWSGI instance:
[uwsgi]
uid = @(callint://get_my_uid)
gid = @(callint://get_my_gid)
-fastrouter-fallback-on-no-key
The corerouters fallback procedure requires a valid key (domain name) has been requested. This option forces the various routers to trigger the fallback procedure even if a key has not been found.
php 5.5 opcode caching via -php-sapi-name
For mysterious reasons the opcode caching of php5.5 is not enabled in the embed sapi. This option (set it to 'apache' if you want) allows you to fake the opcode caching engine forcing it to enable itself.
Improved chain-reloading
Thanks to Marko Tiikkaja the chain reloading procedure correctly works in cheaper modes and it is more verbose.
added 'chdir' keyval to -attach-daemon2
You can now set where attached daemons need to chdir()
*) Security: pipelined commands were not discarded after STARTTLS
command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
*) Bugfix: the $uri variable might contain garbage when returning errors
with code 400.
*) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug
had appeared in 1.5.6.
^^^^^^^^^^^^^^^^^^^
- Added support for URLType of SQLAlchemy-Utils
0.12.7 (2014-07-21)
^^^^^^^^^^^^^^^^^^^
- Fix ModelFieldList handling of simultaneous deletes and updates
^^^^^^^^^^^^^^^^^^
- Fixed base_form option in SplitDateTimeField getting lost if form is initialized more than once.
0.9.4 (2014-07-29)
^^^^^^^^^^^^^^^^^^
- Added base_form option to SplitDateTimeField
The following changes are not fully backwards compatible:
3.2.0.1
-------
* JQuery major version switched from 2 to 1. Detailed information on this change can be found in the :ref:`FAQ <jquery-faq>`.
Upstream changes:
1.0031 2014-08-01 13:19:14 PDT
[SECURITY]
- Plack::App::File would previously strip trailing slashes off
provided paths. This in combination with the common pattern
of serving files with Plack::Middleware::Static could allow
an attacker to bypass a whitelist of generated files (avar) #446
[IMPROVEMENTS]
- Let HTTP::Message::PSGI warn in case of invalid PSGI response (wchristian) #437
- Update documentation on how response_cb works with writer (doy)
- Make AccessLog work on non-POSIX environment (dex4er) #442
- Plack::App::WrapCGI no longer warns under 5.19.9 (frew)
- Avoid Rosetta Flash attack in JSONP middleware (nichtich) #464
- Fix Plack::Util::inline_object to make it work with can() as a class method
[NEW FEATURES]
- Add $req->query_string shortcut to access QUERY_STRING in PSGI environment
Leonardo Taccari in wip.
Changes:
=================
WebKitGTK+ 2.4.4
=================
What's new in WebKitGTK+ 2.4.4?
- Fix annoying popup shown when visiting 8tracks.com.
- Expose links rendered as blocks to accessibility.
- Make text inside "span" block in "a" block accessible.
- Implement windowed plugins visibility.
- Fix the GObject introspection annotations of webkit_web_resource_get_data_finish().
- Fix a crash in TSymbolTableLevel::~TSymbolTableLevel when WebKit
is built with GCC 4.9.
- Fix a crash when playing a video in facebook.
- Several user agent changes to fix Google Maps and a few other issues.
- Allo to include WebKitVersion.h from web extensions API too.
- Fix web process leak when closing pages with network process enabled.
- Fix the build with --disable-webgl --disable-accelerated-compositing.
=================
WebKitGTK+ 2.4.3
=================
What's new in WebKitGTK+ 2.4.3?
- Fix video playback rate used when resuming in GStreamer media backend.
- Use GstMetaVideo as announced by WebKitVideoSink to fix some
decoders and filters that rely on buffer's meta rather that in the
caps structures.
- Do not pass a valid pointer as redirected-response parameter to
WebKitWebPage::send-request signal when not redirecting.
- Add missing files to the build required for building in Windows.
=================
WebKitGTK+ 2.4.2
=================
What's new in WebKitGTK+ 2.4.2?
- Correctly handle TLS errors in case of a server redirection.
- Fix a crash when submitting a form.
- Fix several JavaScriptCore crashes when browsing facebook.
- Fix a crash when closing a page with windowed plugins.
- Fix a crash after getting web view context property with g_object_get.
- Fix a new[] delete[] mismatch in SocketStreamHandleSoup.
=================
WebKitGTK+ 2.4.1
=================
What's new in WebKitGTK+ 2.4.1?
- Add CORS support for media elements to GStreamer media backend.
- Fix wrong flags used in fcntl call that failed in FreeBSD.
- Correctly handle HTTP authentication for cross-origin requests.
- Correctly handle cookies for cross-origin requests.
- Fix a crash in the plugin process with some plugins that redefine
NPN functions.
- Fix acceletared video when the video format has an alpha component.
- Fix sites using geolocation after reloading when using Geoclue2.
- Append Safari version to UserAgent to fix redirections in
www.globalforestwatch.org.
=================
WebKitGTK+ 2.4.0
=================
What's new in WebKitGTK+ 2.4.0?
- Fix infinite loop in WebProcess due to a race condition that can
happen when the socket event source is cancelled.
- Fix more runtime critical warnings about main loop sources not found
when trying to remove them.
- Lower the timeout used when waiting for the ShoulTerminate reply
in the WebProcess to release unused processes earlier.
- Fix the build for non X11 platforms.
=================
WebKitGTK+ 2.3.92
=================
What's new in WebKitGTK+ 2.3.92?
- Add support for Geoclue2.
- Always finalize the soup session object when the networking
process finishes.
- Make sure the web process doesn't finish if there's an ongoing
print operation.
- Fix runtime critical warnings about main loop sources not found
when trying to remove them.
- Fixed several crashes in JavaScriptCore when visiting facebook.
- Improve CSS properties performance.
- Fix web process leak when the WebView is leaked by the application.
- Fix the build when using vala bindings due to UI and web process
main headers included together.
=================
WebKitGTK+ 2.3.91
=================
What's new in WebKitGTK+ 2.3.91?
- Use a persistent cache for plugins metadata to avoid blocking the
UI while scanning plugins during page loads.
- Make the web inspector always load in multiprocess mode.
- Add a pkg-config file for WebKit2 web process extensions API.
- Fix the generation of g_return macros for GObject DOM bindings in
some cases where non pointer parameters were handled as pointers.
- Enable DFG_JIT on FreeBSD.
- Use system default compiler instead of gcc when building DOM
generated sources.
- Several build fixes for FreeBSD.
- Fix the build with wayland support enabled.
=================
WebKitGTK+ 2.3.90
=================
What's new in WebKitGTK+ 2.3.90?
- Add initial touch support to WebKit2.
- Add API to create a WebKitWebView related to another one to share
the same Web Process.
- Create the inspector view using the same web process as the
inspected page.
- Fix wrong mix of fcntl commands and flags in WebKit2.
- Fix marshaller used in WebKitWebPage::document-loaded signal.
- Fix a crash in GStreamer media backend when playback rate is too high.
- Fix the build on FreeBSD.
=================
WebKitGTK+ 2.3.5
=================
What's new in WebKitGTK+ 2.3.5?
- Add API to allow setting a multiple web process model.
- Add API to pass initialization user data from the UI process to
the web extensions.
- Implement languages support with network process.
- Implement custom URI schemes with network process.
- Disable MemoryCache when the DOCUMENT_VIEWER cache model is set.
- Expose aria-describedby with ATK_RELATION_DESCRIBED_BY.
- Fix a bug that prevented from entering fullscreen again in HTML5
videos after fullscreen was left with ESC.
- Set playback rate when pipeline is not ready in GStreamer media backend.
- Fix a lockup when playing Icecast radio in GStreamer media backend.
- Fix a web process crash when a download is cancelled.
- Fix several crashes when printing via JavaScript.
=================
WebKitGTK+ 2.3.4
=================
What's new in WebKitGTK+ 2.3.4?
- Add API to WebKitResponsePolicyDecision to check if the MIME type
can be shown.
- Enable fullscreen API by default.
- Fix handling of HTTP certificates with the network process enabled.
- Fix downloads with the network process enabled.
- Fix handling of cookies when network process is enabled.
- Remove the partial file downloaded when the download operation
fails or is cancelled.
- Make WebKitWebPage::send-request signal work after a redirect.
- Add xdg.origin.url extended attribute to downloads in WebKit2.
- Fix WebGL with GLES.
- Translation updates: Dutch, Brazilian Portuguese.
=================
WebKitGTK+ 2.3.3
=================
What's new in WebKitGTK+ 2.3.3?
- Initial Network Process support disabled by default.
- CSS regions are now enabled by default.
- Support right-side attachment of the inspector in WebKit2.
- Add spatial navigation setting to WebKit2 GTK+ API.
- Add media source setting to both WebKit1 and WebKit2.
- Support custom types for drag and drop data.
- Avoid extra copy when drawing images in cairo backend.
- Fix scrolling in combo boxes when the dropdown menu is larger than
the screen.
- Render AC layers also when using GTK+ 2 in WebKit1.
- Fix return value of webkit_web_view_get_view_source_mode() in
WebKit1.
- Emit stream-start, caps and segment events in webkitwebaudiosrc
element.
- Fix seeking on media content provided by servers not supporting
range requests.
- Fix a crash when using media source in GStreamer media backend.
- Fix an X11 error when the backing store surface is destroyed.
- Expose splitter elements with ATK_ROLE_SEPARATOR to accessibility.
- Expose accessibility objects WAI-ARIA landmark roles.
- Expose accessibility objects with ATK_ROLE_ARTICLE.
- Expose accessibility objects with ATK_ROLE_CHECK_MENU_ITEM.
- Remove support for GStreamer 0.10.
- Memory leak due to incorrect use of gst_tag_list_merge in
TextCombinerGStreamer.
- Translation updates: Brazilian Portuguese.
=================
WebKitGTK+ 2.3.2
=================
What's new in WebKitGTK+ 2.3.2?
- Add enable-media-stream setting to WebKit2 GTK+ API.
- Fix a crash when load fails due to SSL errors in WebKit2.
- Fix a crash when printing via JavaScript in WebKit2.
- Add support audio and video tracks to GStreamer media backend.
- Properly expose video and audio elements to accessibility.
- Fix invalid cairo matrix when drawing too small surfaces.
- Avoid extra copy when drawing images using cairo.
- Do not omit playback rate when seeking in GStreamer media backend.
- Several build fixes on non-linux platforms.
=================
WebKitGTK+ 2.3.1
=================
What's new in WebKitGTK+ 2.3.1?
- Add WebKit2 API for TLS errors.
- Make EventTarget interface introspectable in GObject DOM bindings.
- Expose WheelEvent in the GObject DOM bindings API.
- Generate API documentation for GObject DOM bindings.
- Respect image orientation by default.
- Enable text edition undo/redo operations support in WebKit2.
- Add suppport for blob URLs to GStreamer media backend.
- Add support for subtitles.
- Allow running the web process with an arbitrary prefix command in
debug builds.
- Expose image links properly to accessibility.
- Expose title and alternative text for links in image maps to
accessibility.
- Cancel the current active WebKitAuthenticationRequest on load
fail.
- Fix several memory leaks.
=================
WebKitGTK+ 2.1.4
=================
What's new in WebKitGTK+ 2.1.4?
- Add WebKitWebView::authenticate signal to WebKit2 GTK API.
- Expose KeyboardEvent in GObject DOM bindings.
- Implement attributesOfChildren() for AccessibilityUIElement.
- Implement allAttributes() for AccessibilityUIElement.
- Fix issues with edge cases when getting offsets for a text range
in AtkText.
- Remote inspector server now notifies about errors when loading
resurces.
- Disable HTTP request "Accept-Encoding:" header field on gstreamer
source element to avoid receiving the wrong size when retrieving
data.
- Fix the final position when receiving several seek calls in a row,
in GStreamer media backend.
- When rendering accelerated video, upload onto the texture only the
buffer to be painted.
- Fix response property definition of WebKitResponsePolicyDecision.
- Fix a crash in WebKit1 when the WebView is created and destroyed
too fast.
- Fix a crash in UI process when the web process crashes.
- Fix a crash in WebKit2 when a context menu item is selected after
the page has been closed.
- Fix a crash when getting the editor command for a key event
initiated by the web inspector.
- Fix the build when building with GTK+ 2.
- Fix several memory leaks.
=================
WebKitGTK+ 2.1.3
=================
What's new in WebKitGTK+ 2.1.3?
- Add support for preload="metadata" to GStreamer media backend.
- Do not expose '\n' for wrapped lines with ATK_TEXT_BOUNDARY_CHAR.
- Fix potential race condition in GStreamer media backend when
getting the video sink caps.
- Fix performance issues rendering a page with animations.
- Several fixes and improvements in GStreamer video accelerated
compositing support.
- Adjust internal size on GStreamer HTTP source element when
receiving data if necessary.
- Actually disable the memory cache when DOCUMENT_VIEWER cache model
is used in WebKit1.
- Fix runtime critical warning in WebKit2 when unloading a module
that failed to load.
- Fix several memory leaks.
=================
WebKitGTK+ 2.1.2
=================
What's new in WebKitGTK+ 2.1.2?
- Set the subresources load priority using new libsoup API available
in 2.43.
- Do not use X11 WidgetBackingStore implementation in Wayland.
- Support using GLContext from multiple threads.
- Make sure gstreamer source element is thread-safe.
- Prevent race condition when pad caps is set on gstreamer player.
- Invalidate the ProcessLauncher when the process is terminated
before it has finished launching
- Use custom cairo code instead of Pango API for highlighting
misspelled words.
- Respect PKG_CONFIG env variable when generating gtk-doc.
- Fix a crash due to an assert in gstreamer backend when seeking.
- Fix memory leak when web process is terminated.
- Translation updates: Telugu, Hindi, Kannada, Odia.
=================
WebKitGTK+ 2.1.1
=================
What's new in WebKitGTK+ 2.1.1?
- Add webkit_uri_scheme_request_finish_error to WebKit2 GTK+ API.
- Add a setting to control whether or not accelerated 2D canvas is
enabled in WebKit2.
- Add a setting to WebKit2 to allow sending console log messages to
stdout.
- Always use EGL to create the GL context when running on Wayland.
- Fix rendering of WebKitWebView child widgets with recent GTK+.
- Notify the web process in WebKitURISchemeRequest when we fail to read
from the user InputStream.
- Fixed race conditions closing the socket descriptor when the web
process crashes.
- Add video accelerated compositing support to the GStreamer backend.
- Add support for audio/speex MIME type to the GStreamer backend.
- Fix seek after video finished in GStreamer backend.
- Initialize WebKitWebPlugin path to prevent double-free in WebKit1.
- Fix several GObject instrospection warnings.
- Fixed several memory leaks.
WebKit is an open source web browser engine. WebKit is also the name of
the Mac OS X system framework version of the engine that's used by
Safari, Dashboard, Mail, and many other OS X applications. WebKit's HTML
and JavaScript code began as a branch of the KHTML and KJS libraries
from KDE.
This is the GTK3+ port of major version 1 of the engine.
for v2 of the package.
WebKit is an open source web browser engine. WebKit is also the name of
the Mac OS X system framework version of the engine that's used by
Safari, Dashboard, Mail, and many other OS X applications. WebKit's HTML
and JavaScript code began as a branch of the KHTML and KJS libraries
from KDE.
This is the GTK2+ port of major version 1 of the engine.
5.24 2014-08-02
- Improved url_escape performance slightly.
- Fixed memory leak in Mojo::IOLoop::Client.
- Fixed bug where ojo would sometimes die silently.
5.23 2014-07-31
- Improved router performance.
- Improved routes command to show format regular expression separately.
- Fixed partial route bug in Mojolicious::Routes::Match.
- Fixed format detection bug in Mojolicious::Routes::Pattern.
5.22 2014-07-30
- Added SOCKS5 support to Mojo::UserAgent.
- Added socks_address, socks_pass, socks_port and socks_user options to
Mojo::IOLoop::Client::connect.
- Improved documentation browser CSS.
Upstream changes:
MediaWiki 1.22.9
This is a security and maintenance release of the MediaWiki 1.22 branch.
Changes since 1.22.8
(bug 68187) SECURITY: Prepend jsonp callback with comment.
(bug 66608) SECURITY: Fix for XSS issue in bug 66608: Generate the URL used for loading a new page in Javascript,instead of relying on the URL in the link that has been clicked.
(bug 65778) SECURITY: Copy prevent-clickjacking between OutputPage and ParserOutput.
(bug 59147) The img_metadata field was not being decoded from bytea into text.
Version 3.3.4 (2014-07-29)
--------------------------
### Fixed
Restore permission to delete root pages for admin users (see #7135).
### Fixed
Pass the file IDs instead of their UUIDs to the file picker (see #7139).
### Fixed
Correctly handle double quotes in comments (see #7102).
### Fixed
Ignore hidden files when building the internal cache (see #7098).
### Fixed
Correctly pass the insert ID of the undo record (see #6234).
### Fixed
Update the vendor libraries (fixes various issues).
Version 3.2.13 (2014-07-29)
---------------------------
### Fixed
Use `DOMDocument::loadXML()` instead of `DOMDocument::load()` (see 7192).
### Fixed
Specify the font size in `rem` for modern browsers (see #7209).
### Fixed
Make sure the default language file is loaded in the DCA extractor (see #7202).
### Fixed
Do not add unpublished FAQs to the XML sitemap (see #7210).
### Fixed
Preserve new lines when replacing simple tokens (see #7178).
### Fixed
Always prevent saving if `PageModel::loadDetails()` is executed (see #7199).
### Fixed
Use `===` to compare password hashes (see #7175).
### Fixed
Correctly mark GET parameters as used (see #7185).
### Fixed
Correctly apply the "disabled" attribute to input unit fields (see #7147).
### Fixed
Correctly check the permission to edit multiple files (see #7157).
### Fixed
Correctly handle other MySQL character sets (see #7140).
### Fixed
Correctly recognize Opera Mobile in the `Environment` class (see #5869).
### Fixed
Fix the grid offset for articles (see #7166).
### Fixed
Restore the basic entities in the source editor (see #7170).
### Fixed
Correctly build the breadcrumb trail in the style sheets module (see #7132).
### Fixed
Do not associate the "use SSL" option with sitemaps only (see #7163).
### Fixed
URL encode the pipe character in the Google web font URL (see #7120).
### Fixed
Handle double quotes in the title attribute of the `<link>` element (see #7124).
### Fixed
Use the `save_callback` when generating multiple aliases (see #7114).
### Update
Update SwiftMailer to version 5.2.1 (see #7110).
### Fixed
Correctly handle double quotes in comments (see #7102).
### Fixed
Ignore hidden files when building the internal cache (see #7098).
### Fixed
Correctly pass the insert ID of the undo record (see #6234).
Upstream changes:
2.21 Mon Jun 9 01:35:54 CEST 2014
- correctly keep body when redirecting POSTs, instead of
deleting them.
2.2 Mon Jun 9 01:31:46 CEST 2014
- connection header was malformed (patch by Raphael Geissert).
- add lots of known idempotent methods from httpbis.
- implement relative location headers (rfc 7231), with fallback on URI.
- add support for status code 308 from rfc 7238.
- recommend URI.
Upstream changes:
0.3.1 Version
-----------------
* Add qqmail mail server backend support, thanks to Yubin Wang <harry198344 AT gmail.com>
* Add `yes` option, remove `--force` of makeapp,makeproject command
* Remove `has_options` attribute in Command class
* Fix `include` bug in ini
* Fix condition test bug of orm.get()
* Add `sqlshell` command
* Add `having` and `join` support to ORM
* Add whole database dump and load support #33
* Add NotFound to __all__ of orm
* Fix recorder bug
0.3 Version
-----------------
* Fix pyini "key=" for raw output bug
* Fix objcache for Lazy field bug, it'll refresh first if found Lazy field
* Fix executing orm command raise Exception not be thrown bug
* Refact multidb support
* Change UserWarn to DeprecationWarning
* Fix syncdb for different table name between `Model.__tablename__` and settings bug
* Remove `get_cached()` and add `cache` parameter to `Model.get()`
* Add `get_local_cache()` and `clear_local_cache()` in order to compatiable
with SimpleFrame implementation
* ORM `Property.to_str()` will return string but not unicode for CHAR and VARCHAR.
* Simplify server_default, if integer given, it'll be convert to `text(n)`
* `ManyResult.all()` can receive a `cache` parameter
* Improve `dump()` and `load()`, add PickleType , ManyToMany support
* Refact objcache app implementation and add `exclude` config option
* Remove primary_key detect, because multi primary_key columns can make composite primary key,
add partition support for mysql
* add None patch process, you can set '', 'empty, 'exception'.
* move uliweb/orm/middle*.py to uliweb/contrib/orm
* move uliweb/i18n/middle_i18n.py to uliweb/contrib/i18n
* move storage from core to utils directory
* improve count process
* Fix Reference and ManyToMany dump and load bug
* Add `is_in_web()` funciton, so you can test if current frame is in web executation
* Add `--gevent` support to call command
* Add `any` to Model, Result, ManyResult
* Add `clear_prefix()` to redis_cli APP, this feature need redis 2.6+ version
* Add version check to redis_cli APP, default is disabled
* Add `clear_table()` to objcache APP
* Add 'id' parameter to `get()` and `get_object()` and `get_cached_object()` functions,
so that if the ID can't be found in cache, condition (old parameter) will be used.
And when id and condition given both, only when id is not integer or valid expression
condition will be used. So in most cases, you don't need pass condition.
* If not set url option for session of database type, it'll automatically use ORM settings if exists
* Add settings and local_settings env variables support
* Fix count bug
* Change orm requirement.txt, add uliweb-alembic package
* generic app add avalon and mmgrid support
* Model.put() not is deprecated, you should use save
* `generic.py` add version support when saving, and add `save` callback parameter.
0.2.6 Version
-----------------
* Add warning output for Reference class parameter of relation properties definition.
* Fix manual and total process bug in ListView and SelectListView
* Fix rawsql bug
* Add `get_object()` support in Generic ListView
* Fix `get_cached()` bug
* Fix process_files in generic add and edit functions bug
* Add `import readline` before enter shell environment
* change occ name to version
* Improve autocomplete in shell command
* Fix manytomany cached value is not used when do the save, because of not stored
in `_old_values`
* If you've already define primary key in Model, then it'll not create id property
for you, just like:
```
user_id = Field(int, primary_key=True, autoincrement=True)
```
* Fix sqldot bug and improve sqlhtml generation
* Eanble colored log output by default.
* Add recorder app, you can use it to record the visit url, and test it later
0.2.5 Version
-----------------
* Fix config template and add `uwsgi` shell support
* Add environment variables support in `settings.ini`. For example, there is a
`MYSQL_PORT` defined in environment, so you can defined something in settings.ini:
```
[DEFAULT]
port = $MYSQL_PORT
port_str = '${MYSQL_PORT}'
```
`$MYSQL_PORT` is the same as `${MYSQL_PORT}`. Just when the variable follows
identifier, so `${}` can easily separate between them.
* Add `STATIC_COMBINE_CONFIG` configuration, you can toggle static combination with it.
Default is False. The configuration is:
```
[STATIC_COMBINE_CONFIG]
enabled = False
```
* Fix objcache app bug, if not fields defined in settings, it'll use all columns of table
* Add `get_table` function to `functions`, you can use it to get table object. Used
in `uliweb.contrib.tables` app.
* Add `local_cache` to local in SimpleFrame, and it can be used to store require relative
cache values, and it'll be empty after each require process.
* Improve `get_object()` function in ORM, add `use_local` parameter, so the cached
value will be checked in `local_cache` first, and also save it in local_cache when
get a value from cache or database.
* Improve objcache config format, you can also define table like this:
```
user = {'fields':['username'], 'expire':expire_time, 'key':callable(instance)|key_field}
#or
user = ['username', 'nickname']
#or
user =
```
If no fields defined, it'll use all fields of Model. And if expire is 0 or
not defined, it'll not expired at all.
`key` will be used to replace `id`, if you want another key value, and it
can be also a callable object, it'll receive an instance of Model parameter,
so you can create any key value as you want.
* Add Optimistic Concurrency Control support for ORM, so you should defined `version`
Field first in Model, then when you save the object, you should use:
```
obj.save(occ=True)
```
If there is already other operation saved the record, it'll raise an `SaveError`
Exception by default, because the version has been changed. You can also pass:
* `occ_fieldname` used to defined the version fieldname, default is `version`
* `occ_exception` used to enabled Exception raised, default is `True`, if you
set it `False` it'll return False, but not raise an Exception.
0.2.4 Version
-----------------
* Fix ORM is not compatible with SQLAlchemy 0.9.1.
* add `__contains__` to functions, so you can test if an API is already defined, just
use:
```
'flash' in functions
```
* Refact generic.py, remove `functions.flash` and `functions.get_fileserving` dependencies by default.
* Fix `yield` support in view function, you can also used in gevent environment.
* Fix `rawsql()` bug for different database engine
* Fix `jsonp()` dumps Chinese characters bug
* Add `trim_path()` function to `utils/common.py`, it can trim a file path to
limited length, for example:
```
>>> a = '/project/apps/default/settings.ini'
>>> trim_path(a, 30)
'.../apps/default/settings.ini'
```
Default limited length is 30.
* Add ORM connection information output when given `-v` option in command line. And
the password will be replace with `'*'`.
* Add multiple apps support for `makeapp` command.
* Refactor `save_file()` process, add `headers` and `convertors` parameter.
* Fix `call_view()` invoke `wrap_result` bug. Missing pass `handler` parameter to wrap_result.
Upstream changes:
5.21 2014-07-27
- Improved handling of Pod::Simple::XHTML 3.09 dependency.
- Improved documentation browser CSS.
5.20 2014-07-27
- Fixed a few bugs in Mojolicious::Plugin::PODRenderer by switching from
Pod::Simple::HTML to Pod::Simple::XHTML.
- Fixed Perl 5.18.x compatibility.
5.19 2014-07-26
- Improved support for Unicode anchors in Mojolicious::Plugin::PODRenderer.
- Fixed is_readable scalability problems in Mojo::Reactor.
5.18 2014-07-25
- Improved is_readable performance in Mojo::Reactor.
5.17 2014-07-24
- Welcome to the Mojolicious core team Jan Henning Thorsen.
- Added val method to Mojo::DOM. (batman, sri)
- Improved Mojo::Collection performance.
- Fixed support for Unicode anchors in Mojolicious::Plugin::PODRenderer.
5.16 2014-07-21
- Improved Mojo::Asset::File to allow appending data to existing files.
(iakuf, sri)
Upstream changes:
1.3126 2014-07-14
[ BUG FIXES ]
* Bunch of files were not in the MANIFEST.
1.3125 2014-07-12
[ ENHANCEMENT ]
* Skip bad cookie definitions. (GH#1036, Manuel Weiss)
* 'dancer' script warns and die if trying to create
an app with the same name of an existing module.
(GH#1038, Racke)
* In Dancer::Logger::Abstract, default host
name to '-' if not available. (GH#1029, John Wittkoski)
* Add Dancer::Serializer::JSONP. (GH#1035, David Zurborg)
[ DOCUMENTATION ]
* Improve the wording of the params() section in Dancer.
(GH#1025, Warren Young)
* Explain how to access config in Dancer::Config's POD.
(GH#1026, Gabor Szabo)
* Cookbook typo fix. (GH#1031, Florian Sojer)
1.3124 2014-05-09
[ ENHANCEMENTS ]
* Also check X-Forwarded-Proto. (GH#1015, Andy Jones)
* Update bundle jQuery to v1.11.0. (GH#1018, Michal Wojciechowski)
* Add session support to the skeleton config. (GH#1008. Gabor Szabo)
[ BUG FIXES ]
* Remove print statement in Dancer::ModuleLoad::require.
(GH#1021, John Wittkoski)
* Test was failing if JSON module was absent.
(GH#1022, Yanick Champoux)
* Allow for routes evaluating to false ('0', '', etc).
(GH#1020, Yanick Champoux)
[DOCUMENTATION]
* Specify defaults in POD. (GH#1023, isync)
* Fix doc for params(). (GH#1025, reported by Warren Young)
[ MISC ]
* Update mailing list url in README. (GH#1017, Racke)
* Markdownify the README. (GH#986, Chris Seymour)
packaged for wip by pho.
The HTTP package supports client-side web programming in Haskell. It lets
you set up HTTP connections, transmitting requests and processing the
responses coming back, all from within the comforts of Haskell. It's
dependent on the network package to operate, but other than that, the
implementation is all written in Haskell.
A basic API for issuing single HTTP requests + receiving responses is
provided. On top of that, a session-level abstraction is also on offer (the
BrowserAction monad); it taking care of handling the management of
persistent connections, proxies, state (cookies) and authentication
credentials required to handle multi-step interactions with a web server.
The representation of the bytes flowing across is extensible via the use of
a type class, letting you pick the representation of requests and responses
that best fits your use. Some pre-packaged, common instances are provided
for you (ByteString, String).
Changelog:
New
Add the search field to the new tab page
New
Support of Prefer:Safe http header for parental control (learn more)
New
mozilla::pkix as default certificate verifier (learn more)
New
Block malware from downloaded files (learn more)
New
Partial implementation of the OpenType MATH table (section 6.3.6) see documentation about mathematical fonts and the MathML Torture Test for details
New
audio/video .ogg and .pdf files handled by Firefox if no application specified (Windows only)
New
Upper Sorbian [hsb] locale added
Changed
Removal of the CAPS infrastructure for specifying site-specific permissions (via capability.policy.* preferences). Most notably, attempts to use this functionality to grant access to the clipboard will no longer work. The sole exception is the checkloaduri permission, which may still be used as before to allow sites to load file:// URIs.
HTML5
WebVTT implemented and enabled (learn more)
HTML5
CSS3 variables implemented (learn more)
Developer
Developer Tools: Add-on Debugger (learn more)
Developer
Developer Tools: Canvas Debugger (learn more)
Developer
New Array built-in: Array.prototype.fill() (learn more)
Developer
New Object built-in: Object.setPrototypeOf() (learn more)
Developer
CSP 1.1 nonce-source and hash-source enabled by default
Developer
Developer Tools: Eyedropper tool added to the color picker (learn more)
Developer
Developer Tools: Editable Box Model (learn more)
Developer
Developer Tools: Code Editor improvements (learn more)
Developer
Developer Tools: Console stack traces (learn more)
Developer
Developer Tools: Copy as cURL (learn more)
Developer
Developer Tools: Styled console logs (learn more)
Developer
navigator.sendBeacon enabled by default (learn more)
Developer
Dialogs spawned from the onbeforeunload event no longer block access to the rest of the browser
Fixed
Search for partially selected link text from context menu (985824)
Fixed
Various security fixes
Fixed in Firefox 31
MFSA 2014-66 IFRAME sandbox same-origin access through redirect
MFSA 2014-65 Certificate parsing broken by non-standard character encoding
MFSA 2014-64 Crash in Skia library when scaling high quality images
MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
MFSA 2014-61 Use-after-free with FireOnStateChange event
MFSA 2014-60 Toolbar dialog customization event spoofing
MFSA 2014-59 Use-after-free in DirectWrite font handling
MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
- SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection header handling which
allowed a denial of service attack against a reverse proxy
with a threaded MPM. [Ben Reser]
- SECURITY: CVE-2014-0226 (cve.mitre.org)
Fix a race condition in scoreboard handling, which could lead to
a heap buffer overflow. [Joe Orton, Eric Covener]
- SECURITY: CVE-2014-0118 (cve.mitre.org)
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to avoid
denial of sevice via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
and DeflateInflateRatioBurst. [Yann Ylavic, Eric Covener]
- SECURITY: CVE-2014-0231 (cve.mitre.org)
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server. By
default, the client I/O timeout (Timeout directive) now applies to
communication with scripts. The CGIDScriptTimeout directive can be
used to set a different timeout for communication with scripts.
[Rainer Jung, Eric Covener, Yann Ylavic]
- mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
resumed by TLS session resumption (RFC 5077). [Rainer Jung]
- mod_deflate: Don't fail when flushing inflated data to the user-agent
and that coincides with the end of stream ("Zlib error flushing inflate
buffer"). Bug 56196. [Christoph Fausak <christoph fausak glueckkanja.com>]
- mod_proxy_ajp: Forward local IP address as a custom request attribute
like we already do for the remote port. [Rainer Jung]
- core: Include any error notes set by modules in the canned error
response for 403 errors. [Jeff Trawick]
- mod_ssl: Set an error note for requests rejected due to
SSLStrictSNIVHostCheck. [Jeff Trawick]
- mod_ssl: Fix issue with redirects to error documents when handling
SNI errors. [Jeff Trawick]
- mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer
larger keys and support up to 8192-bit keys. [Ruediger Pluem,
Joe Orton]
- mod_dav: Fix improper encoding in PROPFIND responses. Bug 56480.
[Ben Reser]
- WinNT MPM: Improve error handling for termination events in child.
[Jeff Trawick]
- mod_proxy: When ping/pong is configured for a worker, don't send or
forward "100 Continue" (interim) response to the client if it does
not expect one. [Yann Ylavic]
- mod_ldap: Be more conservative with the last-used time for
LDAPConnectionPoolTTL. Bug 54587 [Eric Covener]
- mod_ldap: LDAP connections used for authn were not respecting
LDAPConnectionPoolTTL. Bug 54587 [Eric Covener]
- mod_proxy_fcgi: Fix occasional high CPU when handling request bodies.
[Jeff Trawick]
- event MPM: Fix possible crashes (third-party modules accessing c->sbh)
or occasional missed mod_status updates under load. Bug 56639.
[Edward Lu <Chaosed0 gmail com>]
- mod_authnz_ldap: Support primitive LDAP servers do not accept
filters, such as "SDBM-backed LDAP" on z/OS, by allowing a special
filter "none" to be specified in AuthLDAPURL. [Eric Covener]
- mod_deflate: Fix inflation of files larger than 4GB. Bug 56062.
[Lukas Bezdicka <social v3.sk>]
- mod_deflate: Handle Zlib header and validation bytes received in multiple
chunks. Bug 46146. [Yann Ylavic]
- mod_proxy: Allow reverse-proxy to be set via explicit handler.
[ryo takatsuki <ryotakatsuki gmail com>]
- ab: support custom HTTP method with -m argument. Bug 56604.
[Roman Jurkov <winfinit gmail.com>]
- mod_proxy_balancer: Correctly encode user provided data in management
interface. Bug 56532 [Maksymilian, <max cert.cx>]
- mod_proxy_fcgi: Support iobuffersize parameter. [Jeff Trawick]
- mod_auth_form: Add a debug message when the fields on a form are not
recognised. [Graham Leggett]
- mod_cache: Preserve non-cacheable headers forwarded from an origin 304
response. Bug 55547. [Yann Ylavic]
- mod_proxy_wstunnel: Fix the use of SSL connections with the "wss:"
scheme. Bug 55320. [Alex Liu <alex.leo.ca gmail.com>]
- mod_socache_shmcb: Correct counting of expirations for status display.
Expirations happening during retrieval were not counted. [Rainer Jung]
- mod_cache: Retry unconditional request with the full URL (including the
query-string) when the origin server's 304 response does not match the
conditions used to revalidate the stale entry. [Yann Ylavic].
- mod_alias: Stop setting CONTEXT_PREFIX and CONTEXT_DOCUMENT environment
variables as a result of AliasMatch. [Eric Covener]
- mod_cache: Don't add cached/revalidated entity headers to a 304 response.
Bug 55547. [Yann Ylavic]
- mod_proxy_scgi: Support Unix sockets. ap_proxy_port_of_scheme():
Support default SCGI port (4000). [Jeff Trawick]
- mod_expires: don't add Expires header to error responses (4xx/5xx),
be they generated or forwarded. Bug 55669. [Yann Ylavic]
- mod_proxy_fcgi: Don't segfault when failing to connect to the backend.
(regression in 2.4.9 release) [Jeff Trawick]
- mod_authn_socache: Fix crash at startup in certain configurations.
Bug 56371. (regression in 2.4.7) [Jan Kaluza]
- mod_ssl: restore argument structure for "exec"-type SSLPassPhraseDialog
programs to the form used in releases up to 2.4.7, and emulate
a backwards-compatible behavior for existing setups. [Kaspar Brand]
- mod_ssl: Add SSLOCSPUseRequestNonce directive to control whether or not
OCSP requests should use a nonce to be checked against the responder's
one. Bug 56233. [Yann Ylavic, Kaspar Brand]
- mod_ssl: "SSLEngine off" will now override a Listen-based default
and does disable mod_ssl for the vhost. [Joe Orton]
- mod_lua: Enforce the max post size allowed via r:parsebody()
[Daniel Gruno]
- mod_lua: Use binary comparison to find boundaries for multipart
objects, as to not terminate our search prematurely when hitting
a NULL byte. [Daniel Gruno]
- mod_ssl: add workaround for SSLCertificateFile when using OpenSSL
versions before 0.9.8h and not specifying an SSLCertificateChainFile
(regression introduced with 2.4.8). Bug 56410. [Kaspar Brand]
- mod_ssl: bring SNI behavior into better conformance with RFC 6066:
no longer send warning-level unrecognized_name(112) alerts,
and limit startup warnings to cases where an OpenSSL version
without TLS extension support is used. Bug 56241. [Kaspar Brand]
- mod_proxy_html: Avoid some possible memory access violation in case of
specially crafted files, when the ProxyHTMLMeta directive is turned on.
Follow up of Bug 56287 [Christophe Jaillet]
- mod_auth_form: Make sure the optional functions are loaded even when
the AuthFormProvider isn't specified. [Graham Leggett]
- mod_ssl: avoid processing bogus SSLCertificateKeyFile values
(and logging garbled file names). Bug 56306. [Kaspar Brand]
- mod_ssl: fix merging of global and vhost-level settings with the
SSLCertificateFile, SSLCertificateKeyFile, and SSLOpenSSLConfCmd
directives. Bug 56353. [Kaspar Brand]
- mod_headers: Allow the "value" parameter of Header and RequestHeader to
contain an ap_expr expression if prefixed with "expr=". [Eric Covener]
- rotatelogs: Avoid creation of zombie processes when -p is used on
Unix platforms. [Joe Orton]
- mod_authnz_fcgi: New module to enable FastCGI authorizer
applications to authenticate and/or authorize clients.
[Jeff Trawick]
- mod_proxy: Do not try to parse the regular expressions passed by
ProxyPassMatch as URL as they do not follow their syntax.
Bug 56074. [Ruediger Pluem]
- mod_reqtimeout: Resolve unexpected timeouts on keepalive requests
under the Event MPM. Bug 56216. [Frank Meier <frank meier ergon ch>]
- mod_proxy_fcgi: Fix sending of response without some HTTP headers
that might be set by filters. [Jim Riggs <jim riggs.me>]
- mod_proxy_html: Do not delete the wrong data from HTML code when a
"http-equiv" meta tag specifies a Content-Type behind any other
"http-equiv" meta tag. Bug 56287 [Micha Lenk <micha lenk info>]
- mod_proxy: Don't reuse a SSL backend connection whose requested SNI
differs. Bug 55782. [Yann Ylavic]
- Add suspend_connection and resume_connection hooks to notify modules
when the thread/connection relationship changes. (Should be implemented
for any third-party async MPMs.) [Jeff Trawick]
- mod_proxy_wstunnel: Don't issue AH02447 and log a 500 on routine
hangups from websockets origin servers. Bug 56299
[Yann Ylavic, Edward Lu <Chaosed0 gmail com>, Eric Covener]
- mod_proxy_wstunnel: Don't pool backend websockets connections,
because we need to handshake every time. Bug 55890.
[Eric Covener]
- mod_lua: Redesign how request record table access behaves,
in order to utilize the request record from within these tables.
[Daniel Gruno]
- mod_lua: Add r:wspeek for peeking at WebSocket frames. [Daniel Gruno]
- mod_lua: Log an error when the initial parsing of a Lua file fails.
[Daniel Gruno, Felipe Daragon <filipe syhunt com>]
- mod_lua: Reformat and escape script error output.
[Daniel Gruno, Felipe Daragon <filipe syhunt com>]
- mod_lua: URL-escape cookie keys/values to prevent tainted cookie data
from causing response splitting.
[Daniel Gruno, Felipe Daragon <filipe syhunt com>]
- mod_lua: Disallow newlines in table values inside the request_rec,
to prevent HTTP Response Splitting via tainted headers.
[Daniel Gruno, Felipe Daragon <filipe syhunt com>]
- mod_lua: Remove the non-working early/late arguments for
LuaHookCheckUserID. [Daniel Gruno]
- mod_lua: Change IVM storage to use shm [Daniel Gruno]
- mod_lua: More verbose error logging when a handler function cannot be
found. [Daniel Gruno]
Highlights
The tornado.web.stream_request_body decorator allows large
files to be uploaded with limited memory usage.
Coroutines are now faster and are used extensively throughout
Tornado itself. More methods now return Futures, including most
IOStream methods and RequestHandler.flush.
Many user-overridden methods are now allowed to return a Future
for flow control.
HTTP-related code is now shared between the tornado.httpserver,
tornado.simple_httpclient and tornado.wsgi modules, making
support for features such as chunked and gzip encoding more
consistent. HTTPServer now uses new delegate interfaces defined
in tornado.httputil in addition to its old single-callback
interface.
New module tornado.tcpclient creates TCP connections with
non-blocking DNS, SSL handshaking, and support for IPv6.
Backwards-compatibility notes
tornado.concurrent.Future is no longer thread-safe; use
concurrent.futures.Future when thread-safety is needed.
Tornado now depends on the certifi package instead of bundling
its own copy of the Mozilla CA list. This will be installed
automatically when using pip or easy_install.
This version includes the changes to the secure cookie format
first introduced in version 3.2.1, and the xsrf token change
in version 3.2.2. If you are upgrading from an earlier version,
see those versions' release notes.
WebSocket connections from other origin sites are now rejected
by default. To accept cross-origin websocket connections,
override the new method WebSocketHandler.check_origin.
WebSocketHandler no longer supports the old draft 76 protocol
(this mainly affects Safari 5.x browsers). Applications should
use non-websocket workarounds for these browsers.
Authors of alternative IOLoop implementations should see the
changes to IOLoop.add_handler in this release.
The RequestHandler.async_callback and WebSocketHandler.async_callback
wrapper functions have been removed; they have been obsolete
for a long time due to stack contexts (and more recently
coroutines).
curl_httpclient now requires a minimum of libcurl version 7.21.1
and pycurl 7.18.2.
Support for RequestHandler.get_error_html has been removed;
override RequestHandler.write_error instead.
Changes:
bits.close: introduce connection close tracking
darwinssl: Add support for --cacert
polarssl: add ALPN support
docs: Added new option man pages
Bugfixes:
build: Fixed incorrect reference to curl_setup.h in Visual Studio files
build: Use $(TargetDir) and $(TargetName) macros for .pdb and .lib output
curl.1: clarify that -u can't specify a user with colon
openssl: Fix uninitialized variable use in NPN callback
curl_easy_reset: reset the URL
curl_version_info.3: returns a pointer to a static struct
url-parser: only use if_nametoindex if detected by configure
select: with winsock, avoid passing unsupported arguments to select()
gnutls: don't use deprecated type names anymore
gnutls: allow building with nghttp2 but without ALPN support
tests: Fix portability issue with the tftpd server
curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN
curl_sasl: extended native DIGEST-MD5 cnonce to be a 32-byte hex string
random: use Curl_rand() for proper random data
Curl_ossl_init: call OPENSSL_config for initing engines
config-win32.h: Updated for VC12
winbuild: Don't USE_WINSSL when WITH_SSL is being used
getinfo: HTTP CONNECT code not reset between transfers
Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY set
http2: avoid segfault when using the plain-text http2
conncache: move the connection counter to the cache struct
http2: better return code error checking
curlbuild: fix GCC build on SPARC systems without configure script
tool_metalink: Support polarssl as digest provider
curl.h: reverse the enum/define setup for old symbols
curl.h: moved two really old deprecated symbols
curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx
buildconf: do not search tools in current directory.
OS400: make it compilable again. Make RPG binding up to date
nss: do not abort on connection failure (failing tests 305 and 404)
nss: make the fallback to SSLv3 work again
tool: prevent valgrind from reporting possibly lost memory (nss only)
progress callback: skip last callback update on errors
nss: fix a memory leak when CURLOPT_CRLFILE is used
compiler warnings: potentially uninitialized variables
url.c: Fixed memory leak on OOM
gnutls: ignore invalid certificate dates with VERIFYPEER disabled
gnutls: fix SRP support with versions of GnuTLS from 2.99.0
gnutls: fixed a couple of uninitialized variable references
gnutls: fixed compilation against versions < 2.12.0
build: Fixed overridden compiler PDB settings in VC7 to VC12
ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions
netrc: don't abort if home dir cannot be found
netrc: fixed thread safety problem by using getpwuid_r if available
cookie: avoid mutex deadlock
configure: respect host tool prefix for krb5-config
gnutls: handle IP address in cert name check
