Version 1.8.3
-------------
This release mostly fixes support for IPv6, and also some security
bugs. Fixes to messages, etc. were also made.
Bugs resolved since version 1.8.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#91: Fix upstream proxy support
* BB#95: Fix FilterURLs with transparent proxy support
* BB#90: Fix bug in ACL netmask generation
Contributors
~~~~~~~~~~~~
Daniel Egger, John Horne, Michael Adam, Mukund Sivaraman.
Version 1.8.2
-------------
* Minor formatting changes and typo fixes were made.
Bugs resolved since version 1.8.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#69: INET6 not available when configured to Listen and Bind in v4,
and vice versa
* BB#74: tinyproxy unable to reopen log files after receiving HUP
* BB#78: Warn if configuration results in an open proxy
* BB#82: https access not working
* BB#83: run_tests.sh relies on $USER
* BB#84: Unaligned access error on ia64 and alpha
* BB#87: Unable to listen on ports less than 1024 (regression in 1.8.1)
* BB#88: Crashes when reloading configuration
* BB#89: tinyproxy leaks memory over time
Contributors
~~~~~~~~~~~~
Dmitry Semyonov, John van der Kamp, Jordi Mallach, Michael Adam,
Mukund Sivaraman.
Version 1.8.1
-------------
* Tinyproxy now drops `root` user privileges more quickly.
* The log and pid files are now stored in a sub-directory in `/var/`.
* A format string vulnerability was fixed.
* Minor formatting changes and typo fixes were made.
Bugs fixed since version 1.8.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#74: tinyproxy unable to reopen log files after receiving HUP
* BB#79: Make the testsuite uninteractive
* BB#80: Handle errors in testsuite
* BB#81: Listen directive doesn't work as expected
* BB#72: upstream support is not reported with tinyproxy -h
* BB#73: generated tinyproxy.conf has the wrong location for the html
file installation
Contributors
~~~~~~~~~~~~
Michael Adam, Mukund Sivaraman.
Version 1.8.0
-------------
* Tinyproxy now reloads its configuration upon SIGHUP signal.
* Tinyproxy reopens its log file (instead of truncation) upon SIGHUP
signal. This is to play more nicely with logrotate.
* File logging is now the default.
Syslog is chosen if and only if "SysLog Yes" is in the config,
i.e., a present "SysLog Yes" in the config file now overrides
any LogFile setting.
* The XTinyProxy option is now documented as a global boolean.
Before it was documented to build a list of sites to add a
X-Tinyproxy header for, but it was implemented as global boolean.
* A new config option AddHeader allows the user to configure a list of
custom headers to send in outgoing HTTP requests.
* A new config option DisableViaHeader allows the user to disable
sending of the "Via:" header.
* Tinyproxy is now IPv6 capable.
* The config option PidFile now has a compiled in default.
Bugs fixed since version 1.7.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#9: Add support for the IPv6 protocol
* BB#17: Add support for custom headers
* BB#55: Error message response omits body when request has a body
* BB#60: Add config option to disable Via header
* BB#61: SIGHUP does not refresh filter list
* BB#62: Make tinyproxy reload the config upon SIGHUP
* BB#64: Config parsing error with reverse proxy option
* BB#65: Format string compile warnings
* BB#67: ACL processing error with multiple Allow statements
Contributors
~~~~~~~~~~~~
David Shanks, Mathew Mrosko, Michael Adam, Mukund Sivaraman.
Version 1.7.1
-------------
* Fixed all warnings reported by GCC.
* The tinyproxy manpage has been extended and converted to asciidoc.
* There is a new tinyproxy.conf manpage that describes all the options.
* The build system has been considerably cleaned up.
* Various other bugs have been fixed.
Bugs fixed since version 1.7.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#2: Fix Tinyproxy for requests like www.site.com:8001
* BB#5: Move templates from the doc directory to its own directory
* BB#8: Update README, INSTALL, NEWS and the manpage
* BB#10: Do not filter out transfer-encoding header
* BB#18: Fix pointer aliasing issues
* BB#53: Add a GPLv2 COPYING file
Contributors
~~~~~~~~~~~~
Andrew Stribblehill, Jeremy Hinegardner, Matthew Dempsky, Michael Adam,
Mukund Sivaraman, Robert James Kaes.
Version 1.7.0
-------------
* There is now support for reverse proxying.
* Tinyproxy does not bundle a vendor regular expressions library
anymore. It uses the system installed regular expressions library.
* The documentation has been updated.
* Tinyproxy now contains some code optimizations such as the use of a
hashmap internally for looking up error pages.
* Various other bugs have been fixed.
Contributors
~~~~~~~~~~~~
Kim Holviala, Marc Silver, Robert James Kaes, Steven Young.
Add more missing dependencies.
0.41
- Bugfixes
0.4
- Written tests
- HTTP::Server::EV::PortListener module
- Rewritten disk IO code. Now it can use built in perl functions or IO::AIO module.
- Fixed segfault when uploading zero size file
- Multipart processing callbacks.
- Coro support
0.31
- Fixed non ARRAY reference error when cgi->param called in list context with nonexistent param name
- Added explicit type-casting, no more compiler warnings
- Little documentation fix
* filecheck: Fix bug that prevented File::MimeInfo::Magic from ever
being used.
* openid: Display openid in Preferences page as a comment, so it can be
selected in all browsers.
management and manipulation functionality as well as a complete photo gallery
solution. The 2.x release adds more effects, including reflections and
transparent watermarks. It also introduces the ImageModel abstract base class
allowing developers to easily integrated the Photologue core functionality into
their own models. Photologue embraces the Django admin and smoothly integrates
with photo thumbnails and effect previews.
Fri Nov 9 21:36:46 CET 2012
Releasing libmicrohttpd 0.9.23. -CG
Thu Nov 8 22:32:59 CET 2012
Ship our own version of tsearch and friends if not provided by platform,
so that MHD works nicely on Android. -JJ
Mon Oct 22 13:05:01 CEST 2012
Immediately do a second read if we get a full buffer from
TLS as there might be more data in the TLS buffers even if
there is no activity on the socket. -CG
Tue Oct 16 01:33:55 CEST 2012
Consistently use "#ifdef" and "#ifndef" WINDOWS, and not
sometimes "#if". -CG
This release includes the following changes:
o metalink/md5: Use CommonCrypto on Apple operating systems
o href_extractor: new example code extracting href elements
o NSS can be used for metalink hashing [13]
This release includes the following bugfixes:
o Fix broken libmetalink-aware OpenSSL build
o gnutls: fix the error is fatal logic [1]
o darwinssl: un-broke iOS build, fix error on server disconnect
o asyn-ares: restore functionality with c-ares < 1.6.1 [2]
o tlsauthtype: deal with the string case insensitively [3]
o Fixed MSVC libssh2 static build
o evhiperfifo: fix the pointer passed to WRITEDATA [6]
o BUGS: fix the bug tracker URL [4]
o winbuild: Use machine type of development environment
o FTP: prevent the multi interface from blocking [5]
o uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES
o httpcustomheader.c: free the headers after use
o fix >2000 bytes POST over NTLM-using proxy [7]
o redirects to URLs with fragments [8]
o don't send '#' fragments when using proxy [9]
o OpenSSL: show full issuer string [10]
o fix HTTP auth regression [11]
o CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value [12]
o ftp: EPSV-disable fix over SOCKS [14]
o Digest: Add microseconds into nounce calculation [15]
o SCP/SFTP: improve error code used for send failures
o SSL: Several SSL-backend related fixes
o removed the notorious "additional stuff not fine" debug output
o OpenSSL: Disable SSL/TLS compression - avoid the "CRIME" attack
o FILE: Make upload-writes unbuffered
o custom memory callbacks failure with HTTP proxy (and more) [16]
o TFTP: handle resends
o autoconf: don't force-disable compiler debug option
o winbuild: Fix PDB file output [17]
o test2032: spurious failure caused by premature termination [18]
o memory leak: CURLOPT_RESOLVE with multi interface [19]
Changelog:
5.6.0.2 Release Notes
Behavioral Improvements
Improvements to ccm.app.css and ccm.app.js for coexistence with full bootstrap themes. Broke bootstrap.js into a separate JavaScript file.
Bug Fixes
Fixed bugs where certain block dialogs and add stack dialog were blank in IE8.
Fixed IE bugs where the sub-toolbar status bar wouldn¡Çt display
fixed inability to use page picker when register globals was on.
Fixed bug where deleting alias would delete source page (again).
fixing bug where blocks would disappear when adding a layout if the cache was on.
fix bug in simple permissions display when working with deleted groups.
Fixed blank file manager window in IE8.
Attempting to solve intermittent error in PagePermissionAssignments messages that happen on certain upgrades.
Fixed error when using group combinations on basic workflow.
Better permissions upgrading when using simple permissions.
Guestbook comments will now no longer be removed on update of guestbook block.
Attempting to solve ¡ÈIllegal Mix of Collations¡É MySQL error that can affect some setups when previewing pages.
Fixed: http ://www.concrete5.org/index.php?cID=380195
File manager saved search cosmetic improvements.
Removed old code from user avatar uploader that could cause problems if used maliciously.
Fixed bug where Schedule Guest Access would remove all but guest users from view permission.
http://www.concrete5.org/developers/bugs/5.6.0.1/getpermissionobject-incompatibles-between-5.5.x-and-5.6.x/
Pretty URLs are now honored in the Next/Previous block.
Fixed: http://www.concrete5.org/developers/bugs/5.6.0.1/wrong-notice-in-file-permissions-dialogue/
Fixed error where setting custom groups on Access User Search or Assign User Groups permission results in showing one group repeated over and over.
Added legacy getPermissionsObject back to Block Controller to fix Reviews add-on, others.
Fixed typo in the form block (Thanks Remo).
Fixing the error in loading the editor when using custom code and the Concrete TinyMCE theme.
Upstream changes:
MediaWiki 1.20.2
This is a maintenance release of the MediaWiki 1.20 branch
[edit]Changes since 1.20.1
(bug 42638) Fix API action=options&reset=1 & unit tests.
(bug 42370) Fixed backport of 60cc060 to use mDoneWrites.
Changelog:
Version 4.5.4 Dec 3th 2012
Fix a regression for system where output buffering is disabled
Fix a problem with old file versions stored in the filesystem cache
Fix group and subadmin ajax bug
Important LDAP fix
Improved Updater
Changelog:
The Select Addresses dialog came up blank if opened from a Compose window with a single To/Cc/Bcc field filled in (bug 814770).
A change to the User Agent string has been reverted since it caused some website incompatibilities (bug 816749).
Information failed to show on the message header pane under certain circumstances (bug 803322).
The display quality of fonts could be perceived as bad when Cleartype was turned off on Windows (bug 814101).
The permissions database was not read completely if it included an invalid entry (bug 814554).
Tomcat 6.0.36 (jfclere)
Catalina
++++++++
update 48692: Provide option to parse
application/x-www-form-urlencoded PUT requests. (schultz)
add 50306: New StuckThreadDetectionValve to detect requests
that take a long time to process, which might indicate that
their processing threads are stuck. Based on a patch
provided by TomLu. (kkolinko)
fix 50570: Enable FIPS mode to be set in AprLifecycleListener.
Based upon a patch from Chris Beckey. Note that this mode
requires tomcat-native 1.1.23 or later linked to a
FIPS-capable OpenSSL library, which one has to build by
themselves. (schultz/kkolinko)
fix Improve synchronization and error handling in
AprLifecycleListener. Do not allow to change SSL options
if SSL has already been initialized. (schultz/kkolinko)
fix 52225: Fix ClassCastException when adding an alias for an
existing host via JMX. (kkolinko)
fix 52293: Correctly handle the case when antiResourceLocking
is enabled at the Context level when unpackWARs is disabled
at the Host level. Correctly handle multi-level contexts
when antiResourceLocking is enabled. Patch by Justin Miller.
(kkolinko)
fix Do not throw IllegalArgumentException from parseParameters()
call when chunked POST request is too large, but treat it
like an IO error. The FailedRequestFilter filter can be
used to detect this condition. (kkolinko)
fix 52384: Do not fail with parameter parsing when debug
logging is enabled. (kkolinko)
fix Do not flag extra '&' characters in parameters as
parse errors. (kkolinko)
fix 52488: Correct typos: exipre -> expire. Based on a patch
by prockter. (markt)
fix Reduce log level for the message about hitting
maxParameterCount limit from WARN to INFO. Fix limit
comparison to allow exactly maxParameterCount parameters,
as documentation says, instead of (maxParameterCount-1).
(kkolinko)
fix Slightly improve performance of UDecoder.convert(). Align
%2f handling between implementations. (kkolinko)
add Add denyStatus attribute to RequestFilterValve
(RemoteAddrValve, RemoteHostValve valves). It allows to
use different HTTP response code when rejecting denied
request. E.g. 404 instead of 403. (kkolinko)
add Add SetCharacterEncodingFilter (similar to the one
contained in the examples web application) to the
org.apache.catalina.filters package so that it is
available for all web applications. (kkolinko)
add 52500: Added configurable mechanism to retrieve user
names from X509 client certificates. Based on a patch
provided by Michael Furman. (schultz/kkolinko)
fix 52719: Fix a theoretical resource leak in the JAR
validation that checks for non-permitted classes in
web application JARs. (markt)
fix 52830: Correct JNDI lookups when using javax.naming.Name
to identify the resource rather than a java.lang.String.
(markt)
add 52850: Extend memory leak prevention and detection
code to work with IBM as well as Oracle JVMs. Based on
a patch provided by Rohit Kelapure. (kkolinko)
add 52996: In StandardThreadExecutor: Add the ability to
configure a job queue size (maxQueueSize attribute).
Add a variant of execute method that allows to specify
a timeout for how long we want to try to add something
to the queue. Based on a patch by Rüdiger Plüm. (kkolinko)
fix 53047: If a JDBCRealm or DataSourceRealm is configured
for an all roles mode that only requires authorization
(and no roles) and no role table or column is defined,
don't populate the Principal's roles. (markt/kkolinko)
fix 53050: Fix handling of entropy value when initializing
session id generator in session manager. Based on proposal
by Andras Rozsa. (kkolinko)
fix 53056: Add APR version number to tcnative version INFO
log message. (schultz)
fix 53057: Add OpenSSL version number INFO log message
when initializing. (schultz)
fix 53071: Use the message from the Throwable for the error
report generated by the ErrorReportValve if none was
specified via sendError(). Use the standard text for
HTTP error codes. (markt/rjung)
update 53230: Change session managers to throw
TooManyActiveSessionsException instead of
IllegalStateException when the maximum number of sessions
has been exceeded and a new session will not be created.
(schultz/kkolinko)
fix 53267: Ensure that using the GC Daemon Protection feature
of the JreMemoryLeakPreventionListener does not trigger
a full GC every hour. (markt/kkolinko)
fix 53531: Fix ExpandWar.expand to check the return value
of File.mkdir and File.mkdirs. (schultz)
fix Make the CSRF nonce cache in CsrfPreventionFilter
serializable so that it can be replicated across a cluster
and/or persisted across Tomcat restarts. (markt)
fix 53584: Ignore path parameters when comparing URIs for
FORM authentication. This prevents users being prompted
twice for passwords when logging in when session IDs
are being encoded as path parameters. (markt)
fix Various improvements to the DIGEST authenticator
including 52954, the disabling caching of an authenticated
user in the session by default, tracking server rather
than client nonces and better handling of stale nonce
values. (markt)
fix Remove unneeded handling of FORM authentication in
RealmBase. (kkolinko)
fix 53800: FileDirContext.list() did not provide correct paths
for subdirectories. Patch provided by Kevin Wooten.
(kkolinko)
fix 53830: Better handling of Manager.randomFile default
value on Windows. (kkolinko)
fix Improve session management in CsrfPreventionFilter.
(kkolinko)
Coyote
++++++
fix 42181: Better handling of edge conditions in chunk
header processing. (kkolinko)
update 51477: Support all SSL protocol combinations in the
APR/native connector. This only works when using the
native library version 1.1.21 or later. (rjung)
fix 52055 (comment 14): Correctly reset
ChunkedInputFilter.needCRLFParse flag when the filter
is recycled. (kkolinko)
fix 52606: Ensure replayed POST bodies are available when
using AJP. (markt)
fix 52858: Fix high CPU load with SSL, NIO and sendfile
when client breaks the connection before reading all
the requested data. (fhanik/kkolinko)
fix 53119: Prevent buffer overflow errors being reported
when a client disconnects before the response has been
fully written from an AJP connection using the APR/native
connector. (kkolinko)
fix Improve InternalNioInputBuffer.parseHeaders(). (kkolinko)
add Implement maxHeaderCount attribute on Connector.
It is equivalent of LimitRequestFields directive of
Apache HTTPD. Default value is 100. (kkolinko)
fix In JkCoyoteHandler connector for AJP/1.3 protocol
(in JkMain.setProperty()): Fix setting of properties
when connector has already started for properties that
have aliases. E.g. it now allows to change maxHeaderCount
attribute on Connector MBean via JMX. (kkolinko)
fix 53725: Fix possible corruption of GZIP'd output. (kkolinko)
Jasper
++++++
fix 48097 (comment 7), 53366 (comment 1): If JSP page
unexpectedly fails to initialize PageContext instance,
write exception to the logs instead of silent swallowing.
(kkolinko)
fix 52335: Only handle <\% and not \% as escaped in
template text. (markt)
fix 52666: Correct coercion order in EL when processing the
equality and inequality operators. (markt)
fix 53001: Revert the fix for 46915 since the use case
described in the bug is invalid since it breaks the EL
specification. (markt)
fix 53032: Modify JspC so it extends org.apache.tools.ant.Task
enabling it to work with features such as namespaces
within build.xml files. (markt)
Cluster
+++++++
fix Replicate principal in ClusterSingleSignOn. (kfujino)
fix 53513: Fix race condition between the processing of
session sync message and transfer complete message. (kfujino)
fix 53606: Fix potential NPE in TcpPingInterceptor. Based
on a patch by F. Arnoud. (markt)
fix 53607: To avoid NPE, set TCP PING data to ChannelMessage.
Patch provided by F.Arnoud (kfujino)
fix Fix a behavior of TcpPingInterceptor#useThread. Do not
start a ping thread when useThread is set to false. (kfujino)
Web applications
++++++++++++++++
fix 52243: Improve windows service documentation to clarify
how to include # and/or ; in the value of an environment
variable that is passed to the service. (markt)
fix 52515: Make it clear in the Realm how-to in the
documentation web application that digested password
storage when using DIGEST authentication requires that
MD5 digests are used. (markt)
fix 52641: Remove mentioning of ldap.jar from docs. Patch
provided by Felix Schumacher. (rjung)
fix Remove obsolete bug warning from windows service
documentation page. (rjung)
fix 52983: Remove unnecessary code that makes switching to
other authentication methods difficult. (markt)
fix 53158: Fix documented defaults for DBCP. Patch provided
by ph.dezanneau at gmail.com. (rjung)
update Update JavaSE documentation links to point to the current
docs.oracle.com site, instead of obsolete ones
(download.oracle.com, java.sun.com). (kkolinko)
update 53289: Clarify ResourceLink example that uses
DataSource.getConnection(username, password) method.
Not all data source implementations support it. (kkolinko)
fix Prevent the custom error pages for the Manager and
Host Manager applications from being accessed directly.
Configure custom pages for error codes 401 and 403
in Host Manager application. (markt/kkolinko)
fix Correct documentation for enableLookups attribute of
a Connector. By default DNS lookups are disabled. (kkolinko)
fix Fix several HTML markup errors in servlets of examples
web application. (kkolinko)
update Change the index page of ROOT webapp to mention
"manager-gui" role instead of "manager" one. (kkolinko)
fix 53473: Correct the allowed values for the SSI option
isVirtualWebappRelative which are true or false. (markt)
fix 53664: Minor JNDI Howto document enhancement concerning
mail properties. Patch provided by Mark Eggers. (schultz)
fix 53601: Clarify that to build Apache Tomcat 6 from sources
a Java 5 JDK is recommended. (kkolinko)
fix 53793: Change links on the list of applications in the
Manager to point to /appname/ instead of /appname. (kkolinko)
Other
+++++
fix 49402, 52124: Fix Maven publishing script: make sure it
finds tomcat-juli.jar and use later version of wagon-ssh.
(jfclere)
fix Update Apache Commons Daemon to 1.0.10. It resolves
52548 which meant that services created with service.bat
did not set the catalina.home and catalina.base system
properties. (markt, kkolinko)
update Update Apache Commons Pool to 1.5.7. (kkolinko)
update 52579: Add a note about Sun's Charset.decode() bug to
the RELEASE-NOTES file. (kkolinko)
update 52805: Update to Eclipse JDT Compiler 3.7.2. (kkolinko)
update Update the native component of the APR/native connectors
to 1.1.23 and take advantage of the simplified distribution.
(kkolinko)
fix When building a Windows installer do not copy whole
"res" folder to output/dist, but only the files that
we need. Apply fixcrlf filter only after the files are
copied, so that INSTALLLICENSE file had correct line
ends. (kkolinko)
update Remove res/License.rtf. The file that is actually shown
by the Windows installer is res/INSTALLLICENSE. (kkolinko)
update Improve RUNNING.txt. (kkolinko)
update Align the script that deploys Maven jars for Tomcat
(res/maven/mvn-pub.xml) with the Tomcat 7 version, making
full use of Nexus. (markt)
add 53034: Add project.url and project.licenses sections to
the POMs for the Maven artifacts. (kkolinko)
fix 53454: Return correct content-length header for HEAD
requests when content length is greater than 2GB. (markt)
Upstream changes:
MediaWiki 1.20.1
This is a security release of the MediaWiki 1.20 branch
Changes since 1.20
(bug 42202) Validate options to prevent html injection
(bug 40995) Prevent session fixation in Special:UserLogin (CVE-2012-5391)
(bug 41400) Prevent linker regex from exceeding PCRE backtrack limit
Javscript Lint fixes
(bug 40632) Remove CleanupPresentationalAttributes feature
[Database] Fixed case where trx idle callbacks might be lost.
MediaWiki 1.20
MediaWiki 1.20 is a stable release.
PHP 5.3 now required
Since 1.20, the lowest supported version of PHP is now 5.3.2. Please upgrade PHP if you have not done so prior to upgrading MediaWiki.
Configuration changes in 1.20
$wgGitRepositoryViewers defines a mapping from Git remote repository to the Gitweb instance URL used in Special:Version.
$wgUsePathInfo = true; is no longer needed to make $wgArticlePath work on servers using like nginx, lighttpd, and apache over fastcgi. MediaWiki now always extracts path info from REQUEST_URI if it's available.
The user right 'upload_by_url' is no longer given to sysops by default. This only affects installations which have $wgAllowCopyUploads set to true.
Removed f-prot support from $wgAntivirusSetup.
New variable $wgDBerrorLogTZ to provide dates in the error log in a different timezone than the wiki timezone set by $wgLocaltimezone.
New variables $wgDBssl and $wgDBcompress to enable SSL and compression for database connections, if either are available for the selected DB type.
$wgUseCombinedLoginLink now defaults to false, making MediaWiki output separate login and create account links by default.
New features in 1.20
Added TitleIsAlwaysKnown hook which gets called when determining if a page exists.
Added NamespaceIsMovable hook which gets called when determining if pages in a certain namespace can be moved.
Added SpecialPageBeforeExecute hook which gets called before SpecialPage::execute.
Added SpecialPageAfterExecute hook which gets called after SpecialPage::execute.
Added ORMTable, ORMRow and ORMResult classes for additional abstraction of database interaction.
Added CacheHelper and associated SpecialCachedPage and CachedAction helper classes.
(bug 32341) Add upload by URL domain limitation.
&useskin=default will now always display the default skin. Useful for users with a preference for the non-default skin to look at something using the default skin.
(bug 27619) Remove preference option to display broken links as link?
(bug 34896) jQuery JSON plugin upgraded to v2.3 (2011-09-17).
(bug 34302) Add CSS classes to email fields in user preferences.
Introduced $wgDebugDBTransactions to trace transaction status (currently PostgreSQL only).
(bug 23795) Add parser itself to ParserMakeImageParams hook.
Introduce a cryptographic random number generator source api for use when generating various tokens.
(bug 30963) Option on Special:Prefixindex and Special:Allpages to not show redirects.
(bug 18062) New message when edit or create the local page of a shared file.
(bug 22870) Separate interface message when creating a page.
(bug 17615) nosummary option should be reassigned on preview/captcha.
(bug 34355) Add a variable and parser function for the namespace number.
(bug 35649) Special:Version now shows hashes of extensions checked out from git.
(bug 35728) Git revisions are now linked on Special:Version.
"Show Changes" on default messages shows now diff against default message text
(bug 23006) create #speciale parser function.
generateSitemap can now optionally skip redirect pages.
(bug 27757) New API command just for retrieving tokens (not page-based).
Added GitViewers hook for extensions using external git repositories to have a web-based repository viewer linked to from Special:Version.
Memcached debug logs can now be sent to their own file logs by setting $wgDebugLogFile['memcached'] to some filepath.
(bug 35685) api.php URL and other entry point URLs are now listed on Special:Version
Edit notices can now be translated.
jQuery upgraded to 1.8.2.
jQuery UI upgraded to 1.8.23.
QUnit upgraded from v1.2.0 to v1.10.0.
(bug 37604) jquery.cookie upgraded to 2011 version.
(bug 22887) Add warning and tracking category for preprocessor errors
(bug 31704) Allow selection of associated namespace on the watchlist
(bug 5445) Now remove autoblocks when a user is unblocked.
Added $wgLogExceptionBacktrace, on by default, to allow logging of exception backtraces.
Added device detection for determining device capabilities.
QUnit.newMwEnvironment now supports passing a custom setup and/or teardown function. Arguments signature has changed. First arguments is now an options object of which 'config' can be a property. Previously 'config' itself was the first and only argument.
New getCreator and getOldestRevision methods added to WikiPage class
(bug 4220) the XML dump format schema now have unique identity constraints for page and revision identifiers. Patch by Elvis Stansvik.
cleanupSpam.php now can delete spam pages if --delete was specified instead of blanking them.
Added new hook ChangePasswordForm to allow adding of additional fields in Special:ChangePassword
Added new function getDomain to AuthPlugin for getting a user's domain
(bug 23427) New magic word {{PAGEID}} which gives the current page ID. Will be null on previewing a page being created.
(bug 37627) UserNotLoggedIn() exception to show a generic error page whenever a user is not logged in.
Watched status in changes lists are no longer indicated by <strong></strong> tags with class "mw-watched". Instead, each line now has a class "mw-changeslist-line-watched" or "mw-changeslist-line-not-watched", and the title itself is surrounded by <span></span> tags with class "mw-title".
Added ContribsPager::reallyDoQuery hook allowing extensions to data to MyContribs
Added new hook ParserAfterParse to allow extensions to affect parsed output after the parse is complete but before block level processing, link holder replacement, and so on.
(bug 34678) Added InternalParseBeforeSanitize hook which gets called during Parser's internalParse method just before the parser removes unwanted/dangerous HTML tags.
Added new hook AfterFinalPageOutput to allow modifications to buffered page output before sent to the client.
(bug 36783) Implement jQuery Promise interface in mediawiki.api module.
Make dates in sortable tables sort according to the page content language instead of the site content language
(bug 37926) Deleterevision will no longer allow users to delete log entries, the new deletelogentry permission is required for this.
(bug 14237) Allow PAGESINCATEGORY to distinguish between 'all', 'pages', 'files' and 'subcats'
(bug 38362) Make Special:Listuser includeable on wiki pages.
Added support in jquery.localize for placeholder attributes.
(bug 38151) Implemented mw.user.getRights for getting and caching the current user's user rights.
Session storage can now configured independently of general object cache storage, by using $wgSessionCacheType. $wgSessionsInMemcached has been renamed to $wgSessionsInObjectCache, with the old name retained for backwards compatibility. When this feature is enabled, the expiry time can now be configured with $wgObjectCacheSessionExpiry.
Added a Redis client for object caching.
Implemented mw.user.getGroups for getting and caching user groups.
(bug 37830) Added $wgRequirePasswordforEmailChange to control whether password confirmation is required for changing an email address or not.
HTMLForm mutators can now be chained (they return $this)
A new message, "api-error-filetype-banned-type", is available for formatting API upload errors due to the file extension blacklist.
New hook 'ParserTestGlobals' allows to set globals before running parser tests.
Allow importing pages as subpage.
Add lang and hreflang attributes to language links on Login page.
(bug 22749) Create Special:MostInterwikis.
Show change tags when transclude Special:Recentchanges(linked) or Special:Newpages.
(bug 23226) Add |class= parameter to image links in order to add class(es) to HTML img tag.
(bug 39431) SVG animated status is now shown in long description.
(bug 39376) jquery.form upgraded to 3.14.
SVG files will now show the actual width in the SVG's specified units in the metadata box.
Added ResourceLoader module "jquery.jStorage" (v0.3.0, http://jStorage.info/).
(bug 39273) Added AJAX support for "Show changes" (diff) in LivePreview.
Added ResourceLoader module "jquery.badge".
mw.util.$content now points to the overall content area in the skin rather than just page text content area. If you need the old behaviour please use $( '#mw-content-text').
jsMessage has been replaced with a floating bubble notification system complete with auto-hide, multi-message support, and message replacement tags.
jquery.messageBox which appears to be unused by both core and extensions has been removed.
(bug 34939) Made link parsing insensitive ([HttP://]).
(bug 40072) Add CSS classes to items in output of ChangesList pages.
Added $wgCopyUploadProxy global to define which proxy to use for copy uploads.
(bug 40448) mediawiki.legacy.mwsuggest has been replaced with a new module, mediawiki.searchSuggest, based on SimpleSeach from Extension:Vector.
Upstream changes:
Moodle 2.3.3 release notes
Highlights
MDL-35297 - Upgrading books from earlier versions now works correctly
MDL-21801 - References to the non-functional Powerpoint import option have been removed from the Lesson module
MDL-33166 - A capability has been introduced to consistently exempt specific users from forum auto-subscriptions and forced subscriptions
MDL-34607 - Folder resources now show files in sorted order
MDL-33646 - Viewing an empty book shows a friendly notice rather than an error messsage
Functional changes
MDL-34794 - Course reset now works with the new Assignment module
MDL-35370 - Blank answers in Cloze type quiz questions are treated accordingly, when an answer of zero is expected
MDL-33374 - When adding or updating a user profile, the action button displays 'Create user' and 'Update user' relatively
MDL-27786 - The title field of a new calendar event is now labelled "Event title" instead of "Name"
MDL-28235 - The close button on help dialogues have changed to provide greater accessibility. (Note: if debugging is turned on, a string error will appear during the upgrade process. This is expected and will be resolved once the upgrade process is complete.)
API changes
MDL-30667 - Maximum upload limits are enforced consistently in relation to various system variables
MDL-35395 - A method has been added so forms can work around form change checking when necessary
MDL-35442 - Local plugins now have settings and uninstall links on the plugins overview page
Security issues
MSA-12-0057 Access issue through repository
MSA-12-0058 Possible form data manipulation issue
MSA-12-0059 Information leak in Database activity module
MSA-12-0060 Cross-site scripting vulnerability in YUI2
MSA-12-0061 Remote code execution through Portfolio API
MSA-12-0062 Information leak in Database activity module
MSA-12-0063 Information leak in Check Permissions page
Fixes and improvements
MDL-35411 - Submissions and feedback are now saved with imported/restored assignments
MDL-35397 - Notifications page 'many other contributors' link leads to appropriate credits page
MDL-35726 - Feedback forms work correctly when grading a series of assignments
MDL-35754 - Quizzes in pop-up windows now work correctly
Also added Slovak language files.
Version 3.0.1 (2012-11-29)
--------------------------
### Fixed
Exclude the undo module from the list of allowable back end modules (see #5056).
### Fixed
`Validator::isAlias()` did not support Unicode characters (see #5033).
### Fixed
Group the search results by their parent IDs when searching the extended tree
view, e.g. the article tree (see #5051).
### Fixed
Correctly generate the debug bar markup on XHTML pages (see #5031).
### Fixed
Handle radial gradients when importing style sheets (see #4640).
### Fixed
More abstract and effective algorithm to determin the number of files in the
"purge data" maintenance module (see #5028).
### Fixed
Fixed two wrong class paths (see #5027).
### Fixed
Correctly add event images to the templates (see #5002).
### Changed
Replaced the automatic copyright notice with a meta generator tag.
### Fixed
Do not strip tags from passwords (see #4977).
### Fixed
Correctly show the number of returned rows in the debug bar (see #4981).
### Fixed
Correctly add the RSS feed base URLs (see #4994).
### Fixed
Fixed an issue in the mediaelement.js MooTools adapter (see #4917).
### Fixed
Correctly assing the classes "first" and "last" in the (mini) calendar if the
week does not start on Sunday (see #4970).
### Fixed
Correctly handle URL parameters appended to the empty domain (see #4972).
Version 2.11.7 (2012-11-29)
---------------------------
### Fixed
Only execute runonce files after the DB tables have been created (see #5061).
### Fixed
Add an empty option in the TimePeriod widget if there are none (see #5067).
### Fixed
Handle auto_items in the `Frontend::addToUrl()` method (see #5037).
### Fixed
Do not use `specialchars()` in the "page" insert tag (see #4687).
### Fixed
Set the return path when sending e-mails (see #5004).
### Fixed
Handle border color names when importing style sheets (see #5034).
### Fixed
Prevent the "Illegal string offset" error in back end widgets (see #4979).
### Fixed
Handle dependencies when updating extensions (see #3804).
### Fixed
Switched all comments of the example website to "moderated" (see #4995).
### Fixed
Replaced the automatic copyright notice with a meta generator tag.
### Fixed
Remove HTML tags when overriding the page title (see #4955).
### Fixed
Decode entities in meta tags like "description" (see #4949).
### Fixed
Remove newsletter subscriptions when a member closes his account (see #4943).
### Fixed
Prevent deleting referenced content elements using "edit multiple" (see #4898).
### Updated
Updated SwiftMailer to version 4.2.1 (see #4935).
### Fixed
Set the file permissions depending on the server's umask setting (see #4941).
### Fixed
Correctly handle external image URLs in the image element (see #4923).
### Fixed
Fixed the too eager IP address anonymization (see #4924).
### Fixed
Fixed the automatic page alias generator (see #4880).
* Change to 4.5 branch
Changelog:
Version 4.5.3 Nov 27th 2012
Fix the new from url button
Fix a memory overflow with downloading of big files via WebDAV
Better error output in case of DB problems
Fix problems with uploading files who have special characters in the name
Improved reverse proxy and load balancer support
Fix wrong folder size calculation
Improved share link generation
Fix the syncing of the Shared folder
Fix Sharing by link from within Shared folder
Several LDAP integration fixes
Fix support for PostgreSQL
Several WebDAV fixes
Fix drag and drop uploading
Improved translations
Several Gallery fixes
Several Contacts fixes
Smaller fixes
Version 4.5.2 Nov 14th 2012
Fix syncing of shared folder
Various sharing bugs fixed
Fix bug with deleting users
Fix check if resharing is allowed
Fix webdavauth app
Several ldap fixes
Fix data migration
Fix folder uploads
Fix generatino of etags
Fix user specific mount configuration
Several PostgreSQL fixes
Improved performance of file updates
Fix some php warnings
Fix filesize calculation
Add visual feedback if password is set
Various smaller fixes
Several critical security fixes
XSS vulnerability in user_webdavauth (oC-SA-2012-003)
Code Execution in /lib/migrate.php (oC-SA-2012-004)
Code Execution in /lib/filesystem.php (oC-SA-2012-005)
Changes with nginx 1.2.5 13 Nov 2012
*) Feature: the "optional_no_ca" parameter of the "ssl_verify_client"
directive.
Thanks to Mike Kazantsev and Eric O'Connor.
*) Feature: the $bytes_sent, $connection, and $connection_requests
variables can now be used not only in the "log_format" directive.
Thanks to Benjamin Grossing.
*) Feature: resolver now randomly rotates addresses returned from cache.
Thanks to Anton Jouline.
*) Feature: the "auto" parameter of the "worker_processes" directive.
*) Bugfix: "cache file ... has md5 collision" alert.
*) Bugfix: OpenSSL 0.9.7 compatibility.
Changes with nginx 1.2.4 25 Sep 2012
*) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14.
Thanks to Charles Chen.
*) Bugfix: nginx could not be built by gcc 4.7 with -O2 optimization if
the --with-ipv6 option was used.
*) Bugfix: a segmentation fault might occur in a worker process if the
"map" directive was used with variables as values.
*) Bugfix: a segmentation fault might occur in a worker process if the
"geo" directive was used with the "ranges" parameter but without the
"default" parameter; the bug had appeared in 0.8.43.
Thanks to Zhen Chen and Weibin Yao.
*) Bugfix: in the -p command-line parameter handling.
*) Bugfix: in the mail proxy server.
*) Bugfix: of minor potential bugs.
Thanks to Coverity.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2005
Express.
Thanks to HAYASHI Kentaro.
- Fixed WymEditor
- Fixed Norwegian translations
- Fixed a bug that could lead to slug clashes
- Fixed page change form (jQuery and permissions)
- Fixed placeholder field permission checks
ChangeLog since 2.0.0
2.0.2a (2012-11-15)
-------------------
Enhancements
- improved user rights editor in calendar module
- disable alarms for newly subsribed calendars
Bug fixes
- fixed typos in Spanish (Spain) translation
- fixed display of raw source for tasks
- fixed title display of cards with a photo
- fixed null address in reply-to header of messages
- fixed scrolling for calendar/addressbooks lists
- fixed display of invitations on BlackBerry devices
- fixed sogo-tool rename-user for MySQL database
- fixed corrupted attachments in Webmail
- fixed parsing of URLs that can throw an exception
- fixed password encoding in user sources
2.0.2 (2012-10-24)
------------------
New features
- added support for SMTP AUTH
- sogo configuration can now be set in /etc/sogo/sogo.conf
- added support for GNU TLS
Enhancements
- speed up of the parsing of IMAP traffic
- minor speed up of the web interface
- speed up the scrolling of the message list in the mail module
- speed up the deletion of a large amounts of entries in the contacts module
- updated the timezone files to the 2012.g edition
- openchange backend: miscellaneous speed up of the synchronization
operations
- open file descriptors are now closed when the process starts
Bug fixes
- the parameters included in the url of remote calendars are now taken into
account
- fixed an issue occurring with timezone definitions providing multiple entries
- openchange backend: miscellaneous crashes during certain Outlook
operations, which have appeared in version 2.0.0, have been fixed
- fixed issues occuring on OpenBSD and potentially other BSD flavours
2.0.1 (2012-10-10)
-------------------
Enhancements
- deletion of contacts is now performed in batch, which speeds up the
operation for large numbers of items
- scalability enhancements in the OpenChange backend that enables the first
synchronization of mailboxes in a more reasonable time and using less
memory
- the task list is now sortable
Bug Fixes
- improved support of IE 9
* Patches are synced with xulrunner-17.0, and regen patches
* Update Mozilla Lightning to 1.9
Changelog:
SeaMonkey-specific changes
None (see changes page for minor changes).
Mozilla platform changes
OS X 10.6 is now the minimum supported Mac version.
JavaScript Maps and Sets are now iterable.
SVG FillPaint and StrokePaint have been implemented.
The sandbox attribute has been implemented for iframes, enabling increased security.
Fixed several stability issues.
Security fixes
Fixed in SeaMonkey 2.14
MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
MFSA 2012-103 Frames can shadow top.location
MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
MFSA 2012-100 Improper security filtering for cross-origin wrappers
MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
MFSA 2012-96 Memory corruption in str_unescape
MFSA 2012-94 Crash when combining SVG text on path with CSS
MFSA 2012-93 evalInSanbox location context incorrectly applied
MFSA 2012-92 Buffer overflow while rendering GIF images
MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)
* Add --enable-pulseaudio configure option (functionality is not tested)
Changelog:
NEW
First revision of the Social API and support for Facebook Messenger
NEW
Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission (see blog post)
CHANGED
Updated Awesome Bar experience with larger icons
CHANGED
Mac OS X 10.5 is no longer supported
DEVELOPER
JavaScript Maps and Sets are now iterable
DEVELOPER
SVG FillPaint and StrokePaint implemented
DEVELOPER
Improvements that make the Web Console, Debugger and Developer Toolbar faster and easier to use
DEVELOPER
New Markup panel in the Page Inspector allows easy editing of the DOM
HTML5
Sandbox attribute for iframes implemented, enabling increased security
FIXED
Over twenty performance improvements, including fixes around the New Tab page
FIXED
Pointer lock doesn't work in web apps (769150)
FIXED
Page scrolling on sites with fixed headers (780345)
As discussed on pkgsrc-users, x11/ftlk (1.1) is no longer maintained,
and 1.3 is believed to be almost entirely compatible.
Patch from Tim Larson, who has build-tested these packages on
NetBSD/amd64.
TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core
2012-11-08 54eab24 [RELEASE] Release of TYPO3 4.7.6 (TYPO3 Release Team)
2012-11-08 f5d3162 #42696 [SECURITY] Fix SQL injection and XSS in record history (Oliver Hader)
2012-11-08 07c3d63 #42774 [SECURITY] XSS in TCA Tree (Oliver Hader)
2012-11-08 7b916d0 #42776 [SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck (Helmut Hummel)
2012-11-08 389452e [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-11-07 3f2929d #39677 [BUGFIX] No sorting in TypoScript Object Browser when browsing (Nicole Cordes)
2012-11-02 b69dc9d #42281 [BUGFIX] Translated non-published page in workspace breaks live workspace (Oliver Hader)
2012-11-02 9330ab6 #38024 [BUGFIX] Illegal string offsets in t3lib_stdgraphic (Wouter Wolters)
2012-11-01 8098997 [TASK] Use correct branch for travis integration build (Helmut Hummel)
2012-11-01 24f4a8d#37578 [BUGFIX] PHP 5.4 warning in CLI context in switch back user (Christian Kuhn)
2012-10-31 dc73a91 #39662 [BUGFIX] RTE: Link class not always set in Firefox (Stanislas Rolland)
2012-10-31 ba8ead7 #42046 [BUGFIX] Restore display of mount points path (Francois Suter)
2012-10-29 fbd5057 #40733 [BUGFIX] Wrong call to TSFE in FrontendEditing (Steffen Ritter)
2012-10-29 4bf3cca #42054 [BUGFIX] PHP warning: open_basedir restriction (Xavier Perseguers)
2012-10-28 19f0cbb #42454 [BUGFIX] Fix usage of fileadminDir (Helmut Hummel)
2012-10-27 dd20440 #42444 [TASK] Fix generation of ext_emconf.php (Wouter Wolters)
2012-10-22 ce6ab74 #41980 [TASK] Clean-up EXT: aboutmodules, adapt to "TYPO3 CMS" (Felix Kopp)
2012-10-22 3440228 #38699 [BUGFIX] t3lib_div::unlink_tempfile does not always work on Windows (Stanislas Rolland)
2012-10-22 689f1fb #33504 [BUGFIX] New form wizard not loading in IE8 (Sebastian Schawohl)
2012-10-19 74c10e0 [BUGFIX] Unit test for saltedpasswords fail (Xavier Perseguers)
2012-10-18 bfb12db #36087 [BUGFIX] RTE: Link to disabled page doesn't show in FE, link icon does (Stanislas Rolland)
2012-10-18 9d621aa #29685 [BUGFIX] RTE: Words containing umlauts not added to personal dictionary (Stanislas Rolland)
2012-10-17 bd4645c #38406 [BUGFIX] Extension Import not working with postgresql and DBAL (Ernesto Baschny)
TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core
2012-11-08 948f241 [RELEASE] Release of TYPO3 4.6.14 (TYPO3 Release Team)
2012-11-08 c150b27 #42696 [SECURITY] Fix SQL injection and XSS in record history (Oliver Hader)
2012-11-08 b02026d #42774 [SECURITY] XSS in TCA Tree (Oliver Hader)
2012-11-08 f22dc79 #42776 [SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck (Helmut Hummel)
2012-11-08 72153cc [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-11-07 3ea5e0b #39677 [BUGFIX] No sorting in TypoScript Object Browser when browsing (Nicole Cordes)
2012-11-02 5de1807 #42281 [BUGFIX] Translated non-published page in workspace breaks live workspace (Oliver Hader)
2012-11-02 93bb671 #38024 [BUGFIX] Illegal string offsets in t3lib_stdgraphic (Wouter Wolters)
2012-11-01 84cb9b6 #37578 [BUGFIX] PHP 5.4 warning in CLI context in switch back user (Christian Kuhn)
2012-10-29 76d0b9c #28248 [BUGFIX] t3lib_div: adjust substUrlsInPlainText to also work on URLs at end of sentence (Robert Heel)
2012-10-29 3ff27f4 #40733 [BUGFIX] Wrong call to TSFE in FrontendEditing (Steffen Ritter)
2012-10-29 9767b86 #42054 [BUGFIX] PHP warning: open_basedir restriction (Xavier Perseguers)
2012-10-27 7381250 #42444 [TASK] Fix generation of ext_emconf.php (Wouter Wolters)
2012-10-22 ccebb50 #38699 [BUGFIX] t3lib_div::unlink_tempfile does not always work on Windows (Stanislas Rolland)
2012-10-22 2a0929b #33504 [BUGFIX] New form wizard not loading in IE8 (Sebastian Schawohl)
2012-10-19 b32e08c [BUGFIX] Fix case of tests folder (Xavier Perseguers)
2012-10-19 22bef48 [BUGFIX] Unit test for saltedpasswords fail (Xavier Perseguers)
2012-10-18 9ed2c6f #36087 [BUGFIX] RTE: Link to disabled page doesn't show in FE, link icon does (Stanislas Rolland)
2012-10-18 2e48486 #29685 [BUGFIX] RTE: Words containing umlauts not added to personal dictionary (Stanislas Rolland)
2012-10-17 a3a7417 #38406 [BUGFIX] Extension Import not working with postgresql and DBAL (Ernesto Baschny)
2012-10-17 a5fc128 #25021 [BUGFIX] Creating new pages via drag'n'drop respects page TS (Philipp Kitzberger)
Security fix for TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core.
2012-11-08 c211c0e [RELEASE] Release of TYPO3 4.5.21 (TYPO3 Release Team)
2012-11-08 5245e09 #42696 [SECURITY] Fix SQL injection and XSS in record history (Oliver Hader)
2012-11-08 ab335bc #42774 [SECURITY] XSS in TCA Tree (Oliver Hader)
2012-11-08 a768d97 #42776 [SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck (Helmut Hummel)
2012-11-08 ba187e5 [TASK] Raise submodule pointer (TYPO3 Release Team)
2012-11-07 b4f7658 #39677 [BUGFIX] No sorting in TypoScript Object Browser when browsing (Nicole Cordes)
2012-11-02 dba123b #42281 [BUGFIX] Translated non-published page in workspace breaks live workspace (Oliver Hader)
2012-11-02 fc6f82f #38024 [BUGFIX] Illegal string offsets in t3lib_stdgraphic (Wouter Wolters)
2012-11-01 ded3a6e #37578 [BUGFIX] PHP 5.4 warning in CLI context in switch back user (Christian Kuhn)
2012-10-29 c05e759 #28248 [BUGFIX] t3lib_div: adjust substUrlsInPlainText to also work on URLs at end of sentence (Robert Heel)
2012-10-29 d4c539d #40733 [BUGFIX] Wrong call to TSFE in FrontendEditing (Steffen Ritter)
2012-10-27 7b28c0e #42444 [TASK] Fix generation of ext_emconf.php (Wouter Wolters)
2012-10-22 7f0696f #38699 [BUGFIX] t3lib_div::unlink_tempfile does not always work on Windows (Stanislas Rolland)
2012-10-22 f50483d #27020 [BUGFIX] TCEForms.Suggest wizard in IRRE records (Nicole Cordes)
2012-10-19 b77171c [BUGFIX] Fix case of tests folder (Xavier Perseguers)
2012-10-19 2490737 [BUGFIX] Unit test for saltedpasswords fail (Xavier Perseguers)
2012-10-18 9a14bcf #36087 [BUGFIX] RTE: Link to disabled page doesn't show in FE, link icon does (Stanislas Rolland)
2012-10-18 f8fc399 #29685 [BUGFIX] RTE: Words containing umlauts not added to personal dictionary (Stanislas Rolland)
2012-10-17 17b1d65 #38406 [BUGFIX] Extension Import not working with postgresql and DBAL (Ernesto Baschny)
Drupal 7.17, 2012-11-07
-----------------------
- Changed the default value of the '404_fast_html' variable to have a DOCTYPE
declaration.
- Made it possible to use associative arrays for the 'items' variable in
theme_item_list().
- Fixed a bug which prevented required form elements without a title from being
given an "error" class when the form fails validation.
- Prevented duplicate HTML IDs from appearing when two forms are displayed on
the same page and one of them is submitted with invalid data (minor markup
change).
- Fixed a bug which prevented Drupal 6 to Drupal 7 upgrades on sites which had
stale data in the Upload module's database tables.
- Fixed a bug in the States API which prevented certain types of form elements
from being disabled when requested.
- Allowed aggregator feed items with author names longer than 255 characters to
have a truncated version saved to the database (rather than causing a fatal
error).
- Allowed aggregator feed items to have URLs longer than 255 characters
(schema change which results in several columns in the Aggregator module's
database tables changing from VARCHAR to TEXT fields).
- Added hook_taxonomy_term_view() and standardized the process for rendering
taxonomy terms to invoke hook_entity_view() and otherwise make it consistent
with other entities (API change: http://drupal.org/node/1808870).
- Added hook_entity_view_mode_alter() to allow modules to change entity view
modes on display (API addition: http://drupal.org/node/1833086).
- Fixed a bug which made database queries running a "LIKE" query on blob fields
fail on PostgreSQL databases. This caused errors during the Drupal 6 to
Drupal 7 upgrade.
- Changed the hook_menu() entry for Drupal's rss.xml page to prevent extra path
components from being accidentally passed to the page callback function (data
structure change).
- Removed a non-standard "name" attribute from Drupal's default Content-Type
header for file downloads.
- Fixed the theme settings form to properly clean up submitted values in
$form_state['values'] when the form is submitted (data structure change).
- Fixed an inconsistency by removing the colon from the end of the label on
multi-valued form fields (minor string change).
- Added support for 'weight' in hook_field_widget_info() to allow modules to
control the order in which widgets are displayed in the Field UI.
- Updated various tables in the OpenID and Book modules to use the default
"empty table" text pattern (string change).
- Added proxy server support to drupal_http_request().
- Added "lang" attributes to language links, to better support screen readers.
- Fixed double occurrence of a "ul" HTML tag on secondary local tasks in the
Seven theme (markup change).
- Fixed bugs which caused taxonomy vocabulary and shortcut set titles to be
double-escaped. The fix replaces the taxonomy vocabulary overview page and
"Edit shortcuts" menu items' title callback entries in hook_menu() with new
functions that do not escape HTML characters (data structure change).
- Modified the Update manager module to allow drupal.org to collect usage
statistics for individual modules and themes, rather than only for entire
projects.
- Modified the node listing database query on Drupal's default front page to
add table aliases for better query altering (this is a data structure change
affecting code which implements hook_query_alter() on this query).
- Improved the translatability of the "Field type(s) in use" message on the
modules page (admin-facing string change).
- Fixed a regression which caused a "call to undefined function
drupal_find_base_themes()" fatal error under rare circumstances.
- Numerous API documentation improvements.
- Additional automated test coverage.
Contao Open Source CMS 3.0.0 is new major release since Contao (as
TYPOlight) was publicly released.
Major changes from 2.11.
* Use PHP namespace and more flexible to extend.
* Improve performance with mapper class loader.
* Better support for mobile devices and responsive design
* Database supported file management and handling of file's meta data.
* jQuery support coexist with MooTools.
* Directories in URL path.
* HTML5 based audio/video player (also YouTube).
* Improve ease to use.
* Display of what has changed.
* Complete fix for CSRF.
Changelog:
Version 4.0.8 Oct 10th 2012
Show Login Button when user and password are autocompleted
Sanitize LDAP base, user and groups
Security: Fix for insufficiently Random Values (CVE-2008-4107)
Security: Fixed multiple XSS vulnerabilities (CVE-2012-5056)
Security: Fixed a HTTP header injection (CVE-2012-5057)
Security: Fixed an Auth bypass in /lib/base.php (CVE-2012-5336)
a) lang/see support was removed (see below)
b) lang/spidermonkey and wip/spidermonkey185 aren't recognized
ELinks 0.12pre6
---------------
Security fix:
* bug 1124, CVE-2012-4545: Do not delegate GSSAPI credentials in HTTP
Negotiate or GSS-Negotiate authentication. Reported by Marko Myllynen.
(ELinks 0.12pre1 was the first release that supported GSSAPI; earlier
releases are not vulnerable.)
Fixed crashes and hangs:
* critical bug 943: Don't let user JavaScripts call any methods of
``elinks.action'' in tabs that do not have the focus. If a tab was
closed with ``elinks.action.tab_close'' while it had pop-up windows,
ELinks could crash; as a precaution, don't allow other actions
either. (ELinks 0.12pre1 was the first release that supported
``elinks.action''.)
* critical bug 1083: Avoid an infinite loop when trying to decompress
malformed data. Caused by the bug 1068 fix in ELinks 0.12pre3.
* Fix a possible crash or information disclosure on big-endian 64-bit
systems using HTTP Negotiate or GSS-Negotiate authentication.
Incompatibilities:
* Dropped support for SEE. (ELinks 0.12pre1 was the first release
that supported SEE.)
* Guile 2.0.0 (released on 2011-02-16) changed its license to
LGPLv3-or-later, which is not compatible with the GPLv2 that covers
ELinks. Also, Guile has deprecated many of the functions that
ELinks calls.
Other changes:
* major bug 764: Correctly initialize options on big-endian 64-bit
systems.
* bug 983: Give preference to the Content-Type specified in the HTTP
header over that specified via the HTML meta tag.
* bug 1084: Allow option names containing '+' and '*' in the option
manager.
* bug 1112: Map most numeric character references € ... Ÿ
to graphical characters also when the output charset is UTF-8.
(ELinks 0.12pre1 was the first release that supported UTF-8 as the
terminal charset, and ELinks 0.12pre5 was the first release that
supported UTF-8 as the dump charset.)
* minor bug 1113: Fix a small memory leak if a mailcap file is malformed.
* minor bug 1114: Decode SGML entities and NCRs only once in link/@title
and other attributes.
* build: Fix several warnings reported by GCC 4.7.1. Harmless at
runtime but could break the build if configured --enable-debug.
(This version does not fix all such warnings.)
Enhancements:
- support for include directive
- added support for HTTPS backends
- support for SNI via multiple Cert directives (thanks to Joe Gooch)
Bug fixes:
- fixed problem with long input lines in http.c
- keep sessions for disabled back-ends, continue using them until the time-out
- fixed memory leak in session removal
- fix for possible request smuggling by using multiple headers
- changed long to long long for support of requests larger than 2GB
0.17
handle /(de)?objectify_text/ for <script> extraction
(Stanislaw Pusep)
0.16
commit 07b40205fd03564d476eff7675e9f19196939f2f
Author: Oleg G <verdrehung@gmail.com>
Date: Sat Mar 31 13:26:11 2012 +0700
added few methods to support Web::Query
5.03 2012-09-22
Release by Christopher J. Madsen
[THINGS THAT MAY BREAK YOUR CODE OR TESTS]
* as_HTML no longer indents <textarea> (Tomohiro Hosaka) (RT #70385)
[FIXES]
* as_trimmed_text did not accept '0' for extra_chars
[DOCUMENTATION]
* Explain that as_text never adds whitespace (RT #66498)
* Explain what extra_chars can contain for as_trimmed_text.
Upstream changes:
2012-10-21 HTTP-Message 6.06
Gisle Aas (2):
More forgiving test on croak message [RT#80302]
Added test for multipart parsing
Mark Overmeer (1):
Multipart end boundary doesn't need match a complete line [RT#79239]
_______________________________________________________________________________
2012-10-20 HTTP-Message 6.05
Gisle Aas (5):
Updated ignores
No need to prevent visiting field values starting with '_'
Report the correct croak caller for delegated methods
Disallow empty field names or field names containing ':'
Make the extra std_case entries local to each header
_______________________________________________________________________________
2012-09-30 HTTP-Message 6.04
Gisle Aas (5):
Updated repository URL
Avoid undef warning for empty content
Teach $m->content_charset about JSON
Use the canonical charset name for UTF-16LE (and frieds)
Add option to override the "(no content)" marker of $m->dump
Christopher J. Madsen (2):
Use IO::HTML for <meta> encoding sniffing
mime_name was introduced in Encode 2.21
Tom Hukins (1):
Remove an unneeded "require"
Ville Skytt. (1):
Spelling fixes.
chromatic (1):
Sanitized PERL_HTTP_URI_CLASS environment variable.
Martin H. Sluka (1):
Add test from RT#77466
Father Chrysostomos (1):
Fix doc grammo [RT#75831]
Changelog
=========
Since 2.2-rc
----------------
bugfix: calendar monthly view performance upgrades.
bugfix: translation tool for plugins fixed.
bugfix: email html signature puts br tags when composing email.
bugfix: Person email modification does not work.
bugfix: Prevent double task completion (when double clicking on complete link).
bugfix: Fixed company edit link from people tree.
Since 2.2-beta
----------------
bugfix: several fixes in custom reports display.
bugfix: custom reports csv/pdf export always show status column.
bugfix: dashboard activity widget does not control permissions correctly.
bugfix: dashboard activity widget shows username instead of person complete name.
bugfix: subworkspace creation does not inherit color.
bugfix: email autoclassification does not classify attachments.
bugfix: email view shows wrong "To" value when "To" field is empty or undefined.
bugfix: unclassified mails allows to subscribe other users.
bugfix: error when forwarding another user's account emails with attachments.
bugfix: several fixes in email classification functions.
bugfix: company comments are not displayed.
bugfix: dashboard's tasks widget breaks right widgets when scrolling (only in chrome).
bugfix: permissions check in Administration/Dimensions.
bugfix: css is being printed in csv exported reports.
bugfix: error subscribing users when instantiating templates with milestones and subtasks.
bugfix: don't use $this in static functions.
bugfix: archiving and unarchiving members is not done in a transaction.
bugfix: permissions in dimension member selectors.
bugfix: cannot set task's due date to 12:30 PM, always sets the same time but AM.
bugfix: tasks drag and drop losses some attributes.
usability: mouseover highlight on member properties/restrictions tables.
Since 2.1
----------------
bugfix: several fixes in repetitive tasks.
bugfix: quick add of tasks does not subscribe creator.
bugfix: google calendar import fixed.
bugfix: fixed event deletion.
bugfix: fixed email account sharing.
bugfix: fixed AM/PM issue when selecting task's dates.
bugfix: special characters in workspace when adding from quick add.
bugfix: error 500 in workspaces dashboard.
bugfix: error when searching emails by "From" field in advanced search.
bugfix: 1.7 -> 2.x upgrade fixed subtasks.
bugfix: permissions in user's card.
bugfix: task's drag and drop edition bugfixes.
bugfix: task's quick add does not keep the task name when switching to complete edition.
bugfix: several LDAP integration fixes.
bugfix: fixed contact phones display in list.
bugfix: config option descriptions added.
bugfix: user email is not required.
bugfix: milestone selector does not show all available milestones.
bugfix: person email cannot be edited.
bugfix: disabled users are shown in subscribers and invited people.
bugfix: permission groups upgrade does not set type.
bugfix: Javascript problems in IE.
bugfix: issues with breadcrumbs with special characters.
bugfix: VCard import/export fixed.
bugfix: cannot delete workspace with apostrophe.
bugfix: fixed "enters" issue in tasks description wysisyg editor.
bugfix: File copy makes two copies.
bugfix: permissions fixed for submembers.
bugfix: when updating a file, does not subscribe the updater user.
bugfix: milestones display diferent dates in milestone view and task list.
bugfix: "assigned to" filter in tasks does not work properly.
bugfix: cannot archive dimension members.
bugfix: cannot archive several tasks at once.
feature: activity widget.
feature: new workspace and tag selectors.
feature: add timeslot entries to application_logs.
feature: complete parent tasks asks to complete child tasks.
usability: sort email panel by "to" column.
usability: changes in advanced search for email fields.
usability: can change imported calendar names.
usability: email with attachments classification process upgraded.
usability: linked objects selector can filter by workspace and tags.
system: CKEditor updated.
system: translation module upgraded - translate plugins files.
system: German, Russian and French languages upgraded.
Release notes
Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the security announcement:
SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and
Information disclosure
No other fixes are included.
* monochrome: New theme, contributed by Jon Dowland.
* rst: Ported to python 3, while still also being valid python 2.
Thanks, W. Trevor King
* Try to avoid a situation in which so many ikiwiki cgi wrapper programs
are running, all waiting on some long-running thing like a site rebuild,
that it prevents the web server from doing anything else. The current
approach only avoids this problem for GET requests; if multiple cgi's
run GETs on a site at the same time, one will display a "please wait"
page for a configurable number of seconds, which then redirects to retry.
To enable this protection, set cgi_overload_delay to the number of
seconds to wait. This is not enabled by default.
* Add back a 1em margin between archivepage divs.
* recentchangesdiff: Correct broken template that resulted in duplicate
diff icons being displayed, and bloated the recentchanges page with
inline diffs when the configuration should have not allowed them.
mj_turner and jihbed.
A comprehensive Python HTTP client library that supports many features left out
of other HTTP libraries.
Features:
o HTTP and HTTPS
o Keep-Alive
o Authentication
o Caching
o All Methods
o Redirects
o Compression
o Lost update support
o Unit Tested
Changelog:
Fixed in Firefox ESR 10.0.9
MFSA 2012-89 defaultValue security checks not applied
Fixed in Firefox ESR 10.0.8
MFSA 2012-87 Use-after-free in the IME State Manager
MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
MFSA 2012-84 Spoofing and script injection through location.hash
MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
MFSA 2012-82 top object and location property accessible by plugins
MFSA 2012-81 GetProperty function can bypass security checks
MFSA 2012-79 DOS and crash with full screen and history navigation
MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
* Update enigmail to 1.4.5
* Update Mozilla Lightning to 1.8
Changelog:
SeaMonkey-specific changes
None.
Mozilla platform changes
JavaScript responsiveness has been improved through incremental garbage collection.
CSS3 Animations, Transitions, Transforms and Gradients have been unprefixed.
MD5 is no longer supported as a hash algorithm in digital signatures.
The Opus codec is now support by default.
The reverse CSS3 animation direction has been implemented.
Per tab reporting is now available in about:memory.
Fixed several stability issues.
Changelog:
FIXED
16.0.1: Vulnerability outlined here
https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
NEW
Firefox on Mac OS X now has preliminary VoiceOver support turned on by default
NEW
Initial web app support (Windows/Mac/Linux)
NEW
Acholi and Kazakh localizations added
CHANGED
Improvements around JavaScript responsiveness through incremental garbage collection
DEVELOPER
New Developer Toolbar with buttons for quick access to tools, error count for the Web Console, and a new command line for quick keyboard access
DEVELOPER
CSS3 Animations, Transitions, Transforms and Gradients unprefixed in Firefox 16
DEVELOPER
Recently opened files list in Scratchpad implemented
FIXED
16.0.1: Vulnerability outlined here
https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
FIXED
Debugger breakpoints do not catch on page reload (783393)
FIXED
No longer supporting MD5 as a hash algorithm in digital signatures (650355)
FIXED
Opus support by default (772341)
FIXED
Reverse animation direction has been implemented (655920)
FIXED
Per tab reporting in about:memory (687724)
FIXED
User Agent strings for pre-release Firefox versions now show only major version (728831)
SSH: added agent based authentication
ftp: active conn, allow application to set sockopt after accept() call with CURLSOCKTYPE_ACCEPT
multi: add curl_multi_wait()
metalink: Added support for Microsoft Windows CryptoAPI
md5: Added support for Microsoft Windows CryptoAPI
parse_proxy: treat "socks://x" as a socks4 proxy
socks: Added support for IPv6 connections through SOCKSv5 proxy
Bugfixes:
WSAPoll disabled on Windows builds due to its bugs
segfault on request retries
curl-config: parentheses fix
VC build: add define for openssl
globbing: fix segfault when >9 globs were used
fixed a few clang-analyzer warnings
metalink: change code order to build with gnutls-nettle
gtls: fix build failure by including nettle-specific headers
change preferred HTTP auth on a handle previously used for another auth
file: use fdopen() to avoid race condition
Added DWANT_IDN_PROTOTYPES define for MSVC too
verbose: fixed (nil) output of hostnames in re-used connections
metalink: Un-broke the build when building --with-darwinssl
curl man page cleanup
Avoid leak of local device string when reusing connection
Curl_socket_check: fix return code for timeout
nss: do not print misleading NSS error codes
configure: remove the --enable/disable-nonblocking options
darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions
NTLM: re-use existing connection better
schannel crash on multi and easy handle cleanup
SOCKS: truly disable it if CURL_DISABLE_PROXY is defined
mk-ca-bundle: detect start of trust section better
gnutls: do not fail on non-fatal handshake errors
SMTP: only send SIZE if supported
ftpserver: respond with a 250 to SMTP EHLO
ssh: do not crash if MD5 fingerprint is not provided by libssh2
winbuild: Added support for building with SPNEGO enabled
metalink: Fixed validation of binary files containing EOF
setup.h: fixed for MS VC10 build
cmake: use standard findxxx modules for cmake v2.8+
HTTP_ONLY: disable more protocols
Curl_reconnect_request: clear pointer on failure
https.c example: remember to call curl_global_init()
metalink: Filter resource URLs by type
multi interface: CURLOPT_LOW_SPEED_* fix during rate limitation
curl_schannel: Removed buffer limit and optimized buffer strategy
---------------------
* When "git am" is fed an input that has multiple "Content-type: ..."
header, it did not grok charset= attribute correctly.
* Even during a conflicted merge, "git blame $path" always meant to
blame uncommitted changes to the "working tree" version; make it
more useful by showing cleanly merged parts as coming from the other
branch that is being merged.
* "git blame MAKEFILE" run in a history that has "Makefile" but not
"MAKEFILE" should say "No such file MAKEFILE in HEAD", but got
confused on a case insensitive filesystem and failed to do so.
* "git fetch --all", when passed "--no-tags", did not honor the
"--no-tags" option while fetching from individual remotes (the same
issue existed with "--tags", but combination "--all --tags" makes
much less sense than "--all --no-tags").
* "git log/diff/format-patch --stat" showed the "N line(s) added"
comment in user's locale and caused careless submitters to send
patches with such a line in them to projects whose project language
is not their language, mildly irritating others. Localization to
the line has been disabled for now.
* "git log --all-match --grep=A --grep=B" ought to show commits that
mention both A and B, but when these three options are used with
--author or --committer, it showed commits that mention either A or
B (or both) instead.
* The subcommand to remove the definition of a remote in "git remote"
was named "rm" even though all other subcommands were spelled out.
Introduce "git remote remove" to remove confusion, and keep "rm" as
a backward compatible synonym.
Also contains a handful of documentation updates.
Changelog:
The Apache Tomcat Project is proud to announce the release of version 7.0.30
of Apache Tomcat. This release contains numerous bug fixes and improvements
compared to version 7.0.29. The notable changes include:
* Significantly reduced memory footprint during web application start while
Servlet 3.0 annotation and SCI scanning is in progress.
* Adds support for scanning of classes that use Java 7 specific byte code
for Servlet 3.0 annotation and SCI scanning.
* Improvements to DIGEST and FORM authentication.
Full details of these changes, and all the other changes, are available in the
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html .
2.0.7 June 5, 2012
Fix breakage caused by removal of PL_uid et al from perl 5.16.0. Patch from
rt.cpan.org #77129. [Zefram]
2.0.6 April 24, 2012
Preserve 5.8 compatibility surrounding use of MUTABLE_CV [Adam Prime]
Move code after declarations to keep MSVC++ compiler happy. [Steve Hay]
Adopt modperl_pcw.c changes from httpd24 branch. [Torsten Foertsch]
Pool cleanup functions must not longjmp. Catch these exceptions and turn
them into warnings. [Torsten Foertsch]
Fix a race condition in our tipool management.
See http://www.gossamer-threads.com/lists/modperl/dev/104026
Patch submitted by: SalusaSecondus <salusa@nationstates.net>
Reviewed by: Torsten Foertsch
Ensure that MP_APXS is set when building on Win32 with MP_AP_PREFIX,
otherwise the bundled Reload and SizeLimit builds will fail to find a
properly configured Test environment.
[Steve Hay]
Fix a few REFCNT bugs.
Patch submitted by: Niko Tyni <ntyni@debian.org>
Reviewed by: Torsten Foertsch
Correct the initialization of the build config in ModPerl::MM. The global
variable was only being set once on loading the module, which was before
Apache2::BuildConfig.pm had been written, leading to cwd and MP_LIBNAME
being unset when writing the Reload and SizeLimit makefiles.
[Steve Hay]
Discover apr-2-config from Apache 2.4 onwards. [Gozer]
Apache 2.4 and onwards doesn't require linking the MPM module directly in
the httpd binary anymore. APXS lost the MPM_NAME query, so we can't assume
a given MPM anymore. Introduce a fake MPM 'dynamic' to represent this.
[Torsten Foertsch, Gozer]
Perl 5.14 brought a few changes in Perl_sv_dup() that made a threaded apache
segfault while cloning interpreters.
[Torsten Foertsch]
PerlIOApache_flush() and mpxs_Apache2__RequestRec_rflush() now no longer throw
exceptions when modperl_wbucket_flush() fails if the failure was just a reset
connection or an aborted connection. The failure is simply logged to the error
log instead. This should fix cases of httpd.exe crashing when users press the
Stop button in their web browsers.
[Steve Hay]
Fixed a few issues that came up with LWP 6.00:
- t/response/TestAPI/request_rec.pm assumes HTTP/1.0 but LWP 6 uses 1.1
- t/api/err_headers_out.t fails due to a bug somewhere in LWP 6
- t/filter/TestFilter/out_str_reverse.pm sends the wrong content-length header
[Torsten Foertsch]
Bugfix: Apache2::ServerUtil::get_server{description,banner,version} cannot
be declared as perl constants or they won't reflect added version components
if Apache2::ServerUtil is loaded before the PostConfig phase. Now, they
are ordinary perl functions. [Torsten Foertsch]
Check for the right ExtUtils::Embed version during build [Torsten Foertsch]
Take a lesson from rt.cpan.org #66085 and pass LD_LIBRARY_PATH if mod_env
is present. Should prevent test failures on some platforms.
[Fred Moyer]
Version 2.11.6 (2012-09-26)
---------------------------
### Fixed
Correctly handle root pages in `Controller::getPageDetails()` (see #4610).
### Fixed
Consider the page language when forwarding (see #4841).
### Fixed
URL encode the enclosure URLs in RSS/Atom feeds (see #4839).
### Fixed
Also create empty templates folders if a theme is imported (see #4793).
### Fixed
Decode Punycode domains when used via insert tag (see #4753).
### Fixed
Correctly handle open tags in `String::substrHtml()` (see #4773).
### Fixed
Correctly handle units when importing style sheets (see #4721).
### Fixed
The mediabox plugin did not play Vimeo videos (see #4770).
### Fixed
Correctly align stylect menus in the form generator in the back end (see #4557).
### Fixed
Add a link if a news item or event points to an internal page (see #4671).
### Fixed
Wrap the MooTools fallback into CDATA tags on XHTML pages (see #4680).
### Fixed
Do not add a default value to textareas (see #4722).
### Fixed
Do not override the comments array in case login is required to comment,
otherwise no commets will be shown (see #4064).
* Include contao/Makefile.common from contao/Makefile.example.
* Add code some fragment tward to Contao 3.0 support.
* Add CT_VERBASE to use COMMENT.
* Use CT_FILES to Contao's files directory name.
This module provides an extension to HTML::Template which allows
expressions in the template syntax. This is purely an addition -
all the normal HTML::Template options, syntax and behaviors will
still work.
* Fix security bug
Changelog:
Tar ball is not shipped with changelog...
5.6.0.1 Version History
Behavioral Improvements
Page Type names are sanitized better when created in the dashboard.
Multilingual controls in dashboard now display languages in their native language (for easier understanding. thanks patrickheck)
Better display when removing groups or users and having them show up in advanced permissions list.
Fixing bug where composer pages weren't being added to the bottom of the list. Fixing bug where moved pages weren't getting a rescanned display order
Fixing missing dashboard icons for Stacks and Block Types
Bug Fixes
Fixed inability to use Layout Presets
Fixed bug where blocks couldn¡Çt be copied out to child pages from page type defaults on upgraded sites.
Fixed form block bug where you¡Çd be unable to enter an email address in the form block for notification.
Fixed: http://www.concrete5.org/developers/bugs/5-6-0/getthemepath-prints-absolute-paths/
Blocks and packages can now insert header items into the 404 page correctly.
fixed: http://www.concrete5.org/developers/bugs/5-6-0/page-type-icons-incorrect-when-included-in-composer/
Fixed ¡ÈOut of range value for column 'uLastIP¡É error that would occur with certain IP addresses.
Bulk SEO Tool now shows DIR_REL constant within the URL slug properly.
Group sets now appear on the dashboard home page.
Fixed JavaScript error leading to aborted installation when installation routines have apostrophes in them (primarily for translated versions of concrete5.)
Theme assets no longer have two slashes in the URLs.
Fixed: http://www.concrete5.org/developers/bugs/5-6-0/fatal-error-call-to-a-member-function-isglobalarea-on-a-non-obje/ by hiding permissions options on the frontend (use the stacks interface instead.)
Fixed: http://www.concrete5.org/developers/bugs/5-6-0/global-area-update-issue-when-using-preview-my-edits/
Date Navigation block now honors the Pretty URLs settings.
Fixed: http://www.concrete5.org/developers/bugs/5-6-0/advanced-permissions-dont-work-after-translation/
Fixed: page_types/ directory was incorrectly excluded from overrides detection.
fixing 'Call to a member function getProxyBlock() on a non-object in /core/libraries/block_view.php on line 39' when calling an action URL on a non-object block
Developer Updates
Validation helpers didn¡Çt extend the core helpers properly. This has been fixed.
Clear override cache on adding a single page.
Refreshing overrides cache when installing a block type (fixes Designer Content add-on not working with the overrides cache turned on).
5.6.0 Release Notes
Feature Updates
Completely updated permissions system, including:
More granular permission control that maps directly to common concrete5 tasks.
Ability to control which users or groups CAN¡ÇT do something, as opposed to only allow those who CAN do something.
Ability to grant a permission to only those users in a particular combination of groups.
Ability to control which users and groups can add which types of block site-wide and in simple permissions mode.
Restrict permissions to various roles, including ¡Èuploader of the file¡É, ¡Èpage owner¡É, etc...
Shortcut for enabling guest view access on blocks.
Group Sets can group groups together for organizational purposes, permissions.
Fine-grained, granular controls on content types, permission types.
New user permissions to control who can edit which users, assign which groups, etc...
Complete new extendable workflow system, including basic workflow and waiting for me. Improved, normalized and rewrote a lot of old code for things like pending page actions to bring them into the workflow system.
Improved interface work, including bootstrap 2 integration.
Improved Mobile Support
Mobile theme switcher now integrated into core
Improved mobile performance of header on mobile devices.
Improved dashboard on mobile devices; fully responsive dashboard across all devices.
You can now choose an individual block or an entire stack when adding a stack on the front-end.
Added bulk actions to the user search
New SEO Manager in Dashboard > System & Settings gives you one place to modify SEO properties for your entire site.
Made page theme a versionable property.
Make page type a versionable property.
Ability to reorder block types globally (thanks jordanlev!)
You can now copy and paste a stack on the front-end.
Page URL Slugs now use the URLify library instead of our own solution (which wasn¡Çt as consistent or effective.)
Additional Features and Behavioral Improvements
When implicitly checking pages out (editing properties in sitemap, etc...) they will be checked back in when the dialog is closed. (New in 5.6.0b2)
Added an Add Group button to Groups page.
Rich text editor in dashboard now uses site theme for styles.
Color picker UI more consistent with 5.5 (thanks arcanepain.)
Add new page window no longer cut off on small monitors.
Search Block - Added page selector when posting search results to another page.
Form Block
added date and date time field types that allow a user to use a date/time picker to choose values.
Email field now has ability to be set as the default reply-to so administrators can reply directly to the form submitter.
No more jumpiness on editing.
Added theme to Page Search.
Removed HTML diff python library (since it didn¡Çt work very well). Replaced with tab-based compare that lets you compare more than two versions.
Off-server requests can now be made with a proxy server, found in System & Settings (thanks garagan!)
Added copy to the version dialog box. Improved version dialog box appearance.
Improved quick nav experience, reworked dashboard dropdown to use favorites for adding. Favorites show up in the dashboard dropdown.
You can now select Gravatar as a fallback user avatar (thanks danklassen!) in the profiles section of the dashboard.
Add page can happen with submit.
More consistent sitemap/search overlay, with various searches only loaded when needed. Tabs remember last selected sitemap/search option.
Miscellaneous string translation and Internationalization improvements (thanks thuic)
Added getSearchableContent method to rss viewer block so it¡Çs content will show up in search results (thanks 12345j)
Built-in countries and state/provinces helpers now use Zend_Locale for easier management, more consistency and localization.
Added URL Slug in Composer.
Maintenance mode now lets you perform some sitemap and page operations while the site is down.
Zend_Translate can now be stored at a different path to fix Zend_Translate bug with period in directory. Added TRANSLATE_OPTIONS that can be specified in config/site.php (thanks ahukkanen).
Added user to the Log entries screen (thanks klompie!)
Internationalization improvement: Zend_Date now included. Dates are now localized into the proper language (thanks patrickheck.). DateHelper::date() manages localization.
Block limits set in templates are now updated in realtime without a page refresh (thanks bhcarpenter)
Now you can clear your page search index from the ¡ÈSearch Index¡É page in the dashboard (which will let you fully reindex it through the reindex pages job.)
Form block: Adding the ability to set an email address as the reply-to address when replying to the email (thanks danklassen.)
Blog RSS feed now includes categories (thanks stonier)
Complete rewrite of sitemap.xml generation job to improve performance, no longer show deleted pages, add new constants for sitemap starting point, default change frequency and priority (thanks mlocati.)
Nicer alignment on Next/Previous block (thanks thirdender.)
Using realpath() instead of ../ to fix some base_dir errors, make things nicer.
More consistent ordering of log entries when they happen in rapid succession (thanks Johnthefish).
Cleaned up javascript in the google map block (thanks Remo).
Edit in Composer now available in page search.
Installing in a particular language no longer sets that language as the default in config/site.php (which would render no other languages selectable.)
Added cookie check to installation preflight.
Added last IP to user detail screen in dashboard.
Forbidden shows up if user can¡Çt view a page but is logged in (thanks mnkras).
Performance Improvements
Added environment library to cache overrides for better performance. Overrides cache setting now available from the Cache System and Settings page.
New autod support for better performance with on-demand class loading.
Removing nivo slider from the core for better compatibility with third party sliders and smaller file sizes; removing cropzoom from ccm.app.js for smaller file sizes.
Rewrote portions used with large blogs (New in 5.6b2)
Additional Bug Fixes
Additional pagination now works in large sitemaps from the front-end (New in 5.6.0b2)
Flat view pagination looks nicer (New in 5.6.0b2)
On some hosts, manual checking for concrete5 f were being added to the file manager.
Improved reliability when using composer with advanced permissions.* Bug Fix: events sort by priority (thanks arcanepain)
Fixed replace field in Firefox (width)
Tags and select options will only show usag-2-1/automatically-inclusion-of-additional-page-path-when-updating-ca/
data urls should work as background images in customizable stylesheets.
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/registration-errors-when-no-user-attributes-are-selected-to-show/ (New in 5.6.0b2)
Fixed: http://www.concrete5.org/developers/bugs/5-4-2-2/wrong-path-to-block-template-when-embedded-a-block-element-in-th/
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/url-replacement-in-theme-css-only-replaces-first-url-in-each-lin/#discussionpost
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/user-edit-multiple-of-the-same-group-can-be-added-to-a-user-caus/#discussionpost
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/dashboard-page-search-menu-overridden-if-working-with-overlay-fi/
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/page-attributes-attributes-list-stealing-kepresses-for-up-and-do/
Fixing potential SQL vulnerability in Autonav Preview pane.
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/cant-use-and-in-select-attribute-values/ (thanks arcanepain)
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/customize-result-in-user-search-retains-deleted-attribute-column/
Checking for invalid cookie length when starting a session.
RSS Displayer block now only cached for one hour.
http://www.concrete5.org/developers/bugs/5-5-2-1/bug-in-page-search-table/ (Fixed in 5.6.0b2)
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/jobs-play-button-url-contains-the-wrong-parameter-to-run-a-singl/
Fixed bug where editing an initial version of a page wouldn¡Çt create a new version of the page, until the second edit.
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/numbers-in-version-comments-still-arent-increased-correctly/ (thanks remo)
Fixed bug checking for captcha options form in the wrong place.
Fixed bug where custom style elements on blocks in stacks wouldn¡Çt show up in page (thanks acliss19xx)
Minor XSS fixes in edit mode.
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/object-doesnt-support-property-or-method-stoppropagation-in-ie8/
Fixed bug in FileList (which would show up in Slideshow blocks or anywhere that would filter by set) where selecting a file set and then deleting it would cause a SQL error (thanks remo)
Included updated SWFUpload to fix XSS issue.
Fixed bug where file set display order would appear random if files were in multiple sets.
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/deleting-composer-publish-location-page-results-mysql-1064-error/
Fix bug where defining LOCALE in config/site.php and then trying to save multilingual settings could override the default locale with a null locale.
Fixed potential SQL problems when an admin tried to pass nefarious parameters through to the file manager, page search, or metadata/version editing.
No longer will you get the ¡Èchecking for updates¡É spinner infinitely when in maintenance mode.
Forms/External Forms/Other Items that have been copied and pasted into another page will now work from that page.
Forms can now be edited properly when pasted from a clipboard.
More reliable permissions checking on dashboard dropdown for news, add functionality and system & settings (thanks arcanepain)
Progress status during installation should now be displayed in proper language.
Fixed pagination in blog index thumbnail (page list custom template.)
FIXED: If images or files were used in content block instances in content importer an error would be thrown.
Environment info no longer incorrectly reports all max_execution_time settings at 5.
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/insert-link-to-page-with-ie8/
replaced m/d/y with DATE_APP_GENERIC_MDY to jquery date pickers in date time helper (thx melat0nin)
Security Fix: Closed Redirect Loophole on Form block
Attempting to resolve this: http://www.concrete5.org/developers/bugs/5-5-2-1/fatal-error-call-to-a-member-function-getblocktypehandle/#discussionpost
Proper 404 headers should be sent when browsing to a method that doesn¡Çt exist under a single page.
Fixed some bugs and finicky behavior with search paging in file manager, page search, other search.
When editing page properties while checking out a page, approval fields will now be shown post update (rather than forcing you to refresh the page or exit edit mode and then approve the page.)
Fixed bug in block move() method that would copy all blocks from an area... (thanks herent)
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/error-on-package-uninstall/ (New in 5.6.0b2)
Fixed: Copy to clipboard from editable area then pasting to global area causes fatal error (New in 5.6.0b2)
Fixed: http://www.concrete5.org/developers/bugs/5-5-2-1/default-date_archive-block-controller-caches-its-active-state/ (New in 5.6.0b2)
Developer Updates
You can now pass an optional third parameter to the css() and javascript() functions which will be checked for uniqueness. This array contains ¡Æhandle¡Ç and ¡Æversion¡Ç and can be used to force only the right libraries loading at the right time (thanks jordanlev).
Added support for BASE_URL_SSL constant.
If a __call method is present in a controller, it will be used for any tasks that don¡Çt exist (thanks remo).
Packaged themes can now be overridden in the root themes directory. This is true for included elements (using inc()) and page types/single pages.
You can now add elements/dashboard/install_post.php to your package and it will be displayed in a dialog post install.
Updated auto-nav templates to be much nicer to edit.
Moved jQuery.Cookie library into ccm.app.js
Including t2() function for plural localization/translation (thanks mlocati.)
New Events
on_composer_publish
on_composer_save_draft
on_composer_delete_draft
on_block_load (New in 5.6b2)
Better block validation error messages on installation (thanks jordanlev)
Updated simplepie RSS and ATOM parsing library to 1.3 (thanks ahukkanen)
Added closures support to events for PHP 5.3 and greater (just specify an anonymous function.
Here are some of the new features and improvements of Feng Office 2.1 over
version 2.0 final release:
* New notification format
* Advanced search
* Notes and Tasks WYSIWYG
* Tasks quick edit is back and improved
* Google Docs compatibility
* Improved Google Calendar integration
* Archive Dimension Members is back
* Easier to delete Dimension Members (is back)
* Overview ¡ÈView as list¡É is back
* IMAP sent e-mail sync is back
* Improved templates
* Improvements when linking objects
* More data on the task list: good for management
* Indexing of .odt and .fodt
* File extension prevention upload
* Lots of improvements to the Gantt Chart module (Professional Edition)
* Task dependencies (Professional Edition)
* One task for many people
## 2.1.2 (06 September 2012)
- Updated to latest jquery-ujs
- required radio bugfix
- Updated to jQuery 1.8.1
## 2.1.1 (18 August 2012)
- Updated to latest jquery-ujs
- ajax:aborted:file bugfixes
## 2.1.0 (16 August 2012)
- Updated to latest jquery-ujs
- jQuery 1.8.0 compatibility
- Updated to jQuery 1.8.0
- Updated to jQuery UI 1.8.23
## 2.0.3 (16 August 2012)
- Updated to latest jquery-ujs
- created `rails:attachBindings` to allow for customization of $.rails
object settings
- created `ajax:send` event to provide access to jqXHR object from ajax
requests
- added support for `data-with-credentials`
== 1.4.1 Chromeo Fix
* Fix error when sending USR1 signal and no log file is supplied.
== 1.4.0 Chromeo
* kill -USR1 $PID for log rotation [catwell].
* Fix HUP signal being reseted after deamonization [atotic].
* Fix error with nil addresses in Connection#socket_address.
== 1.3.2 Low-bar Squat
* Remove mack and halcyon Rack adapters from automatic detection.
= 1.3.3 / 2012-08-19
* Improved documentation. (burningTyger, Konstantin Haase, Gabriel Andretta,
Anurag Priyam, michelc)
* No longer modify the load path. (Konstantin Haase)
* When keeping a stream open, set up callback/errback correctly to deal with
clients closing the connection. (Konstantin Haase)
* Fix bug where having a query param and a URL param by the same name would
concatinate the two values. (Konstantin Haase)
* Prevent douplicated log output when application is already wrapped in a
`Rack::CommonLogger`. (Konstantin Haase)
* Fix issue where `Rack::Link` and Rails were preventing indefinite streaming.
(Konstantin Haase)
* No longer cause warnings when running Ruby with `-w`. (Konstantin Haase)
* HEAD requests on static files no longer report a Content-Length of 0, but
instead the proper length. (Konstantin Haase)
* When protecting against CSRF attacks, drop the session instead of refusing
the request. (Konstantin Haase)
=== raindrops 0.10.0 - minor feature updates / 2012-06-19 08:30 UTC
Improvements to the Unix domain socket handling and small
bugfixes throughout.
Support for the "unix_diag" facility in Linux 3.3+ is planned
but not yet implemented (patches to raindrops@librelist.org
appreciated)
Brian Corrigan (1):
resolve symlinks to Unix domain sockets
Eric Wong (6):
unix_listener_stats follows and remembers symlinks
middleware/proxy: favor __send__ for method dispatch
unix: show zero-value stats for idle listeners
test_watcher: fix incorrect request/date comparison
watcher: sort index of listener listing
watcher: do not require Rack::Head for HEAD response
See "git log v0.9.0..v0.10.0" for full details
# Liquid Version History
## 2.4.0 / 2012-08-03
* Performance improvements
* Allow filters in `assign`
* Add `modulo` filter
* Ruby 1.8, 1.9, and Rubinius compatibility fixes
* Add support for `quoted['references']` in `tablerow`
* Add support for Enumerable to `tablerow`
* `strip_html` filter removes html comments
0.12.2 (06/24/2012)
* [Vertical Rhythm Module] Removed the $ie-font-ratio constatnt in favor of a
more clear $browser-default-font-size constant.
* [Vertical Rhythm Module] The establish-baseline mixin now styles the <html>
element instead of the <body> element. This makes the vertical rhythm module
work better with rem based measurements.
* [CSS3] Added 3D transform support for Mozillia, IE, and Opera.
* [CSS3] Added -ms support for css3 columns. Add support for the columns
shorthand property.
* [CSS3] Added -ms and -webkit support for CSS Regions. Docs
* [CSS3] Added mixins for column-break properties to the columns module.
* [CSS3] Added a css3/hyphenation module for the word-break and hyphens
properties.
* [CSS3] Made the API more consistent across the different mixins in the
transitions module.
* [CSS3] The text-shadow mixin now supports the spread parameter and it is
used to progressively enhance browsers that support it.
* [CSS3] Add a mixin for the unofficial filter property. Docs
* [CSS3] Removed the -ms prefix for gradients and transforms. Microsoft took
so long to release them, that the spec was approved first.
* [CLI] Added a -I option for adding sass import paths via the CLI during
compilation and project set up.
* [Configuration] For better ruby and rails integration, the add_import_path
command now accepts Sass::Importer objects and Ruby Pathname objects.
* Reverted the hide-text mixin to the -9999 method. If you prefer the Kellum
method then you need to set $hide-text-direction to right in your
stylesheets.
* $legacy-support-for-mozilla can be set to false to disable output for
Firefox 3.6 or earlier.
* Cleaned up the inline-block mixin to have less output and make the
vertical-alignment of that mixin configurable or even turned off. Details
* Output of SVG and original webkit gradients is now omitted when using the
degree-based linear gradient syntax.
* Added a --fonts-dir configuration flag for the compass command line.
* Added tint() and shade() color helper functions, for better
ligthening/darkening of colors.
* Set the standard :css_filename option for sass. This enables relative path
calculations for assets referred to by the stylesheet.
* Remove the Sass middleware if it gets accidently loaded.
Changes with Apache 2.2.23
*) SECURITY: CVE-2012-0883 (cve.mitre.org)
envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
current working directory to be searched for DSOs. [Stefan Fritsch]
*) SECURITY: CVE-2012-2687 (cve.mitre.org)
mod_negotiation: Escape filenames in variant list to prevent a
possible XSS for a site where untrusted users can upload files to
a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
*) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
[Paul Wouters <pwouters redhat.com>, Joe Orton]
*) mod_ldap: Treat the "server unavailable" condition as a transient
error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]
*) core: Add filesystem paths to access denied / access failed messages.
[Eric Covener]
*) core: Fix error handling in ap_scan_script_header_err_brigade() if there
is no EOS bucket in the brigade. PR 48272. [Stefan Fritsch]
*) core: Prevent "httpd -k restart" from killing server in presence of
config error. [Joe Orton]
*) mod_ssl: when compiled against OpenSSL 1.0.1 or later, allow explicit
control of TLSv1.1 and TLSv1.2 through the SSLProtocol directive,
adding TLSv1.1 and TLSv1.2 support by default given 'SSLProtocol All'.
[Kaspar Brand, William Rowe]
*) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
PR 53104. [Greg Ames]
*) Unix MPMs: Fix small memory leak in parent process if connect()
failed when waking up children. [Joe Orton]
*) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.
[Peter Pramberger <peter pramberger.at>, Jim Jagielski]
*) Added SSLProxyMachineCertificateChainFile directive so the proxy client
can select the proper client certificate when using a chain and the
remote server only lists the root CA as allowed.
*) mpm_event, mpm_worker: Remain active amidst prevalent child process
resource shortages. [Jeff Trawick]
*) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]
*) mod_rewrite: Fix the RewriteEngine directive to work within a
location. Previously, once RewriteEngine was switched on globally,
it was impossible to switch off. [Graham Leggett]
*) mod_proxy_balancer: Restore balancing after a failed worker has
recovered when using lbmethod_bybusyness. PR 48735. [Jeff Trawick]
*) mod_dumpio: Properly handle errors from subsequent input filters.
PR 52914. [Stefan Fritsch]
*) mpm_worker: Fix cases where the spawn rate wasn't reduced after child
process resource shortages. [Jeff Trawick]
*) mpm_prefork: Reduce spawn rate after a child process exits due to
unexpected poll or accept failure. [Jeff Trawick]
*) core: Adjust ap_scan_script_header_err*() to prevent mod_cgi and mod_cgid
from logging bogus data in case of errors. [Stefan Fritsch]
*) mod_disk_cache, mod_mem_cache: Decline the opportunity to cache if the
response is a 206 Partial Content. This stops a reverse proxied partial
response from becoming cached, and then being served in subsequent
responses. PR 49113. [Graham Leggett]
*) configure: Fix usage with external apr and apu in non-default paths
and recent gcc versions >= 4.6. [Jean-Frederic Clere]
*) core: Fix building against PCRE 8.30 by switching from the obsolete
pcre_info() to pcre_fullinfo(). PR 52623 [Ruediger Pluem, Rainer Jung]
*) mod_proxy: Add the forcerecovery balancer parameter that determines if
recovery for balancer workers is enforced. [Ruediger Pluem]
- Improved Mojo::EventEmitter to warn about failed error events.
- Improved resilience of Mojo::IOLoop exception handling.
- Improved tests.
- Fixed small CGI bug.
3.40 2012-09-11
- Improved tests.
- Fixed Perl 5.10.1 compatibility.
- Fixed FindBin support in Mojolicious applications.
- Fixed a few multipart bugs.
3.39 2012-09-10
- Improved Mojo::URL and Mojo::Parameters performance.
- Improved documentation.
- Improved tests.
- Fixed support for query parameters in Mojolicious::Plugin::Charset.
3.38 2012-09-07
- Added xor_encode method to Mojo::ByteStream.
- Added xor_encode function to Mojo::Util.
- Improved documentation.
- Fixed small xor_encode bug. (dod, crab)
3.37 2012-09-04
- Added finish method to Mojo::Message.
- Updated jQuery to version 1.8.1.
- Improved documentation.
- Improved tests.
- Fixed Mojo::Transaction to propagate connection close to Mojo::Message.
- Fixed small state bug in Mojo::Transaction.
3.36 2012-08-30
- Improved documentation.
- Improved tests.
- Fixed small multipart bug.
3.35 2012-08-28
- Deprecated Mojolicious::Controller->render_content in favor of content
helper.
- Improved Mojolicious::Plugin::Config to accept mode specific config files
without a normal config file. (alexbyk, sri)
- Improved documentation.
- Improved tests.
3.34 2012-08-24
- Improved documentation.
3.33 2012-08-23
- Improved Mojo::DOM::HTML to handle bad charsets more gracefully.
- Improved documentation.
- Improved tests.
3.32 2012-08-20
- Added event sequentialization support to delay method in Mojo::IOLoop.
(judofyr, marcus, sri)
- Added support for expiration session value to Mojolicious::Sessions.
- Added steps method to Mojo::IOLoop::Delay. (judofyr, marcus, sri)
- Added tap method to Mojo::Base.
- Added squish method to Mojo::ByteStream.
- Added squish function to Mojo::Util.
- Improved documentation.
- Improved tests.
- Fixed json_has method in Test::Mojo.
- Fixed bug in Mojo::Log that prevented some message events from being
emitted.
- Fixed get command to allow ":" character in header values.
- Fixed small class_to_file bug.
- Fixed a few small namespace handling bugs.
Changelog:
FIXED Sites visited while in Private Browsing mode could be found through manual browser cache inspection (787743)
NEW Silent, background updates
NEW Support for SPDY networking protocol v3
NEW WebGL enhancements, including compressed textures for better performance
NEW Localization in Maithili (see all available locales)
CHANGED Optimized memory usage for add-ons
DEVELOPER JavaScript debugger integrated into developer tools
DEVELOPER New layout view added to Inspector
DEVELOPER High precision event timer implemented
DEVELOPER The CSS word-break property has been implemented.
DEVELOPER New responsive design tool allows web developers to switch between desktop and mobile views of sites
HTML5 Native support for the Opus audio codec added
HTML5 The <audio> and <video> elements now support the played attribute
HTML5 The <source> element now supports the media attribute
FIXED Focus rings keep growing when repeatedly tabbing through elements (720987)
Upstream changes:
1.0003 Wed Aug 29 13:44:53 PDT 2012
[BUG FIXES]
- Fix Basic authentication error in case password contains a colon #319
- Fix AccessLog middleware in platforms where %z strftime is not supported #318
- Escape $_ in Plack::Request path method due to a possible URI::Escape bug
1.0002 Mon Aug 13 17:04:25 PDT 2012
[NEW FEATURES]
- Added --no-default-middleware option to plackup #290
[BUG FIXES]
- Use C locale for AccessLog strftime #313
- Escape Plack::Request URI path using RFC 3986 definition (ssmccoy)
[IMPROVEMENTS]
- Documentation improvements (ether, Tom Heady)
- Skip displaying ".." in Plack::App::Directory #277
- Document load_class() doesn't validate user input. #285
1.0001 Thu Jul 26 16:24:13 PDT 2012
[INCOMPATIBLE CHANGES]
- Deleted lots of code, methods and warnings that have been deprecated since 0.99
(which should have been done in the 1.0000 release)
[DEVELOPERS]
- Added bootstrap script to install devel dependencies
[IMPROVEMENTS]
- Fixed version numbers in some of the modules that have their own $VERSION
1.0000 Thu Jul 19 18:59:18 PDT 2012
- This be 1.0! (Same as 0.9991)
0.9991 Thu Jul 19 17:27:52 PDT 2012
[NEW FEATURES]
- Added IIS7 fix middleware (t0m)
0.9990 Wed Jul 18 11:12:07 PDT 2012
[INCOMPATIBILE CHANGES]
- Plack::Request changes the way it parses QUERY_STRING for valueless keys such as
"?a&b=1". Now "a" becomes part of query_parameters with empty string as its value (yannk)
[IMPROVEMENTS]
- Support max-age options in Plack::Response cookies (remorse)
- Pass correct protocol from HTTP::Server::PSGI to display https URL correctly (siracusa)
- Copy Authorization header from FastCGI handler (ray1729)
- Stop special casing COOKIE environment variable in Plack::Request headers (doy)
0.9989 Thu Jun 21 13:39:11 PDT 2012
[IMPROVEMENTS]
- Support streaming in Head middleware (wreis)
- Document middleware prefixing (Jon Swartz)
- Make Basic authentication detection case insensitive per RFC (Mark Fowler)
- Added backlog option to FCGI handler (xaicron)
0.9988 Fri May 11 12:25:09 CEST 2012
[BUG FIXES]
- Fixes HTTP_HOST in HTTP::Message::PSGI #287 (doy)
0.9987 Thu May 10 07:06:32 CEST 2012
[IMPROVEMENTS]
- Support streaming in AccessLog::Timed (Peter Makholm)
- Support streaming in ErrorDocument
- Removed UTF8 hack in HTTP::Message::PSGI. Depends on URI.pm 1.59 (wreis)
- Set Host headers correctly in HTTP::Message::PSGI #177
- Added documentation on supported %-flags in AccessLog (ether)
- Skip unnecessary tests on non-developer environment
0.9986 Mon Mar 12 11:26:59 PDT 2012
[IMPROVEMENTS]
- Use I/O handles to FCGI::Request instead of global STDIN, STDOUT etc. (chansen)
- Improved FastCGI docs (osfameron)
- Cascade app now returns the last response code (aristotle)
upstream changes:
Version 3.60 Aug 15th, 2012
[BUG FIXES]
- In some caes, When unescapeHTML() hit something it didn't recognize with an ampersand and
and semicolon, it would throw away the semicolon and ampersand. It now does a better job.
of preserving content it doesn't recognize. Thanks to CEBJYRE@cpan.org (RT#75595)
- Remove trailing newline after <form> tag inserted by startform and start_form. It can
cause rendering problems in some cases. Thanks to SJOHNSTON@cpan.org (RT#67719)
- Workaround "Insecure Dependency" warning generated by some versions of Perl (RT#53733).
Thanks to degatcpan@ntlworld.com, klchu@lbl.gov and Anonymous Monk
[DOCUMENTATION]
- Clarify that when -status is used, the human-readable phase should be included, per RFC 2616.
Thanks to SREZIC@cpan.org (RT#76691).
[INTERNALS]
- More tests for header(), thanks to Ryo Anazawa.
- t/url.t has been fixed on VMS. Thanks to cberry@cpan.org (RT#72380)
- MANIFEST patched so that t/multipart_init.t is included again. Thanks to shay@cpan.org (RT#76189)
Version 3.59 Dec 29th, 2011
[BUG FIXES]
- We no longer read from STDIN when the Content-Length is not set, preventing
requests with no Content-Length from freezing in some cases. This is consistent
with the CGI RFC 3875, and is also consistent with CGI::Simple. However, the old
behavior may have been expected by some command-line uses of CGI.pm.
Thanks to Philip Potter and Yanick Champoux. See RT#52469 for details:
https://rt.cpan.org/Public/Bug/Display.html?id=52469
[INTERNALS]
- remove tmpdirs more aggressively. Thanks to rjbs (RT#73288)
- use Text::ParseWords instead of ancient shellwords.pl. Thanks to AlexBio.
- remove use of define(@arr). Thanks to rjbs.
- spelling fixes. Thanks to Gregor Herrmann and Alessandro Ghedini.
- fix test count and warning in t/fast.t. Thanks to Yanick.
Changes:
* Fixes some issues in the admin area where some older browsers (IE7, in
particular) may slow down, lag, or freeze.
* Fixes an issue where a theme may not preview correctly, or its screenshot may
not be displayed.
* Fixes the use of multiple trackback URLs in a post.
* Prevents improperly sized images from being uploaded as headers from the
customizer.
* Ensures proper error messages can be shown to PHP4 installs. (WordPress
requires PHP 5.2.4 or later.)
* Fixes handling of oEmbed providers that only return XML responses.
* Addresses pagination problems with some category permalink structures.
* Adds more fields to be returned from the XML-RPC wp.getPost method.
* Avoids errors when updating automatically from very old versions of WordPress
(pre-3.0).
* Fixes problems with the visual editor when working with captions.
Additionally: Version 3.4.2 fixes a few security issues and contains some
security hardening. These issues were discovered and addressed by the WordPress
security team:
* Fix unfiltered HTML capabilities in multisite.
* Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
* Allow operations on network plugins only through the network admin.
* Hardening: Simplify error messages when uploads fail.
* Hardening: Validate a parameter passed to wp_get_object_terms().
* Update Mozilla Lightning to 1.7
* Update Enigmail to 1.4.4 (functionality is not tested yet; should
be updated)
* Regen patches
Changelog:
SeaMonkey-specific changes
None.
Mozilla platform changes
Added support for SPDY networking protocol v3.
Implemented WebGL enhancements, including compressed textures for better performance.
Optimized memory usage for add-ons.
Implemented the CSS word-break property.
Implemented high precision event timer.
HTML5: Added native support for the Opus audio codec.
HTML5: Added support for the source element media attribute.
HTML5: Added support for the audio element and video element played attribute.
Fixed several stability issues.
Fixed in SeaMonkey 2.12
MFSA 2012-70 Location object security checks bypassed by chrome code
MFSA 2012-69 Incorrect site SSL certificate data display
MFSA 2012-68 DOMParser loads linked resources in extensions when parsing text/html
MFSA 2012-65 Out-of-bounds read in format-number in XSLT
MFSA 2012-64 Graphite 2 memory corruption
MFSA 2012-63 SVG buffer overflow and use-after-free issues
MFSA 2012-62 WebGL use-after-free and memory corruption
MFSA 2012-61 Memory corruption with bitmap format images with negative height
MFSA 2012-59 Location object can be shadowed using Object.defineProperty
MFSA 2012-58 Use-after-free issues found using Address Sanitizer
MFSA 2012-57 Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7)
Changes with mod_fcgid 2.3.7
*) Introduce FcgidWin32PreventOrphans directive on Windows to use OS
Job Control Objects to terminate all running fcgi's when the worker
process has been abruptly terminated. PR: 51078
[Thangaraj AntonyCrouse <thangaraj gmail.com>]
*) Periodically clean out the brigades which are pulling in the request
body for handoff to the fcgid child. PR: 51749
[Dominic Benson <dominic.benson thirdlight.com>]
*) Resolve crash during graceful restarts. PR 50309
[Mario Brandt <JBlond gmail.com>]
*) Solve latency/cogestion of resolving effective user file access rights
when no such info is desired, for config related filename stats.
PR: 51020 [Thangaraj AntonyCrouse <thangaraj gmail.com>, William Rowe]
*) Fix regression in 2.3.6 which broke process controls when using vhost-
specific configuration. [Jeff Trawick]
*) Account for first process in class in the spawn score. [Jeff Trawick]
