Changes with Apache 2.4.38
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused.
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data.
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later.
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification.
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed.
*) mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
and we should just set the value for the environment variable
like in the pattern case.
*) mod_session: Always decode session attributes early.
*) core: Incorrect values for environment variables are substituted when
multiple environment variables are specified in a directive.
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration.
*) mod_dav: Fix invalid Location header when a resource is created by
passing an absolute URI on the request line
*) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
*) mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play.
*) mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()'
*) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
authz provider so "Require ssl" works correctly in HTTP/2.
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail.
*) mod_lua: Now marked as a stable module
Apache Tomcat is an implementation of the Java Servlet and JavaServer Pages
technologies. The Java Servlet and JavaServer Pages specifications are
developed under the Java Community Process.
Apache Tomcat is developed in an open and participatory environment and
released under the Apache Software License. Apache Tomcat is intended to
be a collaboration of the best-of-breed developers from around the world.
We invite you to participate in this open development project.
Apache Tomcat powers numerous large-scale, mission-critical web applications
across a diverse range of industries and organizations.
This package tracks 9.x release branch.
Changelog:
Tomcat 8.5.37 (markt)
Catalina
Update: Update the recommended minimum Tomcat Native version to 1.2.19. (markt)
Other
Update: Update the packaged version of the Tomcat Native Library to 1.2.19 to pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1a. (markt)
not released Tomcat 8.5.36 (markt)
Catalina
Fix: 62788: Add explicit logging configuration to write log files using UTF-8 to align with Tomcat's use of UTF-8 by default elsewhere. (markt)
Fix: The default Servlet should not override a previously set content-type. (remm)
Add: 62897: Provide a property (clearReferencesThreadLocals) on the standard Context implementation that enables the check for memory leaks via ThreadLocals to be disabled because this check depends on the use of an API that has been deprecated in later versions of Java. (markt)
Fix: Fix more storeconfig issues with duplicated SSL attributes. (remm)
Fix: 62968: Avoid unnecessary (and relatively expensive) getResources() call in the Mapper when processing rule 7. (markt)
Fix: 62978: Update the RemoteIpValve to handle multiple values in the x-forwarded-proto header. Patch provided by Tom Groot. (markt)
Fix: Update the RemoteIpFilter to handle multiple values in the x-forwarded-proto header. Based on a patch provided by Tom Groot. (markt)
Code: 62986: Refactor the code that performs class scanning during web application start to make integration simpler for downstream users. Patch provided by rmannibucau. (markt)
Fix: 62988: Fix the LoadBalancerDrainingValve so it works when the session cookie configuration is not explicitly declared. Based on a patch provided by Andreas Kurth. (markt)
Fix: 63002: Fix setting rewrite qsdiscard flag. (remm)
Fix: Implement the requirements of section 8.2.2 2c of the Servlet specification and prevent a web application from deploying if it has fragments with duplicate names and is configured to use relative ordering of fragments. (markt)
Coyote
Fix: Avoid an exception when using Tomcat Native built with a version of OpenSSL that does not support TLSv1.3. (markt)
Fix: 62899: Prevent the incorrect timing out of connections when Servlet non-blocking I/O is used to read a request body over an HTTP/2 stream. (markt)
Fix: Avoid bad SSLHostConfig JMX registrations before init. (remm)
Jasper
Add: 53737: Extend JspC, the precompilation tool, to include support for resource JARs. (markt)
Fix: 62976: Avoid an IllegalStateException when using background compilation when tag files are packaged in JAR files. (markt)
Web applications
Fix: 62918: Filter out subtype mbeans to avoid breaking the connector status page. (remm)
Other
Fix: Prevent an error when running in a Cygwin shell and the JAVA_ENDORSED_DIRS system property is empty. Patch provided by Zemian Deng. (markt)
Add: 53930: Add support for the CATALINA_OUT_CMD environment variable that defines a command to which captured stdout and stderr will be redirected. Patch provided by Casey Lucas. (markt)
2018-11-07 Tomcat 8.5.35 (markt)
Catalina
Add: 61692: Add the ability to control which HTTP methods are handled by the CGI Servlet via a new initialization parameter cgiMethods. (markt)
Fix: 62687: Expose content length information for resources when using a compressed war. (remm)
Fix: 62737: Fix rewrite substitutions parsing of {} nesting. (remm)
Fix: Add rewrite flags output when getting the rewrite configuration back. (remm)
Fix: Add missing qsdiscard flag to the rewrite flags as a cleaner way to discard the query string. (remm)
Fix: Add documentation about the files context.xml.default and web.xml.default that can be used to customize conf/context.xml and conf/web.xml on a per host basis. (fschumacher)
Fix: Ensure that a canonical path is always used for the docBase of a Context to ensure consistent behaviour. (markt)
Fix: 62803: Fix SSL connector configuration processing in storeconfig. (remm)
Fix: 62797: Pass throwable to keep client aborts with status 200 rather than 500. Patch submitted by zikfat. (remm)
Fix: 62809: Correct a regression in the implementation of DIGEST authentication support for the Deployer Ant tasks (bug 45832) that prevented the DeployTask from working when authentication was required. (markt)
Update: Update the recommended minimum Tomcat Native version to 1.2.18. (markt)
Add: Ignore an attribute named source on Context elements provided by StandardContext. This is to suppress warnings generated by the Eclipse / Tomcat integration provided by Eclipse. Based on a patch by mdfst13. (markt)
Add: 62830: Added JniLifeCycleListener and static methods Library.loadLibrary(libraryName) and Library.load(filename) to load a native library by a shared class loader so that more than one Webapp can use it. (isapir)
Fix: Correct a typo in the Spanish resource files. Patch provided by Diego Agulló. (markt)
Fix: 62868: Order the Enumeration<URL> provided by WebappClassLoaderBase.getResources(String) according to the setting of the delegate flag. (markt)
Coyote
Add: Add TLSv1.3 to the default protocols and to the all alias for JSSE based TLS connectors when running on a JVM that supports TLS version 1.3. One such JVM is OpenJDK version 11. (rjung)
Fix: 62685: Correct an error in host name validatin parsing that did not allow a fully qualified domain name to terminate with a period. Patch provided by AG. (markt)
Fix: 62739: Do not reject requests with an empty HTTP Host header. Such requests are unusual but not invalid. Patch provided by MichaeNIO2 connector when using the OpenSSL backed JSSE implementation. (schultz/markt)
Fix: 62791: Remove an unnecessary check in the NIO TLS implementation that prevented from secure WebSocket connections from being established. (markt)
Fix: Fix servesed by the fix for 53492, that caused the JSP compiler to hang. (markt)
Fix: 62721: Correct generation of web.xml header when using JspC. (markt)
Fix: 62757: Correct a regression in the fix for 62603 that caused NullPointerExceptions when compiling tag files on first access when development mode was disabled and background compilation was enabled. Based on a patch by Jordi Llach. (markt)
WebSocket
Fix: 62731: Make the URI returned by HandshakeRequest.getRequestURI() and Session.getRequestURI() absolute so that the scheme, host and port are accessible. (markt)
Web applications
Fix: 62676: Expand the CORS filter documentation to make it clear that explicit configuration is required to enable support for cross-origin requests. (markt)
Fix: 62712: Correct NPE in Manager application when attempting to view configured certificates for an APR/native TLS connector. (markt)
Fix: 62761: Correct the advanced CORS example in the Filter documentation to use a valid configuration. (markt)
Fix: 62786: Add a note to the Context documentation to explain that, by default, settings for a Context element defined in server.xml will be overwritten by settings specified in a default context file such as conf/context.xml. (markt)
Fix: Create a little visual separation between the Undeploy button and the other buttons in the Manager application. Patch provided by Łukasz Jąder. (markt)
Other
Update: Update the internal fork of Apache Commons Pool 2 to d4e0e88 (2018-09-12) to pick up some bug fixes and enhancements. (markt)
Update: Update the packaged version of the Tomcat Native Library to 1.2.18 to pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1. (markt)
2018-09-10 Tomcat 8.5.34 (markt)
Catalina
Add: Make the isLocked() method of the LockOutRealm public and expose the method via JMX. (markt)
Fix: Improve the handling of path parameters when working with RequestDispatcher objects. (markt)
Fix: 62664: Process requests with content type multipart/form-data to servlets with a @MultipartConfig annotation regardless of HTTP method. (markt)
Fix: 62667: Add recursion to rewrite substitution parsing. (remm)
Fix: 62669: When using the SSIFilter and a resource does not specify a content type, do not force the content type to application/x-octet-stream. (markt)
Fix: 62670: Adjust the memory leak protection for the DriverManager so that JDBC drivers located in $CATALINA_HOME/lib and $CATALINA_BASE/lib are loaded via the service loader mechanism when the protection is enabled. (markt)
Fix: When generating a redirect to a directory in the Default Servlet, avoid generating a protocol relative redirect. (markt)
Coyote
Fix: Fix potential deadlocks when using asynchronous Servlet processing with HTTP/2 connectors. (markt)
Fix: 62620: Fix corruption of response bodies when writing large bodies using asynchronous processing over HTTP/2. (markt)
Fix: 62628: Additional fixes for output corruption of response bodies when writing large bodies using asynchronous processing over HTTP/2. (markt)
Jasper
Fix: Correct the JSP version in the X-PoweredBy HTTP header generated when the xpoweredBy option is enabled. (markt)
Fix: 62662: Fix the corruption of web.xml output during JSP compilation caused by the fix for 53492. Patch provided by Bernhard Frauendienst. (markt)
Web applications
Add: Expand the information in the documentation web application regarding the use of CATALINA_HOME and CATALINA_BASE. Patch provided by Marek Czernek. (markt)
Fix: 62652: Make it clearer that the version of DBCP that is packaged in Tomcat 8.5.x is DBCP 2. Correct the names of some DBCP 2 configuration attributes that changed between 1.x and 2.x. (markt)
Add: 62666: Expand internationalisation support in the Manager application to include the server status page and provide Russian translations in addition to English. Patch provided by Artem Chebykin. (markt)
Other
Fix: Switch the build script to use http for downloads from an ASF mirror using the closer.lua script to avoid failures due to HTTPS to HTTP redirects. (rjung)
2018-08-17 Tomcat 8.5.33 (markt)
Catalina
Fix: Ensure that the HTTP Vary header is set correctly when using the CORS filter and improve the cacheability of requests that pass through the COPRS filter. (markt)
Fix: 62527: Revert restriction of JNDI to the java: namespace. (remm)
Add: Introduce a new class - MultiThrowable - to report exceptions when multiple actions are taken where each action may throw an exception but all actions are taken before any errors are reported. Use this new class when reporting multiple container (e.g. web application) failures during start. (markt)
Fix: Correctly decode URL paths (+ should not be decoded to a space in the path) in the RequestDispatcher and the web application class loader. (markt)
Add: Make logout more robust if JASPIC subject is unexpectedly unavailable. (markt)
Fix: 62547: JASPIC cleanSubject() was not called on logout when the authenticator was configured to cache the authenticated Principal. Patch provided by Guillermo González de Agüero. (markt)
Add: 62559: Add jaxb-*.jar to the list of JARs ignored by StandardJarScanner. (markt)
Add: 62560: Add oraclepki.jar to the list of JARs ignored by StandardJarScanner. (markt)
Add: 62607: Return a non-zero exit code from catalina.[bat|sh] run if Tomcat fails to start. (markt)
Code: Remove ServletException from declaration of Tomcat.addWebapp(String,String) since it is never thrown. Patch provided by Tzafrir. (markt)
Fix: Use short circuit logic to prevent potential NPE in CorsFilter. (fschumacher)
Code: Simplify construction of appName from container name in JAASRealm. (fschumacher)
Coyote
Update: 60560: Add support for using an inherited channel to the NIO connector. Based on a patch submitted by Thomas Meyer with testing and suggestions by Coty Sutherland. (remm)
Fix: 62507: Ensure that JSSE based TLS connectors work correctly with a DKS keystore. Note: DKS keystores require Java 8 or later. (markt)
Fix: Refactor code that adds an additional header name to the Vary HTTP response header to use a common utility method that addresses several additional edge cases. (markt)
Fix: 62515: When a connector is configured (via setting bindOnInit to false) to bind/unbind the server socket during start/stop, close the socket earlier in the stop process so new connections do not sit in the TCP backlog during the shutdown process only to be dropped as stop completes. In this scenario new connections will now be refused immediately. (markt)
Fix: 62526: Correctly handle PKCS12 format key stores when the key store password is configured to be the empty string. (markt)
Fix: Fix error in back-port of HTTP/2 compression that meant compression was never enabled. (markt)
Fix: 62605: Ensure ReadListener.onDataAvailable() is called when the initial request body data arrives after the request headers when using asynchronous processing over HTTP/2. (markt)
Fix: 62614: Ensure that WriteListener.onWritePossible() is called after isReady() returns false and the window size is subsequently incremented when using asynchronous processing over HTTP/2. (markt)
Jasper
Fix: 53011: When pre-compiling with JspC, report all compilation errors rather than stopping after the first error. A new option -failFast can be used to restore the previous behaviour of stopping after the first error. Based on a patch provided by Marc Pompl. (markt)
Add: 53492: Make the Java file generation process multi-threaded. By default, one thread will be used per core. Based on a patch by Dan Fabulich. (markt)
Add: 62453: Add a performance optimisation for using expressions in tags that depend on uninitialised tag attributes with implied scope. Generally, using an explicit scope with tag attributes in EL is the best way to avoid various potential performance issues. (markt)
Fix: Correctly decode URL paths (+ should not be decoded to a space in the path) in the Jasper class loader. (markt)
Fix: 62603: Fix a potential race condition when development mode is disabled and background compilation checks are enabled. It was possible that some updates would not take effect and/or ClassNotFoundExceptions would occur. (markt)
WebSocket
Fix: 62596: Remove the limit on the size of the initial HTTP upgrade request used to establish the web socket connection. (markt)
Web applications
Add: 61565: Add the ability to trigger a reloading of TLS host configuration (certificate and key files, server.xml is not re-parsed) via the Manager web application. (markt)
Add: 62558: Add Russian translations for the Manager and Host Manager web applications. Based on a patch by Ivan Krasnov. (markt)
Add: 62561: Add advanced class loader configuration information regarding the use of the Server and Shared class loaders to the documentation web application. (markt)
Tribes
Fix: Ensures that the specified rxBufSize is correctly set to receiver buffer size. (kfujino)
Other
Update: Support building with Java 9+ while preserving the Java 7 compatibility at runtime (requires Ant 1.9.8 or later). (ebourg)
Update: Update WSDL4J library to version 1.6.3 (from 1.6.2). (kkolinko)
Update: Update JUnit library to version 4.12 (from 4.11). (kkolinko)
Update: Downgrade CGLib library used for testing with EasyMock to version 2.2.2 (from 2.2.3) as version 2.2.3 is not available from Maven Central. (markt/kkolinko)
Add: Implement checksum checks when downloading dependencies that are used to build Tomcat. (kkolinko)
Fix: Fixed spelling. Patch provided by Jimmy Casey via GitHub. (violetagg)
Update: Update the internal fork of Apache Commons Pool 2 to 3e02523 (2018-08-09) to pick up some bug fixes and enhancements. (markt)
Update: Update the internal fork of Apache Commons DBCP 2 to abc0484 (2018-08-09) to pick up some bug fixes and enhancements. (markt)
Fix: Correct various spelling errors throughout the source code and documentation. Patch provided by Kazuhiro Sera. (markt)
Changelog:
Tomcat 7.0.92 (violetagg)
Catalina
fix Add documentation about the files context.xml.default and web.xml.default that can be used to customize conf/context.xml and conf/web.xml on a per host basis. (fschumacher)
fix Ensure that a canonical path is always used for the docBase of a Context to ensure consistent behaviour. (markt)
fix 62788: Add explicit logging configuration to write log files using UTF-8 to align with Tomcat's use of UTF-8 by default elsewhere. (markt)
fix 62797: Pass throwable to keep client aborts with status 200 rather than 500. Patch submitted by zikfat. (remm)
fix 62809: Correct a regression in the implementation of DIGEST authentication support for the Deployer Ant tasks (bug 45832) that prevented the DeployTask from working when authentication was required. (markt)
update Update the recommended minimum Tomcat Native version to 1.2.18. (markt)
add Ignore an attribute named source on Context elements provided by StandardContext. This is to suppress warnings generated by the Eclipse / Tomcat integration provided by Eclipse. Based on a patch by mdfst13. (markt)
add 62830: Added JniLifeCycleListener and static methods Library.loadLibrary(libraryName) and Library.load(filename) to load a native library by a shared class loader so that more than one Webapp can use it. (isapir)
fix Correct a typo in the Spanish resource files. Patch provided by Diego Agulló. (markt)
fix 62868: Order the Enumeration<URL> provided by WebappClassLoaderBase.getResources(String) according to the setting of the delegate flag. (markt)
Coyote
add Add TLSv1.3 to the default protocols and to the all alias for JSSE based TLS connectors when running on a JVM that supports TLS version 1.3. One such JVM is OpenJDK version 11. (rjung)
fix 62739: Do not reject requests with an empty HTTP Host header. Such requests are unusual but not invalid. Patch provided by Michael Orr. (markt)
add 62748: Add TLS 1.3 support for the APR/Native connector. (schultz/markt)
fix 62791: Remove an unnecessary check in the NIO TLS implementation that prevented from secure WebSocket connections from being established. (markt)
Jasper
fix 62674: Correct a regression in the stand-alone JSP compiler utility, JspC, caused by the fix for 53492, that caused the JSP compiler to hang. (markt)
fix 62721: Correct generation of web.xml header when using JspC. (markt)
fix Fix a regression in the TLD whitespace parsing fix that broke parsing when whitespace was present between the method name and the parameters. (markt)
fix 62757: Correct a regression in the fix for 62603 that caused NullPointerExceptions when compiling tag files on first access when development mode was disabled and background compilation was enabled. Based on a patch by Jordi Llach. (markt)
fix 62808: Fix a regression in the TLD whitespace parsing fix that broke parsing when new lines were present in the method signature. (markt)
WebSocket
fix 62731: Make the URI returned by HandshakeRequest.getRequestURI() and Session.getRequestURI() absolute so that the scheme, host and port are accessible. (markt)
Web applications
fix 62761: Correct the advanced CORS example in the Filter documentation to use a valid configuration. (markt)
fix 62786: Add a note to the Context documentation to explain that, by default, settings for a Context element defined in server.xml will be overwritten by settings specified in a default context file such as conf/context.xml. (markt)
fix Create a little visual separation between the Undeploy button and the other buttons in the Manager application. Patch provided by Łukasz Jąder. (markt)
Other
update Update the packaged version of the Tomcat Native Library to 1.2.18 to pick up the latest Windows binaries built with APR 1.6.5 and OpenSSL 1.1.1. (markt)
Tomcat 7.0.91 (violetagg) released 2018-09-19
Catalina
add 61692: Add the ability to control which HTTP methods are handled by the CGI Servlet via a new initialization parameter cgiMethods. (markt)
fix Ensure that the HTTP Vary header is set correctly when using the CORS filter and improve the cacheability of requests that pass through the COPRS filter. (markt)
fix 62527: Revert restriction of JNDI to the java: namespace. (remm)
add Introduce a new class - MultiThrowable - to report exceptions when multiple actions are taken where each action may throw an exception but all actions are taken before any errors are reported. Use this new class when reporting multiple container (e.g. web application) failures during start. (markt)
fix Correctly decode URL paths (+ should not be decoded to a space in the path) in the RequestDispatcher and the web application class loader. (markt)
add 62559: Add jaxb-*.jar to the list of JARs ignored by StandardJarScanner. (markt)
add 62560: Add oraclepki.jar to the list of JARs ignored by StandardJarScanner. (markt)
add 62607: Return a non-zero exit code from catalina.[bat|sh] run if Tomcat fails to start. (markt)
code Remove ServletException from declaration of Tomcat.addWebapp(String,String) since it is never thrown. Patch provided by Tzafrir. (markt)
fix Use short circuit logic to prevent potential NPE in CorsFilter. (fschumacher)
code Simplify construction of appName from container name in JAASRealm. (fschumacher)
fix Improve the handling of path parameters when working with Requestt type multipart/form-data to servlets with a @MultipartConfig annotation regardless of HTTP method. (markt)
fix 62669: When using the SSIFilter and a resource does not specify a content type, do not force the content type to application/x-octet-s a redirect to a directory in the Default Servlet, avoid generating a protocol relative redirect. (markt)
Coyote
fix Refactor code that adds an additional header name to the Vary HTTP response header to use a common utility method that addresses several additional edge cases. (markt)
fix 62526: Correctly handle PKCS12 format key stores when the key store password is configured to be the empty string. Note that Java 6 does not support PKCS12 key stores configured to use a store password of the empty string. (markt)
fix 62670: Adjust the memory leak protection for the DriverManager so that JDBC drivers located in $CATALINA_HOME/lib and $CATALINA_BASE/lib are loaded via the service loader mechanism when the protection is enabled. (markt)
fix 62685: Correct an error in host name validation parsing that did not allow a fully qualified domain name to terminate with a period. Patch provided by AG. (markt)
Jasper
fix 53011: When pre-compiling with JspC, report all compilation errors rather than stopping after the first error. A new option -failFast can be used to restore the previous behaviour of stopping after the first error. Based on a patch provided by Marc Pompl. (markt)
add 53492: Make the Java file generation process multi-threaded. By default, one thread will be used per core. Based on a patch by Dan Fabulich. (markt)
fix 62603: Fix a potential race condition when development mode is disabled and background compilation checks are enabled. It was possible that some updates would not take effect and/or ClassNotFoundExceptions would occur. (markt)
fix Correct the JSP version in the X-PoweredBy HTTP header generated when the xpoweredBy option is enabled. (markt)
fix 62662: Fix the corruption of web.xml output during JSP compilation caused by the fix for 53492. Patch provided by Bernhard Frauendienst. (markt)
fix Correct parsing of XML whitespace in TLD function signatures that incorrectly only looked for the space character. (markt)
WebSocket
fix 62596: Remove the limit on the size of the initial HTTP upgrade request used to establish the web socket connection. (markt)
Web applications
add 62558: Add Russian translations for the Manager and Host Manager web applications. Based on a patch by Ivan Krasnov. (markt)
add 62561: Add advanced class loader configuration information regarding the use of the Server and Shared class loaders to the documentation web application. (markt)
add Expand the information in the documentation web application regarding the use of CATALINA_HOME and CATALINA_BASE. Patch provided by Marek Czernek. (markt)
fix 62652: Make it clearer that the version of DBCP that is packaged in Tomcat 7.0.x is DBCP 1. (markt)
add 62666: Expand internationalisation support in the Manager application to include the server status page and provide Russian translations in addition to English. Patch provided by Artem Chebykin. (markt)
fix 62676: Expand the CORS filter documentation to make it clear that explicit configuration is required to enable support for cross-origin requests. (markt)
Tribes
fix Ensures that the specified rxBufSize is correctly set to receiver buffer size. (kfujino)
Other
fix Fixed spelling. Patch provided by Jimmy Casey via GitHub. (violetagg)
fix Correct various spelling errors throughout the source code and documentation. Patch provided by Kazuhiro Sera. (markt)
Version 2.1:
* Fixed a regression in FilterView introduced in 2.0. An empty QuerySet was
incorrectly used whenever the FilterSet was unbound (i.e. when there were
no GET parameters). The correct, pre-2.0 behaviour is now restored.
A workaround was to set strict=False on the FilterSet. This is no
longer necessary, so you may restore strict behaviour as desired.
* Added IsoDateTimeFromToRangeFilter. Allows From-To filtering using
ISO-8601 formatted dates.
Version 3.1.0:
**Features**
* Add recognized_tags argument to the linkify Linker class. This
fixes issues when linkifying on its own and having some tags get escaped.
It defaults to a list of HTML5 tags.
**Bug fixes**
* Add six>=1.9 to requirements.
* Fix cases where attribute names could have invalid characters in them.
* Fix problems with LinkifyFilter not being able to match links
across &.
* Fix InputStreamWithMemory when the BleachHTMLParser is
parsing meta tags.
* Fix doctests.
1.7.2
- **FIX**: Fix HTML detection type selector.
- **FIX**: Fixes for :enabled and :disabled.
- **FIX**: Provide a way for Beautiful Soup to parse selectors in a quirks mode to mimic some of the quirks of the old
select method prior to Soup Sieve, but with warnings. This is to help old scripts to not break during the transitional
period with newest Beautiful Soup. In the future, these quirks will raise an exception as Soup Sieve requires
selectors to follow the CSS specification.
1.7.1
- **FIX**: Fix issue with :has() selector where a leading combinator can only be provided in the first selector in a
relative selector list.
1.7.0
- **NEW**: Add support for :in-range and :out-of-range selectors.
- **NEW**: Add support for :defined selector.
- **FIX**: Fix pickling issue when compiled selector contains a NullSelector object.
- **FIX**: Better exception messages in the CSS selector parser and fix a position reporting issue that can occur in
some exceptions.
- **FIX**: Don't compare prefixes when evaluating attribute namespaces, compare the actual namespace.
- **FIX**: Split whitespace attribute lists by all whitespace characters, not just space.
- **FIX**: :nth-* patterns were converting numbers to base 16 when they should have been converting to base 10.
Changes:
=== RELEASE 2.18 ===
- Compile links with graphics support on OpenVMS
- Automatically enable tor mode when the socks port is 9050
- When we are in tor mode, invert the colors on the top line and bottom
line, so that the user can immediatelly see it
- Fix an incorrect shift in write_ev_queue that could cause spurious error
if the socket for interprocess communication fills up.
This bug was introduced in Links 2.15.
- Fix 'runtime error: member access within null pointer' sanitizer warning
- Add a menu entry to save and load a clipboard
- Don't synchronize with the Xserver on every pixmap load
It improves performance on remote connections
- Fix a bug that in the "Network options" dialog box, the value in the
field "Timeout when trying multiple addresses" incorrectly set the value
"Timeout when unrestartable".
- Fix a possible integer overflow in decoder_memory_expand
- Work around a bug on OpenVMS where allocations larger than 0x77fffff0
are treated as if they had 16 bytes
- Fix possible pointer arithmetics bugs if the operating system allocated
memory few bytes below the limit 0xffffffff or 0xffffffffffffffff
- Add a button to never accept invalid certificate for a given server
- Fix incorrect strings -html-t-text-color, -html-t-link-color,
-html-t-background-color, -html-t-ignore-document-color in the manual
page and help (reported by Oliver Schode <oliver.schode@online.de>)
- Windows 7 has a bug (or feature) that corrupts the screen when using the
unaccelerated video driver - when a thread draws into window's device context
and the user simultaneously drags the window, the device context coordinates
may not be updated. Subsequent draws are done with incorrect coordinates.
In order to work around this bug, we detect that a drawing operation
possibly raced with window moving. If it did, we allocate a new DC (the
old one is corrupted) and start a timer that asks the main thread to
redraw the whole window using the new DC.
- Add ascii replacement of Romanian S and T with comma
Fix replacement of c with cedilla and a/i with grave accent a/o/u with
diaeresis
- Use static linking in the released binaries on OS/2 because the DLL
names may clash with other programs
- On OS/2, use AF_OS2 for interprocess communication because the loopback
network device may not be properly configured.
Fall back to 127.0.0.1 only if AF_OS2 in not installed.
- Fixed a bug when IPv6 control connection to a ftp server fails and IPv4
control connection succeeds, links would incorrectly try to make the
data connection using IPv6 (this bug was introduced in Links 2.15).
3.141.0 (2018-10-31)
====================
Edge:
* Added new Edge::Options class that should be used to customize browser
behavior. The instance of options class can be passed to driver
initialization using :options key. Please, note that using options require
insiders builds of Edge.
Chrome:
* Included HasLocation to Chrome driver (thanks @sidonath).
* Updated endpoint to send Chrome Debugging Protocol commands. The old one
has been deprecated in ChromeDriver 40.
Safari:
* Added new Safari::Options class that should be used to customize browser
behavior. The instance of options class can be passed to driver
initialization using :options key. Please, note that using options require
Safari 12+.
Remote:
* Allow passing Options instances to remote driver initialization using
:options key. This feature allows to use browser-specific options classes
(Chrome::Options, Firefox::Options, etc.) and pass them to Server/Grid
instead of capabilities.
1.2.0:
No changes since the last beta release. Enjoy Waitress!
1.2.0b3:
Bugfixes
- Modified clear_untrusted_proxy_headers to be usable without a
trusted_proxy.
- Modified trusted_proxy_count to error when used without a
trusted_proxy.
1.2.0b2:
Bugfixes
- Fixed logic to no longer warn on writes where the output is required to have
a body but there may not be any data to be written. Solves issue posted on
the Pylons Project mailing list with 1.2.0b1.
1.2.0b1:
Happy New Year!
Features
- Setting the trusted_proxy setting to '*' (wildcard) will allow all
upstreams to be considered trusted proxies, thereby allowing services behind
Cloudflare/ELBs to function correctly whereby there may not be a singular IP
address that requests are received from.
Using this setting is potentially dangerous if your server is also available
from anywhere on the internet, and further protections should be used to lock
down access to Waitress.
- Waitress has increased its support of the X-Forwarded-* headers and includes
Forwarded (RFC7239) support. This may be used to allow proxy servers to
influence the WSGI environment.
This also provides a new security feature when using Waitress behind a proxy
in that it is possible to remove untrusted proxy headers thereby making sure
that downstream WSGI applications don't accidentally use those proxy headers
to make security decisions.
The documentation has more information, see the following new arguments:
- trusted_proxy_count
- trusted_proxy_headers
- clear_untrusted_proxy_headers
- log_untrusted_proxy_headers (useful for debugging)
Be aware that the defaults for these are currently backwards compatible with
older versions of Waitress, this will change in a future release of waitress.
If you expect to need this behaviour please explicitly set these variables in
your configuration, or pin this version of waitress.
Documentation:
https://docs.pylonsproject.org/projects/waitress/en/latest/reverse-proxy.html
- Waitress can now accept a list of sockets that are already pre-bound rather
than creating its own to allow for socket activation. Support for init
systems/other systems that create said activated sockets is not included.
- Server header can be omitted by specifying ident=None or ident=''.
Bugfixes
- Waitress will no longer send Transfer-Encoding or Content-Length for 1xx,
204, or 304 responses, and will completely ignore any message body sent by
the WSGI application, making sure to follow the HTTP standard.
Compatibility
- Waitress has now "vendored" asyncore into itself as waitress.wasyncore.
This is to cope with the eventuality that asyncore will be removed from
the Python standard library in 3.8 or so.
Documentation
- Bring in documentation of paste.translogger from Pyramid. Reorganize and
clean up documentation.
nghttp2 v1.36.0.
build
CMake build disables shared library if ENABLE_SHARED_LIB is OFF.
third-party
http-parser has been upgraded to v2.9.0.
mruby has been upgraded to v2.0.0.
nghttpx
nghttpx now pools h1 backend connection per address and uses it when the round robin index points to the address.
nghttpx now randomizes backend address round robin order per thread.
The bug that long certificate serial numbers cannot be handled has been fixed.
h2load
An option to write per-request logs has been added.
asio
The API to get the current server port has been added.
This is a hotfix release for a regression affecting some Drush installations
that was introduced by the fix for SA-CORE-2019-002. No other fixes are
included.
Version 18.12
18.12.0
Changes:
Improved codebase test coverage from 81% to 91%.
Added stream_large_files and host examples in static_file document
Added methods to append and finish body content on Request
Integrated with .appveyor.yml for windows ci support
Added documentation for AF_INET6 and AF_UNIX socket usage
Adopt black/isort for codestyle
Cancel task when connection_lost
Simplify request ip and port retrieval logic
Handle config error in load config file.
Integrate with codecov for CI
Add missed documentation for config section.
Deprecate Handler.log
Pinned httptools requirement to version 0.0.10+
Fixes:
Fix remove_entity_headers helper function
Fix TypeError when use Blueprint.group() to group blueprint with default url_prefix, Use os.path.normpath to avoid invalid url_prefix like api//v1 f8a6af1 Rename the http module to helpers to prevent conflicts with the built-in Python http library
Fix unittests on windows
Fix Namespacing of sanic logger
Fix missing quotes in decorator example
Fix redirect with quoted param
Fix doc for latest blueprint code
Fix build of latex documentation relating to markdown lists
Fix loop exception handling in app.py
Fix content length mismatch in windows and other platform
Fix Range header handling for static files
Fix the logger and make it work
Fix type pikcle->pickle in multiprocessing test
Fix pickling blueprints Change the string passed in the "name" section of the namedtuples in Blueprint to match the name of the Blueprint module attribute name. This allows blueprints to be pickled and unpickled, without errors, which is a requirment of running Sanic in multiprocessing mode in Windows. Added a test for pickling and unpickling blueprints Added a test for pickling and unpickling sanic itself Added a test for enabling multiprocessing on an app with a blueprint (only useful to catch this bug if the tests are run on Windows).
Fix document for logging
Update submitted by Frederic Cambus, the upstream developer of this package.
author's notes
==============
Notable changes:
- Logswan now links against geography/libmaxminddb instead of net/GeoIP
- Take back MAINTAINER, as I'm upstream for this package
upstream changelog
==================
Logswan 2.0.3 (2018-10-15)
- Use -std=c11, Logswan requires a C11 compiler for libmaxminddb
- Enable support for parsing HTTP/2.0 requests, for real this time
- Revert back to using INT64_MAX for strtonum() maxval, as maxval is long long
and using UINT64_MAX caused bandwidth parsing to always fail (Thanks James Loh
for reporting the issue)
- Move maps of countries and continents to separate files
Logswan 2.0.2 (2018-08-05)
- Use UINT64_MAX for strtonum() maxval
- Add missing headers and reorder includes
- Add support for HTTP/2.0
Logswan 2.0.1 (2018-06-27)
- Do not use -Werror by default
- Do not always call inet_pton two times per log line, this speeds things up
- Use bool types for isIPv4 and isIPv6
- Use the monotonic clock to determine runtime
- Move conditional includes for 'pledge' and 'strtonum' in compat.h
Logswan 2.0.0 (2018-03-16)
- Use type off_t for results struct member fileSize
- Reflect OpenBSD's pledge() changes
- Switch to using libmaxminddb and GeoIP2/GeoLite2 databases
- Add Antarctica to the list of continents
Changelog:
15.0.2
Changes
Don't log parameters on user creation in case of error/exception (server#13479)
RemoveClassifiedEventActivity: check if calendar still exists (server#13506)
Broker: add timezone to CANCEL messages (3rdparty#196)
15.0.1
Changes
Change doc link for 15 (server#12963)
Use strengthify.min on personal settings page (server#12984)
Use default cursor for disabled primary buttons (server#13007)
Better activities for systemtags that are removed by CLI (server#13029)
Ie11 compatibility updatenotifications (server#13076)
Fix exception on LDAP mapping during login (server#13119)
Fix SAML Client login flow on Apple devices (server#13123)
Only trust the X-FORWARDED-HOST header for trusted proxies (server#13150)
Prevent special characters from breaking the file drop remote url (server#13151)
Allow content provider to generate new Index (server#13155)
Make the footer "Get your own free account" translatable (server#13169)
Use a case insensitive search for email (server#13179)
Fix ie11 checkboxes (server#13206)
SCSS cache buster is a combination of apps/theming/scc_vars (server#13209)
Files list not rendering if user has favorites navigation unfolded (server#13215)
Do not forgot to store the second displayname portion (server#13218)
Add default values when parsing account data (server#13252)
Fix opening search results for comments (server#13253)
Fetch lastInsertId only when id null (server#13278)
Add caching headers for public previews (server#13328)
Unbundle user_external to release it via appstore (server#13329)
Rewrite getNumberOfUnreadCommentsForFolder query (server#13335)
Fix can change password check in case of encryption is enabled (server#13349)
Update the CRL (server#13352)
Check anonymous OPTIONS requests file in root (not in subdir) (server#13354)
Re add the uploaded file list to file drops (server#13355)
Returns a 404 instead of exception if app is not installed - #13088 (server#13357)
Transpile arrow function for ie11 compatibility (server#13360)
IE fix for apps menu (server#13361)
Allow URI as data for vcard PHOTO (server#13366)
Throttle with correct metadata (server#13368)
Fix loginflow with apptoken enter on iOS (server#13370)
Register and show when an LDAP user was detected as unavailable/deleted (server#13372)
Fix apps menu overlapping (server#13404)
Use the real logger in the settings (server#13405)
CSP: Allow fonts to be provided in data (server#13411)
HttpClient getHeader can return empty string (server#13425)
Respect classification of calendar events in activity stream (server#13439)
Add support for boolean default (server#13444)
Show the repair steps and repair info output in the web for better feedback (server#13469)
Fix PDF sidebar shown in PDF thumbnails (files_pdfviewer#114)
Do not get the url from the download links (files_videoplayer#74)
Use proper slogan from theming app (firstrunwizard#94)
Update info.xml (firstrunwizard#96)
Update richObjectStringParser.js (notifications#245)
3.9.1
Resolve XSS issue in browsable API.
Upgrade Bootstrap to 3.4.0 to resolve XSS issue.
Resolve issues with composable permissions.
Respect limit_choices_to on foreign keys.
Upstream changes:
Moodle 3.6.2 release notes
Releases > Moodle 3.6.2 release notes
Release date: 14 January 2019
Here is the full list of fixed issues in 3.6.2.
Fixes and improvements
MDL-63994 - CAS authentication fixed
MDL-63260 - Exponential question growth prevented when duplicating quizzes
MDL-49651 - Hidden courses no longer send forum notifications to participants
MDL-64290 - IMS Common Cartridge can restore from custom temp directory
MDL-59954 - Drag and drop file uploads now respect the ignore file size limits capability
MDL-64400 - Performance improvement when fetching notifications
MDL-63512 - Lesson question responses show multimedia consistently
MDL-64419 - Messaging user info fix in bootstrapbase themes
MDL-63722 - Question bank pagination fix
MDL-60518 - The result of core_user::is_real_user is now consistent
MDL-64216 - Database query efficiency improvement to core_grade privacy provider
MDL-64025 - Admin bookmarks block can bookmark admin categories
MDL-64275 - All unread counts in message functionality now update without a page refresh
MDL-64426 - Filter support added to group message conversation names
MDL-64357 - LTI assignment and grade LineItems are retained after the cleanup scheduled task is run
MDL-64497 - GDPR moodle_content_writer can no longer cause an endless loop
MDL-64229 - User images are linked to their profile in the new messaging interface
MDL-61633 - Assignment grading interface 'Next page' navigation now resets scrolling to the top of the next page
1.20.0:
- Fix url_query_cleaner to do not append "?" to urls without a query string
- Add support for Python 3.7 and drop Python 3.3
- Add w3lib.url.add_or_replace_parameters helper
- Documentation fixes
Back out the previous build fix.
The base package does not even need C++, so drop from USE_LANGUAGES,
and remove GCC_REQD. Builds on netbsd-7/amd64 with gcc 4.8.
Both options build C++ code. Add c++14 to USE_LANGUAGES and 6 to
GCC_REQD, following upstream documentation.
Upstream changes:
v0.49 (released 2018/11/28):
* bug fixes
Fixed perl shebang line in "dave" script, for ExtUtils::MakeMaker to
correctly replace it. Closes "RT#127819".
Fixed "propfind" response handling to also consider successful an
HTTP 207 status code. Closes "RT#127591".
Fixed "clone()" method to properly respect the class name. Closes
"RT#123528". Thanks to Ricardo Signes for the patch.
* documentation fixes
Fixed various pod issues raised by Debian contributor
"fsfs@debian.org". Closes "RT#119878".
User-visible changes:
- Minor new features and improvements:
* Conflict resolver support for added vs unversioned file (r1845577)
* Conflict resolver support for unversioned directories (r1846299)
- Client-side bugfixes:
* Fix: repos-to-WC copy with --parents doesn't create dirs (#4768)
* Fix: foreign repo copy with peg/operative revisions (#4785)
* Fix: foreign repo copy of file adding mergeinfo (#4792)
* Fix: assertion failure using -rPREV on a working copy at r0 (#4532)
* Fix: tree conflict message ends a sentence with a colon (#4717)
- Server-side bugfixes:
* Fix: unexpected SVN_ERR_FS_NOT_DIRECTORY errors (#4791)
* Fix: mod_dav_svn's SVNUseUTF8 had no effect in some setups (r1844882)
* Fix crash in mod_http2 (#4782)
- Other tool improvements and bugfixes:
* svndumpfilter: Clarify error messages by including node path (r1845261)
- Bindings bugfixes:
* JavaHL: Fix crash in client code when using external diff (r1845408)
Developer-visible changes:
- General:
* Fix build on systems without python in $PATH (r1845555)
- API changes:
(none)
3.5.3:
Bugfixes
- Fix type stubs for aiohttp.web.run_app(access_log=True) and fix edge case of access_log=True and the event loop being in debug mode.
- Fix aiohttp.ClientTimeout type annotations to accept None for fields
- Send custom per-request cookies even if session jar is empty
- Restore Linux binary wheels publishing on PyPI
Changelog:
Fixed
Fixed a browser crash on MacOS (bug 1510058)
Updated the Japanese translation for missing strings (bug 1513259)
Properly restore column sizes in developer tools inspector (bug 1503175)
Fixed video stuttering on Youtube (bug 1513511)
Fix updates for some lightweight themes (bug 1508777)
1.2.0:
feat: Better surfacing of validation errors in UI / optional model instance validation
chore: Use modern setuptools in setup.py
chore: Update URLs to use https://
chore: remove outdated workarounds
chore: Run SQLite tests with in-memory database
fix: Change logging level
fix: Changed get_instance() return val
Drupal\Core\Extension\Exception\UnknownExtensionException: The module standard does not exist. in Drupal\Core\Extension\ExtensionList->get() (line 257 of /usr/pkg/share/drupal/core/lib/Drupal/Core/Extension/ExtensionList.php)
e.g. when trying to put the site in maintenance mode.
3.5.2:
Features
- FileResponse from web_fileresponse.py uses a ThreadPoolExecutor to work with files asynchronously.
I/O based payloads from payload.py uses a ThreadPoolExecutor to work with I/O objects asynchronously.
- Internal Server Errors in plain text if the browser does not support HTML.
Bugfixes
- Preserve MultipartWriter parts headers on write.
Refactor the way how Payload.headers are handled. Payload instances now always
have headers and Content-Type defined.
Fix Payload Content-Disposition header reset after initial creation.
- Log suppressed exceptions in GunicornWebWorker.
- Remove wildcard imports.
- Use the same task for app initialization and web server handling in gunicorn workers.
It allows to use Python3.7 context vars smoothly.
- Fix handling of chunked+gzipped response when first chunk does not give uncompressed data
- Replace collections.MutableMapping with collections.abc.MutableMapping to avoid a deprecation warning.
- Payload.size type annotation changed from Optional[float] to Optional[int].
- Ignore done tasks when cancels pending activities on web.run_app finalization.
1.6.2
- FIX: Fix pattern compile issues on Python < 2.7.4.
- FIX: Don't use \d in Unicode Re patterns as they will contain characters outside the range of [0-9].
4.7.1:
* Fixed a significant performance problem introduced in 4.7.0.
* Fixed an incorrectly raised exception when inserting a tag before or
after an identical tag.
* Beautiful Soup will no longer try to keep track of namespaces that
are not defined with a prefix; this can confuse soupselect.
* Tried even harder to avoid the deprecation warning originally fixed in
4.6.1.
A Flask extension for handling Cross Origin Resource Sharing (CORS),
making cross-origin AJAX possible.
This package has a simple philosophy, when you want to enable CORS, you
wish to enable it for all use cases on a domain. This means no mucking
around with different allowed headers, methods, etc. By default,
submission of cookies across domains is disabled due to the security
implications, please see the documentation for how to enable
credential'ed requests, and please make sure you add some sort of
CSRF protection before doing so!
1.4.0:
- Fix migrations dependencies.
- Added the DJANGO_CELERY_BEAT_TZ_AWARE setting.
1.3.0:
- Fix transaction handling while syncing the schedule.
- Fix schedule type validation logic.
- Scheduler no longer forgets the tasks after first schedule change.
- Fix race condition for schedule_changed() resulting in erroneously closed connections.
- Add support for task priorities when using RabbitMQ or Redis as broker.
- Disabled tasks are now correctly deleted from the schedule.
- Added name as search filter.
1.2.0:
- Allow timezone-aware Cron schedules.
- Retry later in case of InterfaceError in sync.
- Show Periodic Task Description in panel admin.
- Fix CrontabSchedule example.
- Support Periodic Tasks with a start date and one-off tasks.
- Fixes a problem with beat not reconnecting to MySQL (server restart, network problem, etc.) when checking if schedule has changed.
- Add toggle admin action which allows to activate disabled tasks or deactivate enabled tasks.
- Add fields validation for CrontabSchedule.
- Drop support for Django<1.11.
- Fix task heap invalidation bug which prevented scheduled tasks from running when syncing tasks from the database.
- Raise a ValidationError when more than one type (solar, crontab or interval) of schedule is provided.
also patches to work correctly on NetBSD.
5.3.7
* Fixes package installation issues on Ubuntu 18.04. These issues were caused
by an update released by Ubuntu on the nginx-common package.
* Fixes compilation problems and warnings with GCC 8.2. Tested on Alpine Linux
edge 2018-11-05.
* Fixes compatibility with libcurl 7.62.0. Contributed by Po-Chuan Hsieh.
* Changes minimum supported macOS version to 10.11 El Capitan.
* Removes packages for Ubuntu 17.10 Artful.
5.3.6
* Fixes smart spawning. A regression in 5.3.5 (due to a refactoring) made it so
that Passenger only used the direct spawning method. This issue was mostly
noticeable in the form of increased process spawning times between 5.3.4
and 5.3.5.
* Fixes Passenger Core and application processes staying on the Watchdog's OOM
score (unkillable).
* Fixes "mach_vm_map failed" warnings on macOS >= High Sierra. These warnings
were harmless, but annoying.
* Fixes passenger-config compile-agent compilation with optimizations. The
optimization flags were not properly passed to the compiler.
* Fixes a crash that could occur when HTTP clients send a chunked
transfer-encoding body containing a chunk larger than 429496729 bytes.
* Improves detection of the system Apache's include headers on macOS High
Sierra and later.
* Fixes RVM gemset detection on RVM 1.29.
* No longer supplies precompiled Ruby extensions for Ruby 1.9.3 and 2.0.0.
5.3.5
* Fixes Ubuntu 18.04 package installation problems due to Nginx version
mismatch.
* Improves usability of crash reports. Crash reports are no longer dumped
in one big chunk to stderr. Instead, they are now dumped into multiple
files, making it easy to inspect relevant reports.
* Fixes some crashes that only occur with log level 7.
* Downloads binaries from the newly-introduced Github mirror. This improves
the reliability of binary downloads.
* Updated various library versions used in precompiled binaries (used for
e.g. gem installs):
* OpenSSL: 1.0.2p (was: 1.0.2o)
* libcurl: 7.61.1 (was: 7.60.0)
v0.23.0
Removed:
- The POST /session/{session id}/element/{element id}/tap endpoint
was removed, thanks to Kerem Kat.
Changed:
- webdriver crate upgraded to 0.38.0.
Fixed:
- desiredCapabilities and requiredCapabilities are again
recognised on session creation
- duration field made optional on pause actions
- Log level formatted to expected Marionette input
- temporary field on addon installation made optional
- SHA1s in version information uses limited number of characters
Django 2.1.5 fixes a security issue and several bugs in 2.1.4.
CVE-2019-3498: Content spoofing possibility in the default 404 page
Bugfixes:
Fixed compatibility with mysqlclient 1.3.14.
Fixed a schema corruption issue on SQLite 3.26+. You might have to drop and rebuild your SQLite database if you applied a migration while using an older version of Django with SQLite 3.26 or later.
Prevented SQLite schema alterations while foreign key checks are enabled to avoid the possibility of schema corruption.
Fixed a regression in Django 2.1.4 (which enabled keep-alive connections) where request body data isn’t properly consumed for such connections.
Fixed a regression in Django 2.1.4 where InlineModelAdmin.has_change_permission() is incorrectly called with a non-None obj argument during an object add
While the package without options does not actually use C++14,
configure looks for it, and fails to find the C++ version of the C
preprocessor, at least on betbsd-7 with gcc 4.8.5.
(Perhaps the cpp searching could be fixed, and the USE_LANGUAGES pushed
into options that need it, but that seems more complicated than is
useful, given that one more or less needs to have a C++14 cpmpiler
anyway.)
Changes with nginx 1.15.8:
*) Feature: the $upstream_bytes_sent variable.
*) Feature: new directives in vim syntax highlighting scripts.
*) Bugfix: in the "proxy_cache_background_update" directive.
*) Bugfix: in the "geo" directive when using unix domain listen sockets.
*) Workaround: the "ignoring stale global SSL error ... bad length"
alerts might appear in logs when using the "ssl_early_data" directive
with OpenSSL.
*) Bugfix: in nginx/Windows.
*) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms.
Upstream changes:
Changes since 8.6.4
#3023402 by alexpott: \Drupal\Tests\Component\Datetime\DateTimePlusTest fails on latest PHP7.3 build
#3001997 by Krzysztof Domańskii, scott_euser, alexpott: Transliteration a string containing an unknown character (e.g. 0x80) is not valid
#3018942 by welly, alexpott, jibran, Krzysztof Domańskii, floydm: Domain URL language detection - InvalidArgumentException: The user-entered string must begin with a '/', '?', or '#'
#3020902 by Berdir, alexpott: PostgresqlDateSql fails to serialize
Revert "Issue #2986725 by Mile23, devitate, alexpott: doctrine common 2.9 has moved reflection"
#3022183 by wengerk, benjifisher: Fix BlockContentAccessHandlerTest::providerTestAccess wrong coverage by early return
#2984072 by vijaycs85, Lendude, ApacheEx, dawehner: System: Convert ErrorHandlerTest to phpunit
#3019706 by hchonov, alexpott, sheanhoxie, jibran, dawehner: Functional JS Tests are broken if XDEBUG_CONFIG is set as an env variable
Revert "Issue #3019706 by hchonov, jibran: Functional JS Tests are broken if XDEBUG_CONFIG is set as an env variable"
#3021204 by maxocub: Remove maxocub from Migrate maintainers
#3019706 by hchonov, jibran: Functional JS Tests are broken if XDEBUG_CONFIG is set as an env variable
#2986725 by Mile23, devitate, alexpott: doctrine common 2.9 has moved reflection
#2939908 by kjay, steveparks, spitzialist, cferthorney, danharper, Eli-T: Add an article to Umami - Dairy-free chocolate
#3007439 by tim.plunkett, Wim Leers, xopoc: Layout builder renders Book navigation block on non-book pages
#2927768 by justinlevi, Lendude, pritish.kumar, Wim Leers, dawehner: Update RestRegisterUserTest to use the ResourceTestBase base class instead of the deprecated RESTTestBase
#3020550 by catch: Passing commands as a string to Process is deprecated in Symfony 4
#3020579 by catch: TypeError: Argument 3 passed to Symfony\Component\HttpKernel\Event\FilterResponseEvent::__construct() must be of the type integer, string given [Symfony 4]
#2618606 by dawehner, rbayliss: Update.php - Reverse proxy settings not used
#2865344 by mpdonadio, Lendude, mbovan, organicwire, alexpott, jibran, jhedstrom, bobemoe, Berdir, larowlan: Exposed date filters 'empty' and 'not empty' are broken
#2974274 by mitrpaka, RumyanaRuseva, joachim: exception message for unrecognized source IDs in lookupDestinationIds() should have more detail
#2809305 by Upchuk, Pavan B S, Jo Fitzgerald, tim.plunkett, Berdir: Block Context assignment form element shows even if no options are available
#3018774 by xjm: hook_post_update_NAME() docs do not explain batching/ parameter
#3018539 by phenaproxima, rodrigoaguilera, alexpott: Media types cannot be created in the UI without JavaScript
#3018764 by Wim Leers: One test case in MediaUiFunctionalTest is not actually tested due to a duplicate key
#2998462 by AndyF, Baysaa, Siavash, tim.plunkett, millionleaves, fatmarker: Error adding Content Type Selection criteria or Context
#3016501 by govind.maloo, andrewmacpherson, markconroy: Writing style - Umami should be capitalised when it is used as a proper noun in English
#2916595 by phenaproxima, AdamPS, Wim Leers: File element discards attributes if #multiple
#2883260 by kiamlaluno, yogeshmpawar, msankhala, benjifisher, alexpott, bdlangton: Replace the schema example with one actually used from a module
#2883553 by govind.maloo, msankhala, seanB, Berdir, xjm, alexpott: Obsolete argument for hasPermission in node_node_access()
#3016011 by mikelutz, quietone, alexpott: Reroll all migrate dump files
#3017753 by mxr576, alexpott: MemoryBackend should validate the passed cids
Add missing DEPENDS
Upstream changes:
5.90123 - 2018-11-27
- Fix emitting warnings when REMOTE_ADDR is undefined (RT#113388)
- Fix $c->req->hostname empty for IPv6 clients (RT#75731)
- split code to log stats report into a separate log_stats method (RT#127392)
5.90122 - 2018-11-03
- releasing as stable
5.90_121 - 2018-10-22
- use the :utf8_strict (PerlIO::utf8_strict) rather than :encoding file handle
layer to handle decoding uploads, as a performance boost.
- fix handling of decoding uploaded files. this fixes the usage of sysread
on :utf8 handles, and reenables the tests on all perl versions. Fixes CPAN
RT#125843. See also erl RT#133585.
- giving incorrect types to uri_for will warn to logs rather than via carp
- silence warning and error output from tests
The main new features in this release are:
* You can now split your configuration into directories per environment.
Hugo did support multiple configuration files before this release, but
it was hard to manage for bigger sites, especially those with multiple
languages. With this we have also formalized the concept of an
environment; the defaults are production (when running hugo) or
development (when running hugo server) but you can create any
environment you like. We will update the documentation, but all the
details are in this issue. Also, see this PR for how the refactored
configuration for the Hugo website looks like.
* transform.Unmarshal (see
the documentation is a new and powerful template function that can
turn Resource objects or strings with JSON, TOML, YAML or CSV into
maps/arrays.
* Two new global variables in site and hugo. hugo gives you
version info etc. ({{ hugo.Version }}, {{ hugo.Environment }}), but
the site is probably more useful, as it allows you to access the
current site's variables (e.g. {{ site.RegularPages }}) without any
context (or ".").
This version is also the fastest to date. A site building benchmark
shows around 10% faster, but that depends on the site. The important
part here is that we're not getting slower. It's quite a challenge
to consistently add significant new functionality and simultaneously
improve performance. It's like not gaining weight during Christmas. We
also had a small performance boost in version 0.50. A user then reported
that his big and complicated site had a 30% reduction in build time.
This is important to us, one of the core features. It's in the slogan:
"The world's â fastest framework for building websites."
5.7.4 fixes a bug introduced in 5.7.3, in which the list_running_servers()
function attempts to parse HTML files as JSON, and consequently crashes
5.7.3 contains one security improvement and one security fix:
- Launch the browser with a local file which redirects to the server address
including the authentication token
This prevents another logged-in user from stealing the token from command line
arguments and authenticating to the server.
The single-use token previously used to mitigate this has been removed.
Thanks to Dr. Owain Kenway for suggesting the local file approach.
- Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been
assigned CVE-2018-14041
v6.5.4
Fix cheroot.ssl.pyopenssl under Python 3.
Remove custom license field from dist metadata.
Fully integrate trustme into all TLS tests. Also remove all hardcoded TLS certificates.
Remove traces of unittest and ddt usage.
Fix invalid input processing in cheroot._compat.extract_bytes().
Fix returning error explanation over plain HTTP for PyOpenSSL.
Add a fallback for os.lchmod() where it’s missing.
Avoid traceback for invalid client cert with builtin ssl adapter.
Avoid deprecation warning with OpenSSL.SSL.Connection.
Fix socket wrapper in PyOpenSSL adapter.
Improve tests coverage:
Client TLS certificate tests
cheroot._compat.extract_bytes()
Peercreds lookup
v6.5.3
Make SCRIPT_NAME optional per PEP 333.
4.7.0:
* Beautiful Soup's CSS Selector implementation has been replaced by a
dependency on Isaac Muse's SoupSieve project (the soupsieve package
on PyPI). The good news is that SoupSieve has a much more robust and
complete implementation of CSS selectors, resolving a large number
of longstanding issues. The bad news is that from this point onward,
SoupSieve must be installed if you want to use the select() method.
You don't have to change anything lf you installed Beautiful Soup
through pip (SoupSieve will be automatically installed when you
upgrade Beautiful Soup) or if you don't use CSS selectors from
within Beautiful Soup.
SoupSieve documentation: https://facelessuser.github.io/soupsieve/
* Fix a number of problems with the tree builder that caused
trees that were superficially okay, but which fell apart when bits
were extracted.
* Fixed a problem with the tree builder in which elements that
contained no content (such as empty comments and all-whitespace
elements) were not being treated as part of the tree.
* Fixed a problem with multi-valued attributes where the value
contained whitespace.
* Clarified ambiguous license statements in the source code. Beautiful
Soup is released under the MIT license, and has been since 4.4.0.
* This file has been renamed from NEWS.txt to CHANGELOG.
Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4.
It aims to provide selecting, matching, and filtering using modern CSS
selectors. Soup Sieve currently provides selectors from the CSS level 1
specifications up through the latest CSS level 4 drafts (though some are not
yet implemented).
Soup Sieve was written with the intent to replace Beautiful Soup's builtin
select feature, and as of Beautiful Soup version 4.7.0, it now is. Soup Sieve
can also be imported in order to use its API directly for more controlled,
specialized parsing.
Soup Sieve has implemented most of the CSS selectors up through the level 4
drafts, though there are a number that don't make sense in a non-browser
environment. Selectors that cannot provide meaningful functionality simply do
not match anything.
bsd.prefs.mk was being included after dependent variables it provides
were referenced, which meant PYTHON_VERSION_DEFAULT wasn't actually
being checked. (No revision bump, because this didn't prevent anything
from building, it's relevant only to those who customize pkgsrc build
variables.)
OK maya@
3.5.0 (2018-12-22)
Features
The library type annotations are checked in strict mode now.
Add support for setting cookies for individual request
Application.add_domain implementation
The default app in the request returned by test_utils.make_mocked_request can now have objects assigned to it and retrieved using the [] operator.
Make request.url accessible when transport is closed.
Add zlib_executor_size argument to Response constructor to allow compression to run in a background executor to avoid blocking the main thread and potentially triggering health check failures.
Enable users to set ClientTimeout in aiohttp.request
Don’t raise a warning if NETRC environment variable is not set and ~/.netrc file doesn’t exist.
Add default logging handler to web.run_app
If the Application.debug flag is set and the default logger aiohttp.access is used, access logs will now be output using a stderr StreamHandler if no handlers are attached. Furthermore, if the default logger has no log level set, the log level will be set to DEBUG.
Add method argument to session.ws_connect().
Sometimes server API requires a different HTTP method for WebSocket connection establishment.
For example, Docker exec needs POST.
Create a task per request handling.
Bugfixes
Enable passing access_log_class via handler_args
Return empty bytes with end-of-chunk marker in empty stream reader.
Accept CIMultiDictProxy instances for headers argument in web.Response constructor.
Don’t uppercase HTTP method in parser
Make method match regexp RFC-7230 compliant
Add app.pre_frozen state to properly handle startup signals in sub-applications.
Enhanced parsing and validation of helpers.BasicAuth.decode.
Change imports from collections module in preparation for 3.8.
Ensure Host header is added first to ClientRequest to better replicate browser
Fix forward compatibility with Python 3.8: importing ABCs directly from the collections module will not be supported anymore.
Keep the query string by normalize_path_middleware.
Fix missing parameter raise_for_status for aiohttp.request()
Bracket IPv6 addresses in the HOST header
Fix default message for server ping and pong frames.
Fix tests/test_connector.py typo and tests/autobahn/server.py duplicate loop def.
Fix false-negative indicator end_of_HTTP_chunk in StreamReader.readchunk function
Release HTTP response before raising status exception
Fix task cancellation when sendfile() syscall is used by static file handling.
Fix stack trace for asyncio.TimeoutError which was not logged, when it is caught in the handler.
Improved Documentation
Improve documentation of Application.make_handler parameters.
Fix BaseRequest.raw_headers doc.
Fix typo in TypeError exception reason in web.Application._handle
Make server access log format placeholder %b documentation reflect behavior and docstring.
Deprecations and Removals
Deprecate modification of session.requote_redirect_url
Deprecate stream.unread_data()
Deprecated use of boolean in resp.enable_compression()
Encourage creation of aiohttp public objects inside a coroutine
Drop dead Connection.detach() and Connection.writer. Both methods were broken for more than 2 years.
Deprecate app.loop, request.loop, client.loop and connector.loop properties.
Deprecate explicit debug argument. Use asyncio debug mode instead.
Deprecate body parameter in HTTPException (and derived classes) constructor.
Deprecate bare connector close, use async with connector: and await connector.close() instead.
Deprecate obsolete read_timeout and conn_timeout in ClientSession constructor.
18.12.1
fix: return the wrapped function from component decorators
new: add proxy= support for Component transports
fix: Ticket1077 stop start
fix: cleanup cancel handling
v1.5.3:
Fixed XSS vulnerability
Support nested categories in the navbar menu
SQLAlchemy
- sort on multiple columns with column_default_sort
- sort on related models in column_sortable_list
- fix: inline model forms can now also be used for models with multiple primary keys
- support for using mapped column_property
Upgrade Leaflet and Leaflet.draw plugins, used for geoalchemy integration
Specify minimum_input_length for ajax widget
Peewee: support composite keys
MongoEngine: when searching/filtering the input is now regarded as case-insensitive by default
FileAdmin
- handle special characters in filename
- fix a bug with listing directories on Windows
- avoid raising an exception when unknown sort parameter is encountered
WTForms 3 support
Version 0.3.7
Fix error handling in python3
Fix arguments with type=list
Return code for parse_args() is now configurable
Removed flask_restful.paging module.
Removed misleading help_on_404 functionality
JSON keys are no longer sorted by default in debug mode in python3
Various small fixes and updates to documentation
Upstream changes:
3.2
- Windows: Update libcurl to 7.59.0
- Update curl_symbols dataset to 7.59.0
- Fix an IDN unit test (malmテカ.se has messed up their SSL cert)
- Add unit test for multi_fdset
- Add backport of trimws for R 3.1
o fix .htpasswd bypass for authenticated users. reported by JP,
from leot@netbsd.org
o avoid possible null dereference when receiving a big request that
timeout. reported by maya@netbsd.org, from leot@netbsd.org
o fix handling of -T option, from leot@netbsd.org
o cleanups and portability improvements, from maya@netbsd.org
o change directory indexing to use html tables, from
rajeev_v_pillai@yahoo.com
# Version 3.12.0
Release date: 2018-11-28
### Added
* Support Ruby 2.6 endless range in Result#[] and query `:between` option
* Pre-registered headless firefox driver :selenium_headless [Andrew Havens]
* Selenium driver now defaults to clearing `sessionStorage` and `localStorage`. To disable pass `clear_local_storage: false` and/or `clear_session_storage: false` when creating Capybara::Selenium::Driver instance in your driver registration
### Fixed
* Raise error if only :x or :y are passed as an offset to click methods
### Removed
* Support for RSpec < 3.5
# Version 3.11.1
Release date: 2018-11-16
###Fixed
* Fixed :link_or_button XPath generation when it has had an expression filter added
# Version 3.11.0
Release date: 2018-11-14
### Added
* Ability for node filters to set detailed error messages
* `Capybara::HTML` Will use `nokogumbo` for HTML parsing if installed
* `Selector#locator_filter` added to allow for dynamic locator in selectors
### Fixed
* Node filters are evaluated in the context of the Selector they are used in to ensure the correct options are used
# Version 3.10.1
Release date: 2018-11-03
### Fixed
* Fix `aria-label` and `test_id` matching for `link_or_button` selector type - Issue #2125
* Fixed crash in element path creation for matcher failure messages - Issue #2120
# Version 3.10.0
Release date: 2018-10-23
### Added
* :class filter can now check for class names starting with !
* Selector `xpath`/`css` expression definitions will get filter names from block parameters if not explicitly provided
* `any_of_selectors` assertions and matchers to complement `all_of_selectors` and `none_of_selectors`
### Fixed
* Selector `css` expression definiton declared filters now work again
* Cleaned up warnings [Yuji Yaginuma]
* Workaround installation of rspec matcher proxies under jruby by reverting to the old solution not using prepend, so jruby bugs are not hit - Issue #2115
# Version 3.9.0
Release date: 2018-10-03
### Added
* Selenium with Chrome removes all cookies at session reset instead of just cookies from current domain if possible
* Support for Regexp for system :id and :class filters where possible
* `using_session` now accepts a session object as well as the name of the session for users who manually manage sessions
* The `:field` selector will now find `type = "hidden"` fields if the `type: "hidden"` filter option is provided
v1.0.1.5 - Removed callbacks/auth0.
v1.0.1.4 - Fixed calls to get_primary_user_email_object().
v1.0.1.3 - Changed custom form class attribute namess from something like self.register_form to something like self.RegisterFormClass
v1.0.1.2 - Use app.permanent_session_lifetime to limit user session lifetime.
v1.0.1.1 - Alpha release
django CMS Link is a plugin for django CMS that allows you to add links on your
site.
This plugin supports child plugins. If you add an other plugin as a child it
will take this content instead of the link name as the content of the link.
django CMS Audio is a set of plugins for django CMS that allow you to publish
audio files on your site (using an HTML5 player by default, but you can
override this in your own templates if required).
It uses files managed by Django Filer. The plugins allow you to select a single
file or an entire folder of files.
Changelog:
Changes
Nextcloud 15 introduces social networking, next-gen 2-factor authentication and innovative collaborative document editing abilities. This release also adds a new design and grid view, workflow features and 2-3x faster loading performance.
As this is a major release, the changelog is very long. Find an overview of what has been improved in this series of blog posts:
Avoid logging of "Partial search results returned: Sizelimit exceeded..." (server#12292)
Enable sorting in file picker (server#12350)
15.0.0 Beta 2 (server#12355)
Fix the warning appearing in the admin section when mail_smtpmode is not configured (server#12401)
Prefix icon variables with app name to avoid conflicts (server#12421)
Shorten index name of calendar changes table (server#12447)
Fixes dav share issue with owner (server#12458)
Fix string doctype casing (server#12466)
Show thumbnail on rename (server#12467)
Remove conflicting multiselect (server#12468)
Actually return the user when creating version dav nodes (server#12472)
Rollback to default list view (server#12474)
Add welcome bot (server#12476)
Fix navigation layout for items that are added on a re-render (server#12481)
Fix login loader position and theming support (server#12483)
Fix loader colours for better visibility (server#12484)
Format Nextcloud Talk clients sessions. (server#12485)
Remove unused svg api route (server#12487)
Only use width and opacity for transition (server#12489)
Fix share link password input (server#12491)
Return the correct value when trying to get a non existing item from cache by id (server#12494)
Fix login primary colour and feedback (server#12495)
Fix revert icon position on theming settings (server#12496)
Forward object not found error in swift as dav 404 (server#12500)
Make number of file list entries depending on the width for grid view (server#12515)
Fix loading of files external templates file (server#12517)
Fix loading of .woff2 files in .htaccess (server#12518)
Fix updatenotifications display, dependencies and csp (server#12525)
Allow to hide download option for folders shared by link (server#12531)
Fix redirect page design details (server#12539)
Bearer tokens are app token (server#12543)
Handle permission in update of share better (server#12544)
Respect the disabled setting for lost_password_link (server#12552)
Allow empty string in get absolute url (server#12553)
Do not switch to root folder if filelist is already shown (server#12554)
Apply border to primary button if on log in page (and not in a dark container) or if in header (server#12558)
Better header navigation display (server#12559)
Do not show tab headers marked as hidden (server#12570)
Make connectivity check domains configurable (server#12571)
Fix rendering of the sidebar in Files app (server#12577)
Fix navigation more menu background for dark theme (server#12580)
15.0.0 RC 1 (server#12581)
Do not clear new user form on failure (server#12587)
Add explanatory text to admin twofactor settings (server#12589)
Fix Typo in Original English String and All Translations (server#12615)
Extend anonymous options to work on every dav url (server#12638)
Fix count on string (server#12683)
Add interface to allow storages from opting out of encryption (server#12692)
Make acceptance tests for comments more robust (server#12696)
Add acceptance tests for sharing files and folders with another user (server#12700)
I changed the width of the srollbar to make it a bit bigger (server#12712)
Open the updater via a POST form submit instead of eval the JS code d... (server#12713)
Fix folder path containing leading slash when getting mount root by id (server#12714)
Add capabilities for multiple share links (server#12718)
Remove old button to submit the apppassword login (server#12723)
Fix versions sidebar issues (server#12730)
Don't require Same Site Cookies on accessibility app assets (server#12731)
Date title to linkshare (server#12733)
Add pipe mode for sendmail (server#12736)
Set Referrer-Policy also in addSecurityHeaders() (server#12737)
Polishing fixes (server#12740)
Fix the loader position and the focus state on the login button (server#12741)
Add check for missing .woff2 rule in Nginx via setup check (server#12742)
Update compatible versions for cloud federation api (server#12744)
Fix cannot set 0 as value on files_external through OCC command (server#12746)
15.0.0 RC 2 (server#12755)
Parse activity when a user self-unshares a file (server#12756)
Polishing of various modal dialogs (server#12784)
Fix activatable/deactivatable 2fa provider interface typos (server#12805)
Only run the AnonymousOptionsPlugion on Anonymous requests (server#12811)
Fix the system address book (server#12816)
PHP module is named mbstring (server#12825)
Unshare from mail activity is missing (server#12828)
Fix layout of "i" in admin settings of federated sharing (server#12829)
PHP 7.0 is end of life (server#12830)
Do not update child all child shares on group share update (server#12833)
Validate all rich objects (server#12836)
Add setup check for recommended PHP modules (i.e. Imagick, intl) (server#12837)
15.0.0 RC 3 (server#12847)
Make a button out of 'What's new' so it's obvious it can be clicked on (server#12848)
Fix missing click event on update button (server#12849)
Add setup check for pending bigint conversion (server#12853)
No user enumeration on DAV if disabled (server#12856)
Only execute query in propagateChange once (server#12861)
Fix password confirmation lib for ie11 (server#12863)
Log and continue on Dav reader failure (repair uid) (server#12867)
Emit write update only once on touch (server#12868)
Do not show general warning on free space error (server#12880)
Set 3rdparty to pr187 (server#12882)
Fix logo path in non-themed instance (server#12908)
Fix unread comment icon not shown for the sharee (server#12913)
Bump to 15.0.0 final (server#12959)
Bump lukasreschke/id3parser from 0.0.1 to 0.0.3 (3rdparty#118)
Bump stecman/symfony-console-completion from 0.7.0 to 0.8.0 (3rdparty#119)
Bump guzzlehttp/guzzle from 6.3.0 to 6.3.3 (3rdparty#120)
Bump leafo/scssphp from 0.7.6 to 0.7.7 (3rdparty#137)
Bump synfony to 3.4.15 (3rdparty#146)
Bump microsoft/azure-storage-blob from 1.1.0 to 1.2.0 (3rdparty#151)
Bump swiftmailer/swiftmailer from 6.0.2 to 6.1.3 (3rdparty#155)
Bump symfony to 3.4.16 (3rdparty#161)
Bump symfony 3.4.17 (3rdparty#168)
Remove random_compat lib (3rdparty#170)
Bump sabre/dav from 3.2.2 to 3.2.3 (3rdparty#176)
Manually patch PHP-Doc of VObject Splitter (3rdparty#185)
Fix named parameter detection on SQLite (3rdparty#187)
Update version on master (activity#291)
Fix scrolling detection on activity 14 (activity#293)
Make the object information available on emails (activity#299)
Add the mimetype to the preview arrays (activity#300)
Move to compiled handlebrs (activity#301)
Remove unneeded -ms-filter (was only needed for IE8) (activity#302)
Use the query builder and cast the values (activity#304)
Add icon to files sidebar tab (activity#305)
Fix JS unit tests after handlebars (activity#307)
Shorten tab label 'Activities' to 'Activity' (activity#308)
Add a intermediate migration to fix old installations (activity#310)
Correctly restrict affected users when using command to send emails (activity#311)
Autocomplete for email command (activity#314)
Use the substract function instead of manual math (activity#315)
Use the full path instead of the file name in HTML emails too (activity#316)
Update stable15 target versions (activity#319)
Create activity when user unshares a file themselves (activity#323)
Validate rich objects before using (activity#324)
Remove unneeded CSS rule for IE 11 (files_pdfviewer#100)
Update stable15 target versions (files_pdfviewer#109)
Update version on master (files_pdfviewer#94)
Fix embedded viewer with new server layout on IE 11 (files_pdfviewer#95)
Hide footer in public share page (files_pdfviewer#99)
Update version on master (files_texteditor#112)
Update info.xml (files_texteditor#116)
Improve code blocks in markdown rendering (files_texteditor#120)
Update stable15 target versions (files_texteditor#123)
Update version on master (files_videoplayer#61)
Fix videoplayback on NC15 (files_videoplayer#68)
Update stable15 target versions (files_videoplayer#69)
Don't Assume Document Root (firstrunwizard#78)
Update version on master (firstrunwizard#81)
Remove hardcoded background-size (firstrunwizard#84)
Design detail and accessibility fixes (firstrunwizard#85)
Update stable15 target versions (firstrunwizard#89)
Add HEIC/HEIF support to the gallery (gallery#464)
Update version on master (gallery#468)
Move to compiled handlebars (gallery#481)
Remove sharing height limit, since it is overwriting the server defaults (gallery#482)
Hide button if download links are hidden for link shares (gallery#484)
Update stable15 target versions (gallery#485)
Update version on master (logreader#74)
Update version on master (nextcloud_announcements#33)
Update version on master (notifications#159)
Update config and babel for ie11 (notifications#160)
Add vue build test (notifications#162)
Update all NPM (notifications#170)
Bump @babel/core from 7.0.0 to 7.0.1 (notifications#171)
Bump vue-loader from 15.4.1 to 15.4.2 (notifications#172)
Bump webpack from 4.18.0 to 4.19.0 (notifications#173)
Update NPM packages (notifications#176)
Bump webpack from 4.19.0 to 4.19.1 (notifications#177)
Bump webpack from 4.19.1 to 4.20.2 (notifications#179)
Bump babel-loader from 8.0.2 to 8.0.4 (notifications#180)
Update all NPM (notifications#184)
Switch to compiled handlebars (notifications#186)
Bump webpack from 4.20.2 to 4.21.0 (notifications#187)
Add .l10nignore files for compiled assets (notifications#188)
Bump webpack from 4.21.0 to 4.22.0 (notifications#189)
Use the rich message when available and instead of trim overlay with a shadow (notifications#190)
Bump css-loader from 1.0.0 to 1.0.1 (notifications#194)
Bump webpack from 4.22.0 to 4.24.0 (notifications#195)
Bump webpack from 4.24.0 to 4.25.1 (notifications#196)
Bump @babel/preset-env from 7.1.0 to 7.1.5 (notifications#197)
Bump @babel/core from 7.1.2 to 7.1.6 (notifications#199)
Bump @babel/preset-env from 7.1.5 to 7.1.6 (notifications#200)
Bump webpack from 4.25.1 to 4.26.0 (notifications#203)
Update stable15 target versions (notifications#204)
Add icon to empty content message (notifications#210)
Update version on master (password_policy#70)
Update stable15 target versions (password_policy#74)
Adds tooltip to make people aware of API JSON format (serverinfo#129)
Update version on master (serverinfo#131)
Update stable15 target versions (serverinfo#134)
Checking for valid CPU average values (serverinfo#97)
Update version on master (survey_client#81)
Properly escape column name in "createFunction" call (survey_client#84)
Do not call invalid function (survey_client#86)
Update stable15 target versions (survey_client#87)
Changelog:
New
Updated list of currency codes to include Unidad Previsional (UYW) (Bug 1499028)
Fixed
Various security fixes
Security fixes:
#CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
#CVE-2018-18492: Use-after-free with select element
#CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
#CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
#CVE-2018-18498: Integer overflow when calculating buffer sizes for images
#CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
Changes with nginx 1.14.2
*) Bugfix: nginx could not be built by gcc 8.1.
*) Bugfix: nginx could not be built on Fedora 28 Linux.
*) Bugfix: in handling of client addresses when using unix domain listen
sockets to work with datagrams on Linux.
*) Change: the logging level of the "http request", "https proxy
request", "unsupported protocol", "version too low", "no suitable key
share", and "no suitable signature algorithm" SSL errors has been
lowered from "crit" to "info".
*) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
switch off "ssl_prefer_server_ciphers" in a virtual server if it was
switched on in the default server.
*) Bugfix: nginx could not be built with LibreSSL 2.8.0.
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
*) Bugfix: sending a disk-buffered request body to a gRPC backend might
fail.
*) Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used on 32-bit platforms.
Changes with nginx 1.15.7:
*) Feature: the "proxy_requests" directive in the stream module.
*) Feature: the "delay" parameter of the "limit_req" directive.
*) Bugfix: memory leak on errors during reconfiguration.
*) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
$upstream_header_time variables.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used on 32-bit platforms.
- The flex requirements can be just satisfied via USE_TOOLS (the
version was from older webkit-gtk-s and it should be just a tool
dependency).
- No need to specify `:build' in USE_TOOLS, it is already the default
- Update the comment regarding PYTHON_VERSIONS_INCOMPATIBLE definition
Bump PKGREVISION
2.0.32:
- remove invalid email from setup.py
2.0.31:
- py33 is no longer supported. It may works but has been removed from tox config
- Fixed 205: Use empty string as default value for submit and button
- tests use pytest
- docs use the standard Pylons template on RTD
2.0.1
Unknown changes
2.0.0
Python 3 deprecation warning cleanups
Moved code to GitHub under the Pylons Project.
Moved documentation under the Pylons Project, hosted by Read the Docs at https://docs.pylonsproject.org/projects/pastedeploy/en/latest/
1.8.4:
Bugfix
- Response.content_type now accepts unicode strings on Python 2 and encodes
them to latin-1.
- Accept header classes now support a .copy() function that may be used to
create a copy. This allows create_accept_header and other like functions
to accept an pre-existing Accept header.
Warnings
- Some backslashes introduced with the new accept handling code were causing
DeprecationWarnings upon compiling the source to pyc files, all of the
backslashes have been reigned in as appropriate, and users should no longer
see DeprecationWarnings for invalid escape sequence.
1.8.3:
Bugfix
- acceptparse.AcceptValidHeader, acceptparse.AcceptInvalidHeader, and
acceptparse.AcceptNoHeader will now always ignore offers that do not
match the required media type grammar when calling .acceptable_offers().
Previous versions raised a ValueError for invalid offers in
AcceptValidHeader and returned them as acceptable in the others.
Feature
- Add Request.remote_host, exposing REMOTE_HOST environment variable.
- Added acceptparse.Accept.parse_offer to codify what types of offers
are compatible with acceptparse.AcceptValidHeader.acceptable_offers,
acceptparse.AcceptMissingHeader.acceptable_offers, and
acceptparse.AcceptInvalidHeader.acceptable_offers. This API also
normalizes the offer with lowercased type/subtype and parameter names.
Changes:
2.22.5
======
- Improved the logic to determine for which architectures to enable
the JIT compiler support and USE_SYSTEM_MALLOC at build time.
- Fix the build with ENABLE_VIDEO=OFF and ENABLE_OPENGL=OFF.
- Fix several crashes.
3.7.0:
Added support for Django 1.11, 2.0 and 2.1
Removed support for Django < 1.11
Adapted testing infrastructure (tox/travis) to incorporate django CMS 3.5 and 3.6
2.1.3:
Added missing migration for Picture model
2.1.2:
Fixed an issue creating a validation error on the alt attribute
Fixed an issue in the template adding a } after the srcset
Adapted test matrix for django CMS 3.4, 3.5, 3.6 as well as Django 1.11, 2.0 and 2.1
Exclude tests folder from release build
2.2.0:
Fixed test matrix
Exclude tests folder from release build
Added missing migrations for Django 2.1
Added abstract models for File and Folder
Improved readability of Folder.get_files
1.3.0:
* Fix annotations for query parameter
* An incoming query sequence can have int variables (the same as for
Mapping type)
* Add URL.explicit_port property
* Give a friendlier error when port cant be converted to int
* bool(URL()) now returns False
Changelog:
The two big new items in this release is Inline Shortcodes and Consolidated File Caches. In Hugo we really care about build speed, and caching is important. With this release, you get much better control over your cache configuration, which is especially useful when building on a Continous Integration server (Netlify, CircleCI or similar). Inline Shortcodes was implemented to help the Bootstrap project move their documentation site to Hugo. Note that this feature is disabled by default. To enable, set enableInlineShortcodes = true in your site config. Worth mentioning is also the new param shortcode, which looks up the param in page front matter with the site's parameter as a fall back.
This release represents 33 contributions by 7 contributors to the main Hugo code base.
@bep leads the Hugo development with a significant amount of contributions, but also a big shoutout to @moorereason, @emirb, and @allizad for their ongoing contributions.
And a big thanks to @digitalcraftsman and @onedrawingperday for their relentless work on keeping the themes site in pristine condition and to @kaushalmodi for his great work on the documentation site.
Many have also been busy writing and fixing the documentation in hugoDocs,
which has received 10 contributions by 4 contributors. A special thanks to @budparr, @bep, @allizad, and @funkydan2 for their work on the documentation site.
Hugo now has:
30595+ stars
441+ contributors
270+ themes
Enhancements
Templates
Add tests ed698e94 @moorereason
Regenerate templates 89e2716d @bep
Add "param" shortcode f37c5a25 @bep #4010
Add float64 support to where 112461fd @moorereason #5466
Core
Fall back to title in ByLinkTitle sort a9a93d08 @bep #4953
Improve nil handling in IsDescendant and IsAncestor b09a4033 @bep #5461
Other
Remove duplicate mapstructure depdendency 7e75aeca @bep
Add dependency list to README e14e0b19 @bep
Document inline shortcodes aded0f25 @bep #4011
Add inline shortcode support bc337e6a @bep #4011
Include drafts in convert command dcfeed35 @bep #5457
Handle themes in the new file cache (for images, assets) f9b4eb4f @bep #5460
Add tests for permalink on Resource with baseURL with path 12742bac @bep #5226
Add a comment about file mode for new files fabf026f @bep #5434
Add a :project placeholder 94f0f7e5 @bep #5439
Add a cache prune func 3c29c5af @bep #5439
Add a filecache root dir 33502667 @bep
Use time.Duration for maxAge d3489eba @bep #5438
Split implementation and config into separate files 17d7ecde @bep
Update to LibSASS 3.5.5 e4b25728 @bep #5432#5435
More spelling corrections 782dd158 @bep
Spelling corrections aff9c091 @bep
Remove appveyor fdd4a768 @bep
Document the new file cache abeeff13 @bep #5404
Add a consolidated file cache f7aeaa61 @bep #5404
Add Windows build config to Travis 7d78a2af @emirb
Add Elasticsearch/bonsai.io to services doc. c0b3a1af @allizad
Fixes
Templates
Fix whitespace issue aba2647c @max-arnold
Fix test to pass with gccgo a8cb1b07 @ianlancetaylor
Other
Fix handling of commented out front matter 7540a628 @bep #5478
Fix when only shortcode and then summary 94ab125b @bep #5464
Fix ignored --config flag with 'new' command e82b2dc8 @krisbudhram
Fix Permalink for resource, baseURL with path and canonifyURLs set 5df2b79d @bep #5226
Changelog:
New
Better recommendations: You may see suggestions in regular browsing mode for new and relevant Firefox features, services, and extensions based on how you use the web (for US users only)
Enhanced tab management: You can now select multiple tabs from the tab bar and close, move, bookmark, or pin them quickly and easily
Easier performance management: The new Task Manager page found at about:performance lets you see how much energy each open tab consumes and provides access to close tabs to conserve power
Improved performance for Mac and Linux users, by enabling link time optimization (Clang LTO). (Clang LTO was enabled for Windows users in Firefox 63.)
More seamless sharing on Windows: Windows users can now share web pages using the native sharing experience. You can access Share in the Page Actions menu
Added option to remove add-ons using the context menu on their toolbar buttons
New for enterprise users: Updated the policy engine on macOS to allow using configuration profiles to customize Firefox for enterprise deployments
Fixed
Various security fixes
Changed
RSS feed preview and live bookmarks are available only via add-ons
TLS certificates issued by Symantec are no longer trusted by Firefox. Website operators are strongly encouraged to replace any remaining Symantec TLS certificates as soon as possible.
about:crashes has been redesigned to make it clear when a crash is being submitted to Mozilla, as well as being clear that removing crashes locally does not remove them from crash-stats.mozilla.com
The macOS keyboard shortcut to add "www" and ".com" to a URL is now ctrl-enter instead of [apple]-enter
Security fixes:
#CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module
#CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
#CVE-2018-18492: Use-after-free with select element
#CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
#CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
#CVE-2018-18495: WebExtension content scripts can be loaded in about: pages
#CVE-2018-18496: Embedded feed preview page can be abused for clickjacking
#CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators
#CVE-2018-18498: Integer overflow when calculating buffer sizes for images
#CVE-2018-12406: Memory safety bugs fixed in Firefox 64
#CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
pkgsrc changes:
- Remove no longer needed patch-lib_connect.c: imported upstream
Changes:
7.63.0
------
This release includes the following changes:
o curl: add %{stderr} and %{stdout} for --write-out
o curl: add undocumented option --dump-module-paths for win32
o setopt: add CURLOPT_CURLU
This release includes the following bugfixes:
o (lib)curl.rc: fixup for minor bugs
o CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated
o CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description
o CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
o Curl_follow: accept non-supported schemes for "fake" redirects
o KNOWN_BUGS: add --proxy-any connection issue
o NTLM: Remove redundant ifdef USE_OPENSSL
o NTLM: force the connection to HTTP/1.1
o OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
o SECURITY-PROCESS: bountygraph shuts down again
o TODO: Have the URL API offer IDN decoding
o ares: remove fd from multi fd set when ares is about to close the fd
o axtls: removed
o checksrc: add COPYRIGHTYEAR check
o cmake: fix MIT/Heimdal Kerberos detection
o configure: include all libraries in ssl-libs fetch
o configure: show CFLAGS, LDFLAGS etc in summary
o connect: fix building for recent versions of Minix
o cookies: create the cookiejar even if no cookies to save
o cookies: expire "Max-Age=0" immediately
o curl: --local-port range was not "including"
o curl: fix --local-port integer overflow
o curl: fix memory leak reading --writeout from file
o curl: fixed UTF-8 in current console code page (Windows)
o curl_easy_perform: fix timeout handling
o curl_global_sslset(): id == -1 is not necessarily an error
o curl_multibyte: fix a malloc overcalculation
o curle: move deprecated error code to ifndef block
o docs: curl_formadd field and file names are now escaped
o docs: escape "\n" codes
o doh: fix memory leak in OOM situation
o doh: make it work for h2-disabled builds too
o examples/ephiperfifo: report error when epoll_ctl fails
o ftp: avoid two unsigned int overflows in FTP listing parser
o host names: allow trailing dot in name resolve, then strip it
o http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
o http: don't set CURLINFO_CONDITION_UNMET for http status code 204
o http: fix HTTP Digest auth to include query in URI
o http_negotiate: do not close connection until negotiation is completed
o impacket: add LICENSE
o infof: clearly indicate truncation
o ldap: fix LDAP URL parsing regressions
o libcurl: stop reading from paused transfers
o mprintf: avoid unsigned integer overflow warning
o netrc: don't ignore the login name specified with "--user"
o nss: Fall back to latest supported SSL version
o nss: Fix compatibility with nss versions 3.14 to 3.15
o nss: fix fallthrough comment to fix picky compiler warning
o nss: remove version selecting dead code
o nss: set default max-tls to 1.3/1.2
o openssl: Remove SSLEAY leftovers
o openssl: do not log excess "TLS app data" lines for TLS 1.3
o openssl: do not use file BIOs if not requested
o openssl: fix unused variable compiler warning with old openssl
o openssl: support session resume with TLS 1.3
o openvms: fix example name
o os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
o os400: add CURLOPT_CURLU to ILE/RPG binding
o os400: fix return type of curl_easy_pause() in ILE/RPG binding
o packages: remove old leftover files and dirs
o pop3: only do APOP with a valid timestamp
o runtests: use the local curl for verifying
o schannel: be consistent in Schannel capitalization
o schannel: better CURLOPT_CERTINFO support
o schannel: use Curl_ prefix for global private symbols
o snprintf: renamed and we now only use msnprintf()
o ssl: fix compilation with OpenSSL 0.9.7
o ssl: replace all internal uses of CURLE_SSL_CACERT
o symbols-in-versions: add missing CURLU_ symbols
o test328: verify Content-Encoding: none
o tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
o tests: drop http_pipe.py script no longer used
o tool_cb_wrt: Silence function cast compiler warning
o tool_doswin: Fix uninitialized field warning
o travis: build with clang sanitizers
o travis: remove curl before a normal build
o url: a short host name + port is not a scheme
o url: fix IPv6 numeral address parser
o urlapi: only skip encoding the first '=' with APPENDQUERY set
This release includes the following known bugs:
o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alessandro Ghedini, Alexey Melnichuk, Antoni Villalonga, Ben Greear,
bobmitchell1956 on github, Brad King, Brian Carpenter, daboul on github,
Daniel Gustafsson, Daniel Stenberg, Dave Reisner, David Benjamin,
Dheeraj Sangamkar, dtmsecurity on github, Elia Tufarolo, Frank Gevaerts,
Gergely Nagy, Gisle Vanem, Hagai Auro, Han Han, infinnovation-dev on github,
James Knight, Jérémy Rocher, Jeroen Ooms, Jim Fuller, Johannes Schindelin,
Kamil Dudka, Konstantin Kushnir, Marcel Raad, Marc Hörsken, Marcos Diazr,
Michael Kaufmann, NTMan on Github, Patrick Monnerat, Paul Howarth,
Pavel Pavlov, Peter Wu, Ray Satiro, Rod Widdowson, Romain Fliedel,
Samuel Surtees, Sevan Janiyan, Stefan Kanthak, Sven Blumenstein, Tim Rühsen,
Tobias Hintze, Tomas Hoger, tonystz on Github, tpaukrt on github,
Viktor Szakats, Yasuhiro Matsumoto,
(51 contributors)
Thanks! (and sorry if I forgot to mention someone)
Changes:
7.0
---
Fixed YouTube rendering issue due to custom user agent
Fixed invisible cursor in text fields
Restored behavior of " " and "." in urlbar completion
Download/ web notifications for background window/ tab
Highlight in toolbar for finished downloads
Re-introduced proxy server UX
Multiple processes for indivdual tabs
Adaptive toolbar layout for smaller screens
6.0
---
Revamped Vala-only core based on GTK+3 and WebKit2
App based on Gtk.Application, supporting global/ window app menu
Tabs on top with a custom stack switcher and Gtk.Stack
Url completion with GLib.ListModel and Gtk.ListBox
Peas-based extensions, also available in Private Browsing
New fullscreen mode with auto-revealing toolbar
Based on www/midori and updated in pkgsrc-wip by <bsiegert> and <leot>.
Version 4.6.5
Bugs Fixed
* When running mod_wsgi-express and serving up static files from the document root, and the WSGI application was mounted at a sub URL using --mount-point, the static files in the document root outside of the mount point for the WSGI application would no longer be accessible.
* If no system mime types file can be found, fall back to /dev/null so that Apache can still at least start up.
Features Changed
* On macOS, use /var/tmp as default parent directory for server root directory rather than value of $TMPDIR. The latter can produce a path which is too long and UNIX socket cannot be written there.
New Features
* Now possible to use mod_wsgi-express in an a zipapp created using shiv. This entailed a special workaround to detect when shiv was used, so that the unpacked site-packages directory could be added to the Python module search path for mod_wsgi-express.
Many bug fixes including:
- Breadcrumbs disappears when starting with front-page after cache rebuild
- Adding a display mode to a content type using layout, and disabling
layout on that new display mode removes the layout_builder__layout
field and breaks layout in already configured display modes
- Clearing the persistent entity cache every time we switch between
workspaces is super wasteful
For full list, see:
- https://www.drupal.org/project/drupal/releases/8.6.3
- https://www.drupal.org/project/drupal/releases/8.6.4
Nghttp2 v1.35.1
nghttpx
This release fixes the broken trailing slash handling when routing a request. nghttpx allows a pattern which ends “/” to match the request path which just lacks the trailing “/”. Previously, this special handling did not work if certain patterns were registered.
On December 6, 2018, WordPress Version 5.0, named for jazz musician Bebo,
was released to the public. WordPress 5.0 will revolutionize content editing
with introduction of a new block editor and block editor-compatible default
theme Twenty Nineteen.
More infomations at https://wordpress.org/support/wordpress-version/version-5-0/
Upstream changes:
Moodle-3.6.1
Regression fix
MDL-64307 - Previous messaging conversations should be displayed after upgrading
Other fixes
MDL-64206 - Facebook logo is correctly displayed when using OAuth 2 authentication
MDL-63459 - Calculated multichoice question able to answer with negative note in interactive mode
Flask-RESTful is an extension for Flask that adds support for quickly building REST APIs. It is a lightweight abstraction that works with your existing ORM/libraries. Flask-RESTful encourages best practices with minimal setup. If you are familiar with Flask, Flask-RESTful should be easy to pick up.
Upstream changes:
Moodle-3.6 Major features
Dashboard and Course overview
MDL-63044 and MDL-63337 - New Course overview and Timeline block
MDL-63062 - New Recently accessed courses block
MDL-63063 - New Recently accessed items block
MDL-63457 - Option to hide courses in the course overview block
MDL-63058 - Option to star/unstar courses in the course overview block
MDL-63064 - New Starred courses block
MDL-63352 - Dashboard retains user preferences for view options
MDL-63793 - Course overview block retains user preferences for the number of courses to show
MDL-61161 - Grace period when displaying "In progress" courses in course overview block
MDL-63040 - Removal of Dashboard page header
GDPR and Privacy
Note that some of these GDPR improvements have also been backported to Moodle 3.5.3, 3.4.6 and 3.3.9.
MDL-63116 - Data requests bulk actions
MDL-62309 - Option to make site policies required or optional
MDL-61652 - Capabilities for controlling who can download SAR data
MDL-62563 - Data deletion of existing deleted users
MDL-63897 - Pre-processing stage removed from data requests process
MDL-62558 - Data retention summary (read-only)
MDL-63726 - Option to remove the "Data retention summary" link in the footer
MDL-62491 - HTML data request export format
MDL-63401 - User expiry improvements
MDL-63619 - Data purpose and category inheritance improvements
MDL-62560 - Different data retention strategies for different roles in a purpose
MDL-62554 - Ability to configure data registry to use module type defaults
MDL-63009 - Site mentioned in email notifications of data requests
MDL-6074 - Option to hide your name in the online users block
Messaging
MDL-57272 and MDL-63280 - Group messaging
MDL-63303 - New messaging UI with messaging drawer
MDL-63279 - Option to disable site-wide messaging
MDL-63214 - Privacy setting for restricting who can message you
MDL-63213 - Option to star messaging conversations
MDL-63283 - Notifications not sent for group conversations
MDL-63281 - Group members synchronised with messaging conversations members
Assignment
MDL-27520 - Assignment feedback can include media or other files
Quiz
MDL-62610 - Improved quiz statistics report usability for randomized questions
MDL-62708 - Option to add ID numbers to questions and question categories
MDL-63738 - Single questions can be exported from the question bank
Workshop
MDL-60820 - Teachers can specify workshop submission types
Repositories
MDL-58943 - Nextcloud integration, with a Nextcloud repository and OAuth 2 Nextcloud service
Open Badges
MDL-58454 - Support for Open Badges v2.0
Performance
MDL-54035 - Performance improvements to cache flags
MDL-47962 - Glossary auto-linking filter performance improvements
Usability improvements
MDL-51177 - atto_htmlplus implemented to improve Atto editor HTML indenting
MDL-45170 - Copy and paste of images from one WYSIWYG window to another
MDL-61388 - Forum actions announced by screen reader when completed
MDL-62899 - Global search displays a relevant icon next to link in results
MDL-46415 - SVG/high resolution emoticons
MDL-58000 - Larger badge images are used
Experimental
MDL-53566 - Context freezing - setting read-only access for categories, courses, activities and their content
Other highlights
Functional changes
MDL-17943 - 'Resend confirmation email' button on login page
MDL-14274 - IF conditions in grade calculations
MDL-37624 - Calendar entries location support
MDL-36754 - Images are displayed in forum notification emails
MDL-59259 - Course format options may be specified in upload courses CSV file
MDL-41265 - Page resource option to show/hide "Last modified"
MDL-61378 - Forum post HTML structure improvements
MDL-59454 - Option to download the list of course participants
MDL-60520 - Analytics models can use different machine learning backends
MDL-61573 - User menu: customusermenuitems map Font Awesome icons for non pix/t folders
MDL-62320 - JSON added to the default MIME types list
MDL-63431 - Atto media plugin title global attribute support
MDL-60435 - Shibboleth authentication identity providers
MDL-59169 - Grader report saves after edit with multiple tabs
MDL-62960 - Drag and drop of course events respects the course start date
Security issues
MSA-18-0020 Login CSRF vulnerability in login form. Note that this fix has previously been disclosed following the release of Moodle 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
For administrators
MDL-62334 - 'Add a new course' link in Site administration
MDL-63253 - Admin search results provide location of the found matching page
MDL-63772 - Capability to control use of Atto Record RTC
MDL-63708 - New blocks supported by the mobile app can be disabled
MDL-52953 - Legacy log store deprecation
MDL-59429 - Log changes to site administrators
MDL-62651 - adhoc task runner
MDL-62777 - Site upgrades via CLI display new default settings
MDL-63603 - Indian Rupee added to PayPal enrolment currencies
For developers
MDL-55188 - Old Events API final deprecation
MDL-54741 - Phase 2 of deprecation of functions in lib/deprecatedlib.php
MDL-51803 - Reusable element for drag and drop sortable table or list
MDL-63329 - memcache session handler removal
MDL-63658 - New Favourites subsystem
MDL-63729 - Badges web services return new fields and data added by the Open Badges v2.0 specification
MDL-50812 - core_useragent::get_browser_version_classes distinguishes between different browsers
Privacy API update
In addition to existing requirements, any plugin which implements the plugin provider interface must also implement the \core_privacy\local\request\core_userlist_provider interface. Two new methods need to be implemented:
get_users_in_context()
delete_data_for_users()
However, the two above methods are not required for plugins that implement the null_provider only (i.e. which do not store personal data).
Note that these changes are also required for latest Moodle 3.4.6 and 3.5.3 versions.
Behat scenario files
MDL-57281 - The behat step
I navigate to "ITEM" node in "MAINNODE > PATH"
has been deprecated and throws an exception with details on how to replace it. The recommended replacement steps work in all recent Moodle versions. The updated Behat will pass with Moodle 3.4 too.
Login token
If your plugin provides an alternative login form (e.g. it is a theme replacing the default login form template / renderer), the login form must include a new login token field. For details of required changes, see Login token. Note that this also affects latest stable branches too.
New core functions
userdate_htmltime()
Component APIs upgrades
Please refer to the upgrade.txt files in the relevant component directory for changes in this particular Moodle release.
admin/tool/log/upgrade.txt
admin/tool/upgrade.txt
auth/shibboleth/upgrade.txt
auth/upgrade.txt
badges/upgrade.txt
blocks/upgrade.txt
cache/upgrade.txt
calendar/upgrade.txt
course/format/upgrade.txt
course/upgrade.txt
enrol/upgrade.txt
filter/upgrade.txt
grade/grading/form/upgrade.txt
grade/report/upgrade.txt
grade/upgrade.txt
lib/upgrade.txt
media/upgrade.txt
message/upgrade.txt
mod/assign/upgrade.txt
mod/feedback/upgrade.txt
mod/forum/upgrade.txt
mod/quiz/upgrade.txt
mod/scorm/report/basic/upgrade.txt
mod/scorm/upgrade.txt
mod/upgrade.txt
mod/workshop/upgrade.txt
question/format/upgrade.txt
report/upgrade.txt
tag/upgrade.txt
theme/upgrade.txt
user/upgrade.txt
Version 0.11
This release focuses on fixing bugs related to uncommon HTTP/HTML
scenarios and on improving the documentation.
Bug fixes
* Constructing a :class:~mechanicalsoup.Form instance from a
bs4.element.Tag whose tag name is not form will now emit a warning,
and may be deprecated in the future.
* **Breaking Change:** :class:~mechanicalsoup.LinkNotFoundError now derives
from Exception instead of BaseException. While this will bring the
behavior in line with most people's expectations, it may affect the behavior
of your code if you were heavily relying on this implementation detail in
your exception handling.
* Improve handling of button submit elements. Will now correctly ignore
buttons of type button and reset during form submission, since they
are not considered to be submit elements.
* Do a better job of inferring the content type of a response if the
Content-Type header is not provided.
* Improve consistency of query string construction between MechanicalSoup
and web browsers in edge cases where form elements have duplicate name
attributes. This prevents errors in valid use cases, and also makes
MechanicalSoup more tolerant of invalid HTML.
v4.1.2
* Add correct MIME type for WebAssembly, which is required for files to be
executed
* Stop accessing the FILE_CHARSET Django setting which was almost entirely
unused and is now deprecated
v4.1.1
* Fix bug in ETag handling
* Documentation fixes
Django 2.1.4 fixes several bugs in 2.1.3.
Bugfixes:
Corrected the default password list that CommonPasswordValidator uses by lowercasing all passwords to match the format expected by the validator.
Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in an attempt to fix a random crash involving LooseVersion.
Fixed keep-alive support in runserver after it was disabled to fix another issue in Django 2.0.
Fixed admin view-only change form crash when using ModelAdmin.prepopulated_fields.
Django 1.11.17 fixes several bugs in 1.11.16 and adds compatibility with Python 3.7.
Bugfixes:
Prevented repetitive calls to geos_version_tuple() in the WKBWriter class in an attempt to fix a random crash involving LooseVersion since Django 1.11.14.
Bluefish 2.2.10 is a maintenance release. Various language files have been
improved, most notably languages that include CSS. There are also various fixes
for newer gtk versions and for gtk on wayland (which is now the default on
Fedora Linux). A new feature in the 2.2.10 release is the possibility to
import/export syntax color styles, included are styles for a light and a dark
theme. Last there have been fixes for a few rare crashes.
Bluefish 2.2.9 is a maintenance release that most importantly fixes
incompatibility with Gtk 3.20. Next to that some small dialogs have been
improved, and some user interface parts have been polished.
pkgsrc changes:
- Switch to www/webkit-gtk (instead of using webkit24-gtk3)
- Adjust GITHUB_RELEASE to remove the trailing `a', please note that this will
probably not needed for future releases!
Changes:
1.12.5
------
* #665: Webkit browser now supplies 'Liferea' component in user agent
* #664: Added "Mark All As Read" button to headerbar plugin
* #620: Added flatpak JSON
(glitsj16)
* #579: Added item list column drag and drop reordering
(Yanko Kaneti)
* #436, #662: Move from GnomeKeyring to libsecret
(bgermann)
* Fixes#663: Correct instapaper sharing link
(Daniel Alexandersen)
* Fixes#661: Update sharing links
(Daniel Alexandersen)
* Fixes#271: Consistent over usage of CPU (trigger by "Next Unread" loop)
(reported by GreenLunar)
* #472, #632: Dropping Inoreader support (API broke)
1.12.4
------
* Fixes#660: Added installable plugin to change accels
(Lars Windolf)
* Fixes#654: Segfault on date out of range
(Leaiz)
* Fixes#651: Fixes Free Music Archive link in default OPMLs
(reported by benjbrandall)
* Fixes#649: Switch from persistent to session-only cookies
(Daniel Alexandersen)
* Fixes#645, #646: unread count of vfolder
(Leaiz)
* Fixes#637: Extra keywords in .desktop file (syndication; rss; atom)
(Daniel Alexandersen)
* Fixes#557: Updating counters for remote sources
(Leiaz)
* Updated cookie usage hint in FAQ
1.12.3
------
* #634: Added setting for custom download commands
(Leiaz)
* #614: GTK Headerbar support via plugin
(Lars Windolf)
* #608: Refactoring UI code to switch to GAction and GtkBuilder
Note: this implies not having icons in the main menu anymore
which were still there for all non-GNOME users (see #626).
(Leiaz)
* #589: Item list view column order rework as a preparation for
possible real column drag&drop. Introduces a new DConf setting
for the column order.
(Yanko Kaneti)
* Fixes#280: Mark read toolbar button always disabled for search folders
(Lars Windolf, reported by dvahalev)
* Fixes#591: Please add a safety question when "marking all read"
(Leiaz, reported by Nudin)
* Fixes#625: Avoid exception in trayicon.py
(Lars Windolf)
* Fixes#627: GnomeKeyring plugin fails to activate when keyring doesn't exist
(Lars Windolf)
* Fixes#630: Fix feed list selection after DnD
(Peter Zaitev)
* Fixes#633: Big Memory leak in date code
(Leiaz)
* Update of Turkish translation (emintufan)
* Update of French translation (guilieb)
1.12.2
------
* Adding a plugin installer plugin that allows discovering
and automatically installing 3rd party plugins
* #585: Drop language from user agent to increase privacy
(Daniel Aleksandersen)
* #583: Add transmission-gtk and aria2 as download tool options
(Daniel Aleksandersen)
* #495: New command line option --disable-plugins (-p) to start
with all plugins disabled.
* Fixes#610: Liferea not showing up in GNOME Software
(Yanko Kaneti)
* Fixes#604: Correctly print error message when failing
to unlock GNOME keyring
(ghost)
* Fixes#602: CSS style for GTK link colors not used
(reported by pupyc)
* Fixes#581: Redirect location updates and adds HTTP 308 (RFC 7538) support
(Daniel Aleksandersen)
* Fixes#578: Unable to set unread items in bold
(Leiaz, reported by EverEve)
* #612: Update of French translation
(Guillaume Bernard)
* #596: Update of Swedish translation
(jony0008)
* #594: Update of Polish default feed list
(wmyrda)
* #584: Fixes broken OPML feed list entries
(Daniel Aleksandersen)
* #584: Added Norwegian feed list
(Daniel Aleksandersen)
* #577: Fixes newsbin doc typo
(Daniel Aleksandersen)
1.12.1
------
* Fixes#562: Lintian spelling errors
(reported by Paul Gevers)
* Fixes#563: Appstream data has new format
(patch by Paul Gevers)
* Fixes#572: Doesn't remember some sort orders
(reported by geplus)
* Fixes#504: Fix assertions/crashes on changing view layouts
(Leiaz)
* Fixes#573: Workaround to avoid GtkPaned shrinking
(Leiaz)
* #566: Update of Italian translation (Gianvito Cavasoli)
* #566: Update of Italian default feed list (Gianvito Cavasoli)
* #514: Update of Indonesian translation (Samsul Ma'arif)
* #514: Added Indonesian default feed list (Samsul Ma'arif)
* Update of German translation
1.12.0
------
* Fixes unhiding from tray icon when activated via GApplication
(when starting Liferea a 2nd time)
* #399: Reorder columns in 'Normal' email-like view
to have the date column always at the end
(Mikel Olasagasti)
* #532: Add plugin to make unread feeds titles bold
(Yanko Kaneti)
* Workaround for #503: Liferea deanonymize Tor
(Leiaz)
* Fixes#450: #546 Resize both panes in normal and wide view
(Leiaz)
* Fixes#538: toggle_visibility() does not make a minimized window
visible again
(reported by Balló György)
* Fixes#522: Segfault when switching feed in combined view
(patch by jonmstone)
* Fixes#419, #457: Handling of relative URLs in Atom parser
(Leiaz)
* Added 'View Image' context menu option in HTML view
* Dropped del.icio.us from social bookmarking options
as it is a read-only service now.
* Redesign of the wide view mode: larger titles with small text teasers
* Added optional AMP/HTML5 content enrichment feature
1.12-rc3
--------
* Fixes#459: Fixes GtkDoc warnings
(Leiaz)
* Fixes#415: Filter commands are not asynchronous
(Rich Coe)
* Fixes#363: Missing space above internal browser address bar
(reported by nekohayo, patch by Mikel Olasagasti)
* Fixes#208: All "Unread" search folder items marked read at once
(Leiaz)
* Fixes#251: Liferea does not always use theme icons when it is launched
on system startup (reported by GreenLunar, fix by Leiaz)
* Change headline column sorting in wide view to time sorted
* Updated Finnish translation (Jorma Karvonen)
* Updated Latvian translation (Rihards Prieditis)
* Updated Albanian translation (Bensik Bleta)
* Updated Hungarian translation (Balázs Úr)
* Updated Brazlian translation (Rafael Ferreira)
* Updated French translation (Guillaume Bernard)
1.12-rc2
--------
* Change all g_warnings() to g_print() for remote source
to avoid "crashing" on errors.
* Reorganized all UI definitions in separate files to simplify
GtkBuilder handling.
* Github #425: Add GeoRSS info and map link in item header
(Mikel Olasagasti)
* Github #407: Replacing deprecated elements in preferences
(Leiaz)
* Github #396: Create LifereaApplication type
(Leiaz)
* Github #434: Partial RFC3229+feed support for bandwidth savings
(Daniel Aleksandersen)
* Fixes Github #208: gtk_tree_store_get_path: assertion
'iter->stamp == priv->stamp'
(reported by Mno-hime)
* Fixes Github #403: Leftover OSM XSLT in item view
(reported by Paul Gevers)
* Fixes Github #423: Internal browser shows files system on go-back
(Leiaz, reported by Paul Gevers)
* Updated German translation
* Github #441: Updated French translation
(Surfoo)
1.12-rc1a
---------
* Fixing missing header files
1.12-rc1
--------
* Github #348: Added support for downloading content that
cannot be displayed by HTML widget (e.g. PDFs)
(Leiaz)
* Github #355: Migrate to Python3 libpeas loader
(patch by picsel2)
* Github #311: Upgrade to WebKit2
(patch by Leiaz)
* Github #292: Show new item count in tray icon
(patch by mozbugbox)
* Github #297: Minimize to systray on window close
(patch by Hugo Arregui)
* Github #325: Auto-fitting, translated license
(patches by GreenLunar and Adolfo Jayme-Barrientos)
* Fixes Github #73: Problem with favicon update
(reported by asl97)
* Fixes Github #177, #350: Tray icon not scaled properly
(patch by mozbugbox)
* Removes GeoIP rendering via OSM to avoid exposing
users to remote JS library resources.
(reported by Paul Gevers)
* Fixes Github #337: Case sensitive sorting
(reported by Pi03k)
* Fixes Github #361: Show all enclosuers
(Leiaz)
* Fixes Github #368: Segfault on liferea-feed-add
(Leiaz)
* Fixes Github #382: Broken Auto-Detect/No Proxy setting
(Leiaz)
* Fixes Github #383: Per feed don't use proxy setting is broken
(reported by Leiaz)
* Github #309: Update of Japanese translation
(IWAI, Masaharu)
* Github #329: Update of Hebrew translation
(GreenLunar)
* Github #330: Update of Spanish translation
(Adolfo Jayme-Barrientos)
* Update of Swedish translation
(Andreas Ronnquist)
1.11.7
------
* Github #287: Add support for media:group.
(patch by Leiaz)
* Github #287: Fixes issues with media:content.
(patch by Leiaz)
* Fixes Github #283: Bad .desktop categories definition
(reported by Wuzzy2)
* Fixes Github #279: Fixes rules no visible in searchdialog
(patch by Leiaz)
* Fixes Github #278: No "Download" tab in Tools/Preferences
(docs error, reported by Anders Jonsson)
* Fixes Github #83: Segfault when sorting feeds in folder
(patch by Leiaz)
* Fixes French translation
(patch by polo2ro)
* Github #300: Updated manpage
(patch by GreenLunar)
1.11.6
------
* Added "Do Not Track" support (enabled per default)
* Github #193: Added x-scheme-handler/feed to desktop file
(suggested by GreenLunar)
* Github #209: Add image icons to plugins
(by GreenLunar)
* Github #210: Enable tests for parsing RFC822 dates with 2 digit year
(patch by arunanbala)
* Fixes Github #78: Shaky text in feed list
(reported by GreenLunar)
* Fixes Github #195: Out-dated documentation on enclose download
(reported by brian-in-crawford)
* Fixes Github #198: Traceback on popup notifications
(reported by GreenLunar)
* Fixes Github #216: Untranslatable strings
(reported by GreenLunar)
* Fixes Github #256: PyGIWarnings on loading plugins
(patch by glitjs16)
1.11.5
------
* Github #178: Implementing full screen mode for videos
(mozbugbox)
* Fixes Github #32: Prevent erroneous "Mark all as read"
(reported by Mno-hime)
* Improves Github #36, #113: UI lock up during refresh
(suggested by mozbugbox)
* Fixes Github #180: Removing item from (v)folder marks all read
(reported by GreenLunar)
* Fixes Github #140, #158: Vertical pane placement is forgotten.
(patch by foresto)
* Fixes Github #182: Missing config.h include in date.c
(reported by Paul Gevers)
* Update of Russian translation (bboa)
1.11.4
------
* Fixes Github #154: Crashes while starting (corrupt icon)
(reported by jcamposz)
* Github #149: Fixes a random crash on startup
(patch by mozbugbox)
* Fixes Github #79: RTL ordering of Back/Forward icons
(reported by GreenLunar)
* Fixes Github #30: Segfault after updating from 1.8 to 1.10
(reported by vakuum)
* Fixes Github #87: URL resolving wrong if base tag involved
(reported by DanMan, fixed by mozbugbox)
* Fixes all defects reported by Coverity scan
* Simplied external browser handling. Now Liferea only supports
the gtk_show_uri() launch mechanism for the system default browser
and a user specified browser command.
* Update of Albanian translation (Besnik Bleta)
* Update of Hebrew translation (Genghis Khan)
* Update of Spanish translation (Juan Campos Zambrana)
* Fixes typo in Italian translation
1.11.3
------
* Fixes Github #134: Broken default news feed.
(reported by pvdl)
* Fixes Github #133: Subscribe into TheOldReader categories
* Fixes Github #122: Crashes at launch, "segmentation fault"
(reported by geoffm)
* Fixes some memory leaks
(patch by Rich Coe)
* Fixes Github #145: Incorrect method triggered for 'Launch External'
(patch by mozbugbox)
* Fixes Github #48: Window stays hidden on next start after Ctrl+W
(reported by Jeff Fortin)
* Expose LifereaHtmlView to GObject Introspection
(patch by mozbugbox)
* Improves Google Reader API error handling
* Now using HTTPS only when accessing TheOldReader
* Added LifereaNodeSourceActivatable interface to allow plugins
implementing new node source types.
* Downgrade enclosure drop warning from Glib warning to debug trace.
1.11.2
------
* Fixes Github #132: Broken documentation link
(reported by kallus)
* Fixes Github #121: Wrapping issue in folder display
(reported by Jeff Forting)
* Fixes Github #114: Avoid termination on UTF-8 validation error
* Fixes Github #90: Libnotify plugin not working
(reported by asl97)
* Fixes Github #86: Support HTTP content negotiation
(suggested by DanMan)
* Black-list some categories used by Google Reader clones
that should not be visible.
* Allowing browser history to go back to previously
shown headline when browsing inside the item view.
* Dropping offline option as this is duplicated with
desktop environment in GNOME/network manager.
* Fixes Github #100: Problems with dark Adwaita theme in GTK 3.14
(reported by majutsushi)
* Fixes for preferences dialog width.
(patch by Jeff Fortin)
* Update of Arabic translation (Khaled Hosny)
1.11.1
------
* Fixes Github #81: Inability to add subscriptions
(reported by GreenLunar)
* Fixes Javascript links not opening in new browser tabs
* Updated Hebrew translation (Genghis Khan)
* Fixes Github #88: Minor DE translation mistake (moraxy)
1.11.0
------
* Added experimental InoReader support
* Added experimental Reedah support
* Fixes SF #1123: Mistakenly claims "TinyTinyRSS source is not self-updating"
(reported by Dominik Grafenhoher)
* Fixes SF #1119: Crash on font resize at startup.
(reported by David Smith)
* Fixes#1056, #1089, #1098: Honor preferences when opening links
(patch by Daniel Seither)
* Fixes#1117: Selecting last unread item in reduced feed list jumps to next feed
(reported by Bruce Guenter)
* Fixes missing "Via" metadata type
(patch by Rich Coe)
* Fixes incorrect new count reset handling in item_state.c and
some of the node source implementations.
* Fixes SF #1096: missing installation of liferea.convert file
(reported by stqn)
* Fixes SF #1135: liferea-add-feed doesn't process feed:https//
(patch by Kevin Walke)
* Fixes SF #1137, #1142: startup race with LifereaHtmlView
(reported by Yanko Kaneti)
* Fixes Github #13: Parsing errors not visible with dark themes
(reported by Steve Kelly)
* Fixes Github #29: Do not use bold text for feeds/folders with unread items
in the leftmost treeview (repored by Jeff Fortin)
* Fixes SF #1141: Liferea does not update feeds with TinyTinyRSS
(reported by Dominik Grafenhofer, denk_mal, Fabian Henze)
* Fixes SF #1150: subscription prop/source: not all fields and
buttons visible (reported by David Smith)
* Fixes Github #26: RTL comments appear incorrectly
(reported by yaconf)
* Fixes Github #27: Images do not autosize to fit the available space
(reported by Jeff Fortin)
* Fixes Github #34: Add TinyTinyRSS Enclosure Support
(reported by Adrixan)
* Fixes Github #43: "Any of the following" search condition doesn't work
(reported by Jeff Fortin)
* Fixes Github #49: Some dialogs scrolling areas do not request enough height
(reported by Jeff Fortin)
* Fixes Github #53: Doesn't automatically update feed name and favicon
for new feed (reported by asl97)
* Patch SF #224: Update to new libxml2 buffer API
(Simon Kagedal Reimer)
* Patch SF #209: Avoid copying list in itemset_merge_items
(kaloyan)
* Make Liferea use ETags and send If-None-Match
(patch by Chris Siebenmann)
* Support NOCONFIGURE for RPM builds
(Charles A Edwards)
* Rename README to README.md
* Removing libindicate support (to be added as plugin maybe)
* Removing libnotify support (to be added as plugin maybe)
* Removing build in tray icon support
* Added tray icon plugin
* Added category/folder support for TheOldReader
* Added folder auto-removal for TinyTinyRSS & TheOldReader
* Updated README on plugin contribution
* Updated Arabic translation (Khaled Hosny)
Changelog:
Changes
Allow overwrite.cli.url without trailing slash (server#11772)
Remove duplicate call to decodeURIComponent (server#11781)
Check for empty string (server#11783)
Add "Referrer-Policy" to htaccess file, addresses issue #11099 (server#11798)
Always query the lookup server in a global scale setup (server#11800)
Fix a case where "password_by_talk" was not a boolean (server#11851)
Add .l10nignore files for compiled assets (server#11925)
Properly escape column name in "createFunction" call (server#11929)
Allow userId to be null (server#11939)
Allow "same-origin" as "Referrer-Policy" (Backport to stable14) (server#11950)
Do not emit preHooks twice on non-part-storage (server#11961)
Filter null values for UserManager::getByEmail (server#11976)
Allow local delivery of schedule message while prohibiting FreeBusy requests (server#11979)
Load apps/APP/l10n/*.js and themes/THEME/apps/APP/l10n/*.js (server#11990)
Lazy open first source stream in assemblystream (server#11994)
Fix opening a section again in the Files app (server#11995)
Remove cookies from Clear-Site-Data Header (server#12005)
Forwarded ExpiredTokenException (server#12032)
Allow chunked uploads even if your quota is not sufficient (server#12040)
Improve encrypt all / decrypt all (server#12045)
Double check for failed cache with a shared storage (server#12108)
Implement the size of an assembly stream (server#12111)
Bring the browser window of an actor to the foreground when acting as him (server#12120)
Move acceptance tests that crash the PHP built-in server to Apache (server#12121)
Remove unneeded empty search attribute values, fixes#12086 (server#12122)
Fixes wrong variable usage (server#12137)
LDAP: announce display name changes so that addressbook picks it up (server#12141)
Bruteforce protection handling in combination with (server#12160)
Add global site selector as user back-end which doesn't support password confirmation (server#12184)
Do not set indeterminate state for file shares (server#12187)
Revert "Wait for cron to finish before running upgrade command" (server#12197)
Fix bug #12151: fix list formatting by correcting malformed html (server#12202)
A folder should get a folder mimetype (server#12297)
Use the proper server for the apptoken flow login (server#12299)
Do not log FileLock as exception (server#12300)
Set the filemodel before rending the detailsview (server#12301)
Disabled ldap fix (server#12331)
Fix - Add to favorites not working in IE11 (server#12339)
Remove arrow function for ie compatibility (server#12341)
Fix default types of activity event member variables (server#12353)
Suppress wrong audit log messages about failed login attempts (server#12372)
Add fix for IE11 flexbox height bug (server#12374)
Properly search the root of a shared external storage (server#12375)
Fix app update available check (server#12412)
Use nextcloud-password-confirmation (server#12416)
Fix IE rule for min width (server#12431)
Added cache override to ensure an always up-to-date accessibility css (server#12432)
Unique contraint and deadlock fixes for filecache and file_locks (server#12433)
Fix app menu calculation for random size of the right header (server#12440)
Fix missing quickaccess favorite folder on add (server#12441)
Fixes dav share issue with owner (server#12459)
Fix wrong share popover opening on share link (server#12482)
Only use width and opacity for transition (server#12492)
Forward object not found error in swift as dav 404 (server#12502)
Fix the warning appearing in the admin section when mail_smtpmode is not configured (server#12529)
Remove unused svg api route (server#12542)
Bearer tokens are app token (server#12545)
Handle permission in update of share better (server#12561)
Correctly restrict affected users when using command to send emails (activity#312)
Improve code blocks in markdown rendering (files_texteditor#121)
Properly escape column name in "createFunction" call (survey_client#85)
5.7.2
5.7.2 contains a security fix preventing malicious directory names
from being able to execute javascript. CVE request pending.
5.7.1
5.7.1 contains a security fix preventing nbconvert endpoints from executing javascript with access to the server API. CVE request pending.
5.7.0
New features:
- Update to CodeMirror to 5.37, which includes f-string sytax for Python 3.6
- Update jquery-ui to 1.12
- Check Host header to more securely protect localhost deployments from DNS rebinding.
This is a pre-emptive measure, not fixing a known vulnerability
Use .NotebookApp.allow_remote_access and .NotebookApp.local_hostnames to configure
access.
- Allow access-control-allow-headers to be overridden
- Allow configuring max_body_size and max_buffer_size
- Allow configuring get_secure_cookie keyword-args
- Respect nbconvert entrypoints as sources for exporters
- Include translation sources in source distributions
- Various improvements to documentation
Fixing problems:
- Fix breadcrumb link when running with a base url
- Fix possible type error when closing activity stream
- Disable metadata editing for non-editable cells
- Fix some styling and alignment of prompts caused by regressions in 5.6.0.
- Enter causing page reload in shortcuts editor
- Fix uploading to the same file twice
5.4.0:
New Features
- No input flag (--no-input)
- Add alias --to ipynb for notebook exporter
- Add export_from_notebook
- If set, use nb.metadata.authors for LaTeX author line
- Populate language_info metadata when executing
- Support for \mathscr
- Allow the execute preprocessor to make use of an existing kernel
- Refactor ExecutePreprocessor
- Update widgets CDN for ipywidgets 7 w/fallback
- Add support for adding custom exporters to the "Download as" menu.
- Enable ANSI underline and inverse
- Update notebook css to 5.4.0
- Change default for slides to direct to the reveal cdn rather than locally
- Use "title" instead of "name" for metadata to match the notebook format
- Img filename metadata
- Added MathJax compatibility definitions
- Per cell exception
- Simple API for in-memory templates
- Set BIBINPUTS and BSTINPUTS environment variables when making PDF
- If nb.metadata.title is set, default to that for notebook
Deprecations
- Drop support for python 3.3
Fixing Problems
- Fix api break
- Don't remove empty cells by default
- Handle attached images in html converter
- No need to check for the channels already running
- Update font-awesome version for slides
- Properly treat JSON data
- Skip executing empty code cells
- Ppdate log.warn (deprecated) to log.warning
- Cleanup notebook.tex during PDF generation
- Windows unicode error fixed, nosetest added to setup.py
- Better content hiding; template & testing improvements
- Fix Jinja syntax in custom template example.
- Fix for an issue with empty math block
- Add parser for Multiline math for LaTeX blocks
- Use defusedxml to parse potentially untrusted XML
- Fixes for traitlets 4.1 deprecation warnings
Testing, Docs, and Builds
- A couple of typos
- Add python_requires metadata.
- Document --inplace command line flag.
- Fix minor typo in usage.rst
- Add note about local reveal_url_prefix
- Move onlyif_cmds_exist decorator to test-specific utils
- Include LICENSE file in wheels
- Added Ubuntu Linux Instructions
- Check for too recent of pandoc version
- Removing more nose remnants via dependencies.
- Remove offline statement and add some clarifications in slides docs
- Linkify PR number
- Added shebang for python
- Upgrade mistune dependency
- add feature to improve docs by having links to prs
- Update notebook CSS from version 4.3.0 to 5.1.0
- Explicitly exclude or include all files in Manifest.
2.2.3:
* Enforce that response headers are only bytestrings, rather than allowing
unicode strings and coercing them into bytes.
* New command-line options to set proxy header names: --proxy-headers-host and
--proxy-headers-port.
Upstream changes:
1.90 2018-11-12 18:02:03Z
[DOCUMENTATION]
- Pod fixes (GH#261) (Julien Fiegehenn)
- Fixed pod error as reported by CPANTS. (GH#264) (Mohammad S Anwar)
[ENHANCEMENTS]
- Upgrade to HTML::TreeBuilder version 5 to get support for weak references in
HTML::Element (GH#251) (Julien Fiegehenn)
1.89 2018-10-18 19:13:34Z
[ENHANCEMENTS]
- Add support to find_image() and find_all_images() via 'id'
and 'class' (GH#242) (Julien Fiegehenn)
- Pass strict/verbose constructor args to HTML::Form (GH#256) (Julien Fiegehenn)
- Add ability to clear history and tests for history (GH#259) (mschae94)
Upstream changes:
version 2.28 at 2018-09-17 09:19:09 +0000
-----------------------------------------
Change: cf677362a133592236f3a438ba339ae0fa030c80
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2018-09-17 10:19:09 +0000
Release engineering for 2.28
Change: d712a41b23990ecbee9050b997532b8c6b4c6065
Author: Damyan Ivanov <dmn@debian.org>
Date : 2018-09-16 20:51:07 +0000
add support for IPv6
Upstream changes:
0.25 2018-11-03
* Add support for compiling :disabled, :selected, :checked, :text,
:last-of-type
I'm not sure whether the Perl XPath libaries support this, but at least
we can compile it.
This addresses RT #124406, thanks to Andrew Maguire
0.24 2018-11-02
* Test stability improvement if HTML::TreeBuilder::XPath is not installed
* Re-release with properly fixed META.* information
(RT 127555, reported by Dan Book)
* No code changes, no need to upgrade
o add url remap support via .bzremap file, from martin@netbsd.org
o handle redirections for any protocol, not just http:
o fix a denial of service attack against header contents, which
is now bounded at 16KiB. reported by JP
o reduce default timeouts, and add expand timeouts to handle the
initial line, each header, and the total time spent
o add -T option to expose new timeout settings
o minor RFC fixes related to timeout handling
o fix special file (.htpasswd, .bz*) bypass. reported by JP.
anyone using .htpasswd files should update ASAP.
Nghttp2 v1.35.0
lib
Use __has_declspec_attribute in order to check that dllexport/dllimport can be used.
build
libevent detection with cmake has been improved.
src
C++14 language features are now required.
nghttpx
mruby send_info non-final response is now written early.
Fix assertion failure on mruby send_info with HTTP/1.1 frontend.
h2load
HTTP/1.1 non-final response is now handled correctly.
Clarify that time for connect includes TLS handshake.
Changes 2.1.4:
Fix: shell_plus, fix 1261 check for --notebook-dir=... argument style
Fix: graph_models, Excluded models displayed as an underscore
Fix: set_fake_password, requires_model_validation has been replaced with requires_system_checks since 1.9
Docs: admin_generator, new documentation and examples
Improvement: JSONField, use new from_db_value syntax on Django 2 and up
Improvement: EncryptedTextField, use new from_db_value syntax on Django 2 and up
Improvement: graph_models, add --dot option
Improvement: graph_models, allow to redirect (text) output to file
Improvement: sqldiff, better support for indexes, index_together and unique_together
Changelog:
Version 14.0.3 October 12 2018
Changes
Fixes the apps menu scrollbar (server#11662)
Ignore "session_lifetime" if it can not be converted to a number (server#11761)
Normalize getUnjailedPath (server#11770)
Version 14.0.2 October 11 2018
Changes
Fix contacts menu on mentions (server#11350)
Make the server ready to use global scale with SAML as auth back-end (server#11373)
Fix default flex shrink on list (server#11374)
Fixes the logo height (server#11385)
Do not explode when getting permissions from a FailedStorage (server#11389)
Do not hide the progress bar while the chunked upload is being assembled (server#11399)
Fix "checkWellKnownUrl" not being run (server#11418)
Add back the total used space per user (server#11425)
Fix invalid inline input confirm border (server#11426)
Center back the history icon (server#11430)
AssemblyStream is also eof if we have no more source stream (server#11436)
Re-enable upload button after updating Avatar (server#11451)
Fix typo in config.sample.php (server#11488)
Bugfix 2FA theme: buttons white (server#11489)
Update config and babel for ie11 (server#11490)
Only catch QueryException when trying to build class (server#11492)
Show auth type "None" in email settings (server#11493)
Fix public page footer link wrap (server#11510)
Fix share header text on small widths (server#11511)
Add missing compiled mimetype list (server#11516)
Fixes the move/copy picker buttons (server#11525)
Fix breadcrumbs (server#11530)
Added kinetic scrolling for iOS to apps dropdown menu #10281 (server#11554)
Throw an error if a node is smaller than expected in assemblystream (server#11555)
Reduce the min-width of the files table so it works on sharing pages on mobile (server#11556)
Fix header overflow, fix more apps menu, fix#11552 (server#11558)
Add new group entry on users list + fixes (server#11575)
Redirect guests to login if they follow the link of a comment mention-notifications (server#11577)
Force multiselect max-height to 5.5 items (server#11579)
Just update password hash without validating (server#11580)
Fix sticky header on users list (server#11582)
Fix header border on users list (server#11608)
Fix call to logger (server#11610)
Allow the creationg of previews of files stored in appdata (server#11703)
Update CRL due to changed cert for linkshareex (server#11706)
Fix a misleading setup check for .well-known/caldav & carddav (server#11738)
Remove unneeded CSS rule for IE 11 (files_pdfviewer#101)
Hide footer in public share page (files_pdfviewer#103)
Fix embedded viewer with new server layout on IE 11 (files_pdfviewer#98)
Version 14.0.1 September 25 2018
Changes
Fixes the upload progress bar layout - 14 backport (server#11039)
Fix markup and style of mentions in comments (server#11077)
Do not invalidate main token on OAuth (server#11090)
Expire tokens hardening (server#11103)
fix js files client for user names with spaces (server#11152)
Fix user and group listing with users that have an integer user id (server#11186)
Fix exception class (server#11187)
Remove posix_getpwuid and compare only userid (server#11191)
Fix check for more users in sharing dialogue (server#11201)
Remove filter_var flags due to PHP 7.3 deprecation, fixes#10894 (server#11237)
Fixes empty favorite names for trailing slashes (server#11259)
Fix size of icons in menus inside apps when shown as images (server#11276)
Prevent comment being composed from overlapping the submit button (server#11277)
replace setcookie value with '' instead of null. (server#11280)
Fix the link and anchor for the update notifications (server#11282)
Include empty directories in the default state of acceptance tests (server#11283)
Get permission of storage for shares (server#11287)
Shared by info for room shares without names (server#11288)
Fix icons cacher regex for compressed output (server#11291)
Revert "Use APCu caching of composer" (server#11293)
Use user locale as default in the template (server#11294)
Fix expiration code of tokens (server#11302)
Add unit test for findLanguageFromLocale (server#11340)
14 scroll fix (activity#295)
Update stable14 target versions (files_texteditor#111)
Update stable14 target versions (firstrunwizard#80)
Update stable14 target versions (gallery#467)
Update stable14 target versions (nextcloud_announcements#32)
Update stable14 target versions (notifications#158)
Update config and babel for ie11 (notifications#161)
Version 14.0.0 September 10 2018
Changes
Nextcloud 14 merged nearly 1000 pull requests with improvements and changes, almost 150 more than Nextcloud 13. This only covers the core server, hundreds more changes were made in the apps that make up our release, making this version officially our biggest release ever.
While we can never cover everything that has improved, these are the main feature highlights:
Video Verification - use a video call with Talk to verify the identity of somebody before granting them access to a share
Two-factor authentication now with Signal and Telegram as well as NFC and SMS
Accessibility improvements & dark theme
Add a note to shares, share files in a Talk chat, new Deck Kanban app and much more
Version 13.0.7 October 11 2018
Changes
Prefer using dir instead of allinfo for getting smb file info (server#10804)
[LDAP] The WebUI Wizard also should not assign empty config IDs (server#10824)
Fix mimetype detection for junked uploads (server#10829)
Improve performance when dealing with large numbers of shares (server#10884)
Cast timestamps older than unix epoch to 0 (server#10902)
Use the same ignored properties list for both CustomerPropertiesBackends (server#10911)
Do not hide the progress bar while the chunked upload is being assembled (server#11400)
Fix "checkWellKnownUrl" not being run (server#11419)
AssemblyStream is also eof if we have no more source stream (server#11437)
Show auth type "None" in email settings (server#11494)
Fixes the move/copy picker buttons (server#11524)
Allow the creationg of previews of files stored in appdata (server#11704)
Update CRL due to changed cert for linkshareex (server#11707)
Fix a misleading setup check for .well-known/caldav & carddav (server#11739)
Version 13.0.6 August 30 2018
Changes
Add sabre plugin to allow anonymous options requests to the dav root (server#10285)
Do scan the root storage in background scan (server#10376)
Adding test for table schedulingobjects and fixing postgres LOB (server#10552)
Fix transfering ownership of a share to user with same id as receiver (server#10565)
Make file cache updates more robust (server#10581)
Retry smb stat on timeout (server#10591)
Use insertIfNotExists to store new mimetypes. (server#10620)
Only warn about data lose on password reset if per-user keys are used (server#10646)
Update the scope of the lockdownmanager (server#10682)
Log entries that are hidden during file listing (server#10698)
Forgotten pass fix link (server#10735)
Fix comment style in config sample (server#10759)
Make sure error_log() always receives a string (server#10760)
Fix call to OC.generateUrl for caldav birthday calendar on/off (server#10761)
Use the path_hash instead of the path to query the filecache (server#10762)
Don't blame random people for background email updates (server#10763)
Resolve all group memberships properly (server#10783)
Remove unexecutable code (server#10816)
Improve URL detection (server#10821)
MySQL 8.0+ and MariaDB 10.3+ are large prefix and barracuda by default (server#10823)
Disallow negative mtime in dav search (server#10837)
